SST: First public draft of PSA SST APIs
This patch releases the first public draft of Platform Security
Architecture (PSA) Secure Storage (SST) APIs.
The APIs are defined in psa_sst_api.h.
More information can be found in tfm_sst_integration_guide.md
The patch also accomodates the SST implementation and tests
accordingly.
Change-Id: Ibe537939f9692a86816fa0c7b2a8d070a502fd2c
Signed-off-by: Marc Moreno <marc.morenoberengue@arm.com>
diff --git a/interface/include/psa_sst_api.h b/interface/include/psa_sst_api.h
new file mode 100644
index 0000000..4ad50d2
--- /dev/null
+++ b/interface/include/psa_sst_api.h
@@ -0,0 +1,216 @@
+/*
+ * Copyright (c) 2017-2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/**
+ * \file psa_sst_api.h
+ *
+ * \brief Platform security architecture (PSA) API for secure storage partition
+ */
+
+#ifndef __PSA_SST_API__
+#define __PSA_SST_API__
+
+#include "psa_sst_asset_defs.h"
+#include "psa_sst_asset_macros.h"
+
+#include "tfm_api.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * PSA SST API version
+ */
+#define PSA_SST_API_VERSION_MAJOR 0
+#define PSA_SST_API_VERSION_MINOR 1
+
+/* The return value is shared with the TF-M partition status value.
+ * The SST return codes shouldn't overlap with predefined TFM status values.
+ */
+#define PSA_SST_ERR_OFFSET (TFM_PARTITION_SPECIFIC_ERROR_MIN)
+
+/*!
+ * \enum psa_sst_err_t
+ *
+ * \brief Secure storage service error types
+ *
+ */
+enum psa_sst_err_t {
+ PSA_SST_ERR_SUCCESS = 0,
+ PSA_SST_ERR_ASSET_NOT_PREPARED = PSA_SST_ERR_OFFSET,
+ PSA_SST_ERR_ASSET_NOT_FOUND,
+ PSA_SST_ERR_PARAM_ERROR,
+ PSA_SST_ERR_STORAGE_SYSTEM_FULL,
+ PSA_SST_ERR_SYSTEM_ERROR,
+ /* Following entry is only to ensure the error code of int size */
+ PSA_SST_ERR_FORCE_INT_SIZE = INT_MAX
+};
+
+/**
+ * \brief Allocates space for the asset, referenced by asset UUID,
+ * without setting any data in the asset.
+ *
+ * \param[in] asset_uuid Asset UUID
+ * \param[in] token Must be set to NULL, reserved for future use.
+ * Pointer to the asset token to be used to generate
+ * the asset key to encrypt and decrypt the asset
+ * data. This is an optional parameter that has to
+ * be NULL in case the token is not provied.
+ * \param[in] token_size Must be set to 0, reserved for future use.
+ * Token size. In case the token is not provided
+ * the token size has to be 0.
+ *
+ * \return Returns an PSA_SST_ERR_SUCCESS if asset is created correctly.
+ * Otherwise, error code as specified in \ref psa_sst_err_t
+ */
+enum psa_sst_err_t psa_sst_create(uint32_t asset_uuid,
+ const uint8_t* token,
+ uint32_t token_size);
+
+/**
+ * \brief Gets asset's information referenced by asset UUID.
+ *
+ * \param[in] asset_uuid Asset UUID
+ * \param[in] token Must be set to NULL, reserved for future use.
+ * Pointer to the asset token to be used to generate
+ * the asset key to encrypt and decrypt the asset
+ * data. This is an optional parameter that has to
+ * be NULL in case the token is not provied.
+ * \param[in] token_size Must be set to 0, reserved for future use.
+ * Token size. In case the token is not provided
+ * the token size has to be 0.
+ * \param[out] info Pointer to store the asset's information
+ * \ref psa_sst_asset_info_t
+ *
+ * \return Returns error code as specified in \ref psa_sst_err_t
+ */
+enum psa_sst_err_t psa_sst_get_info(uint32_t asset_uuid,
+ const uint8_t* token,
+ uint32_t token_size,
+ struct psa_sst_asset_info_t *info);
+
+/**
+ * \brief Gets asset's attributes referenced by asset UUID.
+ *
+ * \param[in] asset_uuid Asset UUID
+ * \param[in] token Must be set to NULL, reserved for future use.
+ * Pointer to the asset token to be used to generate
+ * the asset key to encrypt and decrypt the asset
+ * data. This is an optional parameter that has to
+ * be NULL in case the token is not provied.
