SST: Implement PSA SST API for secure partitions
This patch implements PSA SST API to be called from secure partitions.
It also updates the secure test suits to use the PSA SST API instead
the veneers APIs.
Change-Id: Ib048c4eb6c791ea741c0f7e0ce55e93c888f0c8e
Signed-off-by: Marc Moreno <marc.morenoberengue@arm.com>
diff --git a/interface/include/tfm_sst_veneers.h b/interface/include/tfm_sst_veneers.h
index c13c2cc..df62f75 100644
--- a/interface/include/tfm_sst_veneers.h
+++ b/interface/include/tfm_sst_veneers.h
@@ -83,7 +83,11 @@
/**
* \brief Reads asset's data from asset referenced by asset UUID.
*
- * \param[in] client_id Client ID which calls the service
+
+ * \param[in] client_id Client ID which calls the service.
+ * In case, the caller is a secure partition, this
+ * parameter can be a non-secure or secure client ID
+ * if the read is in behalf of that client.
* \param[in] asset_uuid Asset UUID
* \param[in] s_token Pointer to the asset's token
* \ref tfm_sst_token_t
diff --git a/platform/ext/target/mps2/an519/armclang/mps2_an519_s.sct b/platform/ext/target/mps2/an519/armclang/mps2_an519_s.sct
index f34926c..1648598 100644
--- a/platform/ext/target/mps2/an519/armclang/mps2_an519_s.sct
+++ b/platform/ext/target/mps2/an519/armclang/mps2_an519_s.sct
@@ -43,6 +43,7 @@
/**** Unprivileged Secure code start here */
TFM_UNPRIV_CODE +0 ALIGN 32 {
tfm_unpriv_api.o (+RO)
+ tfm_sst_secure_api.o (+RO)
dummy_crypto_keys.o (+RO)
platform_retarget_dev.o (+RO)
*(SFN)
@@ -85,6 +86,7 @@
TFM_UNPRIV_RO_DATA +0 ALIGN 32 {
tfm_unpriv_api.o (+RW +ZI)
+ tfm_sst_secure_api.o (+RW +ZI)
dummy_crypto_keys.o (+RW +ZI)
platform_retarget_dev.o (+RW +ZI)
}
diff --git a/platform/ext/target/mps2/an521/armclang/mps2_an521_s.sct b/platform/ext/target/mps2/an521/armclang/mps2_an521_s.sct
index 10c665c..73d4109 100644
--- a/platform/ext/target/mps2/an521/armclang/mps2_an521_s.sct
+++ b/platform/ext/target/mps2/an521/armclang/mps2_an521_s.sct
@@ -43,6 +43,7 @@
/**** Unprivileged Secure code start here */
TFM_UNPRIV_CODE +0 ALIGN 32 {
tfm_unpriv_api.o (+RO)
+ tfm_sst_secure_api.o (+RO)
dummy_crypto_keys.o (+RO)
platform_retarget_dev.o (+RO)
*(SFN)
@@ -85,6 +86,7 @@
TFM_UNPRIV_RO_DATA +0 ALIGN 32 {
tfm_unpriv_api.o (+RW +ZI)
+ tfm_sst_secure_api.o (+RW +ZI)
dummy_crypto_keys.o (+RW +ZI)
platform_retarget_dev.o (+RW +ZI)
}
diff --git a/platform/ext/target/musca_a/Device/Source/armclang/musca_s.sct b/platform/ext/target/musca_a/Device/Source/armclang/musca_s.sct
index f717aed..ca2bea7 100755
--- a/platform/ext/target/musca_a/Device/Source/armclang/musca_s.sct
+++ b/platform/ext/target/musca_a/Device/Source/armclang/musca_s.sct
@@ -43,6 +43,7 @@
/**** Unprivileged Secure code start here */
TFM_UNPRIV_CODE +0 ALIGN 32 {
tfm_unpriv_api.o (+RO)
+ tfm_sst_secure_api.o (+RO)
dummy_crypto_keys.o (+RO)
platform_retarget_dev.o (+RO)
*(SFN)
@@ -79,6 +80,7 @@
TFM_UNPRIV_RO_DATA +0 ALIGN 32 {
tfm_unpriv_api.o (+RW +ZI)
+ tfm_sst_secure_api.o (+RW +ZI)
dummy_crypto_keys.o (+RW +ZI)
platform_retarget_dev.o (+RW +ZI)
}
diff --git a/secure_fw/services/secure_storage/CMakeLists.inc b/secure_fw/services/secure_storage/CMakeLists.inc
index 1055321..31752fd 100644
--- a/secure_fw/services/secure_storage/CMakeLists.inc
+++ b/secure_fw/services/secure_storage/CMakeLists.inc
@@ -47,7 +47,8 @@
message(FATAL_ERROR "Incomplete build configuration: SST_VALIDATE_METADATA_FROM_FLASH is undefined. ")
endif()
- set (SECURE_STORAGE_C_SRC "${SECURE_STORAGE_DIR}/sst_core.c"
+ set (SECURE_STORAGE_C_SRC "${SECURE_STORAGE_DIR}/tfm_sst_secure_api.c"
+ "${SECURE_STORAGE_DIR}/sst_core.c"
"${SECURE_STORAGE_DIR}/sst_object_system.c"
"${SECURE_STORAGE_DIR}/sst_asset_management.c"
"${SECURE_STORAGE_DIR}/sst_utils.c"
diff --git a/secure_fw/services/secure_storage/sst_asset_management.c b/secure_fw/services/secure_storage/sst_asset_management.c
index 2f6addd..ce93b45 100644
--- a/secure_fw/services/secure_storage/sst_asset_management.c
+++ b/secure_fw/services/secure_storage/sst_asset_management.c
@@ -103,7 +103,7 @@
if (err == PSA_SST_ERR_SUCCESS) {
if (client_id != S_CLIENT_ID) {
- if (request_type & SST_PERM_READ) {
+ if (request_type & SST_PERM_REFERENCE) {
access = SST_PERM_REFERENCE;
} else {
/* Other permissions can not be delegated */
@@ -402,19 +402,47 @@
const struct tfm_sst_token_t *s_token,
struct tfm_sst_buf_t *data)
{
- struct tfm_sst_buf_t local_data;
- enum psa_sst_err_t err;
+ uint32_t caller_id;
struct sst_asset_policy_t *db_entry;
+ enum psa_sst_err_t err;
+ struct tfm_sst_buf_t local_data;
+
+ /* FIXME: For the moment, the secure callers can not be identified and
+ * all the secure requests have the same client ID
+ * (S_CLIENT_ID).
+ */
+ if (sst_utils_validate_secure_caller() == PSA_SST_ERR_SUCCESS) {
+ caller_id = S_CLIENT_ID;
+ if (client_id != S_CLIENT_ID) {
+ /* Reference read access requested, check if the client has
+ * reference permission, otherwise reject the request.
