2 * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 using System.Collections.Generic;
19 using System.Threading;
20 using System.Threading.Tasks;
22 namespace Tizen.Security.TEEC
25 /// This type denotes Session Login Method used in OpenSession
27 /// <since_tizen> 4 </since_tizen>
28 public class LoginMethod
30 /// <summary>No login data is provided.</summary>
31 public const uint Public = 0x00000000;
32 /// <summary>Login data about the user running the Client Application process is provided.</summary>
33 public const uint User = 0x00000001;
34 /// <summary>Login data about the group running the Client Application process is provided.</summary>
35 public const uint Group = 0x00000002;
36 /// <summary>Login data about the running Client Application itself is provided.</summary>
37 public const uint Application = 0x00000003;
41 /// This type denotes Value parameter
43 /// <since_tizen> 4 </since_tizen>
44 public enum TEFValueType : UInt32
46 /// <summary>The Parameter is a ValueType tagged as input.</summary>
48 /// <summary>The Parameter is a ValueType tagged as output.</summary>
50 /// <summary>The Parameter is a ValueType tagged as both as input and output.</summary>
55 /// This type denotes TempMemoryReference parameter
56 /// describing a region of memory which needs to be temporarily registered for the duration of the operation.
58 /// <since_tizen> 4 </since_tizen>
59 public enum TEFTempMemoryType : UInt32
61 /// <summary>The Parameter is a TempMemoryType and is tagged as input.</summary>
63 /// <summary>Same as Input, but the Memory Reference is tagged as output.</summary>
65 /// <summary>A Temporary Memory Reference tagged as both input and output.</summary>
70 /// This type denotes SharedMemoryReference parameter
72 /// <since_tizen> 4 </since_tizen>
73 public enum TEFRegisteredMemoryType : UInt32
75 /// <summary>The Parameter is a Registered Memory Reference that refers to the entirety of its parent Shared Memory block.</summary>
77 /// <summary>A Registered Memory Reference structure that refers to a partial region of its parent Shared Memory block and is tagged as input.</summary>
78 PartialInput = 0x0000000D,
79 /// <summary>A Registered Memory Reference structure that refers to a partial region of its parent Shared Memory block and is tagged as output.</summary>
80 PartialOutput = 0x0000000E,
81 /// <summary>A Registered Memory Reference structure that refers to a partial region of its parent Shared Memory block and is tagged as both input and output.</summary>
82 PartialInOut = 0x0000000F,
86 /// This type denotes SharedMemory access direction
88 /// <since_tizen> 4 </since_tizen>
90 public enum SharedMemoryFlags : UInt32
92 /// <summary>A flag indicates Shared Memory can be read.</summary>
94 /// <summary>A flag indicates Shared Memory can be written.</summary>
99 /// This type denotes a Shared Memory block which has either been registered
100 /// with the implementation or allocated by it.
102 /// <since_tizen> 4 </since_tizen>
103 public sealed class SharedMemory
105 internal Interop.TEEC_SharedMemory shm;
106 internal SharedMemory(Interop.TEEC_SharedMemory shm)
111 /// This property represents shared memory size in bytes.
113 /// <since_tizen> 4 </since_tizen>
116 get { return shm.size; }
119 /// This property represents start address of shared memory block.
121 /// <since_tizen> 4 </since_tizen>
122 public IntPtr Address
124 get { return shm.buffer; }
128 /// This function makes a copy and is designed for convenient operations on small buffers.
129 /// For large buffers direct address should be used.
131 /// <since_tizen> 4 </since_tizen>
132 /// <param name="data">Source data buffer to copy data from</param>
133 /// <param name="dstOffs">Starting offset in source shared memory</param>
134 public void SetData(byte[] data, int dstOffs)
136 //TODO copy data into shared memory starting at given offset
139 /// This function makes a copy and is designed for convenient operations on small buffers.
140 /// For large buffers direct address should be used.
