• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  PSA persistent key storage
3  */
4 /*
5  *  Copyright The Mbed TLS Contributors
6  *  SPDX-License-Identifier: Apache-2.0
7  *
8  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
9  *  not use this file except in compliance with the License.
10  *  You may obtain a copy of the License at
11  *
12  *  http://www.apache.org/licenses/LICENSE-2.0
13  *
14  *  Unless required by applicable law or agreed to in writing, software
15  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  *  See the License for the specific language governing permissions and
18  *  limitations under the License.
19  */
20 
21 #include "common.h"
22 
23 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
24 
25 #include <stdlib.h>
26 #include <string.h>
27 
28 #include "psa/crypto.h"
29 #include "psa_crypto_storage.h"
30 #include "mbedtls/platform_util.h"
31 
32 #if defined(MBEDTLS_PSA_ITS_FILE_C)
33 #include "psa_crypto_its.h"
34 #else /* Native ITS implementation */
35 #include "psa/error.h"
36 #include "psa/internal_trusted_storage.h"
37 #endif
38 
39 #include "mbedtls/platform.h"
40 
41 
42 
43 /****************************************************************/
44 /* Key storage */
45 /****************************************************************/
46 
47 /* Determine a file name (ITS file identifier) for the given key identifier.
48  * The file name must be distinct from any file that is used for a purpose
49  * other than storing a key. Currently, the only such file is the random seed
50  * file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is
51  * 0xFFFFFF52. */
psa_its_identifier_of_slot(mbedtls_svc_key_id_t key)52 static psa_storage_uid_t psa_its_identifier_of_slot(mbedtls_svc_key_id_t key)
53 {
54 #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
55     /* Encode the owner in the upper 32 bits. This means that if
56      * owner values are nonzero (as they are on a PSA platform),
57      * no key file will ever have a value less than 0x100000000, so
58      * the whole range 0..0xffffffff is available for non-key files. */
59     uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key);
60     return ((uint64_t) unsigned_owner_id << 32) |
61            MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key);
62 #else
63     /* Use the key id directly as a file name.
64      * psa_is_key_id_valid() in psa_crypto_slot_management.c
65      * is responsible for ensuring that key identifiers do not have a
66      * value that is reserved for non-key files. */
67     return key;
68 #endif
69 }
70 
71 /**
72  * \brief Load persistent data for the given key slot number.
73  *
74  * This function reads data from a storage backend and returns the data in a
75  * buffer.
76  *
77  * \param key               Persistent identifier of the key to be loaded. This
78  *                          should be an occupied storage location.
79  * \param[out] data         Buffer where the data is to be written.
80  * \param data_size         Size of the \c data buffer in bytes.
81  *
82  * \retval #PSA_SUCCESS \emptydescription
83  * \retval #PSA_ERROR_DATA_INVALID \emptydescription
84  * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
85  * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
86  * \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription
87  */
psa_crypto_storage_load(const mbedtls_svc_key_id_t key,uint8_t * data,size_t data_size)88 static psa_status_t psa_crypto_storage_load(
89     const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size)
90 {
91     psa_status_t status;
92     psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
93     struct psa_storage_info_t data_identifier_info;
94     size_t data_length = 0;
95 
96     status = psa_its_get_info(data_identifier, &data_identifier_info);
97     if (status  != PSA_SUCCESS) {
98         return status;
99     }
100 
101     status = psa_its_get(data_identifier, 0, (uint32_t) data_size, data, &data_length);
102     if (data_size  != data_length) {
103         return PSA_ERROR_DATA_INVALID;
104     }
105 
106     return status;
107 }
108 
psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key)109 int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key)
110 {
111     psa_status_t ret;
112     psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
113     struct psa_storage_info_t data_identifier_info;
114 
115     ret = psa_its_get_info(data_identifier, &data_identifier_info);
116 
117     if (ret == PSA_ERROR_DOES_NOT_EXIST) {
118         return 0;
119     }
120     return 1;
121 }
122 
123 /**
124  * \brief Store persistent data for the given key slot number.
125  *
126  * This function stores the given data buffer to a persistent storage.
127  *
128  * \param key           Persistent identifier of the key to be stored. This
129  *                      should be an unoccupied storage location.
130  * \param[in] data      Buffer containing the data to be stored.
131  * \param data_length   The number of bytes
132  *                      that make up the data.
