Refactor Mbed PSA service code base

The Mbed OS PSA services is moved to
features/FEATURE_PSA/TARGET_MBED_PSA_SRV.

Removed PSA_SRV_IMPL, PSA_SRV_EMUL and NSPE.

Added new feature `PSA` to support PSA in Mbed OS.

Created following generic PSA targets:

* `PSA_Target` (Root level PSA target)
* `PSA_V7_M_NSPE` (Single v7-M NSPE generic target)
* `PSA_V7_M_SPE` (Single v7-M SPE generic target)
* `PSA_DUAL_V7_M_NSPE` (Dual v7-M NSPE generic target)
* `PSA_DUAL_V7_M_SPE` (Dual v7-M SPE generic target)
* `PSA_V8_M_NSPE` (v8-M NSPE generic target)
* `PSA_V8_M_SPE` (v8-M SPE generic target)

Added document features/FEATURE_PSA/supporting_psa_in_mbed-os.md which
describes PSA support in Mbed OS.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

LICENSE.md

@@ -5,11 +5,11 @@ Folders containing files under different permissive license than Apache 2.0 are
 
 - [cmsis](./cmsis) - MIT, BSD-3-Clause
 - [components/802.15.4_RF/mcr20a-rf-driver](./components/802.15.4_RF/mcr20a-rf-driver) - BSD-3-Clause
-- [components/TARGET_PSA/TARGET_TFM](./components/TARGET_PSA/TARGET_TFM) - BSD-3-Clause
-- [components/TARGET_PSA/TARGET_PSA/services/attestation](./components/TARGET_PSA/services/attestation) - BSD-3-Clause
 - [features/cryptocell/FEATURE_CRYPTOCELL310](./features/cryptocell/FEATURE_CRYPTOCELL310) - ARM Object Code and Header Files License
 - [features/FEATURE_BOOTLOADER](./features/FEATURE_BOOTLOADER) - PBL
 - [features/FEATURE_BLE/targets](./features/FEATURE_BLE/targets) - BSD-style, PBL, MIT-style
+- [features/FEATURE_PSA/FEATURE_TFM](./features/FEATURE_PSA/FEATURE_TFM) - BSD-3-Clause
+- [features/FEATURE_PSA/FEATURE_MBED_PSA_SRV/services/attestation](./features/FEATURE_PSA/FEATURE_MBED_PSA_SRV/services/attestation) - BSD-3-Clause
 - [features/lorawan](./features/lorawan) - Revised BSD
 - [features/lwipstack](./features/lwipstack) - BSD-style, MIT-style
 - [features/nanostack/sal-stack-nanostack](./features/nanostack/sal-stack-nanostack) - BSD-3-Clause

TESTS/mbed-crypto/sanity/main.cpp

@@ -15,12 +15,11 @@
  * limitations under the License.
  */
 
-#include "psa/crypto.h"
-
-#if ((!defined(TARGET_PSA)) || (!defined(MBEDTLS_PSA_CRYPTO_C)))
+#if ((!defined(FEATURE_PSA)) || (!defined(MBEDTLS_PSA_CRYPTO_C)))
 #error [NOT_SUPPORTED] Mbed Crypto is OFF - skipping.
 #else
 
+#include "psa/crypto.h"
 #include <stdio.h>
 #include "mbed.h"
 #include "greentea-client/test_env.h"

TESTS/mbed_hal/trng/main.cpp

@@ -69,7 +69,7 @@
 
 using namespace utest::v1;
 
-#if (defined(TARGET_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C))
+#if (defined(FEATURE_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C))
 #include "entropy.h"
 #include "entropy_poll.h"
 #include "crypto.h"
@@ -94,7 +94,7 @@ void inject_entropy_for_psa()
         mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE);
     }
 }
-#endif // (defined(TARGET_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C))
+#endif // (defined(FEATURE_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C))
 
 static int fill_buffer_trng(uint8_t *buffer, trng_t *trng_obj, size_t trng_len)
 {
@@ -275,7 +275,7 @@ int main()
 #if defined(MBEDTLS_PLATFORM_C)
     ret = mbedtls_platform_setup(NULL);
 #endif /* MBEDTLS_PLATFORM_C */
-#if (defined(TARGET_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C))
+#if (defined(FEATURE_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C))
     inject_entropy_for_psa();
 #endif
     ret = !Harness::run(specification);

TESTS/mbedtls/selftest/main.cpp

@@ -86,7 +86,7 @@ Case cases[] = {
 #endif /* MBEDTLS_SELF_TEST */
 };
 
-#if (defined(MBEDTLS_ENTROPY_C) && defined(TARGET_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C))
+#if (defined(MBEDTLS_ENTROPY_C) && defined(FEATURE_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C))
 #include "crypto.h"
 #if !defined(MAX)
 #define MAX(a,b) (((a)>(b))?(a):(b))
@@ -109,7 +109,7 @@ void inject_entropy_for_psa()
         mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE);
     }
 }
-#endif // (defined(MBEDTLS_ENTROPY_C) && defined(TARGET_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C))
+#endif // (defined(MBEDTLS_ENTROPY_C) && defined(FEATURE_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C))
 
 
 utest::v1::status_t test_setup(const size_t num_cases)
@@ -130,7 +130,7 @@ int main()
     }
 #endif
 
-#if (defined(MBEDTLS_ENTROPY_C) && defined(TARGET_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C))
+#if (defined(MBEDTLS_ENTROPY_C) && defined(FEATURE_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C))
     inject_entropy_for_psa();
 #endif
 

cmsis/TARGET_CORTEX_M/mbed_tz_context.c

@@ -22,7 +22,7 @@
  * limitations under the License.
  */
 
-#if !TARGET_TFM
+#if !FEATURE_TFM
 
 #if defined (__ARM_FEATURE_CMSE) &&  (__ARM_FEATURE_CMSE == 3U)
 
@@ -204,4 +204,4 @@ uint32_t TZ_StoreContext_S (TZ_MemoryId_t id) {
 }
 #endif
 
-#endif // !TARGET_TFM
+#endif // !FEATURE_TFM

components/TARGET_PSA/inc/psa_manifest/sid.h

@@ -1,23 +0,0 @@
-/* Copyright (c) 2017-2018 ARM Limited
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef __SID_H__
-#define __SID_H__
-
-#include "autogen_sid.h"
-
-#endif  // __SID_H__

components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_attest_inject_key.c

@@ -1,55 +0,0 @@
-/*
-* Copyright (c) 2018-2019 ARM Limited. All rights reserved.
-*
-* SPDX-License-Identifier: Apache-2.0
-*
-* Licensed under the Apache License, Version 2.0 (the License); you may
-* not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an AS IS BASIS, WITHOUT
-* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-
-#include "psa_attest_inject_key.h"
-#include "psa/crypto.h"
-#include "psa/client.h"
-#include "psa_manifest/sid.h"
-
-#define MINOR_VER 1
-
-psa_status_t
-psa_attestation_inject_key(const uint8_t *key_data,
-                           size_t key_data_length,
-                           psa_key_type_t type,
-                           uint8_t *public_key_data,
-                           size_t public_key_data_size,
-                           size_t *public_key_data_length)
-{
-    psa_handle_t handle = PSA_NULL_HANDLE;
-    psa_status_t call_error = PSA_SUCCESS;
-    psa_invec in_vec[2] = {
-        { &type, sizeof(type) },
-        { key_data, key_data_length }
-    };
-
-    psa_outvec out_vec[2] = {
-        { public_key_data, public_key_data_size },
-        { public_key_data_length, sizeof(*public_key_data_length) }
-    };
-
-    handle = psa_connect(PSA_ATTEST_INJECT_KEY_ID, MINOR_VER);
-    if (handle <= 0) {
-        return (PSA_ERROR_COMMUNICATION_FAILURE);
-    }
-
-    call_error = psa_call(handle, in_vec, 2, out_vec, 2);
-
-    psa_close(handle);
-    return call_error;
-}

components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_initial_attestation_api.c

