blob: 4f6701626e5a3c8407b4795bbbcf3d2e39aee2df [file] [log] [blame]
Moran Pekera26d7642018-11-20 18:33:41 +02001/*
2 * PSA storage backend for persistent keys using psa_its APIs.
3 */
4/* Copyright (C) 2018, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22#if defined(MBEDTLS_CONFIG_FILE)
23#include MBEDTLS_CONFIG_FILE
24#else
25#include "mbedtls/config.h"
26#endif
27
28#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
itayzafrir7132dd92019-01-29 14:23:52 +020029/*
30 * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is being built for SPM
31 * (Secure Partition Manager) integration which separates the code into two
32 * parts: NSPE (Non-Secure Processing Environment) and SPE (Secure Processing
33 * Environment). When building for the SPE, an additional header file should be
34 * included.
35 */
36#if defined(MBEDTLS_PSA_CRYPTO_SPM)
37/*
38 * PSA_CRYPTO_SECURE means that this file is compiled for the SPE.
39 * Some headers will be affected by this flag.
40 */
41#define PSA_CRYPTO_SECURE 1
42#endif
Moran Pekera26d7642018-11-20 18:33:41 +020043
David Saadab4ecc272019-02-14 13:48:10 +020044#include "psa/error.h"
Moran Pekera26d7642018-11-20 18:33:41 +020045#include "psa/crypto.h"
46#include "psa_crypto_storage_backend.h"
Oren Cohen23a67842019-01-24 14:32:11 +020047#include "psa/internal_trusted_storage.h"
Moran Pekera26d7642018-11-20 18:33:41 +020048
49#if defined(MBEDTLS_PLATFORM_C)
50#include "mbedtls/platform.h"
51#endif
52
David Saadaa2523b22019-02-18 13:56:26 +020053static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_id_t key )
Moran Pekera26d7642018-11-20 18:33:41 +020054{
55 return( key );
56}
57
Gilles Peskine8d4919b2018-12-03 16:48:09 +010058psa_status_t psa_crypto_storage_load( const psa_key_id_t key, uint8_t *data,
Moran Pekera26d7642018-11-20 18:33:41 +020059 size_t data_size )
60{
Moran Pekera26d7642018-11-20 18:33:41 +020061 psa_status_t status;
David Saadaa2523b22019-02-18 13:56:26 +020062 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
63 struct psa_storage_info_t data_identifier_info;
Moran Pekera26d7642018-11-20 18:33:41 +020064
David Saadaa2523b22019-02-18 13:56:26 +020065 status = psa_its_get_info( data_identifier, &data_identifier_info );
66 if( status != PSA_SUCCESS )
Moran Pekera26d7642018-11-20 18:33:41 +020067 return( status );
68
David Saadaa2523b22019-02-18 13:56:26 +020069 status = psa_its_get( data_identifier, 0, data_size, data );
Moran Pekera26d7642018-11-20 18:33:41 +020070
71 return( status );
72}
73
Gilles Peskine8d4919b2018-12-03 16:48:09 +010074int psa_is_key_present_in_storage( const psa_key_id_t key )
Moran Pekera26d7642018-11-20 18:33:41 +020075{
David Saadaa2523b22019-02-18 13:56:26 +020076 psa_status_t ret;
77 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
78 struct psa_storage_info_t data_identifier_info;
Moran Pekera26d7642018-11-20 18:33:41 +020079
80 ret = psa_its_get_info( data_identifier, &data_identifier_info );
81
David Saadaa2523b22019-02-18 13:56:26 +020082 if( ret == PSA_ERROR_DOES_NOT_EXIST )
Moran Pekera26d7642018-11-20 18:33:41 +020083 return( 0 );
84 return( 1 );
85}
86
Gilles Peskine8d4919b2018-12-03 16:48:09 +010087psa_status_t psa_crypto_storage_store( const psa_key_id_t key,
