aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjulhal01 <julian.hall@arm.com>2021-02-15 17:34:08 +0000
committerGyorgy Szing <Gyorgy.Szing@arm.com>2021-07-01 01:04:14 +0200
commit1260f10b365ab68427801028146c77faf3854c84 (patch)
tree5890e6034438187b05ee0b7ee0ca2ebbbb13e2f5
parentcd3241a5b189c74264d06e6413397eaa3b9dca81 (diff)
downloadtrusted-services-1260f10b365ab68427801028146c77faf3854c84.tar.gz
Refactor Secure storage into frontend/backend
The secure storage service components are refactored as storage frontends and backends. Any frontend can be paired with any backend. Each backend implements a common interface. This allows new storage frontends and backends to be added more easily and allows configurations such as proxies to be created by simply pairing a service provider (frontend) with a service client (backend). Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I5ef569ff3b61f64d6de69276d2b33e67a7ab0fa6
-rw-r--r--components/service/common/psa/internal_trusted_storage.h (renamed from components/service/secure_storage/client/psa/internal_trusted_storage.h)0
-rw-r--r--components/service/common/psa/storage_common.h (renamed from components/service/secure_storage/client/psa/storage_common.h)0
-rw-r--r--components/service/crypto/client/test/standalone/standalone_crypto_client.cpp6
-rw-r--r--components/service/crypto/client/test/standalone/standalone_crypto_client.h6
-rw-r--r--components/service/crypto/provider/mbedcrypto/crypto_provider.c16
-rw-r--r--components/service/crypto/provider/mbedcrypto/crypto_provider.h11
-rw-r--r--components/service/locator/standalone/services/crypto/crypto_service_context.cpp6
-rw-r--r--components/service/locator/standalone/services/crypto/crypto_service_context.h4
-rw-r--r--components/service/secure_storage/backend/mock_store/component.cmake (renamed from components/service/secure_storage/provider/mock_store/component.cmake)4
-rw-r--r--components/service/secure_storage/backend/mock_store/mock_store.c207
-rw-r--r--components/service/secure_storage/backend/mock_store/mock_store.h47
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/component.cmake (renamed from components/service/secure_storage/provider/secure_flash_store/component.cmake)3
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/flash/component.cmake (renamed from components/service/secure_storage/provider/secure_flash_store/flash/component.cmake)0
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash.c (renamed from components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash.c)0
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash.h (renamed from components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash.h)0
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash_info.c (renamed from components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash_info.c)0
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash_ram.c (renamed from components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash_ram.c)0
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash_ram.h (renamed from components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash_ram.h)0
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/flash_fs/component.cmake (renamed from components/service/secure_storage/provider/secure_flash_store/flash_fs/component.cmake)0
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs.c (renamed from components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs.c)0
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs.h (renamed from components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs.h)0
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_check_info.h (renamed from components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_check_info.h)0
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_dblock.c (renamed from components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_dblock.c)0
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_dblock.h (renamed from components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_dblock.h)0
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_mblock.c (renamed from components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_mblock.c)0
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_mblock.h (renamed from components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_mblock.h)0
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/secure_flash_store.c (renamed from components/service/secure_storage/provider/secure_flash_store/secure_flash_store.c)121
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/secure_flash_store.h28
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/sfs_utils.c (renamed from components/service/secure_storage/provider/secure_flash_store/sfs_utils.c)0
-rw-r--r--components/service/secure_storage/backend/secure_flash_store/sfs_utils.h (renamed from components/service/secure_storage/provider/secure_flash_store/sfs_utils.h)0
-rw-r--r--components/service/secure_storage/backend/secure_storage_client/component.cmake (renamed from components/service/secure_storage/client/psa/component.cmake)9
-rw-r--r--components/service/secure_storage/backend/secure_storage_client/secure_storage_client.c (renamed from components/service/secure_storage/client/psa/its/its_client.c)89
-rw-r--r--components/service/secure_storage/backend/secure_storage_client/secure_storage_client.h51
-rw-r--r--components/service/secure_storage/backend/storage_backend.h196
-rw-r--r--components/service/secure_storage/client/psa/its/its_client.h31
-rw-r--r--components/service/secure_storage/frontend/psa/its/component.cmake13
-rw-r--r--components/service/secure_storage/frontend/psa/its/its_frontend.c72
-rw-r--r--components/service/secure_storage/frontend/psa/its/its_frontend.h34
-rw-r--r--components/service/secure_storage/frontend/secure_storage_provider/component.cmake13
-rw-r--r--components/service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.c (renamed from components/service/secure_storage/provider/secure_flash_store/sfs_provider.c)108
-rw-r--r--components/service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h37
-rw-r--r--components/service/secure_storage/provider/mock_store/mock_store_provider.c257
-rw-r--r--components/service/secure_storage/provider/mock_store/mock_store_provider.h46
-rw-r--r--components/service/secure_storage/provider/secure_flash_store/secure_flash_store.h171
-rw-r--r--components/service/secure_storage/provider/secure_flash_store/sfs_provider.h30
-rw-r--r--components/service/secure_storage/test/its_tests.cpp18
-rw-r--r--deployments/component-test/component-test.cmake12
-rw-r--r--deployments/crypto/opteesp/CMakeLists.txt3
-rw-r--r--deployments/crypto/opteesp/crypto_sp.c4
-rw-r--r--deployments/env-test/env_test.cmake5
-rw-r--r--deployments/libts/linux-pc/CMakeLists.txt10
-rw-r--r--deployments/secure-storage/opteesp/CMakeLists.txt8
-rw-r--r--deployments/secure-storage/opteesp/sp.c14
-rw-r--r--deployments/sfs-demo/opteesp/CMakeLists.txt3
-rw-r--r--deployments/sfs-demo/opteesp/sp.c8
55 files changed, 978 insertions, 723 deletions
diff --git a/components/service/secure_storage/client/psa/internal_trusted_storage.h b/components/service/common/psa/internal_trusted_storage.h
index da69054..da69054 100644
--- a/components/service/secure_storage/client/psa/internal_trusted_storage.h
+++ b/components/service/common/psa/internal_trusted_storage.h
diff --git a/components/service/secure_storage/client/psa/storage_common.h b/components/service/common/psa/storage_common.h
index 4f6ba2a..4f6ba2a 100644
--- a/components/service/secure_storage/client/psa/storage_common.h
+++ b/components/service/common/psa/storage_common.h
diff --git a/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp b/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp
index 86fd420..c57cbba 100644
--- a/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp
+++ b/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp
@@ -9,6 +9,7 @@
#include <protocols/service/psa/packed-c/status.h>
#include <service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.h>
#include <service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.h>
+#include <service/secure_storage/backend/secure_flash_store/secure_flash_store.h>
standalone_crypto_client::standalone_crypto_client() :
test_crypto_client(),
@@ -37,7 +38,9 @@ bool standalone_crypto_client::init()
if (!is_fault_injected(FAILED_TO_DISCOVER_SECURE_STORAGE)) {
/* Establish rpc session with storage provider */
- struct rpc_interface *storage_ep = sfs_provider_init(&m_storage_provider);
+ struct storage_backend *storage_backend = sfs_init();
+ struct rpc_interface *storage_ep = secure_storage_provider_init(&m_storage_provider,
+ storage_backend);
storage_caller = direct_caller_init_default(&m_storage_caller, storage_ep);
}
else {
@@ -77,6 +80,7 @@ bool standalone_crypto_client::deinit()
if (should_do) {
mbed_crypto_provider_deinit(&m_crypto_provider);
+ secure_storage_provider_deinit(&m_storage_provider);
direct_caller_deinit(&m_storage_caller);
direct_caller_deinit(&m_crypto_caller);
diff --git a/components/service/crypto/client/test/standalone/standalone_crypto_client.h b/components/service/crypto/client/test/standalone/standalone_crypto_client.h
index 9327fdc..8f156b0 100644
--- a/components/service/crypto/client/test/standalone/standalone_crypto_client.h
+++ b/components/service/crypto/client/test/standalone/standalone_crypto_client.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -11,7 +11,7 @@
#include <rpc/direct/direct_caller.h>
#include <rpc/dummy/dummy_caller.h>
#include <service/crypto/provider/mbedcrypto/crypto_provider.h>
-#include <service/secure_storage/provider/secure_flash_store/sfs_provider.h>
+#include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
/*
* A specialization of the crypto_client class that extends it to add crypto
@@ -43,7 +43,7 @@ private:
bool is_fault_supported(enum fault_code code) const;
struct mbed_crypto_provider m_crypto_provider;
- struct sfs_provider m_storage_provider;
+ struct secure_storage_provider m_storage_provider;
struct direct_caller m_crypto_caller;
struct direct_caller m_storage_caller;
struct dummy_caller m_dummy_storage_caller;
diff --git a/components/service/crypto/provider/mbedcrypto/crypto_provider.c b/components/service/crypto/provider/mbedcrypto/crypto_provider.c
index 4d5a0a3..b0f8be3 100644
--- a/components/service/crypto/provider/mbedcrypto/crypto_provider.c
+++ b/components/service/crypto/provider/mbedcrypto/crypto_provider.c
@@ -8,7 +8,7 @@
#include <protocols/service/crypto/packed-c/opcodes.h>
#include <service/crypto/provider/mbedcrypto/crypto_provider.h>
#include <service/crypto/provider/mbedcrypto/trng_adapter/trng_adapter.h>
-#include <service/secure_storage/client/psa/its/its_client.h>
+#include <service/secure_storage/frontend/psa/its/its_frontend.h>
#include <protocols/rpc/common/packed-c/status.h>
#include <psa/crypto.h>
@@ -45,7 +45,7 @@ static const struct service_handler handler_table[] = {
};
struct rpc_interface *mbed_crypto_provider_init(struct mbed_crypto_provider *context,
- struct rpc_caller *storage_provider,
+ struct rpc_caller *storage_caller,
int trng_instance)
{
struct rpc_interface *rpc_interface = NULL;
@@ -57,7 +57,7 @@ struct rpc_interface *mbed_crypto_provider_init(struct mbed_crypto_provider *con
* is a mandatory feature of the crypto service, insist on a storage
* provider being available.
*/
- if (context && storage_provider) {
+ if (context && storage_caller) {
for (size_t encoding = 0; encoding < TS_RPC_ENCODING_LIMIT; ++encoding)
context->serializers[encoding] = NULL;
@@ -65,9 +65,15 @@ struct rpc_interface *mbed_crypto_provider_init(struct mbed_crypto_provider *con
service_provider_init(&context->base_provider, context,
handler_table, sizeof(handler_table)/sizeof(struct service_handler));
- if ((psa_its_client_init(storage_provider) == PSA_SUCCESS) &&
- (psa_crypto_init() == PSA_SUCCESS))
+ struct storage_backend *storage_backend =
+ secure_storage_client_init(&context->secure_storage_client, storage_caller);
+
+ if (storage_backend &&
+ (psa_its_frontend_init(storage_backend) == PSA_SUCCESS) &&
+ (psa_crypto_init() == PSA_SUCCESS)) {
+
rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
+ }
}
return rpc_interface;
diff --git a/components/service/crypto/provider/mbedcrypto/crypto_provider.h b/components/service/crypto/provider/mbedcrypto/crypto_provider.h
index 0a7666f..1f69396 100644
--- a/components/service/crypto/provider/mbedcrypto/crypto_provider.h
+++ b/components/service/crypto/provider/mbedcrypto/crypto_provider.h
@@ -8,9 +8,9 @@
#define MBED_CRYPTO_PROVIDER_H
#include <rpc/common/endpoint/rpc_interface.h>
-#include <rpc_caller.h>
#include <service/common/provider/service_provider.h>
#include <service/crypto/provider/serializer/crypto_provider_serializer.h>
+#include <service/secure_storage/backend/secure_storage_client/secure_storage_client.h>
#include <protocols/rpc/common/packed-c/encoding.h>
#ifdef __cplusplus
@@ -21,20 +21,17 @@ struct mbed_crypto_provider
{
struct service_provider base_provider;
const struct crypto_provider_serializer *serializers[TS_RPC_ENCODING_LIMIT];
+ struct secure_storage_client secure_storage_client;
};
/*
* Initializes an instance of the crypto service provider that uses the
* Mbed Crypto library to implement crypto operations. Secure storage
* for persistent keys needs to be provided by a suitable storage
- * provider, accessed using the secure storage service access protocol
- * using the provided rpc_caller. Any rpc endpoint discovery and
- * session establishment should have been performed prior to initializing
- * the mbed_crypto_provider. On successfully initializing the provider,
- * a pointer to the rpc_interface for the service is returned.
+ * backend.
*/
struct rpc_interface *mbed_crypto_provider_init(struct mbed_crypto_provider *context,
- struct rpc_caller *storage_provider,
+ struct rpc_caller *storage_caller,
int trng_instance);
/*
diff --git a/components/service/locator/standalone/services/crypto/crypto_service_context.cpp b/components/service/locator/standalone/services/crypto/crypto_service_context.cpp
index 7a49d26..07829e2 100644
--- a/components/service/locator/standalone/services/crypto/crypto_service_context.cpp
+++ b/components/service/locator/standalone/services/crypto/crypto_service_context.cpp
@@ -7,6 +7,7 @@
#include "crypto_service_context.h"
#include <service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.h>
#include <service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.h>
+#include <service/secure_storage/backend/secure_flash_store/secure_flash_store.h>
crypto_service_context::crypto_service_context(const char *sn) :
standalone_service_context(sn),
@@ -24,7 +25,9 @@ crypto_service_context::~crypto_service_context()
void crypto_service_context::do_init()
{
- struct rpc_interface *storage_ep = sfs_provider_init(&m_storage_provider);
+ struct storage_backend *storage_backend = sfs_init();
+ struct rpc_interface *storage_ep = secure_storage_provider_init(&m_storage_provider,
+ storage_backend);
struct rpc_caller *storage_caller = direct_caller_init_default(&m_storage_caller,
storage_ep);
struct rpc_interface *crypto_ep = mbed_crypto_provider_init(&m_crypto_provider,
@@ -42,5 +45,6 @@ void crypto_service_context::do_init()
void crypto_service_context::do_deinit()
{
mbed_crypto_provider_deinit(&m_crypto_provider);
+ secure_storage_provider_deinit(&m_storage_provider);
direct_caller_deinit(&m_storage_caller);
}
diff --git a/components/service/locator/standalone/services/crypto/crypto_service_context.h b/components/service/locator/standalone/services/crypto/crypto_service_context.h
index 44d5f99..84360ba 100644
--- a/components/service/locator/standalone/services/crypto/crypto_service_context.h
+++ b/components/service/locator/standalone/services/crypto/crypto_service_context.h
@@ -10,7 +10,7 @@
#include <service/locator/standalone/standalone_service_context.h>
#include <rpc/direct/direct_caller.h>
#include <service/crypto/provider/mbedcrypto/crypto_provider.h>
-#include <service/secure_storage/provider/secure_flash_store/sfs_provider.h>
+#include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
class crypto_service_context : public standalone_service_context
{
@@ -24,7 +24,7 @@ private:
void do_deinit();
struct mbed_crypto_provider m_crypto_provider;
- struct sfs_provider m_storage_provider;
+ struct secure_storage_provider m_storage_provider;
struct direct_caller m_storage_caller;
};
diff --git a/components/service/secure_storage/provider/mock_store/component.cmake b/components/service/secure_storage/backend/mock_store/component.cmake
index 7e05763..984feaa 100644
--- a/components/service/secure_storage/provider/mock_store/component.cmake
+++ b/components/service/secure_storage/backend/mock_store/component.cmake
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -9,6 +9,6 @@ if (NOT DEFINED TGT)
endif()
target_sources(${TGT} PRIVATE
- "${CMAKE_CURRENT_LIST_DIR}/mock_store_provider.c"
+ "${CMAKE_CURRENT_LIST_DIR}/mock_store.c"
)
diff --git a/components/service/secure_storage/backend/mock_store/mock_store.c b/components/service/secure_storage/backend/mock_store/mock_store.c
new file mode 100644
index 0000000..a3a2d94
--- /dev/null
+++ b/components/service/secure_storage/backend/mock_store/mock_store.c
@@ -0,0 +1,207 @@
+/*
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include "mock_store.h"
+#include <protocols/service/psa/packed-c/status.h>
+#include <stdlib.h>
+#include <string.h>
+
+static struct mock_store_slot *find_slot(struct mock_store *context, uint32_t id);
+static struct mock_store_slot *find_empty_slot(struct mock_store *context);
+static void free_slot(struct mock_store_slot *slot);
+
+
+static psa_status_t mock_store_set(void *context,
+ uint32_t client_id,
+ uint64_t uid,
+ size_t data_length,
+ const void *p_data,
+ uint32_t create_flags)
+{
+ psa_status_t psa_status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ struct mock_store *this_context = (struct mock_store*)context;
+
+ /* Replace existing or add new item */
+ struct mock_store_slot *slot = find_slot(this_context, uid);
+ if (slot) free_slot(slot);
+ else slot = find_empty_slot(this_context);
+
+ if (slot) {
+ slot->id = uid;
+ slot->flags = create_flags;
+ slot->len = data_length;
+ slot->item = malloc(slot->len);
+ if (slot->item) {
+ memcpy(slot->item, p_data, slot->len);
+ psa_status = PSA_SUCCESS;
+ }
+ }
+
+ return psa_status;
+}
+
+static psa_status_t mock_store_get(void *context,
+ uint32_t client_id,
+ uint64_t uid,
+ size_t data_offset,
+ size_t data_size,
+ void *p_data,
+ size_t *p_data_length)
+{
+ psa_status_t psa_status = PSA_ERROR_DOES_NOT_EXIST;
+ struct mock_store *this_context = (struct mock_store*)context;
+
+ /* Find the item */
+ struct mock_store_slot *slot = find_slot(this_context, uid);
+
+ if (slot && (slot->len <= data_size)) {
+ memcpy(p_data, slot->item, slot->len);
+ *p_data_length = slot->len;
+ psa_status = PSA_SUCCESS;
+ }
+
+ return psa_status;
+}
+
+static psa_status_t mock_store_get_info(void *context,
+ uint32_t client_id,
+ uint64_t uid,
+ struct psa_storage_info_t *p_info)
+{
+ psa_status_t psa_status = PSA_ERROR_DOES_NOT_EXIST;
+ struct mock_store *this_context = (struct mock_store*)context;
+
+ /* Find item to get info about */
+ struct mock_store_slot *slot = find_slot(this_context, uid);
+
+ if (slot) {
+ p_info->capacity = slot->len;
+ p_info->size = slot->len;
+ p_info->flags = slot->flags;
+ psa_status = PSA_SUCCESS;
+ }
+ else {
+ p_info->capacity = 0;
+ p_info->size = 0;
+ p_info->flags = 0;
+ }
+
+ return psa_status;
+}
+
+static psa_status_t mock_store_remove(void *context,
+ uint32_t client_id,
+ uint64_t uid)
+{
+ psa_status_t psa_status = PSA_ERROR_DOES_NOT_EXIST;
+ struct mock_store *this_context = (struct mock_store*)context;
+
+ /* Find and remove the item */
+ struct mock_store_slot *slot = find_slot(this_context, uid);
+
+ if (slot) {
+ free_slot(slot);
+ psa_status = PSA_SUCCESS;
+ }
+
+ return psa_status;
+}
+
+struct storage_backend *mock_store_init(struct mock_store *context)
+{
+ for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) {
+
+ context->slots[i].len = 0;
+ context->slots[i].flags = 0;
+ context->slots[i].id = (uint32_t)(-1);
+ context->slots[i].item = NULL;
+ }
+
+ static const struct storage_backend_interface interface =
+ {
+ mock_store_set,
+ mock_store_get,
+ mock_store_get_info,
+ mock_store_remove
+ };
+
+ context->backend.context = context;
+ context->backend.interface = &interface;
+
+ return &context->backend;
+}
+
+void mock_store_deinit(struct mock_store *context)
+{
+ mock_store_reset(context);
+}
+
+void mock_store_reset(struct mock_store *context)
+{
+ for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i)
+ free_slot(&context->slots[i]);
+}
+
+bool mock_store_exists(const struct mock_store *context, uint32_t id)
+{
+ bool exists = false;
+
+ for (int i = 0; !exists && i < MOCK_STORE_NUM_SLOTS; ++i) {
+ exists = context->slots[i].item && (context->slots[i].id == id);
+ }
+
+ return exists;
+}
+
+size_t mock_store_num_items(const struct mock_store *context)
+{
+ size_t count = 0;
+
+ for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) {
+ if (context->slots[i].item) ++count;
+ }
+
+ return count;
+}
+
+static struct mock_store_slot *find_slot(struct mock_store *context, uint32_t id)
+{
+ struct mock_store_slot *slot = NULL;
+
+ for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) {
+ if (context->slots[i].item && (context->slots[i].id == id)) {
+ slot = &context->slots[i];
+ break;
+ }
+ }
+
+ return slot;
+}
+
+static struct mock_store_slot *find_empty_slot(struct mock_store *context)
+{
+ struct mock_store_slot *slot = NULL;
+
+ for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) {
+ if (!context->slots[i].item) {
+ slot = &context->slots[i];
+ break;
+ }
+ }
+
+ return slot;
+}
+
+static void free_slot(struct mock_store_slot *slot)
+{
+ if (slot->item) {
+ free(slot->item);
+ slot->len = 0;
+ slot->flags = 0;
+ slot->id = (uint32_t)(-1);
+ slot->item = NULL;
+ }
+} \ No newline at end of file
diff --git a/components/service/secure_storage/backend/mock_store/mock_store.h b/components/service/secure_storage/backend/mock_store/mock_store.h
new file mode 100644
index 0000000..787e6bc
--- /dev/null
+++ b/components/service/secure_storage/backend/mock_store/mock_store.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef MOCK_STORE_H
+#define MOCK_STORE_H
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <service/secure_storage/backend/storage_backend.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define MOCK_STORE_NUM_SLOTS (100)
+
+struct mock_store_slot
+{
+ uint64_t id;
+ uint32_t flags;
+ size_t len;
+ uint8_t *item;
+};
+
+struct mock_store
+{
+ struct storage_backend backend;
+ struct mock_store_slot slots[MOCK_STORE_NUM_SLOTS];
+};
+
+struct storage_backend *mock_store_init(struct mock_store *context);
+void mock_store_deinit(struct mock_store *context);
+
+/* Test support methods */
+void mock_store_reset(struct mock_store *context);
+bool mock_store_exists(const struct mock_store *context, uint32_t id);
+size_t mock_store_num_items(const struct mock_store *context);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* MOCK_STORE_H */
diff --git a/components/service/secure_storage/provider/secure_flash_store/component.cmake b/components/service/secure_storage/backend/secure_flash_store/component.cmake
index 2e31c20..67dbcac 100644
--- a/components/service/secure_storage/provider/secure_flash_store/component.cmake
+++ b/components/service/secure_storage/backend/secure_flash_store/component.cmake
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -10,7 +10,6 @@ endif()
target_sources(${TGT} PRIVATE
"${CMAKE_CURRENT_LIST_DIR}/secure_flash_store.c"
- "${CMAKE_CURRENT_LIST_DIR}/sfs_provider.c"
"${CMAKE_CURRENT_LIST_DIR}/sfs_utils.c"
)
diff --git a/components/service/secure_storage/provider/secure_flash_store/flash/component.cmake b/components/service/secure_storage/backend/secure_flash_store/flash/component.cmake
index a2f34e7..a2f34e7 100644
--- a/components/service/secure_storage/provider/secure_flash_store/flash/component.cmake
+++ b/components/service/secure_storage/backend/secure_flash_store/flash/component.cmake
diff --git a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash.c b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash.c
index fce7968..fce7968 100644
--- a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash.c
+++ b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash.c
diff --git a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash.h b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash.h
index 18361f2..18361f2 100644
--- a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash.h
+++ b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash.h
diff --git a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash_info.c b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash_info.c
index 7dfe803..7dfe803 100644
--- a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash_info.c
+++ b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash_info.c
diff --git a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash_ram.c b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash_ram.c
index e4af6e6..e4af6e6 100644
--- a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash_ram.c
+++ b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash_ram.c
diff --git a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash_ram.h b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash_ram.h
index eecc5e5..eecc5e5 100644
--- a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash_ram.h
+++ b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash_ram.h
diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/component.cmake b/components/service/secure_storage/backend/secure_flash_store/flash_fs/component.cmake
index a482703..a482703 100644
--- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/component.cmake
+++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/component.cmake
diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs.c b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs.c
index 4747e99..4747e99 100644
--- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs.c
+++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs.c
diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs.h b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs.h
index 704c793..704c793 100644
--- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs.h
+++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs.h
diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_check_info.h b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_check_info.h
index 2ca2f10..2ca2f10 100644
--- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_check_info.h
+++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_check_info.h
diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_dblock.c b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_dblock.c
index 36dc33a..36dc33a 100644
--- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_dblock.c
+++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_dblock.c
diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_dblock.h b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_dblock.h
index 0fc9d50..0fc9d50 100644
--- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_dblock.h
+++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_dblock.h
diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_mblock.c b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_mblock.c
index cb435cf..cb435cf 100644
--- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_mblock.c
+++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_mblock.c
diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_mblock.h b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_mblock.h
index d13a5b0..d13a5b0 100644
--- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_mblock.h
+++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_mblock.h
diff --git a/components/service/secure_storage/provider/secure_flash_store/secure_flash_store.c b/components/service/secure_storage/backend/secure_flash_store/secure_flash_store.c
index a9f85bd..69796cf 100644
--- a/components/service/secure_storage/provider/secure_flash_store/secure_flash_store.c
+++ b/components/service/secure_storage/backend/secure_flash_store/secure_flash_store.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -10,6 +10,7 @@
#include "sfs_utils.h"
#include "secure_flash_store.h"
#include <string.h>
+#include <stddef.h>
#define SFS_MAX_ASSET_SIZE (4096) /* TODO: comes from flash layout */
#define SFS_CREATE_FLASH_LAYOUT /* TODO: move this to a proper place */
@@ -50,45 +51,8 @@ static void sfs_get_fid(uint32_t client_id,
memcpy(fid + sizeof(client_id), (const void *)&uid, sizeof(uid));
}
-psa_status_t sfs_init(void)
-{
- psa_status_t status;
-
- /* Initialise the SFS context */
- status = sfs_flash_fs_prepare(&fs_ctx_sfs,
- sfs_flash_get_info());
-#ifdef SFS_CREATE_FLASH_LAYOUT
- /* If SFS_CREATE_FLASH_LAYOUT is set, it indicates that it is required to
- * create a SFS flash layout. SFS service will generate an empty and valid
- * SFS flash layout to store assets. It will erase all data located in the
- * assigned SFS memory area before generating the SFS layout.
- * This flag is required to be set if the SFS memory area is located in
- * non-persistent memory.
- * This flag can be set if the SFS memory area is located in persistent
- * memory without a previous valid SFS flash layout in it. That is the case
- * when it is the first time in the device life that the SFS service is
- * executed.
- */
- if (status != PSA_SUCCESS) {
- /* Remove all data in the SFS memory area and create a valid SFS flash
- * layout in that area.
- */
- status = sfs_flash_fs_wipe_all(&fs_ctx_sfs);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- /* Attempt to initialise again */
- status = sfs_flash_fs_prepare(&fs_ctx_sfs,
- sfs_flash_get_info());
- }
-#endif /* SFS_CREATE_FLASH_LAYOUT */
-
-
- return status;
-}
-
-psa_status_t sfs_set(uint32_t client_id,
+static psa_status_t sfs_set(void *context,
+ uint32_t client_id,
uint64_t uid,
size_t data_length,
const void *p_data,
@@ -97,9 +61,7 @@ psa_status_t sfs_set(uint32_t client_id,
psa_status_t status;
size_t write_size;
size_t offset;
- const uint8_t *data = p_data;
-
- data = (const uint8_t *)p_data;
+ const uint8_t *data = (const uint8_t *)p_data;
/* Check that the UID is valid */
if (uid == SFS_INVALID_UID) {
@@ -107,9 +69,9 @@ psa_status_t sfs_set(uint32_t client_id,
}
/* Check that the create_flags does not contain any unsupported flags */
- if (create_flags & ~(TS_SECURE_STORAGE_FLAG_WRITE_ONCE |
- TS_SECURE_STORAGE_FLAG_NO_CONFIDENTIALITY |
- TS_SECURE_STORAGE_FLAG_NO_REPLAY_PROTECTION)) {
+ if (create_flags & ~(PSA_STORAGE_FLAG_WRITE_ONCE |
+ PSA_STORAGE_FLAG_NO_CONFIDENTIALITY |
+ PSA_STORAGE_FLAG_NO_REPLAY_PROTECTION)) {
return PSA_ERROR_NOT_SUPPORTED;
}
@@ -122,7 +84,7 @@ psa_status_t sfs_set(uint32_t client_id,
/* If the object exists and has the write once flag set, then it
* cannot be modified. Otherwise it needs to be removed.
*/
- if (g_file_info.flags & TS_SECURE_STORAGE_FLAG_WRITE_ONCE) {
+ if (g_file_info.flags & PSA_STORAGE_FLAG_WRITE_ONCE) {
return PSA_ERROR_NOT_PERMITTED;
} else {
status = sfs_flash_fs_file_delete(&fs_ctx_sfs, g_fid);
@@ -181,7 +143,8 @@ psa_status_t sfs_set(uint32_t client_id,
return PSA_SUCCESS;
}
-psa_status_t sfs_get(uint32_t client_id,
+static psa_status_t sfs_get(void *context,
+ uint32_t client_id,
uint64_t uid,
size_t data_offset,
size_t data_size,
@@ -246,8 +209,8 @@ psa_status_t sfs_get(uint32_t client_id,
return PSA_SUCCESS;
}
-psa_status_t sfs_get_info(uint32_t client_id, uint64_t uid,
- struct secure_storage_response_get_info *p_info)
+static psa_status_t sfs_get_info(void *context, uint32_t client_id, uint64_t uid,
+ struct psa_storage_info_t *p_info)
{
psa_status_t status;
@@ -273,7 +236,7 @@ psa_status_t sfs_get_info(uint32_t client_id, uint64_t uid,
return PSA_SUCCESS;
}
-psa_status_t sfs_remove(uint32_t client_id, uint64_t uid)
+static psa_status_t sfs_remove(void *context, uint32_t client_id, uint64_t uid)
{
psa_status_t status;
@@ -293,10 +256,64 @@ psa_status_t sfs_remove(uint32_t client_id, uint64_t uid)
/* If the object exists and has the write once flag set, then it
* cannot be deleted.
*/
- if (g_file_info.flags & TS_SECURE_STORAGE_FLAG_WRITE_ONCE) {
+ if (g_file_info.flags & PSA_STORAGE_FLAG_WRITE_ONCE) {
return PSA_ERROR_NOT_PERMITTED;
}
/* Delete old file from the persistent area */
return sfs_flash_fs_file_delete(&fs_ctx_sfs, g_fid);
}
+
+struct storage_backend *sfs_init(void)
+{
+ psa_status_t status;
+
+ /* Initialise the SFS context */
+ status = sfs_flash_fs_prepare(&fs_ctx_sfs,
+ sfs_flash_get_info());
+#ifdef SFS_CREATE_FLASH_LAYOUT
+ /* If SFS_CREATE_FLASH_LAYOUT is set, it indicates that it is required to
+ * create a SFS flash layout. SFS service will generate an empty and valid
+ * SFS flash layout to store assets. It will erase all data located in the
+ * assigned SFS memory area before generating the SFS layout.
+ * This flag is required to be set if the SFS memory area is located in
+ * non-persistent memory.
+ * This flag can be set if the SFS memory area is located in persistent
+ * memory without a previous valid SFS flash layout in it. That is the case
+ * when it is the first time in the device life that the SFS service is
+ * executed.
+ */
+ if (status != PSA_SUCCESS) {
+ /* Remove all data in the SFS memory area and create a valid SFS flash
+ * layout in that area.
+ */
+ status = sfs_flash_fs_wipe_all(&fs_ctx_sfs);
+ if (status != PSA_SUCCESS) {
+ return NULL;
+ }
+
+ /* Attempt to initialise again */
+ status = sfs_flash_fs_prepare(&fs_ctx_sfs,
+ sfs_flash_get_info());
+
+ if (status != PSA_SUCCESS) {
+ return NULL;
+ }
+ }
+#endif /* SFS_CREATE_FLASH_LAYOUT */
+
+ static const struct storage_backend_interface interface =
+ {
+ sfs_set,
+ sfs_get,
+ sfs_get_info,
+ sfs_remove
+ };
+
+ static struct storage_backend backend;
+
+ backend.context = NULL;
+ backend.interface = &interface;
+
+ return &backend;
+}
diff --git a/components/service/secure_storage/backend/secure_flash_store/secure_flash_store.h b/components/service/secure_storage/backend/secure_flash_store/secure_flash_store.h
new file mode 100644
index 0000000..ac8d9b6
--- /dev/null
+++ b/components/service/secure_storage/backend/secure_flash_store/secure_flash_store.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __SECURE_FLASH_STORE_H__
+#define __SECURE_FLASH_STORE_H__
+
+#include <service/secure_storage/backend/storage_backend.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Initializes the secure flash store backend
+ *
+ * \return Pointer to storage backend or NULL on failure
+ */
+struct storage_backend *sfs_init(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __SECURE_FLASH_STORE_H__ */
diff --git a/components/service/secure_storage/provider/secure_flash_store/sfs_utils.c b/components/service/secure_storage/backend/secure_flash_store/sfs_utils.c
index 3d16272..3d16272 100644
--- a/components/service/secure_storage/provider/secure_flash_store/sfs_utils.c
+++ b/components/service/secure_storage/backend/secure_flash_store/sfs_utils.c
diff --git a/components/service/secure_storage/provider/secure_flash_store/sfs_utils.h b/components/service/secure_storage/backend/secure_flash_store/sfs_utils.h
index 4a06d4b..4a06d4b 100644
--- a/components/service/secure_storage/provider/secure_flash_store/sfs_utils.h
+++ b/components/service/secure_storage/backend/secure_flash_store/sfs_utils.h
diff --git a/components/service/secure_storage/client/psa/component.cmake b/components/service/secure_storage/backend/secure_storage_client/component.cmake
index ae2518b..0762bf8 100644
--- a/components/service/secure_storage/client/psa/component.cmake
+++ b/components/service/secure_storage/backend/secure_storage_client/component.cmake
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -9,11 +9,6 @@ if (NOT DEFINED TGT)
endif()
target_sources(${TGT} PRIVATE
- "${CMAKE_CURRENT_LIST_DIR}/its/its_client.c"
+ "${CMAKE_CURRENT_LIST_DIR}/secure_storage_client.c"
)
-
-target_include_directories(${TGT}
- PRIVATE
- "${CMAKE_CURRENT_LIST_DIR}/.."
- )
diff --git a/components/service/secure_storage/client/psa/its/its_client.c b/components/service/secure_storage/backend/secure_storage_client/secure_storage_client.c
index 54f3efb..b2bfc56 100644
--- a/components/service/secure_storage/client/psa/its/its_client.c
+++ b/components/service/secure_storage/backend/secure_storage_client/secure_storage_client.c
@@ -1,31 +1,24 @@
/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
-#include "its_client.h"
-#include <psa/internal_trusted_storage.h>
+#include "secure_storage_client.h"
#include <protocols/service/secure_storage/packed-c/secure_storage_proto.h>
#include <protocols/rpc/common/packed-c/status.h>
-#include <assert.h>
+#include <rpc_caller.h>
#include <string.h>
-/* Variables */
-static struct rpc_caller *rpc_caller;
-psa_status_t psa_its_client_init(struct rpc_caller *caller)
-{
- rpc_caller = caller;
-
- return PSA_SUCCESS;
-}
-
-psa_status_t psa_its_set(psa_storage_uid_t uid,
+static psa_status_t secure_storage_client_set(void *context,
+ uint32_t client_id,
+ psa_storage_uid_t uid,
size_t data_length,
const void *p_data,
psa_storage_create_flags_t create_flags)
{
+ struct secure_storage_client *this_context = (struct secure_storage_client*)context;
uint8_t *request;
uint8_t *response;
size_t request_length = 0;
@@ -45,7 +38,7 @@ psa_status_t psa_its_set(psa_storage_uid_t uid,
return PSA_ERROR_INVALID_ARGUMENT;
}
- handle = rpc_caller_begin(rpc_caller, &request, request_length);
+ handle = rpc_caller_begin(this_context->rpc_caller, &request, request_length);
if (handle) {
/* Populating request descriptor */
@@ -55,7 +48,8 @@ psa_status_t psa_its_set(psa_storage_uid_t uid,
request_desc->create_flags = create_flags;
memcpy(&request_desc->p_data, p_data, data_length);
- rpc_status = rpc_caller_invoke(rpc_caller, handle, TS_SECURE_STORAGE_OPCODE_SET,
+ rpc_status = rpc_caller_invoke(this_context->rpc_caller, handle,
+ TS_SECURE_STORAGE_OPCODE_SET,
(uint32_t *)&psa_status, &response,
&response_length);
@@ -64,7 +58,7 @@ psa_status_t psa_its_set(psa_storage_uid_t uid,
psa_status = PSA_ERROR_GENERIC_ERROR;
}
- rpc_caller_end(rpc_caller, handle);
+ rpc_caller_end(this_context->rpc_caller, handle);
}
else {
psa_status = PSA_ERROR_GENERIC_ERROR;
@@ -73,12 +67,15 @@ psa_status_t psa_its_set(psa_storage_uid_t uid,
return psa_status;
}
-psa_status_t psa_its_get(psa_storage_uid_t uid,
+static psa_status_t secure_storage_client_get(void *context,
+ uint32_t client_id,
+ psa_storage_uid_t uid,
size_t data_offset,
size_t data_size,
void *p_data,
size_t *p_data_length)
{
+ struct secure_storage_client *this_context = (struct secure_storage_client*)context;
uint8_t *request;
uint8_t *response;
size_t response_length = 0;
@@ -91,7 +88,7 @@ psa_status_t psa_its_get(psa_storage_uid_t uid,
if (p_data == NULL)
return PSA_ERROR_INVALID_ARGUMENT;
- handle = rpc_caller_begin(rpc_caller, &request, sizeof(*request_desc));
+ handle = rpc_caller_begin(this_context->rpc_caller, &request, sizeof(*request_desc));
if (handle) {
/* Populating request descriptor */
@@ -100,7 +97,8 @@ psa_status_t psa_its_get(psa_storage_uid_t uid,
request_desc->data_offset = data_offset;
request_desc->data_size = data_size;
- rpc_status = rpc_caller_invoke(rpc_caller, handle, TS_SECURE_STORAGE_OPCODE_GET,
+ rpc_status = rpc_caller_invoke(this_context->rpc_caller, handle,
+ TS_SECURE_STORAGE_OPCODE_GET,
(uint32_t *)&psa_status, &response,
&response_length);
@@ -115,7 +113,7 @@ psa_status_t psa_its_get(psa_storage_uid_t uid,
memcpy(p_data, response, *p_data_length);
}
- rpc_caller_end(rpc_caller, handle);
+ rpc_caller_end(this_context->rpc_caller, handle);
}
else {
psa_status = PSA_ERROR_GENERIC_ERROR;
@@ -124,9 +122,12 @@ psa_status_t psa_its_get(psa_storage_uid_t uid,
return psa_status;
}
-psa_status_t psa_its_get_info(psa_storage_uid_t uid,
- struct psa_storage_info_t *p_info)
+static psa_status_t secure_storage_client_get_info(void *context,
+ uint32_t client_id,
+ psa_storage_uid_t uid,
+ struct psa_storage_info_t *p_info)
{
+ struct secure_storage_client *this_context = (struct secure_storage_client*)context;
uint8_t *request;
uint8_t *response;
size_t response_length = 0;
@@ -140,14 +141,14 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid,
if (p_info == NULL)
return PSA_ERROR_INVALID_ARGUMENT;
- handle = rpc_caller_begin(rpc_caller, &request, sizeof(*request_desc));
+ handle = rpc_caller_begin(this_context->rpc_caller, &request, sizeof(*request_desc));
if (handle) {
/* Populating request descriptor */
request_desc = (struct secure_storage_request_get_info *)request;
request_desc->uid = uid;
- rpc_status = rpc_caller_invoke(rpc_caller, handle,
+ rpc_status = rpc_caller_invoke(this_context->rpc_caller, handle,
TS_SECURE_STORAGE_OPCODE_GET_INFO,
(uint32_t *)&psa_status, &response,
&response_length);
@@ -170,7 +171,7 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid,
p_info->flags = PSA_STORAGE_FLAG_NONE;
}
- rpc_caller_end(rpc_caller, handle);
+ rpc_caller_end(this_context->rpc_caller, handle);
}
else {
psa_status = PSA_ERROR_GENERIC_ERROR;
@@ -179,8 +180,11 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid,
return psa_status;
}
-psa_status_t psa_its_remove(psa_storage_uid_t uid)
+static psa_status_t secure_storage_client_remove(void *context,
+ uint32_t client_id,
+ psa_storage_uid_t uid)
{
+ struct secure_storage_client *this_context = (struct secure_storage_client*)context;
uint8_t *request;
uint8_t *response;
size_t response_length = 0;
@@ -189,14 +193,15 @@ psa_status_t psa_its_remove(psa_storage_uid_t uid)
rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED;
psa_status_t psa_status = PSA_SUCCESS;
- handle = rpc_caller_begin(rpc_caller, &request, sizeof(*request_desc));
+ handle = rpc_caller_begin(this_context->rpc_caller, &request, sizeof(*request_desc));
if (handle) {
/* Populating request descriptor */
request_desc = (struct secure_storage_request_remove *)request;
request_desc->uid = uid;
- rpc_status = rpc_caller_invoke(rpc_caller, handle, TS_SECURE_STORAGE_OPCODE_REMOVE,
+ rpc_status = rpc_caller_invoke(this_context->rpc_caller, handle,
+ TS_SECURE_STORAGE_OPCODE_REMOVE,
(uint32_t *)&psa_status, &response,
&response_length);
@@ -205,7 +210,7 @@ psa_status_t psa_its_remove(psa_storage_uid_t uid)
psa_status = PSA_ERROR_GENERIC_ERROR;
}
- rpc_caller_end(rpc_caller, handle);
+ rpc_caller_end(this_context->rpc_caller, handle);
}
else {
psa_status = PSA_ERROR_GENERIC_ERROR;
@@ -213,3 +218,27 @@ psa_status_t psa_its_remove(psa_storage_uid_t uid)
return psa_status;
}
+
+struct storage_backend *secure_storage_client_init(struct secure_storage_client *context,
+ struct rpc_caller *caller)
+{
+ context->rpc_caller = caller;
+
+ static const struct storage_backend_interface interface =
+ {
+ secure_storage_client_set,
+ secure_storage_client_get,
+ secure_storage_client_get_info,
+ secure_storage_client_remove
+ };
+
+ context->backend.context = context;
+ context->backend.interface = &interface;
+
+ return &context->backend;
+}
+
+void secure_storage_client_deinit(struct secure_storage_client *context)
+{
+ (void)context;
+}
diff --git a/components/service/secure_storage/backend/secure_storage_client/secure_storage_client.h b/components/service/secure_storage/backend/secure_storage_client/secure_storage_client.h
new file mode 100644
index 0000000..fa7d9e7
--- /dev/null
+++ b/components/service/secure_storage/backend/secure_storage_client/secure_storage_client.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef SECURE_STORAGE_CLIENT_H
+#define SECURE_STORAGE_CLIENT_H
+
+#include <service/secure_storage/backend/storage_backend.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Secure storage client instance
+ */
+struct secure_storage_client
+{
+ struct storage_backend backend;
+ struct rpc_caller *rpc_caller;
+};
+
+/**
+ * @brief Initialize a secure storage client
+ *
+ * A secure storage client is a storage backend that makes RPC calls
+ * to a remote secure storage provider.
+ *
+ * @param[in] context Instance data
+ * @param[in] rpc_caller RPC caller instance
+ *
+ *
+ * @return Pointer to inialized storage backend or NULL on failure
+ */
+struct storage_backend *secure_storage_client_init(struct secure_storage_client *context,
+ struct rpc_caller *caller);
+
+/**
+ * @brief Deinitialize a secure storage client
+ *
+ * @param[in] context Instance data
+ */
+void secure_storage_client_deinit(struct secure_storage_client *context);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SECURE_STORAGE_CLIENT_H */
diff --git a/components/service/secure_storage/backend/storage_backend.h b/components/service/secure_storage/backend/storage_backend.h
new file mode 100644
index 0000000..682451c
--- /dev/null
+++ b/components/service/secure_storage/backend/storage_backend.h
@@ -0,0 +1,196 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __STORAGE_BACKEND_H__
+#define __STORAGE_BACKEND_H__
+
+#include <stdint.h>
+#include <stddef.h>
+#include <psa/storage_common.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Common storage backend interface
+ *
+ * A concrete storage backend provides an implementation of this
+ * interface.
+ */
+struct storage_backend_interface
+{
+ /**
+ * \brief Create a new, or modify an existing, uid/value pair
+ *
+ * Stores data in the storage backend.
+ *
+ * \param[in] context The concrete backend context
+ * \param[in] client_id Identifier of the asset's owner (client)
+ * \param[in] uid The identifier for the data
+ * \param[in] data_length The size in bytes of the data in `p_data`
+ * \param[in] create_flags The flags that the data will be stored with
+ *
+ * \return A status indicating the success/failure of the operation
+ *
+ * \retval PSA_SUCCESS The operation completed successfully
+ * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the
+ * provided `uid` value was already
+ * created with
+ * TS_SECURE_STORAGE_FLAG_WRITE_ONCE
+ * \retval PSA_ERROR_NOT_SUPPORTED The operation failed because one or
+ * more of the flags provided in
+ * `create_flags` is not supported or is
+ * not valid
+ * \retval PSA_ERROR_INSUFFICIENT_STORAGE The operation failed because there
+ * was insufficient space on the
+ * storage medium
+ * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the
+ * physical storage has failed (Fatal
+ * error)
+ * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one
+ * of the provided pointers (`p_data`)
+ * is invalid, for example is `NULL` or
+ * references memory the caller cannot
+ * access
+ */
+ psa_status_t (*set)(void *context,
+ uint32_t client_id,
+ uint64_t uid,
+ size_t data_length,
+ const void *p_data,
+ uint32_t create_flags);
+
+ /**
+ * \brief Retrieve data associated with a provided UID
+ *
+ * Retrieves up to `data_size` bytes of the data associated with `uid`, starting
+ * at `data_offset` bytes from the beginning of the data. Upon successful
+ * completion, the data will be placed in the `p_data` buffer, which must be at
+ * least `data_size` bytes in size. The length of the data returned will be in
+ * `p_data_length`. If `data_size` is 0, the contents of `p_data_length` will
+ * be set to zero.
+ *
+ * \param[in] context The concrete backend context
+ * \param[in] client_id Identifier of the asset's owner (client)
+ * \param[in] uid The uid value
+ * \param[in] data_offset The starting offset of the data requested
+ * \param[in] data_size The amount of data requested
+ * \param[out] p_data_length On success, this will contain size of the data
+ * placed in `p_data`.
+ *
+ * \return A status indicating the success/failure of the operation
+ *
+ * \retval PSA_SUCCESS The operation completed successfully
+ * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the
+ * provided `uid` value was not found in
+ * the storage
+ * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the
+ * physical storage has failed (Fatal
+ * error)
+ * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the
+ * provided arguments (`p_data`,
+ * `p_data_length`) is invalid, for example
+ * is `NULL` or references memory the
+ * caller cannot access. In addition, this
+ * can also happen if `data_offset` is
+ * larger than the size of the data
+ * associated with `uid`.
+ */
+ psa_status_t (*get)(void *context,
+ uint32_t client_id,
+ uint64_t uid,
+ size_t data_offset,
+ size_t data_size,
+ void *p_data,
+ size_t *p_data_length);
+
+ /**
+ * \brief Retrieve the metadata about the provided uid
+ *
+ * Retrieves the metadata stored for a given `uid` as a `secure_storage_response_get_info`
+ * structure.
+ *
+ * \param[in] context The concrete backend context
+ * \param[in] client_id Identifier of the asset's owner (client)
+ * \param[in] uid The `uid` value
+ * \param[out] p_info A pointer to the `psa_storage_info_t` struct that will
+ * be populated with the metadata
+ *
+ * \return A status indicating the success/failure of the operation
+ *
+ * \retval PSA_SUCCESS The operation completed successfully
+ * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided
+ * uid value was not found in the storage
+ * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical
+ * storage has failed (Fatal error)
+ * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the
+ * provided pointers(`p_info`)
+ * is invalid, for example is `NULL` or
+ * references memory the caller cannot
+ * access
+ */
+ psa_status_t (*get_info)(void *context,
+ uint32_t client_id,
+ uint64_t uid,
+ struct psa_storage_info_t *p_info);
+
+ /**
+ * \brief Remove the specified asset from the storage
+ *
+ * Deletes the data from storage backend.
+ *
+ * \param[in] context The concrete backend context
+ * \param[in] client_id Identifier of the asset's owner (client)
+ * \param[in] uid The `uid` value
+ *
+ * \return A status indicating the success/failure of the operation
+ *
+ * \retval PSA_SUCCESS The operation completed successfully
+ * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one or more
+ * of the given arguments were invalid (null
+ * pointer, wrong flags and so on)
+ * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided
+ * uid value was not found in the storage
+ * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the provided
+ * uid value was created with
+ * TS_SECURE_STORAGE_FLAG_WRITE_ONCE
+ * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical
+ * storage has failed (Fatal error)
+ */
+ psa_status_t (*remove)(void *context,
+ uint32_t client_id,
+ uint64_t uid);
+};
+
+/**
+ * \brief Common storage backend instance
+ *
+ * Used by a storage frontend to make an association with a backend.
+ */
+struct storage_backend
+{
+ /**
+ * \brief The backend context
+ *
+ * Points to bandend specific instance data.
+ */
+ void *context;
+
+ /**
+ * \brief The backend interface
+ *
+ * A concrete backend provides an implementation of this interface.
+ */
+ const struct storage_backend_interface *interface;
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __STORAGE_BACKEND_H__ */
diff --git a/components/service/secure_storage/client/psa/its/its_client.h b/components/service/secure_storage/client/psa/its/its_client.h
deleted file mode 100644
index b8b7209..0000000
--- a/components/service/secure_storage/client/psa/its/its_client.h
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef PSA_ITS_CLIENT_H
-#define PSA_ITS_CLIENT_H
-
-#include <psa/error.h>
-#include <rpc_caller.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * @brief Assignes a concrete rpc caller to the ITS library and initialises
- * the library state.
- *
- * @param[in] rpc_caller RPC caller instance
- *
- * @return A status indicating the success/failure of the operation
- */
-psa_status_t psa_its_client_init(struct rpc_caller *caller);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* PSA_ITS_CLIENT_H */
diff --git a/components/service/secure_storage/frontend/psa/its/component.cmake b/components/service/secure_storage/frontend/psa/its/component.cmake
new file mode 100644
index 0000000..483da9d
--- /dev/null
+++ b/components/service/secure_storage/frontend/psa/its/component.cmake
@@ -0,0 +1,13 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/its_frontend.c"
+ )
diff --git a/components/service/secure_storage/frontend/psa/its/its_frontend.c b/components/service/secure_storage/frontend/psa/its/its_frontend.c
new file mode 100644
index 0000000..5b45350
--- /dev/null
+++ b/components/service/secure_storage/frontend/psa/its/its_frontend.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include "its_frontend.h"
+#include <psa/internal_trusted_storage.h>
+
+
+/* Singleton instance data */
+static struct psa_its_frontend
+{
+ struct storage_backend *backend;
+ uint32_t client_id;
+} instance;
+
+psa_status_t psa_its_frontend_init(struct storage_backend *backend)
+{
+ instance.backend = backend;
+ instance.client_id = 0;
+
+ return PSA_SUCCESS;
+}
+
+psa_status_t psa_its_set(psa_storage_uid_t uid,
+ size_t data_length,
+ const void *p_data,
+ psa_storage_create_flags_t create_flags)
+{
+ return instance.backend->interface->set(
+ instance.backend->context,
+ instance.client_id,
+ uid,
+ data_length,
+ p_data,
+ create_flags);
+}
+
+psa_status_t psa_its_get(psa_storage_uid_t uid,
+ size_t data_offset,
+ size_t data_size,
+ void *p_data,
+ size_t *p_data_length)
+{
+ return instance.backend->interface->get(
+ instance.backend->context,
+ instance.client_id,
+ uid,
+ data_offset,
+ data_size,
+ p_data,
+ p_data_length);
+}
+
+psa_status_t psa_its_get_info(psa_storage_uid_t uid,
+ struct psa_storage_info_t *p_info)
+{
+ return instance.backend->interface->get_info(
+ instance.backend->context,
+ instance.client_id,
+ uid,
+ p_info);
+}
+
+psa_status_t psa_its_remove(psa_storage_uid_t uid)
+{
+ return instance.backend->interface->remove(
+ instance.backend->context,
+ instance.client_id,
+ uid);
+}
diff --git a/components/service/secure_storage/frontend/psa/its/its_frontend.h b/components/service/secure_storage/frontend/psa/its/its_frontend.h
new file mode 100644
index 0000000..c8da580
--- /dev/null
+++ b/components/service/secure_storage/frontend/psa/its/its_frontend.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef PSA_ITS_FRONTEND_H
+#define PSA_ITS_FRONTEND_H
+
+#include <psa/error.h>
+#include <service/secure_storage/backend/storage_backend.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Assignes a concrete rpc caller to the ITS frontend and initialises
+ * the singleton ITS frontend instance
+ *
+ * Provides an implementation of the PSA ITS API as a storage frontend. Any
+ * suitable storage backend may be used.
+ *
+ * @param[in] backend Storage backend to use
+ *
+ * @return A status indicating the success/failure of the operation
+ */
+psa_status_t psa_its_frontend_init(struct storage_backend *backend);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PSA_ITS_FRONTEND_H */
diff --git a/components/service/secure_storage/frontend/secure_storage_provider/component.cmake b/components/service/secure_storage/frontend/secure_storage_provider/component.cmake
new file mode 100644
index 0000000..d60a040
--- /dev/null
+++ b/components/service/secure_storage/frontend/secure_storage_provider/component.cmake
@@ -0,0 +1,13 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/secure_storage_provider.c"
+ )
diff --git a/components/service/secure_storage/provider/secure_flash_store/sfs_provider.c b/components/service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.c
index 76b6cba..11d61e8 100644
--- a/components/service/secure_storage/provider/secure_flash_store/sfs_provider.c
+++ b/components/service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.c
@@ -4,44 +4,16 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
-#include "sfs_provider.h"
-#include "secure_flash_store.h"
+#include "secure_storage_provider.h"
#include <protocols/service/secure_storage/packed-c/secure_storage_proto.h>
#include <protocols/service/psa/packed-c/status.h>
#include <protocols/rpc/common/packed-c/status.h>
#include <components/rpc/common/endpoint/rpc_interface.h>
-#include <stdio.h>
-/* Handler mapping table for service */
-static const struct service_handler handler_table[] = {
- {TS_SECURE_STORAGE_OPCODE_SET, sfs_set_handler},
- {TS_SECURE_STORAGE_OPCODE_GET, sfs_get_handler},
- {TS_SECURE_STORAGE_OPCODE_GET_INFO, sfs_get_info_handler},
- {TS_SECURE_STORAGE_OPCODE_REMOVE, sfs_remove_handler}
-};
-
-struct rpc_interface *sfs_provider_init(struct sfs_provider *context)
-{
- struct rpc_interface *rpc_interface = NULL;
-
- if (context == NULL)
- goto out;
-
- if (sfs_init() != PSA_SUCCESS)
- goto out;
-
- service_provider_init(&context->base_provider, context, handler_table,
- sizeof(handler_table) / sizeof(handler_table[0]));
-
- rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
-
-out:
- return rpc_interface;
-}
-
-rpc_status_t sfs_set_handler(void *context, struct call_req *req)
+static rpc_status_t set_handler(void *context, struct call_req *req)
{
+ struct secure_storage_provider *this_context = (struct secure_storage_provider*)context;
struct secure_storage_request_set *request_desc;
psa_status_t psa_status;
@@ -59,17 +31,20 @@ rpc_status_t sfs_set_handler(void *context, struct call_req *req)
if (req->req_buf.data_len < sizeof(struct secure_storage_request_set) + request_desc->data_length)
return TS_RPC_ERROR_INVALID_REQ_BODY;
- psa_status = sfs_set(req->caller_id, request_desc->uid,
- request_desc->data_length,
- request_desc->p_data,
- request_desc->create_flags);
+ psa_status = this_context->backend->interface->set(this_context->backend->context,
+ req->caller_id,
+ request_desc->uid,
+ request_desc->data_length,
+ request_desc->p_data,
+ request_desc->create_flags);
call_req_set_opstatus(req, psa_status);
return TS_RPC_CALL_ACCEPTED;
}
-rpc_status_t sfs_get_handler(void *context, struct call_req *req)
+static rpc_status_t get_handler(void *context, struct call_req *req)
{
+ struct secure_storage_provider *this_context = (struct secure_storage_provider*)context;
struct secure_storage_request_get *request_desc;
psa_status_t psa_status;
@@ -83,20 +58,22 @@ rpc_status_t sfs_get_handler(void *context, struct call_req *req)
if (req->resp_buf.size < request_desc->data_size)
return TS_RPC_ERROR_INVALID_RESP_BODY;
- psa_status = sfs_get(req->caller_id, request_desc->uid,
- request_desc->data_offset,
- request_desc->data_size,
- req->resp_buf.data, &req->resp_buf.data_len);
+ psa_status = this_context->backend->interface->get(this_context->backend->context,
+ req->caller_id, request_desc->uid,
+ request_desc->data_offset,
+ request_desc->data_size,
+ req->resp_buf.data, &req->resp_buf.data_len);
call_req_set_opstatus(req, psa_status);
return TS_RPC_CALL_ACCEPTED;
}
-rpc_status_t sfs_get_info_handler(void *context, struct call_req *req)
+static rpc_status_t get_info_handler(void *context, struct call_req *req)
{
+ struct secure_storage_provider *this_context = (struct secure_storage_provider*)context;
struct secure_storage_request_get_info *request_desc;
struct secure_storage_response_get_info *response_desc;
- struct secure_storage_response_get_info storage_info; //TODO: unnecessary?
+ struct psa_storage_info_t storage_info;
psa_status_t psa_status;
/* Checking if the descriptor fits into the request buffer */
@@ -111,7 +88,10 @@ rpc_status_t sfs_get_info_handler(void *context, struct call_req *req)
response_desc = (struct secure_storage_response_get_info *)(req->resp_buf.data);
- psa_status = sfs_get_info(req->caller_id, request_desc->uid, &storage_info);
+ psa_status = this_context->backend->interface->get_info(this_context->backend->context,
+ req->caller_id,
+ request_desc->uid,
+ &storage_info);
call_req_set_opstatus(req, psa_status);
if (psa_status != PSA_SUCCESS) {
@@ -128,8 +108,9 @@ rpc_status_t sfs_get_info_handler(void *context, struct call_req *req)
return TS_RPC_CALL_ACCEPTED;
}
-rpc_status_t sfs_remove_handler(void *context, struct call_req *req)
+static rpc_status_t remove_handler(void *context, struct call_req *req)
{
+ struct secure_storage_provider *this_context = (struct secure_storage_provider*)context;
struct secure_storage_request_remove *request_desc;
psa_status_t psa_status;
@@ -139,8 +120,45 @@ rpc_status_t sfs_remove_handler(void *context, struct call_req *req)
request_desc = (struct secure_storage_request_remove *)(req->req_buf.data);
- psa_status = sfs_remove(req->caller_id, request_desc->uid);
+ psa_status = this_context->backend->interface->remove(this_context->backend->context,
+ req->caller_id,
+ request_desc->uid);
call_req_set_opstatus(req, psa_status);
return TS_RPC_CALL_ACCEPTED;
}
+
+/* Handler mapping table for service */
+static const struct service_handler handler_table[] = {
+ {TS_SECURE_STORAGE_OPCODE_SET, set_handler},
+ {TS_SECURE_STORAGE_OPCODE_GET, get_handler},
+ {TS_SECURE_STORAGE_OPCODE_GET_INFO, get_info_handler},
+ {TS_SECURE_STORAGE_OPCODE_REMOVE, remove_handler}
+};
+
+struct rpc_interface *secure_storage_provider_init(struct secure_storage_provider *context,
+ struct storage_backend *backend)
+{
+ struct rpc_interface *rpc_interface = NULL;
+
+ if (context == NULL)
+ goto out;
+
+ if (backend == NULL)
+ goto out;
+
+ service_provider_init(&context->base_provider, context, handler_table,
+ sizeof(handler_table) / sizeof(handler_table[0]));
+
+ rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
+
+ context->backend = backend;
+
+out:
+ return rpc_interface;
+}
+
+void secure_storage_provider_deinit(struct secure_storage_provider *context)
+{
+ (void)context;
+}
diff --git a/components/service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h b/components/service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h
new file mode 100644
index 0000000..65e49da
--- /dev/null
+++ b/components/service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef SECURE_STORAGE_PROVIDER_H
+#define SECURE_STORAGE_PROVIDER_H
+
+#include <service/common/provider/service_provider.h>
+#include <service/secure_storage/backend/storage_backend.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief A secure storage service provider
+ *
+ * Implements an RPC interface that realizes the secure storage service.
+ * Acts as a storage frontend that may be paired with any storage backend.
+ */
+struct secure_storage_provider {
+ struct service_provider base_provider;
+ struct storage_backend *backend;
+};
+
+struct rpc_interface *secure_storage_provider_init(struct secure_storage_provider *context,
+ struct storage_backend *backend);
+
+void secure_storage_provider_deinit(struct secure_storage_provider *context);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SECURE_STORAGE_PROVIDER_H */
diff --git a/components/service/secure_storage/provider/mock_store/mock_store_provider.c b/components/service/secure_storage/provider/mock_store/mock_store_provider.c
deleted file mode 100644
index b5eda2c..0000000
--- a/components/service/secure_storage/provider/mock_store/mock_store_provider.c
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include "mock_store_provider.h"
-#include <protocols/service/secure_storage/packed-c/secure_storage_proto.h>
-#include <protocols/rpc/common/packed-c/status.h>
-#include <protocols/service/psa/packed-c/status.h>
-#include <stdlib.h>
-#include <string.h>
-
-static struct mock_store_slot *find_slot(struct mock_store_provider *context, uint32_t id);
-static struct mock_store_slot *find_empty_slot(struct mock_store_provider *context);
-static void free_slot(struct mock_store_slot *slot);
-static rpc_status_t set_handler(void *context, struct call_req* req);
-static rpc_status_t get_handler(void *context, struct call_req* req);
-static rpc_status_t get_info_handler(void *context, struct call_req* req);
-static rpc_status_t remove_handler(void *context, struct call_req* req);
-
-/* Handler mapping table for service */
-static const struct service_handler handler_table[] = {
- {TS_SECURE_STORAGE_OPCODE_SET, set_handler},
- {TS_SECURE_STORAGE_OPCODE_GET, get_handler},
- {TS_SECURE_STORAGE_OPCODE_GET_INFO, get_info_handler},
- {TS_SECURE_STORAGE_OPCODE_REMOVE, remove_handler}
-};
-
-struct rpc_interface *mock_store_provider_init(struct mock_store_provider *context)
-{
- for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) {
-
- context->slots[i].len = 0;
- context->slots[i].flags = 0;
- context->slots[i].id = (uint32_t)(-1);
- context->slots[i].item = NULL;
- }
-
- service_provider_init(&context->base_provider, context,
- handler_table, sizeof(handler_table)/sizeof(struct service_handler));
-
- return service_provider_get_rpc_interface(&context->base_provider);
-}
-
-void mock_store_provider_deinit(struct mock_store_provider *context)
-{
- mock_store_reset(context);
-}
-
-void mock_store_reset(struct mock_store_provider *context)
-{
- for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i)
- free_slot(&context->slots[i]);
-}
-
-bool mock_store_exists(const struct mock_store_provider *context, uint32_t id)
-{
- bool exists = false;
-
- for (int i = 0; !exists && i < MOCK_STORE_NUM_SLOTS; ++i) {
- exists = context->slots[i].item && (context->slots[i].id == id);
- }
-
- return exists;
-}
-
-size_t mock_store_num_items(const struct mock_store_provider *context)
-{
- size_t count = 0;
-
- for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) {
- if (context->slots[i].item) ++count;
- }
-
- return count;
-}
-
-static struct mock_store_slot *find_slot(struct mock_store_provider *context, uint32_t id)
-{
- struct mock_store_slot *slot = NULL;
-
- for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) {
- if (context->slots[i].item && (context->slots[i].id == id)) {
- slot = &context->slots[i];
- break;
- }
- }
-
- return slot;
-}
-
-static struct mock_store_slot *find_empty_slot(struct mock_store_provider *context)
-{
- struct mock_store_slot *slot = NULL;
-
- for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) {
- if (!context->slots[i].item) {
- slot = &context->slots[i];
- break;
- }
- }
-
- return slot;
-}
-
-static void free_slot(struct mock_store_slot *slot)
-{
- if (slot->item) {
- free(slot->item);
- slot->len = 0;
- slot->flags = 0;
- slot->id = (uint32_t)(-1);
- slot->item = NULL;
- }
-}
-
-static rpc_status_t set_handler(void *context, struct call_req *req)
-{
- psa_status_t psa_status = PSA_ERROR_INSUFFICIENT_MEMORY;
- struct mock_store_provider *this_context = (struct mock_store_provider*)context;
- struct mock_store_slot *slot;
- struct secure_storage_request_set *request_desc;
-
- /* Checking if the descriptor fits into the request buffer */
- if (req->req_buf.data_len < sizeof(struct secure_storage_request_set))
- return TS_RPC_ERROR_INVALID_REQ_BODY;
-
- request_desc = (struct secure_storage_request_set *)(req->req_buf.data);
-
- /* Checking for overflow */
- if (sizeof(struct secure_storage_request_set) + request_desc->data_length < request_desc->data_length)
- return TS_RPC_ERROR_INVALID_REQ_BODY;
-
- /* Checking if descriptor and data fits into the request buffer */
- if (req->req_buf.data_len < sizeof(struct secure_storage_request_set) + request_desc->data_length)
- return TS_RPC_ERROR_INVALID_REQ_BODY;
-
- /* Replace existing or add new item */
- slot = find_slot(this_context, request_desc->uid);
- if (slot) free_slot(slot);
- else slot = find_empty_slot(this_context);
-
- if (slot) {
- slot->id = request_desc->uid;
- slot->flags = request_desc->create_flags;
- slot->len = request_desc->data_length;
- slot->item = malloc(slot->len);
- if (slot->item) {
- memcpy(slot->item, request_desc->p_data, slot->len);
- psa_status = PSA_SUCCESS;
- }
- }
-
- call_req_set_opstatus(req, psa_status);
-
- return TS_RPC_CALL_ACCEPTED;
-}
-
-static rpc_status_t get_handler(void *context, struct call_req *req)
-{
- struct mock_store_provider *this_context = (struct mock_store_provider*)context;
- struct secure_storage_request_get *request_desc;
- psa_status_t psa_status = PSA_ERROR_DOES_NOT_EXIST;
- struct mock_store_slot *slot;
-
- /* Checking if the descriptor fits into the request buffer */
- if (req->req_buf.data_len < sizeof(struct secure_storage_request_get))
- return TS_RPC_ERROR_INVALID_REQ_BODY;
-
- request_desc = (struct secure_storage_request_get *)(req->req_buf.data);
-
- /* Check if the requested data would fit into the response buffer. */
- if (req->resp_buf.size < request_desc->data_size)
- return TS_RPC_ERROR_INVALID_RESP_BODY;
-
- /* Find the item */
- slot = find_slot(this_context, request_desc->uid);
-
- if (slot && (slot->len <= req->resp_buf.size)) {
- memcpy(req->resp_buf.data, slot->item, slot->len);
- req->resp_buf.data_len = slot->len;
- psa_status = PSA_SUCCESS;
- }
-
- call_req_set_opstatus(req, psa_status);
-
- return TS_RPC_CALL_ACCEPTED;
-}
-
-static rpc_status_t get_info_handler(void *context, struct call_req *req)
-{
- struct mock_store_provider *this_context = (struct mock_store_provider*)context;
- struct secure_storage_request_get_info *request_desc;
- struct secure_storage_response_get_info *response_desc;
- psa_status_t psa_status;
- struct mock_store_slot *slot;
-
- /* Checking if the descriptor fits into the request buffer */
- if (req->req_buf.data_len < sizeof(struct secure_storage_request_get_info))
- return TS_RPC_ERROR_INVALID_REQ_BODY;
-
- request_desc = (struct secure_storage_request_get_info *)(req->req_buf.data);
-
- /* Checking if the response structure would fit the response buffer */
- if (req->resp_buf.size < sizeof(struct secure_storage_response_get_info))
- return TS_RPC_ERROR_INVALID_RESP_BODY;
-
- response_desc = (struct secure_storage_response_get_info *)(req->resp_buf.data);
- req->resp_buf.data_len = sizeof(struct secure_storage_response_get_info);
-
- /* Find itemto get info about */
- slot = find_slot(this_context, request_desc->uid);
-
- if (slot) {
- response_desc->capacity = slot->len;
- response_desc->size = slot->len;
- response_desc->flags = slot->flags;
- psa_status = PSA_SUCCESS;
- }
- else {
- response_desc->capacity = 0;
- response_desc->size = 0;
- response_desc->flags = 0;
- psa_status = PSA_ERROR_DOES_NOT_EXIST;
- }
-
- call_req_set_opstatus(req, psa_status);
-
- return TS_RPC_CALL_ACCEPTED;
-}
-
-static rpc_status_t remove_handler(void *context, struct call_req *req)
-{
- struct mock_store_provider *this_context = (struct mock_store_provider*)context;
- struct secure_storage_request_remove *request_desc;
- psa_status_t psa_status = PSA_ERROR_DOES_NOT_EXIST;
- struct mock_store_slot *slot;
-
- /* Checking if the descriptor fits into the request buffer */
- if (req->req_buf.data_len < sizeof(struct secure_storage_request_remove))
- return TS_RPC_ERROR_INVALID_REQ_BODY;
-
- request_desc = (struct secure_storage_request_remove *)(req->req_buf.data);
-
- /* Find and remove the item */
- slot = find_slot(this_context, request_desc->uid);
-
- if (slot) {
- free_slot(slot);
- psa_status = PSA_SUCCESS;
- }
-
- call_req_set_opstatus(req, psa_status);
-
- return TS_RPC_CALL_ACCEPTED;
-} \ No newline at end of file
diff --git a/components/service/secure_storage/provider/mock_store/mock_store_provider.h b/components/service/secure_storage/provider/mock_store/mock_store_provider.h
deleted file mode 100644
index 9d2c136..0000000
--- a/components/service/secure_storage/provider/mock_store/mock_store_provider.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef MOCK_STORE_PROVIDER_H
-#define MOCK_STORE_PROVIDER_H
-
-#include <stdbool.h>
-#include <stdint.h>
-#include <service/common/provider/service_provider.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define MOCK_STORE_NUM_SLOTS (100)
-
-struct mock_store_slot
-{
- uint64_t id;
- uint32_t flags;
- size_t len;
- uint8_t *item;
-};
-
-struct mock_store_provider
-{
- struct service_provider base_provider;
- struct mock_store_slot slots[MOCK_STORE_NUM_SLOTS];
-};
-
-struct rpc_interface *mock_store_provider_init(struct mock_store_provider *context);
-void mock_store_provider_deinit(struct mock_store_provider *context);
-
-/* Test support methods */
-void mock_store_reset(struct mock_store_provider *context);
-bool mock_store_exists(const struct mock_store_provider *context, uint32_t id);
-size_t mock_store_num_items(const struct mock_store_provider *context);
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-
-#endif /* MOCK_STORE_PROVIDER_H */
diff --git a/components/service/secure_storage/provider/secure_flash_store/secure_flash_store.h b/components/service/secure_storage/provider/secure_flash_store/secure_flash_store.h
deleted file mode 100644
index 41b7aa8..0000000
--- a/components/service/secure_storage/provider/secure_flash_store/secure_flash_store.h
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __SECURE_FLASH_STORE_H__
-#define __SECURE_FLASH_STORE_H__
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include <protocols/service/psa/packed-c/status.h>
-#include <protocols/service/secure_storage/packed-c/secure_storage_proto.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Initializes the internal trusted storage system.
- *
- * \return A status indicating the success/failure of the operation
- *
- * \retval PSA_SUCCESS The operation completed successfully
- * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the storage
- * system initialization has failed (fatal
- * error)
- * \retval PSA_ERROR_GENERIC_ERROR The operation failed because of an
- * unspecified internal failure
- */
-psa_status_t sfs_init(void);
-
-/**
- * \brief Create a new, or modify an existing, uid/value pair
- *
- * Stores data in the internal storage.
- *
- * \param[in] client_id Identifier of the asset's owner (client)
- * \param[in] uid The identifier for the data
- * \param[in] data_length The size in bytes of the data in `p_data`
- * \param[in] create_flags The flags that the data will be stored with
- *
- * \return A status indicating the success/failure of the operation
- *
- * \retval PSA_SUCCESS The operation completed successfully
- * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the
- * provided `uid` value was already
- * created with
- * TS_SECURE_STORAGE_FLAG_WRITE_ONCE
- * \retval PSA_ERROR_NOT_SUPPORTED The operation failed because one or
- * more of the flags provided in
- * `create_flags` is not supported or is
- * not valid
- * \retval PSA_ERROR_INSUFFICIENT_STORAGE The operation failed because there
- * was insufficient space on the
- * storage medium
- * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the
- * physical storage has failed (Fatal
- * error)
- * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one
- * of the provided pointers (`p_data`)
- * is invalid, for example is `NULL` or
- * references memory the caller cannot
- * access
- */
-psa_status_t sfs_set(uint32_t client_id,
- uint64_t uid,
- size_t data_length,
- const void *p_data,
- uint32_t create_flags);
-
-/**
- * \brief Retrieve data associated with a provided UID
- *
- * Retrieves up to `data_size` bytes of the data associated with `uid`, starting
- * at `data_offset` bytes from the beginning of the data. Upon successful
- * completion, the data will be placed in the `p_data` buffer, which must be at
- * least `data_size` bytes in size. The length of the data returned will be in
- * `p_data_length`. If `data_size` is 0, the contents of `p_data_length` will
- * be set to zero.
- *
- * \param[in] client_id Identifier of the asset's owner (client)
- * \param[in] uid The uid value
- * \param[in] data_offset The starting offset of the data requested
- * \param[in] data_size The amount of data requested
- * \param[out] p_data_length On success, this will contain size of the data
- * placed in `p_data`.
- *
- * \return A status indicating the success/failure of the operation
- *
- * \retval PSA_SUCCESS The operation completed successfully
- * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the
- * provided `uid` value was not found in
- * the storage
- * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the
- * physical storage has failed (Fatal
- * error)
- * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the
- * provided arguments (`p_data`,
- * `p_data_length`) is invalid, for example
- * is `NULL` or references memory the
- * caller cannot access. In addition, this
- * can also happen if `data_offset` is
- * larger than the size of the data
- * associated with `uid`.
- */
-psa_status_t sfs_get(uint32_t client_id,
- uint64_t uid,
- size_t data_offset,
- size_t data_size,
- void *p_data,
- size_t *p_data_length);
-
-/**
- * \brief Retrieve the metadata about the provided uid
- *
- * Retrieves the metadata stored for a given `uid` as a `secure_storage_response_get_info`
- * structure.
- *
- * \param[in] client_id Identifier of the asset's owner (client)
- * \param[in] uid The `uid` value
- * \param[out] p_info A pointer to the `secure_storage_response_get_info` struct that will
- * be populated with the metadata
- *
- * \return A status indicating the success/failure of the operation
- *
- * \retval PSA_SUCCESS The operation completed successfully
- * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided
- * uid value was not found in the storage
- * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical
- * storage has failed (Fatal error)
- * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the
- * provided pointers(`p_info`)
- * is invalid, for example is `NULL` or
- * references memory the caller cannot
- * access
- */
-psa_status_t sfs_get_info(uint32_t client_id, uint64_t uid,
- struct secure_storage_response_get_info *p_info);
-
-/**
- * \brief Remove the provided uid and sfs associated data from the storage
- *
- * Deletes the data from internal storage.