@@ -1,79 +0,0 @@
-/*
-* Copyright (c) 2018-2019 ARM Limited. All rights reserved.
-*
-* SPDX-License-Identifier: Apache-2.0
-*
-* Licensed under the Apache License, Version 2.0 (the License); you may
-* not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an AS IS BASIS, WITHOUT
-* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-
-#include "psa_initial_attestation_api.h"
-#include "psa/crypto.h"
-#include "psa/client.h"
-#include "attestation.h"
-#include <string.h>
-#include "psa_manifest/sid.h"
-
-#define MINOR_VER 1
-
-enum psa_attest_err_t
-psa_initial_attest_get_token(const uint8_t *challenge_obj,
-                             uint32_t       challenge_size,
-                             uint8_t       *token,
-                             uint32_t      *token_size) {
-    psa_status_t err_call;
-    psa_handle_t handle = PSA_NULL_HANDLE;
-
-    psa_invec in_vec[1] = { { challenge_obj, challenge_size } };
-    psa_outvec out_vec[1] = { { token, *token_size } };
-
-    handle = psa_connect(PSA_ATTEST_GET_TOKEN_ID, MINOR_VER);
-    if (handle <= 0)
-    {
-        return (PSA_ATTEST_ERR_GENERAL);
-    }
-
-    err_call = psa_call(handle, in_vec, 1, out_vec, 1);
-    psa_close(handle);
-
-    if (err_call < 0)
-    {
-        err_call = PSA_ATTEST_ERR_GENERAL;
-    }
-
-    return ((enum psa_attest_err_t) err_call);
-}
-
-enum psa_attest_err_t
-psa_initial_attest_get_token_size(uint32_t  challenge_size,
-                                  uint32_t *token_size) {
-    psa_status_t err_call;
-    psa_handle_t handle = PSA_NULL_HANDLE;
-    psa_invec in_vec[1] = { { &challenge_size, sizeof(uint32_t) } };
-    psa_outvec out_vec[1] = { { token_size, sizeof(uint32_t) } };
-
-    handle = psa_connect(PSA_ATTEST_GET_TOKEN_SIZE_ID, MINOR_VER);
-    if (handle <= 0)
-    {
-        return (PSA_ATTEST_ERR_GENERAL);
-    }
-
-    err_call = psa_call(handle, in_vec, 1, out_vec, 1);
-    psa_close(handle);
-
-    if (err_call < 0)
-    {
-        err_call = PSA_ATTEST_ERR_GENERAL;
-    }
-
-    return ((enum psa_attest_err_t) err_call);
-}

components/TARGET_PSA/services/attestation/COMPONENT_SPE/psa_attestation_partition.c

@@ -1,253 +0,0 @@
-/*
-* Copyright (c) 2018-2019 ARM Limited. All rights reserved.
-*
-* SPDX-License-Identifier: Apache-2.0
-*
-* Licensed under the Apache License, Version 2.0 (the License); you may
-* not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an AS IS BASIS, WITHOUT
-* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-
-// ---------------------------------- Includes ---------------------------------
-#include "psa/client.h"
-#include "psa/service.h"
-
-#include "mbed_spm_partitions.h"
-#include "psa_initial_attestation_api.h"
-#include "psa_attest_inject_key.h"
-#include "psa_inject_attestation_key_impl.h"
-#include "attestation.h"
-#include <stdlib.h>
-#include <string.h>
-#include "psa/crypto.h"
-
-int32_t g_caller_id = 0;
-
-static void set_caller_id(psa_msg_t *msg)
-{
-    g_caller_id = msg->client_id;
-}
-
-// ------------------------- Partition's Main Thread ---------------------------
-
-static void psa_attest_get_token(void)
-{
-    psa_msg_t msg = { 0 };
-    enum psa_attest_err_t status = PSA_ATTEST_ERR_SUCCESS;
-
-    if (PSA_SUCCESS != psa_get(PSA_ATTEST_GET_TOKEN, &msg)) {
-        return;
-    }
-    switch (msg.type) {
-        case PSA_IPC_CONNECT:
-        case PSA_IPC_DISCONNECT: {
-            break;
-        }
-        case PSA_IPC_CALL: {
-            uint8_t *challenge_buff = NULL;
-            uint8_t *token_buff = NULL;
-            uint32_t bytes_read = 0;
-
-            challenge_buff = calloc(1, msg.in_size[0]);
-            if (challenge_buff == NULL) {
-                status = PSA_ATTEST_ERR_GENERAL;
-                break;
-            }
-            bytes_read = psa_read(msg.handle, 0,
-                                  challenge_buff, msg.in_size[0]);
-            if (bytes_read != msg.in_size[0]) {
-                free(challenge_buff);
-                SPM_PANIC("SPM read length mismatch");
-            }
-
-            token_buff = calloc(1, msg.out_size[0]);
-            if (token_buff == NULL) {
-                status = PSA_ATTEST_ERR_GENERAL;
-                free(challenge_buff);
-                break;
-            }
-
-            psa_invec in_vec[1] = { { challenge_buff, msg.in_size[0] } };
-            psa_outvec out_vec[1] = { { token_buff, msg.out_size[0] } };
-
-            status = attest_init();
-            if (status != PSA_ATTEST_ERR_SUCCESS) {
-                free(challenge_buff);
-                free(token_buff);
-                break;
-            }
-
-            set_caller_id(&msg);
-            status = initial_attest_get_token(in_vec, 1, out_vec, 1);
-            if (status == PSA_ATTEST_ERR_SUCCESS) {
-                psa_write(msg.handle, 0, out_vec[0].base, out_vec[0].len);
-            }
-
-            free(challenge_buff);
-            free(token_buff);
-            break;
-        }
-
-        default: {
-            SPM_PANIC("Unexpected message type %d!", (int)(msg.type));
-            break;
-        }
-    }
-
-    psa_reply(msg.handle, status);
-}
-
-static void psa_attest_get_token_size(void)
-{
-    psa_msg_t msg = { 0 };
-    enum psa_attest_err_t status = PSA_ATTEST_ERR_SUCCESS;
-
-    if (PSA_SUCCESS != psa_get(PSA_ATTEST_GET_TOKEN_SIZE, &msg)) {
-        return;
-    }
-    switch (msg.type) {
-        case PSA_IPC_CONNECT:
-        case PSA_IPC_DISCONNECT: {
-            break;
-        }
-        case PSA_IPC_CALL: {
-            uint32_t challenge_size;
-            uint32_t token_size;
-            uint32_t bytes_read = 0;
-
-            bytes_read = psa_read(msg.handle, 0,
-                                  &challenge_size, msg.in_size[0]);
-            if (bytes_read != msg.in_size[0]) {
-                SPM_PANIC("SPM read length mismatch");
-            }
-
-            psa_invec in_vec[1] = { { &challenge_size, msg.in_size[0] } };
-            psa_outvec out_vec[1] = { { &token_size, msg.out_size[0] } };
-
-            status = attest_init();
-            if (status != PSA_ATTEST_ERR_SUCCESS) {
-                break;
-            }
-
-            set_caller_id(&msg);
-            status = initial_attest_get_token_size(in_vec, 1, out_vec, 1);
-            if (status == PSA_ATTEST_ERR_SUCCESS) {
-                psa_write(msg.handle, 0, out_vec[0].base, out_vec[0].len);
-            }
-
-            break;
-        }
-
-        default: {
-            SPM_PANIC("Unexpected message type %d!", (int)(msg.type));
-            break;
-        }
-    }
-
-    psa_reply(msg.handle, status);
-}
-
-static void psa_attest_inject_key(void)
-{
-    psa_msg_t msg = { 0 };
-    psa_status_t status = PSA_SUCCESS;
-
-    if (PSA_SUCCESS != psa_get(PSA_ATTEST_INJECT_KEY, &msg)) {
-        return;
-    }
-    switch (msg.type) {
-        case PSA_IPC_CONNECT:
-        case PSA_IPC_DISCONNECT: {
-            break;
-        }
-        case PSA_IPC_CALL: {
-            uint8_t *public_key_data = NULL;
-            size_t public_key_data_length = 0;
-            uint8_t *key_data = NULL;
-            psa_key_type_t type;
-            uint32_t bytes_read = 0;
-
-            if (msg.in_size[0] != sizeof(psa_key_type_t)) {
-                status = PSA_ERROR_INVALID_ARGUMENT;
-                break;
-            }
-
-            bytes_read = psa_read(msg.handle, 0, &type, msg.in_size[0]);
-            if (bytes_read != msg.in_size[0]) {
-                SPM_PANIC("SPM read length mismatch");
-            }
-
-            public_key_data = calloc(1, msg.out_size[0]);
-            if (public_key_data == NULL) {
-                status = PSA_ERROR_INSUFFICIENT_MEMORY;
-                break;
-            }
-            if (msg.in_size[1] != 0) {
-                key_data = calloc(1, msg.in_size[1]);
-                if (key_data == NULL) {
-                    status = PSA_ERROR_INSUFFICIENT_MEMORY;
-                    free(public_key_data);
-                    break;
-                }
-
-                bytes_read = psa_read(msg.handle, 1,
-                                      key_data, msg.in_size[1]);
-                if (bytes_read != msg.in_size[1]) {
-                    free(public_key_data);
-                    free(key_data);
-                    SPM_PANIC("SPM read length mismatch");
-                }
-            }
-            status = psa_attestation_inject_key_impl(key_data,
-                                                     msg.in_size[1],
-                                                     type,
-                                                     public_key_data,
-                                                     msg.out_size[0],
-                                                     &public_key_data_length);
-
-            if (status == PSA_SUCCESS) {
-                psa_write(msg.handle, 0, public_key_data, public_key_data_length);
-            }
-
-            psa_write(msg.handle, 1,
-                      &public_key_data_length, sizeof(public_key_data_length));
-            free(public_key_data);
-            if (key_data != NULL) {
-                free(key_data);
-            }
-            break;
-
-        }
-
-        default: {
-            SPM_PANIC("Unexpected message type %d!", (int)(msg.type));
-            break;
-        }
-    }
-
-    psa_reply(msg.handle, status);
-}
-
-void attest_main(void *ptr)
-{
-    while (1) {
-        uint32_t signals = psa_wait(ATTEST_SRV_WAIT_ANY_SID_MSK, PSA_BLOCK);
-        if (signals & PSA_ATTEST_GET_TOKEN) {
-            psa_attest_get_token();
-        }
-        if (signals & PSA_ATTEST_GET_TOKEN_SIZE) {
-            psa_attest_get_token_size();
-        }
-        if (signals & PSA_ATTEST_INJECT_KEY) {
-            psa_attest_inject_key();
-        }
-    }
-}