142 /// <since_tizen> 4 </since_tizen>
143 /// <param name="data">Destination data buffer to copy data into</param>
144 /// <param name="dstOffs">Starting offset in destination shared memory</param>
145 public void GetData(byte[] data, int srcOffs)
147 //TODO copy data from shared memory starting at given offset
152 /// This type defines the payload of either an open Session operation or an invoke Command operation. It is
153 /// also used for cancellation of operations, which may be desirable even if no payload is passed.
154 /// Parameters are used to exchange data between CA and TA
156 /// <since_tizen> 4 </since_tizen>
157 public abstract class Parameter
159 internal Parameter(uint t)
163 internal uint NativeType { get; }
167 /// This type defines a template for parameter types.
169 /// <since_tizen> 4 </since_tizen>
170 public abstract class BaseParameter<TEnum> : Parameter where TEnum : struct, IComparable, IFormattable, IConvertible // as close to Enum as possible
172 internal BaseParameter(TEnum t) : base((uint)(object)t)
178 /// This property represents access type to this parameter.
180 /// <since_tizen> 4 </since_tizen>
181 public TEnum Type { get; }
185 /// This type defines a temporary memory reference.
187 /// <since_tizen> 4 </since_tizen>
188 public sealed class TempMemoryReference : BaseParameter<TEFTempMemoryType>
191 /// Constructs Prameter object which holds info about temporary memory copied to/from TA
193 /// <since_tizen> 4 </since_tizen>
194 /// <param name="buffer">Address of allocated memory buffer</param>
195 /// <param name="size">Size of the buffer</param>
196 /// <param name="type">Kind of access allowed for TA <see cref="TEFTempMemoryType"/></param>
197 public TempMemoryReference(IntPtr buffer, uint size, TEFTempMemoryType type) :
200 this.Buffer = buffer;
204 /// This property represents memory address of buffer.
206 /// <since_tizen> 4 </since_tizen>
207 public IntPtr Buffer { get; }
209 /// This property represents size of buffer.
211 /// <since_tizen> 4 </since_tizen>
212 public uint Size { get; }
216 /// This type defines a memory reference that uses a pre-registered or pre-allocated Shared Memory block.
218 /// <since_tizen> 4 </since_tizen>
219 public sealed class RegisteredMemoryReference : BaseParameter<TEFRegisteredMemoryType>
222 /// Constructs Prameter object which holds info about registered memory shared with TA
224 /// <since_tizen> 4 </since_tizen>
225 /// <param name="parent">Shared memory - registered or allocated</param>
226 /// <param name="size">Size of the buffer part</param>
227 /// <param name="offset">Offset of buffer in shared memory</param>
228 /// <param name="type">Kind of access allowed for TA <see cref="TEFRegisteredMemoryType"/></param>
229 public RegisteredMemoryReference(SharedMemory parent, uint size, uint offset, TEFRegisteredMemoryType type) :
232 this.Parent = parent;
234 this.Offset = offset;
237 /// This property represents SharedMemory that is referred to.
239 /// <since_tizen> 4 </since_tizen>
240 public SharedMemory Parent { get; }
242 /// This property represents size (in bytes) of SharedMemory.
244 /// <since_tizen> 4 </since_tizen>
245 public uint Size { get; }
247 /// This property represents offset (in bytes) from the begin of SharedMemory.
249 /// <since_tizen> 4 </since_tizen>
250 public uint Offset { get; }
254 /// This type defines a parameter that is not referencing shared memory, but carries instead small raw data
257 /// <since_tizen> 4 </since_tizen>
258 public sealed class Value : BaseParameter<TEFValueType>
261 /// Constructs Prameter object which holds info about int values copied to/from TA
263 /// <since_tizen> 4 </since_tizen>
264 /// <param name="a">User paramter A</param>
265 /// <param name="b">User paramter B</param>
266 /// <param name="type">Kind of access allowed for TA <see cref="TEFValueType"/></param>
267 public Value(uint a, uint b, TEFValueType type) :
274 /// This property represents unsigned integer A.
