Merge pull request #4160 from stevew817/feature/driver_builtin_keys

Add implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS Merging as it has been ready for four days now and I prefer not having to go through other rebases especially given the coming change of scope of development (3.0 rather than 2.2x).
2025-06-26 11:36:07 +08:00 · 2021-04-23 09:40:31 +02:00 · 2021-04-23 09:40:31 +02:00 · b5939e814e
commit b5939e814e
parent 2bbb5bc6bf 31e27af0cc
25 changed files with 919 additions and 270 deletions
--- a/ChangeLog.d/psa-builtin-keys-implementation.txt
+++ b/ChangeLog.d/psa-builtin-keys-implementation.txt
@ -0,0 +1,4 @@
 Features
   * Added support for built-in driver keys through the PSA opaque crypto
     driver interface. Refer to the documentation of
     MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for more information.
--- a/docs/proposed/psa-driver-interface.md
+++ b/docs/proposed/psa-driver-interface.md
@ -810,7 +810,7 @@ psa_status_t acme_get_builtin_key(psa_drv_slot_number_t slot_number,
 If this function returns `PSA_SUCCESS` or `PSA_ERROR_BUFFER_TOO_SMALL`, it must fill `attributes` with the attributes of the key (except for the key identifier). On success, this function must also fill `key_buffer` with the key context.
-On entry, `psa_get_key_lifetime(attributes)` is the location at which the driver was declared and the persistence level `#PSA_KEY_LIFETIME_PERSISTENT`. The driver entry point may change the lifetime to one with the same location but a different persistence level. The standard attributes other than the key identifier and lifetime have the value conveyed by `PSA_KEY_ATTRIBUTES_INIT`.
+On entry, `psa_get_key_lifetime(attributes)` is the location at which the driver was declared and a persistence level with which the platform is attempting to register the key. The driver entry point may choose to change the lifetime (`psa_set_key_lifetime(attributes, lifetime)`) of the reported key attributes to one with the same location but a different persistence level, in case the driver has more specific knowledge about the actual persistence level of the key which is being retrieved. For example, if a driver knows it cannot delete a key, it may override the persistence level in the lifetime to `PSA_KEY_PERSISTENCE_READ_ONLY`. The standard attributes other than the key identifier and lifetime have the value conveyed by `PSA_KEY_ATTRIBUTES_INIT`.
 The output parameter `key_buffer` points to a writable buffer of `key_buffer_size` bytes. If the driver has a [`"builtin_key_size"` property](#key-format-for-opaque-drivers) property, `key_buffer_size` has this value, otherwise `key_buffer_size` has the value determined from the key type and size.
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -1338,6 +1338,22 @@
 */
 #define MBEDTLS_PKCS1_V21
 /** \def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
 *
 * Enable support for platform built-in keys. If you enable this feature,
 * you must implement the function mbedtls_psa_platform_get_builtin_key().
 * See the documentation of that function for more information.
 *
 * Built-in keys are typically derived from a hardware unique key or
 * stored in a secure element.
 *
 * Requires: MBEDTLS_PSA_CRYPTO_C.
 *
 * \warning This interface is experimental and may change or be removed
 * without notice.
 */
 //#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
 /** \def MBEDTLS_PSA_CRYPTO_CLIENT
 *
 * Enable support for PSA crypto client.
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@ -713,6 +713,104 @@ psa_status_t mbedtls_psa_external_get_random(
 /**@}*/
 /** \defgroup psa_builtin_keys Built-in keys
 * @{
 */
 /** The minimum value for a key identifier that is built into the
 * implementation.
 *
 * The range of key identifiers from #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN
 * to #MBEDTLS_PSA_KEY_ID_BUILTIN_MAX within the range from
 * #PSA_KEY_ID_VENDOR_MIN and #PSA_KEY_ID_VENDOR_MAX and must not intersect
 * with any other set of implementation-chosen key identifiers.
 *
 * This value is part of the library's ABI since changing it would invalidate
 * the values of built-in key identifiers in applications.
 */
 #define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN          ((psa_key_id_t)0x7fff0000)
 /** The maximum value for a key identifier that is built into the
 * implementation.
 *
 * See #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN for more information.
