1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements.  See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership.  The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License.  You may obtain a copy of the License at
8 //
9 //   http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing,
12 // software distributed under the License is distributed on an
13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14 // KIND, either express or implied.  See the License for the
15 // specific language governing permissions and limitations
16 // under the License.
17 
18 #![no_std]
19 #![no_main]
20 #![feature(c_size_t)]
21 
22 extern crate alloc;
23 
24 use alloc::boxed::Box;
25 use optee_utee::{
26     ta_close_session, ta_create, ta_destroy, ta_invoke_command, ta_open_session, trace_println,
27 };
28 use optee_utee::{AlgorithmId, Asymmetric, OperationMode};
29 use optee_utee::{Error, ErrorKind, Parameters, Result};
30 use optee_utee::{TransientObject, TransientObjectType};
31 use proto::Command;
32 
33 pub struct RsaCipher {
34     pub key: TransientObject,
35 }
36 
37 impl Default for RsaCipher {
default() -> Self38     fn default() -> Self {
39         Self {
40             key: TransientObject::null_object(),
41         }
42     }
43 }
44 
45 #[ta_create]
create() -> Result<()>46 fn create() -> Result<()> {
47     trace_println!("[+] TA create");
48     Ok(())
49 }
50 
51 #[ta_open_session]
open_session(_params: &mut Parameters, _sess_ctx: &mut RsaCipher) -> Result<()>52 fn open_session(_params: &mut Parameters, _sess_ctx: &mut RsaCipher) -> Result<()> {
53     trace_println!("[+] TA open session");
54     Ok(())
55 }
56 
57 #[ta_close_session]
close_session(_sess_ctx: &mut RsaCipher)58 fn close_session(_sess_ctx: &mut RsaCipher) {
59     trace_println!("[+] TA close session");
60 }
61 
62 #[ta_destroy]
destroy()63 fn destroy() {
64     trace_println!("[+] TA destroy");
65 }
66 
gen_key(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()>67 fn gen_key(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()> {
68     let key_size = unsafe { params.0.as_value().unwrap().a() };
69     rsa.key =
70         TransientObject::allocate(TransientObjectType::RsaKeypair, key_size as usize).unwrap();
71     rsa.key.generate_key(key_size as usize, &[])?;
72     Ok(())
73 }
74 
get_size(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()>75 fn get_size(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()> {
76     let key_info = rsa.key.info().unwrap();
77     unsafe {
78         params
79             .0
80             .as_value()
81             .unwrap()
82             .set_a((key_info.object_size() / 8) as u32)
83     };
84     Ok(())
85 }
86 
encrypt(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()>87 fn encrypt(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()> {
88     let key_info = rsa.key.info().unwrap();
89     let mut p0 = unsafe { params.0.as_memref().unwrap() };
90     let plain_text = p0.buffer();
91     let mut p1 = unsafe { params.1.as_memref().unwrap() };
92     match Asymmetric::allocate(
93         AlgorithmId::RsaesPkcs1V15,
94         OperationMode::Encrypt,
95         key_info.object_size(),
96     ) {
97         Err(e) => Err(e),
98         Ok(cipher) => {
99             cipher.set_key(&rsa.key)?;
100             match cipher.encrypt(&[], &plain_text) {
101                 Err(e) => Err(e),
102                 Ok(cipher_text) => Ok(p1.buffer().clone_from_slice(&cipher_text)),
103             }
104         }
105     }
106 }
107 
decrypt(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()>108 fn decrypt(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()> {
109     let key_info = rsa.key.info().unwrap();
110     let mut p0 = unsafe { params.0.as_memref().unwrap() };
111     let mut cipher_text = p0.buffer();
112     let mut p1 = unsafe { params.1.as_memref().unwrap() };
113     match Asymmetric::allocate(
114         AlgorithmId::RsaesPkcs1V15,
115         OperationMode::Decrypt,
116         key_info.object_size(),
117     ) {
118         Err(e) => Err(e),
119         Ok(cipher) => {
120             cipher.set_key(&rsa.key)?;
121             match cipher.decrypt(&mut [], &mut cipher_text) {
122                 Err(e) => Err(e),
123                 Ok(plain_text) => Ok(p1.buffer().clone_from_slice(&plain_text)),
124             }
125         }
126     }
127 }
128 
129 #[ta_invoke_command]
invoke_command(sess_ctx: &mut RsaCipher, cmd_id: u32, params: &mut Parameters) -> Result<()>130 fn invoke_command(sess_ctx: &mut RsaCipher, cmd_id: u32, params: &mut Parameters) -> Result<()> {
131     trace_println!("[+] TA invoke command");
132     match Command::from(cmd_id) {
133         Command::GenKey => gen_key(sess_ctx, params),
134         Command::GetSize => get_size(sess_ctx, params),
135         Command::Encrypt => encrypt(sess_ctx, params),
136         Command::Decrypt => decrypt(sess_ctx, params),
137         _ => Err(Error::new(ErrorKind::BadParameters)),
138     }
139 }
140 
141 // TA configurations
142 const TA_FLAGS: u32 = 0;
143 const TA_DATA_SIZE: u32 = 32 * 1024;
144 const TA_STACK_SIZE: u32 = 2 * 1024;
145 const TA_VERSION: &[u8] = b"0.1\0";
146 const TA_DESCRIPTION: &[u8] = b"Example of TA using asymmetric cipher.\0";
147 const EXT_PROP_VALUE_1: &[u8] = b"Acipher TA\0";
148 const EXT_PROP_VALUE_2: u32 = 0x0010;
149 const TRACE_LEVEL: i32 = 4;
150 const TRACE_EXT_PREFIX: &[u8] = b"TA\0";
151 const TA_FRAMEWORK_STACK_SIZE: u32 = 2048;
152 
153 include!(concat!(env!("OUT_DIR"), "/user_ta_header.rs"));
154