psa: Add storage implementation for files
Add new functions, psa_load_persistent_key(),
psa_free_persistent_key_data(), and psa_save_persistent_key(), for
managing persistent keys. These functions load to or save from our
internal representation of key slots. Serialization is a concern of the
storage backend implementation and doesn't abstraction-leak into the
lifetime management code.
An initial implementation for files is provided. Additional storage
backends can implement this interface for other storage types.
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 89be6fe..7af7fcf 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -113,6 +113,7 @@
add_test_suite(psa_crypto)
add_test_suite(psa_crypto_hash)
add_test_suite(psa_crypto_metadata)
+add_test_suite(psa_crypto_storage_file)
add_test_suite(shax)
add_test_suite(ssl)
add_test_suite(timing)
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 5b04d84..73152cf 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -644,6 +644,8 @@
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_FS_IO
+scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
# to re-enable platform integration features otherwise disabled in C99 builds
make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs
@@ -859,6 +861,8 @@
scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
+scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C # depends on MBEDTLS_FS_IO
+scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
@@ -877,6 +881,8 @@
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
+scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C # depends on MBEDTLS_FS_IO
+scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
echo "Checking that software 64-bit division is not required"
if_build_succeeded not grep __aeabi_uldiv library/*.o
@@ -897,6 +903,8 @@
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
+scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C # depends on MBEDTLS_FS_IO
+scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
echo "Checking that software 64-bit multiplication is not required"
if_build_succeeded not grep __aeabi_lmul library/*.o
@@ -920,6 +928,8 @@
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME
+scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C # depends on MBEDTLS_FS_IO
+scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
if [ $RUN_ARMCC -ne 0 ]; then
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
diff --git a/tests/suites/test_suite_psa_crypto_storage_file.data b/tests/suites/test_suite_psa_crypto_storage_file.data
new file mode 100644
index 0000000..730e092
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_storage_file.data
@@ -0,0 +1,43 @@
+PSA Storage Load verify loaded file
+depends_on:MBEDTLS_FS_IO
+load_data_from_file:1:"deadbeef":1:4:PSA_SUCCESS
+
+PSA Storage Load check slots dont share state
+depends_on:MBEDTLS_FS_IO
+load_data_from_file:2:"deadbeef":1:4:PSA_ERROR_STORAGE_FAILURE
+
+PSA Storage Load zero length file
+depends_on:MBEDTLS_FS_IO
+load_data_from_file:1:"":1:1:PSA_SUCCESS
+
+PSA Storage Load less than capacity of data buffer
+depends_on:MBEDTLS_FS_IO
+load_data_from_file:1:"deadbeef":1:5:PSA_SUCCESS
+
+PSA Storage Load nonexistent file location, should fail
+depends_on:MBEDTLS_FS_IO
+load_data_from_file:1:"deadbeef":0:4:PSA_ERROR_STORAGE_FAILURE
+
+PSA Storage Store verify stored file
+depends_on:MBEDTLS_FS_IO
+write_data_to_file:"deadbeef":PSA_SUCCESS
+
+PSA Storage Store into preexisting location, should fail
+depends_on:MBEDTLS_FS_IO
+write_data_to_prexisting_file:"psa_key_slot_1":"deadbeef":PSA_ERROR_OCCUPIED_SLOT
+
+PSA Storage Store, preexisting temp_location file, should succeed
+depends_on:MBEDTLS_FS_IO
+write_data_to_prexisting_file:"psa_key_slot_0":"deadbeef":PSA_SUCCESS
+
+PSA Storage Get data size verify data size
+depends_on:MBEDTLS_FS_IO
+get_file_size:"deadbeef":4:PSA_SUCCESS:1
+
+PSA Storage Get data size verify data size zero length file
+depends_on:MBEDTLS_FS_IO
+get_file_size:"":0:PSA_SUCCESS:1
+
+PSA Storage Get data size nonexistent file location, should fail
+depends_on:MBEDTLS_FS_IO
+get_file_size:"deadbeef":4:PSA_ERROR_EMPTY_SLOT:0
diff --git a/tests/suites/test_suite_psa_crypto_storage_file.function b/tests/suites/test_suite_psa_crypto_storage_file.function
