SST: Add uniform secure functions support
This patch adds the uniform secure functions support in SST.
Change-Id: I52475b43435ed3b6d289651ea777de9483116b7e
Signed-off-by: Marc Moreno <marc.morenoberengue@arm.com>
diff --git a/interface/include/tfm_sst_defs.h b/interface/include/tfm_sst_defs.h
index a008c73..1d54043 100644
--- a/interface/include/tfm_sst_defs.h
+++ b/interface/include/tfm_sst_defs.h
@@ -55,6 +55,9 @@
TFM_SST_ERR_INVALID \
)
+/* Invalid UID */
+#define TFM_SST_INVALID_UID 0
+
#ifdef __cplusplus
}
#endif
diff --git a/interface/include/tfm_sst_veneers.h b/interface/include/tfm_sst_veneers.h
deleted file mode 100644
index 670ffae..0000000
--- a/interface/include/tfm_sst_veneers.h
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Copyright (c) 2017-2019, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __TFM_SST_VENEERS_H__
-#define __TFM_SST_VENEERS_H__
-
-#include <stdint.h>
-
-#include "psa_protected_storage.h"
-#include "tfm_sst_defs.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Creates a new or modifies an existing asset. (Veneer function)
- *
- * \param[in] uid The unique identifier for the data
- * \param[in] data_length The size in bytes of the data in `p_data`
- * \param[in] p_data A buffer containing the data
- * \param[in] create_flags The flags indicating the properties of the data
- *
- * \return A status indicating the success/failure of the operation as specified
- * in \ref tfm_sst_err_t
- *
- * \retval TFM_SST_ERR_SUCCESS The operation completed successfully
- * \retval TFM_SST_ERR_WRITE_ONCE The operation failed because the
- * provided uid value was already
- * created with PSA_PS_FLAG_WRITE_ONCE
- * \retval TFM_SST_ERR_INVALID_ARGUMENT The operation failed because one or
- * more of the given arguments were
- * invalid (null pointer, etc.)
- * \retval TFM_SST_ERR_FLAGS_NOT_SUPPORTED The operation failed because one or
- * more of the flags provided in
- * `create_flags` is not supported or
- * is not valid
- * \retval TFM_SST_ERR_INSUFFICIENT_SPACE The operation failed because there
- * was insufficient space on the
- * storage medium
- * \retval TFM_SST_ERR_STORAGE_FAILURE The operation failed because the
- * physical storage has failed (fatal
- * error)
- * \retval TFM_SST_ERR_OPERATION_FAILED The operation failed because of an
- * unspecified internal failure.
- */
-enum tfm_sst_err_t tfm_sst_veneer_set(const psa_ps_uid_t *uid,
- uint32_t data_length,
- const void *p_data,
- psa_ps_create_flags_t create_flags);
-
-/**
- * \brief Gets the asset data for the provided uid. (Veneer function)
- *
- * \param[in] uid The unique identifier for the data
- * \param[in] data_offset The offset within the data associated with the `uid`
- * to start retrieving data
- * \param[in] data_length The amount of data to read (and the minimum
- * allocated size of the `p_data` buffer)
- * \param[out] p_data The buffer where the data will be placed upon
- * successful completion
- *
- * \return A status indicating the success/failure of the operation as specified
- * in \ref tfm_sst_err_t
- *
- * \retval TFM_SST_ERR_SUCCESS The operation completed successfully
- * \retval TFM_SST_ERR_INVALID_ARGUMENT The operation failed because one or
- * more of the given arguments were
- * invalid (null pointer, etc.)
- * \retval TFM_SST_ERR_UID_NOT_FOUND The operation failed because the
- * provided uid value was not found in the
- * storage
- * \retval TFM_SST_ERR_INCORRECT_SIZE The operation failed because the data
- * associated with provided uid is not the
- * same size as `data_size`
- * \retval TFM_SST_ERR_STORAGE_FAILURE The operation failed because the
- * physical storage has failed (fatal
- * error)
- * \retval TFM_SST_ERR_OPERATION_FAILED The operation failed because of an
- * unspecified internal failure
- * \retval TFM_SST_ERR_DATA_CORRUPT The operation failed because of an
- * authentication failure when attempting
- * to get the key
- * \retval TFM_SST_ERR_AUTH_FAILED The operation failed because of an
- * unspecified internal failure
- */
-enum tfm_sst_err_t tfm_sst_veneer_get(const psa_ps_uid_t *uid,
- uint32_t data_offset,
- uint32_t data_length,
- void *p_data);
-
-/**
- * \brief Gets the metadata for the provided uid. (Veneer function)
- *
- * \param[in] uid The unique identifier for the data
- * \param[out] p_info A pointer to the `psa_ps_info_t` struct that will be
- * populated with the metadata
- *
- * \return A status indicating the success/failure of the operation as specified
- * in \ref tfm_sst_err_t
- *
- * \retval TFM_SST_ERR_SUCCESS The operation completed successfully
- * \retval TFM_SST_ERR_INVALID_ARGUMENT The operation failed because one or
- * more of the given arguments were
- * invalid (null pointer, etc.)
