--- /dev/null
+# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file
+# @author Lukasz Kostyra (l.kostyra@samsung.com)
+# @brief CMakeLists for key-manager TA
+#
+
+############# Entry defines #############
+
+CMAKE_MINIMUM_REQUIRED(VERSION 2.6)
+PROJECT("key-manager-ta")
+
+SET(TARGET_KEY_MANAGER_TA_SERIALIZATION km_serialization)
+SET(TARGET_KEY_MANAGER_TA 00000000-0000-0000-0000-666666555555)
+
+SET(KEY_MANAGER_TA_ROOT_PATH ${PROJECT_SOURCE_DIR})
+SET(KEY_MANAGER_TA_PATH ${KEY_MANAGER_TA_ROOT_PATH}/ta)
+SET(KEY_MANAGER_TA_SERIALIZATION_PATH ${KEY_MANAGER_TA_ROOT_PATH}/serialization)
+
+############# TA #############
+
+SET(KEY_MANAGER_TA_SOURCES
+ ${KEY_MANAGER_TA_PATH}/src/cmd_exec.c
+ ${KEY_MANAGER_TA_PATH}/src/crypto_auth.c
+ ${KEY_MANAGER_TA_PATH}/src/crypto_derive.c
+ ${KEY_MANAGER_TA_PATH}/src/crypto_symmetric.c
+ ${KEY_MANAGER_TA_PATH}/src/internal.c
+ ${KEY_MANAGER_TA_PATH}/src/log.c
+ ${KEY_MANAGER_TA_PATH}/src/km_ta.c
+ ${KEY_MANAGER_TA_SERIALIZATION_PATH}/src/km_serialization.c
+ )
+
+SET(KEY_MANAGER_TA_HEADERS
+ ${KEY_MANAGER_TA_PATH}/include/km_ta_defines.h
+ )
+
+IF(${TEF_BUILD_TYPE} MATCHES "optee")
+ ADD_DEFINITIONS("-DTEF_BUILD_OPTEE")
+ #TODO call Makefile to build the project for optee
+ELSE()
+ INCLUDE(FindPkgConfig)
+
+ PKG_CHECK_MODULES(KEY_MANAGER_TA_DEPS REQUIRED
+ tef-simulator-devkit
+ )
+
+ INCLUDE(TEFSimulatorDevkit)
+
+ ADD_EXECUTABLE(${TARGET_KEY_MANAGER_TA}
+ ${KEY_MANAGER_TA_SOURCES}
+ )
+
+ INCLUDE_DIRECTORIES(
+ ${KEY_MANAGER_TA_PATH}/include
+ ${KEY_MANAGER_TA_SERIALIZATION_PATH}/include
+ )
+
+ # TEEStub is built in C++, so we must force linking using C++ linker
+ SET_TARGET_PROPERTIES(${TARGET_KEY_MANAGER_TA} PROPERTIES
+ LINKER_LANGUAGE "CXX"
+ )
+
+ TARGET_LINK_LIBRARIES(${TARGET_KEY_MANAGER_TA}
+ ${KEY_MANAGER_TA_DEPS_LIBRARIES}
+ )
+
+ TEF_GENERATE_TA_IMAGE(${TARGET_KEY_MANAGER_TA} ${KEY_MANAGER_TA_PATH}/km_ta.xml KEY_MANAGER_TA_IMAGE)
+ENDIF()
+
+INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/${KEY_MANAGER_TA_IMAGE} DESTINATION ${TASTORE_DIR})
+INSTALL(FILES ${KEY_MANAGER_TA_HEADERS} DESTINATION ${INCLUDE_DIR})
+
+############# SERIALIZATION #############
+
+SET(KEY_MANAGER_TA_SERIALIZATION_SOURCES
+ ${KEY_MANAGER_TA_SERIALIZATION_PATH}/src/km_serialization.c
+ )
+
+SET(KEY_MANAGER_TA_SERIALIZATION_HEADERS
+ ${KEY_MANAGER_TA_SERIALIZATION_PATH}/include/km_serialization.h
+ )
+
+ADD_LIBRARY(${TARGET_KEY_MANAGER_TA_SERIALIZATION} SHARED
+ ${KEY_MANAGER_TA_SERIALIZATION_SOURCES}
+ )
+
+INCLUDE_DIRECTORIES(
+ ${KEY_MANAGER_TA_SERIALIZATION_PATH}/include
+ )
+
+INSTALL(TARGETS ${TARGET_KEY_MANAGER_TA_SERIALIZATION} DESTINATION ${LIB_DIR})
+INSTALL(FILES ${KEY_MANAGER_TA_SERIALIZATION_HEADERS} DESTINATION ${INCLUDE_DIR})
-%define ta_dev_kit_dir /opt/optee/export-ta_arm%{__isa_bits}
+%if %{_target_cpu} == "armv7l"
+%define tef_dependency optee-os-ta
+%define tef_build_type optee
+%define tef_dev_kit_dir /opt/optee/export-ta_arm%{__isa_bits}
+%else
+%define tef_dependency tef-simulator-devkit
+%define tef_build_type simulator
+%endif
+
+%define lib_dir %{?TZ_SYS_LIB:%TZ_SYS_LIB}%{!?TZ_SYS_LIB:%_libdir}
