SST: Replace SST APIs with PSA PS APIs
Refactors the SST non-secure interfaces, secure API, veneers and
manifest to implement the PSA Protected Storage specification. Adds a
stub implementation for the new SST APIs; another patch will add the
final implementation.
Change-Id: Id62eb82c9d33afd2114962ab1994d567cd81e4f7
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
diff --git a/interface/include/psa_sst_api.h b/interface/include/psa_sst_api.h
deleted file mode 100644
index dee3022..0000000
--- a/interface/include/psa_sst_api.h
+++ /dev/null
@@ -1,247 +0,0 @@
-/*
- * Copyright (c) 2017-2018, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-/**
- * \file psa_sst_api.h
- *
- * \brief Platform security architecture (PSA) API for secure storage partition
- */
-
-#ifndef __PSA_SST_API__
-#define __PSA_SST_API__
-
-#include "psa_sst_asset_defs.h"
-#include "psa_sst_asset_macros.h"
-
-#include "tfm_api.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * PSA SST API version
- */
-#define PSA_SST_API_VERSION_MAJOR 0
-#define PSA_SST_API_VERSION_MINOR 2
-
-/* The return value is shared with the TF-M partition status value.
- * The SST return codes shouldn't overlap with predefined TFM status values.
- */
-#define PSA_SST_ERR_OFFSET (TFM_PARTITION_SPECIFIC_ERROR_MIN)
-
-/*!
- * \enum psa_sst_err_t
- *
- * \brief Secure storage service error types
- *
- */
-enum psa_sst_err_t {
- PSA_SST_ERR_SUCCESS = 0,
- PSA_SST_ERR_ASSET_NOT_PREPARED = PSA_SST_ERR_OFFSET,
- PSA_SST_ERR_ASSET_NOT_FOUND,
- PSA_SST_ERR_PARAM_ERROR,
- PSA_SST_ERR_STORAGE_SYSTEM_FULL,
- PSA_SST_ERR_SYSTEM_ERROR,
- /* Following entry is only to ensure the error code of int size */
- PSA_SST_ERR_FORCE_INT_SIZE = INT_MAX
-};
-
-/**
- * \brief Allocates space for the asset, referenced by asset UUID,
- * without setting any data in the asset.
- *
- * \param[in] asset_uuid Asset UUID
- * \param[in] token Must be set to NULL, reserved for future use.
- * Pointer to the asset token to be used to generate
- * the asset key to encrypt and decrypt the asset
- * data. This is an optional parameter that has to
- * be NULL in case the token is not provied.
- * \param[in] token_size Must be set to 0, reserved for future use.
- * Token size. In case the token is not provided
- * the token size has to be 0.
- *
- * \return Returns an PSA_SST_ERR_SUCCESS if asset is created correctly.
- * Otherwise, error code as specified in \ref psa_sst_err_t
- */
-enum psa_sst_err_t psa_sst_create(uint32_t asset_uuid,
- const uint8_t *token,
- uint32_t token_size);
-
-/**
- * \brief Gets asset's information referenced by asset UUID.
- *
- * \param[in] asset_uuid Asset UUID
- * \param[in] token Must be set to NULL, reserved for future use.
- * Pointer to the asset token to be used to generate
- * the asset key to encrypt and decrypt the asset
- * data. This is an optional parameter that has to
- * be NULL in case the token is not provied.
- * \param[in] token_size Must be set to 0, reserved for future use.
- * Token size. In case the token is not provided
- * the token size has to be 0.
- * \param[out] info Pointer to store the asset's information
- * \ref psa_sst_asset_info_t
- *
- * \return Returns error code as specified in \ref psa_sst_err_t
- */
-enum psa_sst_err_t psa_sst_get_info(uint32_t asset_uuid,
- const uint8_t *token,
- uint32_t token_size,
- struct psa_sst_asset_info_t *info);
-
-/**
- * \brief Gets asset's attributes referenced by asset UUID.
- *
- * \param[in] asset_uuid Asset UUID
- * \param[in] token Must be set to NULL, reserved for future use.
- * Pointer to the asset token to be used to generate
- * the asset key to encrypt and decrypt the asset
- * data. This is an optional parameter that has to
- * be NULL in case the token is not provied.
- * \param[in] token_size Must be set to 0, reserved for future use.
- * Token size. In case the token is not provided
- * the token size has to be 0.
- * \param[out] attrs Pointer to store the asset's attributes
- * \ref psa_sst_asset_attrs_t
- *
- * \return Returns error code as specified in \ref psa_sst_err_t
- */
-enum psa_sst_err_t psa_sst_get_attributes(uint32_t asset_uuid,
- const uint8_t *token,
- uint32_t token_size,
- struct psa_sst_asset_attrs_t *attrs);
-
-/**
- * \brief Sets asset's attributes referenced by asset UUID.
- *
- * \param[in] asset_uuid Asset UUID
- * \param[in] token Must be set to NULL, reserved for future use.
- * Pointer to the asset token to be used to generate
- * the asset key to encrypt and decrypt the asset
- * data. This is an optional parameter that has to
- * be NULL in case the token is not provied.
- * \param[in] token_size Must be set to 0, reserved for future use.
- * Token size. In case the token is not provided
- * the token size has to be 0.
- * \param[in] attrs Pointer to new the asset's attributes
- * \ref psa_sst_asset_attrs_t
- *
- * \return Returns error code as specified in \ref psa_sst_err_t
- */
-enum psa_sst_err_t psa_sst_set_attributes(
- uint32_t asset_uuid,
- const uint8_t *token,
- uint32_t token_size,
- const struct psa_sst_asset_attrs_t *attrs);
-
-/**
- * \brief Reads asset's data from asset referenced by asset UUID.
- *
- * \param[in] asset_uuid Asset UUID
- * \param[in] token Must be set to NULL, reserved for future use.
- * Pointer to the asset token to be used to generate
- * the asset key to encrypt and decrypt the asset
- * data. This is an optional parameter that has to
- * be NULL in case the token is not provied.
- * \param[in] token_size Must be set to 0, reserved for future use.
- * Token size. In case the token is not provided
- * the token size has to be 0.
- * \param[in] size Size of the data to read
- * \param[in] offset Offset within asset to start to read
- * \param[out] data Pointer to data vector to store data
- *
- * \return Returns error code as specified in \ref psa_sst_err_t
- */
-enum psa_sst_err_t psa_sst_read(uint32_t asset_uuid,
- const uint8_t *token,
- uint32_t token_size,
- uint32_t size,
- uint32_t offset,
- uint8_t *data);
-
-/**
- * \brief Reads asset's data on behalf of the given client ID if the
- * client has reference permissions.