+ */
+ db_entry = sst_am_get_db_entry(client_id, asset_uuid,
+ SST_PERM_REFERENCE);
+ if (db_entry == NULL) {
+ return PSA_SST_ERR_ASSET_NOT_FOUND;
+ }
+ }
+ } else {
+ /* In a request from NSPE client, client_id is the caller ID and
+ * can not be a secure client ID.
+ */
+ if (SST_IS_CID_NSPE_CID(client_id) == 0) {
+ return PSA_SST_ERR_ASSET_NOT_FOUND;
+ }
+
+ caller_id = client_id;
+ }
/* Check client ID permissions */
- db_entry = sst_am_get_db_entry(client_id, asset_uuid, SST_PERM_READ);
+ db_entry = sst_am_get_db_entry(caller_id, asset_uuid, SST_PERM_READ);
if (db_entry == NULL) {
return PSA_SST_ERR_ASSET_NOT_FOUND;
}
/* Make a local copy of the iovec data structure */
err = validate_copy_validate_iovec(data, &local_data,
- client_id, TFM_MEMORY_ACCESS_RW);
+ caller_id, TFM_MEMORY_ACCESS_RW);
if (err != PSA_SST_ERR_SUCCESS) {
return PSA_SST_ERR_ASSET_NOT_FOUND;
}
diff --git a/secure_fw/services/secure_storage/sst_asset_management.h b/secure_fw/services/secure_storage/sst_asset_management.h
index 5ef0b2f..e51b562 100644
--- a/secure_fw/services/secure_storage/sst_asset_management.h
+++ b/secure_fw/services/secure_storage/sst_asset_management.h
@@ -20,6 +20,25 @@
*/
#define S_CLIENT_ID 0x00000001
+/* Invalid client ID (CID) */
+#define SST_INVALID_CLIENT_ID 0x00000000
+
+/* Non-Secure Processing Environment (NSPE) client ID mask */
+#define SST_NSPE_CLIENT_ID_MASK 0x80000000
+
+/**
+ * \def SST_IS_CID_NSPE_CID
+ *
+ * \brief Checks if the client ID is from a non-secure client ID.
+ *
+ * \param[in] cid Client ID to check
+ *
+ * \return Returns 1 if the pid is a non-secure client ID. Otherwise,
+ * it returns 0.
+ */
+#define SST_IS_CID_NSPE_CID(cid) ((cid & SST_NSPE_CLIENT_ID_MASK) != 0)
+
+
#define SST_PERM_BYPASS (1<<3) /*!< Permission check bypassed. Used when
* secure a secure entity calls as itself
* (and not on behalf of another NS client)
@@ -116,7 +135,10 @@
/**
* \brief Reads asset's data referenced by asset UUID.
*
- * \param[in] client_id Client ID which calls the service
+ * \param[in] client_id Client ID which calls the service.
+ * In case, the caller is a secure partition, this
+ * parameter can be a non-secure client ID if the
+ * read is in behalf of that non-secure client ID.
* \param[in] asset_uuid Asset UUID
* \param[in] s_token Pointer to the asset's token \ref tfm_sst_token_t
* \param[out] data Pointer to data vector \ref tfm_sst_buf_t to store
diff --git a/secure_fw/services/secure_storage/tfm_sst_secure_api.c b/secure_fw/services/secure_storage/tfm_sst_secure_api.c
new file mode 100644
index 0000000..98bd00e
--- /dev/null
+++ b/secure_fw/services/secure_storage/tfm_sst_secure_api.c
@@ -0,0 +1,172 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "psa_sst_api.h"
+#include "tfm_sst_veneers.h"
+#include "secure_fw/services/secure_storage/sst_asset_management.h"
+
+enum psa_sst_err_t psa_sst_create(uint32_t asset_uuid, const uint8_t *token,
+ uint32_t token_size)
+{
+ struct tfm_sst_token_t s_token;
+
+ /* Pack the token information in the token structure */
+ s_token.token = token;
+ s_token.token_size = token_size;
+
+ /* FIXME: Currently, TF-M framework does not provide any mechanism to
+ * identify the secure partition. So, the same partition ID
+ * (S_CLIENT_ID) is used for all the calls.
+ */
+ return tfm_sst_veneer_create(S_CLIENT_ID, asset_uuid, &s_token);
+
+}
+
+enum psa_sst_err_t psa_sst_get_info(uint32_t asset_uuid,
+ const uint8_t *token,
+ uint32_t token_size,
+ struct psa_sst_asset_info_t *info)
+{
+ struct tfm_sst_token_t s_token;
+
+ /* Pack the token information in the token structure */
+ s_token.token = token;
+ s_token.token_size = token_size;
+
+ /* FIXME: Currently, TF-M framework does not provide any mechanism to
+ * identify the secure partition. So, the same partition ID
+ * (S_CLIENT_ID) is used for all the calls.
+ */
+ return tfm_sst_veneer_get_info(S_CLIENT_ID, asset_uuid,
+ &s_token, info);
+}
+
+enum psa_sst_err_t psa_sst_get_attributes(uint32_t asset_uuid,
+ const uint8_t *token,
+ uint32_t token_size,
+ struct psa_sst_asset_attrs_t *attrs)
+{
+ struct tfm_sst_token_t s_token;
+
+ /* Pack the token information in the token structure */
+ s_token.token = token;
+ s_token.token_size = token_size;
+
+ /* FIXME: Currently, TF-M framework does not provide any mechanism to
+ * identify the secure partition. So, the same partition ID
+ * (S_CLIENT_ID) is used for all the calls.
+ */
+ return tfm_sst_veneer_get_attributes(S_CLIENT_ID, asset_uuid,
+ &s_token, attrs);
+}
+
+enum psa_sst_err_t psa_sst_set_attributes(uint32_t asset_uuid,
+ const uint8_t *token,
+ uint32_t token_size,
+ const struct psa_sst_asset_attrs_t *attrs)
+{
+ struct tfm_sst_token_t s_token;
+
+ /* Pack the token information in the token structure */
+ s_token.token = token;
+ s_token.token_size = token_size;
+
+ /* FIXME: Currently, TF-M framework does not provide any mechanism to
+ * identify the secure partition. So, the same partition ID
+ * (S_CLIENT_ID) is used for all the calls.
