Core: create iovec-based veneers for secure functions
Define uniform API for all secure functions to enable
IO buffer sanitization when a secure function call is
made.
If secure function API is adopted for a given secure
function, it no longer needs to add a veneer, which
is instead auto-generated from the manifest file.
Change-Id: If3cdf579b0c39b5c1dff0721b3d563e06582825f
Signed-off-by: Miklos Balint <miklos.balint@arm.com>
diff --git a/secure_fw/ns_callable/CMakeLists.inc b/secure_fw/ns_callable/CMakeLists.inc
index 8b883db..80561db 100644
--- a/secure_fw/ns_callable/CMakeLists.inc
+++ b/secure_fw/ns_callable/CMakeLists.inc
@@ -23,7 +23,8 @@
message(FATAL_ERROR "Please set TFM_ROOT_DIR before including this file.")
endif()
-set (SS_NS_CALLABLE_C_SRC "${CMAKE_CURRENT_LIST_DIR}/tfm_sst_veneers.c"
+set (SS_NS_CALLABLE_C_SRC "${CMAKE_CURRENT_LIST_DIR}/tfm_veneers.c"
+ "${CMAKE_CURRENT_LIST_DIR}/tfm_sst_veneers.c"
"${CMAKE_CURRENT_LIST_DIR}/tfm_audit_veneers.c"
"${CMAKE_CURRENT_LIST_DIR}/tfm_crypto_veneers.c"
"${CMAKE_CURRENT_LIST_DIR}/tfm_platform_veneers.c"
@@ -37,5 +38,3 @@
embedded_include_directories(PATH ${TFM_ROOT_DIR} ABSOLUTE)
embedded_include_directories(PATH ${TFM_ROOT_DIR}/interface/include ABSOLUTE)
embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/spm ABSOLUTE)
-
-
diff --git a/secure_fw/ns_callable/tfm_veneers.c b/secure_fw/ns_callable/tfm_veneers.c
new file mode 100644
index 0000000..88d4789
--- /dev/null
+++ b/secure_fw/ns_callable/tfm_veneers.c
@@ -0,0 +1,158 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/*********** WARNING: This is an auto-generated file. Do not edit! ***********/
+
+#include "tfm_secure_api.h"
+#include "tfm_api.h"
+#include "secure_fw/spm/spm_partition_defs.h"
+
+/******** TFM_SP_STORAGE ********/
+int32_t sst_am_create(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_am_get_info(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_am_get_attributes(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_am_set_attributes(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_am_read(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_am_write(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_am_delete(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+
+/******** TFM_SP_AUDIT_LOG ********/
+int32_t audit_core_retrieve_record(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t audit_core_add_record(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t audit_core_get_info(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t audit_core_get_record_info(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t audit_core_delete_record(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+
+/******** TFM_SP_CRYPTO ********/
+int32_t tfm_crypto_import_key(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_destroy_key(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_get_key_information(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_export_key(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_encrypt_set_iv(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_encrypt_setup(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_decrypt_setup(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_cipher_update_wrapper(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_cipher_abort(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_cipher_finish(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_hash_start(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_hash_update(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_hash_finish(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_hash_verify(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_hash_abort(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+
+/******** TFM_SP_PLATFORM ********/
+int32_t platform_sp_system_reset(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+
+/******** TFM_SP_INITIAL_ATTESTATION ********/
+int32_t initial_attest_get_token(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+
+#ifdef TFM_PARTITION_TEST_CORE
+/******** TFM_SP_CORE_TEST ********/
+int32_t spm_core_test_sfn(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t spm_core_test_sfn_init_success(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t spm_core_test_sfn_direct_recursion(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+#endif /* TFM_PARTITION_TEST_CORE */
+
+#ifdef TFM_PARTITION_TEST_CORE
+/******** TFM_SP_CORE_TEST_2 ********/
+int32_t spm_core_test_2_slave_service(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t spm_core_test_2_sfn_invert(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t spm_core_test_2_check_caller_client_id(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+#endif /* TFM_PARTITION_TEST_CORE */
+
+#ifdef TFM_PARTITION_TEST_SST
+/******** TFM_SP_SST_TEST_PARTITION ********/
+int32_t sst_test_service_sfn_setup(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_test_service_sfn_dummy_encrypt(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_test_service_sfn_dummy_decrypt(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_test_service_sfn_clean(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+#endif /* TFM_PARTITION_TEST_SST */
+
+#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
+/******** TFM_SP_SECURE_TEST_PARTITION ********/
+int32_t tfm_secure_client_service_sfn_run_tests(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+#endif /* TFM_PARTITION_TEST_SECURE_SERVICES */