+%define include_dir %{?TZ_SYS_INCLUDE:%TZ_SYS_INCLUDE}%{!?TZ_SYS_INCLUDE:%_includedir}
+%define tastore_dir %{lib_dir}/tastore
Name: key-manager-ta
Summary: Central Key Manager Trusted Application
Provides: %{name}
+BuildRequires: cmake
+BuildRequires: %{tef_dependency}
BuildRequires: python
-BuildRequires: openssl
-BuildRequires: optee-os-ta
%description
Key Manager Trusted Application working in the ARM® TrustZone® environment.
-%package -n key-manager-ta-serialization
+%package -n %{name}-devel
+Summary: Key Manager Trusted Application serialization library
+Group: Security/Secure Storage
+License: Apache-2.0 and BSL-1.0 and BSD-3-Clause
+Requires: key-manager-ta
+
+%description -n %{name}-devel
+Development package for Key Manager Trusted Applicatio
+
+%package -n %{name}-serialization
Summary: Key Manager Trusted Application serialization library
Group: Security/Secure Storage
License: Apache-2.0 and BSL-1.0 and BSD-3-Clause
-Provides: libkm_serialization.so
-%description -n key-manager-ta-serialization
-Key Manager Trusted Application serialization library
+%description -n %{name}-serialization
+Serialization library for Key Manager's Trusted Application
+
+%package -n %{name}-serialization-devel
+Summary: Key Manager Trusted Application serialization library development package
+Group: Security/Secure Storage
+License: Apache-2.0 and BSL-1.0 and BSD-3-Clause
+Requires: %{name}-serialization
+
+%description -n %{name}-serialization-devel
+Development package for key-manager's Trusted Application serialization library.
+
+
%prep
%setup -q
cp -a %{SOURCE2} .
%build
-make TA_DEV_KIT_DIR=%{ta_dev_kit_dir}
-make TA_DEV_KIT_DIR=%{ta_dev_kit_dir} serialization/libkm_serialization.so
+#make TA_DEV_KIT_DIR=%{tef_dev_kit_dir} TEF_BUILD_TYPE=%{tef_build_type}
+#make TA_DEV_KIT_DIR=%{tef_dev_kit_dir} TEF_BUILD_TYPE=%{tef_build_type} serialization/libkm_serialization.so
+mkdir -p build
+cd build
+%cmake .. \
+ -DTEF_BUILD_TYPE=%{tef_build_type} \
+ -DTASTORE_DIR=%{tastore_dir} \
+ -DINCLUDE_DIR=%{include_dir} \
+ -DLIB_DIR=%{lib_dir}
+make %{?jobs:-j%jobs}
%install
-mkdir -p %{buildroot}/%{_includedir}
-mkdir -p %{buildroot}/%{_libdir}/optee_armtz
-cp *.ta %{buildroot}/%{_libdir}/optee_armtz/
-cp serialization/libkm_serialization.so %{buildroot}/%{_libdir}/
-cp -rf serialization/include/* %{buildroot}/%{_includedir}
+# mkdir -p %{buildroot}/%{_includedir}
+# mkdir -p %{buildroot}/%{_libdir}/optee_armtz
+# cp *.ta %{buildroot}/%{_libdir}/optee_armtz/
+# cp serialization/libkm_serialization.so %{buildroot}/%{_libdir}/
+# cp -rf serialization/include/* %{buildroot}/%{_includedir}
+cd build
+%make_install
%clean
rm -rf %{buildroot}
-%files -n key-manager-ta-serialization
-%manifest key-manager-ta-serialization.manifest
-%defattr(-, root, root, -)
-#%manifest packaging/key-manager-ta-serialization.manifest
-%{_includedir}
-%{_libdir}/libkm_serialization.so
-
-%files -n key-manager-ta
-%manifest %{name}.manifest
-%defattr(-, root, root, -)
-#%manifest packaging/%{name}.manifest
-%{_libdir}/optee_armtz
+%post
+tef-simulator-update-uuid-list.sh 00000000000000000000666666555555
