AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Persistent storage implementation: psa_key_slot_t -> psa_key_id_t

Browse Source 
Move the persistent storage implementation from psa_key_slot_t to
psa_key_id_t. For the most part, this just means changing the types of
function arguments.

Update the documentation of some functions to reflect the fact that
the slot identifier is purely a storage identifier and is not related
to how the slot is designated in memory.
This commit is contained in:
Gilles Peskine 2018-12-03 16:48:09 +01:00
parent b0edfb513b
commit 8d4919bc6a
5 changed files with 51 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/psa_crypto_storage.c
View File

@ -147,7 +147,7 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
psa_status_t psa_save_persistent_key( const psa_key_slot_t key, psa_status_t psa_save_persistent_key( const psa_key_id_t key,
const psa_key_type_t type, const psa_key_type_t type,
const psa_key_policy_t *policy, const psa_key_policy_t *policy,
const uint8_t *data, const uint8_t *data,
@ -185,7 +185,7 @@ void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
mbedtls_free( key_data ); mbedtls_free( key_data );
} }
psa_status_t psa_load_persistent_key( psa_key_slot_t key, psa_status_t psa_load_persistent_key( psa_key_id_t key,
psa_key_type_t *type, psa_key_type_t *type,
psa_key_policy_t *policy, psa_key_policy_t *policy,
uint8_t **data, uint8_t **data,

27
library/psa_crypto_storage.h
View File

@ -56,20 +56,20 @@ extern "C" {
* already occupied non-persistent key, as well as validating the key data. * already occupied non-persistent key, as well as validating the key data.
* *
* *
* \param key Slot number of the key to be stored. This must be a * \param key Persistent identifier of the key to be stored. This
* valid slot for a key of the chosen type. This should be * should be an unoccupied storage location.
* an occupied key slot with an unoccupied corresponding
* storage location.
* \param type Key type (a \c PSA_KEY_TYPE_XXX value). * \param type Key type (a \c PSA_KEY_TYPE_XXX value).
* \param[in] policy The key policy to save. * \param[in] policy The key policy to save.
* \param[in] data Buffer containing the key data. * \param[in] data Buffer containing the key data.
* \param data_length The number of bytes that make up the key data. * \param data_length The number of bytes that make up the key data.
* *
* \retval PSA_SUCCESS * \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
* \retval PSA_ERROR_INSUFFICIENT_STORAGE * \retval PSA_ERROR_INSUFFICIENT_STORAGE
* \retval PSA_ERROR_STORAGE_FAILURE * \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_OCCUPIED_SLOT
*/ */
psa_status_t psa_save_persistent_key( const psa_key_slot_t key, psa_status_t psa_save_persistent_key( const psa_key_id_t key,
const psa_key_type_t type, const psa_key_type_t type,
const psa_key_policy_t *policy, const psa_key_policy_t *policy,
const uint8_t *data, const uint8_t *data,
@ -87,10 +87,8 @@ psa_status_t psa_save_persistent_key( const psa_key_slot_t key,
* this function to zeroize and free this buffer, regardless of whether this * this function to zeroize and free this buffer, regardless of whether this
* function succeeds or fails. * function succeeds or fails.
* *
* \param key Slot number whose content is to be loaded. This * \param key Persistent identifier of the key to be loaded. This
* must be an unoccupied key slot with an occupied * should be an occupied storage location.
* corresponding storage location. The key slot
* lifetime must be set to persistent.
* \param[out] type On success, the key type (a \c PSA_KEY_TYPE_XXX * \param[out] type On success, the key type (a \c PSA_KEY_TYPE_XXX
* value). * value).
* \param[out] policy On success, the key's policy. * \param[out] policy On success, the key's policy.
@ -100,8 +98,9 @@ psa_status_t psa_save_persistent_key( const psa_key_slot_t key,
* \retval PSA_SUCCESS * \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_MEMORY * \retval PSA_ERROR_INSUFFICIENT_MEMORY
* \retval PSA_ERROR_STORAGE_FAILURE * \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_EMPTY_SLOT
*/ */
psa_status_t psa_load_persistent_key( psa_key_slot_t key, psa_status_t psa_load_persistent_key( psa_key_id_t key,
psa_key_type_t *type, psa_key_type_t *type,
psa_key_policy_t *policy, psa_key_policy_t *policy,
uint8_t **data, uint8_t **data,
@ -110,16 +109,18 @@ psa_status_t psa_load_persistent_key( psa_key_slot_t key,
/** /**
* \brief Remove persistent data for the given key slot number. * \brief Remove persistent data for the given key slot number.
* *
* \param key Slot number whose content is to be removed * \param key Persistent identifier of the key to remove
* from persistent storage. * from persistent storage.
* *
* \retval PSA_SUCCESS * \retval PSA_SUCCESS
* The key was successfully removed,
* or the key did not exist.
* \retval PSA_ERROR_STORAGE_FAILURE * \retval PSA_ERROR_STORAGE_FAILURE
*/ */
psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key ); psa_status_t psa_destroy_persistent_key( const psa_key_id_t key );
/** /**
* \brief Zeroizes and frees the given buffer. * \brief Free the temporary buffer allocated by psa_load_persistent_key().
* *
* This function must be called at some point after psa_load_persistent_key() * This function must be called at some point after psa_load_persistent_key()
* to zeroize and free the memory allocated to the buffer in that function. * to zeroize and free the memory allocated to the buffer in that function.

