1 /*
2 * PSA persistent key storage
3 */
4 /*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21 #include "common.h"
22
23 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
24
25 #include <stdlib.h>
26 #include <string.h>
27
28 #include "psa/crypto.h"
29 #include "psa_crypto_storage.h"
30 #include "mbedtls/platform_util.h"
31
32 #if defined(MBEDTLS_PSA_ITS_FILE_C)
33 #include "psa_crypto_its.h"
34 #else /* Native ITS implementation */
35 #include "psa/error.h"
36 #include "psa/internal_trusted_storage.h"
37 #endif
38
39 #if defined(MBEDTLS_PLATFORM_C)
40 #include "mbedtls/platform.h"
41 #else
42 #include <stdlib.h>
43 #define mbedtls_calloc calloc
44 #define mbedtls_free free
45 #endif
46
47
48
49 /****************************************************************/
50 /* Key storage */
51 /****************************************************************/
52
53 /* Determine a file name (ITS file identifier) for the given key identifier.
54 * The file name must be distinct from any file that is used for a purpose
55 * other than storing a key. Currently, the only such file is the random seed
56 * file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is
57 * 0xFFFFFF52. */
psa_its_identifier_of_slot(mbedtls_svc_key_id_t key)58 static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key )
59 {
60 #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
61 /* Encode the owner in the upper 32 bits. This means that if
62 * owner values are nonzero (as they are on a PSA platform),
63 * no key file will ever have a value less than 0x100000000, so
64 * the whole range 0..0xffffffff is available for non-key files. */
65 uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key );
66 return( ( (uint64_t) unsigned_owner_id << 32 ) |
67 MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) );
68 #else
69 /* Use the key id directly as a file name.
70 * psa_is_key_id_valid() in psa_crypto_slot_management.c
71 * is responsible for ensuring that key identifiers do not have a
72 * value that is reserved for non-key files. */
73 return( key );
74 #endif
75 }
76
77 /**
78 * \brief Load persistent data for the given key slot number.
79 *
80 * This function reads data from a storage backend and returns the data in a
81 * buffer.
82 *
83 * \param key Persistent identifier of the key to be loaded. This
84 * should be an occupied storage location.
85 * \param[out] data Buffer where the data is to be written.
86 * \param data_size Size of the \c data buffer in bytes.
87 *
88 * \retval #PSA_SUCCESS
89 * \retval #PSA_ERROR_DATA_INVALID
90 * \retval #PSA_ERROR_DATA_CORRUPT
91 * \retval #PSA_ERROR_STORAGE_FAILURE
92 * \retval #PSA_ERROR_DOES_NOT_EXIST
93 */
psa_crypto_storage_load(const mbedtls_svc_key_id_t key,uint8_t * data,size_t data_size)94 static psa_status_t psa_crypto_storage_load(
95 const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size )
96 {
97 psa_status_t status;
98 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
99 struct psa_storage_info_t data_identifier_info;
100 size_t data_length = 0;
101
102 status = psa_its_get_info( data_identifier, &data_identifier_info );
103 if( status != PSA_SUCCESS )
104 return( status );
105
106 status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length );
107 if( data_size != data_length )
108 return( PSA_ERROR_DATA_INVALID );
109
110 return( status );
111 }
112
psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key)113 int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key )
114 {
115 psa_status_t ret;
116 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
117 struct psa_storage_info_t data_identifier_info;
118
119 ret = psa_its_get_info( data_identifier, &data_identifier_info );
120
121 if( ret == PSA_ERROR_DOES_NOT_EXIST )
122 return( 0 );
123 return( 1 );
124 }
125
126 /**
127 * \brief Store persistent data for the given key slot number.
128 *
129 * This function stores the given data buffer to a persistent storage.
130 *
131 * \param key Persistent identifier of the key to be stored. This
132 * should be an unoccupied storage location.
133 * \param[in] data Buffer containing the data to be stored.
134 * \param data_length The number of bytes
135 * that make up the data.