276 /// <since_tizen> 4 </since_tizen>
277 public uint A { get; }
279 /// This property represents unsigned integer B.
281 /// <since_tizen> 4 </since_tizen>
282 public uint B { get; }
287 /// This type denotes a TEE Session, the logical container linking a Client Application with a particular Trusted Application.
289 /// <since_tizen> 4 </since_tizen>
290 public sealed class Session
292 private Interop.TEEC_Context context;
293 private Interop.TEEC_Session session;
295 internal Session(Interop.TEEC_Context context) {
296 this.context = context;
297 this.session = new Interop.TEEC_Session();
305 internal void Open(Guid destination, uint loginMethod, byte[] connectionData, Parameter[] paramlist)
307 Interop.TEEC_UUID uuid = new Interop.TEEC_UUID();
308 Interop.TEEC_Operation op = new Interop.TEEC_Operation();
311 int ret = Interop.Libteec.OpenSession(ref context, ref session, uuid, loginMethod, connectionData, ref op, out ro);
312 //MAYBE map origin of return code to specyfic Exception
313 Interop.CheckNThrowException(ret, string.Format("OpenSession('{0}')", destination));
317 /// This function closes a Session which has been opened with a Trusted Application.
318 /// All Commands within the Session MUST have completed before this function can be called.
320 /// <since_tizen> 4 </since_tizen>
321 /// <privilege>http://tizen.org/privilege/tee.client</privilege>
322 /// <privlevel>partner</privlevel>
323 /// <feature>http://tizen.org/feature/security.tee</feature>
324 /// <exception cref="UnauthorizedAccessException">Thrown when application does not have privilege to access this method.</exception>
325 /// <exception cref="NotSupportedException">The required feature is not supported.</exception>
326 /// <exception cref="InvalidOperationException">The operation is invalid.</exception>
327 public void Close() {
328 Interop.Libteec.CloseSession(ref session);
333 /// This function invokes a Command within the specified Session.
334 /// The parameter commandID is an identifier that is used to indicate which of the exposed Trusted
335 /// Application functions should be invoked. The supported command identifier values are defined by the
336 /// Trusted Application's protocol.
337 /// There can be up to four Parameter objects given in the <paramref name="paramlist"/> array
339 /// <since_tizen> 4 </since_tizen>
340 /// <param name="commandID">The command</param>
341 /// <param name="paramlist">The array of parameters</param>
342 /// <privilege>http://tizen.org/privilege/tee.client</privilege>
343 /// <privlevel>partner</privlevel>
344 /// <feature>http://tizen.org/feature/security.tee</feature>
345 /// <exception cref="UnauthorizedAccessException">Thrown when application does not have privilege to access this method.</exception>
346 /// <exception cref="NotSupportedException">The required feature is not supported.</exception>
347 /// <exception cref="InvalidOperationException">The operation is invalid.</exception>
348 /// <exception cref="ArgumentException">The argument <paramref name="paramlist"/> is wrong</exception>
349 public void InvokeCommand(uint commandID, Parameter[] paramlist)
351 Interop.TEEC_Operation op = new Interop.TEEC_Operation();
355 for (int i=0; i < 4; ++i) {
356 Parameter p = paramlist[i];
357 //TODO fill TEEC_Operation struct
361 int ret = Interop.Libteec.InvokeCommand(ref session, commandID, ref op, out ro);
362 //MAYBE map origin of return code to specific Exception
363 Interop.CheckNThrowException(ret, string.Format("InvokeCommand({0})", commandID));
367 /// Asynchronous version of InvokeCommand
369 /// <since_tizen> 4 </since_tizen>
370 /// <param name="commandID">The command</param>
371 /// <param name="paramlist">The array of parameters</param>
372 /// <param name="token">The token for task manipulation</param>
373 /// <returns>Returns Task executing invoke command in backgroung</returns>
374 /// <privilege>http://tizen.org/privilege/tee.client</privilege>
375 /// <privlevel>partner</privlevel>
376 /// <feature>http://tizen.org/feature/security.tee</feature>
377 /// <exception cref="UnauthorizedAccessException">Thrown when application does not have privilege to access this method.</exception>
378 /// <exception cref="NotSupportedException">The required feature is not supported.</exception>
379 /// <exception cref="InvalidOperationException">The operation is invalid.</exception>
380 /// <exception cref="ArgumentException">One of arguments is wrong</exception>
381 public async Task InvokeCommandAsync(uint commandID, Parameter[] paramlist, CancellationToken token = default(CancellationToken))
383 await Task.Factory.StartNew(() => InvokeCommand(commandID, paramlist));
389 /// This type denotes a TEE Context, the main logical container linking a Client Application with a particular TEE.
