Merge pull request #10746 from davidsaada/david_fix_ps_flags

0xc0170 · web-flow · commit 4625221f1e00 · 2019-06-09T18:17:19.000+01:00
PSA protected storage: Add encrypt &amp; RB protect flags by default to set.
diff --git a/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.cpp b/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.cpp
@@ -185,24 +185,15 @@ static void generate_fn(char *tdb_filename, uint32_t tdb_filename_size, psa_stor
 
 psa_status_t psa_storage_set_impl(KVStore *kvstore, int32_t pid, psa_storage_uid_t uid,
                                   uint32_t data_length, const void *p_data,
-                                  psa_storage_create_flags_t create_flags)
+                                  uint32_t kv_create_flags)
 {
-    if ((create_flags & (~FLAGS_MSK)) != 0) {
-        return PSA_ERROR_NOT_SUPPORTED;
-    }
-
     if (uid == 0) {
         return PSA_ERROR_INVALID_ARGUMENT;
     }
     // Generate KVStore key
     char kv_key[PSA_STORAGE_FILE_NAME_MAX] = {'\0'};
     generate_fn(kv_key, PSA_STORAGE_FILE_NAME_MAX, uid, pid);
 
-    uint32_t kv_create_flags = 0;
-    if (create_flags & PSA_STORAGE_FLAG_WRITE_ONCE) {
-        kv_create_flags = KVStore::WRITE_ONCE_FLAG;
-    }
-
     int status = kvstore->set(kv_key, p_data, data_length, kv_create_flags);
 
     return convert_status(status);
diff --git a/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.h b/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.h
@@ -36,7 +36,7 @@ typedef psa_status_t (*migrate_func_t)(mbed::KVStore *kvstore, const psa_storage
 
 void psa_storage_handle_version(mbed::KVStore *kvstore, const char *version_key, const psa_storage_version_t *version,
                                 migrate_func_t migrate_func);
-psa_status_t psa_storage_set_impl(mbed::KVStore *kvstore, int32_t pid, psa_storage_uid_t uid, uint32_t data_length, const void *p_data, psa_storage_create_flags_t create_flags);
+psa_status_t psa_storage_set_impl(mbed::KVStore *kvstore, int32_t pid, psa_storage_uid_t uid, uint32_t data_length, const void *p_data, uint32_t kv_create_flags);
 psa_status_t psa_storage_get_impl(mbed::KVStore *kvstore, int32_t pid, psa_storage_uid_t uid, uint32_t data_offset, uint32_t data_length, void *p_data);
 psa_status_t psa_storage_get_info_impl(mbed::KVStore *kvstore, int32_t pid, psa_storage_uid_t uid, struct psa_storage_info_t *p_info);
 psa_status_t psa_storage_remove_impl(mbed::KVStore *kvstore, int32_t pid, psa_storage_uid_t uid);
diff --git a/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/pits_impl.cpp b/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/pits_impl.cpp
@@ -87,6 +87,10 @@ psa_status_t psa_its_set_impl(int32_t pid, psa_storage_uid_t uid, uint32_t data_
         its_init();
     }
 
+    if (create_flags & ~PSA_STORAGE_FLAG_WRITE_ONCE) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
+
     return psa_storage_set_impl(kvstore, pid, uid, data_length, p_data, create_flags);
 }
 
diff --git a/components/TARGET_PSA/services/storage/ps/COMPONENT_NSPE/protected_storage.cpp b/components/TARGET_PSA/services/storage/ps/COMPONENT_NSPE/protected_storage.cpp
@@ -39,6 +39,7 @@ extern "C"
 #define PSA_PS_GLOBAL_PID        1
 
 static KVStore *kvstore = NULL;
+static uint32_t def_kvstore_flags = 0;
 
 MBED_WEAK psa_status_t ps_version_migrate(KVStore *kvstore,
                                           const psa_storage_version_t *old_version, const psa_storage_version_t *new_version)
@@ -61,12 +62,18 @@ static void ps_init(void)
     KVMap &kv_map = KVMap::get_instance();
     psa_storage_version_t version = {PSA_PS_API_VERSION_MAJOR, PSA_PS_API_VERSION_MINOR};
     kvstore = kv_map.get_main_kv_instance(STR_EXPAND(MBED_CONF_STORAGE_DEFAULT_KV));
-    if (!kvstore) {
+    KVStore *int_kvstore = kv_map.get_internal_kv_instance(STR_EXPAND(MBED_CONF_STORAGE_DEFAULT_KV));;
+    if (!kvstore || !int_kvstore) {
         // Can only happen due to system misconfiguration.
         // Thus considered as unrecoverable error for runtime.
         error("Failed getting kvstore instance\n");
     }
 
+    def_kvstore_flags = 0;
+    if (kvstore != int_kvstore) {
+        def_kvstore_flags = KVStore::REQUIRE_CONFIDENTIALITY_FLAG | KVStore::REQUIRE_REPLAY_PROTECTION_FLAG;
+    }
+
     psa_storage_handle_version(kvstore, PS_VERSION_KEY, &version, ps_version_migrate);
 }
 
@@ -83,7 +90,16 @@ psa_status_t psa_ps_set(psa_storage_uid_t uid, uint32_t data_length, const void
         ps_init();
     }
 
-    return psa_storage_set_impl(kvstore, PSA_PS_GLOBAL_PID, uid, data_length, p_data, create_flags);
+    if (create_flags & ~PSA_STORAGE_FLAG_WRITE_ONCE) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
+
+    uint32_t kv_create_flags = def_kvstore_flags;
+    if (create_flags & PSA_STORAGE_FLAG_WRITE_ONCE) {
+        kv_create_flags |= KVStore::WRITE_ONCE_FLAG;
+    }
+
+    return psa_storage_set_impl(kvstore, PSA_PS_GLOBAL_PID, uid, data_length, p_data, kv_create_flags);
 }
 
 psa_status_t psa_ps_get(psa_storage_uid_t uid, uint32_t data_offset, uint32_t data_length, void *p_data)

Original file line number	Diff line number	Diff line change
`@@ -87,6 +87,10 @@ psa_status_t psa_its_set_impl(int32_t pid, psa_storage_uid_t uid, uint32_t data_`
`87`	`87`	`its_init();`
`88`	`88`	`}`
`89`	`89`
	`90`	`+ if (create_flags & ~PSA_STORAGE_FLAG_WRITE_ONCE) {`
	`91`	`+ return PSA_ERROR_NOT_SUPPORTED;`
	`92`	`+ }`
	`93`	`+`
`90`	`94`	`return psa_storage_set_impl(kvstore, pid, uid, data_length, p_data, create_flags);`
`91`	`95`	`}`
`92`	`96`