 */
 #define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX          ((psa_key_id_t)0x7fffefff)
 /** A slot number identifying a key in a driver.
 *
 * Values of this type are used to identify built-in keys.
 */
 typedef uint64_t psa_drv_slot_number_t;
 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
 /** Test whether a key identifier belongs to the builtin key range.
 *
 * \param key_id  Key identifier to test.
 *
 * \retval 1
 *         The key identifier is a builtin key identifier.
 * \retval 0
 *         The key identifier is not a builtin key identifier.
 */
 static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
 {
    return( ( key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ) &&
            ( key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ) );
 }
 /** Platform function to obtain the location and slot number of a built-in key.
 *
 * An application-specific implementation of this function must be provided if
 * #MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled. This would typically be provided
 * as part of a platform's system image.
 *
 * #MBEDTLS_SVC_KEY_ID_GET_KEY_ID(\p key_id) needs to be in the range from
 * #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN to #MBEDTLS_PSA_KEY_ID_BUILTIN_MAX.
 *
 * In a multi-application configuration
 * (\c MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is defined),
 * this function should check that #MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(\p key_id)
 * is allowed to use the given key.
 *
 * \param key_id                The key ID for which to retrieve the
 *                              location and slot attributes.
 * \param[out] lifetime         On success, the lifetime associated with the key
 *                              corresponding to \p key_id. Lifetime is a
 *                              combination of which driver contains the key,
 *                              and with what persistence level the key is
 *                              intended to be used. If the platform
 *                              implementation does not contain specific
 *                              information about the intended key persistence
 *                              level, the persistence level may be reported as
 *                              #PSA_KEY_PERSISTENCE_DEFAULT.
 * \param[out] slot_number      On success, the slot number known to the driver
 *                              registered at the lifetime location reported
 *                              through \p lifetime which corresponds to the
 *                              requested built-in key.
 *
 * \retval #PSA_SUCCESS
 *         The requested key identifier designates a built-in key.
 *         In a multi-application configuration, the requested owner
 *         is allowed to access it.
 * \retval #PSA_ERROR_DOES_NOT_EXIST
 *         The requested key identifier is not a built-in key which is known
 *         to this function. If a key exists in the key storage with this
 *         identifier, the data from the storage will be used.
 * \return (any other error)
 *         Any other error is propagated to the function that requested the key.
 *         Common errors include:
 *         - #PSA_ERROR_NOT_PERMITTED: the key exists but the requested owner
 *           is not allowed to access it.
 */
 psa_status_t mbedtls_psa_platform_get_builtin_key(
    mbedtls_svc_key_id_t key_id,
    psa_key_lifetime_t *lifetime,
    psa_drv_slot_number_t *slot_number );
 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
 /** @} */
 #ifdef __cplusplus
 }
 #endif
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -604,20 +604,8 @@ MBEDTLS_STATIC_TESTABLE psa_status_t psa_mac_key_can_do(
    return( PSA_ERROR_INVALID_ARGUMENT );
 }
-/** Try to allocate a buffer to an empty key slot.
+psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
- *
+                                          size_t buffer_length )
 * \param[in,out] slot          Key slot to attach buffer to.
 * \param[in] buffer_length     Requested size of the buffer.
 *
 * \retval #PSA_SUCCESS
 *         The buffer has been successfully allocated.
 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
 *         Not enough memory was available for allocation.
 * \retval #PSA_ERROR_ALREADY_EXISTS
 *         Trying to allocate a buffer to a non-empty key slot.
 */
 static psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
                                                 size_t buffer_length )
 {
    if( slot->key.data != NULL )
        return( PSA_ERROR_ALREADY_EXISTS );
@ -1075,8 +1063,7 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
    psa_get_and_lock_key_slot_with_policy( key, p_slot, usage, alg )
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-/** Wipe key data from a slot. Preserve metadata such as the policy. */
+psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
 static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
 {
    /* Data pointer will always be either a valid pointer or NULL in an
     * initialized slot, so we can just free it. */
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@ -180,6 +180,24 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number(
 */
 psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
 /** Try to allocate a buffer to an empty key slot.
 *
 * \param[in,out] slot          Key slot to attach buffer to.
 * \param[in] buffer_length     Requested size of the buffer.
