1 /* 2 * PSA crypto support for secure element drivers 3 */ 4 /* 5 * Copyright The Mbed TLS Contributors 6 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7 */ 8 9 #include "common.h" 10 11 #if defined(MBEDTLS_PSA_CRYPTO_SE_C) 12 13 #include <stdint.h> 14 #include <string.h> 15 16 #include "psa/crypto_se_driver.h" 17 18 #include "psa_crypto_se.h" 19 20 #if defined(MBEDTLS_PSA_ITS_FILE_C) 21 #include "psa_crypto_its.h" 22 #else /* Native ITS implementation */ 23 #include "psa/error.h" 24 #include "psa/internal_trusted_storage.h" 25 #endif 26 27 #include "mbedtls/platform.h" 28 29 30 31 /****************************************************************/ 32 /* Driver lookup */ 33 /****************************************************************/ 34 35 /* This structure is identical to psa_drv_se_context_t declared in 36 * `crypto_se_driver.h`, except that some parts are writable here 37 * (non-const, or pointer to non-const). */ 38 typedef struct { 39 void *persistent_data; 40 size_t persistent_data_size; 41 uintptr_t transient_data; 42 } psa_drv_se_internal_context_t; 43 44 struct psa_se_drv_table_entry_s { 45 psa_key_location_t location; 46 const psa_drv_se_t *methods; 47 union { 48 psa_drv_se_internal_context_t internal; 49 psa_drv_se_context_t context; 50 } u; 51 }; 52 53 static psa_se_drv_table_entry_t driver_table[PSA_MAX_SE_DRIVERS]; 54 55 psa_se_drv_table_entry_t *psa_get_se_driver_entry( 56 psa_key_lifetime_t lifetime) 57 { 58 size_t i; 59 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime); 60 /* In the driver table, location=0 means an entry that isn't used. 61 * No driver has a location of 0 because it's a reserved value 62 * (which designates transparent keys). Make sure we never return 63 * a driver entry for location 0. */ 64 if (location == 0) { 65 return NULL; 66 } 67 for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) { 68 if (driver_table[i].location == location) { 69 return &driver_table[i]; 70 } 71 } 72 return NULL; 73 } 74 75 const psa_drv_se_t *psa_get_se_driver_methods( 76 const psa_se_drv_table_entry_t *driver) 77 { 78 return driver->methods; 79 } 80 81 psa_drv_se_context_t *psa_get_se_driver_context( 82 psa_se_drv_table_entry_t *driver) 83 { 84 return &driver->u.context; 85 } 86 87 int psa_get_se_driver(psa_key_lifetime_t lifetime, 88 const psa_drv_se_t **p_methods, 89 psa_drv_se_context_t **p_drv_context) 90 { 91 psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry(lifetime); 92 if (p_methods != NULL) { 93 *p_methods = (driver ? driver->methods : NULL); 94 } 95 if (p_drv_context != NULL) { 96 *p_drv_context = (driver ? &driver->u.context : NULL); 97 } 98 return driver != NULL; 99 } 100 101 102 103 /****************************************************************/ 104 /* Persistent data management */ 105 /****************************************************************/ 106 107 static psa_status_t psa_get_se_driver_its_file_uid( 108 const psa_se_drv_table_entry_t *driver, 109 psa_storage_uid_t *uid) 110 { 111 if (driver->location > PSA_MAX_SE_LOCATION) { 112 return PSA_ERROR_NOT_SUPPORTED; 113 } 114 115 /* ITS file sizes are limited to 32 bits. */ 116 if (driver->u.internal.persistent_data_size > UINT32_MAX) { 117 return PSA_ERROR_NOT_SUPPORTED; 118 } 119 120 /* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */ 121 *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->location; 122 return PSA_SUCCESS; 123 } 124 125 psa_status_t psa_load_se_persistent_data( 126 const psa_se_drv_table_entry_t *driver) 127 { 128 psa_status_t status; 129 psa_storage_uid_t uid; 130 size_t length; 131 132 status = psa_get_se_driver_its_file_uid(driver, &uid); 133 if (status != PSA_SUCCESS) { 134 return status; 135 } 136 137 /* Read the amount of persistent data that the driver requests. 