391 /// <since_tizen> 4 </since_tizen>
392 public sealed class Context : IDisposable
394 private Interop.TEEC_Context context;
397 /// This function (constructor) initializes a new TEE Context, forming a connection between this Client Application and the
398 /// TEE identified by the string identifier name (empty or null name denotes default TEE).
400 /// <since_tizen> 4 </since_tizen>
401 /// <param name="name">The TEE name</param>
402 /// <privilege>http://tizen.org/privilege/tee.client</privilege>
403 /// <privlevel>partner</privlevel>
404 /// <feature>http://tizen.org/feature/security.tee</feature>
405 /// <exception cref="UnauthorizedAccessException">Thrown when application does not have privilege to access this method.</exception>
406 /// <exception cref="NotSupportedException">The required feature is not supported.</exception>
407 /// <exception cref="InvalidOperationException">The operation is invalid.</exception>
408 public Context(string name)
410 context = new Interop.TEEC_Context();
411 int ret = Interop.Libteec.InitializeContext(name, ref context);
412 Interop.CheckNThrowException(ret, string.Format("InititalizeContext('{0}')", name));
421 /// This function implements IDisposable interface
423 /// <since_tizen> 4 </since_tizen>
424 /// <privilege>http://tizen.org/privilege/tee.client</privilege>
425 /// <privlevel>partner</privlevel>
426 /// <feature>http://tizen.org/feature/security.tee</feature>
427 /// <exception cref="UnauthorizedAccessException">Thrown when application does not have privilege to access this method.</exception>
428 /// <exception cref="NotSupportedException">The required feature is not supported.</exception>
429 /// <exception cref="InvalidOperationException">The operation is invalid.</exception>
430 public void Dispose() {
431 Interop.Libteec.FinalizeContext(ref context);
432 //context.imp = null;
436 /// This function opens a new Session between the Client Application and the specified Trusted Application.
437 /// The target Trusted Application is identified by a UUID passed in the parameter destination.
438 /// There can be up to four Parameter objects given in the {paramlist} array
440 /// <since_tizen> 4 </since_tizen>
441 /// <param name="destination">The UUID of destination TA</param>
442 /// <param name="loginMethod">The authentication algorithm <see cref="LoginMethod" /></param>
443 /// <param name="connectionData">The data to be verified by given login method</param>
444 /// <param name="paramlist">The parameters to be passed to TA open-session-callback</param>
445 /// <returns>Returns opened session</returns>
446 /// <privilege>http://tizen.org/privilege/tee.client</privilege>
447 /// <privlevel>partner</privlevel>
448 /// <feature>http://tizen.org/feature/security.tee</feature>
449 /// <exception cref="UnauthorizedAccessException">Thrown when application does not have privilege to access this method.</exception>
450 /// <exception cref="NotSupportedException">The required feature is not supported.</exception>
451 /// <exception cref="InvalidOperationException">The operation is invalid.</exception>
452 /// <exception cref="ArgumentException">One of arguments is wrong</exception>
453 public Session OpenSession(Guid destination, uint loginMethod, byte[] connectionData, Parameter[] paramlist)
455 Session ses = new Session(context);
456 ses.Open(destination, loginMethod, connectionData, paramlist);
460 /// @see OpenSession(Guid destination, uint connectionMethod, byte[] connectionData, Parameter[] paramlist, CancellationToken token)
462 /// <since_tizen> 4 </since_tizen>
463 /// <param name="destination">The UUID of destination TA</param>
464 /// <returns>Returns opened session</returns>
465 /// <privilege>http://tizen.org/privilege/tee.client</privilege>
466 /// <privlevel>partner</privlevel>
467 /// <feature>http://tizen.org/feature/security.tee</feature>
468 /// <exception cref="UnauthorizedAccessException">Thrown when application does not have privilege to access this method.</exception>
469 /// <exception cref="NotSupportedException">The required feature is not supported.</exception>
470 /// <exception cref="InvalidOperationException">The operation is invalid.</exception>
471 /// <exception cref="ArgumentException">The argument is wrong</exception>
472 public Session OpenSession(Guid destination)
474 Session ses = new Session(context);
475 ses.Open(destination, LoginMethod.Public, null, null);
480 /// Asynchronous version of OpenSession
481 /// @see OpenSession(Guid destination, uint connectionMethod, byte[] connectionData, Parameter[] paramlist, CancellationToken token)
483 /// <since_tizen> 4 </since_tizen>
484 /// <param name="destination">The UUID of destination TA</param>
485 /// <param name="loginMethod">The authentication algorithm <see cref="LoginMethod" /></param>
486 /// <param name="connectionData">The data to be verified by given login method</param>
487 /// <param name="paramlist">The parameters to be passed to TA open-session-callback</param>
488 /// <param name="token">The token for task manipulation</param>
489 /// <returns>Returns Task executing session open in backgroung</returns>
490 /// <privilege>http://tizen.org/privilege/tee.client</privilege>
491 /// <privlevel>partner</privlevel>
492 /// <feature>http://tizen.org/feature/security.tee</feature>
493 /// <exception cref="UnauthorizedAccessException">Thrown when application does not have privilege to access this method.</exception>
494 /// <exception cref="NotSupportedException">The required feature is not supported.</exception>
495 /// <exception cref="InvalidOperationException">The operation is invalid.</exception>
496 /// <exception cref="ArgumentException">One of arguments is wrong</exception>
497 public async Task<Session> OpenSessionAsync(Guid destination, uint loginMethod, byte[] connectionData, Parameter[] paramlist, CancellationToken token = default(CancellationToken))
499 Task<Session> task = Task<Session>.Factory.StartNew(() =>
501 return OpenSession(destination, loginMethod, connectionData, paramlist);
506 /// Asynchronous version of OpenSession
507 /// @see OpenSession(Guid destination, uint connectionMethod, byte[] connectionData, Parameter[] paramlist, CancellationToken token)
509 /// <since_tizen> 4 </since_tizen>
510 /// <param name="destination">The UUID of destination TA</param>
511 /// <param name="token">The token for task manipulation</param>
512 /// <returns>Returns Task executing session open in backgroung</returns>
513 /// <privilege>http://tizen.org/privilege/tee.client</privilege>
514 /// <privlevel>partner</privlevel>
515 /// <feature>http://tizen.org/feature/security.tee</feature>
516 /// <exception cref="UnauthorizedAccessException">Thrown when application does not have privilege to access this method.</exception>
517 /// <exception cref="NotSupportedException">The required feature is not supported.</exception>
518 /// <exception cref="InvalidOperationException">The operation is invalid.</exception>
519 /// <exception cref="ArgumentException">One of arguments is wrong</exception>
520 public async Task<Session> OpenSessionAsync(Guid destination, CancellationToken token = default(CancellationToken))
522 Task<Session> task = Task<Session>.Factory.StartNew(() =>
524 return OpenSession(destination);
530 /// This function registers a block of existing Client Application memory as a block of Shared Memory within
531 /// the scope of the specified Context, in accordance with the parameters.
