diff options
author | Galanakis, Minos <minos.galanakis@arm.com> | 2019-11-20 14:29:44 +0000 |
---|---|---|
committer | Jamie Fox <jamie.fox@arm.com> | 2020-02-19 15:28:32 +0000 |
commit | ecc9de8367a778b7516f2d197a0ebb0537d6e4ae (patch) | |
tree | 9d788acfa269c6a65594fc9208a98ca331066fa3 /interface | |
parent | 235ab656044a684fd95ce8d208d2c7b7220d3e77 (diff) | |
download | trusted-firmware-m-ecc9de8367a778b7516f2d197a0ebb0537d6e4ae.tar.gz |
SST: Implement PSA Protected Storage 1.0
Refactors SST to implement PSA Protected Storage version 1.0.
Change-Id: I967375e98799a465069525f203881f5331d6d84a
Signed-off-by: Galanakis, Minos <minos.galanakis@arm.com>
Diffstat (limited to 'interface')
-rw-r--r-- | interface/src/tfm_sst_func_api.c | 93 | ||||
-rw-r--r-- | interface/src/tfm_sst_ipc_api.c | 99 |
2 files changed, 83 insertions, 109 deletions
diff --git a/interface/src/tfm_sst_func_api.c b/interface/src/tfm_sst_func_api.c index 6d94d67940..77a466eed7 100644 --- a/interface/src/tfm_sst_func_api.c +++ b/interface/src/tfm_sst_func_api.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2019, Arm Limited. All rights reserved. + * Copyright (c) 2017-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -12,73 +12,72 @@ #define IOVEC_LEN(x) (uint32_t)(sizeof(x)/sizeof(x[0])) -psa_ps_status_t psa_ps_set(psa_ps_uid_t uid, - uint32_t data_length, - const void *p_data, - psa_ps_create_flags_t create_flags) +psa_status_t psa_ps_set(psa_storage_uid_t uid, + size_t data_length, + const void *p_data, + psa_storage_create_flags_t create_flags) { psa_status_t status; - psa_ps_status_t err; psa_invec in_vec[] = { { .base = &uid, .len = sizeof(uid) }, { .base = p_data, .len = data_length }, { .base = &create_flags, .len = sizeof(create_flags) } }; - psa_outvec out_vec[] = { - { .base = &err , .len = sizeof(err) } - }; - status = tfm_ns_interface_dispatch( (veneer_fn)tfm_tfm_sst_set_req_veneer, (uint32_t)in_vec, IOVEC_LEN(in_vec), - (uint32_t)out_vec, IOVEC_LEN(out_vec)); - if (status != PSA_SUCCESS) { - return PSA_PS_ERROR_OPERATION_FAILED; - } + (uint32_t)NULL, 0); - return err; + /* A parameter with a buffer pointer pointer that has data length longer + * than maximum permitted is treated as a secure violation. + * TF-M framework rejects the request with TFM_ERROR_INVALID_PARAMETER. + */ + if (status == (psa_status_t)TFM_ERROR_INVALID_PARAMETER) { + return PSA_ERROR_INVALID_ARGUMENT; + } + return status; } -psa_ps_status_t psa_ps_get(psa_ps_uid_t uid, - uint32_t data_offset, - uint32_t data_length, - void *p_data) +psa_status_t psa_ps_get(psa_storage_uid_t uid, + size_t data_offset, + size_t data_size, + void *p_data, + size_t *p_data_length) { psa_status_t status; - psa_ps_status_t err; psa_invec in_vec[] = { { .base = &uid, .len = sizeof(uid) }, { .base = &data_offset, .len = sizeof(data_offset) } }; psa_outvec out_vec[] = { - { .base = &err, .len = sizeof(err) }, - { .base = p_data, .len = data_length } + { .base = p_data, .len = data_size } }; + if (p_data_length == NULL) { + return PSA_ERROR_INVALID_ARGUMENT; + } + status = tfm_ns_interface_dispatch( (veneer_fn)tfm_tfm_sst_get_req_veneer, (uint32_t)in_vec, IOVEC_LEN(in_vec), (uint32_t)out_vec, IOVEC_LEN(out_vec)); - if (status != PSA_SUCCESS) { - return PSA_PS_ERROR_OPERATION_FAILED; - } + *p_data_length = out_vec[0].len; - return err; + return status; } -psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info) +psa_status_t psa_ps_get_info(psa_storage_uid_t uid, + struct psa_storage_info_t *p_info) { psa_status_t