1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements.  See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership.  The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License.  You may obtain a copy of the License at
8 //
9 //   http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing,
12 // software distributed under the License is distributed on an
13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14 // KIND, either express or implied.  See the License for the
15 // specific language governing permissions and limitations
16 // under the License.
17 
18 #![no_std]
19 #![no_main]
20 #![feature(c_size_t)]
21 
22 extern crate alloc;
23 
24 use alloc::vec;
25 use alloc::boxed::Box;
26 use optee_utee::{
27     ta_close_session, ta_create, ta_destroy, ta_invoke_command, ta_open_session, trace_println,
28 };
29 use optee_utee::{is_algorithm_supported};
30 use optee_utee::{AlgorithmId, ElementId, Cipher, OperationMode};
31 use optee_utee::{AttributeId, AttributeMemref, TransientObject, TransientObjectType};
32 use optee_utee::{Error, ErrorKind, Parameters, Result};
33 use proto::{Algo, Command, KeySize, Mode};
34 
35 pub struct AesCipher {
36     pub key_size: usize,
37     pub cipher: Cipher,
38     pub key_object: TransientObject,
39 }
40 
41 impl Default for AesCipher {
default() -> Self42     fn default() -> Self {
43         Self {
44             key_size: 0,
45             cipher: Cipher::null(),
46             key_object: TransientObject::null_object(),
47         }
48     }
49 }
50 
51 #[ta_create]
create() -> Result<()>52 fn create() -> Result<()> {
53     trace_println!("[+] TA create");
54     Ok(())
55 }
56 
57 #[ta_open_session]
open_session(_params: &mut Parameters, _sess_ctx: &mut AesCipher) -> Result<()>58 fn open_session(_params: &mut Parameters, _sess_ctx: &mut AesCipher) -> Result<()> {
59     trace_println!("[+] TA open session");
60     Ok(())
61 }
62 
63 #[ta_close_session]
close_session(_sess_ctx: &mut AesCipher)64 fn close_session(_sess_ctx: &mut AesCipher) {
65     trace_println!("[+] TA close session");
66 }
67 
68 #[ta_destroy]
destroy()69 fn destroy() {
70     trace_println!("[+] TA destory");
71 }
72 
73 #[ta_invoke_command]
invoke_command(sess_ctx: &mut AesCipher, cmd_id: u32, params: &mut Parameters) -> Result<()>74 fn invoke_command(sess_ctx: &mut AesCipher, cmd_id: u32, params: &mut Parameters) -> Result<()> {
75     trace_println!("[+] TA invoke command");
76     match Command::from(cmd_id) {
77         Command::Prepare => {
78             return alloc_resources(sess_ctx, params);
79         }
80         Command::SetKey => {
81             return set_aes_key(sess_ctx, params);
82         }
83         Command::SetIV => {
84             return reset_aes_iv(sess_ctx, params);
85         }
86         Command::Cipher => {
87             return cipher_buffer(sess_ctx, params);
88         }
89         _ => {
90             return Err(Error::new(ErrorKind::BadParameters));
91         }
92     }
93 }
94 
ta2tee_algo_id(algo_id: u32) -> Result<AlgorithmId>95 pub fn ta2tee_algo_id(algo_id: u32) -> Result<AlgorithmId> {
96     match Algo::from(algo_id) {
97         Algo::ECB => Ok(AlgorithmId::AesEcbNopad),
98         Algo::CBC => Ok(AlgorithmId::AesCbcNopad),
99         Algo::CTR => Ok(AlgorithmId::AesCtr),
100         _ => Err(Error::new(ErrorKind::BadParameters)),
101     }
102 }
103 
ta2tee_key_size(key_sz: u32) -> Result<usize>104 pub fn ta2tee_key_size(key_sz: u32) -> Result<usize> {
105     match KeySize::from(key_sz) {
106         KeySize::Bit128 | KeySize::Bit256 => Ok(key_sz as usize),
107         _ => Err(Error::new(ErrorKind::BadParameters)),
108     }
109 }
110 