136 *
137 * \retval #PSA_SUCCESS
138 * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
139 * \retval #PSA_ERROR_ALREADY_EXISTS
140 * \retval #PSA_ERROR_STORAGE_FAILURE
141 * \retval #PSA_ERROR_DATA_INVALID
142 */
psa_crypto_storage_store(const mbedtls_svc_key_id_t key,const uint8_t * data,size_t data_length)143 static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key,
144 const uint8_t *data,
145 size_t data_length )
146 {
147 psa_status_t status;
148 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
149 struct psa_storage_info_t data_identifier_info;
150
151 if( psa_is_key_present_in_storage( key ) == 1 )
152 return( PSA_ERROR_ALREADY_EXISTS );
153
154 status = psa_its_set( data_identifier, (uint32_t) data_length, data, 0 );
155 if( status != PSA_SUCCESS )
156 {
157 return( PSA_ERROR_DATA_INVALID );
158 }
159
160 status = psa_its_get_info( data_identifier, &data_identifier_info );
161 if( status != PSA_SUCCESS )
162 {
163 goto exit;
164 }
165
166 if( data_identifier_info.size != data_length )
167 {
168 status = PSA_ERROR_DATA_INVALID;
169 goto exit;
170 }
171
172 exit:
173 if( status != PSA_SUCCESS )
174 {
175 /* Remove the file in case we managed to create it but something
176 * went wrong. It's ok if the file doesn't exist. If the file exists
177 * but the removal fails, we're already reporting an error so there's
178 * nothing else we can do. */
179 (void) psa_its_remove( data_identifier );
180 }
181 return( status );
182 }
183
psa_destroy_persistent_key(const mbedtls_svc_key_id_t key)184 psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key )
185 {
186 psa_status_t ret;
187 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
188 struct psa_storage_info_t data_identifier_info;
189
190 ret = psa_its_get_info( data_identifier, &data_identifier_info );
191 if( ret == PSA_ERROR_DOES_NOT_EXIST )
192 return( PSA_SUCCESS );
193
194 if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
195 return( PSA_ERROR_DATA_INVALID );
196
197 ret = psa_its_get_info( data_identifier, &data_identifier_info );
198 if( ret != PSA_ERROR_DOES_NOT_EXIST )
199 return( PSA_ERROR_DATA_INVALID );
200
201 return( PSA_SUCCESS );
202 }
203
204 /**
205 * \brief Get data length for given key slot number.
206 *
207 * \param key Persistent identifier whose stored data length
208 * is to be obtained.
209 * \param[out] data_length The number of bytes that make up the data.
210 *
211 * \retval #PSA_SUCCESS
212 * \retval #PSA_ERROR_STORAGE_FAILURE
213 * \retval #PSA_ERROR_DOES_NOT_EXIST
214 * \retval #PSA_ERROR_DATA_CORRUPT
215 */
psa_crypto_storage_get_data_length(const mbedtls_svc_key_id_t key,size_t * data_length)216 static psa_status_t psa_crypto_storage_get_data_length(
217 const mbedtls_svc_key_id_t key,
218 size_t *data_length )
219 {
220 psa_status_t status;
221 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
222 struct psa_storage_info_t data_identifier_info;
223
224 status = psa_its_get_info( data_identifier, &data_identifier_info );
225 if( status != PSA_SUCCESS )
226 return( status );
227
228 *data_length = (size_t) data_identifier_info.size;
229
230 return( PSA_SUCCESS );
231 }
232
233 /**
234 * Persistent key storage magic header.
