1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (c) 2017, Linaro Limited
4 */
5
6 #include <assert.h>
7 #include <bitstring.h>
8 #include <crypto/crypto.h>
9 #include <kernel/mutex.h>
10 #include <kernel/thread.h>
11 #include <mm/mobj.h>
12 #include <optee_rpc_cmd.h>
13 #include <stdio.h>
14 #include <string.h>
15 #include <tee_api_defines_extensions.h>
16 #include <tee/tadb.h>
17 #include <tee/tee_fs.h>
18 #include <tee/tee_fs_rpc.h>
19 #include <tee/tee_pobj.h>
20 #include <tee/tee_svc_storage.h>
21 #include <utee_defines.h>
22
23 #define TADB_MAX_BUFFER_SIZE (64U * 1024)
24
25 #define TADB_AUTH_ENC_ALG TEE_ALG_AES_GCM
26 #define TADB_IV_SIZE TEE_AES_BLOCK_SIZE
27 #define TADB_TAG_SIZE TEE_AES_BLOCK_SIZE
28 #define TADB_KEY_SIZE TEE_AES_MAX_KEY_SIZE
29
30 struct tee_tadb_dir {
31 const struct tee_file_operations *ops;
32 struct tee_file_handle *fh;
33 int nbits;
34 bitstr_t *files;
35 };
36
37 /*
38 * struct tadb_entry - TA database entry
39 * @prop: properties of TA
40 * @file_number: encrypted TA is stored in <file_number>.ta
41 * @iv: Initialization vector of the authentication crypto
42 * @tag: Tag used to validate the authentication encrypted TA
43 * @key: Key used to decrypt the TA
44 */
45 struct tadb_entry {
46 struct tee_tadb_property prop;
47 uint32_t file_number;
48 uint8_t iv[TADB_IV_SIZE];
49 uint8_t tag[TADB_TAG_SIZE];
50 uint8_t key[TADB_KEY_SIZE];
51 };
52
53 struct tadb_header {
54 uint32_t opaque_len;
55 uint8_t opaque[];
56 };
57
58 struct tee_tadb_ta_write {
59 struct tee_tadb_dir *db;
60 int fd;
61 struct tadb_entry entry;
62 size_t pos;
63 void *ctx;
64 };
65
66 struct tee_tadb_ta_read {
67 struct tee_tadb_dir *db;
68 int fd;
69 struct tadb_entry entry;
70 size_t pos;
71 void *ctx;
72 struct mobj *ta_mobj;
73 uint8_t *ta_buf;
74 };
75
76 static const char tadb_obj_id[] = "ta.db";
77 static struct tee_tadb_dir *tadb_db;
78 static unsigned int tadb_db_refc;
79 static struct mutex tadb_mutex = MUTEX_INITIALIZER;
80
file_num_to_str(char * buf,size_t blen,uint32_t file_number)81 static void file_num_to_str(char *buf, size_t blen, uint32_t file_number)
82 {
83 int rc __maybe_unused = 0;
84
85 rc = snprintf(buf, blen, "%" PRIu32 ".ta", file_number);
86 assert(rc >= 0);
87 }
88
is_null_uuid(const TEE_UUID * uuid)89 static bool is_null_uuid(const TEE_UUID *uuid)
90 {
91 const TEE_UUID null_uuid = { 0 };
92
93 return !memcmp(uuid, &null_uuid, sizeof(*uuid));
94 }
95
ta_operation_open(unsigned int cmd,uint32_t file_number,int * fd)96 static TEE_Result ta_operation_open(unsigned int cmd, uint32_t file_number,