+
+
+#define TFM_VENEER_FUNCTION(partition_name, sfn_name) \
+ __tfm_secure_gateway_attributes__ \
+ int32_t tfm_##sfn_name##_veneer(struct psa_invec *in_vec, \
+ size_t in_len, \
+ struct psa_outvec *out_vec, \
+ size_t out_len) \
+ { \
+ TFM_CORE_SFN_REQUEST(partition_name##_ID, \
+ sfn_name, \
+ in_vec, in_len, out_vec, out_len); \
+ }
+
+/******** TFM_SP_STORAGE ********/
+TFM_VENEER_FUNCTION(TFM_SP_STORAGE, sst_am_create)
+TFM_VENEER_FUNCTION(TFM_SP_STORAGE, sst_am_get_info)
+TFM_VENEER_FUNCTION(TFM_SP_STORAGE, sst_am_get_attributes)
+TFM_VENEER_FUNCTION(TFM_SP_STORAGE, sst_am_set_attributes)
+TFM_VENEER_FUNCTION(TFM_SP_STORAGE, sst_am_read)
+TFM_VENEER_FUNCTION(TFM_SP_STORAGE, sst_am_write)
+TFM_VENEER_FUNCTION(TFM_SP_STORAGE, sst_am_delete)
+
+/******** TFM_SP_AUDIT_LOG ********/
+TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_retrieve_record)
+TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_add_record)
+TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_get_info)
+TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_get_record_info)
+TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_delete_record)
+
+/******** TFM_SP_CRYPTO ********/
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_import_key)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_destroy_key)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_get_key_information)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_export_key)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_encrypt_set_iv)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_encrypt_setup)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_decrypt_setup)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_cipher_update_wrapper)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_cipher_abort)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_cipher_finish)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_hash_start)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_hash_update)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_hash_finish)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_hash_verify)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_hash_abort)
+
+/******** TFM_SP_PLATFORM ********/
+TFM_VENEER_FUNCTION(TFM_SP_PLATFORM, platform_sp_system_reset)
+
+/******** TFM_SP_INITIAL_ATTESTATION ********/
+TFM_VENEER_FUNCTION(TFM_SP_INITIAL_ATTESTATION, initial_attest_get_token)
+
+#ifdef TFM_PARTITION_TEST_CORE
+/******** TFM_SP_CORE_TEST ********/
+TFM_VENEER_FUNCTION(TFM_SP_CORE_TEST, spm_core_test_sfn)
+TFM_VENEER_FUNCTION(TFM_SP_CORE_TEST, spm_core_test_sfn_init_success)
+TFM_VENEER_FUNCTION(TFM_SP_CORE_TEST, spm_core_test_sfn_direct_recursion)
+#endif /* TFM_PARTITION_TEST_CORE */
+
+#ifdef TFM_PARTITION_TEST_CORE
+/******** TFM_SP_CORE_TEST_2 ********/
+TFM_VENEER_FUNCTION(TFM_SP_CORE_TEST_2, spm_core_test_2_slave_service)
+TFM_VENEER_FUNCTION(TFM_SP_CORE_TEST_2, spm_core_test_2_sfn_invert)
+TFM_VENEER_FUNCTION(TFM_SP_CORE_TEST_2, spm_core_test_2_check_caller_client_id)
+#endif /* TFM_PARTITION_TEST_CORE */
+
+#ifdef TFM_PARTITION_TEST_SST
+/******** TFM_SP_SST_TEST_PARTITION ********/
+TFM_VENEER_FUNCTION(TFM_SP_SST_TEST_PARTITION, sst_test_service_sfn_setup)
+TFM_VENEER_FUNCTION(TFM_SP_SST_TEST_PARTITION, sst_test_service_sfn_dummy_encrypt)
+TFM_VENEER_FUNCTION(TFM_SP_SST_TEST_PARTITION, sst_test_service_sfn_dummy_decrypt)
+TFM_VENEER_FUNCTION(TFM_SP_SST_TEST_PARTITION, sst_test_service_sfn_clean)
+#endif /* TFM_PARTITION_TEST_SST */
+
+#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
+/******** TFM_SP_SECURE_TEST_PARTITION ********/
+TFM_VENEER_FUNCTION(TFM_SP_SECURE_TEST_PARTITION, tfm_secure_client_service_sfn_run_tests)
+#endif /* TFM_PARTITION_TEST_SECURE_SERVICES */
+
diff --git a/secure_fw/ns_callable/tfm_veneers.c.template b/secure_fw/ns_callable/tfm_veneers.c.template
new file mode 100644
index 0000000..1624747
--- /dev/null
+++ b/secure_fw/ns_callable/tfm_veneers.c.template
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+@!GENERATOR_DONOTEDIT_WARNING!@
+
+#include "tfm_secure_api.h"
+#include "tfm_api.h"
+#include "secure_fw/spm/spm_partition_defs.h"
+
+@!GENERATOR_BLOCK_START!@
+@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
+#ifdef @@attr.conditional@@
+@!GENERATOR_CONDITIONAL_END!@
+/******** @@manifest.tfm_partition_name@@ ********/
+int32_t @@manifest.secure_functions.tfm_symbol@@(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
+#endif /* @@attr.conditional@@ */
+@!GENERATOR_CONDITIONAL_END!@
+
+@!GENERATOR_BLOCK_END!@
+
+#define TFM_VENEER_FUNCTION(partition_name, sfn_name) \
+ __tfm_secure_gateway_attributes__ \
+ int32_t tfm_##sfn_name##_veneer(struct psa_invec *in_vec, \
+ size_t in_len, \
+ struct psa_outvec *out_vec, \
+ size_t out_len) \
+ { \
+ TFM_CORE_SFN_REQUEST(partition_name##_ID, \
+ sfn_name, \
+ in_vec, in_len, out_vec, out_len); \
+ }
+
+@!GENERATOR_BLOCK_START!@
+@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
+#ifdef @@attr.conditional@@
+@!GENERATOR_CONDITIONAL_END!@
+/******** @@manifest.tfm_partition_name@@ ********/
+TFM_VENEER_FUNCTION(@@manifest.tfm_partition_name@@, @@manifest.secure_functions.tfm_symbol@@)
+@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
+#endif /* @@attr.conditional@@ */
+@!GENERATOR_CONDITIONAL_END!@
+
+@!GENERATOR_BLOCK_END!@