commit a26d764bae2c25c1d87eae326ffcd47924a6220a
author Moran Peker <moran.peker@arm.com> Tue Nov 20 18:33:41 2018 +0200
committer Moran Peker <moran.peker@arm.com> Wed Nov 21 13:28:10 2018 +0200
tree 287828051bed39d858c0d666ec6f5b08f509c374
parent a90abf13b6e2be43a22a1bca41474bb3e032852b

Add new PSA Crypto Storage backend implementation using ITS APIs

The new file is conditionally compiled with the new mbedtls
configuration option that  Mbed OS would set by default -
`MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C`.

-

library/CMakeLists.txt

diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 04e404c..fb6b956 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -56,6 +56,7 @@
     psa_crypto.c
     psa_crypto_storage.c
     psa_crypto_storage_file.c
+    psa_crypto_storage_its.c
     ripemd160.c
     rsa.c
     rsa_internal.c

library/Makefile

diff --git a/library/Makefile b/library/Makefile
index 83afa66..aa8cece 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -84,6 +84,7 @@
 		psa_crypto.o					\
 		psa_crypto_storage.o				\
 		psa_crypto_storage_file.o			\
+		psa_crypto_storage_its.o			\
 		ripemd160.o	rsa_internal.o	rsa.o  		\
 		sha1.o		sha256.o	sha512.o	\
 		threading.o	timing.o	version.o	\

