SST: Implement PSA Protected Storage 1.0
Refactors SST to implement PSA Protected Storage version 1.0.
Change-Id: I967375e98799a465069525f203881f5331d6d84a
Signed-off-by: Galanakis, Minos <minos.galanakis@arm.com>
diff --git a/interface/src/tfm_sst_ipc_api.c b/interface/src/tfm_sst_ipc_api.c
index 9ef95ff..8d0dc43 100644
--- a/interface/src/tfm_sst_ipc_api.c
+++ b/interface/src/tfm_sst_ipc_api.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -13,13 +13,12 @@
#define IOVEC_LEN(x) (uint32_t)(sizeof(x)/sizeof(x[0]))
-psa_ps_status_t psa_ps_set(psa_ps_uid_t uid,
- uint32_t data_length,
- const void *p_data,
- psa_ps_create_flags_t create_flags)
+psa_status_t psa_ps_set(psa_storage_uid_t uid,
+ size_t data_length,
+ const void *p_data,
+ psa_storage_create_flags_t create_flags)
{
psa_status_t status;
- psa_ps_status_t err;
psa_handle_t handle;
psa_invec in_vec[] = {
@@ -28,34 +27,34 @@
{ .base = &create_flags, .len = sizeof(create_flags) }
};
- psa_outvec out_vec[] = {
- { .base = &err , .len = sizeof(err) }
- };
-
handle = psa_connect(TFM_SST_SET_SID, TFM_SST_SET_VERSION);
if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_PS_ERROR_OPERATION_FAILED;
+ return PSA_ERROR_GENERIC_ERROR;
}
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
+ status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec),
+ NULL, 0);
psa_close(handle);
- if (status != PSA_SUCCESS) {
- return PSA_PS_ERROR_OPERATION_FAILED;
+ /* A parameter with a buffer pointer pointer that has data length longer
+ * than maximum permitted is treated as a secure violation.
+ * TF-M framework rejects the request with TFM_ERROR_INVALID_PARAMETER.
+ */
+ if (status == (psa_status_t)TFM_ERROR_INVALID_PARAMETER) {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
- return err;
+ return status;
}
-psa_ps_status_t psa_ps_get(psa_ps_uid_t uid,
- uint32_t data_offset,
- uint32_t data_length,
- void *p_data)
+psa_status_t psa_ps_get(psa_storage_uid_t uid,
+ size_t data_offset,
+ size_t data_size,
+ void *p_data,
+ size_t *p_data_length)
{
psa_status_t status;
- psa_ps_status_t err;
psa_handle_t handle;
psa_invec in_vec[] = {
@@ -64,13 +63,16 @@
};
psa_outvec out_vec[] = {
- { .base = &err, .len = sizeof(err) },
- { .base = p_data, .len = data_length }
+ { .base = p_data, .len = data_size }
};
+ if (p_data_length == NULL) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
handle = psa_connect(TFM_SST_GET_SID, TFM_SST_GET_VERSION);
if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_PS_ERROR_OPERATION_FAILED;
+ return PSA_ERROR_GENERIC_ERROR;
}
status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
@@ -78,17 +80,15 @@
psa_close(handle);
- if (status != PSA_SUCCESS) {
- return PSA_PS_ERROR_OPERATION_FAILED;
- }
+ *p_data_length = out_vec[0].len;
- return err;
+ return status;
}
-psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info)
+psa_status_t psa_ps_get_info(psa_storage_uid_t uid,
+ struct psa_storage_info_t *p_info)
{
psa_status_t status;
- psa_ps_status_t err;
psa_handle_t handle;
psa_invec in_vec[] = {
@@ -96,13 +96,12 @@
};
psa_outvec out_vec[] = {
- { .base = &err, .len = sizeof(err) },
{ .base = p_info, .len = sizeof(*p_info) }
};
handle = psa_connect(TFM_SST_GET_INFO_SID, TFM_SST_GET_INFO_VERSION);
if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_PS_ERROR_OPERATION_FAILED;
+ return PSA_ERROR_GENERIC_ERROR;
}
status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
@@ -110,63 +109,51 @@
psa_close(handle);
- if (status != PSA_SUCCESS) {
- return PSA_PS_ERROR_OPERATION_FAILED;
- }
-
- return err;
+ return status;
}
-psa_ps_status_t psa_ps_remove(psa_ps_uid_t uid)
+psa_status_t psa_ps_remove(psa_storage_uid_t uid)
{
psa_status_t status;
- psa_ps_status_t err;
psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
};
- psa_outvec out_vec[] = {
- { .base = &err, .len = sizeof(err) }
- };
handle = psa_connect(TFM_SST_REMOVE_SID, TFM_SST_REMOVE_VERSION);
if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_PS_ERROR_OPERATION_FAILED;
+ return PSA_ERROR_GENERIC_ERROR;
}
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
+ status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec),
+ NULL, 0);
psa_close(handle);
- if (status != PSA_SUCCESS) {
- return PSA_PS_ERROR_OPERATION_FAILED;
- }
-
- return err;
+ return status;
}
-psa_ps_status_t psa_ps_create(psa_ps_uid_t uid, uint32_t size,
- psa_ps_create_flags_t create_flags)
+psa_status_t psa_ps_create(psa_storage_uid_t uid, size_t size,
+ psa_storage_create_flags_t create_flags)
{
(void)uid;
(void)size;
(void)create_flags;
- return PSA_PS_ERROR_NOT_SUPPORTED;
+ return PSA_ERROR_NOT_SUPPORTED;
}
-psa_ps_status_t psa_ps_set_extended(psa_ps_uid_t uid, uint32_t data_offset,
- uint32_t data_length, const void *p_data)
+psa_status_t psa_ps_set_extended(psa_storage_uid_t uid, size_t data_offset,
+ size_t data_length, const void *p_data)
{
(void)uid;
(void)data_offset;
(void)data_length;
(void)p_data;
- return PSA_PS_ERROR_NOT_SUPPORTED;
+ return PSA_ERROR_NOT_SUPPORTED;
}
uint32_t psa_ps_get_support(void)