- * \retval TFM_SST_ERR_UID_NOT_FOUND The operation failed because the
- * provided uid value was not found in the
- * storage
- * \retval TFM_SST_ERR_STORAGE_FAILURE The operation failed because the
- * physical storage has failed (fatal
- * error)
- * \retval TFM_SST_ERR_OPERATION_FAILED The operation failed because of an
- * unspecified internal failure
- * \retval TFM_SST_ERR_DATA_CORRUPT The operation failed because of an
- * authentication failure when attempting
- * to get the key
- * \retval TFM_SST_ERR_AUTH_FAILED The operation failed because of an
- * unspecified internal failure
- */
-enum tfm_sst_err_t tfm_sst_veneer_get_info(const psa_ps_uid_t *uid,
- struct psa_ps_info_t *p_info);
-
-/**
- * \brief Removes the provided uid and its associated data from storage. (Veneer
- * function)
- *
- * \param[in] uid The unique identifier for the data to be removed
- *
- * \return A status indicating the success/failure of the operation as specified
- * in \ref tfm_sst_err_t
- *
- * \retval TFM_SST_ERR_SUCCESS The operation completed successfully
- * \retval TFM_SST_ERR_INVALID_ARGUMENT The operation failed because one or
- * more of the given arguments were
- * invalid (null pointer, etc.)
- * \retval TFM_SST_ERR_UID_NOT_FOUND The operation failed because the
- * provided uid value was not found in the
- * storage
- * \retval TFM_SST_ERR_WRITE_ONCE The operation failed because the
- * provided uid value was created with
- * PSA_PS_WRITE_ONCE_FLAG
- * \retval TFM_SST_ERR_STORAGE_FAILURE The operation failed because the
- * physical storage has failed (fatal
- * error)
- * \retval TFM_SST_ERR_OPERATION_FAILED The operation failed because of an
- * unspecified internal failure
- */
-enum tfm_sst_err_t tfm_sst_veneer_remove(const psa_ps_uid_t *uid);
-
-/**
- * \brief Gets a bitmask with flags set for all of the optional features
- * supported by the implementation. (Veneer function)
- *
- * \param[out] support_flags A pointer to a variable that will be populated
- * with a uint32_t bitmask value which contains all
- * the bits set for all the optional features
- * supported by the implementation
- *
- * \return A status indicating the success/failure of the operation as specified
- * in \ref tfm_sst_err_t
- *
- * \retval TFM_SST_ERR_SUCCESS The operation completed successfully
- * \retval TFM_SST_ERR_OPERATION_FAILED The operation failed because of an
- * unspecified internal failure
- */
-enum tfm_sst_err_t tfm_sst_veneer_get_support(uint32_t *support_flags);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __TFM_SST_VENEERS_H__ */
diff --git a/interface/include/tfm_veneers.h b/interface/include/tfm_veneers.h
index 966d8c1..3be902d 100644
--- a/interface/include/tfm_veneers.h
+++ b/interface/include/tfm_veneers.h
@@ -17,11 +17,11 @@
#endif
/******** TFM_SP_STORAGE ********/
-psa_status_t tfm_tfm_sst_set_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
-psa_status_t tfm_tfm_sst_get_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
-psa_status_t tfm_tfm_sst_get_info_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
-psa_status_t tfm_tfm_sst_remove_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
-psa_status_t tfm_tfm_sst_get_support_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_tfm_sst_set_req_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_tfm_sst_get_req_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_tfm_sst_get_info_req_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_tfm_sst_remove_req_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_tfm_sst_get_support_req_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
/******** TFM_SP_AUDIT_LOG ********/
psa_status_t tfm_audit_core_retrieve_record_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
diff --git a/interface/src/tfm_sst_api.c b/interface/src/tfm_sst_api.c
index 2a20e28..5102b2f 100644
--- a/interface/src/tfm_sst_api.c