+ */
+ return tfm_sst_veneer_set_attributes(S_CLIENT_ID, asset_uuid,
+ &s_token, attrs);
+}
+
+enum psa_sst_err_t psa_sst_read(uint32_t asset_uuid,
+ const uint8_t *token,
+ uint32_t token_size,
+ uint32_t size,
+ uint32_t offset,
+ uint8_t *data)
+{
+ struct tfm_sst_token_t s_token;
+ struct tfm_sst_buf_t s_data;
+
+ /* Pack the token information in the token structure */
+ s_token.token = token;
+ s_token.token_size = token_size;
+
+ /* Pack buffer information in the buffer structure */
+ s_data.size = size;
+ s_data.offset = offset;
+ s_data.data = data;
+
+ return tfm_sst_veneer_read(S_CLIENT_ID, asset_uuid, &s_token, &s_data);
+}
+
+enum psa_sst_err_t psa_sst_reference_read(int32_t client_id,
+ uint32_t asset_uuid,
+ const uint8_t *token,
+ uint32_t token_size,
+ uint32_t size,
+ uint32_t offset,
+ uint8_t *data)
+{
+ struct tfm_sst_token_t s_token;
+ struct tfm_sst_buf_t s_data;
+
+ /* Pack the token information in the token structure */
+ s_token.token = token;
+ s_token.token_size = token_size;
+
+ /* Pack buffer information in the buffer structure */
+ s_data.size = size;
+ s_data.offset = offset;
+ s_data.data = data;
+
+ return tfm_sst_veneer_read(client_id, asset_uuid, &s_token, &s_data);
+}
+
+enum psa_sst_err_t psa_sst_write(uint32_t asset_uuid,
+ const uint8_t *token,
+ uint32_t token_size,
+ uint32_t size,
+ uint32_t offset,
+ const uint8_t *data)
+{
+ struct tfm_sst_token_t s_token;
+ struct tfm_sst_buf_t s_data;
+
+ /* Pack the token information in the token structure */
+ s_token.token = token;
+ s_token.token_size = token_size;
+
+ /* Pack buffer information in the buffer structure */
+ s_data.size = size;
+ s_data.offset = offset;
+ s_data.data = (uint8_t *)data;
+
+ /* FIXME: Currently, TF-M framework does not provide any mechanism to
+ * identify the secure partition. So, the same partition ID
+ * (S_CLIENT_ID) is used for all the calls.
+ */
+ return tfm_sst_veneer_write(S_CLIENT_ID, asset_uuid, &s_token, &s_data);
+}
+
+enum psa_sst_err_t psa_sst_delete(uint32_t asset_uuid,
+ const uint8_t *token,
+ uint32_t token_size)
+{
+ struct tfm_sst_token_t s_token;
+
+ /* Pack the token information in the token structure */
+ s_token.token = token;
+ s_token.token_size = token_size;
+
+ /* FIXME: Currently, TF-M framework does not provide any mechanism to
+ * identify the secure partition. So, the same partition ID
+ * (S_CLIENT_ID) is used for all the calls.
+ */
+ return tfm_sst_veneer_delete(S_CLIENT_ID, asset_uuid, &s_token);
+}
diff --git a/test/suites/sst/secure/s_test_helpers.h b/test/suites/sst/secure/s_test_helpers.h
index 9c9932f..5fb913f 100755
--- a/test/suites/sst/secure/s_test_helpers.h
+++ b/test/suites/sst/secure/s_test_helpers.h
@@ -14,6 +14,18 @@
#include "test/framework/test_framework.h"
+/*!
+ * \struct sst_test_buf_t
+ *
+ * \brief Structure to store test data information to read/write from/to asset.
+ *
+ */
+struct sst_test_buf_t {
+ uint8_t *data; /*!< Address of input/output data */
+ uint32_t size; /*!< Size of input/output data */
+ uint32_t offset; /*!< Offset within asset */
+};
+
/**
* Several tests use a buffer to read back data from an asset. This buffer is
* larger than the size of the asset data by PADDING_SIZE bytes. This allows
diff --git a/test/suites/sst/secure/sst_reliability_testsuite.c b/test/suites/sst/secure/sst_reliability_testsuite.c
index bc83b20..5d1861b 100644
--- a/test/suites/sst/secure/sst_reliability_testsuite.c
+++ b/test/suites/sst/secure/sst_reliability_testsuite.c
@@ -13,7 +13,7 @@
#include "test/framework/helpers.h"
#include "tfm_sst_defs.h"
#include "secure_fw/services/secure_storage/assets/sst_asset_defs.h"
-#include "tfm_sst_veneers.h"
+#include "psa_sst_api.h"
#include "s_test_helpers.h"
/* Test suite defines */
@@ -32,7 +32,8 @@
#define RESULT_DATA ("###" WRITE_DATA "###")
/* Define default asset's token */
-static struct tfm_sst_token_t test_token = { .token = NULL, .token_size = 0};
+#define ASSET_TOKEN NULL
+#define ASSET_TOKEN_SIZE 0
/* Define test suite for SST reliability tests */
/* List of tests */
@@ -64,10 +65,9 @@
#ifdef SST_ENABLE_PARTIAL_ASSET_RW
static void tfm_sst_test_3001(struct test_result_t *ret)
{
- int32_t client_id = S_CLIENT_ID;
uint32_t asset_offset = 0;
const uint32_t asset_uuid = SST_ASSET_ID_X509_CERT_LARGE;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
enum psa_sst_err_t err;
uint32_t itr;
uint8_t wrt_data[WRITE_BUF_SIZE] = WRITE_DATA;
@@ -79,7 +79,7 @@
}
/* Checks write permissions in create function */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -97,8 +97,8 @@
io_data.offset = asset_offset;
/* Checks write permissions in the write function */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token,
- &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write should not fail for client S_CLIENT_ID");
return;
@@ -108,8 +108,8 @@
io_data.data = &read_data[3];
/* Checks write permissions in the read function */
- err = tfm_sst_veneer_read(client_id, asset_uuid, &test_token,
- &io_data);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Client S_CLIENT_ID must get file handle");
return;
@@ -136,7 +136,7 @@
TEST_LOG("\n");
/* Checks write permissions in delete function */
- err = tfm_sst_veneer_delete(client_id, asset_uuid, &test_token);
+ err = psa_sst_delete(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Delete should not fail for client S_CLIENT_ID");
return;
@@ -147,8 +147,7 @@
#else
static void tfm_sst_test_3001(struct test_result_t *ret)
{
- int32_t client_id = S_CLIENT_ID;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
enum psa_sst_err_t err;
uint32_t itr;
const uint32_t asset_uuid = SST_ASSET_ID_AES_KEY_192;
@@ -161,7 +160,7 @@
}
/* Checks write permissions in create function */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -179,8 +178,8 @@
io_data.offset = 0;
/* Checks write permissions in the write function */
- err = tfm_sst_veneer_write(client_id, asset_uuid,
- &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write should not fail for client S_CLIENT_ID");
return;
@@ -190,8 +189,8 @@
io_data.data = data + HALF_PADDING_SIZE;
/* Checks write permissions in the read function */
- err = tfm_sst_veneer_read(client_id, asset_uuid,
- &test_token, &io_data);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Client S_CLIENT_ID must get file handle");
return;
@@ -220,7 +219,7 @@
TEST_LOG("\n");
/* Checks write permissions in delete function */
- err = tfm_sst_veneer_delete(client_id, asset_uuid, &test_token);
+ err = psa_sst_delete(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Delete should not fail for client S_CLIENT_ID");
return;
@@ -240,10 +239,9 @@
#ifdef SST_ENABLE_PARTIAL_ASSET_RW
static void tfm_sst_test_3002(struct test_result_t *ret)
{
- int32_t client_id = S_CLIENT_ID;
uint32_t asset_offset = 0;
const uint32_t asset_uuid = SST_ASSET_ID_X509_CERT_LARGE;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