+
+%files -n %{name}-devel
+%{include_dir}/km_ta_defines.h
+
+%files -n %{name}-serialization
+%{lib_dir}/libkm_serialization.so
+
+%files -n %{name}-serialization-devel
+%{include_dir}/km_serialization.h
+
+%files -n %{name}
+%{tastore_dir}/00000000000000000000666666555555
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file serialization.h
+ * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
+ * @version 1.0
+ * @brief Implementaion of tee commands parameters serialization
+ */
+#ifndef __PARAMS_SERIALIZATION_H__
+#define __PARAMS_SERIALIZATION_H__
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+typedef enum KM_ParamsMagic {
+ PSMagic_SymmetricInput = 0x542345,
+ PSMagic_InputData = 0x575445,
+ PSMagic_IVData = 0x445234,
+ PSMagic_AEData = 0x810891,
+ PSMagic_OutData = 0x721513,
+ PSMagic_TagData = 0x721513,
+ PSMagic_Key = 0x946704,
+ PSMagic_KeyId = 0x946704
+} PSMagic;
+
+typedef struct Data_ {
+ uint32_t magic;
+ uint32_t data_size;
+ void *data;
+} Data;
+
+typedef struct Data_ InputData;
+
+typedef struct Data_ OutData;
+
+typedef struct Data_ IVData;
+
+typedef struct Data_ KeyId;
+
+typedef struct Data_ TagData;
+
+typedef struct AEData_ {
+ Data aad;
+ uint32_t tagLen;
+ uint32_t AADLen;
+ uint32_t payloadLen;
+} AEData;
+
+typedef struct Key_ {
+ Data key;
+ uint32_t key_bits_size;
+} Key;
+
+typedef struct SymmetricInput_ {
+ uint32_t magic;
+ uint32_t buffer_size;
+ uint32_t key_data_offset;
+ uint32_t key_id_data_offset;
+ uint32_t input_data_offset;
+ uint32_t iv_data_offset;
+ uint32_t ae_data_offset;
+ uint32_t out_data_offset;
+ uint32_t tag_data_offset;
+ uint32_t global_offset;
+} SymmetricInput;
+
+void KM_ParamsDump(SymmetricInput *input, InputData *input_data, IVData *iv_data,
+ Key *key_data, KeyId *key_id_data, AEData *ae_data, OutData *out_data,
+ TagData *tag_data);
+uint32_t KM_GetSerializedBufferRealSize(SymmetricInput *buffer);
+uint32_t KM_PrecalculateBufferSize(uint32_t input_size, uint32_t iv_size, uint32_t with_ae_data,
+ uint32_t aad_size, uint32_t out_size, uint32_t tag_size,
+ uint32_t key_size, uint32_t key_id_size);
+
+int KM_ParamsDeserializationInit(void *buffer, uint32_t buffer_size, SymmetricInput **out);
+int KM_ParamsDeserializeInputData(SymmetricInput *self, InputData **out);
+int KM_ParamsDeserializeIVData(SymmetricInput *self, IVData **out);
+int KM_ParamsDeserializeAEData(SymmetricInput *self, AEData **out);
+int KM_ParamsDeserializeOutData(SymmetricInput *self, OutData **out);
+int KM_ParamsDeserializeTagData(SymmetricInput *self, TagData **out);
+int KM_ParamsDeserializeKey(SymmetricInput *self, Key **out);
+int KM_ParamsDeserializeKeyId(SymmetricInput *self, KeyId **out);
+
+int KM_ParamsSerializationInit(void *buffer, size_t buffer_size, SymmetricInput **out);
+int KM_ParamsSerializeInputData(SymmetricInput *self, const void *data, size_t data_size);
+int KM_ParamsSerializeIVData(SymmetricInput *self, const void *data, size_t data_size);
+int KM_ParamsSerializeAEData(SymmetricInput *self, uint32_t tagLen, uint32_t AADLen,
+ uint32_t payloadLen, const void *aad, size_t aad_size);