 *
 * \retval #PSA_SUCCESS
 *         The buffer has been successfully allocated.
 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
 *         Not enough memory was available for allocation.
 * \retval #PSA_ERROR_ALREADY_EXISTS
 *         Trying to allocate a buffer to a non-empty key slot.
 */
 psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
                                          size_t buffer_length );
 /** Wipe key data from a slot. Preserves metadata such as the policy. */
 psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot );
 /** Copy key data (in export format) into an empty key slot.
 *
 * This function assumes that the slot does not contain
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@ -129,7 +129,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
        /* Add cases for opaque driver here */
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
            return( test_opaque_signature_sign_hash( attributes,
                                                     key_buffer,
                                                     key_buffer_size,
@ -211,7 +211,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
        /* Add cases for opaque driver here */
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
            return( test_opaque_signature_verify_hash( attributes,
                                                       key_buffer,
                                                       key_buffer_size,
@ -229,8 +229,8 @@ psa_status_t psa_driver_wrapper_verify_hash(
    }
 }
-/** Get the key buffer size for the key material of a generated key in the
+/** Get the key buffer size required to store the key material of a key
- *  case of an opaque driver without storage.
+ *  associated with an opaque driver without storage.
 *
 * \param[in] attributes  The key attributes.
 * \param[out] key_buffer_size  Minimum buffer size to contain the key material
@ -256,7 +256,17 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
    switch( location )
    {
 #if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
            /* Emulate property 'builtin_key_size' */
            if( psa_key_id_is_builtin(
                    MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
                        psa_get_key_id( attributes ) ) ) )
            {
                *key_buffer_size = sizeof( psa_drv_slot_number_t );
                return( PSA_SUCCESS );
            }
 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
 #ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
            *key_buffer_size = test_size_function( key_type, key_bits );
            return( PSA_SUCCESS );
@ -353,7 +363,7 @@ psa_status_t psa_driver_wrapper_generate_key(
        /* Add cases for opaque driver here */
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
            status = test_opaque_generate_key(
                attributes, key_buffer, key_buffer_size, key_buffer_length );
            break;
@ -485,7 +495,7 @@ psa_status_t psa_driver_wrapper_export_key(
        /* Add cases for opaque driver here */
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
            return( test_opaque_export_key( attributes,
                                            key_buffer,
                                            key_buffer_size,
@ -559,7 +569,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
        /* Add cases for opaque driver here */
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
            return( test_opaque_export_public_key( attributes,
                                                   key_buffer,
                                                   key_buffer_size,
@ -574,6 +584,30 @@ psa_status_t psa_driver_wrapper_export_public_key(
    }
 }
 psa_status_t psa_driver_wrapper_get_builtin_key(
    psa_drv_slot_number_t slot_number,
    psa_key_attributes_t *attributes,
    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
 {
    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
    switch( location )
    {
 #if defined(PSA_CRYPTO_DRIVER_TEST)
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
            return( test_opaque_get_builtin_key(
                        slot_number,
                        attributes,
                        key_buffer, key_buffer_size, key_buffer_length ) );
 #endif /* PSA_CRYPTO_DRIVER_TEST */
        default:
            (void) slot_number;
            (void) key_buffer;
            (void) key_buffer_size;
            (void) key_buffer_length;
            return( PSA_ERROR_DOES_NOT_EXIST );
    }
 }
 /*
 * Cipher functions
 */
@ -616,7 +650,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
            return( PSA_ERROR_NOT_SUPPORTED );
        /* Add cases for opaque driver here */
 #if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
            return( test_opaque_cipher_encrypt( &attributes,
                                                slot->key.data,
                                                slot->key.bytes,
@ -683,7 +717,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
            return( PSA_ERROR_NOT_SUPPORTED );
        /* Add cases for opaque driver here */
 #if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
            return( test_opaque_cipher_decrypt( &attributes,
                                                slot->key.data,
                                                slot->key.bytes,