235 */
236 #define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
237 #define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )
238
239 typedef struct {
240 uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
241 uint8_t version[4];
242 uint8_t lifetime[sizeof( psa_key_lifetime_t )];
243 uint8_t type[2];
244 uint8_t bits[2];
245 uint8_t policy[sizeof( psa_key_policy_t )];
246 uint8_t data_len[4];
247 uint8_t key_data[];
248 } psa_persistent_key_storage_format;
249
psa_format_key_data_for_storage(const uint8_t * data,const size_t data_length,const psa_core_key_attributes_t * attr,uint8_t * storage_data)250 void psa_format_key_data_for_storage( const uint8_t *data,
251 const size_t data_length,
252 const psa_core_key_attributes_t *attr,
253 uint8_t *storage_data )
254 {
255 psa_persistent_key_storage_format *storage_format =
256 (psa_persistent_key_storage_format *) storage_data;
257
258 memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
259 MBEDTLS_PUT_UINT32_LE( 0, storage_format->version, 0 );
260 MBEDTLS_PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
261 MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 );
262 MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 );
263 MBEDTLS_PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
264 MBEDTLS_PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
265 MBEDTLS_PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
266 MBEDTLS_PUT_UINT32_LE( data_length, storage_format->data_len, 0 );
267 memcpy( storage_format->key_data, data, data_length );
268 }
269
check_magic_header(const uint8_t * data)270 static psa_status_t check_magic_header( const uint8_t *data )
271 {
272 if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER,
273 PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 )
274 return( PSA_ERROR_DATA_INVALID );
275 return( PSA_SUCCESS );
276 }
277
psa_parse_key_data_from_storage(const uint8_t * storage_data,size_t storage_data_length,uint8_t ** key_data,size_t * key_data_length,psa_core_key_attributes_t * attr)278 psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
279 size_t storage_data_length,
280 uint8_t **key_data,
281 size_t *key_data_length,
282 psa_core_key_attributes_t *attr )
283 {
284 psa_status_t status;
285 const psa_persistent_key_storage_format *storage_format =
286 (const psa_persistent_key_storage_format *)storage_data;
287 uint32_t version;
288
289 if( storage_data_length < sizeof(*storage_format) )
290 return( PSA_ERROR_DATA_INVALID );
291
292 status = check_magic_header( storage_data );
293 if( status != PSA_SUCCESS )
294 return( status );
295
296 version = MBEDTLS_GET_UINT32_LE( storage_format->version, 0 );
297 if( version != 0 )
298 return( PSA_ERROR_DATA_INVALID );
299
300 *key_data_length = MBEDTLS_GET_UINT32_LE( storage_format->data_len, 0 );
301 if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
302 *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
303 return( PSA_ERROR_DATA_INVALID );
304
305 if( *key_data_length == 0 )
306 {
307 *key_data = NULL;
308 }
309 else
310 {
311 *key_data = mbedtls_calloc( 1, *key_data_length );
312 if( *key_data == NULL )
313 return( PSA_ERROR_INSUFFICIENT_MEMORY );
314 memcpy( *key_data, storage_format->key_data, *key_data_length );
315 }
316
317 attr->lifetime = MBEDTLS_GET_UINT32_LE( storage_format->lifetime, 0 );
318 attr->type = MBEDTLS_GET_UINT16_LE( storage_format->type, 0 );
319 attr->bits = MBEDTLS_GET_UINT16_LE( storage_format->bits, 0 );
320 attr->policy.usage = MBEDTLS_GET_UINT32_LE( storage_format->policy, 0 );
321 attr->policy.alg = MBEDTLS_GET_UINT32_LE( storage_format->policy, sizeof( uint32_t ) );
322 attr->policy.alg2 = MBEDTLS_GET_UINT32_LE( storage_format->policy, 2 * sizeof( uint32_t ) );
323
324 return( PSA_SUCCESS );
325 }
326
psa_save_persistent_key(const psa_core_key_attributes_t * attr,const uint8_t * data,const size_t data_length)327 psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
328 const uint8_t *data,
329 const size_t data_length )
330 {
331 size_t storage_data_length;
332 uint8_t *storage_data;
333 psa_status_t status;
334
335 /* All keys saved to persistent storage always have a key context */
336 if( data == NULL || data_length == 0 )
337 return( PSA_ERROR_INVALID_ARGUMENT );
338
339 if( data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
340 return( PSA_ERROR_INSUFFICIENT_STORAGE );
341 storage_data_length = data_length + sizeof( psa_persistent_key_storage_format );
342
343 storage_data = mbedtls_calloc( 1, storage_data_length );
344 if( storage_data == NULL )
345 return( PSA_ERROR_INSUFFICIENT_MEMORY );
346
347 psa_format_key_data_for_storage( data, data_length, attr, storage_data );
348
