mbedtls/library/psa_crypto_storage_file.c
Darryl Green db2b8db715 psa: Add storage implementation for files
Add new functions, psa_load_persistent_key(),
psa_free_persistent_key_data(), and psa_save_persistent_key(), for
managing persistent keys. These functions load to or save from our
internal representation of key slots. Serialization is a concern of the
storage backend implementation and doesn't abstraction-leak into the
lifetime management code.

An initial implementation for files is provided. Additional storage
backends can implement this interface for other storage types.
2018-11-20 15:21:22 +00:00

219 lines
5.7 KiB
C

/*
* PSA file storage backend for persistent keys
*/
/* Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#if defined(MBEDTLS_CONFIG_FILE)
#include MBEDTLS_CONFIG_FILE
#else
#include "mbedtls/config.h"
#endif
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C)
#include <string.h>
#include "psa/crypto.h"
#include "psa_crypto_storage_backend.h"
#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#define mbedtls_snprintf snprintf
#endif
/* This option sets where files are to be stored. If this is left unset,
* the files by default will be stored in the same location as the program,
* which may not be desired or possible. */
#if !defined(CRYPTO_STORAGE_FILE_LOCATION)
#define CRYPTO_STORAGE_FILE_LOCATION ""
#endif
enum { MAX_LOCATION_LEN = sizeof(CRYPTO_STORAGE_FILE_LOCATION) + 40 };
static void key_slot_to_location( const psa_key_slot_t key,
char *location,
size_t location_size )
{
mbedtls_snprintf( location, location_size,
CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_%d", key );
}
psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
size_t data_size )
{
psa_status_t status = PSA_SUCCESS;
FILE *file;
size_t num_read;
char slot_location[MAX_LOCATION_LEN];
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
file = fopen( slot_location, "rb" );
if( file == NULL )
{
status = PSA_ERROR_STORAGE_FAILURE;
goto exit;
}
num_read = fread( data, 1, data_size, file );
if( num_read != data_size )
status = PSA_ERROR_STORAGE_FAILURE;
exit:
if( file != NULL )
fclose( file );
return( status );
}
int psa_is_key_present_in_storage( const psa_key_slot_t key )
{
char slot_location[MAX_LOCATION_LEN];
FILE *file;
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
file = fopen( slot_location, "r" );
if( file == NULL )
{
/* File doesn't exist */
return( 0 );
}
fclose( file );
return( 1 );
}
psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
const uint8_t *data,
size_t data_length )
{
psa_status_t status = PSA_SUCCESS;
int ret;
size_t num_written;
char slot_location[MAX_LOCATION_LEN];
FILE *file;
/* The storage location corresponding to "key slot 0" is used as a
* temporary location in order to make the apparition of the actual slot
* file atomic. 0 is not a valid key slot number, so this should not
* affect actual keys. */
const char *temp_location = CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_0";
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
if( psa_is_key_present_in_storage( key ) == 1 )
return( PSA_ERROR_OCCUPIED_SLOT );
file = fopen( temp_location, "wb" );
if( file == NULL )
{
status = PSA_ERROR_STORAGE_FAILURE;
goto exit;
}
num_written = fwrite( data, 1, data_length, file );
if( num_written != data_length )
{
status = PSA_ERROR_STORAGE_FAILURE;
goto exit;
}
ret = fclose( file );
file = NULL;
if( ret != 0 )
{
status = PSA_ERROR_STORAGE_FAILURE;
goto exit;
}
if( rename( temp_location, slot_location ) != 0 )
{
status = PSA_ERROR_STORAGE_FAILURE;
goto exit;
}
exit:
if( file != NULL )
fclose( file );
remove( temp_location );
return( status );
}
psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
{
FILE *file;
char slot_location[MAX_LOCATION_LEN];
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
/* Only try remove the file if it exists */
file = fopen( slot_location, "rb" );
if( file != NULL )
{
fclose( file );
if( remove( slot_location ) != 0 )
return( PSA_ERROR_STORAGE_FAILURE );
}
return( PSA_SUCCESS );
}
psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
size_t *data_length )
{
psa_status_t status = PSA_SUCCESS;
FILE *file;
long file_size;
char slot_location[MAX_LOCATION_LEN];
key_slot_to_location( key, slot_location, MAX_LOCATION_LEN );
file = fopen( slot_location, "rb" );
if( file == NULL )
return( PSA_ERROR_EMPTY_SLOT );
if( fseek( file, 0, SEEK_END ) != 0 )
{
status = PSA_ERROR_STORAGE_FAILURE;
goto exit;
}
file_size = ftell( file );
if( file_size < 0 )
{
status = PSA_ERROR_STORAGE_FAILURE;
goto exit;
}
#if LONG_MAX > SIZE_MAX
if( (unsigned long) file_size > SIZE_MAX )
{
status = PSA_ERROR_STORAGE_FAILURE;
goto exit;
}
#endif
*data_length = (size_t) file_size;
exit:
fclose( file );
return( status );
}
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C */