/* * PSA ITS simulator over stdio files. */ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "common.h" #if defined(MBEDTLS_PSA_ITS_FILE_C) #include "mbedtls/platform.h" #if defined(_WIN32) #include #endif #include "psa_crypto_its.h" #include #include #include #include #if !defined(PSA_ITS_STORAGE_PREFIX) #define PSA_ITS_STORAGE_PREFIX "" #endif #define PSA_ITS_STORAGE_FILENAME_PATTERN "%08x%08x" #define PSA_ITS_STORAGE_SUFFIX ".psa_its" #define PSA_ITS_STORAGE_FILENAME_LENGTH \ (sizeof(PSA_ITS_STORAGE_PREFIX) - 1 + /*prefix without terminating 0*/ \ 16 + /*UID (64-bit number in hex)*/ \ sizeof(PSA_ITS_STORAGE_SUFFIX) - 1 + /*suffix without terminating 0*/ \ 1 /*terminating null byte*/) #define PSA_ITS_STORAGE_TEMP \ PSA_ITS_STORAGE_PREFIX "tempfile" PSA_ITS_STORAGE_SUFFIX /* The maximum value of psa_storage_info_t.size */ #define PSA_ITS_MAX_SIZE 0xffffffff #define PSA_ITS_MAGIC_STRING "PSA\0ITS\0" #define PSA_ITS_MAGIC_LENGTH 8 /* As rename fails on Windows if the new filepath already exists, * use MoveFileExA with the MOVEFILE_REPLACE_EXISTING flag instead. * Returns 0 on success, nonzero on failure. */ #if defined(_WIN32) #define rename_replace_existing(oldpath, newpath) \ (!MoveFileExA(oldpath, newpath, MOVEFILE_REPLACE_EXISTING)) #else #define rename_replace_existing(oldpath, newpath) rename(oldpath, newpath) #endif typedef struct { uint8_t magic[PSA_ITS_MAGIC_LENGTH]; uint8_t size[sizeof(uint32_t)]; uint8_t flags[sizeof(psa_storage_create_flags_t)]; } psa_its_file_header_t; static void psa_its_fill_filename(psa_storage_uid_t uid, char *filename) { /* Break up the UID into two 32-bit pieces so as not to rely on * long long support in snprintf. */ mbedtls_snprintf(filename, PSA_ITS_STORAGE_FILENAME_LENGTH, "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s", PSA_ITS_STORAGE_PREFIX, (unsigned) (uid >> 32), (unsigned) (uid & 0xffffffff), PSA_ITS_STORAGE_SUFFIX); } static psa_status_t psa_its_read_file(psa_storage_uid_t uid, struct psa_storage_info_t *p_info, FILE **p_stream) { char filename[PSA_ITS_STORAGE_FILENAME_LENGTH]; psa_its_file_header_t header; size_t n; *p_stream = NULL; psa_its_fill_filename(uid, filename); *p_stream = fopen(filename, "rb"); if (*p_stream == NULL) { return PSA_ERROR_DOES_NOT_EXIST; } /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ mbedtls_setbuf(*p_stream, NULL); n = fread(&header, 1, sizeof(header), *p_stream); if (n != sizeof(header)) { return PSA_ERROR_DATA_CORRUPT; } if (memcmp(header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH) != 0) { return PSA_ERROR_DATA_CORRUPT; } p_info->size = (header.size[0] | header.size[1] << 8 | header.size[2] << 16 | header.size[3] << 24); p_info->flags = (header.flags[0] | header.flags[1] << 8 | header.flags[2] << 16 | header.flags[3] << 24); return PSA_SUCCESS; } psa_status_t psa_its_get_info(psa_storage_uid_t uid, struct psa_storage_info_t *p_info) { psa_status_t status; FILE *stream = NULL; status = psa_its_read_file(uid, p_info, &stream); if (stream != NULL) { fclose(stream); } return status; } psa_status_t psa_its_get(psa_storage_uid_t uid, uint32_t data_offset, uint32_t data_length, void *p_data, size_t *p_data_length) { psa_status_t status; FILE *stream = NULL; size_t n; struct psa_storage_info_t info; status = psa_its_read_file(uid, &info, &stream); if (status != PSA_SUCCESS) { goto exit; } status = PSA_ERROR_INVALID_ARGUMENT; if (data_offset + data_length < data_offset) { goto exit; } #if SIZE_MAX < 0xffffffff if (data_offset + data_length > SIZE_MAX) { goto exit; } #endif if (data_offset + data_length > info.size) { goto exit; } status = PSA_ERROR_STORAGE_FAILURE; #if LONG_MAX < 0xffffffff while (data_offset > LONG_MAX) { if (fseek(stream, LONG_MAX, SEEK_CUR) != 0) { goto exit; } data_offset -= LONG_MAX; } #endif if (fseek(stream, data_offset, SEEK_CUR) != 0) { goto exit; } n = fread(p_data, 1, data_length, stream); if (n != data_length) { goto exit; } status = PSA_SUCCESS; if (p_data_length != NULL) { *p_data_length = n; } exit: if (stream != NULL) { fclose(stream); } return status; } psa_status_t psa_its_set(psa_storage_uid_t uid, uint32_t data_length, const void *p_data, psa_storage_create_flags_t create_flags) { if (uid == 0) { return PSA_ERROR_INVALID_HANDLE; } psa_status_t status = PSA_ERROR_STORAGE_FAILURE; char filename[PSA_ITS_STORAGE_FILENAME_LENGTH]; FILE *stream = NULL; psa_its_file_header_t header; size_t n; memcpy(header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH); MBEDTLS_PUT_UINT32_LE(data_length, header.size, 0); MBEDTLS_PUT_UINT32_LE(create_flags, header.flags, 0); psa_its_fill_filename(uid, filename); stream = fopen(PSA_ITS_STORAGE_TEMP, "wb"); if (stream == NULL) { goto exit; } /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ mbedtls_setbuf(stream, NULL); status = PSA_ERROR_INSUFFICIENT_STORAGE; n = fwrite(&header, 1, sizeof(header), stream); if (n != sizeof(header)) { goto exit; } if (data_length != 0) { n = fwrite(p_data, 1, data_length, stream); if (n != data_length) { goto exit; } } status = PSA_SUCCESS; exit: if (stream != NULL) { int ret = fclose(stream); if (status == PSA_SUCCESS && ret != 0) { status = PSA_ERROR_INSUFFICIENT_STORAGE; } } if (status == PSA_SUCCESS) { if (rename_replace_existing(PSA_ITS_STORAGE_TEMP, filename) != 0) { status = PSA_ERROR_STORAGE_FAILURE; } } /* The temporary file may still exist, but only in failure cases where * we're already reporting an error. So there's nothing we can do on * failure. If the function succeeded, and in some error cases, the * temporary file doesn't exist and so remove() is expected to fail. * Thus we just ignore the return status of remove(). */ (void) remove(PSA_ITS_STORAGE_TEMP); return status; } psa_status_t psa_its_remove(psa_storage_uid_t uid) { char filename[PSA_ITS_STORAGE_FILENAME_LENGTH]; FILE *stream; psa_its_fill_filename(uid, filename); stream = fopen(filename, "rb"); if (stream == NULL) { return PSA_ERROR_DOES_NOT_EXIST; } fclose(stream); if (remove(filename) != 0) { return PSA_ERROR_STORAGE_FAILURE; } return PSA_SUCCESS; } #endif /* MBEDTLS_PSA_ITS_FILE_C */