diff options
Diffstat (limited to 'lib/mbedtls-2.27.0/library/psa_crypto_storage.h')
| -rw-r--r-- | lib/mbedtls-2.27.0/library/psa_crypto_storage.h | 399 |
1 files changed, 0 insertions, 399 deletions
diff --git a/lib/mbedtls-2.27.0/library/psa_crypto_storage.h b/lib/mbedtls-2.27.0/library/psa_crypto_storage.h deleted file mode 100644 index 970e108..0000000 --- a/lib/mbedtls-2.27.0/library/psa_crypto_storage.h +++ /dev/null @@ -1,399 +0,0 @@ -/** - * \file psa_crypto_storage.h - * - * \brief PSA cryptography module: Mbed TLS key storage - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef PSA_CRYPTO_STORAGE_H -#define PSA_CRYPTO_STORAGE_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include "psa/crypto.h" -#include "psa/crypto_se_driver.h" - -#include <stdint.h> -#include <string.h> - -/* Limit the maximum key size in storage. This should have no effect - * since the key size is limited in memory. */ -#define PSA_CRYPTO_MAX_STORAGE_SIZE ( PSA_BITS_TO_BYTES( PSA_MAX_KEY_BITS ) ) -/* Sanity check: a file size must fit in 32 bits. Allow a generous - * 64kB of metadata. */ -#if PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000 -#error PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000 -#endif - -/** The maximum permitted persistent slot number. - * - * In Mbed Crypto 0.1.0b: - * - Using the file backend, all key ids are ok except 0. - * - Using the ITS backend, all key ids are ok except 0xFFFFFF52 - * (#PSA_CRYPTO_ITS_RANDOM_SEED_UID) for which the file contains the - * device's random seed (if this feature is enabled). - * - Only key ids from 1 to #MBEDTLS_PSA_KEY_SLOT_COUNT are actually used. - * - * Since we need to preserve the random seed, avoid using that key slot. - * Reserve a whole range of key slots just in case something else comes up. - * - * This limitation will probably become moot when we implement client - * separation for key storage. - */ -#define PSA_MAX_PERSISTENT_KEY_IDENTIFIER PSA_KEY_ID_VENDOR_MAX - -/** - * \brief Checks if persistent data is stored for the given key slot number - * - * This function checks if any key data or metadata exists for the key slot in - * the persistent storage. - * - * \param key Persistent identifier to check. - * - * \retval 0 - * No persistent data present for slot number - * \retval 1 - * Persistent data present for slot number - */ -int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key ); - -/** - * \brief Format key data and metadata and save to a location for given key - * slot. - * - * This function formats the key data and metadata and saves it to a - * persistent storage backend. The storage location corresponding to the - * key slot must be empty, otherwise this function will fail. This function - * should be called after loading the key into an internal slot to ensure the - * persistent key is not saved into a storage location corresponding to an - * already occupied non-persistent key, as well as ensuring the key data is - * validated. - * - * Note: This function will only succeed for key buffers which are not - * empty. If passed a NULL pointer or zero-length, the function will fail - * with #PSA_ERROR_INVALID_ARGUMENT. - * - * \param[in] attr The attributes of the key to save. - * The key identifier field in the attributes - * determines the key's location. - * \param[in] data Buffer containing the key data. - * \param data_length The number of bytes that make up the key data. - * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_ALREADY_EXISTS - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_DATA_CORRUPT - */ -psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr, - const uint8_t *data, - const size_t data_length ); - -/** - * \brief Parses key data and metadata and load persistent key for given - * key slot number. - * - * This function reads from a storage backend, parses the key data and - * metadata and writes them to the appropriate output parameters. - * - * Note: This function allocates a buffer and returns a pointer to it through - * the data parameter. On successful return, the pointer is guaranteed to be - * valid and the buffer contains at least one byte of data. - * psa_free_persistent_key_data() must be called on the data buffer - * afterwards to zeroize and free this buffer. - * - * \param[in,out] attr On input, the key identifier field identifies - * the key to load. Other fields are ignored. - * On success, the attribute structure contains - * the key metadata that was loaded from storage. - * \param[out] data Pointer to an allocated key data buffer on return. - * \param[out] data_length The number of bytes that make up the