From 96ebf9efcfa64392f33ed862ad8ed6ec4b424360 Mon Sep 17 00:00:00 2001
From: Moran Peker <moran.peker@arm.com>
Date: Thu, 28 Jun 2018 18:02:17 +0300
Subject: [PATCH] psa: Add magic header to storage backend

Add a magic header to the storage format used with files. The
header is used as an initial check that the data is what we expect,
rather than garbage data.
---
 library/psa_crypto_storage.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 5285826ce6..0a5805b62b 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -65,7 +65,14 @@
 }
 #endif
 
+/**
+ * Persistent key storage magic header.
+ */
+#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
+#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )
+
 typedef struct {
+    uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
     uint8_t version[4];
     uint8_t type[sizeof( psa_key_type_t )];
     uint8_t policy[sizeof( psa_key_policy_t )];
@@ -82,6 +89,7 @@ void psa_format_key_data_for_storage( const uint8_t *data,
     psa_persistent_key_storage_format *storage_format =
         (psa_persistent_key_storage_format *) storage_data;
 
+    memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
     PUT_UINT32_LE(0, storage_format->version, 0);
     PUT_UINT32_LE(type, storage_format->type, 0);
     PUT_UINT32_LE(policy->usage, storage_format->policy, 0);
@@ -90,6 +98,14 @@ void psa_format_key_data_for_storage( const uint8_t *data,
     memcpy( storage_format->key_data, data, data_length );
 }
 
+static psa_status_t check_magic_header( const uint8_t *data )
+{
+    if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER,
+                PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 )
+        return( PSA_ERROR_STORAGE_FAILURE );
+    return( PSA_SUCCESS );
+}
+
 psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
                                               size_t storage_data_length,
                                               uint8_t **key_data,
@@ -97,10 +113,18 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
                                               psa_key_type_t *type,
                                               psa_key_policy_t *policy )
 {
+    psa_status_t status;
     const psa_persistent_key_storage_format *storage_format =
         (const psa_persistent_key_storage_format *)storage_data;
     uint32_t version;
 
+    if( storage_data_length < sizeof(*storage_format) )
+        return( PSA_ERROR_STORAGE_FAILURE );
+
+    status = check_magic_header( storage_data );
+    if( status != PSA_SUCCESS )
+        return( status );
+
     GET_UINT32_LE(version, storage_format->version, 0);
     if( version != 0 )
         return( PSA_ERROR_STORAGE_FAILURE );