@ -760,7 +794,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
        /* Add cases for opaque driver here */
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
            status = test_opaque_cipher_encrypt_setup(
                &operation->ctx.opaque_test_driver_ctx,
                attributes,
@ -831,7 +865,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
        /* Add cases for opaque driver here */
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 #if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
            status = test_opaque_cipher_decrypt_setup(
                         &operation->ctx.opaque_test_driver_ctx,
                         attributes,
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@ -68,6 +68,11 @@ psa_status_t psa_driver_wrapper_generate_key(
    const psa_key_attributes_t *attributes,
    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
 psa_status_t psa_driver_wrapper_get_builtin_key(
    psa_drv_slot_number_t slot_number,
    psa_key_attributes_t *attributes,
    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
 /*
 * Cipher functions
 */
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@ -26,6 +26,7 @@
 #include "psa/crypto.h"
 #include "psa_crypto_core.h"
 #include "psa_crypto_driver_wrappers.h"
 #include "psa_crypto_slot_management.h"
 #include "psa_crypto_storage.h"
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@ -274,6 +275,77 @@ exit:
 }
 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
 static psa_status_t psa_load_builtin_key_into_slot( psa_key_slot_t *slot )
 {
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
    psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE;
    psa_drv_slot_number_t slot_number = 0;
    size_t key_buffer_size = 0;
    size_t key_buffer_length = 0;
    if( ! psa_key_id_is_builtin(
            MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ) ) )
    {
        return( PSA_ERROR_DOES_NOT_EXIST );
    }
    /* Check the platform function to see whether this key actually exists */
    status = mbedtls_psa_platform_get_builtin_key(
                slot->attr.id, &lifetime, &slot_number );
    if( status != PSA_SUCCESS )
        return( status );
    /* Set required key attributes to ensure get_builtin_key can retrieve the
     * full attributes. */
    psa_set_key_id( &attributes, slot->attr.id );
    psa_set_key_lifetime( &attributes, lifetime );
    /* Get the full key attributes from the driver in order to be able to
     * calculate the required buffer size. */
    status = psa_driver_wrapper_get_builtin_key(
                slot_number, &attributes,
                NULL, 0, NULL );
    if( status != PSA_ERROR_BUFFER_TOO_SMALL )
    {
        /* Builtin keys cannot be defined by the attributes alone */
        if( status == PSA_SUCCESS )
            status = PSA_ERROR_CORRUPTION_DETECTED;
        return( status );
    }
    /* If the key should exist according to the platform, then ask the driver
     * what its expected size is. */
    status = psa_driver_wrapper_get_key_buffer_size( &attributes,
                                                     &key_buffer_size );
    if( status != PSA_SUCCESS )
        return( status );
    /* Allocate a buffer of the required size and load the builtin key directly
     * into the (now properly sized) slot buffer. */
    status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
    if( status != PSA_SUCCESS )
        return( status );
    status = psa_driver_wrapper_get_builtin_key(
                slot_number, &attributes,
                slot->key.data, slot->key.bytes, &key_buffer_length );
    if( status != PSA_SUCCESS )
        goto exit;
    /* Copy actual key length and core attributes into the slot on success */
    slot->key.bytes = key_buffer_length;
    slot->attr = attributes.core;
 exit:
    if( status != PSA_SUCCESS )
        psa_remove_key_data_from_memory( slot );
    return( status );
 }
 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
 psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key,
                                        psa_key_slot_t **p_slot )
 {
@ -291,17 +363,29 @@ psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key,
    if( status != PSA_ERROR_DOES_NOT_EXIST )
        return( status );
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+    /* Loading keys from storage requires support for such a mechanism */
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \
    defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
    psa_key_id_t volatile_key_id;
    status = psa_get_empty_key_slot( &volatile_key_id, p_slot );
    if( status != PSA_SUCCESS )
        return( status );
    (*p_slot)->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
    (*p_slot)->attr.id = key;
    (*p_slot)->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
    status = PSA_ERROR_DOES_NOT_EXIST;
 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
    /* Load keys in the 'builtin' range through their own interface */
    status = psa_load_builtin_key_into_slot( *p_slot );
 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
    if( status == PSA_ERROR_DOES_NOT_EXIST )
        status = psa_load_persistent_key_into_slot( *p_slot );
 #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
    status = psa_load_persistent_key_into_slot( *p_slot );
    if( status != PSA_SUCCESS )
    {
        psa_wipe_key_slot( *p_slot );