status; - psa_ps_status_t err; psa_invec in_vec[] = { { .base = &uid, .len = sizeof(uid) } }; psa_outvec out_vec[] = { - { .base = &err, .len = sizeof(err) }, { .base = p_info, .len = sizeof(*p_info) } }; @@ -87,56 +86,44 @@ psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info) (uint32_t)in_vec, IOVEC_LEN(in_vec), (uint32_t)out_vec, IOVEC_LEN(out_vec)); - if (status != PSA_SUCCESS) { - return PSA_PS_ERROR_OPERATION_FAILED; - } - - return err; + return status; } -psa_ps_status_t psa_ps_remove(psa_ps_uid_t uid) +psa_status_t psa_ps_remove(psa_storage_uid_t uid) { psa_status_t status; - psa_ps_status_t err; psa_invec in_vec[] = { { .base = &uid, .len = sizeof(uid) } }; - psa_outvec out_vec[] = { - { .base = &err, .len = sizeof(err) } - }; - status = tfm_ns_interface_dispatch( (veneer_fn)tfm_tfm_sst_remove_req_veneer, (uint32_t)in_vec, IOVEC_LEN(in_vec), - (uint32_t)out_vec, IOVEC_LEN(out_vec)); - - if (status != PSA_SUCCESS) { - return PSA_PS_ERROR_OPERATION_FAILED; - } + (uint32_t)NULL, 0); - return err; + return status; } -psa_ps_status_t psa_ps_create(psa_ps_uid_t uid, uint32_t size, - psa_ps_create_flags_t create_flags) +psa_status_t psa_ps_create(psa_storage_uid_t uid, + size_t capacity, + psa_storage_create_flags_t create_flags) { (void)uid; - (void)size; + (void)capacity; (void)create_flags; - return PSA_PS_ERROR_NOT_SUPPORTED; + return PSA_ERROR_NOT_SUPPORTED; } -psa_ps_status_t psa_ps_set_extended(psa_ps_uid_t uid, uint32_t data_offset, - uint32_t data_length, const void *p_data) +psa_status_t psa_ps_set_extended(psa_storage_uid_t uid, size_t data_offset, + size_t data_length, const void *p_data) { (void)uid; (void)data_offset; (void)data_length; (void)p_data; - return PSA_PS_ERROR_NOT_SUPPORTED; + return PSA_ERROR_NOT_SUPPORTED; } uint32_t psa_ps_get_support(void) diff --git a/interface/src/tfm_sst_ipc_api.c b/interface/src/tfm_sst_ipc_api.c index 9ef95ff499..8d0dc431a4 100644 --- a/interface/src/tfm_sst_ipc_api.c +++ b/interface/src/tfm_sst_ipc_api.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2019, Arm Limited. All rights reserved. + * Copyright (c) 2017-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -13,13 +13,12 @@ #define IOVEC_LEN(x) (uint32_t)(sizeof(x)/sizeof(x[0])) -psa_ps_status_t psa_ps_set(psa_ps_uid_t uid, - uint32_t data_length, - const void *p_data, - psa_ps_create_flags_t create_flags) +psa_status_t psa_ps_set(psa_storage_uid_t uid, + size_t data_length, + const void *p_data, + psa_storage_create_flags_t create_flags) { psa_status_t status; - psa_ps_status_t err; psa_handle_t handle; psa_invec in_vec[] = { @@ -28,34 +27,34 @@ psa_ps_status_t psa_ps_set(psa_ps_uid_t uid, { .base = &create_flags, .len = sizeof(create_flags) } }; - psa_outvec out_vec[] = { - { .base = &err , .len = sizeof(err) } - }; - handle = psa_connect(TFM_SST_SET_SID, TFM_SST_SET_VERSION); if (!PSA_HANDLE_IS_VALID(handle)) { - return PSA_PS_ERROR_OPERATION_FAILED; + return PSA_ERROR_GENERIC_ERROR; } - status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, - IOVEC_LEN(out_vec)); + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), + NULL, 0); psa_close(handle); - if (status != PSA_SUCCESS) { - return PSA_PS_ERROR_OPERATION_FAILED; + /* A parameter with a buffer pointer pointer that has data length longer + * than maximum permitted is treated as a secure violation. + * TF-M framework rejects the request with TFM_ERROR_INVALID_PARAMETER. + */ + if (status == (psa_status_t)TFM_ERROR_INVALID_PARAMETER) { + return PSA_ERROR_INVALID_ARGUMENT; } - return