enum psa_sst_err_t err;
uint32_t itr;
uint8_t wrt_data[WRITE_BUF_SIZE] = WRITE_DATA;
@@ -261,7 +259,7 @@
TEST_LOG(" > Iteration %d of %d\r", itr + 1, LOOP_ITERATIONS_002);
/* Checks write permissions in create function */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -273,8 +271,8 @@
io_data.offset = asset_offset;
/* Checks write permissions in the write function */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token,
- &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write should not fail for client S_CLIENT_ID");
return;
@@ -284,8 +282,8 @@
io_data.data = &read_data[3];
/* Checks write permissions in the read function */
- err = tfm_sst_veneer_read(client_id, asset_uuid, &test_token,
- &io_data);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Client S_CLIENT_ID must get file handle");
return;
@@ -310,7 +308,7 @@
asset_offset = 0;
/* Checks write permissions in delete function */
- err = tfm_sst_veneer_delete(client_id, asset_uuid, &test_token);
+ err = psa_sst_delete(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Delete should not fail for client S_CLIENT_ID");
return;
@@ -325,8 +323,7 @@
#else
static void tfm_sst_test_3002(struct test_result_t *ret)
{
- int32_t client_id = S_CLIENT_ID;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
enum psa_sst_err_t err;
uint32_t itr;
const uint32_t asset_uuid = SST_ASSET_ID_AES_KEY_192;
@@ -345,7 +342,7 @@
TEST_LOG(" > Iteration %d of %d\r", itr + 1, LOOP_ITERATIONS_002);
/* Checks write permissions in create function */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -357,8 +354,8 @@
io_data.offset = 0;
/* Checks write permissions in the write function */
- err = tfm_sst_veneer_write(client_id, asset_uuid,
- &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write should not fail for client S_CLIENT_ID");
return;
@@ -368,8 +365,8 @@
io_data.data = data + HALF_PADDING_SIZE;
/* Checks write permissions in the read function */
- err = tfm_sst_veneer_read(client_id, asset_uuid,
- &test_token, &io_data);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Client S_CLIENT_ID must get file handle");
return;
@@ -395,7 +392,7 @@
}
/* Checks write permissions in delete function */
- err = tfm_sst_veneer_delete(client_id, asset_uuid, &test_token);
+ err = psa_sst_delete(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Delete should not fail for client S_CLIENT_ID");
return;
diff --git a/test/suites/sst/secure/sst_sec_interface_testsuite.c b/test/suites/sst/secure/sst_sec_interface_testsuite.c
index fa560bd..090a509 100644
--- a/test/suites/sst/secure/sst_sec_interface_testsuite.c
+++ b/test/suites/sst/secure/sst_sec_interface_testsuite.c
@@ -13,11 +13,10 @@
#include "test/framework/helpers.h"
#include "secure_fw/services/secure_storage/assets/sst_asset_defs.h"
#include "secure_fw/services/secure_storage/sst_object_system.h"
-#include "tfm_sst_veneers.h"
+#include "psa_sst_api.h"
#include "s_test_helpers.h"
/* Test suite defines */
-#define INVALID_CLIENT_ID 0
#define INVALID_ASSET_ID 0xFFFF
#define READ_BUF_SIZE 14UL
#define WRITE_BUF_SIZE 5UL
@@ -37,7 +36,8 @@
#define BUFFER_SIZE_PLUS_ONE (BUFFER_SIZE + 1)
/* Define default asset's token */
-static struct tfm_sst_token_t test_token = { .token = NULL, .token_size = 0};
+#define ASSET_TOKEN NULL
+#define ASSET_TOKEN_SIZE 0
/* Define test suite for asset manager tests */
/* List of tests */
@@ -135,7 +135,6 @@
*/
static void tfm_sst_test_2001(struct test_result_t *ret)
{
- const int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_AES_KEY_192;
enum psa_sst_err_t err;
@@ -146,32 +145,35 @@
}
/* Checks write permissions in create function */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
}
/* Attempts to create the asset a second time */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Should not fail to create an already-created asset");
return;
}
/* Calls create with invalid asset ID */
- err = tfm_sst_veneer_create(client_id, INVALID_ASSET_ID, &test_token);
+ err = psa_sst_create(INVALID_ASSET_ID, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
TEST_FAIL("Create should fail for invalid ASSET ID");
return;
}
+#ifdef INVALID_CLIENT_ID_TEST
/* Calls create with invalid client ID */
- err = tfm_sst_veneer_create(INVALID_CLIENT_ID, asset_uuid, &test_token);
+ /* FIXME: Add test help call to change the client ID to an invalid one */
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
TEST_FAIL("Create should fail for invalid client ID");
return;
}
+#endif
ret->val = TEST_PASSED;
}
@@ -207,10 +209,10 @@
* - Valid client ID and attributes struct pointer
* - Invalid client ID
* - Invalid asset ID
+ * - Invalid client ID
*/
static void tfm_sst_test_2004(struct test_result_t *ret)
{
- const int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_AES_KEY_192;
struct psa_sst_asset_info_t asset_info;
enum psa_sst_err_t err;
@@ -222,7 +224,7 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -231,8 +233,8 @@
/* Calls get_attributes with valid client ID and
* attributes struct pointer
*/
- err = tfm_sst_veneer_get_info(client_id, asset_uuid,
- &test_token, &asset_info);
+ err = psa_sst_get_info(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ &asset_info);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Client S_CLIENT_ID should be able to read the "
"information of this asset");
@@ -250,24 +252,27 @@
return;
}
- /* Calls get_attributes with invalid client ID */
- err = tfm_sst_veneer_get_info(INVALID_CLIENT_ID, asset_uuid, &test_token,
- &asset_info);
- if (err == PSA_SST_ERR_SUCCESS) {
- TEST_FAIL("Get information function should fail for an invalid "
- "client ID");
- return;
- }
-
/* Calls get information with invalid asset ID */
- err = tfm_sst_veneer_get_info(client_id, INVALID_ASSET_ID, &test_token,
- &asset_info);
+ err = psa_sst_get_info(INVALID_ASSET_ID, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ &asset_info);
if (err == PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Get attributes function should fail for an invalid "
"asset ID");
return;
}
+#ifdef INVALID_CLIENT_ID_TEST
+ /* Calls get_attributes with invalid client ID */
+ /* FIXME: Add test help call to change the client ID to an invalid one */
+ err = psa_sst_get_info(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ &asset_info);
+ if (err == PSA_SST_ERR_SUCCESS) {
+ TEST_FAIL("Get information function should fail for an invalid "
+ "client ID");
+ return;
+ }
+#endif
+
ret->val = TEST_PASSED;
}
@@ -277,7 +282,6 @@
*/
static void tfm_sst_test_2005(struct test_result_t *ret)
{
- const int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_AES_KEY_192;
enum psa_sst_err_t err;
@@ -288,14 +292,14 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
}
/* Calls get information with invalid struct attributes pointer */
- err = tfm_sst_veneer_get_info(client_id, asset_uuid, &test_token, NULL);