components/TARGET_PSA/services/attestation/attestation_partition_psa.json

@@ -1,47 +0,0 @@
-{
-  "name": "ATTEST_SRV",
-  "type": "APPLICATION-ROT",
-  "priority": "NORMAL",
-  "id": "0x00000025",
-  "entry_point": "attest_main",
-  "stack_size": "0x2000",
-  "heap_size": "0x2000",
-  "services": [
-    {
-      "name": "PSA_ATTEST_GET_TOKEN_ID",
-      "identifier": "0x00000F10",
-      "signal": "PSA_ATTEST_GET_TOKEN",
-      "non_secure_clients": true,
-      "minor_version": 1,
-      "minor_policy": "STRICT"
-    },
-    {
-      "name": "PSA_ATTEST_GET_TOKEN_SIZE_ID",
-      "identifier": "0x00000F11",
-      "signal": "PSA_ATTEST_GET_TOKEN_SIZE",
-      "non_secure_clients": true,
-      "minor_version": 1,
-      "minor_policy": "STRICT"
-    },
-    {
-      "name": "PSA_ATTEST_INJECT_KEY_ID",
-      "identifier": "0x00000F12",
-      "signal": "PSA_ATTEST_INJECT_KEY",
-      "non_secure_clients": true,
-      "minor_version": 1,
-      "minor_policy": "STRICT"
-    }
-  ],
-  "extern_sids": [
-    "PSA_CRYPTO_INIT_ID",
-    "PSA_HASH_ID",
-    "PSA_ASYMMETRIC_ID",
-    "PSA_KEY_MNG_ID",
-    "PSA_CRYPTO_FREE_ID",
-    "PSA_KEY_DERIVATION_ID",
-    "PSA_PLATFORM_LC_GET"
-  ],
-  "source_files": [
-    "COMPONENT_SPE/psa_attestation_partition.c"
-  ]
-}

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h

@@ -1,179 +0,0 @@
-/**
- * \file psa/crypto_platform_spe.h
- *
- * \brief PSA cryptography module: Mbed TLS platfom definitions
- */
-/*
- *  Copyright (C) 2018, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef PSA_CRYPTO_SPE_PLATFORM_H
-#define PSA_CRYPTO_SPE_PLATFORM_H
-
-/* Include the Mbed TLS configuration file, the way Mbed TLS does it
- * in each of its header files. */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "../mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-/** \defgroup PSA Crypto APIs
-* @{
-*/
-
-/** \brief psa_s_function_t enum defines for all the available functions in PSA Crypto. */
-typedef enum psa_sec_function_s {
-    PSA_CRYPTO_INVALID,
-    PSA_GET_KEY_ATTRIBUTES,
-    PSA_OPEN_KEY,
-    PSA_CLOSE_KEY,
-    PSA_IMPORT_KEY,
-    PSA_DESTROY_KEY,
-    PSA_EXPORT_KEY,
-    PSA_EXPORT_PUBLIC_KEY,
-    PSA_COPY_KEY,
-    PSA_HASH_COMPUTE,
-    PSA_HASH_COMPARE,
-    PSA_HASH_SETUP,
-    PSA_HASH_UPDATE,
-    PSA_HASH_FINISH,
-    PSA_HASH_VERIFY,
-    PSA_HASH_ABORT,
-    PSA_HASH_CLONE,
-    PSA_HASH_CLONE_BEGIN,
-    PSA_HASH_CLONE_END,
-    PSA_MAC_COMPUTE,
-    PSA_MAC_VERIFY,
-    PSA_MAC_SIGN_SETUP,
-    PSA_MAC_VERIFY_SETUP,
-    PSA_MAC_UPDATE,
-    PSA_MAC_SIGN_FINISH,
-    PSA_MAC_VERIFY_FINISH,
-    PSA_MAC_ABORT,
-    PSA_CIPHER_ENCRYPT,
-    PSA_CIPHER_DECRYPT,
-    PSA_CIPHER_ENCRYPT_SETUP,
-    PSA_CIPHER_DECRYPT_SETUP,
-    PSA_CIPHER_GENERATE_IV,
-    PSA_CIPHER_SET_IV,
-    PSA_CIPHER_UPDATE,
-    PSA_CIPHER_FINISH,
-    PSA_CIPHER_ABORT,
-    PSA_AEAD_ENCRYPT,
-    PSA_AEAD_DECRYPT,
-    PSA_AEAD_ENCRYPT_SETUP,
-    PSA_AEAD_DECRYPT_SETUP,
-    PSA_AEAD_GENERATE_NONCE,
-    PSA_AEAD_SET_NONCE,
-    PSA_AEAD_SET_LENGTHS,
-    PSA_AEAD_UPDATE_AD,
-    PSA_AEAD_UPDATE,
-    PSA_AEAD_FINISH,
-    PSA_AEAD_VERIFY,
-    PSA_AEAD_ABORT,
-    PSA_ASYMMETRIC_SIGN,
-    PSA_ASYMMETRIC_VERIFY,
-    PSA_ASYMMETRIC_ENCRYPT,
-    PSA_ASYMMETRIC_DECRYPT,
-    PSA_KEY_DERIVATION_SETUP,
-    PSA_KEY_DERIVATION_GET_CAPACITY,
-    PSA_KEY_DERIVATION_SET_CAPACITY,
-    PSA_KEY_DERIVATION_INPUT_BYTES,
-    PSA_KEY_DERIVATION_INPUT_KEY,
-    PSA_KEY_DERIVATION_KEY_AGREEMENT,
-    PSA_KEY_DERIVATION_OUTPUT_BYTES,
-    PSA_KEY_DERIVATION_OUTPUT_KEY,
-    PSA_KEY_DERIVATION_ABORT,
-    PSA_RAW_KEY_AGREEMENT,
-    PSA_GENERATE_RANDOM,
-    PSA_GENERATE_KEY,
-} psa_sec_function_t;
-
-/**@}*/
-
-/** \defgroup PSA Crypto structures for IPC
-* @{
-*/
-
-/** psa_crypto_ipc_s struct used for some of the
- * PSA Crypto APIs that need psa_key_handle_t and psa_algorithm_t arguments
- * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
- * pack them together.
- */
-typedef struct psa_crypto_ipc_s {
-    psa_sec_function_t func;
-    psa_key_handle_t handle;
-    psa_algorithm_t alg;
-} psa_crypto_ipc_t;
-
-/** psa_crypto_derivation_ipc_s struct used for some of the
- * PSA Crypto APIs that need psa_key_handle_t and psa_algorithm_t arguments
- * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
- * pack them together.
- */
-typedef struct psa_crypto_derivation_ipc_s {
-    psa_sec_function_t func;
-    psa_key_handle_t handle;
-    psa_algorithm_t alg;
-    size_t capacity;
-} psa_crypto_derivation_ipc_t;
-
-/** psa_key_mng_ipc_s struct used for some of the
- * PSA Crypto APIs that need psa_key_handle_t and psa_algorithm_t arguments
- * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
- * pack them together.
- */
-typedef struct psa_key_mng_ipc_s {
-    psa_key_handle_t handle;
-    psa_sec_function_t func;
-} psa_key_mng_ipc_t;
-
-/** psa_crypto_ipc_aead_s struct used for AEAD integrated
- * PSA Crypto APIs that need psa_key_handle_t and psa_algorithm_t and extra arguments
- * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
- * pack them together.
- */
-// Max length supported for nonce is 16 bytes.
-#define PSA_AEAD_MAX_NONCE_SIZE 16
-typedef struct psa_crypto_ipc_aead_s {
-    psa_sec_function_t func;
-    psa_key_handle_t handle;
-    psa_algorithm_t alg;
-    uint16_t nonce_size;
-    size_t additional_data_length;
-    size_t input_length;
-    uint8_t nonce[PSA_AEAD_MAX_NONCE_SIZE];
-} psa_crypto_ipc_aead_t;
-
-/** psa_crypto_ipc_asymmetric_s struct used for asymmetric
- * PSA Crypto APIs that need psa_key_handle_t and psa_algorithm_t arguments
- * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
- * pack them together.
- */
-typedef struct psa_crypto_ipc_asymmetric_s {
-    psa_sec_function_t func;
-    psa_key_handle_t handle;
-    psa_algorithm_t alg;
-    size_t input_length;
-    size_t salt_length;
-} psa_crypto_ipc_asymmetric_t;
-
-/**@}*/
-
-#endif /* PSA_CRYPTO_SPE_PLATFORM_H */

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct.h

@@ -1,6 +0,0 @@
-#ifdef PSA_CRYPTO_SECURE
-#include "crypto_struct_spe.h"
-#else
-#include "crypto_struct_ipc.h"
-#endif
-

