psa: Add storage implementation for files
Add new functions, psa_load_persistent_key(), psa_free_persistent_key_data(), and psa_save_persistent_key(), for managing persistent keys. These functions load to or save from our internal representation of key slots. Serialization is a concern of the storage backend implementation and doesn't abstraction-leak into the lifetime management code. An initial implementation for files is provided. Additional storage backends can implement this interface for other storage types.
This commit is contained in:
parent
d9eee3b417
commit
db2b8db715
19 changed files with 1004 additions and 0 deletions
|
@ -1522,6 +1522,31 @@
|
|||
*/
|
||||
#define MBEDTLS_PSA_CRYPTO_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
*
|
||||
* Enable the Platform Security Architecture persistent key storage.
|
||||
*
|
||||
* Module: library/psa_crypto_storage.c
|
||||
*
|
||||
* Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
|
||||
*
|
||||
* Enable persistent key storage over files for the
|
||||
* Platform Security Architecture cryptography API.
|
||||
*
|
||||
* Module: library/psa_crypto_storage_file.c
|
||||
*
|
||||
* Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_FS_IO
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_RIPEMD160_C
|
||||
*
|
||||
|
|
|
@ -45,6 +45,8 @@ OBJS_CRYPTO := \
|
|||
platform.o \
|
||||
platform_util.o \
|
||||
psa_crypto.o \
|
||||
psa_crypto_storage.o \
|
||||
psa_crypto_storage_file.o \
|
||||
ripemd160.o \
|
||||
rsa_internal.o \
|
||||
rsa.o \
|
||||
|
|
|
@ -16,11 +16,13 @@ PYTHON ?= python
|
|||
APPS := \
|
||||
test_suite_psa_crypto \
|
||||
test_suite_psa_crypto_metadata \
|
||||
test_suite_psa_crypto_storage_file \
|
||||
# Don't delete this line.
|
||||
|
||||
# Look up for associated function files
|
||||
func.test_suite_psa_crypto := test_suite_psa_crypto
|
||||
func.test_suite_psa_crypto_metadata := test_suite_psa_crypto_metadata
|
||||
func.test_suite_psa_crypto_storage_file := test_suite_psa_crypto_storage_file
|
||||
|
||||
.SILENT:
|
||||
|
||||
|
@ -56,6 +58,7 @@ clean:
|
|||
test: $(APPS)
|
||||
./test_suite_psa_crypto_metadata
|
||||
./test_suite_psa_crypto
|
||||
./test_suite_psa_crypto_storage_file
|
||||
|
||||
# Create separate targets for generating embedded tests.
|
||||
EMBEDDED_TESTS := $(addprefix embedded_,$(APPS))
|
||||
|
|
|
@ -506,6 +506,18 @@
|
|||
#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
|
||||
!( defined(MBEDTLS_PSA_CRYPTO_C) && \
|
||||
defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) )
|
||||
#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) && \
|
||||
!( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
|
||||
defined(MBEDTLS_FS_IO) )
|
||||
#error "MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
|
||||
!defined(MBEDTLS_OID_C) )
|
||||
#error "MBEDTLS_RSA_C defined, but not all prerequisites"
|
||||
|
|
|
@ -2616,6 +2616,31 @@
|
|||
*/
|
||||
#define MBEDTLS_PSA_CRYPTO_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
*
|
||||
* Enable the Platform Security Architecture persistent key storage.
|
||||
*
|
||||
* Module: library/psa_crypto_storage.c
|
||||
*
|
||||
* Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
|
||||
*
|
||||
* Enable persistent key storage over files for the
|
||||
* Platform Security Architecture cryptography API.