+ err = psa_sst_get_info(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE, NULL);
if (err != PSA_SST_ERR_PARAM_ERROR) {
TEST_FAIL("Get information function should fail for an invalid "
"struct info pointer");
@@ -308,16 +312,15 @@
/**
* \brief Tests write function against:
* - Valid client ID and data pointer
- * - Invalid client ID
* - Invalid asset ID
+ * - Invalid client ID
*/
static void tfm_sst_test_2006(struct test_result_t *ret)
{
- const int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_AES_KEY_192;
struct psa_sst_asset_info_t asset_info;
enum psa_sst_err_t err;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
uint8_t wrt_data[WRITE_BUF_SIZE] = "DATA";
/* Prepares test context */
@@ -327,7 +330,7 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -339,7 +342,8 @@
io_data.offset = 0;
/* Writes data in the asset */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write should works correctly");
return;
@@ -348,8 +352,8 @@
/* Calls get information with valid client ID and
* attributes struct pointer
*/
- err = tfm_sst_veneer_get_info(client_id, asset_uuid,
- &test_token, &asset_info);
+ err = psa_sst_get_info(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ &asset_info);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Client S_CLIENT_ID should be able to read the "
"information of this asset");
@@ -362,36 +366,37 @@
return;
}
- /* Calls write function with invalid client ID */
- err = tfm_sst_veneer_write(INVALID_CLIENT_ID, asset_uuid, &test_token,
- &io_data);
- if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
- TEST_FAIL("Invalid client ID should not write in the file");
- return;
- }
-
/* Calls write function with invalid asset ID */
- err = tfm_sst_veneer_write(client_id, INVALID_ASSET_ID,
- &test_token, &io_data);
+ err = psa_sst_write(INVALID_ASSET_ID, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
TEST_FAIL("Invalid asset ID should not write in the file");
return;
}
+#ifdef INVALID_CLIENT_ID_TEST
+ /* Calls write function with invalid client ID */
+ /* FIXME: Add test help call to change the client ID to an invalid one */
+ err = tfm_sst_veneer_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
+ if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
+ TEST_FAIL("Invalid client ID should not write in the file");
+ return;
+ }
+#endif
+
ret->val = TEST_PASSED;
}
/**
* \brief Tests write function with:
- * - Null tfm_sst_buf_t pointer
* - Null write buffer pointer
*/
static void tfm_sst_test_2007(struct test_result_t *ret)
{
- const int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_AES_KEY_192;
enum psa_sst_err_t err;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
/* Prepares test context */
if (prepare_test_ctx(ret) != 0) {
@@ -400,26 +405,20 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
}
- /* Calls write function with tfm_sst_buf_t pointer set to NULL */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, NULL);
- if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
- TEST_FAIL("Write should fail with tfm_sst_buf_t pointer set to NULL");
- return;
- }
-
/* Sets data structure */
io_data.data = NULL;
io_data.size = 1;
io_data.offset = 0;
/* Calls write function with data pointer set to NULL */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
TEST_FAIL("Write should fail with data pointer set to NULL");
return;
@@ -434,10 +433,9 @@
*/
static void tfm_sst_test_2008(struct test_result_t *ret)
{
- const int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_AES_KEY_192;
enum psa_sst_err_t err;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
uint8_t wrt_data[BUFFER_PLUS_PADDING_SIZE] = {0};
/* Prepares test context */
@@ -447,7 +445,7 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -458,7 +456,8 @@
io_data.size = BUFFER_SIZE_PLUS_ONE;
io_data.offset = 0;
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err == PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Writing beyond end of asset should not succeed");
return;
@@ -468,7 +467,8 @@
io_data.size = 1;
io_data.offset = SST_ASSET_MAX_SIZE_AES_KEY_192;
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err == PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write to an offset beyond end of asset should not succeed");
return;
@@ -480,15 +480,14 @@
/**
* \brief Tests read function against:
* - Valid client ID and data pointer
- * - Invalid client ID
* - Invalid asset ID
+ * - Invalid client ID
*/
static void tfm_sst_test_2009(struct test_result_t *ret)
{
- const int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_AES_KEY_192;
enum psa_sst_err_t err;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
uint8_t wrt_data[WRITE_BUF_SIZE] = "DATA";
uint8_t read_data[READ_BUF_SIZE] = "XXXXXXXXXXXXX";
@@ -499,7 +498,7 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -511,7 +510,8 @@
io_data.offset = 0;
/* Writes data in the asset */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write should works correctly");
return;
@@ -523,7 +523,8 @@
io_data.offset = 0;
/* Read data from the asset */
- err = tfm_sst_veneer_read(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Read should works correctly");
return;
@@ -545,38 +546,39 @@
return;
}
- /* Calls read with invalid client ID */
- err = tfm_sst_veneer_read(INVALID_CLIENT_ID, asset_uuid, &test_token,
- &io_data);
- if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
- TEST_FAIL("Read should fail when read is called with an invalid "
- "client ID");
- return;
- }
-
/* Calls read with invalid asset ID */
- err = tfm_sst_veneer_read(client_id, INVALID_ASSET_ID,
- &test_token, &io_data);
+ err = psa_sst_read(INVALID_ASSET_ID, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
TEST_FAIL("Read should fail when read is called with an invalid "
"asset ID");
return;
}
+#ifdef INVALID_CLIENT_ID_TEST
+ /* Calls read with invalid client ID */
+ /* FIXME: Add test help call to change the client ID to an invalid one */
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
+ if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
+ TEST_FAIL("Read should fail when read is called with an invalid "
+ "client ID");
+ return;
+ }
+#endif
+
ret->val = TEST_PASSED;
}
/**
* \brief Tests read function with:
- * - Null tfm_sst_buf_t pointer
* - Null read buffer pointer
*/
static void tfm_sst_test_2010(struct test_result_t *ret)
{
- const int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_AES_KEY_192;
enum psa_sst_err_t err;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
/* Prepares test context */
if (prepare_test_ctx(ret) != 0) {
@@ -585,25 +587,19 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
}
- /* Calls read with invalid tfm_sst_buf_t pointer */
- err = tfm_sst_veneer_read(client_id, asset_uuid, &test_token, NULL);
- if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
- TEST_FAIL("Read with tfm_sst_buf_t pointer set to NULL should fail");
