psa_crypto_storage.c | Explore in Territory

/*
 *  PSA persistent key storage
 */
/*
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 */

#include "common.h"

#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)

#include <stdlib.h>
#include <string.h>

#include "psa/crypto.h"
#include "psa_crypto_storage.h"
#include "mbedtls/platform_util.h"

#if defined(MBEDTLS_PSA_ITS_FILE_C)
#include "psa_crypto_its.h"
#else /* Native ITS implementation */
#include "psa/error.h"
#include "psa/internal_trusted_storage.h"
#endif

#include "mbedtls/platform.h"



/****************************************************************/
/* Key storage */
/****************************************************************/

/* Determine a file name (ITS file identifier) for the given key identifier.
 * The file name must be distinct from any file that is used for a purpose
 * other than storing a key. Currently, the only such file is the random seed
 * file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is
 * 0xFFFFFF52. */
static psa_storage_uid_t psa_its_identifier_of_slot(mbedtls_svc_key_id_t key)
{ … }

/**
 * \brief Load persistent data for the given key slot number.
 *
 * This function reads data from a storage backend and returns the data in a
 * buffer.
 *
 * \param key               Persistent identifier of the key to be loaded. This
 *                          should be an occupied storage location.
 * \param[out] data         Buffer where the data is to be written.
 * \param data_size         Size of the \c data buffer in bytes.
 *
 * \retval #PSA_SUCCESS \emptydescription
 * \retval #PSA_ERROR_DATA_INVALID \emptydescription
 * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
 * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
 * \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription
 */
static psa_status_t psa_crypto_storage_load(
    const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size)
{ … }

int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key)
{ … }

/**
 * \brief Store persistent data for the given key slot number.
 *
 * This function stores the given data buffer to a persistent storage.
 *
 * \param key           Persistent identifier of the key to be stored. This
 *                      should be an unoccupied storage location.
 * \param[in] data      Buffer containing the data to be stored.
 * \param data_length   The number of bytes
 *                      that make up the data.
 *
 * \retval #PSA_SUCCESS \emptydescription
 * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
 * \retval #PSA_ERROR_ALREADY_EXISTS \emptydescription
 * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
 * \retval #PSA_ERROR_DATA_INVALID \emptydescription
 */
static psa_status_t psa_crypto_storage_store(const mbedtls_svc_key_id_t key,
                                             const uint8_t *data,
                                             size_t data_length)
{ … }

psa_status_t psa_destroy_persistent_key(const mbedtls_svc_key_id_t key)
{ … }

/**
 * \brief Get data length for given key slot number.
 *
 * \param key               Persistent identifier whose stored data length
 *                          is to be obtained.
 * \param[out] data_length  The number of bytes that make up the data.
 *
 * \retval #PSA_SUCCESS \emptydescription
 * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
 * \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription
 * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
 */
static psa_status_t psa_crypto_storage_get_data_length(
    const mbedtls_svc_key_id_t key,
    size_t *data_length)
{ … }

/**
 * Persistent key storage magic header.
 */
#define PSA_KEY_STORAGE_MAGIC_HEADER …
#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH …

psa_persistent_key_storage_format;

void psa_format_key_data_for_storage(const uint8_t *data,
                                     const size_t data_length,
                                     const psa_key_attributes_t *attr,
                                     uint8_t *storage_data)
{ … }

static psa_status_t check_magic_header(const uint8_t *data)
{ … }

psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data,
                                             size_t storage_data_length,
                                             uint8_t **key_data,
                                             size_t *key_data_length,
                                             psa_key_attributes_t *attr)
{ … }

psa_status_t psa_save_persistent_key(const psa_key_attributes_t *attr,
                                     const uint8_t *data,
                                     const size_t data_length)
{ … }

void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length)
{ … }

psa_status_t psa_load_persistent_key(psa_key_attributes_t *attr,
                                     uint8_t **data,
                                     size_t *data_length)
{ … }



/****************************************************************/
/* Transactions */
/****************************************************************/

#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)

psa_crypto_transaction_t psa_crypto_transaction;

psa_status_t psa_crypto_save_transaction(void)
{
    struct psa_storage_info_t p_info;
    psa_status_t status;
    status = psa_its_get_info(PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info);
    if (status == PSA_SUCCESS) {
        /* This shouldn't happen: we're trying to start a transaction while
         * there is still a transaction that hasn't been replayed. */
        return PSA_ERROR_CORRUPTION_DETECTED;
    } else if (status != PSA_ERROR_DOES_NOT_EXIST) {
        return status;
    }
    return psa_its_set(PSA_CRYPTO_ITS_TRANSACTION_UID,
                       sizeof(psa_crypto_transaction),
                       &psa_crypto_transaction,
                       0);
}

psa_status_t psa_crypto_load_transaction(void)
{
    psa_status_t status;
    size_t length;
    status = psa_its_get(PSA_CRYPTO_ITS_TRANSACTION_UID, 0,
                         sizeof(psa_crypto_transaction),
                         &psa_crypto_transaction, &length);
    if (status != PSA_SUCCESS) {
        return status;
    }
    if (length != sizeof(psa_crypto_transaction)) {
        return PSA_ERROR_DATA_INVALID;
    }
    return PSA_SUCCESS;
}

psa_status_t psa_crypto_stop_transaction(void)
{
    psa_status_t status = psa_its_remove(PSA_CRYPTO_ITS_TRANSACTION_UID);
    /* Whether or not updating the storage succeeded, the transaction is
     * finished now. It's too late to go back, so zero out the in-memory
     * data. */
    memset(&psa_crypto_transaction, 0, sizeof(psa_crypto_transaction));
    return status;
}

#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */



/****************************************************************/
/* Random generator state */
/****************************************************************/

#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
psa_status_t mbedtls_psa_storage_inject_entropy(const unsigned char *seed,
                                                size_t seed_size)
{
    psa_status_t status;
    struct psa_storage_info_t p_info;

    status = psa_its_get_info(PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info);

    if (PSA_ERROR_DOES_NOT_EXIST == status) { /* No seed exists */
        status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0);
    } else if (PSA_SUCCESS == status) {
        /* You should not be here. Seed needs to be injected only once */
        status = PSA_ERROR_NOT_PERMITTED;
    }
    return status;
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */



/****************************************************************/
/* The end */
/****************************************************************/

#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
godot/thirdparty/mbedtls/library/psa_crypto_storage.c
