Merge pull request Mbed-TLS#92 from ARMmbed/dev/dgreen-arm/import-exp…

…ort-merge

Persistent key import/export

CMakeLists.txt

@@ -168,6 +168,7 @@ else()
 endif()
 
 include_directories(include/)
+include_directories(library/)
 
 if(ENABLE_ZLIB_SUPPORT)
     find_package(ZLIB)

configs/config-psa-crypto.h

@@ -1522,6 +1522,31 @@
  */
 #define MBEDTLS_PSA_CRYPTO_C
 
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
+ *
+ * Enable the Platform Security Architecture persistent key storage.
+ *
+ * Module:  library/psa_crypto_storage.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+ *
+ */
+#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+ *
+ * Enable persistent key storage over files for the
+ * Platform Security Architecture cryptography API.
+ *
+ * Module:  library/psa_crypto_storage_file.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_FS_IO
+ *
+ */
+#define MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+
 /**
  * \def MBEDTLS_RIPEMD160_C
  *

crypto/library/Makefile

@@ -45,6 +45,8 @@ OBJS_CRYPTO := \
 	platform.o \
 	platform_util.o \
 	psa_crypto.o \
+	psa_crypto_storage.o \
+	psa_crypto_storage_file.o \
 	ripemd160.o \
 	rsa_internal.o \
 	rsa.o \

crypto/tests/Makefile

@@ -1,4 +1,4 @@
-CFLAGS ?= -O2 -I../include
+CFLAGS ?= -O2 -I../include -I../library
 WARNING_CFLAGS ?= \
 	-Werror -Wall -Wextra \
 	-Wno-unused-function \
@@ -16,11 +16,15 @@ PYTHON ?= python
 APPS := \
 	test_suite_psa_crypto \
 	test_suite_psa_crypto_metadata \
+	test_suite_psa_crypto_persistent_key \
+	test_suite_psa_crypto_storage_file \
 # Don't delete this line.
 
 # Look up for associated function files
 func.test_suite_psa_crypto := test_suite_psa_crypto
 func.test_suite_psa_crypto_metadata := test_suite_psa_crypto_metadata
+func.test_suite_psa_crypto_persistent_key := test_suite_psa_crypto_persistent_key
+func.test_suite_psa_crypto_storage_file := test_suite_psa_crypto_storage_file
 
 .SILENT:
 
@@ -56,6 +60,8 @@ clean:
 test: $(APPS)
 	./test_suite_psa_crypto_metadata
 	./test_suite_psa_crypto
+	./test_suite_psa_crypto_persistent_key
+	./test_suite_psa_crypto_storage_file
 
 # Create separate targets for generating embedded tests.
 EMBEDDED_TESTS := $(addprefix embedded_,$(APPS))

include/mbedtls/check_config.h

@@ -506,6 +506,18 @@
 #error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) &&            \
+    !( defined(MBEDTLS_PSA_CRYPTO_C) &&           \
+       defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) )
+#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) &&            \
+    !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) &&           \
+       defined(MBEDTLS_FS_IO) )
+#error "MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) ||         \
     !defined(MBEDTLS_OID_C) )
 #error "MBEDTLS_RSA_C defined, but not all prerequisites"

include/mbedtls/config.h

@@ -2616,6 +2616,31 @@
  */
 #define MBEDTLS_PSA_CRYPTO_C
 
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
+ *
+ * Enable the Platform Security Architecture persistent key storage.
+ *
+ * Module:  library/psa_crypto_storage.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+ *
+ */
+#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+ *
+ * Enable persistent key storage over files for the
+ * Platform Security Architecture cryptography API.
+ *
+ * Module:  library/psa_crypto_storage_file.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_FS_IO
+ *
+ */
+#define MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
+
 /**
  * \def MBEDTLS_RIPEMD160_C
  *

include/psa/crypto.h

@@ -1441,6 +1441,7 @@ typedef uint32_t psa_algorithm_t;
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_HARDWARE_FAILURE
  * \retval #PSA_ERROR_TAMPERING_DETECTED
  * \retval #PSA_ERROR_BAD_STATE
@@ -1922,6 +1923,16 @@ psa_status_t psa_get_key_lifetime(psa_key_slot_t key,
  * whether the lifetime of an occupied key slot can be changed, is
  * implementation-dependent.
  *
+ * When creating a persistent key, you must call this function before creating
+ * the key material with psa_import_key(), psa_generate_key() or
+ * psa_generator_import_key(). To open an existing persistent key, you must
+ * call this function with the correct lifetime value before using the slot
+ * for a cryptographic operation. Once a slot's lifetime has been set,
+ * the lifetime remains associated with the slot until a subsequent call to
+ * psa_set_key_lifetime(), until the key is wiped with psa_destroy_key or
+ * until the application terminates (or disconnects from the cryptography
+ * service, if the implementation offers such a possibility).
+ *
  * \param key           Slot whose lifetime is to be changed.
  * \param lifetime      The lifetime value to set for the given key slot.
  *

library/CMakeLists.txt

@@ -54,6 +54,8 @@ set(src_crypto
     platform_util.c
     poly1305.c
     psa_crypto.c
+    psa_crypto_storage.c
+    psa_crypto_storage_file.c
     ripemd160.c
     rsa.c
     rsa_internal.c

library/Makefile

@@ -82,6 +82,8 @@ OBJS_CRYPTO=	aes.o		aesni.o		arc4.o		\
 		pkcs5.o		pkparse.o	pkwrite.o	\
 		platform.o	platform_util.o	poly1305.o	\
 		psa_crypto.o					\
+		psa_crypto_storage.o				\
+		psa_crypto_storage_file.o			\
 		ripemd160.o	rsa_internal.o	rsa.o  		\
 		sha1.o		sha256.o	sha512.o	\
 		threading.o	timing.o	version.o	\