mbed-os/components/TARGET_PSA/inc/psa/protected_storage.h

/*  Copyright (C) 2019, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

/** @file
@brief This file describes the PSA Protected Storage API
*/

#ifndef __PSA_PROTECTED_STORAGE_H__
#define __PSA_PROTECTED_STORAGE_H__

#include <stddef.h>
#include <stdint.h>

#include "psa/error.h"
#include "psa/storage_common.h"

#ifdef __cplusplus
extern "C" {
#endif

#define PSA_PS_API_VERSION_MAJOR  1  /**< The major version number of the PSA PS API. It will be incremented on significant updates that may include breaking changes */
#define PSA_PS_API_VERSION_MINOR  1  /**< The minor version number of the PSA PS API. It will be incremented in small updates that are unlikely to include breaking changes */


/**
 * \brief create a new or modify an existing key/value pair
 *
 * \param[in] uid           the identifier for the data
 * \param[in] data_length   The size in bytes of the data in `p_data`
 * \param[in] p_data        A buffer containing the data
 * \param[in] create_flags  The flags indicating the properties of the data
 *
 * \return      A status indicating the success/failure of the operation

 * \retval      PSA_SUCCESS                     The operation completed successfully
 * \retval      PSA_ERROR_NOT_PERMITTED         The operation failed because the provided uid value was already created with PSA_STORAGE_WRITE_ONCE_FLAG
 * \retval      PSA_ERROR_INVALID_ARGUMENT      The operation failed because one or more of the given arguments were invalid.
 * \retval      PSA_ERROR_NOT_SUPPORTED         The operation failed because one or more of the flags provided in `create_flags` is not supported or is not valid
 * \retval      PSA_ERROR_INSUFFICIENT_STORAGE  The operation failed because there was insufficient space on the storage medium
 * \retval      PSA_ERROR_STORAGE_FAILURE       The operation failed because the physical storage has failed (Fatal error)
 * \retval      PSA_ERROR_GENERIC_ERROR         The operation failed because of an unspecified internal failure
 */
psa_status_t psa_ps_set(psa_storage_uid_t uid,
                        size_t data_length,
                        const void *p_data,
                        psa_storage_create_flags_t create_flags);

/**
 * \brief Retrieve the value for a provided uid
 *
 * \param[in] uid               The identifier for the data
 * \param[in] data_offset       The offset within the data associated with the `uid` to start retrieving data
 * \param[in] data_length       The amount of data to read (and the minimum allocated size of the `p_data` buffer)
 * \param[out] p_data           The buffer where the data will be placed upon successful completion
 * \param[out] p_data_length    The actual amount of data returned
 *
 * \return      A status indicating the success/failure of the operation
 *
 * \retval      PSA_SUCCESS                  The operation completed successfully
 * \retval      PSA_ERROR_INVALID_ARGUMENT   The operation failed because one or more of the given arguments were invalid (null pointer, wrong flags etc.)
 * \retval      PSA_ERROR_DOES_NOT_EXIST     The operation failed because the provided uid value was not found in the storage
 * \retval      PSA_ERROR_BUFFER_TOO_SMALL   The operation failed because the data associated with provided uid does not fit `data_size`
 * \retval      PSA_ERROR_STORAGE_FAILURE    The operation failed because the physical storage has failed (Fatal error)
 * \retval      PSA_ERROR_GENERIC_ERROR      The operation failed because of an unspecified internal failure
 * \retval      PSA_ERROR_DATA_CORRUPT       The operation failed because of an authentication failure when attempting to get the key
 * \retval      PSA_ERROR_INVALID_SIGNATURE  The operation failed because the data associated with the UID failed authentication
 */
psa_status_t psa_ps_get(psa_storage_uid_t uid,
                        size_t data_offset,
                        size_t data_length,
                        void *p_data,
                        size_t *p_data_length);

/**
 * \brief Retrieve the metadata about the provided uid
 *
 * \param[in] uid           The identifier for the data
 * \param[out] p_info       A pointer to the `psa_storage_info_t` struct that will be populated with the metadata
 *
 * \return      A status indicating the success/failure of the operation
 *
 * \retval      PSA_SUCCESS                  The operation completed successfully
 * \retval      PSA_ERROR_INVALID_ARGUMENT   The operation failed because one or more of the given arguments were invalid (null pointer, wrong flags etc.)
 * \retval      PSA_ERROR_DOES_NOT_EXIST     The operation failed because the provided uid value was not found in the storage
 * \retval      PSA_ERROR_STORAGE_FAILURE    The operation failed because the physical storage has failed (Fatal error)
 * \retval      PSA_ERROR_GENERIC_ERROR      The operation failed because of an unspecified internal failure
 * \retval      PSA_ERROR_DATA_CORRUPT       The operation failed because of an authentication failure when attempting to get the key
 * \retval      PSA_ERROR_INVALID_SIGNATURE  The operation failed because the data associated with the UID failed authentication
 */
psa_status_t psa_ps_get_info(psa_storage_uid_t uid, struct psa_storage_info_t *p_info);