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct_ipc.h

@@ -1,318 +0,0 @@
-/**
- * \file psa/crypto_struct.h
- *
- * \brief PSA cryptography module: Mbed TLS structured type implementations
- *
- * \note This file may not be included directly. Applications must
- * include psa/crypto.h.
- *
- * This file contains the definitions of some data structures with
- * implementation-specific definitions.
- *
- * In implementations with isolation between the application and the
- * cryptography module, it is expected that the front-end and the back-end
- * would have different versions of this file.
- *
- * <h3>Design notes about multipart operation structures</h3>
- *
- * Each multipart operation structure contains a `psa_algorithm_t alg`
- * field which indicates which specific algorithm the structure is for.
- * When the structure is not in use, `alg` is 0. Most of the structure
- * consists of a union which is discriminated by `alg`.
- *
- * Note that when `alg` is 0, the content of other fields is undefined.
- * In particular, it is not guaranteed that a freshly-initialized structure
- * is all-zero: we initialize structures to something like `{0, 0}`, which
- * is only guaranteed to initializes the first member of the union;
- * GCC and Clang initialize the whole structure to 0 (at the time of writing),
- * but MSVC and CompCert don't.
- *
- * In Mbed Crypto, multipart operation structures live independently from
- * the key. This allows Mbed Crypto to free the key objects when destroying
- * a key slot. If a multipart operation needs to remember the key after
- * the setup function returns, the operation structure needs to contain a
- * copy of the key.
- */
-/*
- *  Copyright (C) 2018, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef PSA_CRYPTO_STRUCT_H
-#define PSA_CRYPTO_STRUCT_H
-
-#include "psa/client.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct psa_hash_operation_s {
-    psa_handle_t handle;
-};
-
-#define PSA_HASH_OPERATION_INIT { PSA_NULL_HANDLE }
-static inline struct psa_hash_operation_s psa_hash_operation_init( void )
-{
-    const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
-    return( v );
-}
-
-struct psa_mac_operation_s
-{
-    psa_handle_t handle;
-};
-
-#define PSA_MAC_OPERATION_INIT { PSA_NULL_HANDLE }
-static inline struct psa_mac_operation_s psa_mac_operation_init( void )
-{
-    const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
-    return( v );
-}
-
-struct psa_cipher_operation_s
-{
-    psa_handle_t handle;
-};
-
-#define PSA_CIPHER_OPERATION_INIT { PSA_NULL_HANDLE }
-static inline struct psa_cipher_operation_s psa_cipher_operation_init( void )
-{
-    const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
-    return( v );
-}
-
-struct psa_aead_operation_s
-{
-    psa_handle_t handle;
-};
-
-#define PSA_AEAD_OPERATION_INIT { PSA_NULL_HANDLE }
-static inline struct psa_aead_operation_s psa_aead_operation_init( void )
-{
-    const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
-    return( v );
-}
-
-struct psa_key_derivation_s
-{
-    psa_handle_t handle;
-};
-
-/* This only zeroes out the first byte in the union, the rest is unspecified. */
-#define PSA_KEY_DERIVATION_OPERATION_INIT { PSA_NULL_HANDLE }
-static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void )
-{
-    const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;
-    return( v );
-}
-
-struct psa_key_policy_s
-{
-    psa_key_usage_t usage;
-    psa_algorithm_t alg;
-    psa_algorithm_t alg2;
-};
-typedef struct psa_key_policy_s psa_key_policy_t;
-
-#define PSA_KEY_POLICY_INIT {0, 0, 0}
-static inline struct psa_key_policy_s psa_key_policy_init( void )
-{
-    const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
-    return( v );
-}
-
-/* The type used internally for key sizes.
- * Public interfaces use size_t, but internally we use a smaller type. */
-typedef uint16_t psa_key_bits_t;
-/* The maximum value of the type used to represent bit-sizes.
- * This is used to mark an invalid key size. */
-#define PSA_KEY_BITS_TOO_LARGE ( (psa_key_bits_t) ( -1 ) )
-/* The maximum size of a key in bits.
- * Currently defined as the maximum that can be represented, rounded down
- * to a whole number of bytes.
- * This is an uncast value so that it can be used in preprocessor
- * conditionals. */
-#define PSA_MAX_KEY_BITS 0xfff8
-
-/** A mask of flags that can be stored in key attributes.
- *
- * This type is also used internally to store flags in slots. Internal
- * flags are defined in library/psa_crypto_core.h. Internal flags may have
- * the same value as external flags if they are properly handled during
- * key creation and in psa_get_key_attributes.
- */
-typedef uint16_t psa_key_attributes_flag_t;
-
-#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER     \
-    ( (psa_key_attributes_flag_t) 0x0001 )
-
-/* A mask of key attribute flags used externally only.
- * Only meant for internal checks inside the library. */
-#define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY (      \
-        MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER |    \
-        0 )
-
-/* A mask of key attribute flags used both internally and externally.
- * Currently there aren't any. */
-#define MBEDTLS_PSA_KA_MASK_DUAL_USE (          \
-        0 )
-
-typedef struct
-{
-    psa_key_type_t type;
-    psa_key_lifetime_t lifetime;
-    psa_key_id_t id;
-    psa_key_policy_t policy;
-    psa_key_bits_t bits;
-    psa_key_attributes_flag_t flags;
-} psa_core_key_attributes_t;
-
-#define PSA_CORE_KEY_ATTRIBUTES_INIT {0, 0, PSA_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0, 0}
-
-struct psa_key_attributes_s
-{
-    psa_core_key_attributes_t core;
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    psa_key_slot_number_t slot_number;
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-    void *domain_parameters;
-    size_t domain_parameters_size;
-};
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0}
-#else
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0}
-#endif
-
-static inline struct psa_key_attributes_s psa_key_attributes_init( void )
-{
-    const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
-    return( v );
-}
-
-static inline void psa_set_key_id(psa_key_attributes_t *attributes,
-                                  psa_key_id_t id)
-{
-    attributes->core.id = id;
-    if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE )
-        attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
-}
-
-static inline psa_key_id_t psa_get_key_id(
-    const psa_key_attributes_t *attributes)
-{
-    return( attributes->core.id );
-}
-
-static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
-                                        psa_key_lifetime_t lifetime)
-{
-    attributes->core.lifetime = lifetime;
-    if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
-    {
-#ifdef MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
-        attributes->core.id.key_id = 0;
-        attributes->core.id.owner = 0;
-#else
-        attributes->core.id = 0;
-#endif
-    }
-}
-
-static inline psa_key_lifetime_t psa_get_key_lifetime(
-    const psa_key_attributes_t *attributes)
-{
-    return( attributes->core.lifetime );
-}
-
-static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
-                                           psa_key_usage_t usage_flags)
-{
-    attributes->core.policy.usage = usage_flags;
-}
-
-static inline psa_key_usage_t psa_get_key_usage_flags(
-    const psa_key_attributes_t *attributes)
-{
-    return( attributes->core.policy.usage );
-}
-
-static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
-                                         psa_algorithm_t alg)
-{
-    attributes->core.policy.alg = alg;
-}
-
-static inline psa_algorithm_t psa_get_key_algorithm(
-    const psa_key_attributes_t *attributes)
-{
-    return( attributes->core.policy.alg );
-}
-
-/* This function is declared in crypto_extra.h, which comes after this
- * header file, but we need the function here, so repeat the declaration. */
-psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
-                                           psa_key_type_t type,
-                                           const uint8_t *data,
-                                           size_t data_length);
-
-static inline void psa_set_key_type(psa_key_attributes_t *attributes,
-                                    psa_key_type_t type)
-{
-    if( attributes->domain_parameters == NULL )
-    {
-        /* Common case: quick path */
-        attributes->core.type = type;
-    }
-    else
-    {
-        /* Call the bigger function to free the old domain paramteres.
-         * Ignore any errors which may arise due to type requiring
-         * non-default domain parameters, since this function can't
-         * report errors. */
-        (void) psa_set_key_domain_parameters( attributes, type, NULL, 0 );
-    }
-}
-
-static inline psa_key_type_t psa_get_key_type(
-    const psa_key_attributes_t *attributes)
-{
-    return( attributes->core.type );
-}
-
-static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
-                                    size_t bits)
-{
-    if( bits > PSA_MAX_KEY_BITS )
-        attributes->core.bits = PSA_KEY_BITS_TOO_LARGE;
-    else
-        attributes->core.bits = (psa_key_bits_t) bits;
-}
-
-static inline size_t psa_get_key_bits(
-    const psa_key_attributes_t *attributes)
-{
-    return( attributes->core.bits );
-}
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* PSA_CRYPTO_STRUCT_H */