+int KM_ParamsSerializeOutData(SymmetricInput *self, const void *data, size_t data_size);
+
+int KM_ParamsSerializeTagData(SymmetricInput *self, const void *data, size_t data_size);
+
+int KM_ParamsSerializeKey(SymmetricInput *self, const void *data, size_t data_size,
+ uint32_t bits_size);
+
+int KM_ParamsSerializeKeyId(SymmetricInput *self, const void *data, size_t data_size);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif //__PARAMS_SERIALIZATION_H__
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file serialization.h
- * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
- * @version 1.0
- * @brief Implementaion of tee commands parameters serialization
- */
-#ifndef __PARAMS_SERIALIZATION_H__
-#define __PARAMS_SERIALIZATION_H__
-
-#include <stdint.h>
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-typedef enum KM_ParamsMagic {
- PSMagic_SymmetricInput = 0x542345,
- PSMagic_InputData = 0x575445,
- PSMagic_IVData = 0x445234,
- PSMagic_AEData = 0x810891,
- PSMagic_OutData = 0x721513,
- PSMagic_TagData = 0x721513,
- PSMagic_Key = 0x946704,
- PSMagic_KeyId = 0x946704
-} PSMagic;
-
-typedef struct Data_ {
- uint32_t magic;
- uint32_t data_size;
- void *data;
-} Data;
-
-typedef struct Data_ InputData;
-
-typedef struct Data_ OutData;
-
-typedef struct Data_ IVData;
-
-typedef struct Data_ KeyId;
-
-typedef struct Data_ TagData;
-
-typedef struct AEData_ {
- Data aad;
- uint32_t tagLen;
- uint32_t AADLen;
- uint32_t payloadLen;
-} AEData;
-
-typedef struct Key_ {
- Data key;
- uint32_t key_bits_size;
-} Key;
-
-typedef struct SymmetricInput_ {
- uint32_t magic;
- uint32_t buffer_size;
- uint32_t key_data_offset;
- uint32_t key_id_data_offset;
- uint32_t input_data_offset;
- uint32_t iv_data_offset;
- uint32_t ae_data_offset;
- uint32_t out_data_offset;
- uint32_t tag_data_offset;
- uint32_t global_offset;
-} SymmetricInput;
-
-void KM_ParamsDump(SymmetricInput *input, InputData *input_data, IVData *iv_data,
- Key *key_data, KeyId *key_id_data, AEData *ae_data, OutData *out_data,
- TagData *tag_data);
-
-int KM_ParamsDeserializationInit(void *buffer, size_t buffer_size, SymmetricInput **out);
-int KM_ParamsDeserializeInputData(SymmetricInput *self, InputData **out);
-int KM_ParamsDeserializeIVData(SymmetricInput *self, IVData **out);
-int KM_ParamsDeserializeAEData(SymmetricInput *self, AEData **out);
-int KM_ParamsDeserializeOutData(SymmetricInput *self, OutData **out);
-int KM_ParamsDeserializeTagData(SymmetricInput *self, TagData **out);
-int KM_ParamsDeserializeKey(SymmetricInput *self, Key **out);
-int KM_ParamsDeserializeKeyId(SymmetricInput *self, KeyId **out);
-
-int KM_ParamsSerializationInit(void *buffer, size_t buffer_size, SymmetricInput **out);
-int KM_ParamsSerializeInputData(SymmetricInput *self, const void *data, size_t data_size);
-int KM_ParamsSerializeIVData(SymmetricInput *self, const void *data, size_t data_size);
-int KM_ParamsSerializeAEData(SymmetricInput *self, uint32_t tagLen, uint32_t AADLen,
- uint32_t payloadLen, const void *aad, size_t aad_size);
