add different api implementations

interface/include/iotex_tf_mbedtls_r.h

@@ -0,0 +1,18 @@
+#ifndef IOTEX_TF_MBEDTLS_R_H
+#define IOTEX_TF_MBEDTLS_R_H
+
+#include <stdint.h>
+
+#include "psa/crypto.h"
+#include "psa/crypto_client_struct.h"
+
+// psa_status_t tfm_crypto_key_attributes_from_client(
+//                     const struct psa_client_key_attributes_s *client_key_attr,
+//                     int32_t client_id,
+//                     psa_key_attributes_t *key_attributes);
+
+// psa_status_t tfm_crypto_key_attributes_to_client(
+//                         psa_key_attributes_t *key_attributes,
+//                         struct psa_client_key_attributes_s *client_key_attr);
+
+#endif /* IOTEX_TF_MBEDTLS_R_H */

interface/include/private_access.h

@@ -0,0 +1,32 @@
+ /**
+ * \file private_access.h
+ *
+ * \brief Macro wrapper for struct's members.
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#ifndef MBEDTLS_PRIVATE_ACCESS_H
+#define MBEDTLS_PRIVATE_ACCESS_H
+
+#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS
+#define MBEDTLS_PRIVATE(member) private_##member
+#else
+#define MBEDTLS_PRIVATE(member) member
+#endif
+
+#endif /* MBEDTLS_PRIVATE_ACCESS_H */

interface/include/tfm_veneers.h

@@ -0,0 +1,177 @@
+/*
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/*********** WARNING: This is an auto-generated file. Do not edit! ***********/
+
+#ifndef __TFM_VENEERS_H__
+#define __TFM_VENEERS_H__
+
+#include "tfm_api.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+psa_status_t tfm_crypto_init(void);
+
+/******** TFM_SP_STORAGE ********/
+psa_status_t tfm_ps_set_req(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_ps_get_req(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_ps_get_info_req(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_ps_remove_req(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_ps_get_support_req(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+
+// psa_status_t tfm_tfm_sst_set_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+// psa_status_t tfm_tfm_sst_get_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+// psa_status_t tfm_tfm_sst_get_info_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+// psa_status_t tfm_tfm_sst_remove_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+// psa_status_t tfm_tfm_sst_get_support_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+
+/******** TFM_SP_ITS ********/
+psa_status_t tfm_its_set_req(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_its_get_req(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_its_get_info_req(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_its_remove_req(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+
+//#ifdef TFM_PARTITION_AUDIT_LOG
+/******** TFM_SP_AUDIT_LOG ********/
+psa_status_t audit_core_retrieve_record(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t audit_core_add_record(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t audit_core_get_info(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t audit_core_get_record_info(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t audit_core_delete_record(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+//#endif /* TFM_PARTITION_AUDIT_LOG */
+
+/******** TFM_SP_CRYPTO ********/
+
+// Key Management
+psa_status_t tfm_crypto_open_key(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_close_key(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_import_key(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_destroy_key(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_get_key_attributes(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_reset_key_attributes(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_export_key(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_export_public_key(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_purge_key(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_copy_key(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+// Cipher
+psa_status_t tfm_crypto_cipher_generate_iv(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_cipher_set_iv(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_cipher_encrypt_setup(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_cipher_decrypt_setup(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_cipher_update(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_cipher_abort(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_cipher_finish(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_cipher_encrypt(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_cipher_decrypt(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+// Hash
+psa_status_t tfm_crypto_hash_setup(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_hash_update(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_hash_finish(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_hash_verify(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_hash_abort(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_hash_clone(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_hash_compute(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_hash_compare(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+// Mac
+psa_status_t tfm_crypto_mac_sign_setup(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_mac_verify_setup(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_mac_update(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_mac_sign_finish(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_mac_verify_finish(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_mac_abort(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_mac_compute(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_mac_verify(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+// aead
+psa_status_t tfm_crypto_aead_encrypt(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_aead_decrypt(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_aead_encrypt_setup(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_aead_decrypt_setup(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_aead_generate_nonce(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_aead_set_nonce(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_aead_set_lengths(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_aead_update_ad(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_aead_update(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_aead_finish(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_aead_verify(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_aead_abort(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+// asymmetric
+psa_status_t tfm_crypto_sign_message(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_verify_message(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_sign_hash(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_verify_hash(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_asymmetric_encrypt(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_asymmetric_decrypt(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+// key_derivation
+psa_status_t tfm_crypto_key_derivation_get_capacity(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_key_derivation_output_bytes(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_key_derivation_input_key(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_key_derivation_abort(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_key_derivation_key_agreement(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_key_derivation_setup(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_key_derivation_set_capacity(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_key_derivation_input_bytes(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_key_derivation_output_key(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+
+psa_status_t tfm_crypto_generate_random(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_generate_key(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_crypto_raw_key_agreement(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+
+
+#ifdef TFM_PARTITION_PLATFORM
+/******** TFM_SP_PLATFORM ********/
+psa_status_t tfm_platform_sp_system_reset_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_platform_sp_ioctl_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+#endif /* TFM_PARTITION_PLATFORM */
+
+/******** TFM_SP_INITIAL_ATTESTATION ********/
+psa_status_t tfm_initial_attest_get_token_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_initial_attest_get_token_size_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+
+#ifdef TFM_PARTITION_TEST_CORE
+/******** TFM_SP_CORE_TEST ********/
+psa_status_t tfm_spm_core_test_sfn_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_spm_core_test_sfn_init_success_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_spm_core_test_sfn_direct_recursion_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+#endif /* TFM_PARTITION_TEST_CORE */
+
+#ifdef TFM_PARTITION_TEST_CORE
+/******** TFM_SP_CORE_TEST_2 ********/
+psa_status_t tfm_spm_core_test_2_slave_service_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_spm_core_test_2_sfn_invert_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_spm_core_test_2_check_caller_client_id_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_spm_core_test_2_get_every_second_byte_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_spm_core_test_2_prepare_test_scenario_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_spm_core_test_2_execute_test_scenario_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+#endif /* TFM_PARTITION_TEST_CORE */
+
+#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
+/******** TFM_SP_SECURE_TEST_PARTITION ********/
+psa_status_t tfm_tfm_secure_client_service_sfn_run_tests_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+#endif /* TFM_PARTITION_TEST_SECURE_SERVICES */
+
+#ifdef TFM_PARTITION_TEST_CORE_IPC
+/******** TFM_SP_IPC_SERVICE_TEST ********/
+#endif /* TFM_PARTITION_TEST_CORE_IPC */
+
+#ifdef TFM_PARTITION_TEST_CORE_IPC
+/******** TFM_SP_IPC_CLIENT_TEST ********/
+#endif /* TFM_PARTITION_TEST_CORE_IPC */
+
+#ifdef TFM_ENABLE_IRQ_TEST
+/******** TFM_IRQ_TEST_1 ********/
+psa_status_t tfm_spm_irq_test_1_prepare_test_scenario_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_spm_irq_test_1_execute_test_scenario_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+#endif /* TFM_ENABLE_IRQ_TEST */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_VENEERS_H__ */