97 int *fd)
98 {
99 struct thread_param params[3] = { };
100 struct mobj *mobj = NULL;
101 TEE_Result res = TEE_SUCCESS;
102 void *va = NULL;
103
104 va = thread_rpc_shm_cache_alloc(THREAD_SHM_CACHE_USER_FS,
105 THREAD_SHM_TYPE_APPLICATION,
106 TEE_FS_NAME_MAX, &mobj);
107 if (!va)
108 return TEE_ERROR_OUT_OF_MEMORY;
109
110 file_num_to_str(va, TEE_FS_NAME_MAX, file_number);
111
112 params[0] = THREAD_PARAM_VALUE(IN, cmd, 0, 0);
113 params[1] = THREAD_PARAM_MEMREF(IN, mobj, 0, TEE_FS_NAME_MAX);
114 params[2] = THREAD_PARAM_VALUE(OUT, 0, 0, 0);
115
116 res = thread_rpc_cmd(OPTEE_RPC_CMD_FS, ARRAY_SIZE(params), params);
117 if (!res)
118 *fd = params[2].u.value.a;
119
120 return res;
121 }
122
ta_operation_remove(uint32_t file_number)123 static TEE_Result ta_operation_remove(uint32_t file_number)
124 {
125 struct thread_param params[2] = { };
126 struct mobj *mobj = NULL;
127 void *va = NULL;
128
129 va = thread_rpc_shm_cache_alloc(THREAD_SHM_CACHE_USER_FS,
130 THREAD_SHM_TYPE_APPLICATION,
131 TEE_FS_NAME_MAX, &mobj);
132 if (!va)
133 return TEE_ERROR_OUT_OF_MEMORY;
134
135 file_num_to_str(va, TEE_FS_NAME_MAX, file_number);
136
137 params[0] = THREAD_PARAM_VALUE(IN, OPTEE_RPC_FS_REMOVE, 0, 0);
138 params[1] = THREAD_PARAM_MEMREF(IN, mobj, 0, TEE_FS_NAME_MAX);
139
140 return thread_rpc_cmd(OPTEE_RPC_CMD_FS, ARRAY_SIZE(params), params);
141 }
142
maybe_grow_files(struct tee_tadb_dir * db,int idx)143 static TEE_Result maybe_grow_files(struct tee_tadb_dir *db, int idx)
144 {
145 void *p;
146
147 if (idx < db->nbits)
148 return TEE_SUCCESS;
149
150 p = realloc(db->files, bitstr_size(idx + 1));
151 if (!p)
152 return TEE_ERROR_OUT_OF_MEMORY;
153 db->files = p;
154
155 bit_nclear(db->files, db->nbits, idx);
156 db->nbits = idx + 1;
157
158 return TEE_SUCCESS;
159 }
160
set_file(struct tee_tadb_dir * db,int idx)161 static TEE_Result set_file(struct tee_tadb_dir *db, int idx)
162 {
163 TEE_Result res = maybe_grow_files(db, idx);
164
165 if (!res)
166 bit_set(db->files, idx);
167
168 return res;
169 }
170
clear_file(struct tee_tadb_dir * db,int idx)171 static void clear_file(struct tee_tadb_dir *db, int idx)
172 {
173 /*
174 * This is safe because db->nbits > 0 implies that
175 * db->files is non-NULL (see maybe_grow_files()).
176 */
177 if (idx < db->nbits)
178 bit_clear(db->files, idx);
179 }
180
test_file(struct tee_tadb_dir * db,int idx)181 static bool test_file(struct tee_tadb_dir *db, int idx)
182 {
183 /*
184 * This is safe because db->nbits > 0 implies that
185 * db->files is non-NULL (see maybe_grow_files()).