- return;
- }
-
io_data.data = NULL;
io_data.size = 1;
io_data.offset = 0;
/* Calls read with invalid data pointer */
- err = tfm_sst_veneer_read(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
TEST_FAIL("Read with read data pointer set to NULL should fail");
return;
@@ -618,10 +614,9 @@
*/
static void tfm_sst_test_2011(struct test_result_t *ret)
{
- const int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_AES_KEY_192;
enum psa_sst_err_t err;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
struct psa_sst_asset_info_t asset_info;
uint8_t data[BUFFER_SIZE_PLUS_ONE] = {0};
@@ -632,7 +627,7 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -644,15 +639,16 @@
io_data.offset = 0;
/* Writes data in the asset */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write should works correctly");
return;
}
/* Gets current asset information */
- err = tfm_sst_veneer_get_info(client_id, asset_uuid,
- &test_token, &asset_info);
+ err = psa_sst_get_info(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ &asset_info);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Client S_CLIENT_ID should be able to read the "
"information of this asset");
@@ -670,7 +666,8 @@
io_data.size = BUFFER_SIZE_PLUS_ONE;
io_data.offset = 0;
- err = tfm_sst_veneer_read(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err == PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Read beyond current size should not succeed");
return;
@@ -680,7 +677,8 @@
io_data.size = 1;
io_data.offset = asset_info.size_current;
- err = tfm_sst_veneer_read(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE, io_data.size,
+ io_data.offset, io_data.data);
if (err == PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Read from an offset beyond current size should not succeed");
return;
@@ -699,11 +697,9 @@
*/
static void tfm_sst_test_2012(struct test_result_t *ret)
{
- const int32_t client_id_1 = S_CLIENT_ID;
- const int32_t client_id_2 = S_CLIENT_ID;
const uint32_t asset_uuid_1 = SST_ASSET_ID_SHA224_HASH;
const uint32_t asset_uuid_2 = SST_ASSET_ID_SHA384_HASH;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
enum psa_sst_err_t err;
uint8_t read_data[BUF_SIZE_SHA224] = READ_DATA_SHA224;
uint8_t wrt_data[BUF_SIZE_SHA224] = WRITE_DATA_SHA224_1;
@@ -715,37 +711,39 @@
}
/* Creates assset */
- err = tfm_sst_veneer_create(client_id_1, asset_uuid_1, &test_token);
+ err = psa_sst_create(asset_uuid_1, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
}
+#ifdef INVALID_CLIENT_ID_TEST
/* Calls delete asset with invalid client ID */
- err = tfm_sst_veneer_delete(INVALID_CLIENT_ID,
- asset_uuid_1, &test_token);
+ /* FIXME: Add test help call to change the client ID to an invalid one */
+ err = psa_sst_delete(asset_uuid_1, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
TEST_FAIL("The delete action should fail if an invalid client "
"ID is provided");
return;
}
+#endif
/* Calls delete asset */
- err = tfm_sst_veneer_delete(client_id_1, asset_uuid_1, &test_token);
+ err = psa_sst_delete(asset_uuid_1, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("The delete action should work correctly");
return;
}
/* Calls delete with a deleted asset ID */
- err = tfm_sst_veneer_delete(client_id_1, asset_uuid_1, &test_token);
+ err = psa_sst_delete(asset_uuid_1, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
TEST_FAIL("The delete action should fail as ID is not valid");
return;
}
/* Calls delete asset with invalid asset ID */
- err = tfm_sst_veneer_delete(client_id_1, INVALID_ASSET_ID, &test_token);
+ err = psa_sst_delete(INVALID_ASSET_ID, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
TEST_FAIL("The delete action should fail if an invalid asset ID "
"is provided");
@@ -762,15 +760,15 @@
/* Creates assset 2 first to locate it at the beginning of the
* data block
*/
- err = tfm_sst_veneer_create(client_id_2, asset_uuid_2, &test_token);
+ err = psa_sst_create(asset_uuid_2, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
}
/* Creates asset 1 to locate it after the asset 2 in the data block */
- err = tfm_sst_veneer_create(client_id_1, SST_ASSET_ID_SHA224_HASH,
- &test_token);
+ err = psa_sst_create(SST_ASSET_ID_SHA224_HASH,
+ ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -782,8 +780,8 @@
io_data.offset = 0;
/* Writes data in asset 1 */
- err = tfm_sst_veneer_write(client_id_1, asset_uuid_1,
- &test_token, &io_data);
+ err = psa_sst_write(asset_uuid_1, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write data should work for client S_CLIENT_ID");
return;
@@ -792,7 +790,7 @@
/* Deletes asset 2. It means that after the delete call, asset 1 should be
* at the beginning of the block.
*/
- err = tfm_sst_veneer_delete(client_id_2, asset_uuid_2, &test_token);
+ err = psa_sst_delete(asset_uuid_2, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("The delete action should work correctly");
return;
@@ -808,8 +806,8 @@
io_data.offset = 0;
/* Read back the asset 1 */
- err = tfm_sst_veneer_read(client_id_1, asset_uuid_1,
- &test_token, &io_data);
+ err = psa_sst_read(asset_uuid_1, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Incorrect number of bytes read back");
return;
@@ -828,10 +826,9 @@
*/
static void tfm_sst_test_2013(struct test_result_t *ret)
{
- const int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_AES_KEY_192;
enum psa_sst_err_t err;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
uint32_t i;
uint8_t read_data[READ_BUF_SIZE] = "XXXXXXXXXXXXX";
uint8_t wrt_data[WRITE_BUF_SIZE] = "DATA";
@@ -843,7 +840,7 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -855,7 +852,8 @@
io_data.offset = 0;
/* Writes data in the asset */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write should works correctly");
return;
@@ -868,8 +866,8 @@
for (i = 0; i < WRITE_BUF_SIZE ; i++) {
/* Read data from the asset */
- err = tfm_sst_veneer_read(client_id, asset_uuid,
- &test_token, &io_data);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
#ifdef SST_ENABLE_PARTIAL_ASSET_RW
if (err != PSA_SST_ERR_SUCCESS) {
#else
@@ -916,10 +914,9 @@
*/
static void tfm_sst_test_2014(struct test_result_t *ret)
{
- const int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_AES_KEY_192;
enum psa_sst_err_t err;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
uint8_t read_data[READ_BUF_SIZE] = "XXXXXXXXXXXXX";
uint8_t wrt_data[WRITE_BUF_SIZE] = "DATA";
@@ -930,7 +927,7 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -942,7 +939,8 @@
io_data.offset = 0;
/* Writes data in the asset */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write should works correctly");
return;
@@ -961,7 +959,8 @@
io_data.offset = 0;
/* Reads back the data after the prepare */
- err = tfm_sst_veneer_read(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Incorrect number of bytes read back");
return;
@@ -992,10 +991,9 @@
*/
static void tfm_sst_test_2015(struct test_result_t *ret)
