AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Persistent storage implementation: psa_key_slot_t -> psa_key_id_t

Browse Source 
Move the persistent storage implementation from psa_key_slot_t to
psa_key_id_t. For the most part, this just means changing the types of
function arguments.

Update the documentation of some functions to reflect the fact that
the slot identifier is purely a storage identifier and is not related
to how the slot is designated in memory.
This commit is contained in:
Gilles Peskine 2018-12-03 16:48:09 +01:00
parent b0edfb513b
commit 8d4919bc6a
5 changed files with 51 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/psa_crypto_storage.c
View File

@ -147,7 +147,7 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
return( PSA_SUCCESS );
}
psa_status_t psa_save_persistent_key( const psa_key_slot_t key,
psa_status_t psa_save_persistent_key( const psa_key_id_t key,
const psa_key_type_t type,
const psa_key_policy_t *policy,
const uint8_t *data,
@ -185,7 +185,7 @@ void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
mbedtls_free( key_data );
}
psa_status_t psa_load_persistent_key( psa_key_slot_t key,
psa_status_t psa_load_persistent_key( psa_key_id_t key,
psa_key_type_t *type,
psa_key_policy_t *policy,
uint8_t **data,

27
library/psa_crypto_storage.h
View File

@ -56,20 +56,20 @@ extern "C" {
* already occupied non-persistent key, as well as validating the key data.
*
*
* \param key Slot number of the key to be stored. This must be a
* valid slot for a key of the chosen type. This should be
* an occupied key slot with an unoccupied corresponding
* storage location.
* \param key Persistent identifier of the key to be stored. This
* should be an unoccupied storage location.
* \param type Key type (a \c PSA_KEY_TYPE_XXX value).
* \param[in] policy The key policy to save.
* \param[in] data Buffer containing the key data.
* \param data_length The number of bytes that make up the key data.
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
* \retval PSA_ERROR_INSUFFICIENT_STORAGE
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_OCCUPIED_SLOT
*/
psa_status_t psa_save_persistent_key( const psa_key_slot_t key,
psa_status_t psa_save_persistent_key( const psa_key_id_t key,
const psa_key_type_t type,
const psa_key_policy_t *policy,
const uint8_t *data,
@ -87,10 +87,8 @@ psa_status_t psa_save_persistent_key( const psa_key_slot_t key,
* this function to zeroize and free this buffer, regardless of whether this
* function succeeds or fails.
*
* \param key Slot number whose content is to be loaded. This
* must be an unoccupied key slot with an occupied
* corresponding storage location. The key slot
* lifetime must be set to persistent.
* \param key Persistent identifier of the key to be loaded. This
* should be an occupied storage location.
* \param[out] type On success, the key type (a \c PSA_KEY_TYPE_XXX
* value).
* \param[out] policy On success, the key's policy.
@ -100,8 +98,9 @@ psa_status_t psa_save_persistent_key( const psa_key_slot_t key,
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_EMPTY_SLOT
*/
psa_status_t psa_load_persistent_key( psa_key_slot_t key,
psa_status_t psa_load_persistent_key( psa_key_id_t key,
psa_key_type_t *type,
psa_key_policy_t *policy,
uint8_t **data,
@ -110,16 +109,18 @@ psa_status_t psa_load_persistent_key( psa_key_slot_t key,
/**
* \brief Remove persistent data for the given key slot number.
*
* \param key Slot number whose content is to be removed
* \param key Persistent identifier of the key to remove
* from persistent storage.
*
* \retval PSA_SUCCESS
* The key was successfully removed,
* or the key did not exist.
* \retval PSA_ERROR_STORAGE_FAILURE
*/
psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key );
psa_status_t psa_destroy_persistent_key( const psa_key_id_t key );
/**
* \brief Zeroizes and frees the given buffer.
* \brief Free the temporary buffer allocated by psa_load_persistent_key().
*
* This function must be called at some point after psa_load_persistent_key()
* to zeroize and free the memory allocated to the buffer in that function.

