AuditLog: Align the implementation to the PSA header
This change modifies the AuditLog service implementation
to reflect the changes introduced by the PSA compliant API
interface. The symbol name patterns for functions, variables,
folders and source files are also changed to be audit_* /
tfm_audit*.
Change-Id: I674060979961f568912870f49a72ed571499f059
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
diff --git a/interface/include/audit_wrappers.h b/interface/include/audit_wrappers.h
new file mode 100644
index 0000000..ec98144
--- /dev/null
+++ b/interface/include/audit_wrappers.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __AUDIT_WRAPPERS_H__
+#define __AUDIT_WRAPPERS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*!
+ * \struct audit_core_retrieve_input
+ *
+ * \brief Input structure for the audit_core_retrieve_record_wrapper function
+ *
+ */
+struct audit_core_retrieve_input {
+ const uint32_t record_index; /*!< Index of the record to retrieve */
+ const uint32_t buffer_size; /*!< Size in bytes of the provided buffer */
+ const uint8_t *token; /*!< Must be set to NULL. Token used as a
+ * challenge for encryption, to protect
+ * against rollback attacks
+ */
+ const uint32_t token_size; /*!< Must be set to 0. Size in bytes of the
+ * token used as challenge
+ */
+};
+
+/*!
+ * \struct audit_core_retrieve_output
+ *
+ * \brief Output structure for the audit_core_retrieve_record_wrapper function
+ *
+ */
+struct audit_core_retrieve_output {
+ uint8_t *buffer; /*!< Buffer used to store the retrieved record */
+ uint32_t *record_size; /*!< Size in bytes of the retrieved record */
+};
+
+/*!
+ * \brief This function is a TF-M compatible wrapper for the
+ * \ref audit_core_retrieve_record implemented in the Audit log
+ * core functions
+ *
+ * \param[in] input_s Pointer to the structure containing input parameters
+ * associated with \ref psa_audit_retrieve_record
+ * \param[out] output_s Pointer to the structure containing output parameters
+ * associated with \ref psa_audit_retrieve_record
+ *
+ */
+enum psa_audit_err audit_core_retrieve_record_wrapper(
+ const struct audit_core_retrieve_input *input_s,
+ struct audit_core_retrieve_output *output_s);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __AUDIT_WRAPPERS_H__ */
diff --git a/interface/include/tfm_audit_veneers.h b/interface/include/tfm_audit_veneers.h
new file mode 100644
index 0000000..45dc42c
--- /dev/null
+++ b/interface/include/tfm_audit_veneers.h
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_AUDIT_VENEERS_H__
+#define __TFM_AUDIT_VENEERS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdint.h>
+#include "psa_audit_defs.h"
+#include "audit_wrappers.h"
+
+/**
+ * \brief Retrieves a record at the specified index (Veneer)
+ *
+ * \details The function retrieves an item specified by index and returns
+ * it on the buffer provided. The token is passed as a challenge
+ * value for the encryption scheme
+ *
+ * \note Currently the cryptography support is not yet enabled, so the
+ * token value is not used and must be passed as NULL, with 0 size
+ *
+ * \param[in] input_s Pointer to the structure containing input parameters
+ * associated with \ref psa_audit_retrieve_record
+ * \param[out] output_s Pointer to the structure containing output parameters
+ * associated with \ref psa_audit_retrieve_record
+ *
+ * \return Returns values as specified by the \ref psa_audit_err
+ *
+ */
+enum psa_audit_err tfm_audit_veneer_retrieve_record(
+ const struct audit_core_retrieve_input *input_s,
+ struct audit_core_retrieve_output *output_s);
+/**
+ * \brief Adds a record (Veneer)
+ *
+ * \details This function adds a record. This is a Secure only callable function
+ *
+ * \note This is a Secure only callable API, Non-Secure calls will
+ * always return error
+ *
+ * \param[in] record Pointer to the memory buffer containing the record
+ * to be added
+ *
+ * \return Returns values as specified by the \ref psa_audit_err
+ *
+ */
+enum psa_audit_err tfm_audit_veneer_add_record(
+ const struct psa_audit_record *record);
+
+/**
+ * \brief Returns the total number and size of the records stored (Veneer)
+ *
+ * \details The function returns the total size in bytes and the
+ * total number of records stored
+ *
+ * \param[out] num_records Total number of records stored
+ * \param[out] size Total size of the records stored, in bytes
+ *
+ * \return Returns values as specified by the \ref psa_audit_err
+ *
+ */
+enum psa_audit_err tfm_audit_veneer_get_info(uint32_t *num_records,