components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h

@@ -1,96 +0,0 @@
-/**
- * \file psa/crypto_spe.h
- * \brief Platform Security Architecture cryptography module
- */
-
-#ifndef PSA_CRYPTO_SPE_H
-#define PSA_CRYPTO_SPE_H
-
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define psa_crypto_init  psa_sec_crypto_init
-#define psa_get_key_attributes  psa_sec_get_key_attributes
-#define psa_reset_key_attributes psa_sec_reset_key_attributes
-#define psa_open_key  psa_sec_open_key
-#define psa_close_key  psa_sec_close_key
-#define psa_import_key  psa_sec_import_key
-#define psa_destroy_key  psa_sec_destroy_key
-#define psa_export_key  psa_sec_export_key
-#define psa_export_public_key  psa_sec_export_public_key
-#define psa_copy_key psa_sec_copy_key
-#define psa_hash_compute  psa_sec_hash_compute
-#define psa_hash_compare  psa_sec_hash_compare
-#define psa_hash_setup  psa_sec_hash_setup
-#define psa_hash_update  psa_sec_hash_update
-#define psa_hash_finish  psa_sec_hash_finish
-#define psa_hash_verify  psa_sec_hash_verify
-#define psa_hash_abort  psa_sec_hash_abort
-#define psa_hash_clone  psa_sec_hash_clone
-#define psa_mac_compute  psa_sec_mac_compute
-#define psa_mac_verify  psa_sec_mac_verify
-#define psa_mac_sign_setup  psa_sec_mac_sign_setup
-#define psa_mac_verify_setup  psa_sec_mac_verify_setup
-#define psa_mac_update  psa_sec_mac_update
-#define psa_mac_sign_finish  psa_sec_mac_sign_finish
-#define psa_mac_verify_finish  psa_sec_mac_verify_finish
-#define psa_mac_abort  psa_sec_mac_abort
-#define psa_cipher_encrypt  psa_sec_cipher_encrypt
-#define psa_cipher_decrypt  psa_sec_cipher_decrypt
-#define psa_cipher_encrypt_setup  psa_sec_cipher_encrypt_setup
-#define psa_cipher_decrypt_setup  psa_sec_cipher_decrypt_setup
-#define psa_cipher_generate_iv  psa_sec_cipher_generate_iv
-#define psa_cipher_set_iv  psa_sec_cipher_set_iv
-#define psa_cipher_update  psa_sec_cipher_update
-#define psa_cipher_finish  psa_sec_cipher_finish
-#define psa_cipher_abort  psa_sec_cipher_abort
-#define psa_aead_encrypt  psa_sec_aead_encrypt
-#define psa_aead_decrypt  psa_sec_aead_decrypt
-#define psa_aead_encrypt_setup  psa_sec_aead_encrypt_setup
-#define psa_aead_decrypt_setup  psa_sec_aead_decrypt_setup
-#define psa_aead_generate_nonce  psa_sec_aead_generate_nonce
-#define psa_aead_set_nonce  psa_sec_aead_set_nonce
-#define psa_aead_set_lengths  psa_sec_aead_set_lengths
-#define psa_aead_update_ad  psa_sec_aead_update_ad
-#define psa_aead_update  psa_sec_aead_update
-#define psa_aead_finish  psa_sec_aead_finish
-#define psa_aead_verify  psa_sec_aead_verify
-#define psa_aead_abort  psa_sec_aead_abort
-#define psa_asymmetric_sign  psa_sec_asymmetric_sign
-#define psa_asymmetric_verify  psa_sec_asymmetric_verify
-#define psa_asymmetric_encrypt  psa_sec_asymmetric_encrypt
-#define psa_asymmetric_decrypt  psa_sec_asymmetric_decrypt
-#define psa_key_derivation_setup  psa_sec_key_derivation_setup
-#define psa_key_derivation_get_capacity  psa_sec_key_derivation_get_capacity
-#define psa_key_derivation_set_capacity  psa_sec_key_derivation_set_capacity
-#define psa_key_derivation_input_bytes  psa_sec_key_derivation_input_bytes
-#define psa_key_derivation_input_key  psa_sec_key_derivation_input_key
-#define psa_key_derivation_key_agreement  psa_sec_key_derivation_key_agreement
-#define psa_key_derivation_output_bytes  psa_sec_key_derivation_output_bytes
-#define psa_key_derivation_output_key  psa_sec_key_derivation_output_key
-#define psa_key_derivation_abort  psa_sec_key_derivation_abort
-#define psa_raw_key_agreement  psa_sec_raw_key_agreement
-#define psa_generate_random  psa_sec_generate_random
-#define psa_generate_key  psa_sec_generate_key
-
-#define mbedtls_psa_crypto_free  mbedtls_psa_sec_crypto_free
-#define mbedtls_psa_inject_entropy  mbedtls_psa_sec_inject_entropy
-#define psa_set_key_domain_parameters psa_sec_set_key_domain_parameters
-#define psa_get_key_domain_parameters psa_sec_get_key_domain_parameters
-
-#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER 1
-
-#include "crypto.h"
-
-#ifdef __cplusplus
-}
-#endif
-
-/* The file "crypto_extra.h" contains vendor-specific definitions. This
- * can include vendor-defined algorithms, extra functions, etc. */
-#include "crypto_extra.h"
-
-#endif /* PSA_CRYPTO_SPE_H */

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_access_control.c

@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 2019, Arm Limited and affiliates
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <string.h>
-
-#include "psa/client.h"
-#include "psa/service.h"
-#include "psa_crypto_access_control.h"
-#include "psa_crypto_core.h"
-#include "psa_crypto_slot_management.h"
-
-typedef struct psa_crypto_access_control_s {
-    psa_key_handle_t key_handle;
-    int32_t partition_id;
-} psa_crypto_access_control_t;
-
-static psa_crypto_access_control_t crypto_access_control_arr[PSA_KEY_SLOT_COUNT];
-
-static inline void psa_crypto_access_control_reset()
-{
-    memset(crypto_access_control_arr, 0, sizeof(crypto_access_control_arr));
-}
-
-void psa_crypto_access_control_init(void)
-{
-    psa_crypto_access_control_reset();
-}
-
-void psa_crypto_access_control_destroy(void)
-{
-    psa_crypto_access_control_reset();
-}
-
-void psa_crypto_access_control_register_handle(psa_key_handle_t key_handle, int32_t partition_id)
-{
-    for (size_t i = 0; i < PSA_KEY_SLOT_COUNT; i++) {
-        if (crypto_access_control_arr[i].key_handle == 0 &&
-                crypto_access_control_arr[i].partition_id == 0) {
-            crypto_access_control_arr[i].key_handle = key_handle;
-            crypto_access_control_arr[i].partition_id = partition_id;
-            return;
-        }
-    }
-
-    SPM_PANIC("psa_crypto_access_control_register_handle failed");
-}
-
-void psa_crypto_access_control_unregister_handle(psa_key_handle_t key_handle)
-{
-    for (size_t i = 0; i < PSA_KEY_SLOT_COUNT; i++) {
-        if (crypto_access_control_arr[i].key_handle == key_handle) {
-            crypto_access_control_arr[i].key_handle = 0;
-            crypto_access_control_arr[i].partition_id = 0;
-            return;
-        }
-    }
-
-    SPM_PANIC("psa_crypto_access_control_unregister_handle failed");
-}
-
-uint8_t psa_crypto_access_control_is_handle_permitted(psa_key_handle_t key_handle, int32_t partition_id)
-{
-    for (size_t i = 0; i < PSA_KEY_SLOT_COUNT; i++) {
-        if (crypto_access_control_arr[i].key_handle == key_handle &&
-                crypto_access_control_arr[i].partition_id == partition_id) {
-            return 1;
-        }
-    }
-
-    return 0;
-}

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_access_control.h

@@ -1,40 +0,0 @@
-/*
- * Copyright (c) 2019, Arm Limited and affiliates
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_ACCESS_CONTROL_H
-#define PSA_CRYPTO_ACCESS_CONTROL_H
-
-#include <stdint.h>
-
-#include "crypto_platform.h"
-
-/* initialize the module, resets all tracked information */
-void psa_crypto_access_control_init(void);
-
-/* deinitialize the module, resets all tracked information */
-void psa_crypto_access_control_destroy(void);
-
-/* tracks and associates the key_handle with partition_id */
-void psa_crypto_access_control_register_handle(psa_key_handle_t key_handle, int32_t partition_id);
-
-/* removes tracking of the key_handle */
-void psa_crypto_access_control_unregister_handle(psa_key_handle_t key_handle);
-
-/* checks if the key_handle is associated with the partition_id, returns 0 is false otherwise 1 */
-uint8_t psa_crypto_access_control_is_handle_permitted(psa_key_handle_t key_handle, int32_t partition_id);
-
-#endif /* PSA_CRYPTO_ACCESS_CONTROL_H */