- * This function is only accessible for secure partition with specific
- * permissions. Hence, It must not be accessible from the Non-secure
- * Processing Environment (NSPE).
- *
- * \param[in] client_id Client ID which is referenced in the read
- * \param[in] asset_uuid Asset UUID
- * \param[in] token Must be set to NULL, reserved for future use.
- * Pointer to the asset token to be used to generate
- * the asset key to encrypt and decrypt the asset
- * data. This is an optional parameter that has to
- * be NULL in case the token is not provied.
- * \param[in] token_size Must be set to 0, reserved for future use.
- * Token size. In case the token is not provided
- * the token size has to be 0.
- * \param[in] size Size of the data to read
- * \param[in] offset Offset within asset to start to read
- * \param[out] data Pointer to data vector to store data
- *
- * \return Returns error code as specified in \ref psa_sst_err_t
- */
-enum psa_sst_err_t psa_sst_reference_read(int32_t client_id,
- uint32_t asset_uuid,
- const uint8_t *token,
- uint32_t token_size,
- uint32_t size,
- uint32_t offset,
- uint8_t *data);
-
-/**
- * \brief Writes data into an asset referenced by asset UUID.
- *
- * \param[in] asset_uuid Asset UUID
- * \param[in] token Must be set to NULL, reserved for future use.
- * Pointer to the asset token to be used to generate
- * the asset key to encrypt and decrypt the asset
- * data. This is an optional parameter that has to
- * be NULL in case the token is not provied.
- * \param[in] token_size Must be set to 0, reserved for future use.
- * Token size. In case the token is not provided
- * the token size has to be 0.
- * \param[in] size Size of the data to start to write
- * \param[in] offset Offset within asset to write the data
- * \param[in] data Pointer to data vector which contains the data to
- * write
- *
- * \return Returns error code as specified in \ref psa_sst_err_t
- */
-enum psa_sst_err_t psa_sst_write(uint32_t asset_uuid,
- const uint8_t *token,
- uint32_t token_size,
- uint32_t size,
- uint32_t offset,
- const uint8_t *data);
-
-/**
- * \brief Deletes the asset referenced by the asset UUID.
- *
- * \param[in] asset_uuid Asset UUID
- * \param[in] token Must be set to NULL, reserved for future use.
- * Pointer to the asset token to be used to generate
- * the asset key to encrypt and decrypt the asset
- * data. This is an optional parameter that has to
- * be NULL in case the token is not provied.
- * \param[in] token_size Must be set to 0, reserved for future use.
- * Token size. In case the token is not provided
- * the token size has to be 0.
- *
- * \return Returns error code as specified in \ref psa_sst_err_t
- */
-enum psa_sst_err_t psa_sst_delete(uint32_t asset_uuid,
- const uint8_t *token,
- uint32_t token_size);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __PSA_SST_API__ */
diff --git a/interface/include/psa_sst_asset_defs.h b/interface/include/psa_sst_asset_defs.h
deleted file mode 100644
index a810c55..0000000
--- a/interface/include/psa_sst_asset_defs.h
+++ /dev/null
@@ -1,411 +0,0 @@
-/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-/**
- * \file psa_sst_asset_defs.h
- *
- * \brief Platform security architecture (PSA) asset definitions for
- * secure storage partition.
- */
-
-#ifndef __PSA_SST_ASSET_DEFS_H__
-#define __PSA_SST_ASSET_DEFS_H__
-
-#include <inttypes.h>
-#include <limits.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* List of PSA SST asset category types */
-/*!
- * \def PSA_SST_ASSET_CAT_TYPE_NONE
- *
- * \brief Asset category type NONE. This is value used in an asset when the
- * asset category type is not set.
- */
-#define PSA_SST_ASSET_CAT_TYPE_NONE ((uint32_t)0x00000000)
-
-/*!
- * \def PSA_SST_ASSET_CAT_RAW_DATA
- *
- * \brief This category type is used for those assets which contains raw data.
- */
-#define PSA_SST_ASSET_CAT_RAW_DATA ((uint32_t)0x02000000)
-
-/*!
- * \def PSA_SST_ASSET_CAT_KEY_SYMMETRIC
- *
- * \brief This category type is used for those assets which contains a
- * symmetric key.
- */
-#define PSA_SST_ASSET_CAT_KEY_SYMMETRIC ((uint32_t)0x04000000)
-
-/*!
- * \def PSA_SST_ASSET_CAT_KEY_PUBLIC
- *
- * \brief This category type is used for those assets which contains an
- * asymmetric public key.
- */
-#define PSA_SST_ASSET_CAT_KEY_PUBLIC ((uint32_t)0x06000000)
-
-/*!
- * \def PSA_SST_ASSET_CAT_KEY_PRIVATE
- *
- * \brief This category type is used for those assets which contains an
- * asymmetric private key.
- */
-#define PSA_SST_ASSET_CAT_KEY_PRIVATE ((uint32_t)0x07000000)
-
-/*!
- * \def PSA_SST_ASSET_CAT_CERTIFICATE
- *
- * \brief This category type is used for those assets which contains a
- * certificate.
- */
-#define PSA_SST_ASSET_CAT_CERTIFICATE ((uint32_t)0x08000000)
-
-/*!
- * \def PSA_SST_ASSET_CAT_VENDOR_DEFINED
- *
- * \brief This category type is used when assets is vendor defined.
- */
-#define PSA_SST_ASSET_CAT_VENDOR_DEFINED ((uint32_t)0x80000000)
-
-/* PSA SST asset category type masks */
-/*!
- * \def PSA_SST_ASSET_CAT_TYPE_MASK
- *
- * \brief Asset category type mask.
- */
-#define PSA_SST_ASSET_CAT_TYPE_MASK ((uint32_t)0x7f000000)
-
-/*!
- * \def PSA_SST_ASSET_CAT_KEY_MASK
- *
- * \brief Asset key category mask.
- */
-#define PSA_SST_ASSET_CAT_KEY_MASK ((uint32_t)0x04000000)
-
-/*!
- * \def PSA_SST_ASSET_CAT_KEY_ASYMMETRIC_MASK
- *
- * \brief Asset asymmetric key mask.
- */
-#define PSA_SST_ASSET_CAT_KEY_ASYMMETRIC_MASK ((uint32_t)0x06000000)
-
-
-/* Asset types for raw data category */
-/*!
