cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Move the key slot array to the slot management module

Browse Source 
Move the key slot array and its initialization and wiping to the slot
management module.

Also move the lowest-level key slot access function psa_get_key_slot
and the auxiliary function for slot allocation
psa_internal_allocate_key_slot to the slot management module.
This commit is contained in:
Gilles Peskine 2018-12-10 16:29:04 +01:00
parent 408319be3a
commit 66fb126e87
4 changed files with 105 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
library/psa_crypto.c
View File

@ -130,10 +130,8 @@ typedef struct
void (* entropy_free )( mbedtls_entropy_context *ctx ); void (* entropy_free )( mbedtls_entropy_context *ctx );
mbedtls_entropy_context entropy; mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_context ctr_drbg;
psa_key_slot_t key_slots[PSA_KEY_SLOT_COUNT];
unsigned initialized : 1; unsigned initialized : 1;
unsigned rng_state : 2; unsigned rng_state : 2;
unsigned key_slots_initialized : 1;
} psa_global_data_t; } psa_global_data_t;
static psa_global_data_t global_data; static psa_global_data_t global_data;
@ -715,31 +713,6 @@ exit:
} }
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
/* Access a key slot at the given handle. The handle of a key slot is
* the index of the slot in the global slot array, plus one so that handles
* start at 1 and not 0. */
static psa_status_t psa_get_key_slot( psa_key_handle_t handle,
psa_key_slot_t **p_slot )
{
psa_key_slot_t *slot = NULL;
GUARD_MODULE_INITIALIZED;
/* 0 is not a valid handle under any circumstance. This
* implementation provides slots number 1 to N where N is the
* number of available slots. */
if( handle == 0 || handle > ARRAY_LENGTH( global_data.key_slots ) )
return( PSA_ERROR_INVALID_HANDLE );
slot = &global_data.key_slots[handle - 1];
/* If the slot hasn't been allocated, the handle is invalid. */
if( ! slot->allocated )
return( PSA_ERROR_INVALID_HANDLE );
*p_slot = slot;
return( PSA_SUCCESS );
}
/* Retrieve an empty key slot (slot with no key data, but possibly /* Retrieve an empty key slot (slot with no key data, but possibly
* with some metadata such as a policy). */ * with some metadata such as a policy). */
static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle, static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle,
@ -834,7 +807,7 @@ static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
/** Completely wipe a slot in memory, including its policy. /** Completely wipe a slot in memory, including its policy.
* Persistent storage is not affected. */ * Persistent storage is not affected. */
static psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ) psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
{ {
psa_status_t status = psa_remove_key_data_from_memory( slot ); psa_status_t status = psa_remove_key_data_from_memory( slot );
/* At this point, key material and other type-specific content has /* At this point, key material and other type-specific content has
@ -844,20 +817,6 @@ static psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
return( status ); return( status );
} }
psa_status_t psa_internal_allocate_key_slot( psa_key_handle_t *handle )
{
for( *handle = PSA_KEY_SLOT_COUNT; *handle != 0; --( *handle ) )
{
psa_key_slot_t *slot = &global_data.key_slots[*handle - 1];
if( ! slot->allocated )
{
slot->allocated = 1;
return( PSA_SUCCESS );
}
}
return( PSA_ERROR_INSUFFICIENT_MEMORY );
}
psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle, psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
psa_key_id_t id ) psa_key_id_t id )
{ {
@ -4473,15 +4432,7 @@ psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
void mbedtls_psa_crypto_free( void ) void mbedtls_psa_crypto_free( void )
{ {
if( global_data.key_slots_initialized ) psa_wipe_all_key_slots( );
{
psa_key_handle_t key;
for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ )
{
psa_key_slot_t *slot = &global_data.key_slots[key - 1];
(void) psa_wipe_key_slot( slot );
}
}
if( global_data.rng_state != RNG_NOT_INITIALIZED ) if( global_data.rng_state != RNG_NOT_INITIALIZED )
{ {
mbedtls_ctr_drbg_free( &global_data.ctr_drbg ); mbedtls_ctr_drbg_free( &global_data.ctr_drbg );
@ -4495,7 +4446,7 @@ void mbedtls_psa_crypto_free( void )
psa_status_t psa_crypto_init( void ) psa_status_t psa_crypto_init( void )
{ {
int ret; psa_status_t status;
const unsigned char drbg_seed[] = "PSA"; const unsigned char drbg_seed[] = "PSA";
/* Double initialization is explicitly allowed. */ /* Double initialization is explicitly allowed. */
@ -4513,25 +4464,26 @@ psa_status_t psa_crypto_init( void )
global_data.entropy_init( &global_data.entropy ); global_data.entropy_init( &global_data.entropy );
mbedtls_ctr_drbg_init( &global_data.ctr_drbg ); mbedtls_ctr_drbg_init( &global_data.ctr_drbg );
global_data.rng_state = RNG_INITIALIZED; global_data.rng_state = RNG_INITIALIZED;
ret = mbedtls_ctr_drbg_seed( &global_data.ctr_drbg, status = mbedtls_to_psa_error(
mbedtls_ctr_drbg_seed( &global_data.ctr_drbg,
mbedtls_entropy_func, mbedtls_entropy_func,
&global_data.entropy, &global_data.entropy,
drbg_seed, sizeof( drbg_seed ) - 1 ); drbg_seed, sizeof( drbg_seed ) - 1 ) );
if( ret != 0 ) if( status != PSA_SUCCESS )
goto exit; goto exit;
global_data.rng_state = RNG_SEEDED; global_data.rng_state = RNG_SEEDED;
/* Initialize the key slots. Zero-initialization has made all key status = psa_initialize_key_slots( );
* slots empty, so there is nothing to do. */ if( status != PSA_SUCCESS )
global_data.key_slots_initialized = 1; goto exit;
/* All done. */ /* All done. */
global_data.initialized = 1; global_data.initialized = 1;
exit: exit:
if( ret != 0 ) if( status != PSA_SUCCESS )
mbedtls_psa_crypto_free( ); mbedtls_psa_crypto_free( );
return( mbedtls_to_psa_error( ret ) ); return( status );
} }
#endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PSA_CRYPTO_C */