-int KM_ParamsSerializeOutData(SymmetricInput *self, const void *data, size_t data_size);
-
-int KM_ParamsSerializeTagData(SymmetricInput *self, const void *data, size_t data_size);
-
-int KM_ParamsSerializeKey(SymmetricInput *self, const void *data, size_t data_size,
- uint32_t bits_size);
-
-int KM_ParamsSerializeKeyId(SymmetricInput *self, const void *data, size_t data_size);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif //__PARAMS_SERIALIZATION_H__
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file serialization.c
+ * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
+ * @version 1.0
+ * @brief Implementaion of tee commands parameters serialization
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "km_serialization.h"
+
+#define LOG printf
+
+const uint32_t ALIGNMENT_BYTES = 4;
+
+// change size of structures to make the entire buffer 4-byte aligned
+// required by TEE Client API specification
+static size_t addAlignment(size_t size)
+{
+ if (size == 0) return 0;
+ return ((int) (size - 1) / ALIGNMENT_BYTES) * ALIGNMENT_BYTES + ALIGNMENT_BYTES;
+}
+
+
+static int KM_ParamsDeserializeData(void *self, uint32_t offset, uint32_t magic,
+ uint32_t size, Data **out)
+{
+ uint32_t curr_ptr = 0;
+ Data *ptr = NULL;
+ if (NULL == self || NULL == out) {
+ LOG("Invalid input.");
+ return -1;
+ }
+
+ if (0 == offset) {
+ // There's no data so we return gently
+ return 0;
+ }
+
+ curr_ptr = ((uint32_t) self) + offset;
+ ptr = (Data *) curr_ptr;
+
+ if (magic != ptr->magic) {
+ LOG("Invalid magic.");
+ return -1;
+ }
+
+ if (0 < ptr->data_size) {
+ ptr->data = (void *) (curr_ptr + size);
+ } else {
+ ptr->data = NULL;
+ }
+ *out = ptr;
+ return 0;
+}
+
+static int KM_ParamsSerializeData(SymmetricInput *self, const void *data, size_t data_size,
+ uint32_t size, uint32_t magic, Data **ptr)
+{
+ uint8_t* curr_ptr = 0;
+ Data *tmp = NULL;
+ if (self == NULL) {
+ LOG("Provided NULL serialization pointer");
+ return -1;
+ }
+
+ if (self->buffer_size < self->global_offset + size + data_size) {
+ LOG("Invalid parameters. ("
+ "self->buffer_size < self->global_offset + size + data_size=%d < %d",
+ self->buffer_size, self->global_offset + size + data_size);
+ return -1;
+ }
+ curr_ptr = ((uint8_t*)self) + self->global_offset;
+ tmp = (Data*)curr_ptr;
+
+ tmp->magic = magic;
+ tmp->data_size = data_size;
+ if (0 < tmp->data_size) {
+ tmp->data = (void *)(curr_ptr + size);
+ memcpy(tmp->data, data, data_size);
+ } else {
+ tmp->data = NULL;
+ }
+ *ptr = tmp;
+
+ return 0;
+}
+
+
+// UTILITY FUNCTIONS
+
+void KM_ParamsDump(SymmetricInput *input, InputData *input_data, IVData *iv_data,
+ Key *key_data, KeyId *key_id_data, AEData *ae_data, OutData *out_data,
+ TagData *tag_data)
+{
+ if (input) {
+ LOG("buffer_size=%d key_data_offset=%d key_id_data_offset=%d input_data_offset=%d "
+ "iv_data_offset=%d ae_data_offset=%d out_data_offset=%d tag_data_offset=%d| "
+ "global_offset=%d", input->buffer_size, input->key_data_offset,
+ input->key_id_data_offset, input->input_data_offset, input->iv_data_offset,
+ input->ae_data_offset, input->out_data_offset, input->tag_data_offset,