- * \def PSA_SST_ASSET_KEY_HMAC
- *
- * \brief HMAC key.
- */
-#define PSA_SST_ASSET_KEY_HMAC ((PSA_SST_ASSET_CAT_RAW_DATA)| 0x00000001)
-
-/* Asset types for symmetric key category */
-/*!
- * \def PSA_SST_ASSET_KEY_AES
- *
- * \brief AES key to be used in algorithms based on AES cipher
- * (cipher, AEAD or MAC).
- */
-#define PSA_SST_ASSET_KEY_AES ((PSA_SST_ASSET_CAT_KEY_SYMMETRIC)|0x00000001)
-
-/*!
- * \def PSA_SST_ASSET_KEY_DES
- *
- * \brief DES key to be used in algorithms based on DES or 3DES cipher
- * (cipher or MAC).
- */
-#define PSA_SST_ASSET_KEY_DES ((PSA_SST_ASSET_CAT_KEY_SYMMETRIC)|0x00000002)
-
-/*!
- * \def PSA_SST_ASSET_KEY_CAMELLIA
- *
- * \brief Camellia key to be used in algorithms based on Camellia cipher
- * (cipher, AEAD or MAC).
- */
-#define PSA_SST_ASSET_KEY_CAMELLIA \
- ((PSA_SST_ASSET_CAT_KEY_SYMMETRIC)|0x00000003)
-
-/* Asset types for asymmetric key category */
-/*!
- * \def PSA_SST_ASSET_KEY_RSA_PUBLIC
- *
- * \brief RSA public key.
- */
-#define PSA_SST_ASSET_KEY_RSA_PUBLIC ((PSA_SST_ASSET_CAT_KEY_PUBLIC)|0x00010000)
-
-/*!
- * \def PSA_SST_ASSET_KEY_RSA_PRIVATE
- *
- * \brief RSA private key.
- */
-#define PSA_SST_ASSET_KEY_RSA_PRIVATE \
- ((PSA_SST_ASSET_CAT_KEY_PRIVATE)|0x00010000)
-
-/*!
- * \def PSA_SST_ASSET_KEY_DSA_PUBLIC
- *
- * \brief DSA public key.
- */
-#define PSA_SST_ASSET_KEY_DSA_PUBLIC ((PSA_SST_ASSET_CAT_KEY_PUBLIC)|0x00020000)
-
-/*!
- * \def PSA_SST_ASSET_KEY_DSA_PRIVATE
- *
- * \brief DSA private key.
- */
-#define PSA_SST_ASSET_KEY_DSA_PRIVATE \
- ((PSA_SST_ASSET_CAT_KEY_PRIVATE)|0x00020000)
-
-/*!
- * \def PSA_SST_ASSET_KEY_ECC_PUBLIC
- *
- * \brief ECC public key.
- */
-#define PSA_SST_ASSET_KEY_ECC_PUBLIC ((PSA_SST_ASSET_CAT_KEY_PUBLIC)|0x00030000)
-
-/*!
- * \def PSA_SST_ASSET_KEY_ECC_PRIVATE
- *
- * \brief ECC private key.
- */
-#define PSA_SST_ASSET_KEY_ECC_PRIVATE \
- ((PSA_SST_ASSET_CAT_KEY_PRIVATE)|0x00030000)
-
-/*!
- * \def PSA_SST_ASSET_KEY_ECC_CURVE_MASK
- *
- * \brief ECC curve mask. This mask allows to encode the curve identifiers which
- * are aligned with the TLS Supported Groups Registry (formerly known as
- * the TLS EC Named Curve Registry)
- * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
- * The values are defined by RFC 4492, RFC 7027 and RFC 7919.
- */
-#define PSA_SST_ASSET_KEY_ECC_CURVE_MASK ((uint32_t)0x0000ffff)
-
-/* Asset types for certificate category */
-/*!
- * \def PSA_SST_ASSET_CERT_X_509
- *
- * \brief X509 certificate.
- */
-#define PSA_SST_ASSET_CERT_X_509 ((PSA_SST_ASSET_CAT_CERTIFICATE)|0x00000001)
-
-/* List of PSA SST asset */
-/*!
- * \def PSA_SST_ASSET_ATTR_EXPIRED
- *
- * \brief Indicates if asset has expired.
- */
-#define PSA_SST_ASSET_ATTR_EXPIRED ((uint32_t)0x00000001)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_GENERATED_LOCALLY
- *
- * \brief Indicates if asset content has been generated locally.
- */
-#define PSA_SST_ASSET_ATTR_GENERATED_LOCALLY ((uint32_t)0x00000002)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_DERIVATION
- *
- * \brief Indicates if asset content can be used in a key derivation (i.e.
- * if other keys can be derived from this one)
- *
- */
-#define PSA_SST_ASSET_ATTR_DERIVATION ((uint32_t)0x00000004)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_TRUSTED
- *
- * \brief Indicates if asset content can be trusted.
- */
-#define PSA_SST_ASSET_ATTR_TRUSTED ((uint32_t)0x00000008)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_WRITE_ONCE
- *
- * \brief Indicates if asset content can be modified once a content has been
- * set.
- */
-#define PSA_SST_ASSET_ATTR_WRITE_ONCE ((uint32_t)0x00000010)
-
-/* The next 3 bits are reserved */
-
-/*!
- * \def PSA_SST_ASSET_ATTR_ENCRYPT
- *
- * \brief Indicates if asset content may be used to encrypt data.
- */
-#define PSA_SST_ASSET_ATTR_ENCRYPT ((uint32_t)0x00000100)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_DECRYPT
- *
- * \brief Indicates if asset content may be used to decrypt data.
- */
-#define PSA_SST_ASSET_ATTR_DECRYPT ((uint32_t)0x00000200)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_SIGN
- *
- * \brief Indicates if asset content may be used to sign data.
- */
-#define PSA_SST_ASSET_ATTR_SIGN ((uint32_t)0x00000400)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_VERIFY
- *
- * \brief Indicates if asset content may be used to verify signed data.
- */
-#define PSA_SST_ASSET_ATTR_VERIFY ((uint32_t)0x00000800)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_VERIFY_RECOVER
- *
- * \brief Indicates if asset content may be used to verify data where
- * data is recovered from the signature.
- */
-#define PSA_SST_ASSET_ATTR_VERIFY_RECOVER ((uint32_t)0x00001000)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_WRAP
- *
- * \brief Indicates if asset content may be used to wrap other data
- * (i.e wrap other keys).
- */
-#define PSA_SST_ASSET_ATTR_WRAP ((uint32_t)0x00002000)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_UNWRAP
- *
- * \brief Indicates if asset content may be used to unwrap other data
- * (i.e unwrap other keys).
- */
-#define PSA_SST_ASSET_ATTR_UNWRAP ((uint32_t)0x00004000)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_SENSITIVE
- *
- * \brief Indicates if asset content is sensitive and cannot be revealed.
- */
-#define PSA_SST_ASSET_ATTR_SENSITIVE ((uint32_t)0x00008000)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_ALWAYS_SENSITIVE
- *
- * \brief Indicates if asset has always had the sensitive attribute. Attribute
- * cannot be changed once set. It becomes a read only attribute.
- */
-#define PSA_SST_ASSET_ATTR_ALWAYS_SENSITIVE ((uint32_t)0x00010000)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_EXTRACTABLE
- *
- * \brief Indicates if asset content is extractable and can be wrapped.
- */
-#define PSA_SST_ASSET_ATTR_EXTRACTABLE ((uint32_t)0x00020000)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_NEVER_EXTRACTABLE
- *
- * \brief Indicates if asset has never had the extactable attribute. Attribute
- * cannot be changed once set. It becomes a read only attribute.
- */
-#define PSA_SST_ASSET_ATTR_NEVER_EXTRACTABLE ((uint32_t)0x00040000)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_ALWAYS_AUTHENTICATE
- *
- * \brief Indicates if user has to be authenticate when the asset content has
- * to be used.
- */
-#define PSA_SST_ASSET_ATTR_ALWAYS_AUTHENTICATE ((uint32_t)0x00080000)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_MASK
- *
- * \brief Asset attributes mask.
- */
-#define PSA_SST_ASSET_ATTR_MASK ((uint32_t)0x7FFFFFFF)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_VENDOR_DEFINED
- *
- * \brief Indicates if the attribute is vendor defined.
- */
-#define PSA_SST_ASSET_ATTR_VENDOR_DEFINED ((uint32_t)0x80000000)
-
-
-/* PSA SST asset structure definitions */
-/*!
- * \struct psa_sst_asset_info_t
- *
- * \brief Asset information.
- */
-struct psa_sst_asset_info_t {
- uint32_t type; /*!< Asset type */
- uint32_t size_current; /*!< The current size of the asset content */
- uint32_t size_max; /*!< The maximum size of the asset content in
- * bytes
- */
-};
-
-/*!
- * \struct psa_sst_asset_validity_t
- *
- * \brief Asset validity structure.
- *
- * \note Start and end values must be set to 0 as they are reserved for future
- * use.
- */
-struct psa_sst_asset_validity_t {
- uint64_t start; /*!< Start date/time on which the asset validity period
- * begins
- */
- uint64_t end; /*!< End date on which the asset validity period ends */
-
-};
-
-/*!
- * \struct psa_sst_asset_attrs_t
- *
- * \brief Asset attributes structure.
- *
- */
-struct psa_sst_asset_attrs_t {
- struct psa_sst_asset_validity_t validity; /*!< Asset validity period */
- uint32_t attrs; /*!< Asset attributes */
- uint8_t reserved[4]; /*!< Reserved for future
- * expansion. Default value is
- * 0 in all bytes
- */
-};
-
-/*!
- * \def PSA_SST_ASSET_INFO_SIZE
- *
- * \brief Indicates the asset information structure size.
- */
-#define PSA_SST_ASSET_INFO_SIZE sizeof(struct psa_sst_asset_info_t)
-
-/*!
- * \def PSA_SST_ASSET_ATTR_SIZE
- *
- * \brief Indicates the asset attributes structure size.
- */
-#define PSA_SST_ASSET_ATTR_SIZE sizeof(struct psa_sst_asset_attrs_t)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __PSA_SST_ASSET_DEFS_H__ */
diff --git a/interface/include/psa_sst_asset_macros.h b/interface/include/psa_sst_asset_macros.h
deleted file mode 100644
index a7fb058..0000000
--- a/interface/include/psa_sst_asset_macros.h
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-/**
- * \file psa_sst_asset_macros.h
- *
- * \brief Platform security architecture (PSA) asset macros definitions for
- * secure storage partition
- */
-#ifndef __PSA_SST_ASSET_MACROS_H__
-#define __PSA_SST_ASSET_MACROS_H__
-
-#include "psa_sst_asset_defs.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*!
- * \def PSA_SST_ASSET_IS_ASSET_CAT(psa_sst_def_cat_type, type)
- *
- * \brief Macro to check if the asset category type (type) is equal to the
- * PSA SST asset defined category types (psa_sst_def_cat_type).
- *
- * \param[in] psa_sst_def_cat_type PSA SST asset defined category type
- * \param[in] type Asset type
- *
- * \return Returns 1 if the asset type is equal to the PSA SST asset defined
- * type. Otherwise, it returns 0.
- */
-#define PSA_SST_ASSET_IS_ASSET_CAT(psa_sst_def_cat_type, type) \
- (((type & PSA_SST_ASSET_CAT_VENDOR_DEFINED) != 0) && \
- ((type & PSA_SST_ASSET_CAT_TYPE_MASK) == psa_sst_def_cat_type))
-
-/*!
- * \def PSA_SST_ASSET_IS_ASSET_TYPE(psa_sst_def_type, type)
- *
- * \brief Macro to check if the asset type (type) is equal to the
- * PSA SST asset defined type (psa_sst_def_type).
- *
- * \param[in] psa_sst_def_type PSA SST asset defined type
- * \param[in] type Asset type
- *
- * \return Returns 1 if the asset type is equal to the PSA SST asset defined
- * type. Otherwise, it returns 0.
- */
-#define PSA_SST_ASSET_IS_ASSET_TYPE(psa_sst_def_type, type) \
- (((type & PSA_SST_ASSET_CAT_VENDOR_DEFINED) != 0) && \
- (type == psa_sst_def_type))
-
-/*!
- * \def PSA_SST_ASSET_IS_VENDOR_DEFINED(type)
- *
- * \brief Macro to check if the asset type is vendor defined.
- *
- * \param[in] type Asset type
- *
- * \return Returns 1 if the asset type is equal to PSA_SST_ASSET_VENDOR_DEFINED.
- * Otherwise, it returns 0.
- */
-#define PSA_SST_ASSET_IS_VENDOR_DEFINED(type) \
- ((type & PSA_SST_ASSET_VENDOR_DEFINED) != 0)
-
-/*!
- * \def PSA_SST_ASSET_IS_KEY_TYPE(type)
- *
- * \brief Macro to check if the asset type is a key.
- *
- * \param[in] type Asset type
- *
- * \return Returns 1 if it is a key. Otherwise, it returns 0.
- */
-#define PSA_SST_ASSET_IS_KEY_TYPE(type) \
- ((type & PSA_SST_ASSET_KEY_MASK) != 0)
-
-/*!
- * \def PSA_SST_ASSET_IS_ASYMMETRIC_KEY_TYPE(type)
- *
- * \brief Macro to check if the asset type is a symmetric key.
- *
- * \param[in] type Asset type
- *
- * \return Returns 1 if it is an asymmetric key. Otherwise, it returns 0.
- */
-#define PSA_SST_ASSET_IS_ASYMMETRIC_KEY_TYPE(type) \
- ((type & PSA_SST_ASSET_KEY_ASYMMETRIC_MASK) != 0)
-
-/*!
- * \def PSA_SST_ASSET_HAS_ATTR(psa_sst_def_asset_attr, attrs)
- *
- * \brief Macro to check if the asset attributes (attrs) have a specific PSA
- * SST asset defined bit attribute (psa_sst_def_asset_attr).
- *
- * \param[in] psa_sst_def_type PSA SST asset defined bit attribute
- * \param[in] attrs Asset attributes
- *
- * \return Returns 1 if the asset has the PSA SST asset defined
- * attribute. Otherwise, it returns 0.
- */
-#define PSA_SST_ASSET_HAS_ATTR(psa_sst_def_asset_attr, attrs) \
- (((attrs & psa_sst_def_asset_attr) != 0) && \
- ((attrs & PSA_SST_ASSET_ATTR_VENDOR_DEFINED) == 0))
-
-/*!
- * \def PSA_SST_ASSET_HAS_ATTR_VENDOR_DEFINED(attrs)
- *
- * \brief Macro to check if the asset attributes are vendor defined.
- *
- * \param[in] attrs Asset attributes
- *
- * \return Returns 1 if the asset type is equal to PSA_SST_ASSET_VENDOR_DEFINED.
- * Otherwise, it returns 0.
- */
-#define PSA_SST_ASSET_HAS_ATTR_VENDOR_DEFINED(attrs) \
- ((attrs & PSA_SST_ASSET_ATTR_VENDOR_DEFINED) != 0)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __PSA_SST_ASSET_MACROS_H__ */
diff --git a/interface/include/tfm_sst_defs.h b/interface/include/tfm_sst_defs.h
index 09d3b44..a008c73 100644
--- a/interface/include/tfm_sst_defs.h
+++ b/interface/include/tfm_sst_defs.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -8,43 +8,52 @@
#ifndef __TFM_SST_DEFS_H__
#define __TFM_SST_DEFS_H__
+#include <limits.h>
+#include "psa_protected_storage.h"
+#include "tfm_api.h"
+
#ifdef __cplusplus
extern "C" {
#endif
-#include <inttypes.h>
-#include <limits.h>
-#include "psa_sst_api.h"
+/* The return value is shared with the TF-M partition status value.
+ * The SST return codes shouldn't overlap with predefined TF-M status values.
+ */
+#define TFM_SST_ERR_OFFSET (TFM_PARTITION_SPECIFIC_ERROR_MIN)
-/*!
- * \struct tfm_sst_token_t
+/**
+ * \enum tfm_sst_err_t
*
- * \brief Structure to store the asset's token.
+ * \brief TF-M Secure Storage service error types
*
*/
-struct tfm_sst_token_t {
- const uint8_t *token; /*!< Pointer to the asset's token to be used to
- * generate the asset key to encrypt and decrypt
- * the asset data. This is an optional parameter
- * that has to be NULL in case the token is not
- * provied.
- */
- uint32_t token_size; /*!< Token size. In case the token is not provided
- * the token size has to be 0.
- */
+enum tfm_sst_err_t {
+ TFM_SST_ERR_SUCCESS = 0,
+ TFM_SST_ERR_WRITE_ONCE = TFM_SST_ERR_OFFSET,
+ TFM_SST_ERR_FLAGS_NOT_SUPPORTED,
+ TFM_SST_ERR_INSUFFICIENT_SPACE,
+ TFM_SST_ERR_STORAGE_FAILURE,
+ TFM_SST_ERR_UID_NOT_FOUND,
+ TFM_SST_ERR_INCORRECT_SIZE,
+ TFM_SST_ERR_OFFSET_INVALID,
+ TFM_SST_ERR_INVALID_ARGUMENT,
+ TFM_SST_ERR_DATA_CORRUPT,
+ TFM_SST_ERR_AUTH_FAILED,
+ TFM_SST_ERR_OPERATION_FAILED,
+ TFM_SST_ERR_NOT_SUPPORTED,
+ /* Add an invalid return code which forces the size of the type as well */
+ TFM_SST_ERR_INVALID = INT_MAX
};
-/*!
- * \struct tfm_sst_buf_t
- *
- * \brief Structure to store data information to read/write from/to asset.
- *
+/**
+ * \brief A macro to translate TF-M API return values including the offset
+ * needed by TF-M, to the corresponding PSA value.
*/
-struct tfm_sst_buf_t {
- uint8_t *data; /*!< Address of input/output data */
- uint32_t size; /*!< Size of input/output data */
- uint32_t offset; /*!< Offset within asset */
-};
+#define TFM_SST_PSA_RETURN(err) ( \
+ (err) == TFM_SST_ERR_SUCCESS ? err : \
+ (err) >= TFM_SST_ERR_WRITE_ONCE ? ((err) - (TFM_SST_ERR_WRITE_ONCE - 1)) : \
+ TFM_SST_ERR_INVALID \
+)
#ifdef __cplusplus
}
diff --git a/interface/include/tfm_sst_veneers.h b/interface/include/tfm_sst_veneers.h
index 6cfd5c1..670ffae 100644
--- a/interface/include/tfm_sst_veneers.h
+++ b/interface/include/tfm_sst_veneers.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -8,119 +8,167 @@
#ifndef __TFM_SST_VENEERS_H__
#define __TFM_SST_VENEERS_H__
+#include <stdint.h>
+
+#include "psa_protected_storage.h"
+#include "tfm_sst_defs.h"
+
#ifdef __cplusplus
extern "C" {
#endif
-#include "tfm_sst_defs.h"
+/**
+ * \brief Creates a new or modifies an existing asset. (Veneer function)
+ *
+ * \param[in] uid The unique identifier for the data
+ * \param[in] data_length The size in bytes of the data in `p_data`
+ * \param[in] p_data A buffer containing the data
+ * \param[in] create_flags The flags indicating the properties of the data
+ *
+ * \return A status indicating the success/failure of the operation as specified
+ * in \ref tfm_sst_err_t
+ *
+ * \retval TFM_SST_ERR_SUCCESS The operation completed successfully
+ * \retval TFM_SST_ERR_WRITE_ONCE The operation failed because the
+ * provided uid value was already
+ * created with PSA_PS_FLAG_WRITE_ONCE
+ * \retval TFM_SST_ERR_INVALID_ARGUMENT The operation failed because one or
+ * more of the given arguments were
+ * invalid (null pointer, etc.)