ta2tee_mode_id(mode: u32) -> Result<OperationMode>111 pub fn ta2tee_mode_id(mode: u32) -> Result<OperationMode> {
112     match Mode::from(mode) {
113         Mode::Encode => Ok(OperationMode::Encrypt),
114         Mode::Decode => Ok(OperationMode::Decrypt),
115         _ => Err(Error::new(ErrorKind::BadParameters)),
116     }
117 }
118 
alloc_resources(aes: &mut AesCipher, params: &mut Parameters) -> Result<()>119 pub fn alloc_resources(aes: &mut AesCipher, params: &mut Parameters) -> Result<()> {
120     let algo_value = unsafe { params.0.as_value().unwrap().a() };
121     let key_size_value = unsafe { params.1.as_value().unwrap().a() };
122     let mode_id_value = unsafe { params.2.as_value().unwrap().a() };
123 
124     aes.key_size = ta2tee_key_size(key_size_value).unwrap();
125 
126     // check whether the algorithm is supported
127     is_algorithm_supported(ta2tee_algo_id(algo_value).unwrap() as u32, ElementId::ElementNone as u32)?;
128 
129     aes.cipher = Cipher::allocate(
130         ta2tee_algo_id(algo_value).unwrap(),
131         ta2tee_mode_id(mode_id_value).unwrap(),
132         aes.key_size * 8,
133     )
134     .unwrap();
135     aes.key_object = TransientObject::allocate(TransientObjectType::Aes, aes.key_size * 8).unwrap();
136     let key = vec![0u8; aes.key_size as usize];
137     let attr = AttributeMemref::from_ref(AttributeId::SecretValue, &key);
138     aes.key_object.populate(&[attr.into()])?;
139     aes.cipher.set_key(&aes.key_object)?;
140     Ok(())
141 }
142 
set_aes_key(aes: &mut AesCipher, params: &mut Parameters) -> Result<()>143 pub fn set_aes_key(aes: &mut AesCipher, params: &mut Parameters) -> Result<()> {
144     let mut param0 = unsafe { params.0.as_memref().unwrap() };
145     let key = param0.buffer();
146 
147     if key.len() != aes.key_size {
148         trace_println!("[+] Get wrong key size !\n");
149         return Err(Error::new(ErrorKind::BadParameters));
150     }
151 
152     let attr = AttributeMemref::from_ref(AttributeId::SecretValue, &key);
153 
154     aes.key_object.reset();
155     aes.key_object.populate(&[attr.into()])?;
156 
157     aes.cipher.set_key(&aes.key_object)?;
158     Ok(())
159 }
160 
reset_aes_iv(aes: &mut AesCipher, params: &mut Parameters) -> Result<()>161 pub fn reset_aes_iv(aes: &mut AesCipher, params: &mut Parameters) -> Result<()> {
162     let mut param0 = unsafe { params.0.as_memref().unwrap() };
163     let iv = param0.buffer();
164 
165     aes.cipher.init(iv);
166 
167     trace_println!("[+] TA initial vectore reset done!");
168     Ok(())
169 }
170 
cipher_buffer(aes: &mut AesCipher, params: &mut Parameters) -> Result<()>171 pub fn cipher_buffer(aes: &mut AesCipher, params: &mut Parameters) -> Result<()> {
172     let mut param0 = unsafe { params.0.as_memref().unwrap() };
173     let mut param1 = unsafe { params.1.as_memref().unwrap() };
174 
175     let input = param0.buffer();
176     let output = param1.buffer();
177 
178     if output.len() < input.len() {
179         return Err(Error::new(ErrorKind::BadParameters));
180     }
181 
182     trace_println!("[+] TA tries to update ciphers!");
183 
184     let tmp_size = aes.cipher.update(input, output).unwrap();
185     param1.set_updated_size(tmp_size);
186     Ok(())
187 }
188 
189 const TA_FLAGS: u32 = 0;
190 const TA_STACK_SIZE: u32 = 2 * 1024;
191 const TA_DATA_SIZE: u32 = 1 * 1024 * 1024;
192 const TA_VERSION: &[u8] = b"Undefined version\0";
193 const TA_DESCRIPTION: &[u8] = b"This is an AES example\0";
194 const EXT_PROP_VALUE_1: &[u8] = b"AES TA\0";
195 const EXT_PROP_VALUE_2: u32 = 0x0010;
196 const TRACE_LEVEL: i32 = 4;
197 const TRACE_EXT_PREFIX: &[u8] = b"TA\0";
198 const TA_FRAMEWORK_STACK_SIZE: u32 = 2048;
199 
200 include!(concat!(env!("OUT_DIR"), "/user_ta_header.rs"));
201