133  *
134  * \retval #PSA_SUCCESS \emptydescription
135  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
136  * \retval #PSA_ERROR_ALREADY_EXISTS \emptydescription
137  * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
138  * \retval #PSA_ERROR_DATA_INVALID \emptydescription
139  */
psa_crypto_storage_store(const mbedtls_svc_key_id_t key,const uint8_t * data,size_t data_length)140 static psa_status_t psa_crypto_storage_store(const mbedtls_svc_key_id_t key,
141                                              const uint8_t *data,
142                                              size_t data_length)
143 {
144     psa_status_t status;
145     psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
146     struct psa_storage_info_t data_identifier_info;
147 
148     if (psa_is_key_present_in_storage(key) == 1) {
149         return PSA_ERROR_ALREADY_EXISTS;
150     }
151 
152     status = psa_its_set(data_identifier, (uint32_t) data_length, data, 0);
153     if (status != PSA_SUCCESS) {
154         return PSA_ERROR_DATA_INVALID;
155     }
156 
157     status = psa_its_get_info(data_identifier, &data_identifier_info);
158     if (status != PSA_SUCCESS) {
159         goto exit;
160     }
161 
162     if (data_identifier_info.size != data_length) {
163         status = PSA_ERROR_DATA_INVALID;
164         goto exit;
165     }
166 
167 exit:
168     if (status != PSA_SUCCESS) {
169         /* Remove the file in case we managed to create it but something
170          * went wrong. It's ok if the file doesn't exist. If the file exists
171          * but the removal fails, we're already reporting an error so there's
172          * nothing else we can do. */
173         (void) psa_its_remove(data_identifier);
174     }
175     return status;
176 }
177 
psa_destroy_persistent_key(const mbedtls_svc_key_id_t key)178 psa_status_t psa_destroy_persistent_key(const mbedtls_svc_key_id_t key)
179 {
180     psa_status_t ret;
181     psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
182     struct psa_storage_info_t data_identifier_info;
183 
184     ret = psa_its_get_info(data_identifier, &data_identifier_info);
185     if (ret == PSA_ERROR_DOES_NOT_EXIST) {
186         return PSA_SUCCESS;
187     }
188 
189     if (psa_its_remove(data_identifier) != PSA_SUCCESS) {
190         return PSA_ERROR_DATA_INVALID;
191     }
192 
193     ret = psa_its_get_info(data_identifier, &data_identifier_info);
194     if (ret != PSA_ERROR_DOES_NOT_EXIST) {
195         return PSA_ERROR_DATA_INVALID;
196     }
197 
198     return PSA_SUCCESS;
199 }
200 
201 /**
202  * \brief Get data length for given key slot number.
203  *
204  * \param key               Persistent identifier whose stored data length
205  *                          is to be obtained.
206  * \param[out] data_length  The number of bytes that make up the data.
207  *
208  * \retval #PSA_SUCCESS \emptydescription
209  * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
210  * \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription
211  * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
212  */
psa_crypto_storage_get_data_length(const mbedtls_svc_key_id_t key,size_t * data_length)213 static psa_status_t psa_crypto_storage_get_data_length(
214     const mbedtls_svc_key_id_t key,
215     size_t *data_length)
216 {
217     psa_status_t status;
218     psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
219     struct psa_storage_info_t data_identifier_info;
220 
221     status = psa_its_get_info(data_identifier, &data_identifier_info);
222     if (status != PSA_SUCCESS) {
223         return status;
224     }
225 
226     *data_length = (size_t) data_identifier_info.size;
227 
228     return PSA_SUCCESS;
229 }
230 
231 /**
232  * Persistent key storage magic header.
233  */
234 #define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
235 #define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH (sizeof(PSA_KEY_STORAGE_MAGIC_HEADER))
236 
237 typedef struct {
238     uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
239     uint8_t version[4];
240     uint8_t lifetime[sizeof(psa_key_lifetime_t)];
241     uint8_t type[2];
242     uint8_t bits[2];
243     uint8_t policy[sizeof(psa_key_policy_t)];
244     uint8_t data_len[4];
245     uint8_t key_data[];
246 } psa_persistent_key_storage_format;
247 
psa_format_key_data_for_storage(const uint8_t * data,const size_t data_length,const psa_core_key_attributes_t * attr,uint8_t * storage_data)248 void psa_format_key_data_for_storage(const uint8_t *data,
249                                      const size_t data_length,
250                                      const psa_core_key_attributes_t *attr,
251                                      uint8_t *storage_data)
252 {
253     psa_persistent_key_storage_format *storage_format =
254         (psa_persistent_key_storage_format *) storage_data;
255 
256     memcpy(storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER,