+ * \retval TFM_SST_ERR_FLAGS_NOT_SUPPORTED The operation failed because one or
+ * more of the flags provided in
+ * `create_flags` is not supported or
+ * is not valid
+ * \retval TFM_SST_ERR_INSUFFICIENT_SPACE The operation failed because there
+ * was insufficient space on the
+ * storage medium
+ * \retval TFM_SST_ERR_STORAGE_FAILURE The operation failed because the
+ * physical storage has failed (fatal
+ * error)
+ * \retval TFM_SST_ERR_OPERATION_FAILED The operation failed because of an
+ * unspecified internal failure.
+ */
+enum tfm_sst_err_t tfm_sst_veneer_set(const psa_ps_uid_t *uid,
+ uint32_t data_length,
+ const void *p_data,
+ psa_ps_create_flags_t create_flags);
/**
- * \brief Allocates space for the asset, referenced by asset UUID,
- * without setting any data in the asset.
+ * \brief Gets the asset data for the provided uid. (Veneer function)
*
- * \param[in] s_token Pointer to the asset's token \ref tfm_sst_token_t
- * \param[in] asset_uuid Asset UUID \ref tfm_sst_asset_id_t
+ * \param[in] uid The unique identifier for the data
+ * \param[in] data_offset The offset within the data associated with the `uid`
+ * to start retrieving data
+ * \param[in] data_length The amount of data to read (and the minimum
+ * allocated size of the `p_data` buffer)
+ * \param[out] p_data The buffer where the data will be placed upon
+ * successful completion
*
- * \return Returns PSA_SST_ERR_SUCCESS if the asset has been created correctly.
- * If SST area is not prepared, it returns
- * PSA_SST_ERR_ASSET_NOT_PREPARED. If SST area is full, it returns
- * PSA_SST_ERR_STORAGE_SYSTEM_FULL. If application id doesn't have the
- * write rights, it returns PSA_SST_ERR_PERMS_NOT_ALLOWED.
+ * \return A status indicating the success/failure of the operation as specified
+ * in \ref tfm_sst_err_t
+ *
+ * \retval TFM_SST_ERR_SUCCESS The operation completed successfully
+ * \retval TFM_SST_ERR_INVALID_ARGUMENT The operation failed because one or
+ * more of the given arguments were
+ * invalid (null pointer, etc.)
+ * \retval TFM_SST_ERR_UID_NOT_FOUND The operation failed because the
+ * provided uid value was not found in the
+ * storage
+ * \retval TFM_SST_ERR_INCORRECT_SIZE The operation failed because the data
+ * associated with provided uid is not the
+ * same size as `data_size`
+ * \retval TFM_SST_ERR_STORAGE_FAILURE The operation failed because the
+ * physical storage has failed (fatal
+ * error)
+ * \retval TFM_SST_ERR_OPERATION_FAILED The operation failed because of an
+ * unspecified internal failure
+ * \retval TFM_SST_ERR_DATA_CORRUPT The operation failed because of an
+ * authentication failure when attempting
+ * to get the key
+ * \retval TFM_SST_ERR_AUTH_FAILED The operation failed because of an
+ * unspecified internal failure
*/
-enum psa_sst_err_t tfm_sst_veneer_create(uint32_t asset_uuid,
- const struct tfm_sst_token_t *s_token);
+enum tfm_sst_err_t tfm_sst_veneer_get(const psa_ps_uid_t *uid,
+ uint32_t data_offset,
+ uint32_t data_length,
+ void *p_data);
/**
- * \brief Gets asset's information referenced by asset UUID.
+ * \brief Gets the metadata for the provided uid. (Veneer function)
*
- * \param[in] asset_uuid Asset UUID
- * \param[in] s_token Pointer to the asset's token \ref tfm_sst_token_t
- * \param[out] info Pointer to store the asset's information
- * \ref psa_sst_asset_info_t
+ * \param[in] uid The unique identifier for the data
+ * \param[out] p_info A pointer to the `psa_ps_info_t` struct that will be
+ * populated with the metadata
*
- * \return Returns error code as specified in \ref psa_sst_err_t
+ * \return A status indicating the success/failure of the operation as specified
+ * in \ref tfm_sst_err_t
+ *
+ * \retval TFM_SST_ERR_SUCCESS The operation completed successfully
+ * \retval TFM_SST_ERR_INVALID_ARGUMENT The operation failed because one or
+ * more of the given arguments were
+ * invalid (null pointer, etc.)
+ * \retval TFM_SST_ERR_UID_NOT_FOUND The operation failed because the
+ * provided uid value was not found in the
+ * storage
+ * \retval TFM_SST_ERR_STORAGE_FAILURE The operation failed because the
+ * physical storage has failed (fatal
+ * error)
+ * \retval TFM_SST_ERR_OPERATION_FAILED The operation failed because of an
+ * unspecified internal failure
+ * \retval TFM_SST_ERR_DATA_CORRUPT The operation failed because of an
+ * authentication failure when attempting
+ * to get the key
+ * \retval TFM_SST_ERR_AUTH_FAILED The operation failed because of an
+ * unspecified internal failure
*/
-enum psa_sst_err_t tfm_sst_veneer_get_info(uint32_t asset_uuid,
- const struct tfm_sst_token_t *s_token,
- struct psa_sst_asset_info_t *info);
+enum tfm_sst_err_t tfm_sst_veneer_get_info(const psa_ps_uid_t *uid,
+ struct psa_ps_info_t *p_info);
/**
- * \brief Gets asset's attributes referenced by asset UUID.
