AuditLog: Use uniform signatures
This patch amends the Audit Logging service to use
Uniform Signatures.
Change-Id: If8a84b75b6ec5937ae27c62b2b8c43644a5b2505
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
diff --git a/interface/include/audit_wrappers.h b/interface/include/audit_wrappers.h
deleted file mode 100644
index 2e3f62e..0000000
--- a/interface/include/audit_wrappers.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __AUDIT_WRAPPERS_H__
-#define __AUDIT_WRAPPERS_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*!
- * \struct audit_core_retrieve_input
- *
- * \brief Input structure for the audit_core_retrieve_record_wrapper function
- *
- */
-struct audit_core_retrieve_input {
- const uint32_t record_index; /*!< Index of the record to retrieve */
- const uint32_t buffer_size; /*!< Size in bytes of the provided buffer */
- const uint8_t *token; /*!< Must be set to NULL. Token used as a
- * challenge for encryption, to protect
- * against rollback attacks
- */
- const uint32_t token_size; /*!< Must be set to 0. Size in bytes of the
- * token used as challenge
- */
-};
-
-/*!
- * \struct audit_core_retrieve_output
- *
- * \brief Output structure for the audit_core_retrieve_record_wrapper function
- *
- */
-struct audit_core_retrieve_output {
- uint8_t *buffer; /*!< Buffer used to store the retrieved record */
- uint32_t *record_size; /*!< Size in bytes of the retrieved record */
-};
-
-/*!
- * \brief This function is a TF-M compatible wrapper for the
- * \ref audit_core_retrieve_record implemented in the Audit log
- * core functions
- *
- * \param[in] input_s Pointer to the structure containing input parameters
- * associated with \ref psa_audit_retrieve_record
- * \param[out] output_s Pointer to the structure containing output parameters
- * associated with \ref psa_audit_retrieve_record
- *
- */
-enum psa_audit_err audit_core_retrieve_record_wrapper(
- const struct audit_core_retrieve_input *input_s,
- const struct audit_core_retrieve_output *output_s);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __AUDIT_WRAPPERS_H__ */
diff --git a/interface/include/psa_audit_api.h b/interface/include/psa_audit_api.h
index f079f3e..d55a057 100644
--- a/interface/include/psa_audit_api.h
+++ b/interface/include/psa_audit_api.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -15,6 +15,7 @@
#define PSA_AUDIT_API_VERSION_MINOR (1)
#include "psa_audit_defs.h"
+#include "psa/error.h"
#ifdef __cplusplus
extern "C" {
@@ -40,15 +41,15 @@
* \param[out] buffer Buffer used to store the retrieved record
* \param[out] record_size Size in bytes of the retrieved record
*
- * \return Returns values as specified by the \ref psa_audit_err
+ * \return Returns values as specified by the \ref psa_status_t
*
*/
-enum psa_audit_err psa_audit_retrieve_record(const uint32_t record_index,
- const uint32_t buffer_size,
- const uint8_t *token,
- const uint32_t token_size,
- uint8_t *buffer,
- uint32_t *record_size);
+psa_status_t psa_audit_retrieve_record(const uint32_t record_index,
+ const uint32_t buffer_size,
+ const uint8_t *token,
+ const uint32_t token_size,
+ uint8_t *buffer,
+ uint32_t *record_size);
/**
* \brief Returns the total number and size of the records stored
*
@@ -58,10 +59,10 @@
* \param[out] num_records Total number of records stored
* \param[out] size Total size of the records stored, in bytes
*
- * \return Returns values as specified by the \ref psa_audit_err
+ * \return Returns values as specified by the \ref psa_status_t
