1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements.  See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership.  The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License.  You may obtain a copy of the License at
8 //
9 //   http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing,
12 // software distributed under the License is distributed on an
13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14 // KIND, either express or implied.  See the License for the
15 // specific language governing permissions and limitations
16 // under the License.
17 
18 #![no_main]
19 
20 use optee_utee::{
21     ta_close_session, ta_create, ta_destroy, ta_invoke_command, ta_open_session, trace_println,
22 };
23 use optee_utee::{is_algorithm_supported};
24 use optee_utee::{AlgorithmId, ElementId, Cipher, OperationMode};
25 use optee_utee::{AttributeId, AttributeMemref, TransientObject, TransientObjectType};
26 use optee_utee::{Error, ErrorKind, Parameters, Result};
27 use proto::{Algo, Command, KeySize, Mode};
28 use std::boxed::Box;
29 
30 pub struct AesCipher {
31     pub key_size: usize,
32     pub cipher: Cipher,
33     pub key_object: TransientObject,
34 }
35 
36 impl Default for AesCipher {
default() -> Self37     fn default() -> Self {
38         Self {
39             key_size: 0,
40             cipher: Cipher::null(),
41             key_object: TransientObject::null_object(),
42         }
43     }
44 }
45 
46 #[ta_create]
create() -> Result<()>47 fn create() -> Result<()> {
48     trace_println!("[+] TA create");
49     Ok(())
50 }
51 
52 #[ta_open_session]
open_session(_params: &mut Parameters, _sess_ctx: &mut AesCipher) -> Result<()>53 fn open_session(_params: &mut Parameters, _sess_ctx: &mut AesCipher) -> Result<()> {
54     trace_println!("[+] TA open session");
55     Ok(())
56 }
57 
58 #[ta_close_session]
close_session(_sess_ctx: &mut AesCipher)59 fn close_session(_sess_ctx: &mut AesCipher) {
60     trace_println!("[+] TA close session");
61 }
62 
63 #[ta_destroy]
destroy()64 fn destroy() {
65     trace_println!("[+] TA destory");
66 }
67 
68 #[ta_invoke_command]
invoke_command(sess_ctx: &mut AesCipher, cmd_id: u32, params: &mut Parameters) -> Result<()>69 fn invoke_command(sess_ctx: &mut AesCipher, cmd_id: u32, params: &mut Parameters) -> Result<()> {
70     trace_println!("[+] TA invoke command");
71     match Command::from(cmd_id) {
72         Command::Prepare => {
73             return alloc_resources(sess_ctx, params);
74         }
75         Command::SetKey => {
76             return set_aes_key(sess_ctx, params);
77         }
78         Command::SetIV => {
79             return reset_aes_iv(sess_ctx, params);
80         }
81         Command::Cipher => {
82             return cipher_buffer(sess_ctx, params);
83         }
84         _ => {
85             return Err(Error::new(ErrorKind::BadParameters));
86         }
87     }
88 }
89 
ta2tee_algo_id(algo_id: u32) -> Result<AlgorithmId>90 pub fn ta2tee_algo_id(algo_id: u32) -> Result<AlgorithmId> {
91     match Algo::from(algo_id) {
92         Algo::ECB => Ok(AlgorithmId::AesEcbNopad),
93         Algo::CBC => Ok(AlgorithmId::AesCbcNopad),
94         Algo::CTR => Ok(AlgorithmId::AesCtr),
95         _ => Err(Error::new(ErrorKind::BadParameters)),
96     }
97 }
98 
ta2tee_key_size(key_sz: u32) -> Result<usize>99 pub fn ta2tee_key_size(key_sz: u32) -> Result<usize> {
100     match KeySize::from(key_sz) {
101         KeySize::Bit128 | KeySize::Bit256 => Ok(key_sz as usize),
102         _ => Err(Error::new(ErrorKind::BadParameters)),
103     }
104 }
105 
ta2tee_mode_id(mode: u32) -> Result<OperationMode>106 pub fn ta2tee_mode_id(mode: u32) -> Result<OperationMode> {
