From 200636f59c25018b99774be301e00f4d91620a5a Mon Sep 17 00:00:00 2001 From: David Saada Date: Mon, 3 Jun 2019 16:32:55 +0300 Subject: [PATCH] PSA protected storage: Add encrypt & RB protect flags by default to set. --- .../common/psa_storage_common_impl.cpp | 11 +--------- .../storage/common/psa_storage_common_impl.h | 2 +- .../its/COMPONENT_PSA_SRV_IMPL/pits_impl.cpp | 4 ++++ .../ps/COMPONENT_NSPE/protected_storage.cpp | 20 +++++++++++++++++-- 4 files changed, 24 insertions(+), 13 deletions(-) diff --git a/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.cpp b/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.cpp index 831073e755..2f38679ead 100644 --- a/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.cpp +++ b/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.cpp @@ -185,12 +185,8 @@ static void generate_fn(char *tdb_filename, uint32_t tdb_filename_size, psa_stor psa_status_t psa_storage_set_impl(KVStore *kvstore, int32_t pid, psa_storage_uid_t uid, uint32_t data_length, const void *p_data, - psa_storage_create_flags_t create_flags) + uint32_t kv_create_flags) { - if ((create_flags & (~FLAGS_MSK)) != 0) { - return PSA_ERROR_NOT_SUPPORTED; - } - if (uid == 0) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -198,11 +194,6 @@ psa_status_t psa_storage_set_impl(KVStore *kvstore, int32_t pid, psa_storage_uid char kv_key[PSA_STORAGE_FILE_NAME_MAX] = {'\0'}; generate_fn(kv_key, PSA_STORAGE_FILE_NAME_MAX, uid, pid); - uint32_t kv_create_flags = 0; - if (create_flags & PSA_STORAGE_FLAG_WRITE_ONCE) { - kv_create_flags = KVStore::WRITE_ONCE_FLAG; - } - int status = kvstore->set(kv_key, p_data, data_length, kv_create_flags); return convert_status(status); diff --git a/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.h b/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.h index b8881ea6ac..50c86963da 100644 --- a/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.h +++ b/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.h @@ -36,7 +36,7 @@ typedef psa_status_t (*migrate_func_t)(mbed::KVStore *kvstore, const psa_storage void psa_storage_handle_version(mbed::KVStore *kvstore, const char *version_key, const psa_storage_version_t *version, migrate_func_t migrate_func); -psa_status_t psa_storage_set_impl(mbed::KVStore *kvstore, int32_t pid, psa_storage_uid_t uid, uint32_t data_length, const void *p_data, psa_storage_create_flags_t create_flags); +psa_status_t psa_storage_set_impl(mbed::KVStore *kvstore, int32_t pid, psa_storage_uid_t uid, uint32_t data_length, const void *p_data, uint32_t kv_create_flags); psa_status_t psa_storage_get_impl(mbed::KVStore *kvstore, int32_t pid, psa_storage_uid_t uid, uint32_t data_offset, uint32_t data_length, void *p_data); psa_status_t psa_storage_get_info_impl(mbed::KVStore *kvstore, int32_t pid, psa_storage_uid_t uid, struct psa_storage_info_t *p_info); psa_status_t psa_storage_remove_impl(mbed::KVStore *kvstore, int32_t pid, psa_storage_uid_t uid); diff --git a/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/pits_impl.cpp b/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/pits_impl.cpp index bba98ff1ab..106e9bd7e4 100644 --- a/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/pits_impl.cpp +++ b/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/pits_impl.cpp @@ -87,6 +87,10 @@ psa_status_t psa_its_set_impl(int32_t pid, psa_storage_uid_t uid, uint32_t data_ its_init(); } + if (create_flags & ~PSA_STORAGE_FLAG_WRITE_ONCE) { + return PSA_ERROR_NOT_SUPPORTED; + } + return psa_storage_set_impl(kvstore, pid, uid, data_length, p_data, create_flags); } diff --git a/components/TARGET_PSA/services/storage/ps/COMPONENT_NSPE/protected_storage.cpp b/components/TARGET_PSA/services/storage/ps/COMPONENT_NSPE/protected_storage.cpp index 794e8dd7e9..8555a2fc73 100644 --- a/components/TARGET_PSA/services/storage/ps/COMPONENT_NSPE/protected_storage.cpp +++ b/components/TARGET_PSA/services/storage/ps/COMPONENT_NSPE/protected_storage.cpp @@ -39,6 +39,7 @@ extern "C" #define PSA_PS_GLOBAL_PID 1 static KVStore *kvstore = NULL; +static uint32_t def_kvstore_flags = 0; MBED_WEAK psa_status_t ps_version_migrate(KVStore *kvstore, const psa_storage_version_t *old_version, const psa_storage_version_t *new_version) @@ -61,12 +62,18 @@ static void ps_init(void) KVMap &kv_map = KVMap::get_instance(); psa_storage_version_t version = {PSA_PS_API_VERSION_MAJOR, PSA_PS_API_VERSION_MINOR}; kvstore = kv_map.get_main_kv_instance(STR_EXPAND(MBED_CONF_STORAGE_DEFAULT_KV)); - if (!kvstore) { + KVStore *int_kvstore = kv_map.get_internal_kv_instance(STR_EXPAND(MBED_CONF_STORAGE_DEFAULT_KV));; + if (!kvstore || !int_kvstore) { // Can only happen due to system misconfiguration. // Thus considered as unrecoverable error for runtime. error("Failed getting kvstore instance\n"); } + def_kvstore_flags = 0; + if (kvstore != int_kvstore) { + def_kvstore_flags = KVStore::REQUIRE_CONFIDENTIALITY_FLAG | KVStore::REQUIRE_REPLAY_PROTECTION_FLAG; + } + psa_storage_handle_version(kvstore, PS_VERSION_KEY, &version, ps_version_migrate); } @@ -83,7 +90,16 @@ psa_status_t psa_ps_set(psa_storage_uid_t uid, uint32_t data_length, const void ps_init(); } - return psa_storage_set_impl(kvstore, PSA_PS_GLOBAL_PID, uid, data_length, p_data, create_flags); + if (create_flags & ~PSA_STORAGE_FLAG_WRITE_ONCE) { + return PSA_ERROR_NOT_SUPPORTED; + } + + uint32_t kv_create_flags = def_kvstore_flags; + if (create_flags & PSA_STORAGE_FLAG_WRITE_ONCE) { + kv_create_flags |= KVStore::WRITE_ONCE_FLAG; + } + + return psa_storage_set_impl(kvstore, PSA_PS_GLOBAL_PID, uid, data_length, p_data, kv_create_flags); } psa_status_t psa_ps_get(psa_storage_uid_t uid, uint32_t data_offset, uint32_t data_length, void *p_data)