|
||||
*
|
||||
* Module: library/psa_crypto_storage_file.c
|
||||
*
|
||||
* Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_FS_IO
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_RIPEMD160_C
|
||||
*
|
||||
|
|
|
@ -54,6 +54,8 @@ set(src_crypto
|
|||
platform_util.c
|
||||
poly1305.c
|
||||
psa_crypto.c
|
||||
psa_crypto_storage.c
|
||||
psa_crypto_storage_file.c
|
||||
ripemd160.c
|
||||
rsa.c
|
||||
rsa_internal.c
|
||||
|
|
|
@ -82,6 +82,8 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \
|
|||
pkcs5.o pkparse.o pkwrite.o \
|
||||
platform.o platform_util.o poly1305.o \
|
||||
psa_crypto.o \
|
||||
psa_crypto_storage.o \
|
||||
psa_crypto_storage_file.o \
|
||||
ripemd160.o rsa_internal.o rsa.o \
|
||||
sha1.o sha256.o sha512.o \
|
||||
threading.o timing.o version.o \
|
||||
|
|
195
library/psa_crypto_storage.c
Normal file
195
library/psa_crypto_storage.c
Normal file
|
@ -0,0 +1,195 @@
|
|||
/*
|
||||
* PSA persistent key storage
|
||||
*/
|
||||
/* Copyright (C) 2018, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_CONFIG_FILE)
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#else
|
||||
#include "mbedtls/config.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "psa/crypto.h"
|
||||
#include "psa_crypto_storage.h"
|
||||
#include "psa_crypto_storage_backend.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
#ifndef GET_UINT32_LE
|
||||
#define GET_UINT32_LE(n,b,i) \
|
||||
{ \
|
||||
(n) = ( (uint32_t) (b)[(i) ] ) \
|
||||
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
|
||||
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
|
||||
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef PUT_UINT32_LE
|
||||
#define PUT_UINT32_LE(n,b,i) \
|
||||
{ \
|
||||
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
|
||||
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
|
||||
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
|
||||
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
typedef struct {
|
||||
uint8_t version[4];
|
||||
uint8_t type[sizeof( psa_key_type_t )];
|
||||
uint8_t policy[sizeof( psa_key_policy_t )];
|
||||
uint8_t data_len[4];
|
||||
uint8_t key_data[];
|
||||
} psa_persistent_key_storage_format;
|
||||
|
||||
void psa_format_key_data_for_storage( const uint8_t *data,
|
||||
const size_t data_length,
|
||||
const psa_key_type_t type,
|
||||
const psa_key_policy_t *policy,
|
||||
uint8_t *storage_data )
|
||||
{
|
||||
psa_persistent_key_storage_format *storage_format =
|
||||
(psa_persistent_key_storage_format *) storage_data;
|
||||
|
||||
PUT_UINT32_LE(0, storage_format->version, 0);
|
||||
PUT_UINT32_LE(type, storage_format->type, 0);
|
||||
PUT_UINT32_LE(policy->usage, storage_format->policy, 0);
|
||||
PUT_UINT32_LE(policy->alg, storage_format->policy, sizeof( uint32_t ));
|
||||
PUT_UINT32_LE(data_length, storage_format->data_len, 0);
|
||||
memcpy( storage_format->key_data, data, data_length );
|
||||
}
|
||||
|
||||
psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
|
||||
size_t storage_data_length,
|
||||
uint8_t **key_data,
|
||||
size_t *key_data_length,
|
||||
psa_key_type_t *type,
|
||||
psa_key_policy_t *policy )
|
||||
{
|
||||
const psa_persistent_key_storage_format *storage_format =
|
||||
(const psa_persistent_key_storage_format *)storage_data;
|
||||
uint32_t version;
|
||||
|
||||
GET_UINT32_LE(version, storage_format->version, 0);
|
||||
if( version != 0 )
|
||||
return( PSA_ERROR_STORAGE_FAILURE );
|
||||
|
||||
GET_UINT32_LE(*key_data_length, storage_format->data_len, 0);
|
||||
if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
|
||||
*key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
|
||||
return( PSA_ERROR_STORAGE_FAILURE );
|
||||
|
||||
*key_data = mbedtls_calloc( 1, *key_data_length );
|
||||
if( *key_data == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
|
||||
GET_UINT32_LE(*type, storage_format->type, 0);
|
||||
GET_UINT32_LE(policy->usage, storage_format->policy, 0);
|
||||
GET_UINT32_LE(policy->alg, storage_format->policy, sizeof( uint32_t ));
|
||||
|
||||
memcpy( *key_data, storage_format->key_data, *key_data_length );
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t psa_save_persistent_key( const psa_key_slot_t key,
|
||||
const psa_key_type_t type,
|
||||
const psa_key_policy_t *policy,
|
||||
const uint8_t *data,
|
||||
const size_t data_length )
|
||||
{
|
||||
size_t storage_data_length;
|
||||
uint8_t *storage_data;
|
||||
psa_status_t status;
|
||||
|
||||
if( data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
|
||||
return PSA_ERROR_INSUFFICIENT_STORAGE;
|
||||
storage_data_length = data_length + sizeof( psa_persistent_key_storage_format );
|
||||
|
||||
storage_data = mbedtls_calloc( 1, storage_data_length );
|
||||
if( storage_data == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
|
||||
psa_format_key_data_for_storage( data, data_length, type, policy,
|
||||
storage_data );
|
||||
|
||||
status = psa_crypto_storage_store( key,
|
||||
storage_data, storage_data_length );
|
||||
|
||||
mbedtls_free( storage_data );
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
||||
void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
|
||||
{
|
||||
if( key_data != NULL )
|
||||
{
|
||||