138 * If the data in storage is larger, it is truncated. If the data 139 * in storage is smaller, silently keep what is already at the end 140 * of the output buffer. */ 141 /* psa_get_se_driver_its_file_uid ensures that the size_t 142 * persistent_data_size is in range, but compilers don't know that, 143 * so cast to reassure them. */ 144 return psa_its_get(uid, 0, 145 (uint32_t) driver->u.internal.persistent_data_size, 146 driver->u.internal.persistent_data, 147 &length); 148 } 149 150 psa_status_t psa_save_se_persistent_data( 151 const psa_se_drv_table_entry_t *driver) 152 { 153 psa_status_t status; 154 psa_storage_uid_t uid; 155 156 status = psa_get_se_driver_its_file_uid(driver, &uid); 157 if (status != PSA_SUCCESS) { 158 return status; 159 } 160 161 /* psa_get_se_driver_its_file_uid ensures that the size_t 162 * persistent_data_size is in range, but compilers don't know that, 163 * so cast to reassure them. */ 164 return psa_its_set(uid, 165 (uint32_t) driver->u.internal.persistent_data_size, 166 driver->u.internal.persistent_data, 167 0); 168 } 169 170 psa_status_t psa_destroy_se_persistent_data(psa_key_location_t location) 171 { 172 psa_storage_uid_t uid; 173 if (location > PSA_MAX_SE_LOCATION) { 174 return PSA_ERROR_NOT_SUPPORTED; 175 } 176 uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + location; 177 return psa_its_remove(uid); 178 } 179 180 psa_status_t psa_find_se_slot_for_key( 181 const psa_key_attributes_t *attributes, 182 psa_key_creation_method_t method, 183 psa_se_drv_table_entry_t *driver, 184 psa_key_slot_number_t *slot_number) 185 { 186 psa_status_t status; 187 psa_key_location_t key_location = 188 PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes)); 189 190 /* If the location is wrong, it's a bug in the library. */ 191 if (driver->location != key_location) { 192 return PSA_ERROR_CORRUPTION_DETECTED; 193 } 194 195 /* If the driver doesn't support key creation in any way, give up now. */ 196 if (driver->methods->key_management == NULL) { 197 return PSA_ERROR_NOT_SUPPORTED; 198 } 199 200 if (psa_get_key_slot_number(attributes, slot_number) == PSA_SUCCESS) { 201 /* The application wants to use a specific slot. Allow it if 202 * the driver supports it. On a system with isolation, 203 * the crypto service must check that the application is 204 * permitted to request this slot. */ 205 psa_drv_se_validate_slot_number_t p_validate_slot_number = 206 driver->methods->key_management->p_validate_slot_number; 207 if (p_validate_slot_number == NULL) { 208 return PSA_ERROR_NOT_SUPPORTED; 209 } 210 status = p_validate_slot_number(&driver->u.context, 211 driver->u.internal.persistent_data, 212 attributes, method, 213 *slot_number); 214 } else if (method == PSA_KEY_CREATION_REGISTER) { 215 /* The application didn't specify a slot number. This doesn't 216 * make sense when registering a slot. */ 217 return PSA_ERROR_INVALID_ARGUMENT; 218 } else { 219 /* The application didn't tell us which slot to use. Let the driver 220 * choose. This is the normal case. */ 221 psa_drv_se_allocate_key_t p_allocate = 222 driver->methods->key_management->p_allocate; 223 if (p_allocate == NULL) { 224 return PSA_ERROR_NOT_SUPPORTED; 225 } 226 status = p_allocate(&driver->u.context, 227 driver->u.internal.persistent_data, 228 attributes, method, 229 slot_number); 230 } 231 return status; 232 } 233 234 psa_status_t psa_destroy_se_key(psa_se_drv_table_entry_t *driver, 235 psa_key_slot_number_t slot_number) 236 { 237 psa_status_t status; 238 psa_status_t storage_status; 239 /* Normally a missing method would mean that the action is not 240 * supported. But psa_destroy_key() is not supposed to return 241 * PSA_ERROR_NOT_SUPPORTED: if you can create a key, you should 242 * be able to destroy it. The only use case for a driver that 243 * does not have a way to destroy keys at all is if the keys are 244 * locked in a read-only state: we can use the keys but not 245 * destroy them. Hence, if the driver doesn't support destroying 246 * keys, it's really a lack of permission. */ 247 if (driver->methods->key_management == NULL || 248 