29
library/psa_crypto_storage_backend.h
View File

@ -47,15 +47,16 @@ extern "C" {
* This function reads data from a storage backend and returns the data in a * This function reads data from a storage backend and returns the data in a
* buffer. * buffer.
* *
* \param key Slot number whose content is to be loaded. This must * \param key Persistent identifier of the key to be loaded. This
* be a key slot whose lifetime is set to persistent. * should be an occupied storage location.
* \param[out] data Buffer where the data is to be written. * \param[out] data Buffer where the data is to be written.
* \param data_size Size of the \c data buffer in bytes. * \param data_size Size of the \c data buffer in bytes.
* *
* \retval PSA_SUCCESS * \retval PSA_SUCCESS
* \retval PSA_ERROR_STORAGE_FAILURE * \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_EMPTY_SLOT
*/ */
psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data, psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
size_t data_size ); size_t data_size );
/** /**
@ -63,7 +64,8 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
* *
* This function stores the given data buffer to a persistent storage. * This function stores the given data buffer to a persistent storage.
* *
* \param key Slot number whose content is to be stored. * \param key Persistent identifier of the key to be stored. This
* should be an unoccupied storage location.
* \param[in] data Buffer containing the data to be stored. * \param[in] data Buffer containing the data to be stored.
* \param data_length The number of bytes * \param data_length The number of bytes
* that make up the data. * that make up the data.
@ -71,8 +73,9 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
* \retval PSA_SUCCESS * \retval PSA_SUCCESS
* \retval PSA_ERROR_INSUFFICIENT_STORAGE * \retval PSA_ERROR_INSUFFICIENT_STORAGE
* \retval PSA_ERROR_STORAGE_FAILURE * \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_OCCUPIED_SLOT
*/ */
psa_status_t psa_crypto_storage_store( const psa_key_slot_t key, psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
const uint8_t *data, const uint8_t *data,
size_t data_length ); size_t data_length );
@ -82,26 +85,26 @@ psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
* This function checks if any key data or metadata exists for the key slot in * This function checks if any key data or metadata exists for the key slot in
* the persistent storage. * the persistent storage.
* *
* \param key Slot number whose content is to be checked. * \param key Persistent identifier to check.
* *
* \retval 0 * \retval 0
* No persistent data present for slot number * No persistent data present for slot number
* \retval 1 * \retval 1
* Persistent data present for slot number * Persistent data present for slot number
*/ */
int psa_is_key_present_in_storage( const psa_key_slot_t key ); int psa_is_key_present_in_storage( const psa_key_id_t key );
/** /**
* \brief Get data length for given key slot number. * \brief Get data length for given key slot number.
* *
* \param key Slot number whose stored data length is to be obtained. * \param key Persistent identifier whose stored data length
* \param[out] data_length The number of bytes * is to be obtained.
* that make up the data. * \param[out] data_length The number of bytes that make up the data.
* *
* \retval PSA_SUCCESS * \retval PSA_SUCCESS
* \retval PSA_ERROR_STORAGE_FAILURE * \retval PSA_ERROR_STORAGE_FAILURE
*/ */
psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key, psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
size_t *data_length ); size_t *data_length );