mbedtls_platform_zeroize( key_data, key_data_length );
|
||||
}
|
||||
mbedtls_free( key_data );
|
||||
}
|
||||
|
||||
psa_status_t psa_load_persistent_key( psa_key_slot_t key,
|
||||
psa_key_type_t *type,
|
||||
psa_key_policy_t *policy,
|
||||
uint8_t **data,
|
||||
size_t *data_length )
|
||||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
uint8_t *loaded_data;
|
||||
size_t storage_data_length = 0;
|
||||
|
||||
status = psa_crypto_storage_get_data_length( key, &storage_data_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
loaded_data = mbedtls_calloc( 1, storage_data_length );
|
||||
|
||||
if( loaded_data == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
|
||||
status = psa_crypto_storage_load( key, loaded_data, storage_data_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
status = psa_parse_key_data_from_storage( loaded_data, storage_data_length,
|
||||
data, data_length, type, policy );
|
||||
|
||||
exit:
|
||||
mbedtls_free( loaded_data );
|
||||
return( status );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
177
library/psa_crypto_storage.h
Normal file
177
library/psa_crypto_storage.h
Normal file
|
@ -0,0 +1,177 @@
|
|||
/**
|
||||
* \file psa_crypto_storage.h
|
||||
*
|
||||
* \brief PSA cryptography module: Mbed TLS key storage
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2018, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef PSA_CRYPTO_STORAGE_H
|
||||
#define PSA_CRYPTO_STORAGE_H
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
|
||||
* in each of its header files. */
|
||||
#if defined(MBEDTLS_CONFIG_FILE)
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#else
|
||||
#include "mbedtls/config.h"
|
||||
#endif
|
||||
|
||||
#include "psa/crypto.h"
|
||||
#include <stdint.h>
|
||||
|
||||
/* Limit the maximum key size to 30kB (just in case someone tries to
|
||||
* inadvertently store an obscene amount of data) */
|
||||
#define PSA_CRYPTO_MAX_STORAGE_SIZE ( 30 * 1024 )
|
||||
|
||||
/**
|
||||
* \brief Format key data and metadata and save to a location for given key
|
||||
* slot.
|
||||
*
|
||||
* This function formats the key data and metadata and saves it to a
|
||||
* persistent storage backend. The storage location corresponding to the
|
||||
* key slot must be empty, otherwise this function will fail. This function
|
||||
* should be called after psa_import_key_into_slot() to ensure the
|
||||
* persistent key is not saved into a storage location corresponding to an
|
||||
* already occupied non-persistent key, as well as validating the key data.
|
||||
*
|
||||
*
|
||||
* \param key Slot number of the key to be stored. This must be a
|
||||
* valid slot for a key of the chosen type. This should be
|
||||
* an occupied key slot with an unoccupied corresponding
|
||||
* storage location.
|
||||
* \param type Key type (a \c PSA_KEY_TYPE_XXX value).
|
||||
* \param[in] policy The key policy to save.
|
||||
* \param[in] data Buffer containing the key data.
|
||||
* \param data_length The number of bytes that make up the key data.
|
||||
*
|
||||
* \retval PSA_SUCCESS
|
||||
* \retval PSA_ERROR_INSUFFICIENT_STORAGE
|
||||
* \retval PSA_ERROR_STORAGE_FAILURE
|
||||
*/
|
||||
psa_status_t psa_save_persistent_key( const psa_key_slot_t key,
|
||||
const psa_key_type_t type,
|
||||
const psa_key_policy_t *policy,
|
||||
const uint8_t *data,
|
||||
const size_t data_length );
|
||||
|
||||
/**
|
||||
* \brief Parses key data and metadata and load persistent key for given
|
||||
* key slot number.
|
||||
*
|
||||
* This function reads from a storage backend, parses the key data and
|
||||
* metadata and writes them to the appropriate output parameters.
|
||||
*
|
||||
* Note: This function allocates a buffer and returns a pointer to it through
|
||||
* the data parameter. psa_free_persistent_key_data() must be called after
|
||||
* this function to zeroize and free this buffer, regardless of whether this
|
||||
* function succeeds or fails.
|
||||
*
|
||||
* \param key Slot number whose content is to be loaded. This
|
||||
* must be an unoccupied key slot with an occupied
|
||||
* corresponding storage location. The key slot
|
||||
* lifetime must be set to persistent.
|
||||
* \param[out] type On success, the key type (a \c PSA_KEY_TYPE_XXX
|
||||
* value).
|
||||
* \param[out] policy On success, the key's policy.
|
||||
* \param[out] data Pointer to an allocated key data buffer on return.
|
||||
* \param[out] data_length The number of bytes that make up the key data.
|
||||
*
|
||||
* \retval PSA_SUCCESS
|
||||
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval PSA_ERROR_STORAGE_FAILURE
|
||||
*/
|
||||
psa_status_t psa_load_persistent_key( psa_key_slot_t key,
|
||||
psa_key_type_t *type,
|
||||
psa_key_policy_t *policy,
|
||||
uint8_t **data,
|
||||
size_t *data_length );
|
||||
|
||||
/**
|
||||
* \brief Remove persistent data for the given key slot number.
|
||||
*
|
||||
* \param key Slot number whose content is to be removed
|
||||
* from persistent storage.
|
||||
*
|
||||
* \retval PSA_SUCCESS
|
||||
* \retval PSA_ERROR_STORAGE_FAILURE
|
||||
*/
|
||||
psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key );
|
||||
|
||||
/**
|
||||
* \brief Zeroizes and frees the given buffer.