29
library/psa_crypto_storage_backend.h
View File

@ -47,15 +47,16 @@ extern "C" {
* This function reads data from a storage backend and returns the data in a
* buffer.
*
* \param key Slot number whose content is to be loaded. This must
* be a key slot whose lifetime is set to persistent.
* \param[out] data Buffer where the data is to be written.
* \param data_size Size of the \c data buffer in bytes.
* \param key Persistent identifier of the key to be loaded. This
* should be an occupied storage location.
* \param[out] data Buffer where the data is to be written.
* \param data_size Size of the \c data buffer in bytes.
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_EMPTY_SLOT
*/
psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
size_t data_size );
/**
@ -63,7 +64,8 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
*
* This function stores the given data buffer to a persistent storage.
*
* \param key Slot number whose content is to be stored.
* \param key Persistent identifier of the key to be stored. This
* should be an unoccupied storage location.
* \param[in] data Buffer containing the data to be stored.
* \param data_length The number of bytes
* that make up the data.
@ -71,8 +73,9 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
* \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_STORAGE
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_OCCUPIED_SLOT
*/
psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
const uint8_t *data,
size_t data_length );
@ -82,26 +85,26 @@ psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
* This function checks if any key data or metadata exists for the key slot in
* the persistent storage.
*
* \param key Slot number whose content is to be checked.
* \param key Persistent identifier to check.
*
* \retval 0
* No persistent data present for slot number
* \retval 1
* Persistent data present for slot number
*/
int psa_is_key_present_in_storage( const psa_key_slot_t key );
int psa_is_key_present_in_storage( const psa_key_id_t key );
/**
* \brief Get data length for given key slot number.
*
* \param key Slot number whose stored data length is to be obtained.
* \param[out] data_length The number of bytes
* that make up the data.
* \param key Persistent identifier whose stored data length
* is to be obtained.
* \param[out] data_length The number of bytes that make up the data.
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_STORAGE_FAILURE
*/
psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
size_t *data_length );

26
library/psa_crypto_storage_file.c
View File

@ -48,15 +48,15 @@
enum { MAX_LOCATION_LEN = sizeof(CRYPTO_STORAGE_FILE_LOCATION) + 40 };
static void key_slot_to_location( const psa_key_slot_t key,
char *location,
size_t location_size )
static void key_id_to_location( const psa_key_id_t key,
char *location,
size_t location_size )
{
mbedtls_snprintf( location, location_size,
CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_%d", key );
}
psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
size_t data_size )
{
psa_status_t status = PSA_SUCCESS;
@ -64,7 +64,7 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
size_t num_read;
char slot_location[MAX_LOCATION_LEN];
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
file = fopen( slot_location, "rb" );
if( file == NULL )
{
@ -81,12 +81,12 @@ exit:
return( status );
}
int psa_is_key_present_in_storage( const psa_key_slot_t key )
int psa_is_key_present_in_storage( const psa_key_id_t key )
{
char slot_location[MAX_LOCATION_LEN];
FILE *file;
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
file = fopen( slot_location, "r" );
if( file == NULL )
@ -99,7 +99,7 @@ int psa_is_key_present_in_storage( const psa_key_slot_t key )
return( 1 );
}
psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
const uint8_t *data,
size_t data_length )
{
@ -114,7 +114,7 @@ psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
* affect actual keys. */
const char *temp_location = CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_0";
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
if( psa_is_key_present_in_storage( key ) == 1 )
return( PSA_ERROR_OCCUPIED_SLOT );
@ -154,12 +154,12 @@ exit:
return( status );
}
psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
{
FILE *file;
char slot_location[MAX_LOCATION_LEN];
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
/* Only try remove the file if it exists */
file = fopen( slot_location, "rb" );
@ -173,7 +173,7 @@ psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
return( PSA_SUCCESS );
}
psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
size_t *data_length )
{
psa_status_t status = PSA_SUCCESS;
@ -181,7 +181,7 @@ psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
long file_size;
char slot_location[MAX_LOCATION_LEN];
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
file = fopen( slot_location, "rb" );
if( file == NULL )

12
library/psa_crypto_storage_its.c
View File

@ -68,12 +68,12 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret )
}
}
static uint32_t psa_its_identifier_of_slot( psa_key_slot_t key )
static uint32_t psa_its_identifier_of_slot( psa_key_id_t key )
{
return( key );
}
psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
size_t data_size )
{
psa_its_status_t ret;
@ -92,7 +92,7 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
return( status );
}
int psa_is_key_present_in_storage( const psa_key_slot_t key )
int psa_is_key_present_in_storage( const psa_key_id_t key )
{
psa_its_status_t ret;
uint32_t data_identifier = psa_its_identifier_of_slot( key );
@ -105,7 +105,7 @@ int psa_is_key_present_in_storage( const psa_key_slot_t key )
return( 1 );
}
psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
const uint8_t *data,
size_t data_length )
{
@ -143,7 +143,7 @@ exit:
return( status );
}
psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
{
psa_its_status_t ret;
uint32_t data_identifier = psa_its_identifier_of_slot( key );
@ -163,7 +163,7 @@ psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
return( PSA_SUCCESS );
}
psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
size_t *data_length )
{
psa_its_status_t ret;