257            PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH);
258     MBEDTLS_PUT_UINT32_LE(0, storage_format->version, 0);
259     MBEDTLS_PUT_UINT32_LE(attr->lifetime, storage_format->lifetime, 0);
260     MBEDTLS_PUT_UINT16_LE((uint16_t) attr->type, storage_format->type, 0);
261     MBEDTLS_PUT_UINT16_LE((uint16_t) attr->bits, storage_format->bits, 0);
262     MBEDTLS_PUT_UINT32_LE(attr->policy.usage, storage_format->policy, 0);
263     MBEDTLS_PUT_UINT32_LE(attr->policy.alg, storage_format->policy, sizeof(uint32_t));
264     MBEDTLS_PUT_UINT32_LE(attr->policy.alg2, storage_format->policy, 2 * sizeof(uint32_t));
265     MBEDTLS_PUT_UINT32_LE(data_length, storage_format->data_len, 0);
266     memcpy(storage_format->key_data, data, data_length);
267 }
268 
check_magic_header(const uint8_t * data)269 static psa_status_t check_magic_header(const uint8_t *data)
270 {
271     if (memcmp(data, PSA_KEY_STORAGE_MAGIC_HEADER,
272                PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH) != 0) {
273         return PSA_ERROR_DATA_INVALID;
274     }
275     return PSA_SUCCESS;
276 }
277 
psa_parse_key_data_from_storage(const uint8_t * storage_data,size_t storage_data_length,uint8_t ** key_data,size_t * key_data_length,psa_core_key_attributes_t * attr)278 psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data,
279                                              size_t storage_data_length,
280                                              uint8_t **key_data,
281                                              size_t *key_data_length,
282                                              psa_core_key_attributes_t *attr)
283 {
284     psa_status_t status;
285     const psa_persistent_key_storage_format *storage_format =
286         (const psa_persistent_key_storage_format *) storage_data;
287     uint32_t version;
288 
289     if (storage_data_length < sizeof(*storage_format)) {
290         return PSA_ERROR_DATA_INVALID;
291     }
292 
293     status = check_magic_header(storage_data);
294     if (status != PSA_SUCCESS) {
295         return status;
296     }
297 
298     version = MBEDTLS_GET_UINT32_LE(storage_format->version, 0);
299     if (version != 0) {
300         return PSA_ERROR_DATA_INVALID;
301     }
302 
303     *key_data_length = MBEDTLS_GET_UINT32_LE(storage_format->data_len, 0);
304     if (*key_data_length > (storage_data_length - sizeof(*storage_format)) ||
305         *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE) {
306         return PSA_ERROR_DATA_INVALID;
307     }
308 
309     if (*key_data_length == 0) {
310         *key_data = NULL;
311     } else {
312         *key_data = mbedtls_calloc(1, *key_data_length);
313         if (*key_data == NULL) {
314             return PSA_ERROR_INSUFFICIENT_MEMORY;
315         }
316         memcpy(*key_data, storage_format->key_data, *key_data_length);
317     }
318 
319     attr->lifetime = MBEDTLS_GET_UINT32_LE(storage_format->lifetime, 0);
320     attr->type = MBEDTLS_GET_UINT16_LE(storage_format->type, 0);
321     attr->bits = MBEDTLS_GET_UINT16_LE(storage_format->bits, 0);
322     attr->policy.usage = MBEDTLS_GET_UINT32_LE(storage_format->policy, 0);
323     attr->policy.alg = MBEDTLS_GET_UINT32_LE(storage_format->policy, sizeof(uint32_t));
324     attr->policy.alg2 = MBEDTLS_GET_UINT32_LE(storage_format->policy, 2 * sizeof(uint32_t));
325 
326     return PSA_SUCCESS;
327 }
328 
psa_save_persistent_key(const psa_core_key_attributes_t * attr,const uint8_t * data,const size_t data_length)329 psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr,
330                                      const uint8_t *data,
331                                      const size_t data_length)
332 {
333     size_t storage_data_length;
334     uint8_t *storage_data;
335     psa_status_t status;
336 
337     /* All keys saved to persistent storage always have a key context */
338     if (data == NULL || data_length == 0) {
339         return PSA_ERROR_INVALID_ARGUMENT;
340     }
341 
342     if (data_length > PSA_CRYPTO_MAX_STORAGE_SIZE) {
343         return PSA_ERROR_INSUFFICIENT_STORAGE;
344     }
345     storage_data_length = data_length + sizeof(psa_persistent_key_storage_format);
346 
347     storage_data = mbedtls_calloc(1, storage_data_length);
348     if (storage_data == NULL) {
349         return PSA_ERROR_INSUFFICIENT_MEMORY;
350     }
351 
352     psa_format_key_data_for_storage(data, data_length, attr, storage_data);
353 
354     status = psa_crypto_storage_store(attr->id,
355                                       storage_data, storage_data_length);
356 
357     mbedtls_platform_zeroize(storage_data, storage_data_length);
358     mbedtls_free(storage_data);
359 
360     return status;
361 }
362 
psa_free_persistent_key_data(uint8_t * key_data,size_t key_data_length)363 void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length)
364 {
365     if (key_data != NULL) {
366         mbedtls_platform_zeroize(key_data, key_data_length);
367     }