|
||||
*
|
||||
* This function must be called at some point after psa_load_persistent_key()
|
||||
* to zeroize and free the memory allocated to the buffer in that function.
|
||||
*
|
||||
* \param key_data Buffer for the key data.
|
||||
* \param key_data_length Size of the key data buffer.
|
||||
*
|
||||
*/
|
||||
void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length );
|
||||
|
||||
/**
|
||||
* \brief Formats key data and metadata for persistent storage
|
||||
*
|
||||
* \param[in] data Buffer for the key data.
|
||||
* \param data_length Length of the key data buffer.
|
||||
* \param type Key type (a \c PSA_KEY_TYPE_XXX value).
|
||||
* \param policy The key policy.
|
||||
* \param[out] storage_data Output buffer for the formatted data.
|
||||
*
|
||||
*/
|
||||
void psa_format_key_data_for_storage( const uint8_t *data,
|
||||
const size_t data_length,
|
||||
const psa_key_type_t type,
|
||||
const psa_key_policy_t *policy,
|
||||
uint8_t *storage_data );
|
||||
|
||||
/**
|
||||
* \brief Parses persistent storage data into key data and metadata
|
||||
*
|
||||
* \param[in] storage_data Buffer for the storage data.
|
||||
* \param storage_data_length Length of the storage data buffer
|
||||
* \param[out] key_data On output, pointer to a newly allocated buffer
|
||||
* containing the key data. This must be freed
|
||||
* using psa_free_persistent_key_data()
|
||||
* \param[out] key_data_length Length of the key data buffer
|
||||
* \param[out] type Key type (a \c PSA_KEY_TYPE_XXX value).
|
||||
* \param[out] policy The key policy.
|
||||
*
|
||||
* \retval PSA_SUCCESS
|
||||
* \retval PSA_ERROR_INSUFFICIENT_STORAGE
|
||||
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval PSA_ERROR_STORAGE_FAILURE
|
||||
*/
|
||||
psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
|
||||
size_t storage_data_length,
|
||||
uint8_t **key_data,
|
||||
size_t *key_data_length,
|
||||
psa_key_type_t *type,
|
||||
psa_key_policy_t *policy );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* PSA_CRYPTO_STORAGE_H */
|
112
library/psa_crypto_storage_backend.h
Normal file
112
library/psa_crypto_storage_backend.h
Normal file
|
@ -0,0 +1,112 @@
|
|||
/**
|
||||
* \file psa_crypto_storage_backend.h
|
||||
*
|
||||
* \brief PSA cryptography module: Mbed TLS key storage backend
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2018, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef PSA_CRYPTO_STORAGE_BACKEND_H
|
||||
#define PSA_CRYPTO_STORAGE_BACKEND_H
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
|
||||
* in each of its header files. */
|
||||
#if defined(MBEDTLS_CONFIG_FILE)
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#else
|
||||
#include "mbedtls/config.h"
|
||||
#endif
|
||||
|
||||
#include "psa/crypto.h"
|
||||
#include "psa_crypto_storage.h"
|
||||
#include <stdint.h>
|
||||
|
||||
/**
|
||||
* \brief Load persistent data for the given key slot number.
|
||||
*
|
||||
* This function reads data from a storage backend and returns the data in a
|
||||
* buffer.
|
||||
*
|
||||
* \param key Slot number whose content is to be loaded. This must
|
||||
* be a key slot whose lifetime is set to persistent.
|
||||
* \param[out] data Buffer where the data is to be written.
|
||||
* \param data_size Size of the \c data buffer in bytes.
|
||||
*
|
||||
* \retval PSA_SUCCESS
|
||||
* \retval PSA_ERROR_STORAGE_FAILURE
|
||||
*/
|
||||
psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
|
||||
size_t data_size );
|
||||
|
||||
/**
|
||||
* \brief Store persistent data for the given key slot number.
|
||||
*
|
||||
* This function stores the given data buffer to a persistent storage.
|
||||
*
|
||||
* \param key Slot number whose content is to be stored.
|
||||
* \param[in] data Buffer containing the data to be stored.
|
||||
* \param data_length The number of bytes
|
||||
* that make up the data.
|
||||
*
|
||||
* \retval PSA_SUCCESS
|
||||
* \retval PSA_ERROR_INSUFFICIENT_STORAGE
|
||||
* \retval PSA_ERROR_STORAGE_FAILURE
|
||||
*/
|
||||
psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
|
||||
const uint8_t *data,
|
||||
size_t data_length );
|
||||
|
||||
/**
|
||||
* \brief Checks if persistent data is stored for the given key slot number
|
||||
*
|
||||
* This function checks if any key data or metadata exists for the key slot in
|
||||
* the persistent storage.
|
||||
*
|
||||
* \param key Slot number whose content is to be checked.
|
||||
*
|
||||
* \retval 0
|
||||
* No persistent data present for slot number
|
||||
* \retval 1
|
||||
* Persistent data present for slot number
|
||||
*/
|
||||
int psa_is_key_present_in_storage( const psa_key_slot_t key );
|
||||
|
||||
/**
|
||||
* \brief Get data length for given key slot number.