driver->methods->key_management->p_destroy == NULL) { 249 return PSA_ERROR_NOT_PERMITTED; 250 } 251 status = driver->methods->key_management->p_destroy( 252 &driver->u.context, 253 driver->u.internal.persistent_data, 254 slot_number); 255 storage_status = psa_save_se_persistent_data(driver); 256 return status == PSA_SUCCESS ? storage_status : status; 257 } 258 259 psa_status_t psa_init_all_se_drivers(void) 260 { 261 size_t i; 262 for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) { 263 psa_se_drv_table_entry_t *driver = &driver_table[i]; 264 if (driver->location == 0) { 265 continue; /* skipping unused entry */ 266 } 267 const psa_drv_se_t *methods = psa_get_se_driver_methods(driver); 268 if (methods->p_init != NULL) { 269 psa_status_t status = methods->p_init( 270 &driver->u.context, 271 driver->u.internal.persistent_data, 272 driver->location); 273 if (status != PSA_SUCCESS) { 274 return status; 275 } 276 status = psa_save_se_persistent_data(driver); 277 if (status != PSA_SUCCESS) { 278 return status; 279 } 280 } 281 } 282 return PSA_SUCCESS; 283 } 284 285 286 287 /****************************************************************/ 288 /* Driver registration */ 289 /****************************************************************/ 290 291 psa_status_t psa_register_se_driver( 292 psa_key_location_t location, 293 const psa_drv_se_t *methods) 294 { 295 size_t i; 296 psa_status_t status; 297 298 if (methods->hal_version != PSA_DRV_SE_HAL_VERSION) { 299 return PSA_ERROR_NOT_SUPPORTED; 300 } 301 /* Driver table entries are 0-initialized. 0 is not a valid driver 302 * location because it means a transparent key. */ 303 MBEDTLS_STATIC_ASSERT(PSA_KEY_LOCATION_LOCAL_STORAGE == 0, 304 "Secure element support requires 0 to mean a local key"); 305 306 if (location == PSA_KEY_LOCATION_LOCAL_STORAGE) { 307 return PSA_ERROR_INVALID_ARGUMENT; 308 } 309 if (location > PSA_MAX_SE_LOCATION) { 310 return PSA_ERROR_NOT_SUPPORTED; 311 } 312 313 for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) { 314 if (driver_table[i].location == 0) { 315 break; 316 } 317 /* Check that location isn't already in use up to the first free 318 * entry. Since entries are created in order and never deleted, 319 * there can't be a used entry after the first free entry. */ 320 if (driver_table[i].location == location) { 321 return PSA_ERROR_ALREADY_EXISTS; 322 } 323 } 324 if (i == PSA_MAX_SE_DRIVERS) { 325 return PSA_ERROR_INSUFFICIENT_MEMORY; 326 } 327 328 driver_table[i].location = location; 329 driver_table[i].methods = methods; 330 driver_table[i].u.internal.persistent_data_size = 331 methods->persistent_data_size; 332 333 if (methods->persistent_data_size != 0) { 334 driver_table[i].u.internal.persistent_data = 335 mbedtls_calloc(1, methods->persistent_data_size); 336 if (driver_table[i].u.internal.persistent_data == NULL) { 337 status = PSA_ERROR_INSUFFICIENT_MEMORY; 338 goto error; 339 } 340 /* Load the driver's persistent data. On first use, the persistent 341 * data does not exist in storage, and is initialized to 342 * all-bits-zero by the calloc call just above. */ 343 status = psa_load_se_persistent_data(&driver_table[i]); 344 if (status != PSA_SUCCESS && status != PSA_ERROR_DOES_NOT_EXIST) { 345 goto error; 346 } 347 } 348 349 return PSA_SUCCESS; 350 351 error: 352 memset(&driver_table[i], 0, sizeof(driver_table[i])); 353 return status; 354 } 355 356 void psa_unregister_all_se_drivers(void) 357 { 358 size_t i; 359 for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) { 360 if (driver_table[i].u.internal.persistent_data != NULL) { 361 mbedtls_free(driver_table[i].u.internal.persistent_data); 362 } 363 } 364 memset(driver_table, 0, sizeof(driver_table)); 365 } 366 367 368 369 /****************************************************************/ 370 /* The end */ 371 /****************************************************************/ 372 373 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 374