PSA protected storage: Add encrypt & RB protect flags by default to set.

2019-06-03 16:32:55 +03:00 · 2019-06-03 16:32:55 +03:00 · dcd2c292af
parent f18e3364e9
commit dcd2c292af
4 changed files with 24 additions and 13 deletions
--- a/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.cpp
+++ b/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.cpp
@ -185,12 +185,8 @@ static void generate_fn(char *tdb_filename, uint32_t tdb_filename_size, psa_stor

 psa_status_t psa_storage_set_impl(KVStore *kvstore, int32_t pid, psa_storage_uid_t uid,
                                  uint32_t data_length, const void *p_data,
-                                  psa_storage_create_flags_t create_flags)
+                                  uint32_t kv_create_flags)
 {
-    if ((create_flags & (~FLAGS_MSK)) != 0) {
-        return PSA_ERROR_NOT_SUPPORTED;
-    }
-
    if (uid == 0) {
        return PSA_ERROR_INVALID_ARGUMENT;
    }
@ -198,11 +194,6 @@ psa_status_t psa_storage_set_impl(KVStore *kvstore, int32_t pid, psa_storage_uid
    char kv_key[PSA_STORAGE_FILE_NAME_MAX] = {'\0'};
    generate_fn(kv_key, PSA_STORAGE_FILE_NAME_MAX, uid, pid);

-    uint32_t kv_create_flags = 0;
-    if (create_flags & PSA_STORAGE_FLAG_WRITE_ONCE) {
-        kv_create_flags = KVStore::WRITE_ONCE_FLAG;
-    }
-
    int status = kvstore->set(kv_key, p_data, data_length, kv_create_flags);

    return convert_status(status);
--- a/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.h
+++ b/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.h
@ -36,7 +36,7 @@ typedef psa_status_t (*migrate_func_t)(mbed::KVStore *kvstore, const psa_storage

 void psa_storage_handle_version(mbed::KVStore *kvstore, const char *version_key, const psa_storage_version_t *version,
                                migrate_func_t migrate_func);
-psa_status_t psa_storage_set_impl(mbed::KVStore *kvstore, int32_t pid, psa_storage_uid_t uid, uint32_t data_length, const void *p_data, psa_storage_create_flags_t create_flags);
+psa_status_t psa_storage_set_impl(mbed::KVStore *kvstore, int32_t pid, psa_storage_uid_t uid, uint32_t data_length, const void *p_data, uint32_t kv_create_flags);
 psa_status_t psa_storage_get_impl(mbed::KVStore *kvstore, int32_t pid, psa_storage_uid_t uid, uint32_t data_offset, uint32_t data_length, void *p_data);
 psa_status_t psa_storage_get_info_impl(mbed::KVStore *kvstore, int32_t pid, psa_storage_uid_t uid, struct psa_storage_info_t *p_info);
 psa_status_t psa_storage_remove_impl(mbed::KVStore *kvstore, int32_t pid, psa_storage_uid_t uid);
--- a/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/pits_impl.cpp
+++ b/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/pits_impl.cpp
@ -87,6 +87,10 @@ psa_status_t psa_its_set_impl(int32_t pid, psa_storage_uid_t uid, uint32_t data_
        its_init();
    }

+    if (create_flags & ~PSA_STORAGE_FLAG_WRITE_ONCE) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
+
    return psa_storage_set_impl(kvstore, pid, uid, data_length, p_data, create_flags);
 }

--- a/components/TARGET_PSA/services/storage/ps/COMPONENT_NSPE/protected_storage.cpp
+++ b/components/TARGET_PSA/services/storage/ps/COMPONENT_NSPE/protected_storage.cpp
@ -39,6 +39,7 @@ extern "C"
 #define PSA_PS_GLOBAL_PID        1

 static KVStore *kvstore = NULL;
+static uint32_t def_kvstore_flags = 0;

 MBED_WEAK psa_status_t ps_version_migrate(KVStore *kvstore,
                                          const psa_storage_version_t *old_version, const psa_storage_version_t *new_version)
@ -61,12 +62,18 @@ static void ps_init(void)
    KVMap &kv_map = KVMap::get_instance();
    psa_storage_version_t version = {PSA_PS_API_VERSION_MAJOR, PSA_PS_API_VERSION_MINOR};
    kvstore = kv_map.get_main_kv_instance(STR_EXPAND(MBED_CONF_STORAGE_DEFAULT_KV));
-    if (!kvstore) {
+    KVStore *int_kvstore = kv_map.get_internal_kv_instance(STR_EXPAND(MBED_CONF_STORAGE_DEFAULT_KV));;
+    if (!kvstore || !int_kvstore) {
        // Can only happen due to system misconfiguration.
        // Thus considered as unrecoverable error for runtime.
        error("Failed getting kvstore instance\n");
    }

+    def_kvstore_flags = 0;
+    if (kvstore != int_kvstore) {
+        def_kvstore_flags = KVStore::REQUIRE_CONFIDENTIALITY_FLAG | KVStore::REQUIRE_REPLAY_PROTECTION_FLAG;
+    }
+
    psa_storage_handle_version(kvstore, PS_VERSION_KEY, &version, ps_version_migrate);
 }

@ -83,7 +90,16 @@ psa_status_t psa_ps_set(psa_storage_uid_t uid, uint32_t data_length, const void
        ps_init();
    }

-    return psa_storage_set_impl(kvstore, PSA_PS_GLOBAL_PID, uid, data_length, p_data, create_flags);
+    if (create_flags & ~PSA_STORAGE_FLAG_WRITE_ONCE) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
+
+    uint32_t kv_create_flags = def_kvstore_flags;
+    if (create_flags & PSA_STORAGE_FLAG_WRITE_ONCE) {
+        kv_create_flags |= KVStore::WRITE_ONCE_FLAG;
+    }
+
+    return psa_storage_set_impl(kvstore, PSA_PS_GLOBAL_PID, uid, data_length, p_data, kv_create_flags);
 }

 psa_status_t psa_ps_get(psa_storage_uid_t uid, uint32_t data_offset, uint32_t data_length, void *p_data)