|
||||
*
|
||||
* \param key Slot number whose stored data length is to be obtained.
|
||||
* \param[out] data_length The number of bytes
|
||||
* that make up the data.
|
||||
*
|
||||
* \retval PSA_SUCCESS
|
||||
* \retval PSA_ERROR_STORAGE_FAILURE
|
||||
*/
|
||||
psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
|
||||
size_t *data_length );
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* PSA_CRYPTO_STORAGE_H */
|
218
library/psa_crypto_storage_file.c
Normal file
218
library/psa_crypto_storage_file.c
Normal file
|
@ -0,0 +1,218 @@
|
|||
/*
|
||||
* PSA file storage backend for persistent keys
|
||||
*/
|
||||
/* Copyright (C) 2018, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_CONFIG_FILE)
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#else
|
||||
#include "mbedtls/config.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C)
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "psa/crypto.h"
|
||||
#include "psa_crypto_storage_backend.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#define mbedtls_snprintf snprintf
|
||||
#endif
|
||||
|
||||
/* This option sets where files are to be stored. If this is left unset,
|
||||
* the files by default will be stored in the same location as the program,
|
||||
* which may not be desired or possible. */
|
||||
#if !defined(CRYPTO_STORAGE_FILE_LOCATION)
|
||||
#define CRYPTO_STORAGE_FILE_LOCATION ""
|
||||
#endif
|
||||
|
||||
enum { MAX_LOCATION_LEN = sizeof(CRYPTO_STORAGE_FILE_LOCATION) + 40 };
|
||||
|
||||
static void key_slot_to_location( const psa_key_slot_t key,
|
||||
char *location,
|
||||
size_t location_size )
|
||||
{
|
||||
mbedtls_snprintf( location, location_size,
|
||||
CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_%d", key );
|
||||
}
|
||||
|
||||
psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
|
||||
size_t data_size )
|
||||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
FILE *file;
|
||||
size_t num_read;
|
||||
char slot_location[MAX_LOCATION_LEN];
|
||||
|
||||
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
|
||||
file = fopen( slot_location, "rb" );
|
||||
if( file == NULL )
|
||||
{
|
||||
status = PSA_ERROR_STORAGE_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
num_read = fread( data, 1, data_size, file );
|
||||
if( num_read != data_size )
|
||||
status = PSA_ERROR_STORAGE_FAILURE;
|
||||
|
||||
exit:
|
||||
if( file != NULL )
|
||||
fclose( file );
|
||||
return( status );
|
||||
}
|
||||
|
||||
int psa_is_key_present_in_storage( const psa_key_slot_t key )
|
||||
{
|
||||
char slot_location[MAX_LOCATION_LEN];
|
||||
FILE *file;
|
||||
|
||||
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
|
||||
|
||||
file = fopen( slot_location, "r" );
|
||||
if( file == NULL )
|
||||
{
|
||||
/* File doesn't exist */
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
fclose( file );
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
|
||||
const uint8_t *data,
|
||||
size_t data_length )
|
||||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
int ret;
|
||||
size_t num_written;
|
||||
char slot_location[MAX_LOCATION_LEN];
|
||||
FILE *file;
|
||||
/* The storage location corresponding to "key slot 0" is used as a
|
||||
* temporary location in order to make the apparition of the actual slot
|
||||
* file atomic. 0 is not a valid key slot number, so this should not
|
||||
* affect actual keys. */
|
||||
const char *temp_location = CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_0";
|
||||
|
||||
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
|
||||
|
||||
if( psa_is_key_present_in_storage( key ) == 1 )
|
||||
return( PSA_ERROR_OCCUPIED_SLOT );
|
||||
|
||||
file = fopen( temp_location, "wb" );
|
||||
if( file == NULL )
|
||||
{
|
||||
status = PSA_ERROR_STORAGE_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
num_written = fwrite( data, 1, data_length, file );
|
||||
if( num_written != data_length )
|
||||
{
|
||||
status = PSA_ERROR_STORAGE_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = fclose( file );
|
||||
file = NULL;
|
||||
if( ret != 0 )
|
||||
{
|
||||
status = PSA_ERROR_STORAGE_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( rename( temp_location, slot_location ) != 0 )
|
||||
{
|
||||
status = PSA_ERROR_STORAGE_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
exit:
|
||||
if( file != NULL )
|
||||
fclose( file );
|
||||
remove( temp_location );
|
||||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
|
||||
{
|
||||
FILE *file;
|
||||
char slot_location[MAX_LOCATION_LEN];
|
||||
|
||||
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
|
||||
|
