-
-
Notifications
You must be signed in to change notification settings - Fork 86
/
Copy pathSecureStore.h
304 lines (271 loc) · 13.2 KB
/
SecureStore.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
/*
* Copyright (c) 2018 ARM Limited. All rights reserved.
* SPDX-License-Identifier: Apache-2.0
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an AS IS BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef MBED_SECURESTORE_H
#define MBED_SECURESTORE_H
#if !defined(MBEDTLS_CONFIG_FILE)
// #include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
// #include "device_key/DeviceKey.h"
#define SECURESTORE_ENABLED 1
// Whole class is not supported if entropy, device key or required mbed TLS features are not enabled
#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CIPHER_MODE_CTR) || !defined(MBEDTLS_CMAC_C) || !DEVICEKEY_ENABLED
#undef SECURESTORE_ENABLED
#define SECURESTORE_ENABLED 0
#endif
#if SECURESTORE_ENABLED || defined(DOXYGEN_ONLY)
#include <stdint.h>
#include "KVStore.h"
// Forward declarations
struct mbedtls_entropy_context;
// namespace mbed {
/** TDBStore class
*
* Lightweight Key Value storage over a block device
*/
class SecureStore : public KVStore {
public:
/**
* @brief Class constructor
*
* @param[in] underlying_kv KVStore that will hold the data.
* @param[in] rbp_kv Additional KVStore used for rollback protection.
*
* @returns none
*/
SecureStore(KVStore *underlying_kv, KVStore *rbp_kv = 0);
/**
* @brief Class destructor
*
* @returns none
*/
virtual ~SecureStore();
/**
* @brief Initialize SecureStore class. It will also initialize
* the underlying KVStore and the rollback protection KVStore.
*
* @returns KVSTORE_SUCCESS Success.
* or any other error from underlying KVStore instances.
*/
virtual int init();
/**
* @brief Deinitialize SecureStore class, free handles and memory allocations.
*
* @returns KVSTORE_SUCCESS Success.
* or any other error from underlying KVStore instances.
*/
virtual int deinit();
/**
* @brief Reset KVStore contents (clear all keys)
* Warning: This function is not thread safe.
*
* @returns KVSTORE_SUCCESS Success.
* KVSTORE_ERROR_NOT_READY Not initialized.
* or any other error from underlying KVStore instances.
*/
virtual int reset();
/**
* @brief Set one KVStore item, given key and value.
*
* @param[in] key Key - must not include '*' '/' '?' ':' ';' '\' '"' '|' ' ' '<' '>' '\'.
* @param[in] buffer Value data buffer.
* @param[in] size Value data size.
* @param[in] create_flags Flag mask - WRITE_ONCE_FLAG|REQUIRE_CONFIDENTIALITY_FLAG|
* REQUIRE_INTEGRITY_FLAG|REQUIRE_REPLAY_PROTECTION_FLAG
*
* @returns KVSTORE_SUCCESS Success.
* KVSTORE_ERROR_NOT_READY Not initialized.
* KVSTORE_ERROR_READ_FAILED Unable to read from media.
* KVSTORE_ERROR_INVALID_ARGUMENT Invalid argument given in function arguments.
* KVSTORE_ERROR_INVALID_SIZE Invalid size given in function arguments.
* KVSTORE_ERROR_WRITE_PROTECTED Already stored with "write once" flag.
* KVSTORE_ERROR_FAILED_OPERATION Internal error.
* or any other error from underlying KVStore instances.
*/
virtual int set(const char *key, const void *buffer, size_t size, uint32_t create_flags);
/**
* @brief Get one KVStore item, given key.
*
* @param[in] key Key - must not include '*' '/' '?' ':' ';' '\' '"' '|' ' ' '<' '>' '\'.
* @param[in] buffer Value data buffer.
* @param[in] buffer_size Value data buffer size.
* @param[out] actual_size Actual read size.
* @param[in] offset Offset to read from in data.
*
* @returns KVSTORE_SUCCESS Success.