/**
 * \brief Remove the provided uid and its associated data from the storage
 *
 * \param[in] uid   The identifier for the data to be removed
 *
 * \return  A status indicating the success/failure of the operation
 *
 * \retval      PSA_SUCCESS                  The operation completed successfully
 * \retval      PSA_ERROR_INVALID_ARGUMENT   The operation failed because one or more of the given arguments were invalid (null pointer, wrong flags etc.)
 * \retval      PSA_ERROR_DOES_NOT_EXIST     The operation failed because the provided uid value was not found in the storage
 * \retval      PSA_ERROR_NOT_PERMITTED      The operation failed because the provided uid value was created with psa_eps_WRITE_ONCE_FLAG
 * \retval      PSA_ERROR_STORAGE_FAILURE    The operation failed because the physical storage has failed (Fatal error)
 * \retval      PSA_ERROR_GENERIC_ERROR      The operation failed because of an unspecified internal failure
 */
psa_status_t psa_ps_remove(psa_storage_uid_t uid);

/**
 *  Creates an asset based on the given identifier, the maximum size and
 *  creation flags. This create allocates the space in the secure storage
 *  area without setting any data in the asset.
 *
 *  It is only necessary to call this function for items that will be written
 *  with the \ref psa_ps_set_extended function. If only the \ref psa_ps_set function
 *  is needed, calls to this function are redundant.
 *
 *  If the \ref PSA_STORAGE_FLAG_WRITE_ONCE flag is passed, implementations should
 *  return \ref PSA_ERROR_NOT_SUPPORTED.
 *
 *  This function is optional. Not all PSA Protected Storage Implementations
 *  will implement this function. Consult the documentation of your chosen
 *  platform to determine if it is present.
 *
 * \param[in] uid           A unique identifier for the asset.
 * \param[in] size          The maximum size in bytes of the asset.
 * \param[in] create_flags  Create flags \ref psa_storage_create_flags_t.
 *
 * \retval PSA_SUCCESS              The assest does not exist and the input parameters are correct or
 *                                          the asset already exists, the input parameters are the same that
 *                                          have been used to create the asset and the owner is the same and the current asset content is kept
 *                                          TDB: "Owner is the same" doesn't really make sense from a PSA perspective, as each partition
 *                                          has its own UID space, making other partitions' data unadressable
 * \retval PSA_ERROR_STORAGE_FAILURE        The create action has a physical storage error
 * \retval PSA_ERROR_INSUFFICIENT_STORAGE   The maximum size is bigger of the current available space
 * \retval PSA_ERROR_NOT_SUPPORTED          One or more create_flags are not valid or supported
 * \retval PSA_ERROR_INVALID_ARGUMENT       The asset exists and the input paramters are not the same as the existing asset
 * \retval PSA_ERROR_NOT_SUPPORTED          The implementation of the API does not support this function
 * \retval PSA_ERROR_GENERIC_ERROR          The operation has failed due to an unspecified error
 */
psa_status_t psa_ps_create(psa_storage_uid_t uid,
                           size_t size,
                           psa_storage_create_flags_t create_flags);

/**
 * Sets partial data into an asset based on the given identifier, data_offset,
 * data length and p_data.
 *
 *  Before calling this function, the asset must have been created with a call
 *  to \ref psa_ps_create.
 *
 *  This function is optional. Not all PSA Protected Storage Implementations
 *  will implement this function. Consult the documentation of your chosen
 *  platform to determine if it is present.
 *
 * \param[in] uid          The unique identifier for the asset.
 * \param[in] data_offset  Offset within the asset to start the write.
 * \param[in] data_length  The size in bytes of the data in p_data to write.
 * \param[in] p_data       Pointer to a buffer which contains the data to write.
 *
 * \retval PSA_SUCCESS                      If the asset exists, the input parameters are correct and the data
 *                                          is correctly written in the physical storage
 * \retval PSA_ERROR_STORAGE_FAILURE        If the data is not written correctly in the physical storage
 * \retval PSA_ERROR_INVALID_ARGUMENT       The operation failed because one or more of the given arguments were invalid (null pointer, wrong flags, etc)
 * \retval PSA_ERROR_DOES_NOT_EXIST         The specified UID was not found
 * \retval PSA_ERROR_NOT_SUPPORTED          The implementation of the API does not support this function
 * \retval PSA_ERROR_GENERIC_ERROR          The operation failed due to an unspecified error
 * \retval PSA_ERROR_DATA_CORRUPT           The operation failed because the existing data has been corrupted
 * \retval PSA_ERROR_INVALID_SIGNATURE      The operation failed because the existing data failed authentication (MAC check failed)
 */
psa_status_t psa_ps_set_extended(psa_storage_uid_t uid,
                                 size_t data_offset,
                                 size_t data_length,
                                 const void *p_data);

/**
 *  Returns a bitmask with flags set for all of the optional features supported
 * by the implementation.
 *
 * Currently defined flags are limited to:
 * - \ref PSA_STORAGE_SUPPORT_SET_EXTENDED
 */
uint32_t psa_ps_get_support(void);

#ifdef __cplusplus
}
#endif


#endif // __PSA_PROTECTED_STORAGE_H__