err; + return status; } -psa_ps_status_t psa_ps_get(psa_ps_uid_t uid, - uint32_t data_offset, - uint32_t data_length, - void *p_data) +psa_status_t psa_ps_get(psa_storage_uid_t uid, + size_t data_offset, + size_t data_size, + void *p_data, + size_t *p_data_length) { psa_status_t status; - psa_ps_status_t err; psa_handle_t handle; psa_invec in_vec[] = { @@ -64,13 +63,16 @@ psa_ps_status_t psa_ps_get(psa_ps_uid_t uid, }; psa_outvec out_vec[] = { - { .base = &err, .len = sizeof(err) }, - { .base = p_data, .len = data_length } + { .base = p_data, .len = data_size } }; + if (p_data_length == NULL) { + return PSA_ERROR_INVALID_ARGUMENT; + } + handle = psa_connect(TFM_SST_GET_SID, TFM_SST_GET_VERSION); if (!PSA_HANDLE_IS_VALID(handle)) { - return PSA_PS_ERROR_OPERATION_FAILED; + return PSA_ERROR_GENERIC_ERROR; } status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, @@ -78,17 +80,15 @@ psa_ps_status_t psa_ps_get(psa_ps_uid_t uid, psa_close(handle); - if (status != PSA_SUCCESS) { - return PSA_PS_ERROR_OPERATION_FAILED; - } + *p_data_length = out_vec[0].len; - return err; + return status; } -psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info) +psa_status_t psa_ps_get_info(psa_storage_uid_t uid, + struct psa_storage_info_t *p_info) { psa_status_t status; - psa_ps_status_t err; psa_handle_t handle; psa_invec in_vec[] = { @@ -96,13 +96,12 @@ psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info) }; psa_outvec out_vec[] = { - { .base = &err, .len = sizeof(err) }, { .base = p_info, .len = sizeof(*p_info) } }; handle = psa_connect(TFM_SST_GET_INFO_SID, TFM_SST_GET_INFO_VERSION); if (!PSA_HANDLE_IS_VALID(handle)) { - return PSA_PS_ERROR_OPERATION_FAILED; + return PSA_ERROR_GENERIC_ERROR; } status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, @@ -110,63 +109,51 @@ psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info) psa_close(handle); - if (status != PSA_SUCCESS) { - return PSA_PS_ERROR_OPERATION_FAILED; - } - - return err; + return status; } -psa_ps_status_t psa_ps_remove(psa_ps_uid_t uid) +psa_status_t psa_ps_remove(psa_storage_uid_t uid) { psa_status_t status; - psa_ps_status_t err; psa_handle_t handle; psa_invec in_vec[] = { { .base = &uid, .len = sizeof(uid) } }; - psa_outvec out_vec[] = { - { .base = &err, .len = sizeof(err) } - }; handle = psa_connect(TFM_SST_REMOVE_SID, TFM_SST_REMOVE_VERSION); if (!PSA_HANDLE_IS_VALID(handle)) { - return PSA_PS_ERROR_OPERATION_FAILED; + return PSA_ERROR_GENERIC_ERROR; } - status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, - IOVEC_LEN(out_vec)); + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), + NULL, 0); psa_close(handle); - if (status != PSA_SUCCESS) { - return PSA_PS_ERROR_OPERATION_FAILED; - } - - return err; + return status; } -psa_ps_status_t psa_ps_create(psa_ps_uid_t uid, uint32_t size, - psa_ps_create_flags_t create_flags) +psa_status_t psa_ps_create(psa_storage_uid_t uid, size_t size, + psa_storage_create_flags_t create_flags) { (void)uid; (void)size; (void)create_flags; - return PSA_PS_ERROR_NOT_SUPPORTED; + return PSA_ERROR_NOT_SUPPORTED; } -psa_ps_status_t psa_ps_set_extended(psa_ps_uid_t uid, uint32_t data_offset, - uint32_t data_length, const void *p_data) +psa_status_t psa_ps_set_extended(psa_storage_uid_t uid, size_t data_offset, + size_t data_length, const void *p_data) { (void)uid; (void)data_offset; (void)data_length; (void)p_data; - return PSA_PS_ERROR_NOT_SUPPORTED; + return PSA_ERROR_NOT_SUPPORTED; } uint32_t psa_ps_get_support(void) |