186 */
187 if (idx < db->nbits)
188 return bit_test(db->files, idx);
189
190 return false;
191 }
192
read_ent(struct tee_tadb_dir * db,size_t idx,struct tadb_entry * entry)193 static TEE_Result read_ent(struct tee_tadb_dir *db, size_t idx,
194 struct tadb_entry *entry)
195 {
196 size_t l = sizeof(*entry);
197 TEE_Result res = db->ops->read(db->fh, idx * l, entry, &l);
198
199 if (!res && l != sizeof(*entry))
200 return TEE_ERROR_ITEM_NOT_FOUND;
201
202 return res;
203 }
204
write_ent(struct tee_tadb_dir * db,size_t idx,const struct tadb_entry * entry)205 static TEE_Result write_ent(struct tee_tadb_dir *db, size_t idx,
206 const struct tadb_entry *entry)
207 {
208 const size_t l = sizeof(*entry);
209
210 return db->ops->write(db->fh, idx * l, entry, l);
211 }
212
tadb_open(struct tee_tadb_dir ** db_ret)213 static TEE_Result tadb_open(struct tee_tadb_dir **db_ret)
214 {
215 TEE_Result res;
216 struct tee_tadb_dir *db = calloc(1, sizeof(*db));
217 struct tee_pobj po = {
218 .obj_id = (void *)tadb_obj_id,
219 .obj_id_len = sizeof(tadb_obj_id)
220 };
221
222 if (!db)
223 return TEE_ERROR_OUT_OF_MEMORY;
224
225 db->ops = tee_svc_storage_file_ops(TEE_STORAGE_PRIVATE);
226
227 res = db->ops->open(&po, NULL, &db->fh);
228 if (res == TEE_ERROR_ITEM_NOT_FOUND)
229 res = db->ops->create(&po, false, NULL, 0, NULL, 0, NULL, 0,
230 &db->fh);
231
232 if (res)
233 free(db);
234 else
235 *db_ret = db;
236
237 return res;
238 }
239
tee_tadb_open(struct tee_tadb_dir ** db)240 static TEE_Result tee_tadb_open(struct tee_tadb_dir **db)
241 {
242 TEE_Result res = TEE_SUCCESS;
243
244 mutex_lock(&tadb_mutex);
245 if (!tadb_db_refc) {
246 assert(!tadb_db);
247 res = tadb_open(&tadb_db);
248 if (res)
249 goto err;
250 }
251 tadb_db_refc++;
252 *db = tadb_db;
253 err:
254 mutex_unlock(&tadb_mutex);
255 return res;
256 }
257
tadb_put(struct tee_tadb_dir * db)258 static void tadb_put(struct tee_tadb_dir *db)
259 {
260 assert(db == tadb_db);
261 mutex_lock(&tadb_mutex);
262 assert(tadb_db_refc);
263 tadb_db_refc--;
264 if (!tadb_db_refc) {
265 db->ops->close(&db->fh);
266 free(db->files);
267 free(db);
268 tadb_db = NULL;
269 }
270 mutex_unlock(&tadb_mutex);
271 }
272
tee_tadb_close(struct tee_tadb_dir * db)273 static void tee_tadb_close(struct tee_tadb_dir *db)
274 {
275 tadb_put(db);
276 }
277
tadb_authenc_init(TEE_OperationMode mode,const struct tadb_entry * entry,void ** ctx_ret)278 static TEE_Result tadb_authenc_init(TEE_OperationMode mode,
279 const struct tadb_entry *entry,
280 void **ctx_ret)
281 {
282 TEE_Result res;
283 void *ctx;
284 const size_t enc_size = entry->prop.custom_size + entry->prop.bin_size;
285
286 res = crypto_authenc_alloc_ctx(&ctx, TADB_AUTH_ENC_ALG);
287 if (res)
288 return res;
289
290 res = crypto_authenc_init(ctx, mode, entry->key, sizeof(entry->key),
291 entry->iv, sizeof(entry->iv),
292 sizeof(entry->tag), 0, enc_size);
293 if (res)
294 crypto_authenc_free_ctx(ctx);
295 else
296 *ctx_ret = ctx;
297
298 return res;
299 }
300
tadb_update_payload(void * ctx,TEE_OperationMode mode,const void * src,size_t len,void * dst)301 static TEE_Result tadb_update_payload(void *ctx, TEE_OperationMode mode,
302 const void *src, size_t len, void *dst)
303 {
304 TEE_Result res;
305 size_t sz = len;
306
307 res = crypto_authenc_update_payload(ctx, mode, (const uint8_t *)src,
308 len, dst, &sz);
309 assert(res || sz == len);
310 return res;
311 }
312
populate_files(struct tee_tadb_dir * db)313 static TEE_Result populate_files(struct tee_tadb_dir *db)
314 {
315 TEE_Result res;
316 size_t idx;
317
318 /*
319 * If db->files isn't NULL the bitfield is already populated and
320 * there's nothing left to do here for now.
