1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements.  See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership.  The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License.  You may obtain a copy of the License at
8 //
9 //   http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing,
12 // software distributed under the License is distributed on an
13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14 // KIND, either express or implied.  See the License for the
15 // specific language governing permissions and limitations
16 // under the License.
17 
18 #![no_main]
19 
20 use optee_utee::{
21     ta_close_session, ta_create, ta_destroy, ta_invoke_command, ta_open_session, trace_println,
22 };
23 use optee_utee::{AlgorithmId, OperationMode, AE};
24 use optee_utee::{AttributeId, AttributeMemref, TransientObject, TransientObjectType};
25 use optee_utee::{Error, ErrorKind, Parameters, Result};
26 use proto::{Command, Mode, AAD_LEN, BUFFER_SIZE, KEY_SIZE, TAG_LEN};
27 
28 pub const PAYLOAD_NUMBER: usize = 2;
29 
30 pub struct AEOp {
31     pub op: AE,
32 }
33 
34 impl Default for AEOp {
default() -> Self35     fn default() -> Self {
36         Self {
37             op: AE::null()
38         }
39     }
40 }
41 
42 #[ta_create]
create() -> Result<()>43 fn create() -> Result<()> {
44     trace_println!("[+] TA create");
45     Ok(())
46 }
47 
48 #[ta_open_session]
open_session(_params: &mut Parameters, _sess_ctx: &mut AEOp) -> Result<()>49 fn open_session(_params: &mut Parameters, _sess_ctx: &mut AEOp) -> Result<()> {
50     trace_println!("[+] TA open session");
51     Ok(())
52 }
53 
54 #[ta_close_session]
close_session(_sess_ctx: &mut AEOp)55 fn close_session(_sess_ctx: &mut AEOp) {
56     trace_println!("[+] TA close session");
57 }
58 
59 #[ta_destroy]
destroy()60 fn destroy() {
61     trace_println!("[+] TA destroy");
62 }
63 
64 #[ta_invoke_command]
invoke_command(sess_ctx: &mut AEOp, cmd_id: u32, params: &mut Parameters) -> Result<()>65 fn invoke_command(sess_ctx: &mut AEOp, cmd_id: u32, params: &mut Parameters) -> Result<()> {
66     trace_println!("[+] TA invoke command");
67     match Command::from(cmd_id) {
68         Command::Prepare => {
69             trace_println!("[+] TA prepare");
70             return prepare(sess_ctx, params);
71         }
72         Command::Update => {
73             trace_println!("[+] TA update");
74             return update(sess_ctx, params);
75         }
76         Command::EncFinal => {
77             trace_println!("[+] TA encrypt_final");
78             return encrypt_final(sess_ctx, params);
79         }
80         Command::DecFinal => {
81             trace_println!("[+] TA decrypt_final");
82             return decrypt_final(sess_ctx, params);
83         }
84         _ => {
85             return Err(Error::new(ErrorKind::BadParameters));
86         }
87     }
88 }
89 
prepare(ae: &mut AEOp, params: &mut Parameters) -> Result<()>90 pub fn prepare(ae: &mut AEOp, params: &mut Parameters) -> Result<()> {
91     let p0 = unsafe { params.0.as_value().unwrap() };
92     let mut p1 = unsafe { params.1.as_memref().unwrap() };
93     let mut p2 = unsafe { params.2.as_memref().unwrap() };
94     let mut p3 = unsafe { params.3.as_memref().unwrap() };
95     let mode = match Mode::from(p0.a()) {
96         Mode::Encrypt => OperationMode::Encrypt,
97         Mode::Decrypt => OperationMode::Decrypt,
98         _ => OperationMode::IllegalValue,
99     };
100     let nonce = p1.buffer();
101     let key = p2.buffer();
102     let aad = p3.buffer();
103 
104     ae.op = AE::allocate(AlgorithmId::AesCcm, mode, KEY_SIZE * 8).unwrap();
105 
106     let mut key_object = TransientObject::allocate(TransientObjectType::Aes, KEY_SIZE * 8).unwrap();
107     let attr = AttributeMemref::from_ref(AttributeId::SecretValue, key);
108     key_object.populate(&[attr.into()])?;
109     ae.op.set_key(&key_object)?;
110     ae.op
111         .init(&nonce, TAG_LEN * 8, AAD_LEN, BUFFER_SIZE * PAYLOAD_NUMBER)?;
112     ae.op.update_aad(aad);
113     Ok(())
114 }
115 
update(digest: &mut AEOp, params: &mut Parameters) -> Result<()>116 pub fn update(digest: &mut AEOp, params: &mut Parameters) -> Result<()> {
117     let mut p0 = unsafe { params.0.as_memref().unwrap() };
118     let mut p1 = unsafe { params.1.as_memref().unwrap() };
119     let src = p0.buffer();
120     let res = p1.buffer();
121     digest.op.update(src, res)?;
122     Ok(())
123 }
124 
encrypt_final(digest: &mut AEOp, params: &mut Parameters) -> Result<()>125 pub fn encrypt_final(digest: &mut AEOp, params: &mut Parameters) -> Result<()> {
126     let mut p0 = unsafe { params.0.as_memref().unwrap() };
127     let mut p1 = unsafe { params.1.as_memref().unwrap() };
128     let mut p2 = unsafe { params.2.as_memref().unwrap() };
129 
130     let mut clear = vec![0; p0.buffer().len() as usize];
131     clear.copy_from_slice(p0.buffer());
132     let mut ciph = vec![0; p1.buffer().len() as usize];
133     ciph.copy_from_slice(p1.buffer());
134     let mut tag = vec![0; p2.buffer().len() as usize];
135     tag.copy_from_slice(p2.buffer());
136 
137     match digest.op.encrypt_final(&clear, &mut ciph, &mut tag) {
138 
139         Err(e) => Err(e),
140         Ok((_ciph_len, _tag_len)) => {
141             p0.buffer().copy_from_slice(&clear);
142             p1.buffer().copy_from_slice(&ciph);
143             p2.buffer().copy_from_slice(&tag);
144 
145             Ok(())
146         },
147     }
148 }
149 
decrypt_final(digest: &mut AEOp, params: &mut Parameters) -> Result<()>150 pub fn decrypt_final(digest: &mut AEOp, params: &mut Parameters) -> Result<()> {
151     let mut p0 = unsafe { params.0.as_memref().unwrap() };
152     let mut p1 = unsafe { params.1.as_memref().unwrap() };
153     let mut p2 = unsafe { params.2.as_memref().unwrap() };
154 
155     let mut clear = vec![0; p0.buffer().len() as usize];
156     clear.copy_from_slice(p0.buffer());
157     let mut ciph = vec![0; p1.buffer().len() as usize];
158     ciph.copy_from_slice(p1.buffer());
159     let mut tag = vec![0; p2.buffer().len() as usize];
160     tag.copy_from_slice(p2.buffer());
161 
162     match digest.op.decrypt_final(&clear, &mut ciph, &tag) {
163         Err(e) => Err(e),
164         Ok(_clear_len) => {
165             p0.buffer().copy_from_slice(&clear);
166             p1.buffer().copy_from_slice(&ciph);
167             p2.buffer().copy_from_slice(&tag);
168 
169             Ok(())
170         },
171     }
172 }
173 
174 // TA configurations
175 const TA_FLAGS: u32 = 0;
176 const TA_DATA_SIZE: u32 = 32 * 1024;
177 const TA_STACK_SIZE: u32 = 2 * 1024;
178 const TA_VERSION: &[u8] = b"0.1\0";
179 const TA_DESCRIPTION: &[u8] = b"This is an authentication encryption example.\0";
180 const EXT_PROP_VALUE_1: &[u8] = b"AE TA\0";
181 const EXT_PROP_VALUE_2: u32 = 0x0010;
182 const TRACE_LEVEL: i32 = 4;
183 const TRACE_EXT_PREFIX: &[u8] = b"TA\0";
184 const TA_FRAMEWORK_STACK_SIZE: u32 = 2048;
185 
186 include!(concat!(env!("OUT_DIR"), "/user_ta_header.rs"));
187