||||
/* Only try remove the file if it exists */
|
||||
file = fopen( slot_location, "rb" );
|
||||
if( file != NULL )
|
||||
{
|
||||
fclose( file );
|
||||
|
||||
if( remove( slot_location ) != 0 )
|
||||
return( PSA_ERROR_STORAGE_FAILURE );
|
||||
}
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
|
||||
size_t *data_length )
|
||||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
FILE *file;
|
||||
long file_size;
|
||||
char slot_location[MAX_LOCATION_LEN];
|
||||
|
||||
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
|
||||
|
||||
file = fopen( slot_location, "rb" );
|
||||
if( file == NULL )
|
||||
return( PSA_ERROR_EMPTY_SLOT );
|
||||
|
||||
if( fseek( file, 0, SEEK_END ) != 0 )
|
||||
{
|
||||
status = PSA_ERROR_STORAGE_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
file_size = ftell( file );
|
||||
|
||||
if( file_size < 0 )
|
||||
{
|
||||
status = PSA_ERROR_STORAGE_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
#if LONG_MAX > SIZE_MAX
|
||||
if( (unsigned long) file_size > SIZE_MAX )
|
||||
{
|
||||
status = PSA_ERROR_STORAGE_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
*data_length = (size_t) file_size;
|
||||
|
||||
exit:
|
||||
fclose( file );
|
||||
return( status );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C */
|
|
@ -687,6 +687,12 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
"MBEDTLS_PSA_CRYPTO_C",
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
"MBEDTLS_PSA_CRYPTO_STORAGE_C",
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C)
|
||||
"MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C",
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C */
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
"MBEDTLS_RIPEMD160_C",
|
||||
#endif /* MBEDTLS_RIPEMD160_C */
|
||||
|
|
|
@ -116,6 +116,8 @@ MBEDTLS_MEMORY_BACKTRACE
|
|||
MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||
MBEDTLS_PLATFORM_TIME_ALT
|
||||
MBEDTLS_PLATFORM_FPRINTF_ALT
|
||||
MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
|
||||
);
|
||||
|
||||
# Things that should be enabled in "full" even if they match @excluded
|
||||
|
|
|
@ -70,6 +70,10 @@ LIB_FILES := \
|
|||
platform.c \
|
||||
platform_util.c \
|
||||
psa_crypto.c \
|
||||
psa_crypto_storage.h \
|
||||
psa_crypto_storage.c \
|
||||
psa_crypto_storage_backend.h \
|
||||
psa_crypto_storage_file.c \
|
||||
ripemd160.c \
|
||||
rsa_internal.c \
|
||||
rsa.c \
|
||||
|
@ -154,6 +158,8 @@ TEST_FILES := \
|
|||
tests/suites/test_suite_psa_crypto_hash.function \
|
||||
tests/suites/test_suite_psa_crypto_metadata.data \
|
||||
tests/suites/test_suite_psa_crypto_metadata.function \
|
||||
tests/suites/test_suite_psa_crypto_storage_file.data \
|
||||
tests/suites/test_suite_psa_crypto_storage_file.function \
|
||||
# Don't delete this line.
|
||||
|
||||
OTHER_FILES := \
|
||||
|
|
|
@ -113,6 +113,7 @@ add_test_suite(poly1305)
|
|||
add_test_suite(psa_crypto)
|
||||
add_test_suite(psa_crypto_hash)
|
||||
add_test_suite(psa_crypto_metadata)
|
||||
add_test_suite(psa_crypto_storage_file)
|
||||
add_test_suite(shax)
|
||||
add_test_suite(ssl)
|
||||
add_test_suite(timing)
|
||||
|
|
|
@ -644,6 +644,8 @@ scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
|
|||
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
||||
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||
scripts/config.pl unset MBEDTLS_FS_IO
|
||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
|
||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
|
||||
# to re-enable platform integration features otherwise disabled in C99 builds
|
||||
make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs
|
||||
|
@ -859,6 +861,8 @@ scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
|
|||
scripts/config.pl unset MBEDTLS_THREADING_C
|
||||
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
|
||||
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
|
||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C # depends on MBEDTLS_FS_IO
|
||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
|
||||
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
|
||||
|
||||
msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
|
||||
|
@ -877,6 +881,8 @@ scripts/config.pl unset MBEDTLS_THREADING_C
|
|||
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
|
||||
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
|
||||
scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
|
||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C # depends on MBEDTLS_FS_IO
|
||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
|
||||
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
|
||||
echo "Checking that software 64-bit division is not required"
|
||||
if_build_succeeded not grep __aeabi_uldiv library/*.o
|
||||
|
@ -897,6 +903,8 @@ scripts/config.pl unset MBEDTLS_THREADING_C
|
|||
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
|
||||
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
|
||||
scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
|
||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C # depends on MBEDTLS_FS_IO
|
||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
|
||||
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
|
||||
echo "Checking that software 64-bit multiplication is not required"
|
||||
if_build_succeeded not grep __aeabi_lmul library/*.o
|
||||
|
@ -920,6 +928,8 @@ scripts/config.pl unset MBEDTLS_THREADING_C
|
|||
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
|
||||
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
|
||||
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME
|
||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C # depends on MBEDTLS_FS_IO
|
||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
|
||||
|
||||
if [ $RUN_ARMCC -ne 0 ]; then
|
||||
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
|
||||
|
|
43
tests/suites/test_suite_psa_crypto_storage_file.data
Normal file
43
tests/suites/test_suite_psa_crypto_storage_file.data
Normal file
|
@ -0,0 +1,43 @@
|
|||
PSA Storage Load verify loaded file
|
||||
depends_on:MBEDTLS_FS_IO
|
||||
load_data_from_file:1:"deadbeef":1:4:PSA_SUCCESS
|
||||
|
||||
PSA Storage Load check slots dont share state
|
||||
depends_on:MBEDTLS_FS_IO
|
||||
load_data_from_file:2:"deadbeef":1:4:PSA_ERROR_STORAGE_FAILURE
|
||||
|
||||
PSA Storage Load zero length file
|
||||
depends_on:MBEDTLS_FS_IO
|
||||
load_data_from_file:1:"":1:1:PSA_SUCCESS
|
||||
|
||||
PSA Storage Load less than capacity of data buffer
|
||||
depends_on:MBEDTLS_FS_IO
|
||||
load_data_from_file:1:"deadbeef":1:5:PSA_SUCCESS
|
||||
|
||||
PSA Storage Load nonexistent file location, should fail
|
||||
depends_on:MBEDTLS_FS_IO
|
||||
load_data_from_file:1:"deadbeef":0:4:PSA_ERROR_STORAGE_FAILURE
|
||||
|
||||
PSA Storage Store verify stored file
|
||||
depends_on:MBEDTLS_FS_IO
|
||||
write_data_to_file:"deadbeef":PSA_SUCCESS
|
||||
|
||||
PSA Storage Store into preexisting location, should fail
|
||||
depends_on:MBEDTLS_FS_IO
|
||||
write_data_to_prexisting_file:"psa_key_slot_1":"deadbeef":PSA_ERROR_OCCUPIED_SLOT
|
||||
|
||||
PSA Storage Store, preexisting temp_location file, should succeed
|
||||
depends_on:MBEDTLS_FS_IO
|
||||
write_data_to_prexisting_file:"psa_key_slot_0":"deadbeef":PSA_SUCCESS
|
||||
|
||||
PSA Storage Get data size verify data size
|
||||
depends_on:MBEDTLS_FS_IO
|
||||
get_file_size:"deadbeef":4:PSA_SUCCESS:1
|
||||
|
||||
PSA Storage Get data size verify data size zero length file
|
||||
depends_on:MBEDTLS_FS_IO
|
||||
get_file_size:"":0:PSA_SUCCESS:1
|
||||
|
||||
PSA Storage Get data size nonexistent file location, should fail
|
||||
depends_on:MBEDTLS_FS_IO
|
||||
get_file_size:"deadbeef":4:PSA_ERROR_EMPTY_SLOT:0
|
159
tests/suites/test_suite_psa_crypto_storage_file.function
Normal file
159
tests/suites/test_suite_psa_crypto_storage_file.function
Normal file
|
@ -0,0 +1,159 @@
|
|||
/* BEGIN_HEADER */
|
||||
#include <stdint.h>
|
||||
#include "psa/crypto.h"
|
||||
#include "psa_crypto_storage_backend.h"
|
||||
|
||||
/* END_HEADER */
|
||||
|
||||
/* BEGIN_DEPENDENCIES
|
||||
* depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
|
||||
* END_DEPENDENCIES
|
||||
*/
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void load_data_from_file( int slot_to_load, data_t *data, int should_make_file,
|
||||
int capacity_arg, int expected_status )
|
||||
{
|
||||
char slot_location[] = "psa_key_slot_1";
|
||||
psa_status_t status;
|
||||
int ret;
|
||||
size_t file_size = 0;
|
||||
uint8_t *loaded_data = NULL;
|
||||
size_t capacity = (size_t) capacity_arg;
|
||||
|
||||
if( should_make_file == 1 )
|
||||
{
|
||||
/* Create a file with data contents, with mask permissions. */
|
||||
FILE *file;
|
||||
file = fopen( slot_location, "wb+" );
|
||||
TEST_ASSERT( file != NULL );
|
||||
file_size = fwrite( data->x, 1, data->len, file );
|
||||
TEST_ASSERT( file_size == data->len );
|
||||
ret = fclose( file );
|
||||
TEST_ASSERT( ret == 0 );
|
||||
}
|
||||
|
||||
/* Read from the file with psa_crypto_storage_load. */
|
||||
loaded_data = mbedtls_calloc( 1, capacity );
|
||||
TEST_ASSERT( loaded_data != NULL );
|
||||
status = psa_crypto_storage_load( (psa_key_slot_t) slot_to_load, loaded_data,