+++ b/interface/src/tfm_sst_api.c
@@ -9,20 +9,34 @@
#include "tfm_ns_lock.h"
#include "tfm_sst_defs.h"
-#include "tfm_sst_veneers.h"
+#include "tfm_veneers.h"
+
+#define IOVEC_LEN(x) (uint32_t)(sizeof(x)/sizeof(x[0]))
psa_ps_status_t psa_ps_set(psa_ps_uid_t uid,
uint32_t data_length,
const void *p_data,
psa_ps_create_flags_t create_flags)
{
+ psa_status_t status;
enum tfm_sst_err_t err;
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_set,
- (uint32_t)&uid,
- (uint32_t)data_length,
- (uint32_t)p_data,
- (uint32_t)create_flags);
+ psa_invec in_vec[] = {
+ { .base = &uid, .len = sizeof(uid) },
+ { .base = p_data, .len = data_length },
+ { .base = &create_flags, .len = sizeof(create_flags) }
+ };
+
+ psa_outvec out_vec[] = {
+ { .base = &err , .len = sizeof(err) }
+ };
+
+ status = tfm_ns_lock_dispatch((veneer_fn)tfm_tfm_sst_set_req_veneer,
+ (uint32_t)in_vec, IOVEC_LEN(in_vec),
+ (uint32_t)out_vec, IOVEC_LEN(out_vec));
+ if (status != PSA_SUCCESS) {
+ return PSA_PS_ERROR_OPERATION_FAILED;
+ }
return TFM_SST_PSA_RETURN(err);
}
@@ -32,39 +46,75 @@
uint32_t data_length,
void *p_data)
{
+ psa_status_t status;
enum tfm_sst_err_t err;
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_get,
- (uint32_t)&uid,
- (uint32_t)data_offset,
- (uint32_t)data_length,
- (uint32_t)p_data);
+ psa_invec in_vec[] = {
+ { .base = &uid, .len = sizeof(uid) },
+ { .base = &data_offset, .len = sizeof(data_offset) }
+ };
+
+ psa_outvec out_vec[] = {
+ { .base = &err, .len = sizeof(err) },
+ { .base = p_data, .len = data_length }
+ };
+
+ status = tfm_ns_lock_dispatch((veneer_fn)tfm_tfm_sst_get_req_veneer,
+ (uint32_t)in_vec, IOVEC_LEN(in_vec),
+ (uint32_t)out_vec, IOVEC_LEN(out_vec));
+
+ if (status != PSA_SUCCESS) {
+ return PSA_PS_ERROR_OPERATION_FAILED;
+ }
return TFM_SST_PSA_RETURN(err);
}
psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info)
{
+ psa_status_t status;
enum tfm_sst_err_t err;
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_get_info,
- (uint32_t)&uid,
- (uint32_t)p_info,
- (uint32_t)0,
- (uint32_t)0);
+ psa_invec in_vec[] = {
+ { .base = &uid, .len = sizeof(uid) }
+ };
+
+ psa_outvec out_vec[] = {
+ { .base = &err, .len = sizeof(err) },
+ { .base = p_info, .len = sizeof(*p_info) }
+ };
+
+ status = tfm_ns_lock_dispatch((veneer_fn)tfm_tfm_sst_get_info_req_veneer,
+ (uint32_t)in_vec, IOVEC_LEN(in_vec),
+ (uint32_t)out_vec, IOVEC_LEN(out_vec));
+
+ if (status != PSA_SUCCESS) {
+ return PSA_PS_ERROR_OPERATION_FAILED;
+ }
return TFM_SST_PSA_RETURN(err);
}
psa_ps_status_t psa_ps_remove(psa_ps_uid_t uid)
{
+ psa_status_t status;
enum tfm_sst_err_t err;
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_remove,
- (uint32_t)&uid,
- (uint32_t)0,
- (uint32_t)0,
- (uint32_t)0);
+ psa_invec in_vec[] = {
+ { .base = &uid, .len = sizeof(uid) }
+ };
+
+ psa_outvec out_vec[] = {
+ { .base = &err, .len = sizeof(err) }
+ };
+
+ status = tfm_ns_lock_dispatch((veneer_fn)tfm_tfm_sst_remove_req_veneer,
+ (uint32_t)in_vec, IOVEC_LEN(in_vec),
+ (uint32_t)out_vec, IOVEC_LEN(out_vec));
+
+ if (status != PSA_SUCCESS) {
+ return PSA_PS_ERROR_OPERATION_FAILED;
+ }
return TFM_SST_PSA_RETURN(err);
}
@@ -85,21 +135,21 @@
uint32_t psa_ps_get_support(void)
{
- uint32_t support_flags;
-
/* Initialise support_flags to a sensible default, to avoid returning an
* uninitialised value in case the secure function fails.
*/
- support_flags = 0;
+ uint32_t support_flags = 0;
+
+ psa_outvec out_vec[] = {
+ { .base = &support_flags, .len = sizeof(support_flags) }
+ };
/* The PSA API does not return an error, so any error from TF-M is
* ignored.
*/
- (void)tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_get_support,
- (uint32_t)&support_flags,
- (uint32_t)0,
- (uint32_t)0,
- (uint32_t)0);
+ (void)tfm_ns_lock_dispatch((veneer_fn)tfm_tfm_sst_get_support_req_veneer,
+ (uint32_t)NULL, 0,
+ (uint32_t)out_vec, IOVEC_LEN(out_vec));
return support_flags;
}