321 */
322 if (db->nbits)
323 return TEE_SUCCESS;
324
325 /*
326 * Iterate over the TA database and set the bits in the bit field
327 * for used file numbers. Note that set_file() will allocate and
328 * grow the bitfield as needed.
329 *
330 * At the same time clean out duplicate file numbers, the first
331 * entry with the file number has precedence. Duplicate entries is
332 * not supposed to be able to happen, but if it still does better
333 * to clean it out here instead of letting the error spread with
334 * unexpected side effects.
335 */
336 for (idx = 0;; idx++) {
337 struct tadb_entry entry;
338
339 res = read_ent(db, idx, &entry);
340 if (res) {
341 if (res == TEE_ERROR_ITEM_NOT_FOUND)
342 return TEE_SUCCESS;
343 goto err;
344 }
345
346 if (is_null_uuid(&entry.prop.uuid))
347 continue;
348
349 if (test_file(db, entry.file_number)) {
350 IMSG("Clearing duplicate file number %" PRIu32,
351 entry.file_number);
352 memset(&entry, 0, sizeof(entry));
353 res = write_ent(db, idx, &entry);
354 if (res)
355 goto err;
356 continue;
357 }
358
359 res = set_file(db, entry.file_number);
360 if (res)
361 goto err;
362 }
363
364 err:
365 free(db->files);
366 db->files = NULL;
367 db->nbits = 0;
368
369 return res;
370 }
371
tee_tadb_ta_create(const struct tee_tadb_property * property,struct tee_tadb_ta_write ** ta_ret)372 TEE_Result tee_tadb_ta_create(const struct tee_tadb_property *property,
373 struct tee_tadb_ta_write **ta_ret)
374 {
375 TEE_Result res;
376 struct tee_tadb_ta_write *ta;
377 int i = 0;
378
379 if (is_null_uuid(&property->uuid))
380 return TEE_ERROR_GENERIC;
381
382 ta = calloc(1, sizeof(*ta));
383 if (!ta)
384 return TEE_ERROR_OUT_OF_MEMORY;
385
386 res = tee_tadb_open(&ta->db);
387 if (res)
388 goto err_free;
389
390 mutex_lock(&tadb_mutex);
391
392 /*
393 * Since we're going to search for next free file number below we
394 * need to populate the bitfield holding used file numbers.
395 */
396 res = populate_files(ta->db);
397 if (res)
398 goto err_mutex;
399
400 if (ta->db->files) {
401 bit_ffc(ta->db->files, ta->db->nbits, &i);
402 if (i == -1)
403 i = ta->db->nbits;
404 }
405
406 res = set_file(ta->db, i);
407 if (res)
408 goto err_mutex;
409
410 mutex_unlock(&tadb_mutex);
411
412 ta->entry.file_number = i;
413 ta->entry.prop = *property;
414
415 res = crypto_rng_read(ta->entry.iv, sizeof(ta->entry.iv));
416 if (res)
417 goto err_put;
418
419 res = crypto_rng_read(ta->entry.key, sizeof(ta->entry.key));
420 if (res)
421 goto err_put;
422
423 res = ta_operation_open(OPTEE_RPC_FS_CREATE, ta->entry.file_number,
424 &ta->fd);
425 if (res)
426 goto err_put;
427
428 res = tadb_authenc_init(TEE_MODE_ENCRYPT, &ta->entry, &ta->ctx);
429 if (res)
430 goto err_put;
431
432 *ta_ret = ta;
433
434 return TEE_SUCCESS;
435
436 err_mutex:
437 mutex_unlock(&tadb_mutex);
438 err_put:
439 tadb_put(ta->db);
440 err_free:
441 free(ta);
442
443 return res;
444 }
445
tee_tadb_ta_write(struct tee_tadb_ta_write * ta,const void * buf,size_t len)446 TEE_Result tee_tadb_ta_write(struct tee_tadb_ta_write *ta, const void *buf,