components/TARGET_PSA/services/crypto/crypto_partition_psa.json

@@ -1,108 +0,0 @@
-{
-  "name": "CRYPTO_SRV",
-  "type": "APPLICATION-ROT",
-  "priority": "NORMAL",
-  "id": "0x00000023",
-  "entry_point": "crypto_main",
-  "stack_size": "0x4000",
-  "heap_size": "0x400",
-  "services": [
-    {
-      "name": "PSA_CRYPTO_INIT_ID",
-      "identifier": "0x00000F00",
-      "signal": "PSA_CRYPTO_INIT",
-      "non_secure_clients": true,
-      "minor_version": 1,
-      "minor_policy": "STRICT"
-    },
-    {
-      "name": "PSA_MAC_ID",
-      "identifier": "0x00000F01",
-      "signal": "PSA_MAC",
-      "non_secure_clients": true,
-      "minor_version": 1,
-      "minor_policy": "STRICT"
-    },
-    {
-      "name": "PSA_HASH_ID",
-      "identifier": "0x00000F02",
-      "signal": "PSA_HASH",
-      "non_secure_clients": true,
-      "minor_version": 1,
-      "minor_policy": "STRICT"
-    },
-    {
-      "name": "PSA_ASYMMETRIC_ID",
-      "identifier": "0x00000F03",
-      "signal": "PSA_ASYMMETRIC",
-      "non_secure_clients": true,
-      "minor_version": 1,
-      "minor_policy": "STRICT"
-    },
-    {
-      "name": "PSA_SYMMETRIC_ID",
-      "identifier": "0x00000F04",
-      "signal": "PSA_SYMMETRIC",
-      "non_secure_clients": true,
-      "minor_version": 1,
-      "minor_policy": "STRICT"
-    },
-    {
-      "name": "PSA_AEAD_ID",
-      "identifier": "0x00000F05",
-      "signal": "PSA_AEAD",
-      "non_secure_clients": true,
-      "minor_version": 1,
-      "minor_policy": "STRICT"
-    },
-    {
-      "name": "PSA_KEY_MNG_ID",
-      "identifier": "0x00000F06",
-      "signal": "PSA_KEY_MNG",
-      "non_secure_clients": true,
-      "minor_version": 1,
-      "minor_policy": "STRICT"
-    },
-    {
-      "name": "PSA_RNG_ID",
-      "identifier": "0x00000F07",
-      "signal": "PSA_RNG",
-      "non_secure_clients": true,
-      "minor_version": 1,
-      "minor_policy": "STRICT"
-    },
-    {
-      "name": "PSA_CRYPTO_FREE_ID",
-      "identifier": "0x00000F08",
-      "signal": "PSA_CRYPTO_FREE",
-      "non_secure_clients": true,
-      "minor_version": 1,
-      "minor_policy": "STRICT"
-    },
-    {
-      "name": "PSA_KEY_DERIVATION_ID",
-      "identifier": "0x00000F09",
-      "signal": "PSA_KEY_DERIVATION",
-      "non_secure_clients": true,
-      "minor_version": 1,
-      "minor_policy": "STRICT"
-    },
-    {
-      "name": "PSA_ENTROPY_ID",
-      "identifier": "0x00000F0A",
-      "signal": "PSA_ENTROPY_INJECT",
-      "non_secure_clients": true,
-      "minor_version": 1,
-      "minor_policy": "STRICT"
-    }
-  ],
-  "extern_sids": [
-    "PSA_ITS_GET",
-    "PSA_ITS_SET",
-    "PSA_ITS_INFO",
-    "PSA_ITS_REMOVE"
-  ],
-  "source_files": [
-    "COMPONENT_SPE/psa_crypto_partition.c"
-  ]
-}

components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IPC/platform_ipc.c

@@ -1,68 +0,0 @@
-/* Copyright (c) 2019 ARM Limited
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "psa_manifest/sid.h"
-#include "psa/lifecycle.h"
-#include "psa/client.h"
-#include "mbed_toolchain.h"
-#include "mbed_error.h"
-
-uint32_t psa_security_lifecycle_state(void)
-{
-    psa_handle_t conn = psa_connect(PSA_PLATFORM_LC_GET, 1);
-    if (conn <= PSA_NULL_HANDLE) {
-        return PSA_LIFECYCLE_UNKNOWN;
-    }
-
-    uint32_t lc_state = 0;
-    psa_outvec resp[1] = { {&lc_state, sizeof(lc_state)} };
-
-    psa_status_t status = psa_call(conn, NULL, 0, resp, 1);
-    if (status == PSA_DROP_CONNECTION) {
-        lc_state = PSA_LIFECYCLE_UNKNOWN;
-    }
-
-    psa_close(conn);
-
-    return lc_state;
-}
-
-psa_status_t mbed_psa_reboot_and_request_new_security_state(uint32_t new_state)
-{
-    psa_handle_t conn = psa_connect(PSA_PLATFORM_LC_SET, 1);
-    if (conn <= PSA_NULL_HANDLE) {
-        return (psa_status_t) conn;
-    }
-
-    psa_invec msg[1] = {
-        { &new_state, sizeof(new_state) }
-    };
-
-    psa_status_t status = psa_call(conn, msg, 1, NULL, 0);
-
-    psa_close(conn);
-    return status;
-}
-
-void mbed_psa_system_reset(void)
-{
-    psa_handle_t conn = psa_connect(PSA_PLATFORM_SYSTEM_RESET, 1);
-    if (conn > PSA_NULL_HANDLE) {
-        psa_call(conn, NULL, 0, NULL, 0);
-    }
-    error("reset failed - cannot connect to service handle=%ld", conn);
-}

components/TARGET_PSA/services/platform/COMPONENT_SPE/platform_partition.c

@@ -1,106 +0,0 @@
-/* Copyright (c) 2019 ARM Limited
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "mbed_spm_partitions.h"
-#include "platform_srv_impl.h"
-#include "psa/internal_trusted_storage.h"
-#include "psa/service.h"
-
-typedef psa_status_t (*SignalHandler)(psa_msg_t *);
-
-static psa_status_t lifecycle_get(psa_msg_t *msg)
-{
-    uint32_t lc_state;
-
-    if (msg->out_size[0] != sizeof(lc_state)) {
-        return PSA_DROP_CONNECTION;
-    }
-
-    psa_status_t status = psa_platfrom_lifecycle_get_impl(&lc_state);
-    if (status == PSA_SUCCESS) {
-        psa_write(msg->handle, 0, &lc_state, sizeof(lc_state));
-    }
-
-    return status;
-}
-
-static psa_status_t lifecycle_change_request(psa_msg_t *msg)
-{
-    uint32_t lc_state;
-
-    if (msg->in_size[0] != sizeof(lc_state)) {
-        return PSA_DROP_CONNECTION;
-    }
-    if (psa_read(msg->handle, 0, &lc_state, sizeof(lc_state)) != sizeof(lc_state)) {
-        return PSA_DROP_CONNECTION;
-    }
-    return psa_platfrom_lifecycle_change_request_impl(lc_state);
-
-}
-
-static MBED_NORETURN psa_status_t system_reset_request(psa_msg_t *msg)
-{
-    (void)msg;
-    mbed_psa_system_reset_impl();
-}
-
-static void message_handler(psa_msg_t *msg, SignalHandler handler)
-{
-    psa_status_t status = PSA_SUCCESS;
-    switch (msg->type) {
-        case PSA_IPC_CONNECT: //fallthrough
-        case PSA_IPC_DISCONNECT: {
-            break;
-        }
-        case PSA_IPC_CALL: {
-            status = handler(msg);
-            break;
-        }
-        default: {
-            SPM_PANIC("Unexpected message type %lu!", msg->type);
-            break;
-        }
-    }
-    psa_reply(msg->handle, status);
-}
-
-void platform_partition_entry(void *ptr)
-{
-    psa_signal_t signals = 0;
-    psa_msg_t msg = {0};
-    while (1) {
-        signals = psa_wait(PLATFORM_WAIT_ANY_SID_MSK, PSA_BLOCK);
-        if ((signals & PSA_PLATFORM_LC_GET_MSK) != 0) {
-            if (PSA_SUCCESS != psa_get(PSA_PLATFORM_LC_GET_MSK, &msg)) {
-                continue;
-            }
-            message_handler(&msg, lifecycle_get);
-        }
-        if ((signals & PSA_PLATFORM_LC_SET_MSK) != 0) {
-            if (PSA_SUCCESS != psa_get(PSA_PLATFORM_LC_SET_MSK, &msg)) {
-                continue;
-            }
-            message_handler(&msg, lifecycle_change_request);
-        }
-        if ((signals & PSA_PLATFORM_SYSTEM_RESET_MSK) != 0) {
-            if (PSA_SUCCESS != psa_get(PSA_PLATFORM_SYSTEM_RESET_MSK, &msg)) {
-                continue;
-            }
-            message_handler(&msg, system_reset_request);
-        }
-    }
-}

components/TARGET_PSA/services/platform/platform_psa.json

@@ -1,40 +0,0 @@
-{
-    "name": "PLATFORM",
-    "type": "APPLICATION-ROT",
-    "priority": "NORMAL",
-    "id": "0x00000008",
-    "entry_point": "platform_partition_entry",
-    "stack_size": "0x400",
-    "heap_size": "0x400",
-    "services": [{
-        "name": "PSA_PLATFORM_LC_GET",
-        "identifier": "0x00011000",
-        "signal": "PSA_PLATFORM_LC_GET_MSK",
-        "non_secure_clients": true,
-        "minor_version": 1,
-        "minor_policy": "RELAXED"
-      },
-      {
-        "name": "PSA_PLATFORM_LC_SET",
-        "identifier": "0x00011001",
-        "signal": "PSA_PLATFORM_LC_SET_MSK",
-        "non_secure_clients": true,
-        "minor_version": 1,
-        "minor_policy": "RELAXED"
-      },
-      {
-        "name": "PSA_PLATFORM_SYSTEM_RESET",
-        "identifier": "0x00011002",
-        "signal": "PSA_PLATFORM_SYSTEM_RESET_MSK",
-        "non_secure_clients": true,
-        "minor_version": 1,
-        "minor_policy": "RELAXED"
-      }
-    ],
-    "extern_sids": [
-      "PSA_ITS_RESET"
-    ],
-    "source_files": [
-      "COMPONENT_SPE/platform_partition.c"
-    ]
-  }

components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/TARGET_TFM/its_tfm_impl.cpp