* KVSTORE_ERROR_NOT_READY Not initialized.
* KVSTORE_ERROR_READ_FAILED Unable to read from media.
* KVSTORE_ERROR_INVALID_ARGUMENT Invalid argument given in function arguments.
* KVSTORE_ERROR_INVALID_SIZE Invalid size given in function arguments.
* KVSTORE_ERROR_FAILED_OPERATION Internal error.
* KVSTORE_ERROR_ITEM_NOT_FOUND No such key.
* KVSTORE_ERROR_AUTHENTICATION_FAILED Data authentication failed.
* KVSTORE_ERROR_AUTHENTICATION_RBP_FAILED
* Rollback protection data authentication failed.
* or any other error from underlying KVStore instances.
*/
virtual int get(const char *key, void *buffer, size_t buffer_size, size_t *actual_size = NULL,
size_t offset = 0);
/**
* @brief Get information of a given key.
*
* @param[in] key Key - must not include '*' '/' '?' ':' ';' '\' '"' '|' ' ' '<' '>' '\'.
* @param[out] info Returned information structure containing size and flags.
*
* @returns KVSTORE_SUCCESS Success.
* KVSTORE_ERROR_NOT_READY Not initialized.
* KVSTORE_ERROR_READ_FAILED Unable to read from media.
* KVSTORE_ERROR_INVALID_ARGUMENT Invalid argument given in function arguments.
* KVSTORE_ERROR_FAILED_OPERATION Internal error.
* KVSTORE_ERROR_ITEM_NOT_FOUND No such key.
* KVSTORE_ERROR_AUTHENTICATION_FAILED Data authentication failed.
* KVSTORE_ERROR_AUTHENTICATION_RBP_FAILED
* Rollback protection data authentication failed.
* or any other error from underlying KVStore instances.
*/
virtual int get_info(const char *key, info_t *info);
/**
* @brief Remove a KVStore item, given key.
*
* @param[in] key Key - must not include '*' '/' '?' ':' ';' '\' '"' '|' ' ' '<' '>' '\'.
*
* @returns KVSTORE_SUCCESS Success.
* KVSTORE_ERROR_NOT_READY Not initialized.
* KVSTORE_ERROR_READ_FAILED Unable to read from media.
* KVSTORE_ERROR_INVALID_ARGUMENT Invalid argument given in function arguments.
* KVSTORE_ERROR_WRITE_PROTECTED Already stored with "write once" flag.
* KVSTORE_ERROR_FAILED_OPERATION Internal error.
* or any other error from underlying KVStore instances.
*/
virtual int remove(const char *key);
/**
* @brief Start an incremental KVStore set sequence. This operation is blocking other operations.
* Any get/set/remove/iterator operation will be blocked until set_finalize is called.
*
* @param[out] handle Returned incremental set handle.
* @param[in] key Key - must not include '*' '/' '?' ':' ';' '\' '"' '|' ' ' '<' '>' '\'.
* @param[in] final_data_size Final value data size.
* @param[in] create_flags Flag mask - WRITE_ONCE_FLAG|REQUIRE_CONFIDENTIALITY_FLAG|
* REQUIRE_INTEGRITY_FLAG|REQUIRE_REPLAY_PROTECTION_FLAG
*
* @returns KVSTORE_SUCCESS Success.
* KVSTORE_ERROR_NOT_READY Not initialized.
* KVSTORE_ERROR_READ_FAILED Unable to read from media.
* KVSTORE_ERROR_INVALID_ARGUMENT Invalid argument given in function arguments.
* KVSTORE_ERROR_INVALID_SIZE Invalid size given in function arguments.
* KVSTORE_ERROR_WRITE_PROTECTED Already stored with "write once" flag.
* KVSTORE_ERROR_FAILED_OPERATION Internal error.
* or any other error from underlying KVStore instances.
*/
virtual int set_start(set_handle_t *handle, const char *key, size_t final_data_size, uint32_t create_flags);
/**
* @brief Add data to incremental KVStore set sequence. This operation is blocking other operations.
