1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing,
12 // software distributed under the License is distributed on an
13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14 // KIND, either express or implied. See the License for the
15 // specific language governing permissions and limitations
16 // under the License.
17
18 #![no_std]
19 #![no_main]
20 #![feature(c_size_t)]
21
22 extern crate alloc;
23
24 use alloc::boxed::Box;
25 use optee_utee::{
26 ta_close_session, ta_create, ta_destroy, ta_invoke_command, ta_open_session, trace_println,
27 };
28 use optee_utee::{AlgorithmId, Mac};
29 use optee_utee::{AttributeId, AttributeMemref, TransientObject, TransientObjectType};
30 use optee_utee::{Error, ErrorKind, Parameters, Result};
31 use proto::Command;
32
33 pub const SHA1_HASH_SIZE: usize = 20;
34 pub const MAX_KEY_SIZE: usize = 64;
35 pub const MIN_KEY_SIZE: usize = 10;
36 pub const DBC2_MODULO: u32 = 1000000;
37
38 pub struct HmacOtp {
39 pub counter: [u8; 8],
40 pub key: [u8; MAX_KEY_SIZE],
41 pub key_len: usize,
42 }
43
44 impl Default for HmacOtp {
default() -> Self45 fn default() -> Self {
46 Self {
47 counter: [0u8; 8],
48 key: [0u8; MAX_KEY_SIZE],
49 key_len: 0,
50 }
51 }
52 }
53
54 #[ta_create]
create() -> Result<()>55 fn create() -> Result<()> {
56 trace_println!("[+] TA create");
57 Ok(())
58 }
59
60 #[ta_open_session]
open_session(_params: &mut Parameters, _sess_ctx: &mut HmacOtp) -> Result<()>61 fn open_session(_params: &mut Parameters, _sess_ctx: &mut HmacOtp) -> Result<()> {
62 trace_println!("[+] TA open session");
63 Ok(())
64 }
65
66 #[ta_close_session]
close_session(_sess_ctx: &mut HmacOtp)67 fn close_session(_sess_ctx: &mut HmacOtp) {
68 trace_println!("[+] TA close session");
69 }
70
71 #[ta_destroy]
destroy()72 fn destroy() {
73 trace_println!("[+] TA destroy");
74 }
75
76 #[ta_invoke_command]
invoke_command(sess_ctx: &mut HmacOtp, cmd_id: u32, params: &mut Parameters) -> Result<()>77 fn invoke_command(sess_ctx: &mut HmacOtp, cmd_id: u32, params: &mut Parameters) -> Result<()> {
78 trace_println!("[+] TA invoke command");
79 match Command::from(cmd_id) {
80 Command::RegisterSharedKey => {
81 return register_shared_key(sess_ctx, params);
82 }
83 Command::GetHOTP => {
84 return get_hotp(sess_ctx, params);
85 }
86 _ => {
87 return Err(Error::new(ErrorKind::BadParameters));
88 }
89 }
90 }
91
register_shared_key(hotp: &mut HmacOtp, params: &mut Parameters) -> Result<()>92 pub fn register_shared_key(hotp: &mut HmacOtp, params: &mut Parameters) -> Result<()> {
93 let mut p = unsafe { params.0.as_memref().unwrap() };
94 let buffer = p.buffer();
95 hotp.key_len = buffer.len();
96 hotp.key[..hotp.key_len].clone_from_slice(buffer);
97 Ok(())
98 }
99
get_hotp(hotp: &mut HmacOtp, params: &mut Parameters) -> Result<()>100 pub fn get_hotp(hotp: &mut HmacOtp, params: &mut Parameters) -> Result<()> {
101 let mut mac: [u8; SHA1_HASH_SIZE] = [0x0; SHA1_HASH_SIZE];
102
103 hmac_sha1(hotp, &mut mac)?;
104
105 for i in (0..hotp.counter.len()).rev() {
106 hotp.counter[i] += 1;
107 if hotp.counter[i] > 0 {
108 break;
109 }
110 }
111 let hotp_val = truncate(&mut mac);
112 let mut p = unsafe { params.0.as_value().unwrap() };
113 p.set_a(hotp_val);
114 Ok(())
115 }
116
hmac_sha1(hotp: &mut HmacOtp, out: &mut [u8]) -> Result<usize>117 pub fn hmac_sha1(hotp: &mut HmacOtp, out: &mut [u8]) -> Result<usize> {
118 if hotp.key_len < MIN_KEY_SIZE || hotp.key_len > MAX_KEY_SIZE {
119 return Err(Error::new(ErrorKind::BadParameters));
120 }
121
122 match Mac::allocate(AlgorithmId::HmacSha1, hotp.key_len * 8) {
123 Err(e) => return Err(e),
124 Ok(mac) => {
125 match TransientObject::allocate(TransientObjectType::HmacSha1, hotp.key_len * 8) {
126 Err(e) => return Err(e),
127 Ok(mut key_object) => {
128 //KEY size can be larger than hotp.key_len
129 let mut tmp_key = hotp.key.to_vec();
130 tmp_key.truncate(hotp.key_len);
131 let attr = AttributeMemref::from_ref(AttributeId::SecretValue, &tmp_key);
132 key_object.populate(&[attr.into()])?;
133 mac.set_key(&key_object)?;
134 }
135 }
136 mac.init(&[0u8; 0]);
137 mac.update(&hotp.counter);
138 let out_len = mac.compute_final(&[0u8; 0], out).unwrap();
139 Ok(out_len)
140 }
141 }
142 }
143
truncate(hmac_result: &mut [u8]) -> u32144 pub fn truncate(hmac_result: &mut [u8]) -> u32 {
145 let mut bin_code: u32;
146 let offset: usize = (hmac_result[19] & 0xf) as usize;
147
148 bin_code = ((hmac_result[offset] & 0x7f) as u32) << 24
149 | ((hmac_result[offset + 1] & 0xff) as u32) << 16
150 | ((hmac_result[offset + 2] & 0xff) as u32) << 8
151 | ((hmac_result[offset + 3] & 0xff) as u32);
152
153 bin_code %= DBC2_MODULO;
154 return bin_code;
155 }
156
157 // TA configurations
158 const TA_FLAGS: u32 = 0;
159 const TA_DATA_SIZE: u32 = 32 * 1024;
160 const TA_STACK_SIZE: u32 = 2 * 1024;
161 const TA_VERSION: &[u8] = b"0.1\0";
162 const TA_DESCRIPTION: &[u8] = b"This is an HOTP example.\0";
163 const EXT_PROP_VALUE_1: &[u8] = b"HOTP TA\0";
164 const EXT_PROP_VALUE_2: u32 = 0x0010;
165 const TRACE_LEVEL: i32 = 4;
166 const TRACE_EXT_PREFIX: &[u8] = b"TA\0";
167 const TA_FRAMEWORK_STACK_SIZE: u32 = 2048;
168
169 include!(concat!(env!("OUT_DIR"), "/user_ta_header.rs"));
170