TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 162a1104be6109c72d142e0eb24a541124a86be3^! / . / library
commit162a1104be6109c72d142e0eb24a541124a86be3[log] [tgz]
authorTorstein Nesse <torstein.nesse@silabs.com>Wed Oct 07 10:50:15 2020 +0200
committerTorstein Nesse <torstein.nesse@silabs.com>Wed Oct 07 10:54:24 2020 +0200
treeda60c8335fc931328c43c2e1f24b5bbfca772e3f
parent7f007f70e06e45ffcb70cee75c5e71b3316a3316 [diff]
Changes PSA key storage format to include key bits

* Stores bits in psa_persistent_key_storage_format.
* psa_load_persistent_key_into_slot still imports plaintext keys which
  ensures that the bits value gets set.
* Updates key specification to match new implementation.
* Expands persistent store and load tests with to check for bits
  attribute.
* Removes bits storage from psa_se_key_data_storage_t.

Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 931e2e9..a35af8e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -1897,13 +1897,9 @@
             static_assert( sizeof( slot->data.se.slot_number ) ==
                            sizeof( data.slot_number ),
                            "Slot number size does not match psa_se_key_data_storage_t" );
-            static_assert( sizeof( slot->attr.bits ) == sizeof( data.bits ),
-                           "Bit-size size does not match psa_se_key_data_storage_t" );
 #endif
             memcpy( &data.slot_number, &slot->data.se.slot_number,
                     sizeof( slot->data.se.slot_number ) );
-            memcpy( &data.bits, &slot->attr.bits,
-                    sizeof( slot->attr.bits ) );
             status = psa_save_persistent_key( &slot->attr,
                                               (uint8_t*) &data,
                                               sizeof( data ) );

diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h
index 5691738..67fadf8 100644
--- a/library/psa_crypto_se.h
+++ b/library/psa_crypto_se.h

@@ -182,7 +182,6 @@
 typedef struct
 {
     uint8_t slot_number[sizeof( psa_key_slot_number_t )];
-    uint8_t bits[sizeof( psa_key_bits_t )];
 } psa_se_key_data_storage_t;
 
 #endif /* PSA_CRYPTO_SE_H */

diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index e526560..b7a3c13 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c

@@ -137,8 +137,6 @@
         data = (psa_se_key_data_storage_t *) key_data;
         memcpy( &slot->data.se.slot_number, &data->slot_number,
                 sizeof( slot->data.se.slot_number ) );
-        memcpy( &slot->attr.bits, &data->bits,
-                sizeof( slot->attr.bits ) );
     }
     else
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */

diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 46d0b65..2ab5903 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c

@@ -253,6 +253,25 @@
 }
 #endif
 
+/*
+ * 16-bit integer manipulation macros (little endian)
+ */
+#ifndef GET_UINT16_LE
+#define GET_UINT16_LE( n, b, i )                        \
+{                                                       \
+    (n) = ( (uint16_t) (b)[(i)    ]       )             \
+        | ( (uint16_t) (b)[(i) + 1] <<  8 );            \
+}
+#endif
+
+#ifndef PUT_UINT16_LE
+#define PUT_UINT16_LE( n, b, i )                                \
+{                                                               \
+    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
+    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
+}
+#endif
+
 /**
  * Persistent key storage magic header.
  */
@@ -263,9 +282,8 @@
     uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
     uint8_t version[4];
     uint8_t lifetime[sizeof( psa_key_lifetime_t )];
-    uint8_t type[4]; /* Size=4 for a 2-byte type to keep the structure more
-                      * regular and aligned and to make potential future
-                      * extensibility easier. */
+    uint8_t type[2];
+    uint8_t bits[2];
     uint8_t policy[sizeof( psa_key_policy_t )];
     uint8_t data_len[4];
     uint8_t key_data[];
@@ -282,7 +300,8 @@
     memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
     PUT_UINT32_LE( 0, storage_format->version, 0 );
     PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
-    PUT_UINT32_LE( (uint32_t) attr->type, storage_format->type, 0 );
+    PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 );
+    PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 );
     PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
     PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
     PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
@@ -308,7 +327,6 @@
     const psa_persistent_key_storage_format *storage_format =
         (const psa_persistent_key_storage_format *)storage_data;
     uint32_t version;
-    uint32_t type;
 
     if( storage_data_length < sizeof(*storage_format) )
         return( PSA_ERROR_STORAGE_FAILURE );
@@ -339,11 +357,8 @@
     }
 
     GET_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
-    GET_UINT32_LE( type, storage_format->type, 0 );
-    if( type <= (psa_key_type_t) -1 )
-        attr->type = (psa_key_type_t) type;
-    else
-        return( PSA_ERROR_STORAGE_FAILURE );
+    GET_UINT16_LE( attr->type, storage_format->type, 0 );
+    GET_UINT16_LE( attr->bits, storage_format->bits, 0 );
     GET_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
     GET_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
     GET_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );