diff options
author | julhal01 <julian.hall@arm.com> | 2021-02-15 17:34:08 +0000 |
---|---|---|
committer | Gyorgy Szing <Gyorgy.Szing@arm.com> | 2021-07-01 01:04:14 +0200 |
commit | 1260f10b365ab68427801028146c77faf3854c84 (patch) | |
tree | 5890e6034438187b05ee0b7ee0ca2ebbbb13e2f5 | |
parent | cd3241a5b189c74264d06e6413397eaa3b9dca81 (diff) | |
download | trusted-services-1260f10b365ab68427801028146c77faf3854c84.tar.gz |
Refactor Secure storage into frontend/backend
The secure storage service components are refactored as storage
frontends and backends. Any frontend can be paired with any
backend. Each backend implements a common interface. This
allows new storage frontends and backends to be added more
easily and allows configurations such as proxies to be
created by simply pairing a service provider (frontend) with
a service client (backend).
Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: I5ef569ff3b61f64d6de69276d2b33e67a7ab0fa6
55 files changed, 978 insertions, 723 deletions
diff --git a/components/service/secure_storage/client/psa/internal_trusted_storage.h b/components/service/common/psa/internal_trusted_storage.h index da6905464..da6905464 100644 --- a/components/service/secure_storage/client/psa/internal_trusted_storage.h +++ b/components/service/common/psa/internal_trusted_storage.h diff --git a/components/service/secure_storage/client/psa/storage_common.h b/components/service/common/psa/storage_common.h index 4f6ba2a7d..4f6ba2a7d 100644 --- a/components/service/secure_storage/client/psa/storage_common.h +++ b/components/service/common/psa/storage_common.h diff --git a/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp b/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp index 86fd42047..c57cbba72 100644 --- a/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp +++ b/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp @@ -9,6 +9,7 @@ #include <protocols/service/psa/packed-c/status.h> #include <service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.h> #include <service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.h> +#include <service/secure_storage/backend/secure_flash_store/secure_flash_store.h> standalone_crypto_client::standalone_crypto_client() : test_crypto_client(), @@ -37,7 +38,9 @@ bool standalone_crypto_client::init() if (!is_fault_injected(FAILED_TO_DISCOVER_SECURE_STORAGE)) { /* Establish rpc session with storage provider */ - struct rpc_interface *storage_ep = sfs_provider_init(&m_storage_provider); + struct storage_backend *storage_backend = sfs_init(); + struct rpc_interface *storage_ep = secure_storage_provider_init(&m_storage_provider, + storage_backend); storage_caller = direct_caller_init_default(&m_storage_caller, storage_ep); } else { @@ -77,6 +80,7 @@ bool standalone_crypto_client::deinit() if (should_do) { mbed_crypto_provider_deinit(&m_crypto_provider); + secure_storage_provider_deinit(&m_storage_provider); direct_caller_deinit(&m_storage_caller); direct_caller_deinit(&m_crypto_caller); diff --git a/components/service/crypto/client/test/standalone/standalone_crypto_client.h b/components/service/crypto/client/test/standalone/standalone_crypto_client.h index 9327fdcd6..8f156b0c9 100644 --- a/components/service/crypto/client/test/standalone/standalone_crypto_client.h +++ b/components/service/crypto/client/test/standalone/standalone_crypto_client.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -11,7 +11,7 @@ #include <rpc/direct/direct_caller.h> #include <rpc/dummy/dummy_caller.h> #include <service/crypto/provider/mbedcrypto/crypto_provider.h> -#include <service/secure_storage/provider/secure_flash_store/sfs_provider.h> +#include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h> /* * A specialization of the crypto_client class that extends it to add crypto @@ -43,7 +43,7 @@ private: bool is_fault_supported(enum fault_code code) const; struct mbed_crypto_provider m_crypto_provider; - struct sfs_provider m_storage_provider; + struct secure_storage_provider m_storage_provider; struct direct_caller m_crypto_caller; struct direct_caller m_storage_caller; struct dummy_caller m_dummy_storage_caller; diff --git a/components/service/crypto/provider/mbedcrypto/crypto_provider.c b/components/service/crypto/provider/mbedcrypto/crypto_provider.c index 4d5a0a330..b0f8be309 100644 --- a/components/service/crypto/provider/mbedcrypto/crypto_provider.c +++ b/components/service/crypto/provider/mbedcrypto/crypto_provider.c @@ -8,7 +8,7 @@ #include <protocols/service/crypto/packed-c/opcodes.h> #include <service/crypto/provider/mbedcrypto/crypto_provider.h> #include <service/crypto/provider/mbedcrypto/trng_adapter/trng_adapter.h> -#include <service/secure_storage/client/psa/its/its_client.h> +#include <service/secure_storage/frontend/psa/its/its_frontend.h> #include <protocols/rpc/common/packed-c/status.h> #include <psa/crypto.h> @@ -45,7 +45,7 @@ static const struct service_handler handler_table[] = { }; struct rpc_interface *mbed_crypto_provider_init(struct mbed_crypto_provider *context, - struct rpc_caller *storage_provider, + struct rpc_caller *storage_caller, int trng_instance) { struct rpc_interface *rpc_interface = NULL; @@ -57,7 +57,7 @@ struct rpc_interface *mbed_crypto_provider_init(struct mbed_crypto_provider *con * is a mandatory feature of the crypto service, insist on a storage * provider being available. */ - if (context && storage_provider) { + if (context && storage_caller) { for (size_t encoding = 0; encoding < TS_RPC_ENCODING_LIMIT; ++encoding) context->serializers[encoding] = NULL; @@ -65,9 +65,15 @@ struct rpc_interface *mbed_crypto_provider_init(struct mbed_crypto_provider *con service_provider_init(&context->base_provider, context, handler_table, sizeof(handler_table)/sizeof(struct service_handler)); - if ((psa_its_client_init(storage_provider) == PSA_SUCCESS) && - (psa_crypto_init() == PSA_SUCCESS)) + struct storage_backend *storage_backend = + secure_storage_client_init(&context->secure_storage_client, storage_caller); + + if (storage_backend && + (psa_its_frontend_init(storage_backend) == PSA_SUCCESS) && + (psa_crypto_init() == PSA_SUCCESS)) { + rpc_interface = service_provider_get_rpc_interface(&context->base_provider); + } } return rpc_interface; diff --git a/components/service/crypto/provider/mbedcrypto/crypto_provider.h b/components/service/crypto/provider/mbedcrypto/crypto_provider.h index 0a7666f7d..1f69396eb 100644 --- a/components/service/crypto/provider/mbedcrypto/crypto_provider.h +++ b/components/service/crypto/provider/mbedcrypto/crypto_provider.h @@ -8,9 +8,9 @@ #define MBED_CRYPTO_PROVIDER_H #include <rpc/common/endpoint/rpc_interface.h> -#include <rpc_caller.h> #include <service/common/provider/service_provider.h> #include <service/crypto/provider/serializer/crypto_provider_serializer.h> +#include <service/secure_storage/backend/secure_storage_client/secure_storage_client.h> #include <protocols/rpc/common/packed-c/encoding.h> #ifdef __cplusplus @@ -21,20 +21,17 @@ struct mbed_crypto_provider { struct service_provider base_provider; const struct crypto_provider_serializer *serializers[TS_RPC_ENCODING_LIMIT]; + struct secure_storage_client secure_storage_client; }; /* * Initializes an instance of the crypto service provider that uses the * Mbed Crypto library to implement crypto operations. Secure storage * for persistent keys needs to be provided by a suitable storage - * provider, accessed using the secure storage service access protocol - * using the provided rpc_caller. Any rpc endpoint discovery and - * session establishment should have been performed prior to initializing - * the mbed_crypto_provider. On successfully initializing the provider, - * a pointer to the rpc_interface for the service is returned. + * backend. */ struct rpc_interface *mbed_crypto_provider_init(struct mbed_crypto_provider *context, - struct rpc_caller *storage_provider, + struct rpc_caller *storage_caller, int trng_instance); /* diff --git a/components/service/locator/standalone/services/crypto/crypto_service_context.cpp b/components/service/locator/standalone/services/crypto/crypto_service_context.cpp index 7a49d267f..07829e227 100644 --- a/components/service/locator/standalone/services/crypto/crypto_service_context.cpp +++ b/components/service/locator/standalone/services/crypto/crypto_service_context.cpp @@ -7,6 +7,7 @@ #include "crypto_service_context.h" #include <service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.h> #include <service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.h> +#include <service/secure_storage/backend/secure_flash_store/secure_flash_store.h> crypto_service_context::crypto_service_context(const char *sn) : standalone_service_context(sn), @@ -24,7 +25,9 @@ crypto_service_context::~crypto_service_context() void crypto_service_context::do_init() { - struct rpc_interface *storage_ep = sfs_provider_init(&m_storage_provider); + struct storage_backend *storage_backend = sfs_init(); + struct rpc_interface *storage_ep = secure_storage_provider_init(&m_storage_provider, + storage_backend); struct rpc_caller *storage_caller = direct_caller_init_default(&m_storage_caller, storage_ep); struct rpc_interface *crypto_ep = mbed_crypto_provider_init(&m_crypto_provider, @@ -42,5 +45,6 @@ void crypto_service_context::do_init() void crypto_service_context::do_deinit() { mbed_crypto_provider_deinit(&m_crypto_provider); + secure_storage_provider_deinit(&m_storage_provider); direct_caller_deinit(&m_storage_caller); } diff --git a/components/service/locator/standalone/services/crypto/crypto_service_context.h b/components/service/locator/standalone/services/crypto/crypto_service_context.h index 44d5f999b..84360ba3f 100644 --- a/components/service/locator/standalone/services/crypto/crypto_service_context.h +++ b/components/service/locator/standalone/services/crypto/crypto_service_context.h @@ -10,7 +10,7 @@ #include <service/locator/standalone/standalone_service_context.h> #include <rpc/direct/direct_caller.h> #include <service/crypto/provider/mbedcrypto/crypto_provider.h> -#include <service/secure_storage/provider/secure_flash_store/sfs_provider.h> +#include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h> class crypto_service_context : public standalone_service_context { @@ -24,7 +24,7 @@ private: void do_deinit(); struct mbed_crypto_provider m_crypto_provider; - struct sfs_provider m_storage_provider; + struct secure_storage_provider m_storage_provider; struct direct_caller m_storage_caller; }; diff --git a/components/service/secure_storage/provider/mock_store/component.cmake b/components/service/secure_storage/backend/mock_store/component.cmake index 7e0576341..984feaa6c 100644 --- a/components/service/secure_storage/provider/mock_store/component.cmake +++ b/components/service/secure_storage/backend/mock_store/component.cmake @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------- -# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved. +# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -9,6 +9,6 @@ if (NOT DEFINED TGT) endif() target_sources(${TGT} PRIVATE - "${CMAKE_CURRENT_LIST_DIR}/mock_store_provider.c" + "${CMAKE_CURRENT_LIST_DIR}/mock_store.c" ) diff --git a/components/service/secure_storage/backend/mock_store/mock_store.c b/components/service/secure_storage/backend/mock_store/mock_store.c new file mode 100644 index 000000000..a3a2d943d --- /dev/null +++ b/components/service/secure_storage/backend/mock_store/mock_store.c @@ -0,0 +1,207 @@ +/* + * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include "mock_store.h" +#include <protocols/service/psa/packed-c/status.h> +#include <stdlib.h> +#include <string.h> + +static struct mock_store_slot *find_slot(struct mock_store *context, uint32_t id); +static struct mock_store_slot *find_empty_slot(struct mock_store *context); +static void free_slot(struct mock_store_slot *slot); + + +static psa_status_t mock_store_set(void *context, + uint32_t client_id, + uint64_t uid, + size_t data_length, + const void *p_data, + uint32_t create_flags) +{ + psa_status_t psa_status = PSA_ERROR_INSUFFICIENT_MEMORY; + struct mock_store *this_context = (struct mock_store*)context; + + /* Replace existing or add new item */ + struct mock_store_slot *slot = find_slot(this_context, uid); + if (slot) free_slot(slot); + else slot = find_empty_slot(this_context); + + if (slot) { + slot->id = uid; + slot->flags = create_flags; + slot->len = data_length; + slot->item = malloc(slot->len); + if (slot->item) { + memcpy(slot->item, p_data, slot->len); + psa_status = PSA_SUCCESS; + } + } + + return psa_status; +} + +static psa_status_t mock_store_get(void *context, + uint32_t client_id, + uint64_t uid, + size_t data_offset, + size_t data_size, + void *p_data, + size_t *p_data_length) +{ + psa_status_t psa_status = PSA_ERROR_DOES_NOT_EXIST; + struct mock_store *this_context = (struct mock_store*)context; + + /* Find the item */ + struct mock_store_slot *slot = find_slot(this_context, uid); + + if (slot && (slot->len <= data_size)) { + memcpy(p_data, slot->item, slot->len); + *p_data_length = slot->len; + psa_status = PSA_SUCCESS; + } + + return psa_status; +} + +static psa_status_t mock_store_get_info(void *context, + uint32_t client_id, + uint64_t uid, + struct psa_storage_info_t *p_info) +{ + psa_status_t psa_status = PSA_ERROR_DOES_NOT_EXIST; + struct mock_store *this_context = (struct mock_store*)context; + + /* Find item to get info about */ + struct mock_store_slot *slot = find_slot(this_context, uid); + + if (slot) { + p_info->capacity = slot->len; + p_info->size = slot->len; + p_info->flags = slot->flags; + psa_status = PSA_SUCCESS; + } + else { + p_info->capacity = 0; + p_info->size = 0; + p_info->flags = 0; + } + + return psa_status; +} + +static psa_status_t mock_store_remove(void *context, + uint32_t client_id, + uint64_t uid) +{ + psa_status_t psa_status = PSA_ERROR_DOES_NOT_EXIST; + struct mock_store *this_context = (struct mock_store*)context; + + /* Find and remove the item */ + struct mock_store_slot *slot = find_slot(this_context, uid); + + if (slot) { + free_slot(slot); + psa_status = PSA_SUCCESS; + } + + return psa_status; +} + +struct storage_backend *mock_store_init(struct mock_store *context) +{ + for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) { + + context->slots[i].len = 0; + context->slots[i].flags = 0; + context->slots[i].id = (uint32_t)(-1); + context->slots[i].item = NULL; + } + + static const struct storage_backend_interface interface = + { + mock_store_set, + mock_store_get, + mock_store_get_info, + mock_store_remove + }; + + context->backend.context = context; + context->backend.interface = &interface; + + return &context->backend; +} + +void mock_store_deinit(struct mock_store *context) +{ + mock_store_reset(context); +} + +void mock_store_reset(struct mock_store *context) +{ + for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) + free_slot(&context->slots[i]); +} + +bool mock_store_exists(const struct mock_store *context, uint32_t id) +{ + bool exists = false; + + for (int i = 0; !exists && i < MOCK_STORE_NUM_SLOTS; ++i) { + exists = context->slots[i].item && (context->slots[i].id == id); + } + + return exists; +} + +size_t mock_store_num_items(const struct mock_store *context) +{ + size_t count = 0; + + for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) { + if (context->slots[i].item) ++count; + } + + return count; +} + +static struct mock_store_slot *find_slot(struct mock_store *context, uint32_t id) +{ + struct mock_store_slot *slot = NULL; + + for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) { + if (context->slots[i].item && (context->slots[i].id == id)) { + slot = &context->slots[i]; + break; + } + } + + return slot; +} + +static struct mock_store_slot *find_empty_slot(struct mock_store *context) +{ + struct mock_store_slot *slot = NULL; + + for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) { + if (!context->slots[i].item) { + slot = &context->slots[i]; + break; + } + } + + return slot; +} + +static void free_slot(struct mock_store_slot *slot) +{ + if (slot->item) { + free(slot->item); + slot->len = 0; + slot->flags = 0; + slot->id = (uint32_t)(-1); + slot->item = NULL; + } +}
\ No newline at end of file diff --git a/components/service/secure_storage/backend/mock_store/mock_store.h b/components/service/secure_storage/backend/mock_store/mock_store.h new file mode 100644 index 000000000..787e6bcf7 --- /dev/null +++ b/components/service/secure_storage/backend/mock_store/mock_store.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MOCK_STORE_H +#define MOCK_STORE_H + +#include <stdbool.h> +#include <stddef.h> +#include <stdint.h> +#include <service/secure_storage/backend/storage_backend.h> + +#ifdef __cplusplus +extern "C" { +#endif + +#define MOCK_STORE_NUM_SLOTS (100) + +struct mock_store_slot +{ + uint64_t id; + uint32_t flags; + size_t len; + uint8_t *item; +}; + +struct mock_store +{ + struct storage_backend backend; + struct mock_store_slot slots[MOCK_STORE_NUM_SLOTS]; +}; + +struct storage_backend *mock_store_init(struct mock_store *context); +void mock_store_deinit(struct mock_store *context); + +/* Test support methods */ +void mock_store_reset(struct mock_store *context); +bool mock_store_exists(const struct mock_store *context, uint32_t id); +size_t mock_store_num_items(const struct mock_store *context); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* MOCK_STORE_H */ diff --git a/components/service/secure_storage/provider/secure_flash_store/component.cmake b/components/service/secure_storage/backend/secure_flash_store/component.cmake index 2e31c20f9..67dbcac53 100644 --- a/components/service/secure_storage/provider/secure_flash_store/component.cmake +++ b/components/service/secure_storage/backend/secure_flash_store/component.cmake @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------- -# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved. +# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -10,7 +10,6 @@ endif() target_sources(${TGT} PRIVATE "${CMAKE_CURRENT_LIST_DIR}/secure_flash_store.c" - "${CMAKE_CURRENT_LIST_DIR}/sfs_provider.c" "${CMAKE_CURRENT_LIST_DIR}/sfs_utils.c" ) diff --git a/components/service/secure_storage/provider/secure_flash_store/flash/component.cmake b/components/service/secure_storage/backend/secure_flash_store/flash/component.cmake index a2f34e73c..a2f34e73c 100644 --- a/components/service/secure_storage/provider/secure_flash_store/flash/component.cmake +++ b/components/service/secure_storage/backend/secure_flash_store/flash/component.cmake diff --git a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash.c b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash.c index fce796831..fce796831 100644 --- a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash.c +++ b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash.c diff --git a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash.h b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash.h index 18361f206..18361f206 100644 --- a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash.h +++ b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash.h diff --git a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash_info.c b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash_info.c index 7dfe803e5..7dfe803e5 100644 --- a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash_info.c +++ b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash_info.c diff --git a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash_ram.c b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash_ram.c index e4af6e610..e4af6e610 100644 --- a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash_ram.c +++ b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash_ram.c diff --git a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash_ram.h b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash_ram.h index eecc5e57e..eecc5e57e 100644 --- a/components/service/secure_storage/provider/secure_flash_store/flash/sfs_flash_ram.h +++ b/components/service/secure_storage/backend/secure_flash_store/flash/sfs_flash_ram.h diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/component.cmake b/components/service/secure_storage/backend/secure_flash_store/flash_fs/component.cmake index a48270340..a48270340 100644 --- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/component.cmake +++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/component.cmake diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs.c b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs.c index 4747e9914..4747e9914 100644 --- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs.c +++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs.c diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs.h b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs.h index 704c79350..704c79350 100644 --- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs.h +++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs.h diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_check_info.h b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_check_info.h index 2ca2f101a..2ca2f101a 100644 --- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_check_info.h +++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_check_info.h diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_dblock.c b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_dblock.c index 36dc33ae7..36dc33ae7 100644 --- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_dblock.c +++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_dblock.c diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_dblock.h b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_dblock.h index 0fc9d50f4..0fc9d50f4 100644 --- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_dblock.h +++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_dblock.h diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_mblock.c b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_mblock.c index cb435cf38..cb435cf38 100644 --- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_mblock.c +++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_mblock.c diff --git a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_mblock.h b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_mblock.h index d13a5b0db..d13a5b0db 100644 --- a/components/service/secure_storage/provider/secure_flash_store/flash_fs/sfs_flash_fs_mblock.h +++ b/components/service/secure_storage/backend/secure_flash_store/flash_fs/sfs_flash_fs_mblock.h diff --git a/components/service/secure_storage/provider/secure_flash_store/secure_flash_store.c b/components/service/secure_storage/backend/secure_flash_store/secure_flash_store.c index a9f85bd0e..69796cff4 100644 --- a/components/service/secure_storage/provider/secure_flash_store/secure_flash_store.c +++ b/components/service/secure_storage/backend/secure_flash_store/secure_flash_store.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2020, Arm Limited. All rights reserved. + * Copyright (c) 2019-2021, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -10,6 +10,7 @@ #include "sfs_utils.h" #include "secure_flash_store.h" #include <string.h> +#include <stddef.h> #define SFS_MAX_ASSET_SIZE (4096) /* TODO: comes from flash layout */ #define SFS_CREATE_FLASH_LAYOUT /* TODO: move this to a proper place */ @@ -50,45 +51,8 @@ static void sfs_get_fid(uint32_t client_id, memcpy(fid + sizeof(client_id), (const void *)&uid, sizeof(uid)); } -psa_status_t sfs_init(void) -{ - psa_status_t status; - - /* Initialise the SFS context */ - status = sfs_flash_fs_prepare(&fs_ctx_sfs, - sfs_flash_get_info()); -#ifdef SFS_CREATE_FLASH_LAYOUT - /* If SFS_CREATE_FLASH_LAYOUT is set, it indicates that it is required to - * create a SFS flash layout. SFS service will generate an empty and valid - * SFS flash layout to store assets. It will erase all data located in the - * assigned SFS memory area before generating the SFS layout. - * This flag is required to be set if the SFS memory area is located in - * non-persistent memory. - * This flag can be set if the SFS memory area is located in persistent - * memory without a previous valid SFS flash layout in it. That is the case - * when it is the first time in the device life that the SFS service is - * executed. - */ - if (status != PSA_SUCCESS) { - /* Remove all data in the SFS memory area and create a valid SFS flash - * layout in that area. - */ - status = sfs_flash_fs_wipe_all(&fs_ctx_sfs); - if (status != PSA_SUCCESS) { - return status; - } - - /* Attempt to initialise again */ - status = sfs_flash_fs_prepare(&fs_ctx_sfs, - sfs_flash_get_info()); - } -#endif /* SFS_CREATE_FLASH_LAYOUT */ - - - return status; -} - -psa_status_t sfs_set(uint32_t client_id, +static psa_status_t sfs_set(void *context, + uint32_t client_id, uint64_t uid, size_t data_length, const void *p_data, @@ -97,9 +61,7 @@ psa_status_t sfs_set(uint32_t client_id, psa_status_t status; size_t write_size; size_t offset; - const uint8_t *data = p_data; - - data = (const uint8_t *)p_data; + const uint8_t *data = (const uint8_t *)p_data; /* Check that the UID is valid */ if (uid == SFS_INVALID_UID) { @@ -107,9 +69,9 @@ psa_status_t sfs_set(uint32_t client_id, } /* Check that the create_flags does not contain any unsupported flags */ - if (create_flags & ~(TS_SECURE_STORAGE_FLAG_WRITE_ONCE | - TS_SECURE_STORAGE_FLAG_NO_CONFIDENTIALITY | - TS_SECURE_STORAGE_FLAG_NO_REPLAY_PROTECTION)) { + if (create_flags & ~(PSA_STORAGE_FLAG_WRITE_ONCE | + PSA_STORAGE_FLAG_NO_CONFIDENTIALITY | + PSA_STORAGE_FLAG_NO_REPLAY_PROTECTION)) { return PSA_ERROR_NOT_SUPPORTED; } @@ -122,7 +84,7 @@ psa_status_t sfs_set(uint32_t client_id, /* If the object exists and has the write once flag set, then it * cannot be modified. Otherwise it needs to be removed. */ - if (g_file_info.flags & TS_SECURE_STORAGE_FLAG_WRITE_ONCE) { + if (g_file_info.flags & PSA_STORAGE_FLAG_WRITE_ONCE) { return PSA_ERROR_NOT_PERMITTED; } else { status = sfs_flash_fs_file_delete(&fs_ctx_sfs, g_fid); @@ -181,7 +143,8 @@ psa_status_t sfs_set(uint32_t client_id, return PSA_SUCCESS; } -psa_status_t sfs_get(uint32_t client_id, +static psa_status_t sfs_get(void *context, + uint32_t client_id, uint64_t uid, size_t data_offset, size_t data_size, @@ -246,8 +209,8 @@ psa_status_t sfs_get(uint32_t client_id, return PSA_SUCCESS; } -psa_status_t sfs_get_info(uint32_t client_id, uint64_t uid, - struct secure_storage_response_get_info *p_info) +static psa_status_t sfs_get_info(void *context, uint32_t client_id, uint64_t uid, + struct psa_storage_info_t *p_info) { psa_status_t status; @@ -273,7 +236,7 @@ psa_status_t sfs_get_info(uint32_t client_id, uint64_t uid, return PSA_SUCCESS; } -psa_status_t sfs_remove(uint32_t client_id, uint64_t uid) +static psa_status_t sfs_remove(void *context, uint32_t client_id, uint64_t uid) { psa_status_t status; @@ -293,10 +256,64 @@ psa_status_t sfs_remove(uint32_t client_id, uint64_t uid) /* If the object exists and has the write once flag set, then it * cannot be deleted. */ - if (g_file_info.flags & TS_SECURE_STORAGE_FLAG_WRITE_ONCE) { + if (g_file_info.flags & PSA_STORAGE_FLAG_WRITE_ONCE) { return PSA_ERROR_NOT_PERMITTED; } /* Delete old file from the persistent area */ return sfs_flash_fs_file_delete(&fs_ctx_sfs, g_fid); } + +struct storage_backend *sfs_init(void) +{ + psa_status_t status; + + /* Initialise the SFS context */ + status = sfs_flash_fs_prepare(&fs_ctx_sfs, + sfs_flash_get_info()); +#ifdef SFS_CREATE_FLASH_LAYOUT + /* If SFS_CREATE_FLASH_LAYOUT is set, it indicates that it is required to + * create a SFS flash layout. SFS service will generate an empty and valid + * SFS flash layout to store assets. It will erase all data located in the + * assigned SFS memory area before generating the SFS layout. + * This flag is required to be set if the SFS memory area is located in + * non-persistent memory. + * This flag can be set if the SFS memory area is located in persistent + * memory without a previous valid SFS flash layout in it. That is the case + * when it is the first time in the device life that the SFS service is + * executed. + */ + if (status != PSA_SUCCESS) { + /* Remove all data in the SFS memory area and create a valid SFS flash + * layout in that area. + */ + status = sfs_flash_fs_wipe_all(&fs_ctx_sfs); + if (status != PSA_SUCCESS) { + return NULL; + } + + /* Attempt to initialise again */ + status = sfs_flash_fs_prepare(&fs_ctx_sfs, + sfs_flash_get_info()); + + if (status != PSA_SUCCESS) { + return NULL; + } + } +#endif /* SFS_CREATE_FLASH_LAYOUT */ + + static const struct storage_backend_interface interface = + { + sfs_set, + sfs_get, + sfs_get_info, + sfs_remove + }; + + static struct storage_backend backend; + + backend.context = NULL; + backend.interface = &interface; + + return &backend; +} diff --git a/components/service/secure_storage/backend/secure_flash_store/secure_flash_store.h b/components/service/secure_storage/backend/secure_flash_store/secure_flash_store.h new file mode 100644 index 000000000..ac8d9b6b4 --- /dev/null +++ b/components/service/secure_storage/backend/secure_flash_store/secure_flash_store.h @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2019-2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#ifndef __SECURE_FLASH_STORE_H__ +#define __SECURE_FLASH_STORE_H__ + +#include <service/secure_storage/backend/storage_backend.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Initializes the secure flash store backend + * + * \return Pointer to storage backend or NULL on failure + */ +struct storage_backend *sfs_init(void); + +#ifdef __cplusplus +} +#endif + +#endif /* __SECURE_FLASH_STORE_H__ */ diff --git a/components/service/secure_storage/provider/secure_flash_store/sfs_utils.c b/components/service/secure_storage/backend/secure_flash_store/sfs_utils.c index 3d1627260..3d1627260 100644 --- a/components/service/secure_storage/provider/secure_flash_store/sfs_utils.c +++ b/components/service/secure_storage/backend/secure_flash_store/sfs_utils.c diff --git a/components/service/secure_storage/provider/secure_flash_store/sfs_utils.h b/components/service/secure_storage/backend/secure_flash_store/sfs_utils.h index 4a06d4b33..4a06d4b33 100644 --- a/components/service/secure_storage/provider/secure_flash_store/sfs_utils.h +++ b/components/service/secure_storage/backend/secure_flash_store/sfs_utils.h diff --git a/components/service/secure_storage/client/psa/component.cmake b/components/service/secure_storage/backend/secure_storage_client/component.cmake index ae2518b0a..0762bf895 100644 --- a/components/service/secure_storage/client/psa/component.cmake +++ b/components/service/secure_storage/backend/secure_storage_client/component.cmake @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------- -# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved. +# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -9,11 +9,6 @@ if (NOT DEFINED TGT) endif() target_sources(${TGT} PRIVATE - "${CMAKE_CURRENT_LIST_DIR}/its/its_client.c" + "${CMAKE_CURRENT_LIST_DIR}/secure_storage_client.c" ) - -target_include_directories(${TGT} - PRIVATE - "${CMAKE_CURRENT_LIST_DIR}/.." - ) diff --git a/components/service/secure_storage/client/psa/its/its_client.c b/components/service/secure_storage/backend/secure_storage_client/secure_storage_client.c index 54f3efbbe..b2bfc5612 100644 --- a/components/service/secure_storage/client/psa/its/its_client.c +++ b/components/service/secure_storage/backend/secure_storage_client/secure_storage_client.c @@ -1,31 +1,24 @@ /* - * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ -#include "its_client.h" -#include <psa/internal_trusted_storage.h> +#include "secure_storage_client.h" #include <protocols/service/secure_storage/packed-c/secure_storage_proto.h> #include <protocols/rpc/common/packed-c/status.h> -#include <assert.h> +#include <rpc_caller.h> #include <string.h> -/* Variables */ -static struct rpc_caller *rpc_caller; -psa_status_t psa_its_client_init(struct rpc_caller *caller) -{ - rpc_caller = caller; - - return PSA_SUCCESS; -} - -psa_status_t psa_its_set(psa_storage_uid_t uid, +static psa_status_t secure_storage_client_set(void *context, + uint32_t client_id, + psa_storage_uid_t uid, size_t data_length, const void *p_data, psa_storage_create_flags_t create_flags) { + struct secure_storage_client *this_context = (struct secure_storage_client*)context; uint8_t *request; uint8_t *response; size_t request_length = 0; @@ -45,7 +38,7 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, return PSA_ERROR_INVALID_ARGUMENT; } - handle = rpc_caller_begin(rpc_caller, &request, request_length); + handle = rpc_caller_begin(this_context->rpc_caller, &request, request_length); if (handle) { /* Populating request descriptor */ @@ -55,7 +48,8 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, request_desc->create_flags = create_flags; memcpy(&request_desc->p_data, p_data, data_length); - rpc_status = rpc_caller_invoke(rpc_caller, handle, TS_SECURE_STORAGE_OPCODE_SET, + rpc_status = rpc_caller_invoke(this_context->rpc_caller, handle, + TS_SECURE_STORAGE_OPCODE_SET, (uint32_t *)&psa_status, &response, &response_length); @@ -64,7 +58,7 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, psa_status = PSA_ERROR_GENERIC_ERROR; } - rpc_caller_end(rpc_caller, handle); + rpc_caller_end(this_context->rpc_caller, handle); } else { psa_status = PSA_ERROR_GENERIC_ERROR; @@ -73,12 +67,15 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, return psa_status; } -psa_status_t psa_its_get(psa_storage_uid_t uid, +static psa_status_t secure_storage_client_get(void *context, + uint32_t client_id, + psa_storage_uid_t uid, size_t data_offset, size_t data_size, void *p_data, size_t *p_data_length) { + struct secure_storage_client *this_context = (struct secure_storage_client*)context; uint8_t *request; uint8_t *response; size_t response_length = 0; @@ -91,7 +88,7 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, if (p_data == NULL) return PSA_ERROR_INVALID_ARGUMENT; - handle = rpc_caller_begin(rpc_caller, &request, sizeof(*request_desc)); + handle = rpc_caller_begin(this_context->rpc_caller, &request, sizeof(*request_desc)); if (handle) { /* Populating request descriptor */ @@ -100,7 +97,8 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, request_desc->data_offset = data_offset; request_desc->data_size = data_size; - rpc_status = rpc_caller_invoke(rpc_caller, handle, TS_SECURE_STORAGE_OPCODE_GET, + rpc_status = rpc_caller_invoke(this_context->rpc_caller, handle, + TS_SECURE_STORAGE_OPCODE_GET, (uint32_t *)&psa_status, &response, &response_length); @@ -115,7 +113,7 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, memcpy(p_data, response, *p_data_length); } - rpc_caller_end(rpc_caller, handle); + rpc_caller_end(this_context->rpc_caller, handle); } else { psa_status = PSA_ERROR_GENERIC_ERROR; @@ -124,9 +122,12 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, return psa_status; } -psa_status_t psa_its_get_info(psa_storage_uid_t uid, - struct psa_storage_info_t *p_info) +static psa_status_t secure_storage_client_get_info(void *context, + uint32_t client_id, + psa_storage_uid_t uid, + struct psa_storage_info_t *p_info) { + struct secure_storage_client *this_context = (struct secure_storage_client*)context; uint8_t *request; uint8_t *response; size_t response_length = 0; @@ -140,14 +141,14 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid, if (p_info == NULL) return PSA_ERROR_INVALID_ARGUMENT; - handle = rpc_caller_begin(rpc_caller, &request, sizeof(*request_desc)); + handle = rpc_caller_begin(this_context->rpc_caller, &request, sizeof(*request_desc)); if (handle) { /* Populating request descriptor */ request_desc = (struct secure_storage_request_get_info *)request; request_desc->uid = uid; - rpc_status = rpc_caller_invoke(rpc_caller, handle, + rpc_status = rpc_caller_invoke(this_context->rpc_caller, handle, TS_SECURE_STORAGE_OPCODE_GET_INFO, (uint32_t *)&psa_status, &response, &response_length); @@ -170,7 +171,7 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid, p_info->flags = PSA_STORAGE_FLAG_NONE; } - rpc_caller_end(rpc_caller, handle); + rpc_caller_end(this_context->rpc_caller, handle); } else { psa_status = PSA_ERROR_GENERIC_ERROR; @@ -179,8 +180,11 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid, return psa_status; } -psa_status_t psa_its_remove(psa_storage_uid_t uid) +static psa_status_t secure_storage_client_remove(void *context, + uint32_t client_id, + psa_storage_uid_t uid) { + struct secure_storage_client *this_context = (struct secure_storage_client*)context; uint8_t *request; uint8_t *response; size_t response_length = 0; @@ -189,14 +193,15 @@ psa_status_t psa_its_remove(psa_storage_uid_t uid) rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED; psa_status_t psa_status = PSA_SUCCESS; - handle = rpc_caller_begin(rpc_caller, &request, sizeof(*request_desc)); + handle = rpc_caller_begin(this_context->rpc_caller, &request, sizeof(*request_desc)); if (handle) { /* Populating request descriptor */ request_desc = (struct secure_storage_request_remove *)request; request_desc->uid = uid; - rpc_status = rpc_caller_invoke(rpc_caller, handle, TS_SECURE_STORAGE_OPCODE_REMOVE, + rpc_status = rpc_caller_invoke(this_context->rpc_caller, handle, + TS_SECURE_STORAGE_OPCODE_REMOVE, (uint32_t *)&psa_status, &response, &response_length); @@ -205,7 +210,7 @@ psa_status_t psa_its_remove(psa_storage_uid_t uid) psa_status = PSA_ERROR_GENERIC_ERROR; } - rpc_caller_end(rpc_caller, handle); + rpc_caller_end(this_context->rpc_caller, handle); } else { psa_status = PSA_ERROR_GENERIC_ERROR; @@ -213,3 +218,27 @@ psa_status_t psa_its_remove(psa_storage_uid_t uid) return psa_status; } + +struct storage_backend *secure_storage_client_init(struct secure_storage_client *context, + struct rpc_caller *caller) +{ + context->rpc_caller = caller; + + static const struct storage_backend_interface interface = + { + secure_storage_client_set, + secure_storage_client_get, + secure_storage_client_get_info, + secure_storage_client_remove + }; + + context->backend.context = context; + context->backend.interface = &interface; + + return &context->backend; +} + +void secure_storage_client_deinit(struct secure_storage_client *context) +{ + (void)context; +} diff --git a/components/service/secure_storage/backend/secure_storage_client/secure_storage_client.h b/components/service/secure_storage/backend/secure_storage_client/secure_storage_client.h new file mode 100644 index 000000000..fa7d9e7b2 --- /dev/null +++ b/components/service/secure_storage/backend/secure_storage_client/secure_storage_client.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef SECURE_STORAGE_CLIENT_H +#define SECURE_STORAGE_CLIENT_H + +#include <service/secure_storage/backend/storage_backend.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Secure storage client instance + */ +struct secure_storage_client +{ + struct storage_backend backend; + struct rpc_caller *rpc_caller; +}; + +/** + * @brief Initialize a secure storage client + * + * A secure storage client is a storage backend that makes RPC calls + * to a remote secure storage provider. + * + * @param[in] context Instance data + * @param[in] rpc_caller RPC caller instance + * + * + * @return Pointer to inialized storage backend or NULL on failure + */ +struct storage_backend *secure_storage_client_init(struct secure_storage_client *context, + struct rpc_caller *caller); + +/** + * @brief Deinitialize a secure storage client + * + * @param[in] context Instance data + */ +void secure_storage_client_deinit(struct secure_storage_client *context); + +#ifdef __cplusplus +} +#endif + +#endif /* SECURE_STORAGE_CLIENT_H */ diff --git a/components/service/secure_storage/backend/storage_backend.h b/components/service/secure_storage/backend/storage_backend.h new file mode 100644 index 000000000..682451cf8 --- /dev/null +++ b/components/service/secure_storage/backend/storage_backend.h @@ -0,0 +1,196 @@ +/* + * Copyright (c) 2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#ifndef __STORAGE_BACKEND_H__ +#define __STORAGE_BACKEND_H__ + +#include <stdint.h> +#include <stddef.h> +#include <psa/storage_common.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Common storage backend interface + * + * A concrete storage backend provides an implementation of this + * interface. + */ +struct storage_backend_interface +{ + /** + * \brief Create a new, or modify an existing, uid/value pair + * + * Stores data in the storage backend. + * + * \param[in] context The concrete backend context + * \param[in] client_id Identifier of the asset's owner (client) + * \param[in] uid The identifier for the data + * \param[in] data_length The size in bytes of the data in `p_data` + * \param[in] create_flags The flags that the data will be stored with + * + * \return A status indicating the success/failure of the operation + * + * \retval PSA_SUCCESS The operation completed successfully + * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the + * provided `uid` value was already + * created with + * TS_SECURE_STORAGE_FLAG_WRITE_ONCE + * \retval PSA_ERROR_NOT_SUPPORTED The operation failed because one or + * more of the flags provided in + * `create_flags` is not supported or is + * not valid + * \retval PSA_ERROR_INSUFFICIENT_STORAGE The operation failed because there + * was insufficient space on the + * storage medium + * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the + * physical storage has failed (Fatal + * error) + * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one + * of the provided pointers (`p_data`) + * is invalid, for example is `NULL` or + * references memory the caller cannot + * access + */ + psa_status_t (*set)(void *context, + uint32_t client_id, + uint64_t uid, + size_t data_length, + const void *p_data, + uint32_t create_flags); + + /** + * \brief Retrieve data associated with a provided UID + * + * Retrieves up to `data_size` bytes of the data associated with `uid`, starting + * at `data_offset` bytes from the beginning of the data. Upon successful + * completion, the data will be placed in the `p_data` buffer, which must be at + * least `data_size` bytes in size. The length of the data returned will be in + * `p_data_length`. If `data_size` is 0, the contents of `p_data_length` will + * be set to zero. + * + * \param[in] context The concrete backend context + * \param[in] client_id Identifier of the asset's owner (client) + * \param[in] uid The uid value + * \param[in] data_offset The starting offset of the data requested + * \param[in] data_size The amount of data requested + * \param[out] p_data_length On success, this will contain size of the data + * placed in `p_data`. + * + * \return A status indicating the success/failure of the operation + * + * \retval PSA_SUCCESS The operation completed successfully + * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the + * provided `uid` value was not found in + * the storage + * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the + * physical storage has failed (Fatal + * error) + * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the + * provided arguments (`p_data`, + * `p_data_length`) is invalid, for example + * is `NULL` or references memory the + * caller cannot access. In addition, this + * can also happen if `data_offset` is + * larger than the size of the data + * associated with `uid`. + */ + psa_status_t (*get)(void *context, + uint32_t client_id, + uint64_t uid, + size_t data_offset, + size_t data_size, + void *p_data, + size_t *p_data_length); + + /** + * \brief Retrieve the metadata about the provided uid + * + * Retrieves the metadata stored for a given `uid` as a `secure_storage_response_get_info` + * structure. + * + * \param[in] context The concrete backend context + * \param[in] client_id Identifier of the asset's owner (client) + * \param[in] uid The `uid` value + * \param[out] p_info A pointer to the `psa_storage_info_t` struct that will + * be populated with the metadata + * + * \return A status indicating the success/failure of the operation + * + * \retval PSA_SUCCESS The operation completed successfully + * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided + * uid value was not found in the storage + * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical + * storage has failed (Fatal error) + * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the + * provided pointers(`p_info`) + * is invalid, for example is `NULL` or + * references memory the caller cannot + * access + */ + psa_status_t (*get_info)(void *context, + uint32_t client_id, + uint64_t uid, + struct psa_storage_info_t *p_info); + + /** + * \brief Remove the specified asset from the storage + * + * Deletes the data from storage backend. + * + * \param[in] context The concrete backend context + * \param[in] client_id Identifier of the asset's owner (client) + * \param[in] uid The `uid` value + * + * \return A status indicating the success/failure of the operation + * + * \retval PSA_SUCCESS The operation completed successfully + * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one or more + * of the given arguments were invalid (null + * pointer, wrong flags and so on) + * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided + * uid value was not found in the storage + * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the provided + * uid value was created with + * TS_SECURE_STORAGE_FLAG_WRITE_ONCE + * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical + * storage has failed (Fatal error) + */ + psa_status_t (*remove)(void *context, + uint32_t client_id, + uint64_t uid); +}; + +/** + * \brief Common storage backend instance + * + * Used by a storage frontend to make an association with a backend. + */ +struct storage_backend +{ + /** + * \brief The backend context + * + * Points to bandend specific instance data. + */ + void *context; + + /** + * \brief The backend interface + * + * A concrete backend provides an implementation of this interface. + */ + const struct storage_backend_interface *interface; +}; + +#ifdef __cplusplus +} +#endif + +#endif /* __STORAGE_BACKEND_H__ */ diff --git a/components/service/secure_storage/client/psa/its/its_client.h b/components/service/secure_storage/client/psa/its/its_client.h deleted file mode 100644 index b8b72090d..000000000 --- a/components/service/secure_storage/client/psa/its/its_client.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#ifndef PSA_ITS_CLIENT_H -#define PSA_ITS_CLIENT_H - -#include <psa/error.h> -#include <rpc_caller.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * @brief Assignes a concrete rpc caller to the ITS library and initialises - * the library state. - * - * @param[in] rpc_caller RPC caller instance - * - * @return A status indicating the success/failure of the operation - */ -psa_status_t psa_its_client_init(struct rpc_caller *caller); - -#ifdef __cplusplus -} -#endif - -#endif /* PSA_ITS_CLIENT_H */ diff --git a/components/service/secure_storage/frontend/psa/its/component.cmake b/components/service/secure_storage/frontend/psa/its/component.cmake new file mode 100644 index 000000000..483da9d3c --- /dev/null +++ b/components/service/secure_storage/frontend/psa/its/component.cmake @@ -0,0 +1,13 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- +if (NOT DEFINED TGT) + message(FATAL_ERROR "mandatory parameter TGT is not defined.") +endif() + +target_sources(${TGT} PRIVATE + "${CMAKE_CURRENT_LIST_DIR}/its_frontend.c" + ) diff --git a/components/service/secure_storage/frontend/psa/its/its_frontend.c b/components/service/secure_storage/frontend/psa/its/its_frontend.c new file mode 100644 index 000000000..5b45350f2 --- /dev/null +++ b/components/service/secure_storage/frontend/psa/its/its_frontend.c @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include "its_frontend.h" +#include <psa/internal_trusted_storage.h> + + +/* Singleton instance data */ +static struct psa_its_frontend +{ + struct storage_backend *backend; + uint32_t client_id; +} instance; + +psa_status_t psa_its_frontend_init(struct storage_backend *backend) +{ + instance.backend = backend; + instance.client_id = 0; + + return PSA_SUCCESS; +} + +psa_status_t psa_its_set(psa_storage_uid_t uid, + size_t data_length, + const void *p_data, + psa_storage_create_flags_t create_flags) +{ + return instance.backend->interface->set( + instance.backend->context, + instance.client_id, + uid, + data_length, + p_data, + create_flags); +} + +psa_status_t psa_its_get(psa_storage_uid_t uid, + size_t data_offset, + size_t data_size, + void *p_data, + size_t *p_data_length) +{ + return instance.backend->interface->get( + instance.backend->context, + instance.client_id, + uid, + data_offset, + data_size, + p_data, + p_data_length); +} + +psa_status_t psa_its_get_info(psa_storage_uid_t uid, + struct psa_storage_info_t *p_info) +{ + return instance.backend->interface->get_info( + instance.backend->context, + instance.client_id, + uid, + p_info); +} + +psa_status_t psa_its_remove(psa_storage_uid_t uid) +{ + return instance.backend->interface->remove( + instance.backend->context, + instance.client_id, + uid); +} diff --git a/components/service/secure_storage/frontend/psa/its/its_frontend.h b/components/service/secure_storage/frontend/psa/its/its_frontend.h new file mode 100644 index 000000000..c8da580da --- /dev/null +++ b/components/service/secure_storage/frontend/psa/its/its_frontend.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef PSA_ITS_FRONTEND_H +#define PSA_ITS_FRONTEND_H + +#include <psa/error.h> +#include <service/secure_storage/backend/storage_backend.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Assignes a concrete rpc caller to the ITS frontend and initialises + * the singleton ITS frontend instance + * + * Provides an implementation of the PSA ITS API as a storage frontend. Any + * suitable storage backend may be used. + * + * @param[in] backend Storage backend to use + * + * @return A status indicating the success/failure of the operation + */ +psa_status_t psa_its_frontend_init(struct storage_backend *backend); + +#ifdef __cplusplus +} +#endif + +#endif /* PSA_ITS_FRONTEND_H */ diff --git a/components/service/secure_storage/frontend/secure_storage_provider/component.cmake b/components/service/secure_storage/frontend/secure_storage_provider/component.cmake new file mode 100644 index 000000000..d60a040e6 --- /dev/null +++ b/components/service/secure_storage/frontend/secure_storage_provider/component.cmake @@ -0,0 +1,13 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- +if (NOT DEFINED TGT) + message(FATAL_ERROR "mandatory parameter TGT is not defined.") +endif() + +target_sources(${TGT} PRIVATE + "${CMAKE_CURRENT_LIST_DIR}/secure_storage_provider.c" + ) diff --git a/components/service/secure_storage/provider/secure_flash_store/sfs_provider.c b/components/service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.c index 76b6cbac1..11d61e82a 100644 --- a/components/service/secure_storage/provider/secure_flash_store/sfs_provider.c +++ b/components/service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.c @@ -4,44 +4,16 @@ * SPDX-License-Identifier: BSD-3-Clause */ -#include "sfs_provider.h" -#include "secure_flash_store.h" +#include "secure_storage_provider.h" #include <protocols/service/secure_storage/packed-c/secure_storage_proto.h> #include <protocols/service/psa/packed-c/status.h> #include <protocols/rpc/common/packed-c/status.h> #include <components/rpc/common/endpoint/rpc_interface.h> -#include <stdio.h> -/* Handler mapping table for service */ -static const struct service_handler handler_table[] = { - {TS_SECURE_STORAGE_OPCODE_SET, sfs_set_handler}, - {TS_SECURE_STORAGE_OPCODE_GET, sfs_get_handler}, - {TS_SECURE_STORAGE_OPCODE_GET_INFO, sfs_get_info_handler}, - {TS_SECURE_STORAGE_OPCODE_REMOVE, sfs_remove_handler} -}; - -struct rpc_interface *sfs_provider_init(struct sfs_provider *context) -{ - struct rpc_interface *rpc_interface = NULL; - - if (context == NULL) - goto out; - - if (sfs_init() != PSA_SUCCESS) - goto out; - - service_provider_init(&context->base_provider, context, handler_table, - sizeof(handler_table) / sizeof(handler_table[0])); - - rpc_interface = service_provider_get_rpc_interface(&context->base_provider); - -out: - return rpc_interface; -} - -rpc_status_t sfs_set_handler(void *context, struct call_req *req) +static rpc_status_t set_handler(void *context, struct call_req *req) { + struct secure_storage_provider *this_context = (struct secure_storage_provider*)context; struct secure_storage_request_set *request_desc; psa_status_t psa_status; @@ -59,17 +31,20 @@ rpc_status_t sfs_set_handler(void *context, struct call_req *req) if (req->req_buf.data_len < sizeof(struct secure_storage_request_set) + request_desc->data_length) return TS_RPC_ERROR_INVALID_REQ_BODY; - psa_status = sfs_set(req->caller_id, request_desc->uid, - request_desc->data_length, - request_desc->p_data, - request_desc->create_flags); + psa_status = this_context->backend->interface->set(this_context->backend->context, + req->caller_id, + request_desc->uid, + request_desc->data_length, + request_desc->p_data, + request_desc->create_flags); call_req_set_opstatus(req, psa_status); return TS_RPC_CALL_ACCEPTED; } -rpc_status_t sfs_get_handler(void *context, struct call_req *req) +static rpc_status_t get_handler(void *context, struct call_req *req) { + struct secure_storage_provider *this_context = (struct secure_storage_provider*)context; struct secure_storage_request_get *request_desc; psa_status_t psa_status; @@ -83,20 +58,22 @@ rpc_status_t sfs_get_handler(void *context, struct call_req *req) if (req->resp_buf.size < request_desc->data_size) return TS_RPC_ERROR_INVALID_RESP_BODY; - psa_status = sfs_get(req->caller_id, request_desc->uid, - request_desc->data_offset, - request_desc->data_size, - req->resp_buf.data, &req->resp_buf.data_len); + psa_status = this_context->backend->interface->get(this_context->backend->context, + req->caller_id, request_desc->uid, + request_desc->data_offset, + request_desc->data_size, + req->resp_buf.data, &req->resp_buf.data_len); call_req_set_opstatus(req, psa_status); return TS_RPC_CALL_ACCEPTED; } -rpc_status_t sfs_get_info_handler(void *context, struct call_req *req) +static rpc_status_t get_info_handler(void *context, struct call_req *req) { + struct secure_storage_provider *this_context = (struct secure_storage_provider*)context; struct secure_storage_request_get_info *request_desc; struct secure_storage_response_get_info *response_desc; - struct secure_storage_response_get_info storage_info; //TODO: unnecessary? + struct psa_storage_info_t storage_info; psa_status_t psa_status; /* Checking if the descriptor fits into the request buffer */ @@ -111,7 +88,10 @@ rpc_status_t sfs_get_info_handler(void *context, struct call_req *req) response_desc = (struct secure_storage_response_get_info *)(req->resp_buf.data); - psa_status = sfs_get_info(req->caller_id, request_desc->uid, &storage_info); + psa_status = this_context->backend->interface->get_info(this_context->backend->context, + req->caller_id, + request_desc->uid, + &storage_info); call_req_set_opstatus(req, psa_status); if (psa_status != PSA_SUCCESS) { @@ -128,8 +108,9 @@ rpc_status_t sfs_get_info_handler(void *context, struct call_req *req) return TS_RPC_CALL_ACCEPTED; } -rpc_status_t sfs_remove_handler(void *context, struct call_req *req) +static rpc_status_t remove_handler(void *context, struct call_req *req) { + struct secure_storage_provider *this_context = (struct secure_storage_provider*)context; struct secure_storage_request_remove *request_desc; psa_status_t psa_status; @@ -139,8 +120,45 @@ rpc_status_t sfs_remove_handler(void *context, struct call_req *req) request_desc = (struct secure_storage_request_remove *)(req->req_buf.data); - psa_status = sfs_remove(req->caller_id, request_desc->uid); + psa_status = this_context->backend->interface->remove(this_context->backend->context, + req->caller_id, + request_desc->uid); call_req_set_opstatus(req, psa_status); return TS_RPC_CALL_ACCEPTED; } + +/* Handler mapping table for service */ +static const struct service_handler handler_table[] = { + {TS_SECURE_STORAGE_OPCODE_SET, set_handler}, + {TS_SECURE_STORAGE_OPCODE_GET, get_handler}, + {TS_SECURE_STORAGE_OPCODE_GET_INFO, get_info_handler}, + {TS_SECURE_STORAGE_OPCODE_REMOVE, remove_handler} +}; + +struct rpc_interface *secure_storage_provider_init(struct secure_storage_provider *context, + struct storage_backend *backend) +{ + struct rpc_interface *rpc_interface = NULL; + + if (context == NULL) + goto out; + + if (backend == NULL) + goto out; + + service_provider_init(&context->base_provider, context, handler_table, + sizeof(handler_table) / sizeof(handler_table[0])); + + rpc_interface = service_provider_get_rpc_interface(&context->base_provider); + + context->backend = backend; + +out: + return rpc_interface; +} + +void secure_storage_provider_deinit(struct secure_storage_provider *context) +{ + (void)context; +} diff --git a/components/service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h b/components/service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h new file mode 100644 index 000000000..65e49da89 --- /dev/null +++ b/components/service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef SECURE_STORAGE_PROVIDER_H +#define SECURE_STORAGE_PROVIDER_H + +#include <service/common/provider/service_provider.h> +#include <service/secure_storage/backend/storage_backend.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief A secure storage service provider + * + * Implements an RPC interface that realizes the secure storage service. + * Acts as a storage frontend that may be paired with any storage backend. + */ +struct secure_storage_provider { + struct service_provider base_provider; + struct storage_backend *backend; +}; + +struct rpc_interface *secure_storage_provider_init(struct secure_storage_provider *context, + struct storage_backend *backend); + +void secure_storage_provider_deinit(struct secure_storage_provider *context); + +#ifdef __cplusplus +} +#endif + +#endif /* SECURE_STORAGE_PROVIDER_H */ diff --git a/components/service/secure_storage/provider/mock_store/mock_store_provider.c b/components/service/secure_storage/provider/mock_store/mock_store_provider.c deleted file mode 100644 index b5eda2cd9..000000000 --- a/components/service/secure_storage/provider/mock_store/mock_store_provider.c +++ /dev/null @@ -1,257 +0,0 @@ -/* - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#include "mock_store_provider.h" -#include <protocols/service/secure_storage/packed-c/secure_storage_proto.h> -#include <protocols/rpc/common/packed-c/status.h> -#include <protocols/service/psa/packed-c/status.h> -#include <stdlib.h> -#include <string.h> - -static struct mock_store_slot *find_slot(struct mock_store_provider *context, uint32_t id); -static struct mock_store_slot *find_empty_slot(struct mock_store_provider *context); -static void free_slot(struct mock_store_slot *slot); -static rpc_status_t set_handler(void *context, struct call_req* req); -static rpc_status_t get_handler(void *context, struct call_req* req); -static rpc_status_t get_info_handler(void *context, struct call_req* req); -static rpc_status_t remove_handler(void *context, struct call_req* req); - -/* Handler mapping table for service */ -static const struct service_handler handler_table[] = { - {TS_SECURE_STORAGE_OPCODE_SET, set_handler}, - {TS_SECURE_STORAGE_OPCODE_GET, get_handler}, - {TS_SECURE_STORAGE_OPCODE_GET_INFO, get_info_handler}, - {TS_SECURE_STORAGE_OPCODE_REMOVE, remove_handler} -}; - -struct rpc_interface *mock_store_provider_init(struct mock_store_provider *context) -{ - for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) { - - context->slots[i].len = 0; - context->slots[i].flags = 0; - context->slots[i].id = (uint32_t)(-1); - context->slots[i].item = NULL; - } - - service_provider_init(&context->base_provider, context, - handler_table, sizeof(handler_table)/sizeof(struct service_handler)); - - return service_provider_get_rpc_interface(&context->base_provider); -} - -void mock_store_provider_deinit(struct mock_store_provider *context) -{ - mock_store_reset(context); -} - -void mock_store_reset(struct mock_store_provider *context) -{ - for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) - free_slot(&context->slots[i]); -} - -bool mock_store_exists(const struct mock_store_provider *context, uint32_t id) -{ - bool exists = false; - - for (int i = 0; !exists && i < MOCK_STORE_NUM_SLOTS; ++i) { - exists = context->slots[i].item && (context->slots[i].id == id); - } - - return exists; -} - -size_t mock_store_num_items(const struct mock_store_provider *context) -{ - size_t count = 0; - - for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) { - if (context->slots[i].item) ++count; - } - - return count; -} - -static struct mock_store_slot *find_slot(struct mock_store_provider *context, uint32_t id) -{ - struct mock_store_slot *slot = NULL; - - for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) { - if (context->slots[i].item && (context->slots[i].id == id)) { - slot = &context->slots[i]; - break; - } - } - - return slot; -} - -static struct mock_store_slot *find_empty_slot(struct mock_store_provider *context) -{ - struct mock_store_slot *slot = NULL; - - for (int i = 0; i < MOCK_STORE_NUM_SLOTS; ++i) { - if (!context->slots[i].item) { - slot = &context->slots[i]; - break; - } - } - - return slot; -} - -static void free_slot(struct mock_store_slot *slot) -{ - if (slot->item) { - free(slot->item); - slot->len = 0; - slot->flags = 0; - slot->id = (uint32_t)(-1); - slot->item = NULL; - } -} - -static rpc_status_t set_handler(void *context, struct call_req *req) -{ - psa_status_t psa_status = PSA_ERROR_INSUFFICIENT_MEMORY; - struct mock_store_provider *this_context = (struct mock_store_provider*)context; - struct mock_store_slot *slot; - struct secure_storage_request_set *request_desc; - - /* Checking if the descriptor fits into the request buffer */ - if (req->req_buf.data_len < sizeof(struct secure_storage_request_set)) - return TS_RPC_ERROR_INVALID_REQ_BODY; - - request_desc = (struct secure_storage_request_set *)(req->req_buf.data); - - /* Checking for overflow */ - if (sizeof(struct secure_storage_request_set) + request_desc->data_length < request_desc->data_length) - return TS_RPC_ERROR_INVALID_REQ_BODY; - - /* Checking if descriptor and data fits into the request buffer */ - if (req->req_buf.data_len < sizeof(struct secure_storage_request_set) + request_desc->data_length) - return TS_RPC_ERROR_INVALID_REQ_BODY; - - /* Replace existing or add new item */ - slot = find_slot(this_context, request_desc->uid); - if (slot) free_slot(slot); - else slot = find_empty_slot(this_context); - - if (slot) { - slot->id = request_desc->uid; - slot->flags = request_desc->create_flags; - slot->len = request_desc->data_length; - slot->item = malloc(slot->len); - if (slot->item) { - memcpy(slot->item, request_desc->p_data, slot->len); - psa_status = PSA_SUCCESS; - } - } - - call_req_set_opstatus(req, psa_status); - - return TS_RPC_CALL_ACCEPTED; -} - -static rpc_status_t get_handler(void *context, struct call_req *req) -{ - struct mock_store_provider *this_context = (struct mock_store_provider*)context; - struct secure_storage_request_get *request_desc; - psa_status_t psa_status = PSA_ERROR_DOES_NOT_EXIST; - struct mock_store_slot *slot; - - /* Checking if the descriptor fits into the request buffer */ - if (req->req_buf.data_len < sizeof(struct secure_storage_request_get)) - return TS_RPC_ERROR_INVALID_REQ_BODY; - - request_desc = (struct secure_storage_request_get *)(req->req_buf.data); - - /* Check if the requested data would fit into the response buffer. */ - if (req->resp_buf.size < request_desc->data_size) - return TS_RPC_ERROR_INVALID_RESP_BODY; - - /* Find the item */ - slot = find_slot(this_context, request_desc->uid); - - if (slot && (slot->len <= req->resp_buf.size)) { - memcpy(req->resp_buf.data, slot->item, slot->len); - req->resp_buf.data_len = slot->len; - psa_status = PSA_SUCCESS; - } - - call_req_set_opstatus(req, psa_status); - - return TS_RPC_CALL_ACCEPTED; -} - -static rpc_status_t get_info_handler(void *context, struct call_req *req) -{ - struct mock_store_provider *this_context = (struct mock_store_provider*)context; - struct secure_storage_request_get_info *request_desc; - struct secure_storage_response_get_info *response_desc; - psa_status_t psa_status; - struct mock_store_slot *slot; - - /* Checking if the descriptor fits into the request buffer */ - if (req->req_buf.data_len < sizeof(struct secure_storage_request_get_info)) - return TS_RPC_ERROR_INVALID_REQ_BODY; - - request_desc = (struct secure_storage_request_get_info *)(req->req_buf.data); - - /* Checking if the response structure would fit the response buffer */ - if (req->resp_buf.size < sizeof(struct secure_storage_response_get_info)) - return TS_RPC_ERROR_INVALID_RESP_BODY; - - response_desc = (struct secure_storage_response_get_info *)(req->resp_buf.data); - req->resp_buf.data_len = sizeof(struct secure_storage_response_get_info); - - /* Find itemto get info about */ - slot = find_slot(this_context, request_desc->uid); - - if (slot) { - response_desc->capacity = slot->len; - response_desc->size = slot->len; - response_desc->flags = slot->flags; - psa_status = PSA_SUCCESS; - } - else { - response_desc->capacity = 0; - response_desc->size = 0; - response_desc->flags = 0; - psa_status = PSA_ERROR_DOES_NOT_EXIST; - } - - call_req_set_opstatus(req, psa_status); - - return TS_RPC_CALL_ACCEPTED; -} - -static rpc_status_t remove_handler(void *context, struct call_req *req) -{ - struct mock_store_provider *this_context = (struct mock_store_provider*)context; - struct secure_storage_request_remove *request_desc; - psa_status_t psa_status = PSA_ERROR_DOES_NOT_EXIST; - struct mock_store_slot *slot; - - /* Checking if the descriptor fits into the request buffer */ - if (req->req_buf.data_len < sizeof(struct secure_storage_request_remove)) - return TS_RPC_ERROR_INVALID_REQ_BODY; - - request_desc = (struct secure_storage_request_remove *)(req->req_buf.data); - - /* Find and remove the item */ - slot = find_slot(this_context, request_desc->uid); - - if (slot) { - free_slot(slot); - psa_status = PSA_SUCCESS; - } - - call_req_set_opstatus(req, psa_status); - - return TS_RPC_CALL_ACCEPTED; -}
\ No newline at end of file diff --git a/components/service/secure_storage/provider/mock_store/mock_store_provider.h b/components/service/secure_storage/provider/mock_store/mock_store_provider.h deleted file mode 100644 index 9d2c136e4..000000000 --- a/components/service/secure_storage/provider/mock_store/mock_store_provider.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#ifndef MOCK_STORE_PROVIDER_H -#define MOCK_STORE_PROVIDER_H - -#include <stdbool.h> -#include <stdint.h> -#include <service/common/provider/service_provider.h> - -#ifdef __cplusplus -extern "C" { -#endif - -#define MOCK_STORE_NUM_SLOTS (100) - -struct mock_store_slot -{ - uint64_t id; - uint32_t flags; - size_t len; - uint8_t *item; -}; - -struct mock_store_provider -{ - struct service_provider base_provider; - struct mock_store_slot slots[MOCK_STORE_NUM_SLOTS]; -}; - -struct rpc_interface *mock_store_provider_init(struct mock_store_provider *context); -void mock_store_provider_deinit(struct mock_store_provider *context); - -/* Test support methods */ -void mock_store_reset(struct mock_store_provider *context); -bool mock_store_exists(const struct mock_store_provider *context, uint32_t id); -size_t mock_store_num_items(const struct mock_store_provider *context); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* MOCK_STORE_PROVIDER_H */ diff --git a/components/service/secure_storage/provider/secure_flash_store/secure_flash_store.h b/components/service/secure_storage/provider/secure_flash_store/secure_flash_store.h deleted file mode 100644 index 41b7aa865..000000000 --- a/components/service/secure_storage/provider/secure_flash_store/secure_flash_store.h +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright (c) 2019-2020, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * - */ - -#ifndef __SECURE_FLASH_STORE_H__ -#define __SECURE_FLASH_STORE_H__ - -#include <stddef.h> -#include <stdint.h> - -#include <protocols/service/psa/packed-c/status.h> -#include <protocols/service/secure_storage/packed-c/secure_storage_proto.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Initializes the internal trusted storage system. - * - * \return A status indicating the success/failure of the operation - * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the storage - * system initialization has failed (fatal - * error) - * \retval PSA_ERROR_GENERIC_ERROR The operation failed because of an - * unspecified internal failure - */ -psa_status_t sfs_init(void); - -/** - * \brief Create a new, or modify an existing, uid/value pair - * - * Stores data in the internal storage. - * - * \param[in] client_id Identifier of the asset's owner (client) - * \param[in] uid The identifier for the data - * \param[in] data_length The size in bytes of the data in `p_data` - * \param[in] create_flags The flags that the data will be stored with - * - * \return A status indicating the success/failure of the operation - * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the - * provided `uid` value was already - * created with - * TS_SECURE_STORAGE_FLAG_WRITE_ONCE - * \retval PSA_ERROR_NOT_SUPPORTED The operation failed because one or - * more of the flags provided in - * `create_flags` is not supported or is - * not valid - * \retval PSA_ERROR_INSUFFICIENT_STORAGE The operation failed because there - * was insufficient space on the - * storage medium - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the - * physical storage has failed (Fatal - * error) - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one - * of the provided pointers (`p_data`) - * is invalid, for example is `NULL` or - * references memory the caller cannot - * access - */ -psa_status_t sfs_set(uint32_t client_id, - uint64_t uid, - size_t data_length, - const void *p_data, - uint32_t create_flags); - -/** - * \brief Retrieve data associated with a provided UID - * - * Retrieves up to `data_size` bytes of the data associated with `uid`, starting - * at `data_offset` bytes from the beginning of the data. Upon successful - * completion, the data will be placed in the `p_data` buffer, which must be at - * least `data_size` bytes in size. The length of the data returned will be in - * `p_data_length`. If `data_size` is 0, the contents of `p_data_length` will - * be set to zero. - * - * \param[in] client_id Identifier of the asset's owner (client) - * \param[in] uid The uid value - * \param[in] data_offset The starting offset of the data requested - * \param[in] data_size The amount of data requested - * \param[out] p_data_length On success, this will contain size of the data - * placed in `p_data`. - * - * \return A status indicating the success/failure of the operation - * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the - * provided `uid` value was not found in - * the storage - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the - * physical storage has failed (Fatal - * error) - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the - * provided arguments (`p_data`, - * `p_data_length`) is invalid, for example - * is `NULL` or references memory the - * caller cannot access. In addition, this - * can also happen if `data_offset` is - * larger than the size of the data - * associated with `uid`. - */ -psa_status_t sfs_get(uint32_t client_id, - uint64_t uid, - size_t data_offset, - size_t data_size, - void *p_data, - size_t *p_data_length); - -/** - * \brief Retrieve the metadata about the provided uid - * - * Retrieves the metadata stored for a given `uid` as a `secure_storage_response_get_info` - * structure. - * - * \param[in] client_id Identifier of the asset's owner (client) - * \param[in] uid The `uid` value - * \param[out] p_info A pointer to the `secure_storage_response_get_info` struct that will - * be populated with the metadata - * - * \return A status indicating the success/failure of the operation - * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided - * uid value was not found in the storage - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical - * storage has failed (Fatal error) - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the - * provided pointers(`p_info`) - * is invalid, for example is `NULL` or - * references memory the caller cannot - * access - */ -psa_status_t sfs_get_info(uint32_t client_id, uint64_t uid, - struct secure_storage_response_get_info *p_info); - -/** - * \brief Remove the provided uid and sfs associated data from the storage - * - * Deletes the data from internal storage. - * - * \param[in] client_id Identifier of the asset's owner (client) - * \param[in] uid The `uid` value - * - * \return A status indicating the success/failure of the operation - * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one or more - * of the given arguments were invalid (null - * pointer, wrong flags and so on) - * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided - * uid value was not found in the storage - * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the provided - * uid value was created with - * TS_SECURE_STORAGE_FLAG_WRITE_ONCE - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical - * storage has failed (Fatal error) - */ -psa_status_t sfs_remove(uint32_t client_id, uint64_t uid); - -#ifdef __cplusplus -} -#endif - -#endif /* __SECURE_FLASH_STORE_H__ */ diff --git a/components/service/secure_storage/provider/secure_flash_store/sfs_provider.h b/components/service/secure_storage/provider/secure_flash_store/sfs_provider.h deleted file mode 100644 index a1d4c9c01..000000000 --- a/components/service/secure_storage/provider/secure_flash_store/sfs_provider.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#ifndef SFS_HANDLERS_H -#define SFS_HANDLERS_H - -#include <components/service/common/provider/service_provider.h> - -#ifdef __cplusplus -extern "C" { -#endif - -struct sfs_provider { - struct service_provider base_provider; -}; - -struct rpc_interface *sfs_provider_init(struct sfs_provider *context); -rpc_status_t sfs_set_handler(void *context, struct call_req *req); -rpc_status_t sfs_get_handler(void *context, struct call_req *req); -rpc_status_t sfs_get_info_handler(void *context, struct call_req *req); -rpc_status_t sfs_remove_handler(void *context, struct call_req *req); - -#ifdef __cplusplus -} -#endif - -#endif /* SFS_HANDLERS_H */ diff --git a/components/service/secure_storage/test/its_tests.cpp b/components/service/secure_storage/test/its_tests.cpp index 9ec24e445..12b057f48 100644 --- a/components/service/secure_storage/test/its_tests.cpp +++ b/components/service/secure_storage/test/its_tests.cpp @@ -8,8 +8,10 @@ #include <cstdint> #include <CppUTest/TestHarness.h> #include <rpc/direct/direct_caller.h> -#include <service/secure_storage/client/psa/its/its_client.h> -#include <service/secure_storage/provider/secure_flash_store/sfs_provider.h> +#include <service/secure_storage/frontend/psa/its/its_frontend.h> +#include <service/secure_storage/backend/secure_storage_client/secure_storage_client.h> +#include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h> +#include <service/secure_storage/backend/secure_flash_store/secure_flash_store.h> #include <psa/internal_trusted_storage.h> #include <psa/error.h> @@ -17,17 +19,23 @@ TEST_GROUP(InternalTrustedStorageTests) { void setup() { - struct rpc_interface *storage_ep = sfs_provider_init(&m_storage_provider); + struct storage_backend *storage_provider_backend = sfs_init(); + struct rpc_interface *storage_ep = secure_storage_provider_init(&m_storage_provider, storage_provider_backend); struct rpc_caller *storage_caller = direct_caller_init_default(&m_storage_caller, storage_ep); - psa_its_client_init(storage_caller); + + struct storage_backend *storage_client_backend = secure_storage_client_init(&m_storage_client, storage_caller); + psa_its_frontend_init(storage_client_backend); } void teardown() { + secure_storage_provider_deinit(&m_storage_provider); + secure_storage_client_deinit(&m_storage_client); direct_caller_deinit(&m_storage_caller); } - struct sfs_provider m_storage_provider; + struct secure_storage_provider m_storage_provider; + struct secure_storage_client m_storage_client; struct direct_caller m_storage_caller; }; diff --git a/deployments/component-test/component-test.cmake b/deployments/component-test/component-test.cmake index 0e6fd1bea..f2f972aad 100644 --- a/deployments/component-test/component-test.cmake +++ b/deployments/component-test/component-test.cmake @@ -50,11 +50,13 @@ add_components( "components/service/crypto/test/service/protobuf" "components/service/crypto/test/service/packed-c" "components/service/crypto/test/protocol" - "components/service/secure_storage/client/psa" - "components/service/secure_storage/provider/mock_store" - "components/service/secure_storage/provider/secure_flash_store" - "components/service/secure_storage/provider/secure_flash_store/flash_fs" - "components/service/secure_storage/provider/secure_flash_store/flash" + "components/service/secure_storage/frontend/psa/its" + "components/service/secure_storage/frontend/secure_storage_provider" + "components/service/secure_storage/backend/secure_storage_client" + "components/service/secure_storage/backend/mock_store" + "components/service/secure_storage/backend/secure_flash_store" + "components/service/secure_storage/backend/secure_flash_store/flash_fs" + "components/service/secure_storage/backend/secure_flash_store/flash" "components/service/secure_storage/test" "components/service/test_runner/provider" "components/service/test_runner/provider/serializer/packed-c" diff --git a/deployments/crypto/opteesp/CMakeLists.txt b/deployments/crypto/opteesp/CMakeLists.txt index 9441ecf01..108223aeb 100644 --- a/deployments/crypto/opteesp/CMakeLists.txt +++ b/deployments/crypto/opteesp/CMakeLists.txt @@ -50,7 +50,8 @@ add_components(TARGET "crypto-sp" "components/service/crypto/provider/mbedcrypto/trng_adapter/platform" "components/service/crypto/provider/serializer/protobuf" "components/service/crypto/provider/serializer/packed-c" - "components/service/secure_storage/client/psa" + "components/service/secure_storage/frontend/psa/its" + "components/service/secure_storage/backend/secure_storage_client" "protocols/rpc/common/packed-c" "protocols/service/secure_storage/packed-c" "protocols/service/crypto/protobuf" diff --git a/deployments/crypto/opteesp/crypto_sp.c b/deployments/crypto/opteesp/crypto_sp.c index 594fa89b8..2512eee0e 100644 --- a/deployments/crypto/opteesp/crypto_sp.c +++ b/deployments/crypto/opteesp/crypto_sp.c @@ -6,7 +6,7 @@ #include <rpc/ffarpc/caller/sp/ffarpc_caller.h> #include <rpc/ffarpc/endpoint/ffarpc_call_ep.h> #include <rpc/dummy/dummy_caller.h> -#include <service/secure_storage/client/psa/its/its_client.h> +#include <service/secure_storage/backend/secure_storage_client/secure_storage_client.h> #include <service/crypto/provider/mbedcrypto/crypto_provider.h> #include <service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.h> #include <service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.h> @@ -75,7 +75,7 @@ void __noreturn sp_main(struct ffa_init_info *init_info) ffa_call_ep_init(&ffarpc_call_ep, crypto_iface); - /* End of boot phase */ + /* End of boot phase */ ffa_msg_wait(&req_msg); while (1) { diff --git a/deployments/env-test/env_test.cmake b/deployments/env-test/env_test.cmake index bf2b5098f..b809c1d20 100644 --- a/deployments/env-test/env_test.cmake +++ b/deployments/env-test/env_test.cmake @@ -12,7 +12,7 @@ #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- -# Components that are common accross all deployments +# Components that are common across all deployments # #------------------------------------------------------------------------------- add_components( @@ -32,7 +32,8 @@ add_components( "components/service/crypto/provider/mbedcrypto" "components/service/crypto/provider/mbedcrypto/trng_adapter/platform" "components/service/crypto/provider/mbedcrypto/trng_adapter/test" - "components/service/secure_storage/client/psa" + "components/service/secure_storage/frontend/psa/its" + "components/service/secure_storage/backend/secure_storage_client" "protocols/rpc/common/packed-c" ) diff --git a/deployments/libts/linux-pc/CMakeLists.txt b/deployments/libts/linux-pc/CMakeLists.txt index 54c2cd9a8..3378ee3f3 100644 --- a/deployments/libts/linux-pc/CMakeLists.txt +++ b/deployments/libts/linux-pc/CMakeLists.txt @@ -41,10 +41,12 @@ add_components( "components/service/crypto/provider/mbedcrypto/trng_adapter/linux" "components/service/crypto/provider/serializer/protobuf" "components/service/crypto/provider/serializer/packed-c" - "components/service/secure_storage/client/psa" - "components/service/secure_storage/provider/secure_flash_store" - "components/service/secure_storage/provider/secure_flash_store/flash_fs" - "components/service/secure_storage/provider/secure_flash_store/flash" + "components/service/secure_storage/frontend/psa/its" + "components/service/secure_storage/frontend/secure_storage_provider" + "components/service/secure_storage/backend/secure_storage_client" + "components/service/secure_storage/backend/secure_flash_store" + "components/service/secure_storage/backend/secure_flash_store/flash_fs" + "components/service/secure_storage/backend/secure_flash_store/flash" "components/service/test_runner/provider" "components/service/test_runner/provider/serializer/packed-c" "components/service/test_runner/provider/backend/mock" diff --git a/deployments/secure-storage/opteesp/CMakeLists.txt b/deployments/secure-storage/opteesp/CMakeLists.txt index dc1aabf8c..4bcbd17da 100644 --- a/deployments/secure-storage/opteesp/CMakeLists.txt +++ b/deployments/secure-storage/opteesp/CMakeLists.txt @@ -34,10 +34,12 @@ add_components(TARGET "secure-storage" components/messaging/ffa/libsp components/rpc/ffarpc/endpoint components/rpc/common/interface + components/service/common components/service/common/provider - components/service/secure_storage/provider/secure_flash_store - components/service/secure_storage/provider/secure_flash_store/flash_fs - components/service/secure_storage/provider/secure_flash_store/flash + components/service/secure_storage/frontend/secure_storage_provider + components/service/secure_storage/backend/secure_flash_store + components/service/secure_storage/backend/secure_flash_store/flash_fs + components/service/secure_storage/backend/secure_flash_store/flash protocols/rpc/common/packed-c protocols/service/secure_storage/packed-c environments/opteesp diff --git a/deployments/secure-storage/opteesp/sp.c b/deployments/secure-storage/opteesp/sp.c index c24423c81..c3bc94aff 100644 --- a/deployments/secure-storage/opteesp/sp.c +++ b/deployments/secure-storage/opteesp/sp.c @@ -8,8 +8,8 @@ #include <ffa_api.h> #include <components/rpc/common/endpoint/rpc_interface.h> #include <components/rpc/ffarpc/endpoint/ffarpc_call_ep.h> -#include <components/service/secure_storage/provider/secure_flash_store/sfs_provider.h> -#include <components/service/common/provider/service_provider.h> +#include <components/service/secure_storage/backend/secure_flash_store/secure_flash_store.h> +#include <components/service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h> #include <sp_api.h> #include <sp_rxtx.h> #include <trace.h> @@ -22,11 +22,12 @@ void sp_main(struct ffa_init_info *init_info) { ffa_result ffa_res; sp_result sp_res; - struct rpc_interface *sfs_iface; + struct rpc_interface *secure_storage_iface; struct ffa_call_ep ffa_call_ep; struct ffa_direct_msg req_msg; struct ffa_direct_msg resp_msg; - struct sfs_provider sfs_provider; + struct secure_storage_provider secure_storage_provider; + struct storage_backend *storage_backend; /* Boot */ (void) init_info; @@ -41,8 +42,9 @@ void sp_main(struct ffa_init_info *init_info) EMSG("rxtx map error: %d", sp_res); } - sfs_iface = sfs_provider_init(&sfs_provider); - ffa_call_ep_init(&ffa_call_ep, sfs_iface); + storage_backend = sfs_init(); + secure_storage_iface = secure_storage_provider_init(&secure_storage_provider, storage_backend); + ffa_call_ep_init(&ffa_call_ep, secure_storage_iface); /* End of boot phase */ ffa_msg_wait(&req_msg); diff --git a/deployments/sfs-demo/opteesp/CMakeLists.txt b/deployments/sfs-demo/opteesp/CMakeLists.txt index 9f4dbae31..758b7ab5b 100644 --- a/deployments/sfs-demo/opteesp/CMakeLists.txt +++ b/deployments/sfs-demo/opteesp/CMakeLists.txt @@ -35,7 +35,8 @@ add_components(TARGET "sfs-demo" components/rpc/common/caller components/rpc/ffarpc/caller/sp components/service/common - components/service/secure_storage/client/psa + components/service/secure_storage/frontend/psa/its + components/service/secure_storage/backend/secure_storage_client protocols/rpc/common/packed-c protocols/service/secure_storage/packed-c environments/opteesp diff --git a/deployments/sfs-demo/opteesp/sp.c b/deployments/sfs-demo/opteesp/sp.c index 5bda8e977..1d8fe87ce 100644 --- a/deployments/sfs-demo/opteesp/sp.c +++ b/deployments/sfs-demo/opteesp/sp.c @@ -7,7 +7,8 @@ #include "sp.h" #include <ffa_api.h> #include <components/rpc/ffarpc/caller/sp/ffarpc_caller.h> -#include <components/service/secure_storage/client/psa/its/its_client.h> +#include <components/service/secure_storage/frontend/psa/its/its_frontend.h> +#include <service/secure_storage/backend/secure_storage_client/secure_storage_client.h> #include <psa/internal_trusted_storage.h> #include <sp_api.h> #include <sp_rxtx.h> @@ -133,6 +134,8 @@ void __noreturn sp_main(struct ffa_init_info *init_info) { struct ffa_direct_msg req_msg; struct rpc_caller *caller; struct ffarpc_caller ffa_caller; + struct secure_storage_client secure_storage_client; + struct storage_backend *storage_backend; uint16_t sp_ids[3]; uint32_t sp_id_cnt = 0; @@ -164,7 +167,8 @@ void __noreturn sp_main(struct ffa_init_info *init_info) { goto err; } - psa_its_client_init(caller); + storage_backend = secure_storage_client_init(&secure_storage_client, caller); + psa_its_frontend_init(storage_backend); /* * This is not thorough testing of the ITS SP! |