*
*/
-enum psa_audit_err psa_audit_get_info(uint32_t *num_records, uint32_t *size);
+psa_status_t psa_audit_get_info(uint32_t *num_records, uint32_t *size);
/**
* \brief Returns the size of the record at the specified index
@@ -72,11 +73,11 @@
* \param[in] record_index Index of the record to return the size
* \param[out] size Size of the specified record, in bytes
*
- * \return Returns values as specified by the \ref psa_audit_err
+ * \return Returns values as specified by the \ref psa_status_t
*
*/
-enum psa_audit_err psa_audit_get_record_info(const uint32_t record_index,
- uint32_t *size);
+psa_status_t psa_audit_get_record_info(const uint32_t record_index,
+ uint32_t *size);
/**
* \brief Deletes a record at the specified index
@@ -97,12 +98,12 @@
* \param[in] token_size Must be set to 0. Size in bytes of the token used as
* authorisation for removal
*
- * \return Returns values as specified by the \ref psa_audit_err
+ * \return Returns values as specified by the \ref psa_status_t
*
*/
-enum psa_audit_err psa_audit_delete_record(const uint32_t record_index,
- const uint8_t *token,
- const uint32_t token_size);
+psa_status_t psa_audit_delete_record(const uint32_t record_index,
+ const uint8_t *token,
+ const uint32_t token_size);
/**
* \brief Adds a record
*
@@ -114,10 +115,10 @@
* \param[in] record Pointer to the memory buffer containing the record
* to be added
*
- * \return Returns values as specified by the \ref psa_audit_err
+ * \return Returns values as specified by the \ref psa_status_t
*
*/
-enum psa_audit_err psa_audit_add_record(const struct psa_audit_record *record);
+psa_status_t psa_audit_add_record(const struct psa_audit_record *record);
#ifdef __cplusplus
}
diff --git a/interface/include/psa_audit_defs.h b/interface/include/psa_audit_defs.h
index 1aeee33..479d76d 100644
--- a/interface/include/psa_audit_defs.h
+++ b/interface/include/psa_audit_defs.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -14,21 +14,6 @@
#include <stdint.h>
#include "tfm_api.h"
-#include "limits.h"
-
-/* The return value is shared with the TFM partition status value. The Audit
- * Log return codes shouldn't overlap with predefined TFM status values
- */
-#define PSA_AUDIT_ERR_OFFSET (TFM_PARTITION_SPECIFIC_ERROR_MIN)
-
-enum psa_audit_err {
- PSA_AUDIT_ERR_SUCCESS = 0, /*!< Operation successful */
- PSA_AUDIT_ERR_FAILURE = PSA_AUDIT_ERR_OFFSET, /*!< Generic failure */
- PSA_AUDIT_ERR_NOT_SUPPORTED, /*!< Operation not supported */
-
- /* Following entry is only to ensure the error code of int size */
- PSA_AUDIT_ERR_FORCE_INT_SIZE = INT_MAX
-};
/*!
* \struct psa_audit_record
diff --git a/interface/src/tfm_audit_api.c b/interface/src/tfm_audit_api.c
index 9ce86ef..fd4fc67 100644
--- a/interface/src/tfm_audit_api.c
+++ b/interface/src/tfm_audit_api.c
@@ -5,71 +5,100 @@
*
*/
-#include "tfm_audit_veneers.h"
#include "psa_audit_api.h"
+#include "tfm_veneers.h"
#include "tfm_ns_lock.h"
-#include "audit_wrappers.h"
-enum psa_audit_err psa_audit_retrieve_record(const uint32_t record_index,
- const uint32_t buffer_size,
- const uint8_t *token,
- const uint32_t token_size,
- uint8_t *buffer,
- uint32_t *record_size)
+#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0]))
+
+#define API_DISPATCH(sfn_name) \
+ tfm_ns_lock_dispatch((veneer_fn)tfm_##sfn_name##_veneer, \
+ (uint32_t)in_vec, (uint32_t)ARRAY_SIZE(in_vec), \
+ (uint32_t)out_vec, (uint32_t)ARRAY_SIZE(out_vec))
+
+#define API_DISPATCH_NO_INVEC(sfn_name) \
