TF-M Reference Manual  1.2.0
TrustedFirmware-M
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
tfm_its_secure_api.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2019, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
9 #include "tfm_api.h"
10 
11 #ifdef TFM_PSA_API
12 #include "psa/client.h"
13 #include "psa_manifest/sid.h"
14 #else
15 #include "tfm_veneers.h"
16 #endif
17 
18 #define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0]))
19 
20 __attribute__((section("SFN")))
22  size_t data_length,
23  const void *p_data,
24  psa_storage_create_flags_t create_flags)
25 {
26  psa_status_t status;
27 #ifdef TFM_PSA_API
28  psa_handle_t handle;
29 #endif
30 
31  psa_invec in_vec[] = {
32  { .base = &uid, .len = sizeof(uid) },
33  { .base = p_data, .len = data_length },
34  { .base = &create_flags, .len = sizeof(create_flags) }
35  };
36 
37 #ifdef TFM_PSA_API
39  if (!PSA_HANDLE_IS_VALID(handle)) {
41  }
42 
43  status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), NULL, 0);
44 
45  psa_close(handle);
46 #else
47  status = tfm_tfm_its_set_req_veneer(in_vec, IOVEC_LEN(in_vec), NULL, 0);
48 #endif
49 
50  /* A parameter with a buffer pointer where its data length is longer than
51  * maximum permitted, it is treated as a secure violation.
52  * TF-M framework rejects the request with TFM_ERROR_INVALID_PARAMETER.
53  * The ITS secure PSA implementation returns PSA_ERROR_INVALID_ARGUMENT in
54  * that case.
55  */
58  }
59 
60  return status;
61 }
62 
63 __attribute__((section("SFN")))
65  size_t data_offset,
66  size_t data_size,
67  void *p_data,
68  size_t *p_data_length)
69 {
70  psa_status_t status;
71 #ifdef TFM_PSA_API
72  psa_handle_t handle;
73 #endif
74 
75  psa_invec in_vec[] = {
76  { .base = &uid, .len = sizeof(uid) },
77  { .base = &data_offset, .len = sizeof(data_offset) }
78  };
79 
80  psa_outvec out_vec[] = {
81  { .base = p_data, .len = data_size }
82  };
83 
84  if (p_data_length == NULL) {
86  }
87 
88 #ifdef TFM_PSA_API
90  if (!PSA_HANDLE_IS_VALID(handle)) {
92  }
93 
94  status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
95  IOVEC_LEN(out_vec));
96 
97  psa_close(handle);
98 #else
99  status = tfm_tfm_its_get_req_veneer(in_vec, IOVEC_LEN(in_vec),
100  out_vec, IOVEC_LEN(out_vec));
101 #endif
102 
103  /* A parameter with a buffer pointer where its data length is longer than
104  * maximum permitted or a parameter with a null pointer, it is treated as a
105  * secure violation.
106  * TF-M framework rejects the request with TFM_ERROR_INVALID_PARAMETER.
107  * The ITS secure PSA implementation returns PSA_ERROR_INVALID_ARGUMENT in
108  * that case.
109  */
110  if (status == (psa_status_t)TFM_ERROR_INVALID_PARAMETER) {
112  }
113 
114  *p_data_length = out_vec[0].len;
115 
116  return status;
117 }
118 
119 __attribute__((section("SFN")))
121  struct psa_storage_info_t *p_info)
122 {
123  psa_status_t status;
124 #ifdef TFM_PSA_API
125  psa_handle_t handle;
126 #endif
127 
128  psa_invec in_vec[] = {
129  { .base = &uid, .len = sizeof(uid) }
130  };
131 
132  psa_outvec out_vec[] = {
133  { .base = p_info, .len = sizeof(*p_info) }
134  };
135 
136 #ifdef TFM_PSA_API
138  if (!PSA_HANDLE_IS_VALID(handle)) {
140  }
141 
142  status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
143  IOVEC_LEN(out_vec));
144 
145  psa_close(handle);
146 #else
147  status = tfm_tfm_its_get_info_req_veneer(in_vec, IOVEC_LEN(in_vec),
148  out_vec, IOVEC_LEN(out_vec));
149 #endif
150 
151  /* A parameter with a null pointer is treated as a secure violation.
152  * TF-M framework rejects the request with TFM_ERROR_INVALID_PARAMETER.
153  * The secure PSA ITS implementation returns PSA_ERROR_INVALID_ARGUMENT
154  * in that case.
155  */
156  if (status == (psa_status_t)TFM_ERROR_INVALID_PARAMETER) {
158  }
159 
160  return status;
161 }
162 
163 __attribute__((section("SFN")))
165 {
166  psa_status_t status;
167 #ifdef TFM_PSA_API
168  psa_handle_t handle;
169 #endif
170 
171  psa_invec in_vec[] = {
172  { .base = &uid, .len = sizeof(uid) }
173  };
174 
175 #ifdef TFM_PSA_API
177  if (!PSA_HANDLE_IS_VALID(handle)) {
179  }
180 
181  status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), NULL, 0);
182 
183  psa_close(handle);
184 
185 #else
186  status = tfm_tfm_its_remove_req_veneer(in_vec, IOVEC_LEN(in_vec), NULL, 0);
187 #endif
188 
189  return status;
190 }
#define TFM_ITS_GET_INFO_VERSION
Definition: sid.h:35
psa_status_t psa_its_get(psa_storage_uid_t uid, size_t data_offset, size_t data_size, void *p_data, size_t *p_data_length)
Retrieve data associated with a provided UID.
void * base
Definition: client.h:75
#define IOVEC_LEN(x)
#define TFM_ITS_REMOVE_SID
Definition: sid.h:36
psa_status_t psa_its_remove(psa_storage_uid_t uid)
Remove the provided uid and its associated data from the storage.
psa_status_t psa_its_set(psa_storage_uid_t uid, size_t data_length, const void *p_data, psa_storage_create_flags_t create_flags)
Create a new, or modify an existing, uid/value pair.
void psa_close(psa_handle_t handle)
Close a connection to an RoT Service.
Definition: psa_client.c:63
#define TFM_ITS_GET_SID
Definition: sid.h:32
#define PSA_ERROR_GENERIC_ERROR
Definition: crypto_values.h:43
#define PSA_ERROR_INVALID_ARGUMENT
#define TFM_ITS_GET_INFO_SID
Definition: sid.h:34
#define TFM_ITS_SET_VERSION
Definition: sid.h:31
psa_handle_t psa_connect(uint32_t sid, uint32_t version)
Connect to an RoT Service by its SID.
Definition: psa_client.c:30
#define PSA_HANDLE_IS_VALID(handle)
Definition: client.h:43
#define TFM_ITS_SET_SID
Definition: sid.h:30
psa_status_t psa_its_get_info(psa_storage_uid_t uid, struct psa_storage_info_t *p_info)
Retrieve the metadata about the provided uid.
#define TFM_ITS_REMOVE_VERSION
Definition: sid.h:37
size_t len
Definition: client.h:76
int32_t psa_handle_t
Definition: client.h:61
uint64_t psa_storage_uid_t
#define PSA_IPC_CALL
Definition: client.h:59
#define TFM_ITS_GET_VERSION
Definition: sid.h:33
const void * base
Definition: client.h:67
uint32_t psa_storage_create_flags_t
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:43
psa_status_t psa_call(psa_handle_t handle, int32_t type, const psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len)
Call an RoT Service on an established connection.
Definition: psa_client.c:47