4
library/psa_crypto_core.h
View File

@ -59,4 +59,8 @@ typedef struct
} data; } data;
} psa_key_slot_t; } psa_key_slot_t;
/** Completely wipe a slot in memory, including its policy.
* Persistent storage is not affected. */
psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
#endif /* PSA_CRYPTO_CORE_H */ #endif /* PSA_CRYPTO_CORE_H */

76
library/psa_crypto_slot_management.c
View File

@ -29,6 +29,7 @@
#include "psa/crypto.h" #include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_slot_management.h" #include "psa_crypto_slot_management.h"
#include "psa_crypto_storage.h" #include "psa_crypto_storage.h"
@ -43,6 +44,81 @@
#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) ) #define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
typedef struct
{
psa_key_slot_t key_slots[PSA_KEY_SLOT_COUNT];
unsigned key_slots_initialized : 1;
} psa_global_data_t;
psa_global_data_t global_data;
/* Access a key slot at the given handle. The handle of a key slot is
* the index of the slot in the global slot array, plus one so that handles
* start at 1 and not 0. */
psa_status_t psa_get_key_slot( psa_key_handle_t handle,
psa_key_slot_t **p_slot )
{
psa_key_slot_t *slot = NULL;
if( ! global_data.key_slots_initialized )
return( PSA_ERROR_BAD_STATE );
/* 0 is not a valid handle under any circumstance. This
* implementation provides slots number 1 to N where N is the
* number of available slots. */
if( handle == 0 || handle > ARRAY_LENGTH( global_data.key_slots ) )
return( PSA_ERROR_INVALID_HANDLE );
slot = &global_data.key_slots[handle - 1];
/* If the slot hasn't been allocated, the handle is invalid. */
if( ! slot->allocated )
return( PSA_ERROR_INVALID_HANDLE );
*p_slot = slot;
return( PSA_SUCCESS );
}
psa_status_t psa_initialize_key_slots( void )
{
/* Nothing to do: program startup and psa_wipe_all_key_slots() both
* guarantee that the key slots are initialized to all-zero, which
* means that all the key slots are in a valid, empty state. */
global_data.key_slots_initialized = 1;
return( PSA_SUCCESS );
}
void psa_wipe_all_key_slots( void )
{
psa_key_handle_t key;
for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ )
{
psa_key_slot_t *slot = &global_data.key_slots[key - 1];
(void) psa_wipe_key_slot( slot );
}
global_data.key_slots_initialized = 0;
}
/** Find a free key slot and mark it as in use.
*
* \param[out] handle On success, a slot number that is not in use.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
*/
static psa_status_t psa_internal_allocate_key_slot( psa_key_handle_t *handle )
{
for( *handle = PSA_KEY_SLOT_COUNT; *handle != 0; --( *handle ) )
{
psa_key_slot_t *slot = &global_data.key_slots[*handle - 1];
if( ! slot->allocated )
{
slot->allocated = 1;
return( PSA_SUCCESS );
}
}
return( PSA_ERROR_INSUFFICIENT_MEMORY );
}
psa_status_t psa_allocate_key( psa_key_type_t type, psa_status_t psa_allocate_key( psa_key_type_t type,
size_t max_bits, size_t max_bits,
psa_key_handle_t *handle ) psa_key_handle_t *handle )

20
library/psa_crypto_slot_management.h
View File

@ -26,19 +26,21 @@
* The value is a compile-time constant for now, for simplicity. */ * The value is a compile-time constant for now, for simplicity. */
#define PSA_KEY_SLOT_COUNT 32 #define PSA_KEY_SLOT_COUNT 32
/** Access a key slot at the given handle. */
psa_status_t psa_get_key_slot( psa_key_handle_t handle,
psa_key_slot_t **p_slot );
/** Initialize the key slot structures. */
psa_status_t psa_initialize_key_slots( void );
/** Delete all data from key slots in memory. This does not affect persistent
* storage. */
void psa_wipe_all_key_slots( void );
/** \defgroup core_slot_management Internal functions exposed by the core /** \defgroup core_slot_management Internal functions exposed by the core
* @{ * @{
*/ */
/** Find a free key slot and mark it as in use.
*
* \param[out] handle On success, a slot number that is not in use.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
*/
psa_status_t psa_internal_allocate_key_slot( psa_key_handle_t *handle );
/** Wipe an a key slot and mark it as available. /** Wipe an a key slot and mark it as available.
* *
* This does not affect persistent storage. * This does not affect persistent storage.