+ * \brief Removes the provided uid and its associated data from storage. (Veneer
+ * function)
*
- * \param[in] asset_uuid Asset UUID
- * \param[in] s_token Pointer to the asset's token \ref tfm_sst_token_t
- * \param[out] attrs Pointer to store the asset's attributes
- * \ref tfm_sst_asset_attrs_t
+ * \param[in] uid The unique identifier for the data to be removed
*
- * \return Returns error code as specified in \ref psa_sst_err_t
+ * \return A status indicating the success/failure of the operation as specified
+ * in \ref tfm_sst_err_t
+ *
+ * \retval TFM_SST_ERR_SUCCESS The operation completed successfully
+ * \retval TFM_SST_ERR_INVALID_ARGUMENT The operation failed because one or
+ * more of the given arguments were
+ * invalid (null pointer, etc.)
+ * \retval TFM_SST_ERR_UID_NOT_FOUND The operation failed because the
+ * provided uid value was not found in the
+ * storage
+ * \retval TFM_SST_ERR_WRITE_ONCE The operation failed because the
+ * provided uid value was created with
+ * PSA_PS_WRITE_ONCE_FLAG
+ * \retval TFM_SST_ERR_STORAGE_FAILURE The operation failed because the
+ * physical storage has failed (fatal
+ * error)
+ * \retval TFM_SST_ERR_OPERATION_FAILED The operation failed because of an
+ * unspecified internal failure
*/
-enum psa_sst_err_t tfm_sst_veneer_get_attributes(uint32_t asset_uuid,
- const struct tfm_sst_token_t *s_token,
- struct psa_sst_asset_attrs_t *attrs);
+enum tfm_sst_err_t tfm_sst_veneer_remove(const psa_ps_uid_t *uid);
/**
- * \brief Sets asset's attributes referenced by asset UUID.
+ * \brief Gets a bitmask with flags set for all of the optional features
+ * supported by the implementation. (Veneer function)
*
- * \param[in] asset_uuid Asset UUID
- * \param[in] s_token Pointer to the asset's token \ref tfm_sst_token_t
- * \param[in] attrs Pointer to new the asset's attributes
- * \ref psa_sst_asset_attrs_t
+ * \param[out] support_flags A pointer to a variable that will be populated
+ * with a uint32_t bitmask value which contains all
+ * the bits set for all the optional features
+ * supported by the implementation
*
- * \return Returns error code as specified in \ref psa_sst_err_t
+ * \return A status indicating the success/failure of the operation as specified
+ * in \ref tfm_sst_err_t
+ *
+ * \retval TFM_SST_ERR_SUCCESS The operation completed successfully
+ * \retval TFM_SST_ERR_OPERATION_FAILED The operation failed because of an
+ * unspecified internal failure
*/
-enum psa_sst_err_t tfm_sst_veneer_set_attributes(uint32_t asset_uuid,
- const struct tfm_sst_token_t *s_token,
- const struct psa_sst_asset_attrs_t *attrs);
+enum tfm_sst_err_t tfm_sst_veneer_get_support(uint32_t *support_flags);
-/**
- * \brief Reads asset's data from asset referenced by asset UUID.
- *
-
- * \param[in] client_id Client ID which calls the service.
- * In case, the caller is a secure partition, this
- * parameter can be a non-secure or secure client ID
- * if the read is in behalf of that client.
- * \param[in] asset_uuid Asset UUID
- * \param[in] s_token Pointer to the asset's token
- * \ref tfm_sst_token_t
- * \param[in/out] data Pointer to data vector \ref tfm_sst_buf_t to
- * store data, size and offset
- *
- * \return Returns the number of bytes written or a castable \ref psa_sst_err_t
- * value
- */
-enum psa_sst_err_t tfm_sst_veneer_read(int32_t client_id,
- uint32_t asset_uuid,
- const struct tfm_sst_token_t *s_token,
- struct tfm_sst_buf_t *data);
-
-/**
- * \brief Writes data into an asset referenced by asset UUID.
- *
- * \param[in] asset_uuid Asset UUID
- * \param[in] s_token Pointer to the asset's token \ref tfm_sst_token_t
- * \param[in] data Pointer to data vector \ref tfm_sst_buf_t which
- * contains the data to write
- *
- * \return Returns the number of bytes written or a castable \ref psa_sst_err_t
- * value
- */
-enum psa_sst_err_t tfm_sst_veneer_write(uint32_t asset_uuid,
- const struct tfm_sst_token_t *s_token,
- struct tfm_sst_buf_t *data);
-
-/**
- * \brief Deletes the asset referenced by the asset UUID.
- *
- * \param[in] asset_uuid Asset UUID
- * \param[in] s_token Pointer to the asset's token \ref tfm_sst_token_t
- *
- * \return Returns PSA_SST_ERR_PERMS_NOT_ALLOWED if the asset can't be deleted
- * to by this app ID. Returns PSA_SST_ERR_ASSET_REF_INVALID, if asset
- * no longer exists. Otherwise, PSA_SST_ERR_SUCCESS.
- */
-enum psa_sst_err_t tfm_sst_veneer_delete(uint32_t asset_uuid,
- const struct tfm_sst_token_t *s_token);
#ifdef __cplusplus
}
#endif
diff --git a/interface/include/tfm_veneers.h b/interface/include/tfm_veneers.h
index 4d4a38d..7fdb9f9 100644
--- a/interface/include/tfm_veneers.h
+++ b/interface/include/tfm_veneers.h
@@ -17,13 +17,11 @@
#endif
/******** TFM_SP_STORAGE ********/
-psa_status_t tfm_sst_am_create_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
-psa_status_t tfm_sst_am_get_info_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
-psa_status_t tfm_sst_am_get_attributes_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
-psa_status_t tfm_sst_am_set_attributes_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
-psa_status_t tfm_sst_am_read_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
-psa_status_t tfm_sst_am_write_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
-psa_status_t tfm_sst_am_delete_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_tfm_sst_set_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_tfm_sst_get_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_tfm_sst_get_info_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_tfm_sst_remove_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_tfm_sst_get_support_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
/******** TFM_SP_AUDIT_LOG ********/
psa_status_t tfm_audit_core_retrieve_record_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
diff --git a/interface/src/tfm_sst_api.c b/interface/src/tfm_sst_api.c
index 317032c..2a20e28 100644
--- a/interface/src/tfm_sst_api.c
+++ b/interface/src/tfm_sst_api.c
@@ -1,152 +1,105 @@
/*
- * Copyright (c) 2017-2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
-#include "tfm_sst_veneers.h"
-#include "tfm_sst_defs.h"
+#include "psa_protected_storage.h"
+
#include "tfm_ns_lock.h"
+#include "tfm_sst_defs.h"
+#include "tfm_sst_veneers.h"
-/* This define uses the TF-M invalid client ID to specify a direct client read,
- * as that it can not be used to identify a client.
