mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-28 18:32:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Move more slot management functions to the proper module

Browse Source 
Move psa_load_persistent_key_into_slot,
psa_internal_make_key_persistent and psa_internal_release_key_slot to
the slot management module.

Expose psa_import_key_into_slot from the core.

After this commit, there are no longer any functions declared in
psa_crypto_slot_management.h and defined in psa_crypto.c. There are
still function calls in both directions between psa_crypto.c and
psa_crypto_slot_management.c.
This commit is contained in:
Gilles Peskine 2018-12-10 16:48:53 +01:00
parent 66fb126e87
commit fa4135b135
4 changed files with 104 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
library/psa_crypto.c
View File

@ -611,9 +611,9 @@ exit:
/** Import key data into a slot. `slot->type` must have been set /** Import key data into a slot. `slot->type` must have been set
* previously. This function assumes that the slot does not contain * previously. This function assumes that the slot does not contain
* any key material yet. On failure, the slot content is unchanged. */ * any key material yet. On failure, the slot content is unchanged. */
static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
const uint8_t *data, const uint8_t *data,
size_t data_length ) size_t data_length )
{ {
psa_status_t status = PSA_SUCCESS; psa_status_t status = PSA_SUCCESS;
@ -692,27 +692,6 @@ static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *p_slot )
{
psa_status_t status = PSA_SUCCESS;
uint8_t *key_data = NULL;
size_t key_data_length = 0;
status = psa_load_persistent_key( p_slot->persistent_storage_id,
&( p_slot )->type,
&( p_slot )->policy, &key_data,
&key_data_length );
if( status != PSA_SUCCESS )
goto exit;
status = psa_import_key_into_slot( p_slot,
key_data, key_data_length );
exit:
psa_free_persistent_key_data( key_data, key_data_length );
return( status );
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
/* Retrieve an empty key slot (slot with no key data, but possibly /* Retrieve an empty key slot (slot with no key data, but possibly
* with some metadata such as a policy). */ * with some metadata such as a policy). */
static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle, static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle,
@ -817,51 +796,6 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
return( status ); return( status );
} }
psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
psa_key_id_t id )
{
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_key_slot_t *slot;
psa_status_t status;
/* Reject id=0 because by general library conventions, 0 is an invalid
* value wherever possible. */
if( id == 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
/* Reject high values because the file names are reserved for the
* library's internal use. */
if( id >= PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
slot->lifetime = PSA_KEY_LIFETIME_PERSISTENT;
slot->persistent_storage_id = id;
status = psa_load_persistent_key_into_slot( slot );
return( status );
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
(void) handle;
(void) id;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
}
psa_status_t psa_internal_release_key_slot( psa_key_handle_t handle )
{
psa_key_slot_t *slot;
psa_status_t status;
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
return( psa_wipe_key_slot( slot ) );
}
psa_status_t psa_import_key( psa_key_handle_t handle, psa_status_t psa_import_key( psa_key_handle_t handle,
psa_key_type_t type, psa_key_type_t type,
const uint8_t *data, const uint8_t *data,

7
library/psa_crypto_core.h
View File

@ -63,4 +63,11 @@ typedef struct
* Persistent storage is not affected. */ * Persistent storage is not affected. */
psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ); psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
/** Import key data into a slot. `slot->type` must have been set
* previously. This function assumes that the slot does not contain
* any key material yet. On failure, the slot content is unchanged. */
psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
const uint8_t *data,
size_t data_length );
#endif /* PSA_CRYPTO_CORE_H */ #endif /* PSA_CRYPTO_CORE_H */

94
library/psa_crypto_slot_management.c
View File

@ -119,6 +119,28 @@ static psa_status_t psa_internal_allocate_key_slot( psa_key_handle_t *handle )
return( PSA_ERROR_INSUFFICIENT_MEMORY ); return( PSA_ERROR_INSUFFICIENT_MEMORY );
} }
/** Wipe a key slot and mark it as available.
*
* This does not affect persistent storage.
*
* \param handle The key slot number to release.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
static psa_status_t psa_internal_release_key_slot( psa_key_handle_t handle )
{
psa_key_slot_t *slot;
psa_status_t status;
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
return( psa_wipe_key_slot( slot ) );
}
psa_status_t psa_allocate_key( psa_key_type_t type, psa_status_t psa_allocate_key( psa_key_type_t type,
size_t max_bits, size_t max_bits,
psa_key_handle_t *handle ) psa_key_handle_t *handle )
@ -130,6 +152,78 @@ psa_status_t psa_allocate_key( psa_key_type_t type,
return( psa_internal_allocate_key_slot( handle ) ); return( psa_internal_allocate_key_slot( handle ) );
} }
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *p_slot )
{
psa_status_t status = PSA_SUCCESS;
uint8_t *key_data = NULL;
size_t key_data_length = 0;
status = psa_load_persistent_key( p_slot->persistent_storage_id,
&( p_slot )->type,
&( p_slot )->policy, &key_data,
&key_data_length );
if( status != PSA_SUCCESS )
goto exit;
status = psa_import_key_into_slot( p_slot,
key_data, key_data_length );
exit:
psa_free_persistent_key_data( key_data, key_data_length );
return( status );
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
/** Declare a slot as persistent and load it from storage.
*
* This function may only be called immediately after a successful call
* to psa_internal_allocate_key_slot().
*
* \param handle A handle to a key slot freshly allocated with
* psa_internal_allocate_key_slot().
*
* \retval #PSA_SUCCESS
* The slot content was loaded successfully.
* \retval #PSA_ERROR_EMPTY_SLOT
* There is no content for this slot in persistent storage.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p id is not acceptable.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_STORAGE_FAILURE
*/
static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
psa_key_id_t id )
{
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_key_slot_t *slot;
psa_status_t status;
/* Reject id=0 because by general library conventions, 0 is an invalid
* value wherever possible. */
if( id == 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
/* Reject high values because the file names are reserved for the
* library's internal use. */
if( id >= PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
slot->lifetime = PSA_KEY_LIFETIME_PERSISTENT;
slot->persistent_storage_id = id;
status = psa_load_persistent_key_into_slot( slot );
return( status );
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
(void) handle;
(void) id;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
}
static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime, static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime,
psa_key_id_t id, psa_key_id_t id,
psa_key_handle_t *handle, psa_key_handle_t *handle,

39
library/psa_crypto_slot_management.h
View File

@ -37,43 +37,4 @@ psa_status_t psa_initialize_key_slots( void );
* storage. */ * storage. */
void psa_wipe_all_key_slots( void ); void psa_wipe_all_key_slots( void );
/** \defgroup core_slot_management Internal functions exposed by the core
* @{
*/
/** Wipe an a key slot and mark it as available.
*
* This does not affect persistent storage.
*
* \param handle The key slot number to release.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_internal_release_key_slot( psa_key_handle_t handle );
/** Declare a slot as persistent and load it from storage.
*
* This function may only be called immediately after a successful call
* to psa_internal_allocate_key_slot().
*
* \param handle A handle to a key slot freshly allocated with
* psa_internal_allocate_key_slot().
*
* \retval #PSA_SUCCESS
* The slot content was loaded successfully.
* \retval #PSA_ERROR_EMPTY_SLOT
* There is no content for this slot in persistent storage.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p id is not acceptable.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_STORAGE_FAILURE
*/
psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
psa_key_id_t id );
/**@}*/
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */ #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */