commit 96ebf9efcfa64392f33ed862ad8ed6ec4b424360
author Moran Peker <moran.peker@arm.com> Thu Jun 28 18:02:17 2018 +0300
committer Darryl Green <darryl.green@arm.com> Tue Nov 20 15:21:22 2018 +0000
tree 70ca936b63d824a84ef2b7f45970b77906617e9f
parent db2b8db7150183e15169636027f87c4145e5645c

psa: Add magic header to storage backend

Add a magic header to the storage format used with files. The
header is used as an initial check that the data is what we expect,
rather than garbage data.

library/psa_crypto_storage.c

diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 5285826..0a5805b 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -65,7 +65,14 @@
 }
 #endif
 
+/**
+ * Persistent key storage magic header.
+ */
+#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
+#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )
+
 typedef struct {
+    uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
     uint8_t version[4];
     uint8_t type[sizeof( psa_key_type_t )];
     uint8_t policy[sizeof( psa_key_policy_t )];
@@ -82,6 +89,7 @@
     psa_persistent_key_storage_format *storage_format =
         (psa_persistent_key_storage_format *) storage_data;
 
+    memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
     PUT_UINT32_LE(0, storage_format->version, 0);
     PUT_UINT32_LE(type, storage_format->type, 0);
     PUT_UINT32_LE(policy->usage, storage_format->policy, 0);
@@ -90,6 +98,14 @@
     memcpy( storage_format->key_data, data, data_length );
 }
 
+static psa_status_t check_magic_header( const uint8_t *data )
+{
+    if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER,
+                PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 )
+        return( PSA_ERROR_STORAGE_FAILURE );
+    return( PSA_SUCCESS );
+}
+
 psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
                                               size_t storage_data_length,
                                               uint8_t **key_data,
@@ -97,10 +113,18 @@
                                               psa_key_type_t *type,
                                               psa_key_policy_t *policy )
 {
+    psa_status_t status;
     const psa_persistent_key_storage_format *storage_format =
         (const psa_persistent_key_storage_format *)storage_data;
     uint32_t version;
 
+    if( storage_data_length < sizeof(*storage_format) )
+        return( PSA_ERROR_STORAGE_FAILURE );
+
+    status = check_magic_header( storage_data );
+    if( status != PSA_SUCCESS )
+        return( status );
+
     GET_UINT32_LE(version, storage_format->version, 0);
     if( version != 0 )
         return( PSA_ERROR_STORAGE_FAILURE );