@@ -1,157 +0,0 @@
-/* Copyright (c) 2018 ARM Limited
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cstring>
-#include "KVStore.h"
-#include "TDBStore.h"
-#include "psa/internal_trusted_storage.h"
-#include "pits_impl.h"
-#include "mbed_error.h"
-#include "mbed_toolchain.h"
-#include "FlashIAP.h"
-#include "FlashIAPBlockDevice.h"
-
-using namespace mbed;
-
-static KVStore *internal_store = NULL;
-static bool is_tfm_kv_initialized = false;
-
-static inline uint32_t align_up(uint64_t val, uint64_t size)
-{
-    return (((val - 1) / size) + 1) * size;
-}
-
-static inline uint32_t align_down(uint64_t val, uint64_t size)
-{
-    return (((val) / size)) * size;
-}
-
-static BlockDevice *_get_blockdevice(bd_addr_t start_address, bd_size_t size)
-{
-    int ret = MBED_SUCCESS;
-    bd_addr_t flash_end_address;
-    bd_addr_t flash_start_address;
-    bd_addr_t aligned_start_address;
-    bd_addr_t aligned_end_address;
-    bd_addr_t end_address;
-    FlashIAP flash;
-
-    ret = flash.init();
-    if (ret != 0) {
-        return NULL;
-    }
-
-    //Get flash parameters before starting
-    flash_start_address = flash.get_flash_start();
-    flash_end_address = flash_start_address + flash.get_flash_size();;
-
-    aligned_start_address = align_down(start_address, flash.get_sector_size(start_address));
-    if (start_address != aligned_start_address) {
-        flash.deinit();
-        return NULL;
-    }
-
-    end_address = start_address + size;
-    if (end_address > flash_end_address) {
-        flash.deinit();
-        return NULL;
-    }
-
-    aligned_end_address = align_up(end_address, flash.get_sector_size(end_address - 1));
-    if (end_address != aligned_end_address) {
-        flash.deinit();
-        return NULL;
-    }
-
-    static FlashIAPBlockDevice bd(start_address, size);
-    flash.deinit();
-    return &bd;
-}
-
-static int _calculate_blocksize_match_tdbstore(BlockDevice *bd)
-{
-    bd_size_t size = bd->size();
-    bd_size_t erase_size = bd->get_erase_size();
-    bd_size_t number_of_sector = size / erase_size;
-
-    if (number_of_sector < 2) {
-        return -1;
-    }
-
-    return 0;
-}
-
-static int tfm_kv_init(void)
-{
-    int ret = MBED_SUCCESS;
-    bd_size_t internal_size = MBED_CONF_STORAGE_TDB_INTERNAL_INTERNAL_SIZE;
-    bd_addr_t internal_start_address = MBED_CONF_STORAGE_TDB_INTERNAL_INTERNAL_BASE_ADDRESS;
-
-    //Get internal memory FLASHIAP block device.
-    BlockDevice *internal_bd = _get_blockdevice(internal_start_address, internal_size);
-    if (internal_bd == NULL) {
-        return -1; // TODO: Error code
-    }
-
-    ret = internal_bd->init();
-    if (ret != 0) {
-        return ret;
-    }
-
-    //Check that internal flash has 2 or more sectors
-    if (_calculate_blocksize_match_tdbstore(internal_bd) != 0) {
-        return -1; // TODO: Error code
-    }
-
-    //Deinitialize internal block device and TDB will reinitialize and take control on it.
-    ret = internal_bd->deinit();
-    if (ret != 0) {
-        return ret;
-    }
-
-    //Create a TDBStore in the internal FLASHIAP block device.
-    static TDBStore tdb_internal(internal_bd);
-    internal_store = &tdb_internal;
-
-    ret = internal_store->init();
-
-    return ret;
-}
-
-/*
- * \brief Get default KVStore instance for internal flesh storage
- *
- * \return valid pointer to KVStore
- */
-
-KVStore *get_its_kvstore_instance(void)
-{
-    return internal_store;
-}
-extern "C" int kv_init_storage_config()
-{
-    int ret = MBED_SUCCESS;
-
-    if (!is_tfm_kv_initialized) {
-        ret = tfm_kv_init();
-    }
-
-    is_tfm_kv_initialized = (ret == MBED_SUCCESS) ? true : false;
-    return ret;
-}
-
-

components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IPC/psa_prot_internal_storage.c

@@ -1,137 +0,0 @@
-/* Copyright (c) 2018 ARM Limited
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "psa/client.h"
-#include "psa/storage_common.h"
-#include "psa/internal_trusted_storage.h"
-#include "psa_manifest/sid.h"
-
-psa_status_t psa_its_set(psa_storage_uid_t uid, size_t data_length, const void *p_data, psa_storage_create_flags_t create_flags)
-{
-    if (!p_data && data_length) {
-        return PSA_ERROR_INVALID_ARGUMENT;
-    }
-
-    psa_invec msg[3] = {
-        { &uid, sizeof(uid) },
-        { p_data, data_length },
-        { &create_flags, sizeof(create_flags) }
-    };
-
-    psa_handle_t conn = psa_connect(PSA_ITS_SET, 1);
-    if (conn <= PSA_NULL_HANDLE) {
-        return PSA_ERROR_STORAGE_FAILURE;
-    }
-
-    psa_status_t status = psa_call(conn, msg, 3, NULL, 0);
-    if (status == PSA_DROP_CONNECTION) {
-        status = PSA_ERROR_STORAGE_FAILURE;
-    }
-
-    psa_close(conn);
-    return status;
-}
-
-psa_status_t psa_its_get(psa_storage_uid_t uid, size_t data_offset, size_t data_length, void *p_data, size_t *p_data_length)
-{
-    size_t actual_size = 0;
-
-    if ((!p_data && data_length) || !p_data_length) {
-        return PSA_ERROR_INVALID_ARGUMENT;
-    }
-
-    psa_invec msg[2] = {
-        { &uid, sizeof(uid) },
-        { &data_offset, sizeof(data_offset) }
-    };
-
-    psa_outvec resp[2] = {
-        { p_data, data_length },
-        { &actual_size, sizeof(actual_size) }
-    };
-
-    psa_handle_t conn = psa_connect(PSA_ITS_GET, 1);
-    if (conn <= PSA_NULL_HANDLE) {
-        return PSA_ERROR_STORAGE_FAILURE;
-    }
-
-    psa_status_t status = psa_call(conn, msg, 2, resp, 2);
-
-    *p_data_length = actual_size;
-
-    psa_close(conn);
-    return status;
-}
-
-psa_status_t psa_its_get_info(psa_storage_uid_t uid, struct psa_storage_info_t *p_info)
-{
-    if (!p_info) {
-        return PSA_ERROR_INVALID_ARGUMENT;
-    }
-
-    struct psa_storage_info_t info = { 0, PSA_STORAGE_FLAG_NONE };
-    psa_invec msg = { &uid, sizeof(uid) };
-    psa_outvec resp = { &info, sizeof(info) };
-    psa_handle_t conn = psa_connect(PSA_ITS_INFO, 1);
-    if (conn <= PSA_NULL_HANDLE) {
-        return PSA_ERROR_STORAGE_FAILURE;
-    }
-
-    psa_status_t status = psa_call(conn, &msg, 1, &resp, 1);
-
-    *p_info = info;
-
-    if (status == PSA_DROP_CONNECTION) {
-        status = PSA_ERROR_STORAGE_FAILURE;
-    }
-
-    psa_close(conn);
-    return status;
-}
-
-psa_status_t psa_its_remove(psa_storage_uid_t uid)
-{
-    psa_invec msg = { &uid, sizeof(uid) };
-    psa_handle_t conn = psa_connect(PSA_ITS_REMOVE, 1);
-    if (conn <= PSA_NULL_HANDLE) {
-        return PSA_ERROR_STORAGE_FAILURE;
-    }
-
-    psa_status_t status = psa_call(conn, &msg, 1, NULL, 0);
-    if (status == PSA_DROP_CONNECTION) {
-        status = PSA_ERROR_STORAGE_FAILURE;
-    }
-
-    psa_close(conn);
-    return status;
-}
-
-psa_status_t psa_its_reset()
-{
-    psa_handle_t conn = psa_connect(PSA_ITS_RESET, 1);
-    if (conn <= PSA_NULL_HANDLE) {
-        return PSA_ERROR_STORAGE_FAILURE;
-    }
-
-    psa_status_t status = psa_call(conn, NULL, 0, NULL, 0);
-    if (status == PSA_DROP_CONNECTION) {
-        status = PSA_ERROR_STORAGE_FAILURE;
-    }
-
-    psa_close(conn);
-    return status;
-}