+ uint32_t *size);
+/**
+ * \brief Returns the size of the record at the specified index (Veneer)
+ *
+ * \details The function returns the size of the record at the given index
+ * provided as input
+ *
+ * \param[in] record_index Index of the record to return the size
+ * \param[out] size Size of the specified record, in bytes
+ *
+ * \return Returns values as specified by the \ref psa_audit_err
+ *
+ */
+enum psa_audit_err tfm_audit_veneer_get_record_info(const uint32_t record_index,
+ uint32_t *size);
+/**
+ * \brief Deletes a record at the specified index (Veneer)
+ *
+ * \details The function removes a record at the specified index. It passes
+ * an authorisation token for removal which is a MAC of the plain text
+ *
+ * \note Currently the cryptography support is not yet enabled, so the
+ * token value is not used and must be passed as NULL, with 0 size
+ *
+ * \note This is an experimental API function
+ *
+ * \param[in] record_index Index of the record to be removed. Currently, only
+ * the removal of the oldest entry, i.e. record_index 0
+ * is supported
+ * \param[in] token Must be set to NULL. Token used as authorisation for
+ * removal of the specified record_index
+ * \param[in] token_size Must be set to 0. Size in bytes of the token used as
+ * authorisation for removal
+ *
+ * \return Returns values as specified by the \ref psa_audit_err
+ *
+ */
+enum psa_audit_err tfm_audit_veneer_delete_record(const uint32_t record_index,
+ const uint8_t *token,
+ const uint32_t token_size);
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_AUDIT_VENEERS_H__ */
diff --git a/interface/include/tfm_log_api.h b/interface/include/tfm_log_api.h
deleted file mode 100644
index 6b7d0e6..0000000
--- a/interface/include/tfm_log_api.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __TFM_LOG_API__
-#define __TFM_LOG_API__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "tfm_log_defs.h"
-
-/**
- * \brief Retrieves the audit log
- *
- * \details The function reads the audit log into the buffer provided.
- * If provided buffer size is too small to fit the full log,
- * the function will read the maximum number of items in the
- * log that fit the available space in the buffer
- *
- * \param[in] size Maximum number of bytes to retrieve from the log
- * \param[in] start Index of element from where to start retrieval
- * \param[out] buffer Pointer to the buffer that will hold the log
- * \param[out] info Pointer to the \ref tfm_log_info structure
- * contained information related to the retrieved
- * portion of the log (size and number of items)
- *
- * \return Returns TFM_LOG_ERR_SUCCESS if retrieval has been completed,
- * otherwise error as specified in \ref tfm_log_err
- *
- * \note If start is equal to TFM_ALG_READ_RECENT, the function will
- * retrieve the most recent elements that fit the provided size
- */
-enum tfm_log_err tfm_log_retrieve(uint32_t size,
- int32_t start,
- uint8_t *buffer,
- struct tfm_log_info *info);
-
-/**
- * \brief Gets the log information
- *
- * \param[out] info Pointer to the \ref tfm_log_info structure that
- * holds the current log size (both in bytes and items)
- *
- * \return Returns TFM_LOG_ERR_SUCCESS if reading has been completed,
- * otherwise error as specified in \ref tfm_log_err
- */
-enum tfm_log_err tfm_log_get_info(struct tfm_log_info *info);
-
-/**
- * \brief Deletes one or more elements from the head of the log
- *
- * \param[in] num_items Number of elements to be deleted
- * \param[out] rem_items Pointer to the number of elements removed. This
- * value indicates the number of elements actually
- * removed from the log. In case the number of items
- * stored is less than the number of items requested
- * to remove, this value will reflect the number of
- * items effectively removed.
- *
- * \return Returns TFM_LOG_ERR_SUCCESS if removal has been completed,
- * otherwise error as specified in \ref tfm_log_err
- */
-enum tfm_log_err tfm_log_delete_items(uint32_t num_items,
- uint32_t *rem_items);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __TFM_LOG_API__ */
diff --git a/interface/include/tfm_log_defs.h b/interface/include/tfm_log_defs.h
deleted file mode 100644
index 5153891..0000000
--- a/interface/include/tfm_log_defs.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __TFM_LOG_DEFS_H__
-#define __TFM_LOG_DEFS_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <stdint.h>
-#include "tfm_api.h"
-#include "limits.h"
-
-/*!