532 /// The input <paramref name="memaddr"/> MUST point to the shared memory region to register
534 /// <since_tizen> 4 </since_tizen>
535 /// <param name="memaddr">The address of shared memory</param>
536 /// <param name="size">The size of shared memory</param>
537 /// <param name="flags">The flags describing access modes (Input and/or Output)</param>
538 /// <returns>Returns SharedMemory handler</returns>
539 /// <privilege>http://tizen.org/privilege/tee.client</privilege>
540 /// <privlevel>partner</privlevel>
541 /// <feature>http://tizen.org/feature/security.tee</feature>
542 /// <exception cref="UnauthorizedAccessException">Thrown when application does not have privilege to access this method.</exception>
543 /// <exception cref="NotSupportedException">The required feature is not supported.</exception>
544 /// <exception cref="InvalidOperationException">The operation is invalid.</exception>
545 /// <exception cref="ArgumentException">The argument <paramref name="memaddr"/> is wrong</exception>
546 public SharedMemory RegisterSharedMemory(IntPtr memaddr, UInt32 size, SharedMemoryFlags flags)
548 Interop.TEEC_SharedMemory shm = new Interop.TEEC_SharedMemory();
549 shm.buffer = memaddr;
551 shm.flags = (UInt32)flags;
552 int ret = Interop.Libteec.RegisterSharedMemory(ref context, ref shm);
553 Interop.CheckNThrowException(ret, "RegisterSharedMemory");
554 return new SharedMemory(shm);
558 /// This function allocates a new block of memory as a block of Shared Memory within the scope of the
559 /// specified Context, in accordance with the parameters.
561 /// <since_tizen> 4 </since_tizen>
562 /// <param name="size">The size of shared memory</param>
563 /// <param name="flags">The flags describing access modes (Input and/or Output)</param>
564 /// <returns>Returns SharedMemory handler</returns>
565 /// <privilege>http://tizen.org/privilege/tee.client</privilege>
566 /// <privlevel>partner</privlevel>
567 /// <feature>http://tizen.org/feature/security.tee</feature>
568 /// <exception cref="UnauthorizedAccessException">Thrown when application does not have privilege to access this method.</exception>
569 /// <exception cref="NotSupportedException">The required feature is not supported.</exception>
570 /// <exception cref="InvalidOperationException">The operation is invalid.</exception>
571 public SharedMemory AllocateSharedMemory(UInt32 size, SharedMemoryFlags flags)
573 Interop.TEEC_SharedMemory shm = new Interop.TEEC_SharedMemory();
575 shm.flags = (UInt32)flags;
576 int ret = Interop.Libteec.AllocateSharedMemory(ref context, ref shm);
577 Interop.CheckNThrowException(ret, "AllocateSharedMemory");
578 return new SharedMemory(shm);
582 /// This function deregisters or deallocates a previously initialized block of Shared Memory.
583 /// For a memory buffer allocated using AllocateSharedMemory the Implementation MUST free the
584 /// underlying memory and the Client Application MUST NOT access this region after this function has been
585 /// called. In this case the Implementation MUST clear the buffer and size fields of the sharedMem
586 /// structure before returning.
587 /// For memory registered using RegisterSharedMemory the implementation MUST deregister the
588 /// underlying memory from the TEE, but the memory region will stay available to the Client Application for
589 /// other purposes as the memory is owned by it.
591 /// <since_tizen> 4 </since_tizen>
592 /// <param name="shm">The shared memory object returned by RegisterSharedMemory or AllocateSharedMemory</param>
593 /// <privilege>http://tizen.org/privilege/tee.client</privilege>
594 /// <privlevel>partner</privlevel>
595 /// <feature>http://tizen.org/feature/security.tee</feature>
596 /// <exception cref="UnauthorizedAccessException">Thrown when application does not have privilege to access this method.</exception>
597 /// <exception cref="NotSupportedException">The required feature is not supported.</exception>
598 /// <exception cref="InvalidOperationException">The operation is invalid.</exception>
599 /// <exception cref="ArgumentException">The argument is wrong</exception>
600 public void ReleaseSharedMemory(SharedMemory shm)
602 Interop.Libteec.ReleaseSharedMemory(ref shm.shm);