key data. - * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DOES_NOT_EXIST - */ -psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, - uint8_t **data, - size_t *data_length ); - -/** - * \brief Remove persistent data for the given key slot number. - * - * \param key Persistent identifier of the key to remove - * from persistent storage. - * - * \retval #PSA_SUCCESS - * The key was successfully removed, - * or the key did not exist. - * \retval #PSA_ERROR_DATA_INVALID - */ -psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key ); - -/** - * \brief Free the temporary buffer allocated by psa_load_persistent_key(). - * - * This function must be called at some point after psa_load_persistent_key() - * to zeroize and free the memory allocated to the buffer in that function. - * - * \param key_data Buffer for the key data. - * \param key_data_length Size of the key data buffer. - * - */ -void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length ); - -/** - * \brief Formats key data and metadata for persistent storage - * - * \param[in] data Buffer containing the key data. - * \param data_length Length of the key data buffer. - * \param[in] attr The core attributes of the key. - * \param[out] storage_data Output buffer for the formatted data. - * - */ -void psa_format_key_data_for_storage( const uint8_t *data, - const size_t data_length, - const psa_core_key_attributes_t *attr, - uint8_t *storage_data ); - -/** - * \brief Parses persistent storage data into key data and metadata - * - * \param[in] storage_data Buffer for the storage data. - * \param storage_data_length Length of the storage data buffer - * \param[out] key_data On output, pointer to a newly allocated buffer - * containing the key data. This must be freed - * using psa_free_persistent_key_data() - * \param[out] key_data_length Length of the key data buffer - * \param[out] attr On success, the attribute structure is filled - * with the loaded key metadata. - * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_DATA_INVALID - */ -psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, - size_t storage_data_length, - uint8_t **key_data, - size_t *key_data_length, - psa_core_key_attributes_t *attr ); - -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) -/** This symbol is defined if transaction support is required. */ -#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS -#endif - -#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS) - -/** The type of transaction that is in progress. - */ -/* This is an integer type rather than an enum for two reasons: to support - * unknown values when loading a transaction file, and to ensure that the - * type has a known size. - */ -typedef uint16_t psa_crypto_transaction_type_t; - -/** No transaction is in progress. - * - * This has the value 0, so zero-initialization sets a transaction's type to - * this value. - */ -#define PSA_CRYPTO_TRANSACTION_NONE ( (psa_crypto_transaction_type_t) 0x0000 ) - -/** A key creation transaction. - * - * This is only used for keys in an external cryptoprocessor (secure element). - * Keys in RAM or in internal storage are created atomically in storage - * (simple file creation), so they do not need a transaction mechanism. - */ -#define PSA_CRYPTO_TRANSACTION_CREATE_KEY ( (psa_crypto_transaction_type_t) 0x0001 ) - -/** A key destruction transaction. - * - * This is only used for keys in an external cryptoprocessor (secure element). - * Keys in RAM or in internal storage are destroyed atomically in storage - * (simple file deletion), so they do not need a transaction mechanism. - */ -#define PSA_CRYPTO_TRANSACTION_DESTROY_KEY ( (psa_crypto_transaction_type_t) 0x0002 ) - -/** Transaction data. - * - * This type is designed to be serialized by writing the memory representation - * and reading it back on the same device. - * - * \note The transaction mechanism is designed for a single active transaction - * at a time. The transaction object is #psa_crypto_transaction. - * - * \note If an API call starts a transaction, it must complete this transaction - * before returning to the application. - * - * The lifetime of a transaction is the following (note that only one - * transaction may be active at a time): - * - * -# Call psa_crypto_prepare_transaction() to initialize the transaction - * object in memory and declare the type of transaction that is starting. - * -# Fill in the type-specific fields of #psa_crypto_transaction. - * -# Call psa_crypto_save_transaction() to start the transaction. This - * saves the transaction data to internal storage. - * -# Perform the work of the transaction