interface/src/iotex_audit_func_api.c

@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "psa_audit_api.h"
+#include "tfm_veneers.h"
+#include "tfm_ns_interface.h"
+
+#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0]))
+
+#define API_DISPATCH(sfn_name)                                    \
+    tfm_ns_interface_dispatch((veneer_fn)sfn_name, \
+        (void *)in_vec, (uint32_t)ARRAY_SIZE(in_vec),           \
+        (void *)out_vec, (uint32_t)ARRAY_SIZE(out_vec))
+
+#define API_DISPATCH_NO_INVEC(sfn_name)                           \
+    tfm_ns_interface_dispatch((veneer_fn)sfn_name, \
+        (void *)NULL, 0,                                        \
+        (void *)out_vec, (uint32_t)ARRAY_SIZE(out_vec))
+
+#define API_DISPATCH_NO_OUTVEC(sfn_name)                          \
+    tfm_ns_interface_dispatch((veneer_fn)sfn_name, \
+        (void *)in_vec, (uint32_t)ARRAY_SIZE(in_vec),           \
+        (void *)NULL, 0)
+
+psa_status_t psa_audit_retrieve_record(const uint32_t record_index,
+                                       const uint32_t buffer_size,
+                                       const uint8_t *token,
+                                       const uint32_t token_size,
+                                       uint8_t *buffer,
+                                       uint32_t *record_size)
+{
+    psa_status_t status;
+    psa_invec in_vec[] = {
+        {.base = &record_index, .len = sizeof(uint32_t)},
+        {.base = token, .len = token_size},
+    };
+    psa_outvec out_vec[] = {
+        {.base = buffer, .len = buffer_size},
+    };
+
+    status = API_DISPATCH(audit_core_retrieve_record);
+
+    *record_size = out_vec[0].len;
+
+    return status;
+}
+
+psa_status_t psa_audit_get_info(uint32_t *num_records, uint32_t *size)
+{
+    psa_status_t status;
+    psa_outvec out_vec[] = {
+        {.base = num_records, .len = sizeof(uint32_t)},
+        {.base = size, .len = sizeof(uint32_t)},
+    };
+
+    // status = API_DISPATCH_NO_INVEC(audit_core_get_info);
+
+    return status;
+}
+
+psa_status_t psa_audit_get_record_info(const uint32_t record_index,
+                                       uint32_t *size)
+{
+    psa_status_t status;
+    psa_invec in_vec[] = {
+        {.base = &record_index, .len = sizeof(uint32_t)},
+    };
+    psa_outvec out_vec[] = {
+        {.base = size, .len = sizeof(uint32_t)},
+    };
+
+    // status = API_DISPATCH(audit_core_get_record_info);
+
+    return status;
+}
+
+psa_status_t psa_audit_delete_record(const uint32_t record_index,
+                                     const uint8_t *token,
+                                     const uint32_t token_size)
+{
+    psa_status_t status;
+    psa_invec in_vec[] = {
+        {.base = &record_index, .len = sizeof(uint32_t)},
+        {.base = token, .len = token_size},
+    };
+
+    // status = API_DISPATCH_NO_OUTVEC(audit_core_delete_record);
+
+    return status;
+}
+
+psa_status_t psa_audit_add_record(const struct psa_audit_record *record)
+{
+    /* This API supports only Secure world calls. As this is the implementation
+     * of the Non-Secure interface, always directly return an error without
+     * routing the call to TF-M in the Secure world.
+     */
+    (void)record;
+    return PSA_ERROR_NOT_PERMITTED;
+}