Merge pull request #187 from Patater/tls-development-20190722
Bring in changes from Mbed TLS as of 2019-07-22
diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md
index f4abd3e..a9984a3 100644
--- a/docs/architecture/mbed-crypto-storage-specification.md
+++ b/docs/architecture/mbed-crypto-storage-specification.md
@@ -161,21 +161,21 @@
It would simplify things to always have a 32-bit owner, with a nonzero value, and thus reserve the range 0–0xffffffff for internal library use.
-Mbed Crypto 1.0.1
+Mbed Crypto 1.1.0
-----------------
-Tags: TBD
+Tags: mbedcrypto-1.1.0
-Released in May 2019. <br>
+Released in early June 2019. <br>
Integrated in Mbed OS 5.13.
Identical to [1.0.0](#mbed-crypto-1.0.0) except for some changes in the key file format.
-### Key file format for 1.0.1
+### Key file format for 1.1.0
The key file format is identical to [1.0.0](#key-file-format-for-1.0.0), except for the following changes:
-* A new policy field, marked as [NEW:1.0.1] below.
+* A new policy field, marked as [NEW:1.1.0] below.
* The encoding of key types, algorithms and key material has changed, therefore the storage format is not compatible (despite using the same value in the version field so far).
A self-contained description of the file layout follows.
@@ -189,7 +189,7 @@
* type (4 bytes): `psa_key_type_t` value
* policy usage flags (4 bytes): `psa_key_usage_t` value
* policy usage algorithm (4 bytes): `psa_algorithm_t` value
-* policy enrollment algorithm (4 bytes): `psa_algorithm_t` value [NEW:1.0.1]
+* policy enrollment algorithm (4 bytes): `psa_algorithm_t` value [NEW:1.1.0]
* key material length (4 bytes)
* key material: output of `psa_export_key`
* Any trailing data is rejected on load.
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 6b2a850..f46cb4c 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -1,6 +1,7 @@
option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON)
option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
+option(LINK_WITH_TRUSTED_STORAGE "Explicitly link mbed TLS library to trusted_storage." OFF)
# Set the project root directory if it's not already defined, as may happen if
# the library folder is included directly by a parent project, without
@@ -125,6 +126,10 @@
set(libs ${libs} pthread)
endif()
+if(LINK_WITH_TRUSTED_STORAGE)
+ set(libs ${libs} trusted_storage)
+endif()
+
if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
message(FATAL_ERROR "Need to choose static or shared mbedtls build!")
endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h
index 44d5198..3809787 100644
--- a/library/psa_crypto_its.h
+++ b/library/psa_crypto_its.h
@@ -91,6 +91,7 @@
* \param[in] data_offset The starting offset of the data requested
* \param[in] data_length the amount of data requested (and the minimum allocated size of the `p_data` buffer)
* \param[out] p_data The buffer where the data will be placed upon successful completion
+ * \param[out] p_data_length The amount of data returned in the p_data buffer
*
*
* \return A status indicating the success/failure of the operation
@@ -106,7 +107,8 @@
psa_status_t psa_its_get(psa_storage_uid_t uid,
uint32_t data_offset,
uint32_t data_length,
- void *p_data);
+ void *p_data,
+ size_t *p_data_length );
/**
* \brief Retrieve the metadata about the provided uid
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index babc5bb..3c33c1d 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -96,12 +96,15 @@
psa_status_t status;
psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
struct psa_storage_info_t data_identifier_info;
+ size_t data_length = 0;
status = psa_its_get_info( data_identifier, &data_identifier_info );
if( status != PSA_SUCCESS )
return( status );
- status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data );
+ status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length );
+ if( data_size != data_length )
+ return( PSA_ERROR_STORAGE_FAILURE );
return( status );
}
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
index 8cdf783..05ca8af 100644
--- a/library/psa_its_file.c
+++ b/library/psa_its_file.c
@@ -44,7 +44,9 @@
#include <stdio.h>
#include <string.h>