368     mbedtls_free(key_data);
369 }
370 
psa_load_persistent_key(psa_core_key_attributes_t * attr,uint8_t ** data,size_t * data_length)371 psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr,
372                                      uint8_t **data,
373                                      size_t *data_length)
374 {
375     psa_status_t status = PSA_SUCCESS;
376     uint8_t *loaded_data;
377     size_t storage_data_length = 0;
378     mbedtls_svc_key_id_t key = attr->id;
379 
380     status = psa_crypto_storage_get_data_length(key, &storage_data_length);
381     if (status != PSA_SUCCESS) {
382         return status;
383     }
384 
385     loaded_data = mbedtls_calloc(1, storage_data_length);
386 
387     if (loaded_data == NULL) {
388         return PSA_ERROR_INSUFFICIENT_MEMORY;
389     }
390 
391     status = psa_crypto_storage_load(key, loaded_data, storage_data_length);
392     if (status != PSA_SUCCESS) {
393         goto exit;
394     }
395 
396     status = psa_parse_key_data_from_storage(loaded_data, storage_data_length,
397                                              data, data_length, attr);
398 
399     /* All keys saved to persistent storage always have a key context */
400     if (status == PSA_SUCCESS &&
401         (*data == NULL || *data_length == 0)) {
402         status = PSA_ERROR_STORAGE_FAILURE;
403     }
404 
405 exit:
406     mbedtls_platform_zeroize(loaded_data, storage_data_length);
407     mbedtls_free(loaded_data);
408     return status;
409 }
410 
411 
412 
413 /****************************************************************/
414 /* Transactions */
415 /****************************************************************/
416 
417 #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
418 
419 psa_crypto_transaction_t psa_crypto_transaction;
420 
psa_crypto_save_transaction(void)421 psa_status_t psa_crypto_save_transaction(void)
422 {
423     struct psa_storage_info_t p_info;
424     psa_status_t status;
425     status = psa_its_get_info(PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info);
426     if (status == PSA_SUCCESS) {
427         /* This shouldn't happen: we're trying to start a transaction while
428          * there is still a transaction that hasn't been replayed. */
429         return PSA_ERROR_CORRUPTION_DETECTED;
430     } else if (status != PSA_ERROR_DOES_NOT_EXIST) {
431         return status;
432     }
433     return psa_its_set(PSA_CRYPTO_ITS_TRANSACTION_UID,
434                        sizeof(psa_crypto_transaction),
435                        &psa_crypto_transaction,
436                        0);
437 }
438 
psa_crypto_load_transaction(void)439 psa_status_t psa_crypto_load_transaction(void)
440 {
441     psa_status_t status;
442     size_t length;
443     status = psa_its_get(PSA_CRYPTO_ITS_TRANSACTION_UID, 0,
444                          sizeof(psa_crypto_transaction),
445                          &psa_crypto_transaction, &length);
446     if (status != PSA_SUCCESS) {
447         return status;
448     }
449     if (length != sizeof(psa_crypto_transaction)) {
450         return PSA_ERROR_DATA_INVALID;
451     }
452     return PSA_SUCCESS;
453 }
454 
psa_crypto_stop_transaction(void)455 psa_status_t psa_crypto_stop_transaction(void)
456 {
457     psa_status_t status = psa_its_remove(PSA_CRYPTO_ITS_TRANSACTION_UID);
458     /* Whether or not updating the storage succeeded, the transaction is
459      * finished now. It's too late to go back, so zero out the in-memory
460      * data. */
461     memset(&psa_crypto_transaction, 0, sizeof(psa_crypto_transaction));
462     return status;
463 }
464 
465 #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
466 
467 
468 
469 /****************************************************************/
470 /* Random generator state */
471 /****************************************************************/
472 
473 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
mbedtls_psa_storage_inject_entropy(const unsigned char * seed,size_t seed_size)474 psa_status_t mbedtls_psa_storage_inject_entropy(const unsigned char *seed,
475                                                 size_t seed_size)
476 {
477     psa_status_t status;
478     struct psa_storage_info_t p_info;
479 
480     status = psa_its_get_info(PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info);
481 
482     if (PSA_ERROR_DOES_NOT_EXIST == status) { /* No seed exists */
483         status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0);
484     } else if (PSA_SUCCESS == status) {
485         /* You should not be here. Seed needs to be injected only once */
486         status = PSA_ERROR_NOT_PERMITTED;
487     }
488     return status;
489 }
490 #endif /* MBEDTLS_PSA_INJECT_ENTROPY */
491 
492 
493 
494 /****************************************************************/
495 /* The end */
496 /****************************************************************/
497 
498 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
499