26
library/psa_crypto_storage_file.c
View File

@ -48,15 +48,15 @@
enum { MAX_LOCATION_LEN = sizeof(CRYPTO_STORAGE_FILE_LOCATION) + 40 }; enum { MAX_LOCATION_LEN = sizeof(CRYPTO_STORAGE_FILE_LOCATION) + 40 };
static void key_slot_to_location( const psa_key_slot_t key, static void key_id_to_location( const psa_key_id_t key,
char *location, char *location,
size_t location_size ) size_t location_size )
{ {
mbedtls_snprintf( location, location_size, mbedtls_snprintf( location, location_size,
CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_%d", key ); CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_%d", key );
} }
psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data, psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
size_t data_size ) size_t data_size )
{ {
psa_status_t status = PSA_SUCCESS; psa_status_t status = PSA_SUCCESS;
@ -64,7 +64,7 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
size_t num_read; size_t num_read;
char slot_location[MAX_LOCATION_LEN]; char slot_location[MAX_LOCATION_LEN];
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN ); key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
file = fopen( slot_location, "rb" ); file = fopen( slot_location, "rb" );
if( file == NULL ) if( file == NULL )
{ {
@ -81,12 +81,12 @@ exit:
return( status ); return( status );
} }
int psa_is_key_present_in_storage( const psa_key_slot_t key ) int psa_is_key_present_in_storage( const psa_key_id_t key )
{ {
char slot_location[MAX_LOCATION_LEN]; char slot_location[MAX_LOCATION_LEN];
FILE *file; FILE *file;
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN ); key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
file = fopen( slot_location, "r" ); file = fopen( slot_location, "r" );
if( file == NULL ) if( file == NULL )
@ -99,7 +99,7 @@ int psa_is_key_present_in_storage( const psa_key_slot_t key )
return( 1 ); return( 1 );
} }
psa_status_t psa_crypto_storage_store( const psa_key_slot_t key, psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
const uint8_t *data, const uint8_t *data,
size_t data_length ) size_t data_length )
{ {
@ -114,7 +114,7 @@ psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
* affect actual keys. */ * affect actual keys. */
const char *temp_location = CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_0"; const char *temp_location = CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_0";
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN ); key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
if( psa_is_key_present_in_storage( key ) == 1 ) if( psa_is_key_present_in_storage( key ) == 1 )
return( PSA_ERROR_OCCUPIED_SLOT ); return( PSA_ERROR_OCCUPIED_SLOT );
@ -154,12 +154,12 @@ exit:
return( status ); return( status );
} }
psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key ) psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
{ {
FILE *file; FILE *file;
char slot_location[MAX_LOCATION_LEN]; char slot_location[MAX_LOCATION_LEN];
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN ); key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
/* Only try remove the file if it exists */ /* Only try remove the file if it exists */
file = fopen( slot_location, "rb" ); file = fopen( slot_location, "rb" );
@ -173,7 +173,7 @@ psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key, psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
size_t *data_length ) size_t *data_length )
{ {
psa_status_t status = PSA_SUCCESS; psa_status_t status = PSA_SUCCESS;
@ -181,7 +181,7 @@ psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
long file_size; long file_size;
char slot_location[MAX_LOCATION_LEN]; char slot_location[MAX_LOCATION_LEN];
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN ); key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
file = fopen( slot_location, "rb" ); file = fopen( slot_location, "rb" );
if( file == NULL ) if( file == NULL )

12
library/psa_crypto_storage_its.c
View File

@ -68,12 +68,12 @@ static psa_status_t its_to_psa_error( psa_its_status_t ret )
} }
} }
static uint32_t psa_its_identifier_of_slot( psa_key_slot_t key ) static uint32_t psa_its_identifier_of_slot( psa_key_id_t key )
{ {
return( key ); return( key );
} }
psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data, psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
size_t data_size ) size_t data_size )
{ {
psa_its_status_t ret; psa_its_status_t ret;
@ -92,7 +92,7 @@ psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
return( status ); return( status );
} }
int psa_is_key_present_in_storage( const psa_key_slot_t key ) int psa_is_key_present_in_storage( const psa_key_id_t key )
{ {
psa_its_status_t ret; psa_its_status_t ret;
uint32_t data_identifier = psa_its_identifier_of_slot( key ); uint32_t data_identifier = psa_its_identifier_of_slot( key );
@ -105,7 +105,7 @@ int psa_is_key_present_in_storage( const psa_key_slot_t key )
return( 1 ); return( 1 );
} }
psa_status_t psa_crypto_storage_store( const psa_key_slot_t key, psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
const uint8_t *data, const uint8_t *data,
size_t data_length ) size_t data_length )
{ {
@ -143,7 +143,7 @@ exit:
return( status ); return( status );
} }
psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key ) psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
{ {
psa_its_status_t ret; psa_its_status_t ret;
uint32_t data_identifier = psa_its_identifier_of_slot( key ); uint32_t data_identifier = psa_its_identifier_of_slot( key );
@ -163,7 +163,7 @@ psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key, psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
size_t *data_length ) size_t *data_length )
{ {
psa_its_status_t ret; psa_its_status_t ret;