107     match Mode::from(mode) {
108         Mode::Encode => Ok(OperationMode::Encrypt),
109         Mode::Decode => Ok(OperationMode::Decrypt),
110         _ => Err(Error::new(ErrorKind::BadParameters)),
111     }
112 }
113 
alloc_resources(aes: &mut AesCipher, params: &mut Parameters) -> Result<()>114 pub fn alloc_resources(aes: &mut AesCipher, params: &mut Parameters) -> Result<()> {
115     let algo_value = unsafe { params.0.as_value().unwrap().a() };
116     let key_size_value = unsafe { params.1.as_value().unwrap().a() };
117     let mode_id_value = unsafe { params.2.as_value().unwrap().a() };
118 
119     aes.key_size = ta2tee_key_size(key_size_value).unwrap();
120 
121     // check whether the algorithm is supported
122     is_algorithm_supported(ta2tee_algo_id(algo_value).unwrap() as u32, ElementId::ElementNone as u32)?;
123 
124     aes.cipher = Cipher::allocate(
125         ta2tee_algo_id(algo_value).unwrap(),
126         ta2tee_mode_id(mode_id_value).unwrap(),
127         aes.key_size * 8,
128     )
129     .unwrap();
130     aes.key_object = TransientObject::allocate(TransientObjectType::Aes, aes.key_size * 8).unwrap();
131     let key = vec![0u8; aes.key_size as usize];
132     let attr = AttributeMemref::from_ref(AttributeId::SecretValue, &key);
133     aes.key_object.populate(&[attr.into()])?;
134     aes.cipher.set_key(&aes.key_object)?;
135     Ok(())
136 }
137 
set_aes_key(aes: &mut AesCipher, params: &mut Parameters) -> Result<()>138 pub fn set_aes_key(aes: &mut AesCipher, params: &mut Parameters) -> Result<()> {
139     let mut param0 = unsafe { params.0.as_memref().unwrap() };
140     let key = param0.buffer();
141 
142     if key.len() != aes.key_size {
143         trace_println!("[+] Get wrong key size !\n");
144         return Err(Error::new(ErrorKind::BadParameters));
145     }
146 
147     let attr = AttributeMemref::from_ref(AttributeId::SecretValue, &key);
148 
149     aes.key_object.reset();
150     aes.key_object.populate(&[attr.into()])?;
151 
152     aes.cipher.set_key(&aes.key_object)?;
153     Ok(())
154 }
155 
reset_aes_iv(aes: &mut AesCipher, params: &mut Parameters) -> Result<()>156 pub fn reset_aes_iv(aes: &mut AesCipher, params: &mut Parameters) -> Result<()> {
157     let mut param0 = unsafe { params.0.as_memref().unwrap() };
158     let iv = param0.buffer();
159 
160     aes.cipher.init(iv);
161 
162     trace_println!("[+] TA initial vectore reset done!");
163     Ok(())
164 }
165 
cipher_buffer(aes: &mut AesCipher, params: &mut Parameters) -> Result<()>166 pub fn cipher_buffer(aes: &mut AesCipher, params: &mut Parameters) -> Result<()> {
167     let mut param0 = unsafe { params.0.as_memref().unwrap() };
168     let mut param1 = unsafe { params.1.as_memref().unwrap() };
169 
170     let input = param0.buffer();
171     let output = param1.buffer();
172 
173     if output.len() < input.len() {
174         return Err(Error::new(ErrorKind::BadParameters));
175     }
176 
177     trace_println!("[+] TA tries to update ciphers!");
178 
179     let tmp_size = aes.cipher.update(input, output).unwrap();
180     param1.set_updated_size(tmp_size);
181     Ok(())
182 }
183 
184 const TA_FLAGS: u32 = 0;
185 const TA_STACK_SIZE: u32 = 2 * 1024;
186 const TA_DATA_SIZE: u32 = 1 * 1024 * 1024;
187 const TA_VERSION: &[u8] = b"Undefined version\0";
188 const TA_DESCRIPTION: &[u8] = b"This is an AES example\0";
189 const EXT_PROP_VALUE_1: &[u8] = b"AES TA\0";
190 const EXT_PROP_VALUE_2: u32 = 0x0010;
191 const TRACE_LEVEL: i32 = 4;
192 const TRACE_EXT_PREFIX: &[u8] = b"TA\0";
193 const TA_FRAMEWORK_STACK_SIZE: u32 = 2048;
194 
195 include!(concat!(env!("OUT_DIR"), "/user_ta_header.rs"));
196