new file mode 100644
index 0000000..b6dcad7
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_storage_file.function
@@ -0,0 +1,159 @@
+/* BEGIN_HEADER */
+#include <stdint.h>
+#include "psa/crypto.h"
+#include "psa_crypto_storage_backend.h"
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void load_data_from_file( int slot_to_load, data_t *data, int should_make_file,
+ int capacity_arg, int expected_status )
+{
+ char slot_location[] = "psa_key_slot_1";
+ psa_status_t status;
+ int ret;
+ size_t file_size = 0;
+ uint8_t *loaded_data = NULL;
+ size_t capacity = (size_t) capacity_arg;
+
+ if( should_make_file == 1 )
+ {
+ /* Create a file with data contents, with mask permissions. */
+ FILE *file;
+ file = fopen( slot_location, "wb+" );
+ TEST_ASSERT( file != NULL );
+ file_size = fwrite( data->x, 1, data->len, file );
+ TEST_ASSERT( file_size == data->len );
+ ret = fclose( file );
+ TEST_ASSERT( ret == 0 );
+ }
+
+ /* Read from the file with psa_crypto_storage_load. */
+ loaded_data = mbedtls_calloc( 1, capacity );
+ TEST_ASSERT( loaded_data != NULL );
+ status = psa_crypto_storage_load( (psa_key_slot_t) slot_to_load, loaded_data,
+ file_size );
+
+ /* Check we get the expected status. */
+ TEST_ASSERT( status == expected_status );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ /* Check that the file data and data length is what we expect. */
+ ASSERT_COMPARE( data->x, data->len, loaded_data, file_size );
+
+exit:
+ mbedtls_free( loaded_data );
+ remove( slot_location );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void write_data_to_file( data_t *data, int expected_status )
+{
+ char slot_location[] = "psa_key_slot_1";
+ psa_status_t status;
+ int ret;
+ FILE *file;
+ size_t file_size;
+ size_t num_read;
+ uint8_t *loaded_data = NULL;
+
+ /* Write data to file. */
+ status = psa_crypto_storage_store( 1, data->x, data->len );
+
+ /* Check that we got the expected status. */
+ TEST_ASSERT( status == expected_status );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ /* Check that the file length is what we expect */
+ file = fopen( slot_location, "rb" );
+ TEST_ASSERT( file != NULL );
+ fseek( file, 0, SEEK_END );
+ file_size = (size_t) ftell( file );
+ fseek( file, 0, SEEK_SET );
+ TEST_ASSERT( file_size == data->len );
+
+ /* Check that the file contents are what we expect */
+ loaded_data = mbedtls_calloc( 1, data->len );
+ TEST_ASSERT( loaded_data != NULL );
+
+ num_read = fread( loaded_data, 1, file_size, file );
+ TEST_ASSERT( num_read == file_size );
+ ASSERT_COMPARE( data->x, data->len, loaded_data, file_size );
+ ret = fclose( file );
+ TEST_ASSERT( ret == 0 );
+
+exit:
+ mbedtls_free( loaded_data );
+ remove( slot_location );
+}
+/* END_CASE */
+
+
+/* BEGIN_CASE */
+void get_file_size( data_t *data, int expected_data_length,
+ int expected_status, int should_make_file )
+{
+ char slot_location[] = "psa_key_slot_1";
+ psa_status_t status;
+ int ret;
+ size_t file_size;
+
+ if( should_make_file )
+ {
+ /* Create a file with data contents, with mask permissions. */
+ FILE *file;
+ file = fopen( slot_location, "wb+" );
+ TEST_ASSERT( file != NULL );
+ file_size = fwrite( data->x, 1, data->len, file );
+ TEST_ASSERT( file_size == data->len );
+ ret = fclose( file );
+ TEST_ASSERT( ret == 0 );
+ }
+
+ /* Check get data size is what we expect */
+ status = psa_crypto_storage_get_data_length( 1, &file_size );
+ TEST_ASSERT( status == expected_status );
+ if( expected_status == PSA_SUCCESS )
+ TEST_ASSERT( file_size == (size_t)expected_data_length );
+
+exit:
+ remove( slot_location );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void write_data_to_prexisting_file( char *preexist_file_location,
+ data_t *data, int expected_status )
+{
+ char slot_location[] = "psa_key_slot_1";
+ psa_status_t status;
+ int ret;
+ FILE *file;
+
+ /* Create file first */
+ file = fopen( preexist_file_location, "wb" );
+ TEST_ASSERT( file != NULL );
+ ret = fclose( file );
+ TEST_ASSERT( ret == 0 );
+
+ /* Write data to file. */
+ status = psa_crypto_storage_store( 1, data->x, data->len );
+
+ /* Check that we got the expected status. */
+ TEST_ASSERT( status == expected_status );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+exit:
+ remove( preexist_file_location );
+ remove( slot_location );
+}
+/* END_CASE */