- *
- * \param[in] client_id Identifier of the asset's owner (client)
- * \param[in] uid The `uid` value
- *
- * \return A status indicating the success/failure of the operation
- *
- * \retval PSA_SUCCESS The operation completed successfully
- * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one or more
- * of the given arguments were invalid (null
- * pointer, wrong flags and so on)
- * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided
- * uid value was not found in the storage
- * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the provided
- * uid value was created with
- * TS_SECURE_STORAGE_FLAG_WRITE_ONCE
- * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical
- * storage has failed (Fatal error)
- */
-psa_status_t sfs_remove(uint32_t client_id, uint64_t uid);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __SECURE_FLASH_STORE_H__ */
diff --git a/components/service/secure_storage/provider/secure_flash_store/sfs_provider.h b/components/service/secure_storage/provider/secure_flash_store/sfs_provider.h
deleted file mode 100644
index a1d4c9c..0000000
--- a/components/service/secure_storage/provider/secure_flash_store/sfs_provider.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef SFS_HANDLERS_H
-#define SFS_HANDLERS_H
-
-#include <components/service/common/provider/service_provider.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct sfs_provider {
- struct service_provider base_provider;
-};
-
-struct rpc_interface *sfs_provider_init(struct sfs_provider *context);
-rpc_status_t sfs_set_handler(void *context, struct call_req *req);
-rpc_status_t sfs_get_handler(void *context, struct call_req *req);
-rpc_status_t sfs_get_info_handler(void *context, struct call_req *req);
-rpc_status_t sfs_remove_handler(void *context, struct call_req *req);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* SFS_HANDLERS_H */
diff --git a/components/service/secure_storage/test/its_tests.cpp b/components/service/secure_storage/test/its_tests.cpp
index 9ec24e4..12b057f 100644
--- a/components/service/secure_storage/test/its_tests.cpp
+++ b/components/service/secure_storage/test/its_tests.cpp
@@ -8,8 +8,10 @@
#include <cstdint>
#include <CppUTest/TestHarness.h>
#include <rpc/direct/direct_caller.h>
-#include <service/secure_storage/client/psa/its/its_client.h>
-#include <service/secure_storage/provider/secure_flash_store/sfs_provider.h>
+#include <service/secure_storage/frontend/psa/its/its_frontend.h>
+#include <service/secure_storage/backend/secure_storage_client/secure_storage_client.h>
+#include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
+#include <service/secure_storage/backend/secure_flash_store/secure_flash_store.h>
#include <psa/internal_trusted_storage.h>
#include <psa/error.h>
@@ -17,17 +19,23 @@ TEST_GROUP(InternalTrustedStorageTests)
{
void setup()
{
- struct rpc_interface *storage_ep = sfs_provider_init(&m_storage_provider);
+ struct storage_backend *storage_provider_backend = sfs_init();
+ struct rpc_interface *storage_ep = secure_storage_provider_init(&m_storage_provider, storage_provider_backend);
struct rpc_caller *storage_caller = direct_caller_init_default(&m_storage_caller, storage_ep);
- psa_its_client_init(storage_caller);
+
+ struct storage_backend *storage_client_backend = secure_storage_client_init(&m_storage_client, storage_caller);
+ psa_its_frontend_init(storage_client_backend);
}
void teardown()
{
+ secure_storage_provider_deinit(&m_storage_provider);
+ secure_storage_client_deinit(&m_storage_client);
direct_caller_deinit(&m_storage_caller);
}
- struct sfs_provider m_storage_provider;
+ struct secure_storage_provider m_storage_provider;
+ struct secure_storage_client m_storage_client;
struct direct_caller m_storage_caller;
};
diff --git a/deployments/component-test/component-test.cmake b/deployments/component-test/component-test.cmake
index 0e6fd1b..f2f972a 100644
--- a/deployments/component-test/component-test.cmake
+++ b/deployments/component-test/component-test.cmake
@@ -50,11 +50,13 @@ add_components(
"components/service/crypto/test/service/protobuf"
"components/service/crypto/test/service/packed-c"
"components/service/crypto/test/protocol"
- "components/service/secure_storage/client/psa"
- "components/service/secure_storage/provider/mock_store"
- "components/service/secure_storage/provider/secure_flash_store"
- "components/service/secure_storage/provider/secure_flash_store/flash_fs"
- "components/service/secure_storage/provider/secure_flash_store/flash"
+ "components/service/secure_storage/frontend/psa/its"
+ "components/service/secure_storage/frontend/secure_storage_provider"
+ "components/service/secure_storage/backend/secure_storage_client"
+ "components/service/secure_storage/backend/mock_store"
+ "components/service/secure_storage/backend/secure_flash_store"
+ "components/service/secure_storage/backend/secure_flash_store/flash_fs"
+ "components/service/secure_storage/backend/secure_flash_store/flash"
"components/service/secure_storage/test"
"components/service/test_runner/provider"
"components/service/test_runner/provider/serializer/packed-c"
diff --git a/deployments/crypto/opteesp/CMakeLists.txt b/deployments/crypto/opteesp/CMakeLists.txt
index 9441ecf..108223a 100644
--- a/deployments/crypto/opteesp/CMakeLists.txt
+++ b/deployments/crypto/opteesp/CMakeLists.txt
@@ -50,7 +50,8 @@ add_components(TARGET "crypto-sp"
"components/service/crypto/provider/mbedcrypto/trng_adapter/platform"
"components/service/crypto/provider/serializer/protobuf"
"components/service/crypto/provider/serializer/packed-c"
- "components/service/secure_storage/client/psa"
+ "components/service/secure_storage/frontend/psa/its"
+ "components/service/secure_storage/backend/secure_storage_client"
"protocols/rpc/common/packed-c"
"protocols/service/secure_storage/packed-c"
"protocols/service/crypto/protobuf"
diff --git a/deployments/crypto/opteesp/crypto_sp.c b/deployments/crypto/opteesp/crypto_sp.c
index 594fa89..2512eee 100644
--- a/deployments/crypto/opteesp/crypto_sp.c
+++ b/deployments/crypto/opteesp/crypto_sp.c
@@ -6,7 +6,7 @@
#include <rpc/ffarpc/caller/sp/ffarpc_caller.h>
#include <rpc/ffarpc/endpoint/ffarpc_call_ep.h>
#include <rpc/dummy/dummy_caller.h>
-#include <service/secure_storage/client/psa/its/its_client.h>
+#include <service/secure_storage/backend/secure_storage_client/secure_storage_client.h>
#include <service/crypto/provider/mbedcrypto/crypto_provider.h>
#include <service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.h>
#include <service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.h>
@@ -75,7 +75,7 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
ffa_call_ep_init(&ffarpc_call_ep, crypto_iface);
- /* End of boot phase */
+ /* End of boot phase */
ffa_msg_wait(&req_msg);
while (1) {
diff --git a/deployments/env-test/env_test.cmake b/deployments/env-test/env_test.cmake
index bf2b509..b809c1d 100644
--- a/deployments/env-test/env_test.cmake
+++ b/deployments/env-test/env_test.cmake
@@ -12,7 +12,7 @@
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
-# Components that are common accross all deployments
+# Components that are common across all deployments
#
#-------------------------------------------------------------------------------
add_components(
@@ -32,7 +32,8 @@ add_components(
"components/service/crypto/provider/mbedcrypto"
"components/service/crypto/provider/mbedcrypto/trng_adapter/platform"
"components/service/crypto/provider/mbedcrypto/trng_adapter/test"
- "components/service/secure_storage/client/psa"
+ "components/service/secure_storage/frontend/psa/its"
+ "components/service/secure_storage/backend/secure_storage_client"
"protocols/rpc/common/packed-c"
)
diff --git a/deployments/libts/linux-pc/CMakeLists.txt b/deployments/libts/linux-pc/CMakeLists.txt
index 54c2cd9..3378ee3 100644
--- a/deployments/libts/linux-pc/CMakeLists.txt
+++ b/deployments/libts/linux-pc/CMakeLists.txt
@@ -41,10 +41,12 @@ add_components(
"components/service/crypto/provider/mbedcrypto/trng_adapter/linux"
"components/service/crypto/provider/serializer/protobuf"
"components/service/crypto/provider/serializer/packed-c"
- "components/service/secure_storage/client/psa"
- "components/service/secure_storage/provider/secure_flash_store"
- "components/service/secure_storage/provider/secure_flash_store/flash_fs"
- "components/service/secure_storage/provider/secure_flash_store/flash"
+ "components/service/secure_storage/frontend/psa/its"
+ "components/service/secure_storage/frontend/secure_storage_provider"
+ "components/service/secure_storage/backend/secure_storage_client"
+ "components/service/secure_storage/backend/secure_flash_store"
+ "components/service/secure_storage/backend/secure_flash_store/flash_fs"
+ "components/service/secure_storage/backend/secure_flash_store/flash"
"components/service/test_runner/provider"
"components/service/test_runner/provider/serializer/packed-c"
"components/service/test_runner/provider/backend/mock"
diff --git a/deployments/secure-storage/opteesp/CMakeLists.txt b/deployments/secure-storage/opteesp/CMakeLists.txt
index dc1aabf..4bcbd17 100644
--- a/deployments/secure-storage/opteesp/CMakeLists.txt
+++ b/deployments/secure-storage/opteesp/CMakeLists.txt
@@ -34,10 +34,12 @@ add_components(TARGET "secure-storage"
components/messaging/ffa/libsp
components/rpc/ffarpc/endpoint
components/rpc/common/interface
+ components/service/common
components/service/common/provider
- components/service/secure_storage/provider/secure_flash_store
- components/service/secure_storage/provider/secure_flash_store/flash_fs
- components/service/secure_storage/provider/secure_flash_store/flash
+ components/service/secure_storage/frontend/secure_storage_provider
+ components/service/secure_storage/backend/secure_flash_store
+ components/service/secure_storage/backend/secure_flash_store/flash_fs
+ components/service/secure_storage/backend/secure_flash_store/flash
protocols/rpc/common/packed-c
protocols/service/secure_storage/packed-c
environments/opteesp
diff --git a/deployments/secure-storage/opteesp/sp.c b/deployments/secure-storage/opteesp/sp.c
index c24423c..c3bc94a 100644
--- a/deployments/secure-storage/opteesp/sp.c
+++ b/deployments/secure-storage/opteesp/sp.c
@@ -8,8 +8,8 @@
#include <ffa_api.h>
#include <components/rpc/common/endpoint/rpc_interface.h>
#include <components/rpc/ffarpc/endpoint/ffarpc_call_ep.h>
-#include <components/service/secure_storage/provider/secure_flash_store/sfs_provider.h>
-#include <components/service/common/provider/service_provider.h>
+#include <components/service/secure_storage/backend/secure_flash_store/secure_flash_store.h>
+#include <components/service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
#include <sp_api.h>
#include <sp_rxtx.h>
#include <trace.h>
@@ -22,11 +22,12 @@ void sp_main(struct ffa_init_info *init_info)
{
ffa_result ffa_res;
sp_result sp_res;
- struct rpc_interface *sfs_iface;
+ struct rpc_interface *secure_storage_iface;
struct ffa_call_ep ffa_call_ep;
struct ffa_direct_msg req_msg;
struct ffa_direct_msg resp_msg;
- struct sfs_provider sfs_provider;
+ struct secure_storage_provider secure_storage_provider;
+ struct storage_backend *storage_backend;
/* Boot */
(void) init_info;
@@ -41,8 +42,9 @@ void sp_main(struct ffa_init_info *init_info)
EMSG("rxtx map error: %d", sp_res);
}
- sfs_iface = sfs_provider_init(&sfs_provider);
- ffa_call_ep_init(&ffa_call_ep, sfs_iface);
+ storage_backend = sfs_init();
+ secure_storage_iface = secure_storage_provider_init(&secure_storage_provider, storage_backend);
+ ffa_call_ep_init(&ffa_call_ep, secure_storage_iface);
/* End of boot phase */
ffa_msg_wait(&req_msg);
diff --git a/deployments/sfs-demo/opteesp/CMakeLists.txt b/deployments/sfs-demo/opteesp/CMakeLists.txt
index 9f4dbae..758b7ab 100644
--- a/deployments/sfs-demo/opteesp/CMakeLists.txt
+++ b/deployments/sfs-demo/opteesp/CMakeLists.txt
@@ -35,7 +35,8 @@ add_components(TARGET "sfs-demo"
components/rpc/common/caller
components/rpc/ffarpc/caller/sp
components/service/common
- components/service/secure_storage/client/psa
+ components/service/secure_storage/frontend/psa/its
+ components/service/secure_storage/backend/secure_storage_client
protocols/rpc/common/packed-c
protocols/service/secure_storage/packed-c
environments/opteesp
diff --git a/deployments/sfs-demo/opteesp/sp.c b/deployments/sfs-demo/opteesp/sp.c
index 5bda8e9..1d8fe87 100644
--- a/deployments/sfs-demo/opteesp/sp.c
+++ b/deployments/sfs-demo/opteesp/sp.c
@@ -7,7 +7,8 @@
#include "sp.h"
#include <ffa_api.h>
#include <components/rpc/ffarpc/caller/sp/ffarpc_caller.h>
-#include <components/service/secure_storage/client/psa/its/its_client.h>
+#include <components/service/secure_storage/frontend/psa/its/its_frontend.h>
+#include <service/secure_storage/backend/secure_storage_client/secure_storage_client.h>
#include <psa/internal_trusted_storage.h>
#include <sp_api.h>
#include <sp_rxtx.h>
@@ -133,6 +134,8 @@ void __noreturn sp_main(struct ffa_init_info *init_info) {
struct ffa_direct_msg req_msg;
struct rpc_caller *caller;
struct ffarpc_caller ffa_caller;
+ struct secure_storage_client secure_storage_client;
+ struct storage_backend *storage_backend;
uint16_t sp_ids[3];
uint32_t sp_id_cnt = 0;
@@ -164,7 +167,8 @@ void __noreturn sp_main(struct ffa_init_info *init_info) {
goto err;
}
- psa_its_client_init(caller);
+ storage_backend = secure_storage_client_init(&secure_storage_client, caller);
+ psa_its_frontend_init(storage_backend);
/*
* This is not thorough testing of the ITS SP!