447 size_t len)
448 {
449 TEE_Result res;
450 const uint8_t *rb = buf;
451 size_t rl = len;
452 struct tee_fs_rpc_operation op;
453
454 while (rl) {
455 size_t wl = MIN(rl, TADB_MAX_BUFFER_SIZE);
456 void *wb;
457
458 res = tee_fs_rpc_write_init(&op, OPTEE_RPC_CMD_FS, ta->fd,
459 ta->pos, wl, &wb);
460 if (res)
461 return res;
462
463 res = tadb_update_payload(ta->ctx, TEE_MODE_ENCRYPT,
464 rb, wl, wb);
465 if (res)
466 return res;
467
468 res = tee_fs_rpc_write_final(&op);
469 if (res)
470 return res;
471
472 rl -= wl;
473 rb += wl;
474 ta->pos += wl;
475 }
476
477 return TEE_SUCCESS;
478 }
479
tee_tadb_ta_close_and_delete(struct tee_tadb_ta_write * ta)480 void tee_tadb_ta_close_and_delete(struct tee_tadb_ta_write *ta)
481 {
482 crypto_authenc_final(ta->ctx);
483 crypto_authenc_free_ctx(ta->ctx);
484 tee_fs_rpc_close(OPTEE_RPC_CMD_FS, ta->fd);
485 ta_operation_remove(ta->entry.file_number);
486
487 mutex_lock(&tadb_mutex);
488 clear_file(ta->db, ta->entry.file_number);
489 mutex_unlock(&tadb_mutex);
490
491 tadb_put(ta->db);
492 free(ta);
493 }
494
find_ent(struct tee_tadb_dir * db,const TEE_UUID * uuid,size_t * idx_ret,struct tadb_entry * entry_ret)495 static TEE_Result find_ent(struct tee_tadb_dir *db, const TEE_UUID *uuid,
496 size_t *idx_ret, struct tadb_entry *entry_ret)
497 {
498 TEE_Result res;
499 size_t idx;
500
501 /*
502 * Search for the provided uuid, if it's found return the index it
503 * has together with TEE_SUCCESS.
504 *
505 * If the uuid can't be found return the number indexes together
506 * with TEE_ERROR_ITEM_NOT_FOUND.
507 */
508 for (idx = 0;; idx++) {
509 struct tadb_entry entry;
510
511 res = read_ent(db, idx, &entry);
512 if (res) {
513 if (res == TEE_ERROR_ITEM_NOT_FOUND)
514 break;
515 return res;
516 }
517
518 if (!memcmp(&entry.prop.uuid, uuid, sizeof(*uuid))) {
519 if (entry_ret)
520 *entry_ret = entry;
521 break;
522 }
523 }
524
525 *idx_ret = idx;
526 return res;
527 }
528
find_free_ent_idx(struct tee_tadb_dir * db,size_t * idx)529 static TEE_Result find_free_ent_idx(struct tee_tadb_dir *db, size_t *idx)
530 {
531 const TEE_UUID null_uuid = { 0 };
532 TEE_Result res = find_ent(db, &null_uuid, idx, NULL);
533
534 /*
535 * Note that *idx is set to the number of entries on
536 * TEE_ERROR_ITEM_NOT_FOUND.
537 */
538 if (res == TEE_ERROR_ITEM_NOT_FOUND)
539 return TEE_SUCCESS;
540 return res;
541 }
542
tee_tadb_ta_close_and_commit(struct tee_tadb_ta_write * ta)543 TEE_Result tee_tadb_ta_close_and_commit(struct tee_tadb_ta_write *ta)
544 {
545 TEE_Result res;
546 size_t dsz = 0;
547 size_t sz = sizeof(ta->entry.tag);
548 size_t idx;
549 struct tadb_entry old_ent;
550 bool have_old_ent = false;
551
552 res = crypto_authenc_enc_final(ta->ctx, NULL, 0, NULL, &dsz,
553 ta->entry.tag, &sz);
554 if (res)
555 goto err;
556
557 tee_fs_rpc_close(OPTEE_RPC_CMD_FS, ta->fd);
558
559 mutex_lock(&tadb_mutex);
560 /*
561 * First try to find an existing TA to replace. If there's one
562 * we'll use the entry, but we should also remove the old encrypted
563 * file.
