library/psa_crypto_storage_file.c

/*
 *  PSA file storage backend for persistent keys
 */
/*  Copyright (C) 2018, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 *  This file is part of mbed TLS (https://tls.mbed.org)
 */

#if defined(MBEDTLS_CONFIG_FILE)
#include MBEDTLS_CONFIG_FILE
#else
#include "mbedtls/config.h"
#endif

#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C)

#include <string.h>

#include "psa/crypto.h"
#include "psa_crypto_storage_backend.h"
#include "mbedtls/platform_util.h"

#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#define mbedtls_snprintf snprintf
#endif

/* This option sets where files are to be stored. If this is left unset,
 * the files by default will be stored in the same location as the program,
 * which may not be desired or possible. */
#if !defined(CRYPTO_STORAGE_FILE_LOCATION)
#define CRYPTO_STORAGE_FILE_LOCATION ""
#endif

enum { MAX_LOCATION_LEN = sizeof(CRYPTO_STORAGE_FILE_LOCATION) + 40 };

static void key_id_to_location( const psa_key_id_t key,
                                char *location,
                                size_t location_size )
{
    mbedtls_snprintf( location, location_size,
                      CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_%lu",
                      (unsigned long) key );
}

psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
                                      size_t data_size )
{
    psa_status_t status = PSA_SUCCESS;
    FILE *file;
    size_t num_read;
    char slot_location[MAX_LOCATION_LEN];

    key_id_to_location( key, slot_location, MAX_LOCATION_LEN );
    file = fopen( slot_location, "rb" );
    if( file == NULL )
    {
        status = PSA_ERROR_STORAGE_FAILURE;
        goto exit;
    }
    num_read = fread( data, 1, data_size, file );
    if( num_read != data_size )
        status = PSA_ERROR_STORAGE_FAILURE;

exit:
    if( file != NULL )
        fclose( file );
    return( status );
}

int psa_is_key_present_in_storage( const psa_key_id_t key )
{
    char slot_location[MAX_LOCATION_LEN];
    FILE *file;

    key_id_to_location( key, slot_location, MAX_LOCATION_LEN );

    file = fopen( slot_location, "r" );
    if( file == NULL )
    {
        /* File doesn't exist */
        return( 0 );
    }

    fclose( file );
    return( 1 );
}

psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
                                       const uint8_t *data,
                                       size_t data_length )
{
    psa_status_t status = PSA_SUCCESS;
    int ret;
    size_t num_written;
    char slot_location[MAX_LOCATION_LEN];
    FILE *file;
    /* The storage location corresponding to "key slot 0" is used as a
     * temporary location in order to make the apparition of the actual slot
     * file atomic. 0 is not a valid key slot number, so this should not
     * affect actual keys. */
    const char *temp_location = CRYPTO_STORAGE_FILE_LOCATION "psa_key_slot_0";

    key_id_to_location( key, slot_location, MAX_LOCATION_LEN );

    if( psa_is_key_present_in_storage( key ) == 1 )
        return( PSA_ERROR_OCCUPIED_SLOT );

    file = fopen( temp_location, "wb" );
    if( file == NULL )
    {
        status = PSA_ERROR_STORAGE_FAILURE;
        goto exit;
    }

    num_written = fwrite( data, 1, data_length, file );
    if( num_written != data_length )
    {
        status = PSA_ERROR_STORAGE_FAILURE;
        goto exit;
    }

    ret = fclose( file );
    file = NULL;
    if( ret != 0 )
    {
        status = PSA_ERROR_STORAGE_FAILURE;
        goto exit;
    }

    if( rename( temp_location, slot_location ) != 0 )
    {
        status = PSA_ERROR_STORAGE_FAILURE;
        goto exit;
    }

exit:
    if( file != NULL )
        fclose( file );
    remove( temp_location );
    return( status );
}

psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
{
    FILE *file;
    char slot_location[MAX_LOCATION_LEN];

    key_id_to_location( key, slot_location, MAX_LOCATION_LEN );

    /* Only try remove the file if it exists */
    file = fopen( slot_location, "rb" );
    if( file != NULL )
    {
        fclose( file );

        if( remove( slot_location ) != 0 )
            return( PSA_ERROR_STORAGE_FAILURE );
    }
    return( PSA_SUCCESS );
}

psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
                                                 size_t *data_length )
{
    psa_status_t status = PSA_SUCCESS;
    FILE *file;
    long file_size;
    char slot_location[MAX_LOCATION_LEN];

    key_id_to_location( key, slot_location, MAX_LOCATION_LEN );

    file = fopen( slot_location, "rb" );
    if( file == NULL )
        return( PSA_ERROR_EMPTY_SLOT );

    if( fseek( file, 0, SEEK_END ) != 0 )
    {
        status = PSA_ERROR_STORAGE_FAILURE;
        goto exit;
    }

    file_size = ftell( file );

    if( file_size < 0 )
    {
        status = PSA_ERROR_STORAGE_FAILURE;
        goto exit;
    }

#if LONG_MAX > SIZE_MAX
    if( (unsigned long) file_size > SIZE_MAX )
    {
        status = PSA_ERROR_STORAGE_FAILURE;
        goto exit;
    }
#endif
    *data_length = (size_t) file_size;

exit:
    fclose( file );
    return( status );
}

#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C */