components/TARGET_PSA/services/storage/its/COMPONENT_SPE/its_partition.c

@@ -1,225 +0,0 @@
-/* Copyright (c) 2018 ARM Limited
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include "psa/client.h"
-#include "psa/service.h"
-#include "mbed_spm_partitions.h"
-#include "psa/internal_trusted_storage.h"
-#include "pits_impl.h"
-#include "mbed_error.h"
-
-#if defined(TARGET_MBED_SPM)
-#include "kv_config.h"
-#else
-int kv_init_storage_config();
-#endif
-
-#ifdef   __cplusplus
-extern "C"
-{
-#endif
-
-typedef psa_status_t (*SignalHandler)(psa_msg_t *);
-
-static psa_status_t storage_set(psa_msg_t *msg)
-{
-    psa_storage_uid_t key = 0;
-    void *data = NULL;
-    uint32_t alloc_size = msg->in_size[1];
-    psa_storage_create_flags_t flags = 0;
-
-    if ((msg->in_size[0] != sizeof(key)) || (msg->in_size[2] != sizeof(flags))) {
-        return PSA_DROP_CONNECTION;
-    }
-
-    if (psa_read(msg->handle, 0, &key, sizeof(key)) != sizeof(key)) {
-        return PSA_DROP_CONNECTION;
-    }
-
-    if (psa_read(msg->handle, 2, &flags, sizeof(flags)) != sizeof(flags)) {
-        return PSA_DROP_CONNECTION;
-    }
-
-    data = malloc(alloc_size);
-    if (data == NULL) {
-        return PSA_ERROR_STORAGE_FAILURE;
-    }
-
-    if (psa_read(msg->handle, 1, data, msg->in_size[1]) != msg->in_size[1]) {
-        free(data);
-        return PSA_ERROR_STORAGE_FAILURE;
-    }
-
-    psa_status_t status = psa_its_set_impl(msg->client_id, key, alloc_size, data, flags);
-    memset(data, 0, alloc_size);
-    free(data);
-    return status;
-}
-
-static psa_status_t storage_get(psa_msg_t *msg)
-{
-    psa_storage_uid_t key = 0;
-    uint32_t offset = 0;
-    size_t actual_size;
-
-    if ((msg->in_size[0] != sizeof(key)) ||
-            (msg->in_size[1] != sizeof(offset)) ||
-            (msg->out_size[1] != sizeof(actual_size))) {
-        return PSA_DROP_CONNECTION;
-    }
-
-    if (psa_read(msg->handle, 0, &key, sizeof(key)) != sizeof(key)) {
-        return PSA_DROP_CONNECTION;
-    }
-
-    if (psa_read(msg->handle, 1, &offset, sizeof(offset)) != sizeof(offset)) {
-        return PSA_DROP_CONNECTION;
-    }
-
-    uint8_t *data = (uint8_t *)malloc(msg->out_size[0]);
-    if (data == NULL) {
-        return PSA_ERROR_STORAGE_FAILURE;
-    }
-
-    psa_status_t status = psa_its_get_impl(msg->client_id, key, offset, msg->out_size[0], data, &actual_size);
-    if (status == PSA_SUCCESS) {
-        psa_write(msg->handle, 0, data, actual_size);
-        psa_write(msg->handle, 1, &actual_size, sizeof(actual_size));
-    }
-
-    memset(data, 0, msg->out_size[0]);
-    free(data);
-    return status;
-}
-
-static psa_status_t storage_info(psa_msg_t *msg)
-{
-    struct psa_storage_info_t info = { 0 };
-    psa_storage_uid_t key = 0;
-
-    if ((msg->in_size[0] != sizeof(key)) || (msg->out_size[0] != sizeof(info))) {
-        return PSA_DROP_CONNECTION;
-    }
-
-    if (psa_read(msg->handle, 0, &key, sizeof(key)) != sizeof(key)) {
-        return PSA_DROP_CONNECTION;
-    }
-
-    psa_status_t status = psa_its_get_info_impl(msg->client_id, key, &info);
-    if (status == PSA_SUCCESS) {
-        psa_write(msg->handle, 0, &info, msg->out_size[0]);
-    }
-
-    return status;
-}
-
-static psa_status_t storage_remove(psa_msg_t *msg)
-{
-    psa_storage_uid_t key = 0;
-
-    if (msg->in_size[0] != sizeof(key)) {
-        return PSA_DROP_CONNECTION;
-    }
-
-    if (psa_read(msg->handle, 0, &key, sizeof(key)) != sizeof(key)) {
-        return PSA_DROP_CONNECTION;
-    }
-
-    return psa_its_remove_impl(msg->client_id, key);
-}
-static psa_status_t storage_reset(psa_msg_t *msg)
-{
-    (void)msg;
-    return psa_its_reset_impl();
-}
-
-
-
-static void message_handler(psa_msg_t *msg, SignalHandler handler)
-{
-    psa_status_t status = PSA_SUCCESS;
-    switch (msg->type) {
-        case PSA_IPC_CONNECT: //fallthrough
-        case PSA_IPC_DISCONNECT: {
-            break;
-        }
-        case PSA_IPC_CALL: {
-            status = handler(msg);
-            break;
-        }
-        default: {
-            SPM_PANIC("Unexpected message type %lu!", msg->type);
-            break;
-        }
-    }
-    psa_reply(msg->handle, status);
-}
-
-void its_entry(void *ptr)
-{
-    psa_signal_t signals = 0;
-    psa_msg_t msg = {0};
-
-    while (1) {
-        signals = psa_wait(ITS_WAIT_ANY_SID_MSK, PSA_BLOCK);
-        // KVStore initiation:
-        // - Must be done after the psa_wait() call since only now we know OS initialization is done
-        // - Repeating calls has no effect
-        int kv_status = kv_init_storage_config();
-        if (kv_status != MBED_SUCCESS) {
-            SPM_PANIC("KVStore initiation failed with status %d!", kv_status);
-        }
-
-        if ((signals & PSA_ITS_SET_MSK) != 0) {
-            if (PSA_SUCCESS != psa_get(PSA_ITS_SET_MSK, &msg)) {
-                continue;
-            }
-            message_handler(&msg, storage_set);
-        }
-        if ((signals & PSA_ITS_GET_MSK) != 0) {
-            if (PSA_SUCCESS != psa_get(PSA_ITS_GET_MSK, &msg)) {
-                continue;
-            }
-            message_handler(&msg, storage_get);
-        }
-        if ((signals & PSA_ITS_INFO_MSK) != 0) {
-            if (PSA_SUCCESS != psa_get(PSA_ITS_INFO_MSK, &msg)) {
-                continue;
-            }
-            message_handler(&msg, storage_info);
-        }
-        if ((signals & PSA_ITS_REMOVE_MSK) != 0) {
-            if (PSA_SUCCESS != psa_get(PSA_ITS_REMOVE_MSK, &msg)) {
-                continue;
-            }
-            message_handler(&msg, storage_remove);
-        }
-        if ((signals & PSA_ITS_RESET_MSK) != 0) {
-            if (PSA_SUCCESS != psa_get(PSA_ITS_RESET_MSK, &msg)) {
-                continue;
-            }
-            message_handler(&msg, storage_reset);
-        }
-
-    }
-}
-
-#ifdef   __cplusplus
-}
-#endif

components/TARGET_PSA/services/storage/its/pits_psa.json

@@ -1,53 +0,0 @@
-{
-    "name": "ITS",
-    "type": "APPLICATION-ROT",
-    "priority": "NORMAL",
-    "id": "0x0000000A",
-    "entry_point": "its_entry",
-    "stack_size": "0x800",
-    "heap_size": "0x400",
-    "services": [{
-        "name": "PSA_ITS_GET",
-        "identifier": "0x00011A00",
-        "signal": "PSA_ITS_GET_MSK",
-        "non_secure_clients": true,
-        "minor_version": 1,
-        "minor_policy": "RELAXED"
-      },
-      {
-        "name": "PSA_ITS_SET",
-        "identifier": "0x00011A01",
-        "signal": "PSA_ITS_SET_MSK",
-        "non_secure_clients": true,
-        "minor_version": 1,
-        "minor_policy": "RELAXED"
-      },
-      {
-        "name": "PSA_ITS_INFO",
-        "identifier": "0x00011A02",
-        "signal": "PSA_ITS_INFO_MSK",
-        "non_secure_clients": true,
-        "minor_version": 1,
-        "minor_policy": "RELAXED"
-      },
-      {
-        "name": "PSA_ITS_REMOVE",
-        "identifier": "0x00011A03",
-        "signal": "PSA_ITS_REMOVE_MSK",
-        "non_secure_clients": true,
-        "minor_version": 1,
-        "minor_policy": "RELAXED"
-      },
-      {
-        "name": "PSA_ITS_RESET",
-        "identifier": "0x00011A04",
-        "signal": "PSA_ITS_RESET_MSK",
-        "non_secure_clients": false,
-        "minor_version": 1,
-        "minor_policy": "RELAXED"
-      }
-    ],
-    "source_files": [
-      "COMPONENT_SPE/its_partition.c"
-    ]
-  }

features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/client.h

@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-#if defined(TARGET_TFM)
+#if defined(FEATURE_TFM)
 #include "interface/include/psa_client.h"
 #elif defined(TARGET_MBED_SPM)
 #include "TARGET_MBED_SPM/psa_defs.h"