{
- const int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_AES_KEY_192;
enum psa_sst_err_t err;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
uint8_t wrt_data[BUF_SIZE_SHA224] = {0};
/* Prepares test context */
@@ -1005,7 +1003,7 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -1017,7 +1015,8 @@
io_data.offset = 0;
/* Writes data in the asset when data size is bigger than asset size */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err == PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Should have failed asset write of too large");
return;
@@ -1032,10 +1031,9 @@
*/
static void tfm_sst_test_2016(struct test_result_t *ret)
{
- const int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_SHA224_HASH;
enum psa_sst_err_t err;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
uint8_t read_data[READ_BUF_SIZE] = "XXXXXXXXXXXXX";
uint8_t wrt_data[WRITE_BUF_SIZE+1] = "Hello";
uint8_t wrt_data2[WRITE_BUF_SIZE+1] = "World";
@@ -1047,7 +1045,7 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -1059,7 +1057,8 @@
io_data.offset = 0;
/* Writes data in the asset */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write data 1 failed");
return;
@@ -1071,7 +1070,8 @@
io_data.offset = WRITE_BUF_SIZE;
/* Writes data 2 in the asset */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write data 2 failed");
return;
@@ -1083,7 +1083,8 @@
io_data.offset = 0;
/* Read back the data */
- err = tfm_sst_veneer_read(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Incorrect number of bytes read back");
return;
@@ -1105,10 +1106,9 @@
*/
static void tfm_sst_test_2017(struct test_result_t *ret)
{
- const int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_SHA224_HASH;
enum psa_sst_err_t err;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
uint8_t read_data[BUF_SIZE_SHA224] = READ_DATA_SHA224;
uint8_t wrt_data[BUF_SIZE_SHA224] = WRITE_DATA_SHA224_1;
uint8_t wrt_data2[BUF_SIZE_SHA224] = WRITE_DATA_SHA224_2;
@@ -1120,7 +1120,7 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -1132,7 +1132,8 @@
io_data.offset = 0;
/* Writes data in the asset */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write data 1 failed");
return;
@@ -1144,7 +1145,8 @@
io_data.offset = WRITE_BUF_SIZE;
/* Writes data in the asset */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err == PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write data 2 should have failed as this write tries to "
"write more bytes than the max size");
@@ -1157,7 +1159,8 @@
io_data.offset = WRITE_BUF_SIZE;
/* Writes data in the asset */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write data 3 failed");
return;
@@ -1169,7 +1172,8 @@
io_data.offset = 0;
/* Read back the data */
- err = tfm_sst_veneer_read(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Incorrect number of bytes read back");
return;
@@ -1188,13 +1192,10 @@
*/
static void tfm_sst_test_2018(struct test_result_t *ret)
{
-
- const int32_t client_id_1 = S_CLIENT_ID;
- const int32_t client_id_2 = S_CLIENT_ID;
const uint32_t asset_uuid_1 = SST_ASSET_ID_AES_KEY_192;
const uint32_t asset_uuid_2 = SST_ASSET_ID_SHA224_HASH;
enum psa_sst_err_t err;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
uint8_t read_data[READ_BUF_SIZE] = "XXXXXXXXXXXXX";
uint8_t wrt_data[WRITE_BUF_SIZE+1] = "Hello";
uint8_t wrt_data2[3] = "Hi";
@@ -1208,14 +1209,14 @@
}
/* Creates asset 1 */
- err = tfm_sst_veneer_create(client_id_1, asset_uuid_1, &test_token);
+ err = psa_sst_create(asset_uuid_1, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
}
/* Creates asset 2 */
- err = tfm_sst_veneer_create(client_id_2, asset_uuid_2, &test_token);
+ err = psa_sst_create(asset_uuid_2, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -1227,8 +1228,8 @@
io_data.offset = 0;
/* Writes data in asset 1 */
- err = tfm_sst_veneer_write(client_id_1, asset_uuid_1,
- &test_token, &io_data);
+ err = psa_sst_write(asset_uuid_1, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write data should work for client S_CLIENT_ID");
return;
@@ -1240,8 +1241,8 @@
io_data.offset = 0;
/* Writes data 2 in asset 2 */
- err = tfm_sst_veneer_write(client_id_2, asset_uuid_2,
- &test_token, &io_data);
+ err = psa_sst_write(asset_uuid_2, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write data should work for client S_CLIENT_ID");
return;
@@ -1253,8 +1254,8 @@
io_data.offset = WRITE_BUF_SIZE;
/* Writes data 3 in asset 1 */
- err = tfm_sst_veneer_write(client_id_1, asset_uuid_1,
- &test_token, &io_data);
+ err = psa_sst_write(asset_uuid_1, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write data should work for client S_CLIENT_ID");
return;
@@ -1266,8 +1267,8 @@
io_data.offset = 2;
/* Writes data 4 in asset 2 */
- err = tfm_sst_veneer_write(client_id_2, asset_uuid_2,
- &test_token, &io_data);
+ err = psa_sst_write(asset_uuid_2, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Write data should work for client S_CLIENT_ID");
return;
@@ -1279,8 +1280,8 @@
io_data.offset = 0;
/* Read back the asset 1 */
- err = tfm_sst_veneer_read(client_id_1, asset_uuid_1,
- &test_token, &io_data);
+ err = psa_sst_read(asset_uuid_1, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Incorrect number of bytes read back");
return;
@@ -1300,8 +1301,8 @@
io_data.offset = 0;
/* Read back the asset 2 */
- err = tfm_sst_veneer_read(client_id_2, asset_uuid_2,
- &test_token, &io_data);
+ err = psa_sst_read(asset_uuid_2, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Incorrect number of bytes read back");
return;
@@ -1321,10 +1322,9 @@
*/
static void tfm_sst_test_2019(struct test_result_t *ret)
{
- int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_SHA224_HASH;
enum psa_sst_err_t err;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
/* Prepares test context */
if (prepare_test_ctx(ret) != 0) {
@@ -1333,7 +1333,7 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -1345,14 +1345,16 @@
io_data.offset = 0;
/* Calls write with a ROM address location */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
TEST_FAIL("Write should fail for an illegal location");
return;
}
/* Calls read with a ROM address location */
- err = tfm_sst_veneer_read(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
TEST_FAIL("Read should fail for an illegal location");
return;
@@ -1366,10 +1368,9 @@
*/
static void tfm_sst_test_2020(struct test_result_t *ret)
{
- int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_SHA224_HASH;
enum psa_sst_err_t err;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
/* Prepares test context */
if (prepare_test_ctx(ret) != 0) {
@@ -1378,7 +1379,7 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -1390,14 +1391,16 @@
io_data.offset = 0;
/* Calls write with a device address location */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
TEST_FAIL("Write should fail for an illegal location");
return;
}