Moran Pekera26d7642018-11-20 18:33:41 +020088 const uint8_t *data,
89 size_t data_length )
90{
Moran Pekera26d7642018-11-20 18:33:41 +020091 psa_status_t status;
David Saadaa2523b22019-02-18 13:56:26 +020092 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
93 struct psa_storage_info_t data_identifier_info;
Moran Pekera26d7642018-11-20 18:33:41 +020094
95 if( psa_is_key_present_in_storage( key ) == 1 )
David Saadab4ecc272019-02-14 13:48:10 +020096 return( PSA_ERROR_ALREADY_EXISTS );
Moran Pekera26d7642018-11-20 18:33:41 +020097
David Saadaa2523b22019-02-18 13:56:26 +020098 status = psa_its_set( data_identifier, data_length, data, 0 );
Moran Pekera26d7642018-11-20 18:33:41 +020099 if( status != PSA_SUCCESS )
100 {
101 return( PSA_ERROR_STORAGE_FAILURE );
102 }
103
David Saadaa2523b22019-02-18 13:56:26 +0200104 status = psa_its_get_info( data_identifier, &data_identifier_info );
Moran Pekera26d7642018-11-20 18:33:41 +0200105 if( status != PSA_SUCCESS )
106 {
107 goto exit;
108 }
109
110 if( data_identifier_info.size != data_length )
111 {
112 status = PSA_ERROR_STORAGE_FAILURE;
113 goto exit;
114 }
115
116exit:
117 if( status != PSA_SUCCESS )
118 psa_its_remove( data_identifier );
119 return( status );
120}
121
Gilles Peskine8d4919b2018-12-03 16:48:09 +0100122psa_status_t psa_destroy_persistent_key( const psa_key_id_t key )
Moran Pekera26d7642018-11-20 18:33:41 +0200123{
David Saadaa2523b22019-02-18 13:56:26 +0200124 psa_status_t ret;
125 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
126 struct psa_storage_info_t data_identifier_info;
Moran Pekera26d7642018-11-20 18:33:41 +0200127
128 ret = psa_its_get_info( data_identifier, &data_identifier_info );
David Saadaa2523b22019-02-18 13:56:26 +0200129 if( ret == PSA_ERROR_DOES_NOT_EXIST )
Moran Pekera26d7642018-11-20 18:33:41 +0200130 return( PSA_SUCCESS );
131
David Saadaa2523b22019-02-18 13:56:26 +0200132 if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
Moran Pekera26d7642018-11-20 18:33:41 +0200133 return( PSA_ERROR_STORAGE_FAILURE );
134
135 ret = psa_its_get_info( data_identifier, &data_identifier_info );
David Saadaa2523b22019-02-18 13:56:26 +0200136 if( ret != PSA_ERROR_DOES_NOT_EXIST )
Moran Pekera26d7642018-11-20 18:33:41 +0200137 return( PSA_ERROR_STORAGE_FAILURE );
138
139 return( PSA_SUCCESS );
140}
141
Gilles Peskine8d4919b2018-12-03 16:48:09 +0100142psa_status_t psa_crypto_storage_get_data_length( const psa_key_id_t key,
Moran Pekera26d7642018-11-20 18:33:41 +0200143 size_t *data_length )
144{
Moran Pekera26d7642018-11-20 18:33:41 +0200145 psa_status_t status;
David Saadaa2523b22019-02-18 13:56:26 +0200146 psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
147 struct psa_storage_info_t data_identifier_info;
Moran Pekera26d7642018-11-20 18:33:41 +0200148
David Saadaa2523b22019-02-18 13:56:26 +0200149 status = psa_its_get_info( data_identifier, &data_identifier_info );
Moran Pekera26d7642018-11-20 18:33:41 +0200150 if( status != PSA_SUCCESS )
151 return( status );
152
153 *data_length = (size_t) data_identifier_info.size;
154
155 return( PSA_SUCCESS );
156}
157
158#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C */