- * \def TFM_LOG_READ_RECENT
- *
- * \brief Special value used in the log retrieval API to indicate
- * that data should be read up to the most recent entry
- */
-#define TFM_LOG_READ_RECENT (-1)
-
-/*!
- * \struct tfm_log_info
- *
- * \brief Structure containing information related to the size in bytes
- * and number of items retrieved or available in the audit log
- */
-struct tfm_log_info {
- uint32_t size; /*!< Size in bytes of items retrieved or available */
- uint32_t num_items; /*!< Number of items retrieved or available */
-};
-
-/* The return value is shared with the TFM partition status value. The LOG
- * return codes shouldn't overlap with predefined TFM status values.
- */
-#define TFM_LOG_ERR_OFFSET (TFM_PARTITION_SPECIFIC_ERROR_MIN)
-
-enum tfm_log_err {
- TFM_LOG_ERR_SUCCESS = 0,
- TFM_LOG_ERR_FAILURE = TFM_LOG_ERR_OFFSET,
-
- /* Following entry is only to ensure the error code of int size */
- TFM_LOG_ERR_FORCE_INT_SIZE = INT_MAX
-};
-
-/*!
- * \struct tfm_log_line
- *
- * \brief The part of the log line which has to be
- * provided by the secure service that wants
- * to add information to the log
- */
-struct tfm_log_line {
- uint32_t size; /*!< Size in bytes of the three following fields */
- uint32_t function_id; /*!< ID of the function requested */
- uint32_t arg[4]; /*!< [r0,r1,r2,r3] arguments to the function */
- uint8_t payload[]; /*!< Flexible array member for payload */
-};
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __TFM_LOG_DEFS_H__ */
diff --git a/interface/include/tfm_log_veneers.h b/interface/include/tfm_log_veneers.h
deleted file mode 100644
index 043f611..0000000
--- a/interface/include/tfm_log_veneers.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __TFM_LOG_VENEERS_H__
-#define __TFM_LOG_VENEERS_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <stdint.h>
-#include "tfm_log_defs.h"
-
-/**
- * \brief Retrieves the audit log
- *
- * \details The function reads the audit log into the buffer provided.
- * If provided buffer size is too small to fit the full log,
- * the function will read the maximum number of items in the
- * log that fit the available space in the buffer
- *
- * \param[in] size Maximum number of bytes to retrieve from the log
- * \param[in] start Index of element from where to start retrieval
- * \param[out] buffer Pointer to the buffer that will hold the log
- * \param[out] info Pointer to the \ref tfm_log_info structure
- * contained information related to the retrieved
- * portion of the log (size and number of items)
- *
- * \return Returns TFM_LOG_ERR_SUCCESS if retrieval has been completed,
- * otherwise error as specified in \ref tfm_log_err
- *
- * \note If start is equal to TFM_ALG_READ_RECENT, the function will
- * retrieve the most recent elements that fit the provided size
- */
-enum tfm_log_err tfm_log_veneer_retrieve(uint32_t size,
- int32_t start,
- uint8_t *buffer,
- struct tfm_log_info *info);
-/**
- * \brief Adds a log entry
- *
- * \param[in] line Pointer to the line to be added. This memory must
- * be accessible by the audit logging service.
- *
- * \return Returns TFM_LOG_ERR_SUCCESS if addition has been completed
- * otherwise error as specified in \ref tfm_log_err
- *
- * \note This is a secure only callable API, NS calls will always
- * return error
- */
-enum tfm_log_err tfm_log_veneer_add_line(struct tfm_log_line *line);
-
-/**
- * \brief Gets the log information
- *
- * \param[out] info Pointer to the \ref tfm_log_info structure that
- * holds the current log size (both in bytes and items)
- *
- * \return Returns TFM_LOG_ERR_SUCCESS if reading has been completed,
- * otherwise error as specified in \ref tfm_log_err
- */
-enum tfm_log_err tfm_log_veneer_get_info(struct tfm_log_info *info);
-
-/**
- * \brief Deletes one or more elements from the head of the log
- *
- * \param[in] num_items Number of elements to be deleted
- * \param[out] rem_items Pointer to the number of elements removed. This
- * value indicates the number of elements actually
- * removed from the log. In case the number of items
- * stored is less than the number of items requested
- * to remove, this value will reflect the number of
- * items effectively removed.