+ input->global_offset);
+ }
+ if (key_data) {
+ LOG("Key=%p, key_size=%d, key_bits_size=%d", key_data->key.data, key_data->key.data_size,
+ key_data->key_bits_size);
+ }
+ if (key_id_data) {
+ LOG("Key_id=%p, key_id_size=%d", key_id_data->data, key_id_data->data_size);
+ }
+ if (iv_data) {
+ LOG("IV=%p, iv_size=%d", iv_data->data, iv_data->data_size);
+ }
+ if (input_data) {
+ LOG("Input=%p, input_size=%d", input_data->data, input_data->data_size);
+ }
+ if (ae_data) {
+ LOG("aad.data=%p, aad.size=%d, tagLen=%d, AADLen=%d, payloadLen=%d", ae_data->aad.data,
+ ae_data->aad.data_size, ae_data->tagLen, ae_data->AADLen, ae_data->payloadLen);
+ }
+ if (out_data) {
+ LOG("Out=%p, out_size=%d", out_data->data, out_data->data_size);
+ }
+ if (tag_data) {
+ LOG("Tag=%p, tag_size=%d", tag_data->data, tag_data->data_size);
+ }
+}
+
+uint32_t KM_GetSerializedBufferRealSize(SymmetricInput *buffer)
+{
+ if (buffer == NULL) {
+ LOG("Incorrect buffer provided");
+ return 0;
+ }
+
+ return buffer->global_offset;
+}
+
+uint32_t KM_PrecalculateBufferSize(uint32_t input_size, uint32_t iv_size, uint32_t with_ae_data,
+ uint32_t aad_size, uint32_t out_size, uint32_t tag_size,
+ uint32_t key_size, uint32_t key_id_size)
+{
+ uint32_t size = sizeof(SymmetricInput);
+
+ if (input_size > 0)
+ size += sizeof(InputData) + addAlignment(input_size);
+
+ if (iv_size > 0)
+ size += sizeof(IVData) + addAlignment(iv_size);
+
+ if (with_ae_data > 0)
+ size += sizeof(AEData) + addAlignment(aad_size);
+
+ if (out_size > 0)
+ size += sizeof(OutData) + addAlignment(out_size);
+
+ if (tag_size > 0)
+ size += sizeof(TagData) + addAlignment(tag_size);
+
+ if (key_size > 0)
+ size += sizeof(Key) + addAlignment(key_size);
+
+ if (key_id_size > 0)
+ size += sizeof(KeyId) + addAlignment(key_id_size);
+
+ return size;
+}
+
+
+
+// DESERIALIZATORS
+
+int KM_ParamsDeserializationInit(void *buffer, size_t buffer_size, SymmetricInput **out)
+{
+ SymmetricInput *self = (SymmetricInput *) buffer;
+ if (buffer == NULL) {
+ LOG("Invalid input buffer");
+ return -1;
+ }
+ if (sizeof(SymmetricInput) > buffer_size) {
+ LOG("Serialization buffer not big enough.");
+ return -1;
+ }
+ if (PSMagic_SymmetricInput != self->magic) {
+ LOG("Invalid magic.");
+ return -1;
+ }
+ if (self->buffer_size > buffer_size) {
+ LOG("Serialized object was bigger than input buffer.");
+ return -1;
+ }
+
+ *out = self;
+ return 0;
+}
+
+int KM_ParamsDeserializeInputData(SymmetricInput *self, InputData **out)
+{
+ return KM_ParamsDeserializeData((void *)self, self->input_data_offset, PSMagic_InputData,
+ sizeof(InputData), (Data**) out);
+}
+
+int KM_ParamsDeserializeIVData(SymmetricInput *self, IVData **out)
+{
+ return KM_ParamsDeserializeData((void *)self, self->iv_data_offset, PSMagic_IVData,
+ sizeof(IVData), (Data**) out);
+}
+
+int KM_ParamsDeserializeAEData(SymmetricInput *self, AEData **out)
+{
+ return KM_ParamsDeserializeData((void *)self, self->ae_data_offset, PSMagic_AEData,
+ sizeof(AEData), (Data**) out);
+}
+
+int KM_ParamsDeserializeOutData(SymmetricInput *self, OutData **out)
+{