564 *
565 * If there isn't an existing TA to replace, grab a new entry.
566 */
567 res = find_ent(ta->db, &ta->entry.prop.uuid, &idx, &old_ent);
568 if (!res) {
569 have_old_ent = true;
570 } else {
571 res = find_free_ent_idx(ta->db, &idx);
572 if (res)
573 goto err_mutex;
574 }
575 res = write_ent(ta->db, idx, &ta->entry);
576 if (res)
577 goto err_mutex;
578 if (have_old_ent)
579 clear_file(ta->db, old_ent.file_number);
580 mutex_unlock(&tadb_mutex);
581
582 crypto_authenc_final(ta->ctx);
583 crypto_authenc_free_ctx(ta->ctx);
584 tadb_put(ta->db);
585 free(ta);
586 if (have_old_ent)
587 ta_operation_remove(old_ent.file_number);
588 return TEE_SUCCESS;
589
590 err_mutex:
591 mutex_unlock(&tadb_mutex);
592 err:
593 tee_tadb_ta_close_and_delete(ta);
594 return res;
595 }
596
tee_tadb_ta_delete(const TEE_UUID * uuid)597 TEE_Result tee_tadb_ta_delete(const TEE_UUID *uuid)
598 {
599 const struct tadb_entry null_entry = { { { 0 } } };
600 struct tee_tadb_dir *db;
601 struct tadb_entry entry;
602 size_t idx;
603 TEE_Result res;
604
605 if (is_null_uuid(uuid))
606 return TEE_ERROR_GENERIC;
607
608 res = tee_tadb_open(&db);
609 if (res)
610 return res;
611
612 mutex_lock(&tadb_mutex);
613 res = find_ent(db, uuid, &idx, &entry);
614 if (res) {
615 mutex_unlock(&tadb_mutex);
616 tee_tadb_close(db);
617 return res;
618 }
619
620 clear_file(db, entry.file_number);
621 res = write_ent(db, idx, &null_entry);
622 mutex_unlock(&tadb_mutex);
623
624 tee_tadb_close(db);
625 if (res)
626 return res;
627
628 ta_operation_remove(entry.file_number);
629 return TEE_SUCCESS;
630 }
631
tee_tadb_ta_open(const TEE_UUID * uuid,struct tee_tadb_ta_read ** ta_ret)632 TEE_Result tee_tadb_ta_open(const TEE_UUID *uuid,
633 struct tee_tadb_ta_read **ta_ret)
634 {
635 TEE_Result res = TEE_SUCCESS;
636 size_t idx = 0;
637 struct tee_tadb_ta_read *ta = NULL;
638
639 if (is_null_uuid(uuid))
640 return TEE_ERROR_GENERIC;
641
642 ta = calloc(1, sizeof(*ta));
643 if (!ta)
644 return TEE_ERROR_OUT_OF_MEMORY;
645
646 res = tee_tadb_open(&ta->db);
647 if (res)
648 goto err_free; /* Mustn't call tadb_put() */
649
650 mutex_read_lock(&tadb_mutex);
651 res = find_ent(ta->db, uuid, &idx, &ta->entry);
652 mutex_read_unlock(&tadb_mutex);
653 if (res)
654 goto err;
655
656 res = ta_operation_open(OPTEE_RPC_FS_OPEN, ta->entry.file_number,
657 &ta->fd);
658 if (res)
659 goto err;
660
661 res = tadb_authenc_init(TEE_MODE_DECRYPT, &ta->entry, &ta->ctx);
662 if (res)
663 goto err;
664
665 *ta_ret = ta;
666
667 return TEE_SUCCESS;
668 err:
669 tadb_put(ta->db);
670 err_free:
671 free(ta);
672 return res;
673 }
674
675 const struct tee_tadb_property *
tee_tadb_ta_get_property(struct tee_tadb_ta_read * ta)676 tee_tadb_ta_get_property(struct tee_tadb_ta_read *ta)
677 {
678 return &ta->entry.prop;
679 }