349 status = psa_crypto_storage_store( attr->id,
350 storage_data, storage_data_length );
351
352 mbedtls_free( storage_data );
353
354 return( status );
355 }
356
psa_free_persistent_key_data(uint8_t * key_data,size_t key_data_length)357 void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
358 {
359 if( key_data != NULL )
360 {
361 mbedtls_platform_zeroize( key_data, key_data_length );
362 }
363 mbedtls_free( key_data );
364 }
365
psa_load_persistent_key(psa_core_key_attributes_t * attr,uint8_t ** data,size_t * data_length)366 psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
367 uint8_t **data,
368 size_t *data_length )
369 {
370 psa_status_t status = PSA_SUCCESS;
371 uint8_t *loaded_data;
372 size_t storage_data_length = 0;
373 mbedtls_svc_key_id_t key = attr->id;
374
375 status = psa_crypto_storage_get_data_length( key, &storage_data_length );
376 if( status != PSA_SUCCESS )
377 return( status );
378
379 loaded_data = mbedtls_calloc( 1, storage_data_length );
380
381 if( loaded_data == NULL )
382 return( PSA_ERROR_INSUFFICIENT_MEMORY );
383
384 status = psa_crypto_storage_load( key, loaded_data, storage_data_length );
385 if( status != PSA_SUCCESS )
386 goto exit;
387
388 status = psa_parse_key_data_from_storage( loaded_data, storage_data_length,
389 data, data_length, attr );
390
391 /* All keys saved to persistent storage always have a key context */
392 if( status == PSA_SUCCESS &&
393 ( *data == NULL || *data_length == 0 ) )
394 status = PSA_ERROR_STORAGE_FAILURE;
395
396 exit:
397 mbedtls_free( loaded_data );
398 return( status );
399 }
400
401
402
403 /****************************************************************/
404 /* Transactions */
405 /****************************************************************/
406
407 #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
408
409 psa_crypto_transaction_t psa_crypto_transaction;
410
psa_crypto_save_transaction(void)411 psa_status_t psa_crypto_save_transaction( void )
412 {
413 struct psa_storage_info_t p_info;
414 psa_status_t status;
415 status = psa_its_get_info( PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info );
416 if( status == PSA_SUCCESS )
417 {
418 /* This shouldn't happen: we're trying to start a transaction while
419 * there is still a transaction that hasn't been replayed. */
420 return( PSA_ERROR_CORRUPTION_DETECTED );
421 }
422 else if( status != PSA_ERROR_DOES_NOT_EXIST )
423 return( status );
424 return( psa_its_set( PSA_CRYPTO_ITS_TRANSACTION_UID,
425 sizeof( psa_crypto_transaction ),
426 &psa_crypto_transaction,
427 0 ) );
428 }
429
psa_crypto_load_transaction(void)430 psa_status_t psa_crypto_load_transaction( void )
431 {
432 psa_status_t status;
433 size_t length;
434 status = psa_its_get( PSA_CRYPTO_ITS_TRANSACTION_UID, 0,
435 sizeof( psa_crypto_transaction ),
436 &psa_crypto_transaction, &length );
437 if( status != PSA_SUCCESS )
438 return( status );
439 if( length != sizeof( psa_crypto_transaction ) )
440 return( PSA_ERROR_DATA_INVALID );
441 return( PSA_SUCCESS );
442 }
443
psa_crypto_stop_transaction(void)444 psa_status_t psa_crypto_stop_transaction( void )
445 {
446 psa_status_t status = psa_its_remove( PSA_CRYPTO_ITS_TRANSACTION_UID );
447 /* Whether or not updating the storage succeeded, the transaction is
448 * finished now. It's too late to go back, so zero out the in-memory
449 * data. */
450 memset( &psa_crypto_transaction, 0, sizeof( psa_crypto_transaction ) );
451 return( status );
452 }
453
454 #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
455
456
457
458 /****************************************************************/
459 /* Random generator state */
460 /****************************************************************/
461
462 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
mbedtls_psa_storage_inject_entropy(const unsigned char * seed,size_t seed_size)463 psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
464 size_t seed_size )
465 {
466 psa_status_t status;
467 struct psa_storage_info_t p_info;
468
469 status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
470
471 if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */
472 {
473 status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
474 }
475 else if( PSA_SUCCESS == status )
476 {
477 /* You should not be here. Seed needs to be injected only once */
478 status = PSA_ERROR_NOT_PERMITTED;
479 }
480 return( status );
481 }
482 #endif /* MBEDTLS_PSA_INJECT_ENTROPY */
483
484
485
486 /****************************************************************/
487 /* The end */
488 /****************************************************************/
489
490 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
491