+#if !defined(PSA_ITS_STORAGE_PREFIX)
#define PSA_ITS_STORAGE_PREFIX ""
+#endif
#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx"
#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
@@ -137,7 +139,8 @@
psa_status_t psa_its_get( psa_storage_uid_t uid,
uint32_t data_offset,
uint32_t data_length,
- void *p_data )
+ void *p_data,
+ size_t *p_data_length )
{
psa_status_t status;
FILE *stream = NULL;
@@ -172,6 +175,8 @@
if( n != data_length )
goto exit;
status = PSA_SUCCESS;
+ if( p_data_length != NULL )
+ *p_data_length = n;
exit:
if( stream != NULL )
diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function
index 867f64f..2266b90 100644
--- a/tests/suites/test_suite_psa_its.function
+++ b/tests/suites/test_suite_psa_its.function
@@ -69,6 +69,7 @@
uint32_t flags = flags_arg;
struct psa_storage_info_t info;
unsigned char *buffer = NULL;
+ size_t ret_len = 0;
ASSERT_ALLOC( buffer, data->len );
@@ -77,8 +78,8 @@
PSA_ASSERT( psa_its_get_info( uid, &info ) );
TEST_ASSERT( info.size == data->len );
TEST_ASSERT( info.flags == flags );
- PSA_ASSERT( psa_its_get( uid, 0, data->len, buffer ) );
- ASSERT_COMPARE( data->x, data->len, buffer, data->len );
+ PSA_ASSERT( psa_its_get( uid, 0, data->len, buffer, &ret_len ) );
+ ASSERT_COMPARE( data->x, data->len, buffer, ret_len );
PSA_ASSERT( psa_its_remove( uid ) );
@@ -98,6 +99,7 @@
uint32_t flags2 = flags2_arg;
struct psa_storage_info_t info;
unsigned char *buffer = NULL;
+ size_t ret_len = 0;
ASSERT_ALLOC( buffer, MAX( data1->len, data2->len ) );
@@ -105,15 +107,16 @@
PSA_ASSERT( psa_its_get_info( uid, &info ) );
TEST_ASSERT( info.size == data1->len );
TEST_ASSERT( info.flags == flags1 );
- PSA_ASSERT( psa_its_get( uid, 0, data1->len, buffer ) );
- ASSERT_COMPARE( data1->x, data1->len, buffer, data1->len );
+ PSA_ASSERT( psa_its_get( uid, 0, data1->len, buffer, &ret_len ) );
+ ASSERT_COMPARE( data1->x, data1->len, buffer, ret_len );
PSA_ASSERT( psa_its_set_wrap( uid, data2->len, data2->x, flags2 ) );
PSA_ASSERT( psa_its_get_info( uid, &info ) );
TEST_ASSERT( info.size == data2->len );
TEST_ASSERT( info.flags == flags2 );
- PSA_ASSERT( psa_its_get( uid, 0, data2->len, buffer ) );
- ASSERT_COMPARE( data2->x, data2->len, buffer, data2->len );
+ ret_len = 0;
+ PSA_ASSERT( psa_its_get( uid, 0, data2->len, buffer, &ret_len ) );
+ ASSERT_COMPARE( data2->x, data2->len, buffer, ret_len );
PSA_ASSERT( psa_its_remove( uid ) );
@@ -130,6 +133,7 @@
psa_storage_uid_t uid;
char stored[40];
char retrieved[40];
+ size_t ret_len = 0;
memset( stored, '.', sizeof( stored ) );
for( uid = uid0; uid < uid0 + count; uid++ )
@@ -143,11 +147,11 @@
{
mbedtls_snprintf( stored, sizeof( stored ),
"Content of file 0x%08lx", (unsigned long) uid );
- PSA_ASSERT( psa_its_get( uid, 0, sizeof( stored ), retrieved ) );
- ASSERT_COMPARE( retrieved, sizeof( stored ),
+ PSA_ASSERT( psa_its_get( uid, 0, sizeof( stored ), retrieved, &ret_len ) );
+ ASSERT_COMPARE( retrieved, ret_len,
stored, sizeof( stored ) );
PSA_ASSERT( psa_its_remove( uid ) );
- TEST_ASSERT( psa_its_get( uid, 0, 0, NULL ) ==
+ TEST_ASSERT( psa_its_get( uid, 0, 0, NULL, NULL ) ==
PSA_ERROR_DOES_NOT_EXIST );
}
@@ -171,7 +175,7 @@
TEST_ASSERT( psa_its_remove( uid ) == PSA_ERROR_DOES_NOT_EXIST );
TEST_ASSERT( psa_its_get_info( uid, &info ) ==
PSA_ERROR_DOES_NOT_EXIST );
- TEST_ASSERT( psa_its_get( uid, 0, 0, NULL ) ==
+ TEST_ASSERT( psa_its_get( uid, 0, 0, NULL, NULL ) ==
PSA_ERROR_DOES_NOT_EXIST );
exit:
@@ -190,6 +194,7 @@
size_t length = length_arg >= 0 ? length_arg : 0;
unsigned char *trailer;
size_t i;
+ size_t ret_len = 0;
ASSERT_ALLOC( buffer, length + 16 );
trailer = buffer + length;
@@ -197,11 +202,11 @@
PSA_ASSERT( psa_its_set_wrap( uid, data->len, data->x, 0 ) );
- status = psa_its_get( uid, offset, length_arg, buffer );
+ status = psa_its_get( uid, offset, length_arg, buffer, &ret_len );
TEST_ASSERT( status == (psa_status_t) expected_status );
if( status == PSA_SUCCESS )
- ASSERT_COMPARE( data->x + offset, length,
- buffer, length );
+ ASSERT_COMPARE( data->x + offset, (size_t) length_arg,
+ buffer, ret_len );
for( i = 0; i < 16; i++ )
TEST_ASSERT( trailer[i] == '-' );
PSA_ASSERT( psa_its_remove( uid ) );