+ tfm_ns_lock_dispatch((veneer_fn)tfm_##sfn_name##_veneer, \
+ (uint32_t)NULL, 0, \
+ (uint32_t)out_vec, (uint32_t)ARRAY_SIZE(out_vec))
+
+#define API_DISPATCH_NO_OUTVEC(sfn_name) \
+ tfm_ns_lock_dispatch((veneer_fn)tfm_##sfn_name##_veneer, \
+ (uint32_t)in_vec, (uint32_t)ARRAY_SIZE(in_vec), \
+ (uint32_t)NULL, 0)
+
+psa_status_t psa_audit_retrieve_record(const uint32_t record_index,
+ const uint32_t buffer_size,
+ const uint8_t *token,
+ const uint32_t token_size,
+ uint8_t *buffer,
+ uint32_t *record_size)
{
- const struct audit_core_retrieve_input input_s =
- {.record_index = record_index,
- .buffer_size = buffer_size,
- .token = token,
- .token_size = token_size};
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &record_index, .len = sizeof(uint32_t)},
+ {.base = token, .len = token_size},
+ };
+ psa_outvec out_vec[] = {
+ {.base = buffer, .len = buffer_size},
+ };
- struct audit_core_retrieve_output output_s = {.buffer = buffer,
- .record_size = record_size};
+ status = API_DISPATCH(audit_core_retrieve_record);
- return (enum psa_audit_err) tfm_ns_lock_dispatch((veneer_fn)tfm_audit_veneer_retrieve_record,
- (uint32_t)&input_s,
- (uint32_t)&output_s,
- 0,
- 0);
+ *record_size = out_vec[0].len;
+
+ return status;
}
-enum psa_audit_err psa_audit_get_info(uint32_t *num_records,
- uint32_t *size)
+psa_status_t psa_audit_get_info(uint32_t *num_records, uint32_t *size)
{
- return (enum psa_audit_err) tfm_ns_lock_dispatch((veneer_fn)tfm_audit_veneer_get_info,
- (uint32_t)num_records,
- (uint32_t)size,
- 0,
- 0);
+ psa_status_t status;
+ psa_outvec out_vec[] = {
+ {.base = num_records, .len = sizeof(uint32_t)},
+ {.base = size, .len = sizeof(uint32_t)},
+ };
+
+ status = API_DISPATCH_NO_INVEC(audit_core_get_info);
+
+ return status;
}
-enum psa_audit_err psa_audit_get_record_info(const uint32_t record_index,
- uint32_t *size)
+psa_status_t psa_audit_get_record_info(const uint32_t record_index,
+ uint32_t *size)
{
- return (enum psa_audit_err) tfm_ns_lock_dispatch((veneer_fn)tfm_audit_veneer_get_record_info,
- (uint32_t)record_index,
- (uint32_t)size,
- 0,
- 0);
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &record_index, .len = sizeof(uint32_t)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = size, .len = sizeof(uint32_t)},
+ };
+
+ status = API_DISPATCH(audit_core_get_record_info);
+
+ return status;
}
-enum psa_audit_err psa_audit_delete_record(const uint32_t record_index,
- const uint8_t *token,
- const uint32_t token_size)
+psa_status_t psa_audit_delete_record(const uint32_t record_index,
+ const uint8_t *token,
+ const uint32_t token_size)
{
- return (enum psa_audit_err) tfm_ns_lock_dispatch((veneer_fn)tfm_audit_veneer_delete_record,
- (uint32_t)record_index,
- (uint32_t)token,
- (uint32_t)token_size,
- 0);
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &record_index, .len = sizeof(uint32_t)},
+ {.base = token, .len = token_size},
+ };
+
+ status = API_DISPATCH_NO_OUTVEC(audit_core_delete_record);
+
+ return status;
}
-enum psa_audit_err psa_audit_add_record(const struct psa_audit_record *record)
+psa_status_t psa_audit_add_record(const struct psa_audit_record *record)
{
/* This API supports only Secure world calls. As this is the implementation
* of the Non-Secure interface, always directly return an error without
- * routing the call to TF-M in the Secure world
+ * routing the call to TF-M in the Secure world.
*/
(void)record;
- return PSA_AUDIT_ERR_NOT_SUPPORTED;
+ return PSA_ERROR_NOT_PERMITTED;
}