- */
-#define SST_DIRECT_CLIENT_READ TFM_INVALID_CLIENT_ID
-
-enum psa_sst_err_t psa_sst_create(uint32_t asset_uuid, const uint8_t *token,
- uint32_t token_size)
+psa_ps_status_t psa_ps_set(psa_ps_uid_t uid,
+ uint32_t data_length,
+ const void *p_data,
+ psa_ps_create_flags_t create_flags)
{
- struct tfm_sst_token_t s_token;
+ enum tfm_sst_err_t err;
- /* Pack the token information in the token structure */
- s_token.token = token;
- s_token.token_size = token_size;
+ err = tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_set,
+ (uint32_t)&uid,
+ (uint32_t)data_length,
+ (uint32_t)p_data,
+ (uint32_t)create_flags);
- return tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_create,
- asset_uuid,
- (uint32_t)&s_token,
- 0, 0);
+ return TFM_SST_PSA_RETURN(err);
}
-enum psa_sst_err_t psa_sst_get_info(uint32_t asset_uuid,
- const uint8_t *token,
- uint32_t token_size,
- struct psa_sst_asset_info_t *info)
+psa_ps_status_t psa_ps_get(psa_ps_uid_t uid,
+ uint32_t data_offset,
+ uint32_t data_length,
+ void *p_data)
{
- struct tfm_sst_token_t s_token;
+ enum tfm_sst_err_t err;
- /* Pack the token information in the token structure */
- s_token.token = token;
- s_token.token_size = token_size;
+ err = tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_get,
+ (uint32_t)&uid,
+ (uint32_t)data_offset,
+ (uint32_t)data_length,
+ (uint32_t)p_data);
- return tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_get_info,
- asset_uuid,
- (uint32_t)&s_token,
- (uint32_t)info,
- 0);
+ return TFM_SST_PSA_RETURN(err);
}
-enum psa_sst_err_t psa_sst_get_attributes(uint32_t asset_uuid,
- const uint8_t *token,
- uint32_t token_size,
- struct psa_sst_asset_attrs_t *attrs)
+psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info)
{
- struct tfm_sst_token_t s_token;
+ enum tfm_sst_err_t err;
- /* Pack the token information in the token structure */
- s_token.token = token;
- s_token.token_size = token_size;
+ err = tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_get_info,
+ (uint32_t)&uid,
+ (uint32_t)p_info,
+ (uint32_t)0,
+ (uint32_t)0);
- return tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_get_attributes,
- asset_uuid,
- (uint32_t)&s_token,
- (uint32_t)attrs,
- 0);
+ return TFM_SST_PSA_RETURN(err);
}
-enum psa_sst_err_t psa_sst_set_attributes(uint32_t asset_uuid,
- const uint8_t *token,
- uint32_t token_size,
- const struct psa_sst_asset_attrs_t *attrs)
+psa_ps_status_t psa_ps_remove(psa_ps_uid_t uid)
{
- struct tfm_sst_token_t s_token;
+ enum tfm_sst_err_t err;
- /* Pack the token information in the token structure */
- s_token.token = token;
- s_token.token_size = token_size;
+ err = tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_remove,
+ (uint32_t)&uid,
+ (uint32_t)0,
+ (uint32_t)0,
+ (uint32_t)0);
- return tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_set_attributes,
- asset_uuid,
- (uint32_t)&s_token,
- (uint32_t)attrs,
- 0);
+ return TFM_SST_PSA_RETURN(err);
}
-enum psa_sst_err_t psa_sst_read(uint32_t asset_uuid,
- const uint8_t *token,
- uint32_t token_size,
- uint32_t size,
- uint32_t offset,
- uint8_t *data)
+psa_ps_status_t psa_ps_create(psa_ps_uid_t uid, uint32_t size,
+ psa_ps_create_flags_t create_flags)
{
- struct tfm_sst_token_t s_token;
- struct tfm_sst_buf_t s_data;
-
- /* Pack the token information in the token structure */
- s_token.token = token;
- s_token.token_size = token_size;
-
- /* Pack buffer information in the buffer structure */
- s_data.size = size;
- s_data.offset = offset;
- s_data.data = data;
-
- return tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_read,
- SST_DIRECT_CLIENT_READ,
- asset_uuid,
- (uint32_t)&s_token,
- (uint32_t)&s_data);
+ (void)uid, (void)size, (void)create_flags;
+ return PSA_PS_ERROR_NOT_SUPPORTED;
}
-enum psa_sst_err_t psa_sst_write(uint32_t asset_uuid,
- const uint8_t *token,
- uint32_t token_size,
- uint32_t size,
- uint32_t offset,
- const uint8_t *data)
+psa_ps_status_t psa_ps_set_extended(psa_ps_uid_t uid, uint32_t data_offset,
+ uint32_t data_length, const void *p_data)
{
- struct tfm_sst_token_t s_token;
- struct tfm_sst_buf_t s_data;
-
- /* Pack the token information in the token structure */
- s_token.token = token;
- s_token.token_size = token_size;
-
- /* Pack buffer information in the buffer structure */
- s_data.size = size;
- s_data.offset = offset;
- s_data.data = (uint8_t *)data;
-
- return tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_write,
- asset_uuid,
- (uint32_t)&s_token,
- (uint32_t)&s_data,
- 0);
+ (void)uid, (void)data_offset, (void)data_length, (void)p_data;
+ return PSA_PS_ERROR_NOT_SUPPORTED;
}
-enum psa_sst_err_t psa_sst_delete(uint32_t asset_uuid,
- const uint8_t *token,
- uint32_t token_size)
+uint32_t psa_ps_get_support(void)
{
- struct tfm_sst_token_t s_token;
+ uint32_t support_flags;
- /* Pack the token information in the token structure */
- s_token.token = token;
- s_token.token_size = token_size;
+ /* Initialise support_flags to a sensible default, to avoid returning an
+ * uninitialised value in case the secure function fails.
+ */
+ support_flags = 0;
- return tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_delete,
- asset_uuid,
- (uint32_t)&s_token,
- 0, 0);
+ /* The PSA API does not return an error, so any error from TF-M is
+ * ignored.
+ */
+ (void)tfm_ns_lock_dispatch((veneer_fn)tfm_sst_veneer_get_support,
+ (uint32_t)&support_flags,
+ (uint32_t)0,
+ (uint32_t)0,
+ (uint32_t)0);
+
+ return support_flags;
}