+ * \param[in] token_size Must be set to 0, reserved for future use.
+ * Token size. In case the token is not provided
+ * the token size has to be 0.
+ * \param[out] attrs Pointer to store the asset's attributes
+ * \ref psa_sst_asset_attrs_t
+ *
+ * \return Returns error code as specified in \ref psa_sst_err_t
+ */
+enum psa_sst_err_t psa_sst_get_attributes(uint32_t asset_uuid,
+ const uint8_t* token,
+ uint32_t token_size,
+ struct psa_sst_asset_attrs_t *attrs);
+
+/**
+ * \brief Sets asset's attributes referenced by asset UUID.
+ *
+ * \param[in] asset_uuid Asset UUID
+ * \param[in] token Must be set to NULL, reserved for future use.
+ * Pointer to the asset token to be used to generate
+ * the asset key to encrypt and decrypt the asset
+ * data. This is an optional parameter that has to
+ * be NULL in case the token is not provied.
+ * \param[in] token_size Must be set to 0, reserved for future use.
+ * Token size. In case the token is not provided
+ * the token size has to be 0.
+ * \param[in] attrs Pointer to new the asset's attributes
+ * \ref psa_sst_asset_attrs_t
+ *
+ * \return Returns error code as specified in \ref psa_sst_err_t
+ */
+enum psa_sst_err_t psa_sst_set_attributes(
+ uint32_t asset_uuid,
+ const uint8_t* token,
+ uint32_t token_size,
+ const struct psa_sst_asset_attrs_t *attrs);
+
+/**
+ * \brief Reads asset's data from asset referenced by asset UUID.
+ *
+ * \param[in] asset_uuid Asset UUID
+ * \param[in] token Must be set to NULL, reserved for future use.
+ * Pointer to the asset token to be used to generate
+ * the asset key to encrypt and decrypt the asset
+ * data. This is an optional parameter that has to
+ * be NULL in case the token is not provied.
+ * \param[in] token_size Must be set to 0, reserved for future use.
+ * Token size. In case the token is not provided
+ * the token size has to be 0.
+ * \param[in] size Size of the data to read
+ * \param[in] offset Offset within asset to start to read
+ * \param[out] data Pointer to data vector to store data
+ *
+ * \return Returns error code as specified in \ref psa_sst_err_t
+ */
+enum psa_sst_err_t psa_sst_read(uint32_t asset_uuid,
+ const uint8_t* token,
+ uint32_t token_size,
+ uint32_t size,
+ uint32_t offset,
+ uint8_t *data);
+
+/**
+ * \brief Writes data into an asset referenced by asset UUID.
+ *
+ * \param[in] asset_uuid Asset UUID
+ * \param[in] token Must be set to NULL, reserved for future use.
+ * Pointer to the asset token to be used to generate
+ * the asset key to encrypt and decrypt the asset
+ * data. This is an optional parameter that has to
+ * be NULL in case the token is not provied.
+ * \param[in] token_size Must be set to 0, reserved for future use.
+ * Token size. In case the token is not provided
+ * the token size has to be 0.
+ * \param[in] size Size of the data to start to write
+ * \param[in] offset Offset within asset to write the data
+ * \param[in] data Pointer to data vector which contains the data to
+ * write
+ *
+ * \return Returns error code as specified in \ref psa_sst_err_t
+ */
+enum psa_sst_err_t psa_sst_write(uint32_t asset_uuid,
+ const uint8_t* token,
+ uint32_t token_size,
+ uint32_t size,
+ uint32_t offset,
+ const uint8_t *data);
+
+/**
+ * \brief Deletes the asset referenced by the asset UUID.
+ *
+ * \param[in] asset_uuid Asset UUID
+ * \param[in] token Must be set to NULL, reserved for future use.
+ * Pointer to the asset token to be used to generate
+ * the asset key to encrypt and decrypt the asset
+ * data. This is an optional parameter that has to
+ * be NULL in case the token is not provied.
+ * \param[in] token_size Must be set to 0, reserved for future use.
+ * Token size. In case the token is not provided
+ * the token size has to be 0.
+ *
+ * \return Returns error code as specified in \ref psa_sst_err_t
+ */
+enum psa_sst_err_t psa_sst_delete(uint32_t asset_uuid,
+ const uint8_t* token,
+ uint32_t token_size);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __PSA_SST_API__ */