* Any get/set/remove operation will be blocked until set_finalize is called.
*
* @param[in] handle Incremental set handle.
* @param[in] value_data value data to add.
* @param[in] data_size value data size.
*
* @returns KVSTORE_SUCCESS Success.
* KVSTORE_ERROR_NOT_READY Not initialized.
* KVSTORE_ERROR_INVALID_ARGUMENT Invalid argument given in function arguments.
* KVSTORE_ERROR_INVALID_SIZE Invalid size given in function arguments.
* KVSTORE_ERROR_FAILED_OPERATION Internal error.
* or any other error from underlying KVStore instances.
*/
virtual int set_add_data(set_handle_t handle, const void *value_data, size_t data_size);
/**
* @brief Finalize an incremental KVStore set sequence.
*
* @param[in] handle Incremental set handle.
*
* @returns KVSTORE_SUCCESS Success.
* KVSTORE_ERROR_NOT_READY Not initialized.
* KVSTORE_ERROR_INVALID_ARGUMENT Invalid argument given in function arguments.
* KVSTORE_ERROR_INVALID_SIZE Invalid size given in function arguments.
* KVSTORE_ERROR_FAILED_OPERATION Internal error.
* or any other error from underlying KVStore instances.
*/
virtual int set_finalize(set_handle_t handle);
/**
* @brief Start an iteration over KVStore keys.
* There are no issue with any other operation while iterator is open.
*
* @param[out] it Returned iterator handle.
* @param[in] prefix Key prefix (null for all keys).
*
* @returns KVSTORE_SUCCESS Success.
* KVSTORE_ERROR_NOT_READY Not initialized.
* KVSTORE_ERROR_INVALID_ARGUMENT Invalid argument given in function arguments.
* or any other error from underlying KVStore instances.
*/
virtual int iterator_open(iterator_t *it, const char *prefix = NULL);
/**
* @brief Get next key in iteration.
* There are no issue with any other operation while iterator is open.
*
* @param[in] it Iterator handle.
* @param[in] key Buffer for returned key.
* @param[in] key_size Key buffer size.
*
* @returns KVSTORE_SUCCESS Success.
* KVSTORE_ERROR_NOT_READY Not initialized.
* KVSTORE_ERROR_INVALID_ARGUMENT Invalid argument given in function arguments.
* or any other error from underlying KVStore instances.
*/
virtual int iterator_next(iterator_t it, char *key, size_t key_size);
/**
* @brief Close iteration.
*
* @returns KVSTORE_SUCCESS Success.
* KVSTORE_ERROR_NOT_READY Not initialized.
* KVSTORE_ERROR_INVALID_ARGUMENT Invalid argument given in function arguments.
* or any other error from underlying KVStore instances.
*
* @returns 0 on success or a negative error code on failure
*/
virtual int iterator_close(iterator_t it);
#if !defined(DOXYGEN_ONLY)
private:
// Forward declaration
struct inc_set_handle_t;
PlatformMutex _mutex;
bool _is_initialized;
KVStore *_underlying_kv, *_rbp_kv;
mbedtls_entropy_context *_entropy;
inc_set_handle_t *_ih;
uint8_t *_scratch_buf;
/**
* @brief Actual get function, serving get and get_info APIs.
*
* @param[in] key Key - must not include '*' '/' '?' ':' ';' '\' '"' '|' ' ' '<' '>' '\'.
* @param[in] buffer Value data buffer.
* @param[in] buffer_size Value data buffer size.
* @param[out] actual_size Actual read size.
* @param[in] offset Offset to read from in data.
* @param[out] info Returned information structure.
*
* @returns 0 on success or a negative error code on failure
*/
int do_get(const char *key, void *buffer, size_t buffer_size, size_t *actual_size = NULL,
size_t offset = 0, info_t *info = 0);
#endif
};
/** @}*/
// } // namespace mbed
#endif
#endif