by modifying files, contacting - * external entities, or whatever needs doing. Note that the transaction - * may be interrupted by a power failure, so you need to have a way - * recover from interruptions either by undoing what has been done - * so far or by resuming where you left off. - * -# If there are intermediate stages in the transaction, update - * the fields of #psa_crypto_transaction and call - * psa_crypto_save_transaction() again when each stage is reached. - * -# When the transaction is over, call psa_crypto_stop_transaction() to - * remove the transaction data in storage and in memory. - * - * If the system crashes while a transaction is in progress, psa_crypto_init() - * calls psa_crypto_load_transaction() and takes care of completing or - * rewinding the transaction. This is done in psa_crypto_recover_transaction() - * in psa_crypto.c. If you add a new type of transaction, be - * sure to add code for it in psa_crypto_recover_transaction(). - */ -typedef union -{ - /* Each element of this union must have the following properties - * to facilitate serialization and deserialization: - * - * - The element is a struct. - * - The first field of the struct is `psa_crypto_transaction_type_t type`. - * - Elements of the struct are arranged such a way that there is - * no padding. - */ - struct psa_crypto_transaction_unknown_s - { - psa_crypto_transaction_type_t type; - uint16_t unused1; - uint32_t unused2; - uint64_t unused3; - uint64_t unused4; - } unknown; - /* ::type is #PSA_CRYPTO_TRANSACTION_CREATE_KEY or - * #PSA_CRYPTO_TRANSACTION_DESTROY_KEY. */ - struct psa_crypto_transaction_key_s - { - psa_crypto_transaction_type_t type; - uint16_t unused1; - psa_key_lifetime_t lifetime; - psa_key_slot_number_t slot; - mbedtls_svc_key_id_t id; - } key; -} psa_crypto_transaction_t; - -/** The single active transaction. - */ -extern psa_crypto_transaction_t psa_crypto_transaction; - -/** Prepare for a transaction. - * - * There must not be an ongoing transaction. - * - * \param type The type of transaction to start. - */ -static inline void psa_crypto_prepare_transaction( - psa_crypto_transaction_type_t type ) -{ - psa_crypto_transaction.unknown.type = type; -} - -/** Save the transaction data to storage. - * - * You may call this function multiple times during a transaction to - * atomically update the transaction state. - * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_STORAGE_FAILURE - */ -psa_status_t psa_crypto_save_transaction( void ); - -/** Load the transaction data from storage, if any. - * - * This function is meant to be called from psa_crypto_init() to recover - * in case a transaction was interrupted by a system crash. - * - * \retval #PSA_SUCCESS - * The data about the ongoing transaction has been loaded to - * #psa_crypto_transaction. - * \retval #PSA_ERROR_DOES_NOT_EXIST - * There is no ongoing transaction. - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_DATA_CORRUPT - */ -psa_status_t psa_crypto_load_transaction( void ); - -/** Indicate that the current transaction is finished. - * - * Call this function at the very end of transaction processing. - * This function does not "commit" or "abort" the transaction: the storage - * subsystem has no concept of "commit" and "abort", just saving and - * removing the transaction information in storage. - * - * This function erases the transaction data in storage (if any) and - * resets the transaction data in memory. - * - * \retval #PSA_SUCCESS - * There was transaction data in storage. - * \retval #PSA_ERROR_DOES_NOT_EXIST - * There was no transaction data in storage. - * \retval #PSA_ERROR_STORAGE_FAILURE - * It was impossible to determine whether there was transaction data - * in storage, or the transaction data could not be erased. - */ -psa_status_t psa_crypto_stop_transaction( void ); - -/** The ITS file identifier for the transaction data. - * - * 0xffffffNN = special file; 0x74 = 't' for transaction. - */ -#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_key_id_t) 0xffffff74 ) - -#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */ - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) -/** Backend side of mbedtls_psa_inject_entropy(). - * - * This function stores the supplied data into the entropy seed file. - * - * \retval #PSA_SUCCESS - * Success - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_NOT_PERMITTED - * The entropy seed file already exists. - */ -psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed, - size_t seed_size ); -#endif /* MBEDTLS_PSA_INJECT_ENTROPY */ - -#ifdef __cplusplus -} -#endif - -#endif /* PSA_CRYPTO_STORAGE_H */ |