library/psa_crypto_storage_its.c

diff --git a/library/psa_crypto_storage_its.c b/library/psa_crypto_storage_its.c
new file mode 100644
index 0000000..29394b5
--- /dev/null
+++ b/library/psa_crypto_storage_its.c
@@ -0,0 +1,184 @@
+/*
+ *  PSA storage backend for persistent keys using psa_its APIs.
+ */
+/*  Copyright (C) 2018, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if defined(MBEDTLS_CONFIG_FILE)
+#include MBEDTLS_CONFIG_FILE
+#else
+#include "mbedtls/config.h"
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C)
+
+#include "psa/crypto.h"
+#include "psa_crypto_storage_backend.h"
+#include "psa_prot_internal_storage.h"
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#endif
+
+static psa_status_t its_to_psa_error( psa_its_status_t ret )
+{
+    switch( ret )
+    {
+        case PSA_ITS_SUCCESS:
+            return( PSA_SUCCESS );
+
+        case PSA_ITS_ERROR_KEY_NOT_FOUND:
+            return( PSA_ERROR_EMPTY_SLOT );
+
+        case PSA_ITS_ERROR_STORAGE_FAILURE:
+            return( PSA_ERROR_STORAGE_FAILURE );
+
+        case PSA_ITS_ERROR_INSUFFICIENT_SPACE:
+            return( PSA_ERROR_INSUFFICIENT_STORAGE );
+
+        case PSA_ITS_ERROR_INVALID_KEY:
+        case PSA_PS_ERROR_OFFSET_INVALID:
+        case PSA_ITS_ERROR_INCORRECT_SIZE:
+        case PSA_ITS_ERROR_BAD_POINTER:
+            return( PSA_ERROR_INVALID_ARGUMENT );
+
+        case PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED:
+            return( PSA_ERROR_NOT_SUPPORTED );
+
+        case PSA_ITS_ERROR_WRITE_ONCE:
+            return( PSA_ERROR_OCCUPIED_SLOT );
+
+        default:
+            return( PSA_ERROR_UNKNOWN_ERROR );
+    }
+}
+
+static uint32_t psa_its_identifier_of_slot( psa_key_slot_t key )
+{
+    return( key );
+}
+
+psa_status_t psa_crypto_storage_load( const psa_key_slot_t key, uint8_t *data,
+                                      size_t data_size )
+{
+    psa_its_status_t ret;
+    psa_status_t status;
+    uint32_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_its_info_t data_identifier_info;
+
+    ret = psa_its_get_info( data_identifier, &data_identifier_info );
+    status = its_to_psa_error( ret );
+    if( status != PSA_SUCCESS )
+        return( status );
+
+    ret = psa_its_get( data_identifier, 0, data_size, data );
+    status = its_to_psa_error( ret );
+
+    return( status );
+}
+
+int psa_is_key_present_in_storage( const psa_key_slot_t key )
+{
+    psa_its_status_t ret;
+    uint32_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_its_info_t data_identifier_info;
+
+    ret = psa_its_get_info( data_identifier, &data_identifier_info );
+
+    if( ret == PSA_ITS_ERROR_KEY_NOT_FOUND )
+        return( 0 );
+    return( 1 );
+}
+
+psa_status_t psa_crypto_storage_store( const psa_key_slot_t key,
+                                       const uint8_t *data,
+                                       size_t data_length )
+{
+    psa_its_status_t ret;
+    psa_status_t status;
+    uint32_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_its_info_t data_identifier_info;
+
+    if( psa_is_key_present_in_storage( key ) == 1 )
+        return( PSA_ERROR_OCCUPIED_SLOT );
+
+    ret = psa_its_set( data_identifier, data_length, data, 0 );
+    status = its_to_psa_error( ret );
+    if( status != PSA_SUCCESS )
+    {
+        return( PSA_ERROR_STORAGE_FAILURE );
+    }
+
+    ret = psa_its_get_info( data_identifier, &data_identifier_info );
+    status = its_to_psa_error( ret );
+    if( status != PSA_SUCCESS )
+    {
+        goto exit;
+    }
+
+    if( data_identifier_info.size != data_length )
+    {
+        status = PSA_ERROR_STORAGE_FAILURE;
+        goto exit;
+    }
+
+exit:
+    if( status != PSA_SUCCESS )
+        psa_its_remove( data_identifier );
+    return( status );
+}
+
+psa_status_t psa_destroy_persistent_key( const psa_key_slot_t key )
+{
+    psa_its_status_t ret;
+    uint32_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_its_info_t data_identifier_info;
+
+    ret = psa_its_get_info( data_identifier, &data_identifier_info );
+    if( ret == PSA_ITS_ERROR_KEY_NOT_FOUND )
+        return( PSA_SUCCESS );
+
+    if( psa_its_remove( data_identifier ) != PSA_ITS_SUCCESS )
+        return( PSA_ERROR_STORAGE_FAILURE );
+
+    ret = psa_its_get_info( data_identifier, &data_identifier_info );
+    if( ret != PSA_ITS_ERROR_KEY_NOT_FOUND )
+        return( PSA_ERROR_STORAGE_FAILURE );
+
+    return( PSA_SUCCESS );
+}
+
+psa_status_t psa_crypto_storage_get_data_length( const psa_key_slot_t key,
+                                                 size_t *data_length )
+{
+    psa_its_status_t ret;
+    psa_status_t status;
+    uint32_t data_identifier = psa_its_identifier_of_slot( key );
+    struct psa_its_info_t data_identifier_info;
+
+    ret = psa_its_get_info( data_identifier, &data_identifier_info );
+    status = its_to_psa_error( ret );
+    if( status != PSA_SUCCESS )
+        return( status );
+
+    *data_length = (size_t) data_identifier_info.size;
+
+    return( PSA_SUCCESS );
+}
+
+#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C */

visualc/VS2010/mbedTLS.vcxproj

diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index 91cf2f0..5d57a75 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -291,6 +291,7 @@
     <ClCompile Include="..\..\library\psa_crypto.c" />

     <ClCompile Include="..\..\library\psa_crypto_storage.c" />

     <ClCompile Include="..\..\library\psa_crypto_storage_file.c" />

+    <ClCompile Include="..\..\library\psa_crypto_storage_its.c" />

     <ClCompile Include="..\..\library\ripemd160.c" />

     <ClCompile Include="..\..\library\rsa.c" />

     <ClCompile Include="..\..\library\rsa_internal.c" />