680
tee_tadb_get_tag(struct tee_tadb_ta_read * ta,uint8_t * tag,unsigned int * tag_len)681 TEE_Result tee_tadb_get_tag(struct tee_tadb_ta_read *ta, uint8_t *tag,
682 unsigned int *tag_len)
683 {
684 if (!tag || *tag_len < sizeof(ta->entry.tag)) {
685 *tag_len = sizeof(ta->entry.tag);
686 return TEE_ERROR_SHORT_BUFFER;
687 }
688 *tag_len = sizeof(ta->entry.tag);
689
690 memcpy(tag, ta->entry.tag, sizeof(ta->entry.tag));
691
692 return TEE_SUCCESS;
693 }
694
ta_load(struct tee_tadb_ta_read * ta)695 static TEE_Result ta_load(struct tee_tadb_ta_read *ta)
696 {
697 struct thread_param params[2] = { };
698 TEE_Result res;
699 const size_t sz = ta->entry.prop.custom_size + ta->entry.prop.bin_size;
700
701 if (ta->ta_mobj)
702 return TEE_SUCCESS;
703
704 ta->ta_mobj = thread_rpc_alloc_payload(sz);
705 if (!ta->ta_mobj)
706 return TEE_ERROR_OUT_OF_MEMORY;
707
708 ta->ta_buf = mobj_get_va(ta->ta_mobj, 0, sz);
709 assert(ta->ta_buf);
710
711 params[0] = THREAD_PARAM_VALUE(IN, OPTEE_RPC_FS_READ, ta->fd, 0);
712 params[1] = THREAD_PARAM_MEMREF(OUT, ta->ta_mobj, 0, sz);
713
714 res = thread_rpc_cmd(OPTEE_RPC_CMD_FS, ARRAY_SIZE(params), params);
715 if (res) {
716 thread_rpc_free_payload(ta->ta_mobj);
717 ta->ta_mobj = NULL;
718 }
719 return res;
720 }
721
tee_tadb_ta_read(struct tee_tadb_ta_read * ta,void * buf,size_t * len)722 TEE_Result tee_tadb_ta_read(struct tee_tadb_ta_read *ta, void *buf, size_t *len)
723 {
724 TEE_Result res;
725 const size_t sz = ta->entry.prop.custom_size + ta->entry.prop.bin_size;
726 size_t l = MIN(*len, sz - ta->pos);
727
728 res = ta_load(ta);
729 if (res)
730 return res;
731
732 if (buf) {
733 res = tadb_update_payload(ta->ctx, TEE_MODE_DECRYPT,
734 ta->ta_buf + ta->pos, l, buf);
735 if (res)
736 return res;
737 } else {
738 size_t num_bytes = 0;
739 size_t b_size = MIN(256U, l);
740 uint8_t *b = malloc(b_size);
741
742 if (!b)
743 return TEE_ERROR_OUT_OF_MEMORY;
744
745 while (num_bytes < l) {
746 size_t n = MIN(b_size, l - num_bytes);
747
748 res = tadb_update_payload(ta->ctx, TEE_MODE_DECRYPT,
749 ta->ta_buf + ta->pos +
750 num_bytes, n, b);
751 if (res)
752 break;
753 num_bytes += n;
754 }
755
756 free(b);
757 if (res)
758 return res;
759 }
760
761 ta->pos += l;
762 if (ta->pos == sz) {
763 size_t dl = 0;
764
765 res = crypto_authenc_dec_final(ta->ctx, NULL, 0, NULL, &dl,
766 ta->entry.tag, TADB_TAG_SIZE);
767 if (res)
768 return res;
769 }
770 *len = l;
771 return TEE_SUCCESS;
772 }
773
tee_tadb_ta_close(struct tee_tadb_ta_read * ta)774 void tee_tadb_ta_close(struct tee_tadb_ta_read *ta)
775 {
776 crypto_authenc_final(ta->ctx);
777 crypto_authenc_free_ctx(ta->ctx);
778 if (ta->ta_mobj)
779 thread_rpc_free_payload(ta->ta_mobj);
780 tee_fs_rpc_close(OPTEE_RPC_CMD_FS, ta->fd);
781 tadb_put(ta->db);
782 free(ta);
783 }
784