|
||||
file_size );
|
||||
|
||||
/* Check we get the expected status. */
|
||||
TEST_ASSERT( status == expected_status );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
/* Check that the file data and data length is what we expect. */
|
||||
ASSERT_COMPARE( data->x, data->len, loaded_data, file_size );
|
||||
|
||||
exit:
|
||||
mbedtls_free( loaded_data );
|
||||
remove( slot_location );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void write_data_to_file( data_t *data, int expected_status )
|
||||
{
|
||||
char slot_location[] = "psa_key_slot_1";
|
||||
psa_status_t status;
|
||||
int ret;
|
||||
FILE *file;
|
||||
size_t file_size;
|
||||
size_t num_read;
|
||||
uint8_t *loaded_data = NULL;
|
||||
|
||||
/* Write data to file. */
|
||||
status = psa_crypto_storage_store( 1, data->x, data->len );
|
||||
|
||||
/* Check that we got the expected status. */
|
||||
TEST_ASSERT( status == expected_status );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
/* Check that the file length is what we expect */
|
||||
file = fopen( slot_location, "rb" );
|
||||
TEST_ASSERT( file != NULL );
|
||||
fseek( file, 0, SEEK_END );
|
||||
file_size = (size_t) ftell( file );
|
||||
fseek( file, 0, SEEK_SET );
|
||||
TEST_ASSERT( file_size == data->len );
|
||||
|
||||
/* Check that the file contents are what we expect */
|
||||
loaded_data = mbedtls_calloc( 1, data->len );
|
||||
TEST_ASSERT( loaded_data != NULL );
|
||||
|
||||
num_read = fread( loaded_data, 1, file_size, file );
|
||||
TEST_ASSERT( num_read == file_size );
|
||||
ASSERT_COMPARE( data->x, data->len, loaded_data, file_size );
|
||||
ret = fclose( file );
|
||||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_free( loaded_data );
|
||||
remove( slot_location );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void get_file_size( data_t *data, int expected_data_length,
|
||||
int expected_status, int should_make_file )
|
||||
{
|
||||
char slot_location[] = "psa_key_slot_1";
|
||||
psa_status_t status;
|
||||
int ret;
|
||||
size_t file_size;
|
||||
|
||||
if( should_make_file )
|
||||
{
|
||||
/* Create a file with data contents, with mask permissions. */
|
||||
FILE *file;
|
||||
file = fopen( slot_location, "wb+" );
|
||||
TEST_ASSERT( file != NULL );
|
||||
file_size = fwrite( data->x, 1, data->len, file );
|
||||
TEST_ASSERT( file_size == data->len );
|
||||
ret = fclose( file );
|
||||
TEST_ASSERT( ret == 0 );
|
||||
}
|
||||
|
||||
/* Check get data size is what we expect */
|
||||
status = psa_crypto_storage_get_data_length( 1, &file_size );
|
||||
TEST_ASSERT( status == expected_status );
|
||||
if( expected_status == PSA_SUCCESS )
|
||||
TEST_ASSERT( file_size == (size_t)expected_data_length );
|
||||
|
||||
exit:
|
||||
remove( slot_location );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void write_data_to_prexisting_file( char *preexist_file_location,
|
||||
data_t *data, int expected_status )
|
||||
{
|
||||
char slot_location[] = "psa_key_slot_1";
|
||||
psa_status_t status;
|
||||
int ret;
|
||||
FILE *file;
|
||||
|
||||
/* Create file first */
|
||||
file = fopen( preexist_file_location, "wb" );
|
||||
TEST_ASSERT( file != NULL );
|
||||
ret = fclose( file );
|
||||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
/* Write data to file. */
|
||||
status = psa_crypto_storage_store( 1, data->x, data->len );
|
||||
|
||||
/* Check that we got the expected status. */
|
||||
TEST_ASSERT( status == expected_status );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
exit:
|
||||
remove( preexist_file_location );
|
||||
remove( slot_location );
|
||||
}
|
||||
/* END_CASE */
|
|
@ -230,6 +230,8 @@
|
|||
<ClInclude Include="..\..\include\psa\crypto_platform.h" />
|
||||
<ClInclude Include="..\..\include\psa\crypto_sizes.h" />
|
||||
<ClInclude Include="..\..\include\psa\crypto_struct.h" />
|
||||
<ClInclude Include="..\..\library/psa_crypto_storage.h" />
|
||||
<ClInclude Include="..\..\library/psa_crypto_storage_backend.h" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="..\..\library\aes.c" />
|
||||
|
@ -287,6 +289,8 @@
|
|||
<ClCompile Include="..\..\library\platform_util.c" />
|
||||
<ClCompile Include="..\..\library\poly1305.c" />
|
||||
<ClCompile Include="..\..\library\psa_crypto.c" />
|
||||
<ClCompile Include="..\..\library\psa_crypto_storage.c" />
|
||||
<ClCompile Include="..\..\library\psa_crypto_storage_file.c" />
|
||||
<ClCompile Include="..\..\library\ripemd160.c" />
|
||||
<ClCompile Include="..\..\library\rsa.c" />
|
||||
<ClCompile Include="..\..\library\rsa_internal.c" />
|
||||
|
|
Loading…
Reference in a new issue