/* Calls read with a device address location */
- err = tfm_sst_veneer_read(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
TEST_FAIL("Read should fail for an illegal location");
return;
@@ -1411,10 +1414,9 @@
*/
static void tfm_sst_test_2021(struct test_result_t *ret)
{
- int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_SHA224_HASH;
enum psa_sst_err_t err;
- struct tfm_sst_buf_t io_data;
+ struct sst_test_buf_t io_data;
/* Prepares test context */
if (prepare_test_ctx(ret) != 0) {
@@ -1423,7 +1425,7 @@
}
/* Creates asset */
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail for client S_CLIENT_ID");
return;
@@ -1435,14 +1437,16 @@
io_data.offset = 0;
/* Calls write with a non-existing address location */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
TEST_FAIL("Write should fail for an illegal location");
return;
}
/* Calls read with a non-existing address location */
- err = tfm_sst_veneer_read(client_id, asset_uuid, &test_token, &io_data);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_ASSET_NOT_FOUND) {
TEST_FAIL("Read should fail for an illegal location");
return;
@@ -1457,10 +1461,9 @@
*/
static void tfm_sst_test_2022(struct test_result_t *ret)
{
- const int32_t client_id = S_CLIENT_ID;
const uint32_t asset_uuid = SST_ASSET_ID_AES_KEY_192;
struct psa_sst_asset_info_t asset_info;
- struct tfm_sst_buf_t buf;
+ struct sst_test_buf_t io_data;
enum psa_sst_err_t err;
uint8_t read_data[READ_BUF_SIZE] = "XXXXXXXXXXXXX";
uint8_t write_data_1[WRITE_BUF_SIZE] = "AAAA";
@@ -1471,25 +1474,26 @@
return;
}
- err = tfm_sst_veneer_create(client_id, asset_uuid, &test_token);
+ err = psa_sst_create(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Create should not fail");
return;
}
- buf.data = write_data_1;
- buf.size = (WRITE_BUF_SIZE - 1);
- buf.offset = 0;
+ io_data.data = write_data_1;
+ io_data.size = (WRITE_BUF_SIZE - 1);
+ io_data.offset = 0;
/* Writes write_data_1 to the asset */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &buf);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("First write should not fail");
return;
}
- err = tfm_sst_veneer_get_info(client_id, asset_uuid,
- &test_token, &asset_info);
+ err = psa_sst_get_info(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ &asset_info);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Get information should not fail");
return;
@@ -1503,19 +1507,20 @@
return;
}
- buf.data = write_data_2;
- buf.size = 1;
- buf.offset = 1;
+ io_data.data = write_data_2;
+ io_data.size = 1;
+ io_data.offset = 1;
/* Overwrites the second character in the asset with write_data_2 */
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &buf);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Second write should not fail");
return;
}
- err = tfm_sst_veneer_get_info(client_id, asset_uuid,
- &test_token, &asset_info);
+ err = psa_sst_get_info(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ &asset_info);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Get information should not fail");
return;
@@ -1527,11 +1532,12 @@
return;
}
- buf.data = (read_data + HALF_PADDING_SIZE);
- buf.size = (WRITE_BUF_SIZE - 1);
- buf.offset = 0;
+ io_data.data = (read_data + HALF_PADDING_SIZE);
+ io_data.size = (WRITE_BUF_SIZE - 1);
+ io_data.offset = 0;
- err = tfm_sst_veneer_read(client_id, asset_uuid, &test_token, &buf);
+ err = psa_sst_read(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_SUCCESS) {
TEST_FAIL("Read should not fail");
return;
@@ -1546,11 +1552,12 @@
}
/* Checks that offset can not be bigger than current asset's size */
- buf.data = write_data_2;
- buf.size = 1;
- buf.offset = (asset_info.size_current + 1);
+ io_data.data = write_data_2;
+ io_data.size = 1;
+ io_data.offset = (asset_info.size_current + 1);
- err = tfm_sst_veneer_write(client_id, asset_uuid, &test_token, &buf);
+ err = psa_sst_write(asset_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ io_data.size, io_data.offset, io_data.data);
if (err != PSA_SST_ERR_PARAM_ERROR) {
TEST_FAIL("Write must fail if the offset is bigger than the current"
" asset's size");
diff --git a/test/test_services/tfm_sst_test_service/sst_test_service.c b/test/test_services/tfm_sst_test_service/sst_test_service.c
index 1a2dbc2..8ca28b0 100644
--- a/test/test_services/tfm_sst_test_service/sst_test_service.c
+++ b/test/test_services/tfm_sst_test_service/sst_test_service.c
@@ -11,7 +11,7 @@
#include "secure_fw/services/secure_storage/assets/sst_asset_defs.h"
#include "secure_fw/services/secure_storage/sst_asset_management.h"
#include "secure_fw/services/secure_storage/sst_utils.h"
-#include "tfm_sst_veneers.h"
+#include "psa_sst_api.h"
#define SST_TEST_SERVICE_KEY { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, \
0xDE, 0xAD, 0xBE, 0xEF, 0xBA, 0xAD, 0xF0, 0x0D, }
@@ -35,22 +35,19 @@
enum psa_sst_err_t sst_test_service_sfn_setup(void)
{
enum psa_sst_err_t err;
- int32_t client_id = S_CLIENT_ID;
const uint32_t key_uuid = SST_ASSET_ID_AES_KEY_128;
- struct tfm_sst_token_t s_token = {.token = NULL, .token_size = 0};
-
uint8_t key_data[SST_TEST_SERVICE_KEY_SIZE] = SST_TEST_SERVICE_KEY;
- struct tfm_sst_buf_t key_buf = { key_data, SST_TEST_SERVICE_KEY_SIZE, 0 };
- /* Create the key asset using our secure client ID */
- err = tfm_sst_veneer_create(client_id, key_uuid, &s_token);
+ /* Create the key asset using our secure app ID */
+ err = psa_sst_create(key_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
if (err != PSA_SST_ERR_SUCCESS) {
return err;
}
- /* Write the key to the asset using our secure client ID */
- err = tfm_sst_veneer_write(client_id, key_uuid, &s_token, &key_buf);
+ /* Write the key to the asset using our secure app ID */
+ err = psa_sst_write(key_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE,
+ SST_TEST_SERVICE_KEY_SIZE, 0, key_data);
return err;
}
@@ -63,11 +60,11 @@
enum psa_sst_err_t err;
uint32_t i;
uint8_t key_data[SST_TEST_SERVICE_KEY_SIZE];
- struct tfm_sst_token_t s_token = {.token = NULL, .token_size = 0};
- struct tfm_sst_buf_t key_buf = { key_data, SST_TEST_SERVICE_KEY_SIZE, 0 };
/* Read the key from the asset using the non-secure caller's client ID */
- err = tfm_sst_veneer_read(client_id, key_uuid, &s_token, &key_buf);
+ err = psa_sst_reference_read(client_id, key_uuid, ASSET_TOKEN,
+ ASSET_TOKEN_SIZE, SST_TEST_SERVICE_KEY_SIZE,
+ 0, key_data);
if (err != PSA_SST_ERR_SUCCESS) {
return err;
}
@@ -101,12 +98,10 @@
enum psa_sst_err_t sst_test_service_sfn_clean(void)
{
enum psa_sst_err_t err;
- int32_t client_id = S_CLIENT_ID;
const uint32_t key_uuid = SST_ASSET_ID_AES_KEY_128;
- struct tfm_sst_token_t s_token = {.token = NULL, .token_size = 0};
- /* Delete the key asset using our secure client ID */
- err = tfm_sst_veneer_delete(client_id, key_uuid, &s_token);
+ /* Delete the key asset using our secure app ID */
+ err = psa_sst_delete(key_uuid, ASSET_TOKEN, ASSET_TOKEN_SIZE);
return err;
}