- *
- * \return Returns TFM_LOG_ERR_SUCCESS if removal has been completed,
- * otherwise error as specified in \ref tfm_log_err
- */
-enum tfm_log_err tfm_log_veneer_delete_items(uint32_t num_items,
- uint32_t *rem_items);
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __TFM_LOG_VENEERS_H__ */
diff --git a/interface/src/tfm_audit_api.c b/interface/src/tfm_audit_api.c
new file mode 100644
index 0000000..2a69582
--- /dev/null
+++ b/interface/src/tfm_audit_api.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "tfm_audit_veneers.h"
+#include "psa_audit_api.h"
+#include "tfm_ns_lock.h"
+#include "audit_wrappers.h"
+
+enum psa_audit_err psa_audit_retrieve_record(const uint32_t record_index,
+ const uint32_t buffer_size,
+ const uint8_t *token,
+ const uint32_t token_size,
+ uint8_t *buffer,
+ uint32_t *record_size)
+{
+ const struct audit_core_retrieve_input input_s =
+ {.record_index = record_index,
+ .buffer_size = buffer_size,
+ .token = token,
+ .token_size = token_size};
+
+ struct audit_core_retrieve_output output_s = {.buffer = buffer,
+ .record_size = record_size};
+
+ return tfm_ns_lock_dispatch((veneer_fn)tfm_audit_veneer_retrieve_record,
+ (uint32_t)&input_s,
+ (uint32_t)&output_s,
+ 0,
+ 0);
+}
+
+enum psa_audit_err psa_audit_get_info(uint32_t *num_records,
+ uint32_t *size)
+{
+ return tfm_ns_lock_dispatch((veneer_fn)tfm_audit_veneer_get_info,
+ (uint32_t)num_records,
+ (uint32_t)size,
+ 0,
+ 0);
+}
+
+enum psa_audit_err psa_audit_get_record_info(const uint32_t record_index,
+ uint32_t *size)
+{
+ return tfm_ns_lock_dispatch((veneer_fn)tfm_audit_veneer_get_record_info,
+ (uint32_t)record_index,
+ (uint32_t)size,
+ 0,
+ 0);
+}
+
+enum psa_audit_err psa_audit_delete_record(const uint32_t record_index,
+ const uint8_t *token,
+ const uint32_t token_size)
+{
+ return tfm_ns_lock_dispatch((veneer_fn)tfm_audit_veneer_delete_record,
+ (uint32_t)record_index,
+ (uint32_t)token,
+ (uint32_t)token_size,
+ 0);
+}
+
+enum psa_audit_err psa_audit_add_record(const struct psa_audit_record *record)
+{
+ /* This API supports only Secure world calls. As this is the implementation
+ * of the Non-Secure interface, always directly return an error without
+ * routing the call to TF-M in the Secure world
+ */
+ return PSA_AUDIT_ERR_NOT_SUPPORTED;
+}
diff --git a/interface/src/tfm_log_api.c b/interface/src/tfm_log_api.c
deleted file mode 100644
index c6b27e7..0000000
--- a/interface/src/tfm_log_api.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#include "tfm_log_veneers.h"
-#include "tfm_log_defs.h"
-#include "tfm_ns_lock.h"
-
-enum tfm_log_err tfm_log_retrieve(uint32_t size,
- int32_t start,
- uint8_t *buffer,
- struct tfm_log_info *info)
-{
- return tfm_ns_lock_dispatch((veneer_fn)tfm_log_veneer_retrieve,
- size,
- (uint32_t)start,
- (uint32_t)buffer,
- (uint32_t)info);
-}
-
-enum tfm_log_err tfm_log_get_info(struct tfm_log_info *info)
-{
- return tfm_ns_lock_dispatch((veneer_fn)tfm_log_veneer_get_info,
- (uint32_t)info,
- 0,
- 0,
- 0);
-}
-
-enum tfm_log_err tfm_log_delete_items(uint32_t num_items,
- uint32_t *rem_items)
-{
- return tfm_ns_lock_dispatch((veneer_fn)tfm_log_veneer_delete_items,
- num_items,
- (uint32_t)rem_items,
- 0,
- 0);
-}