+ return KM_ParamsDeserializeData((void *)self, self->out_data_offset, PSMagic_OutData,
+ sizeof(OutData), (Data**) out);
+}
+
+int KM_ParamsDeserializeTagData(SymmetricInput *self, TagData **out)
+{
+
+ return KM_ParamsDeserializeData((void *)self, self->tag_data_offset, PSMagic_TagData,
+ sizeof(TagData), (Data**) out);
+}
+
+int KM_ParamsDeserializeKey(SymmetricInput *self, Key **out)
+{
+ return KM_ParamsDeserializeData((void *)self, self->key_data_offset, PSMagic_Key,
+ sizeof(Key), (Data**) out);
+}
+
+int KM_ParamsDeserializeKeyId(SymmetricInput *self, KeyId **out)
+{
+ return KM_ParamsDeserializeData((void *)self, self->key_id_data_offset, PSMagic_KeyId,
+ sizeof(KeyId), (Data**) out);
+}
+
+
+// SERIALIZATORS
+
+int KM_ParamsSerializationInit(void *buffer, size_t buffer_size, SymmetricInput **out)
+{
+ SymmetricInput *self = (SymmetricInput *) buffer;
+ if (buffer == NULL) {
+ LOG("Invalid input buffer");
+ return -1;
+ }
+ if (sizeof(SymmetricInput) > buffer_size) {
+ LOG("Serialization buffer not big enough");
+ return -1;
+ }
+
+ memset(self, 0, sizeof(SymmetricInput));
+ self->magic = PSMagic_SymmetricInput;
+ self->buffer_size = buffer_size;
+ self->global_offset = sizeof(SymmetricInput);
+ *out = self;
+
+ return 0;
+}
+
+int KM_ParamsSerializeInputData(SymmetricInput *self, const void *data, size_t data_size)
+{
+ Data *ptr = NULL;
+ uint32_t ret = 0;
+ if (0 != self->input_data_offset) {
+ LOG("Invalid parameters. (data=%p|data_size=%d|self->input_data_offset=%d",
+ data, data_size, self->input_data_offset);
+ return -1;
+ }
+ ret = KM_ParamsSerializeData(self, data, data_size, sizeof(InputData),
+ PSMagic_InputData, &ptr);
+ if (ret != 0) {
+ return ret;
+ }
+ self->input_data_offset = self->global_offset;
+ self->global_offset += sizeof(InputData) + addAlignment(data_size);
+
+ return 0;
+}
+
+int KM_ParamsSerializeIVData(SymmetricInput *self, const void *data, size_t data_size)
+{
+ Data *ptr = NULL;
+ uint32_t ret = 0;
+ if (0 != self->iv_data_offset) {
+ LOG("Invalid parameters. (data=%p|data_size=%d|self->iv_data_offset=%d",
+ data, data_size, self->iv_data_offset);
+ return -1;
+ }
+ ret = KM_ParamsSerializeData(self, data, data_size, sizeof(IVData), PSMagic_IVData,
+ &ptr);
+ if (ret != 0) {
+ return ret;
+ }
+
+ self->iv_data_offset = self->global_offset;
+ self->global_offset += sizeof(IVData) + addAlignment(data_size);
+
+ return 0;
+}
+
+int KM_ParamsSerializeAEData(SymmetricInput *self, uint32_t tagLen, uint32_t AADLen,
+ uint32_t payloadLen, const void *aad, size_t aad_size)
+{
+ AEData *ptr = NULL;
+ uint32_t ret = 0;
+ if (0 != self->ae_data_offset) {
+ LOG("Invalid parameters. (self->ae_data_offset=%d", self->ae_data_offset);
+ return -1;
+ }
+ ret = KM_ParamsSerializeData(self, aad, aad_size, sizeof(AEData), PSMagic_AEData,
+ (Data **) &ptr);
+ if (ret != 0) {
+ return ret;
+ }
+
+ ptr->tagLen = tagLen;
+ ptr->AADLen = AADLen;
+ ptr->payloadLen = payloadLen;
+
+ self->ae_data_offset = self->global_offset;
+ self->global_offset += sizeof(AEData) + addAlignment(aad_size);
+
+ return 0;
+}
+
+int KM_ParamsSerializeOutData(SymmetricInput *self, const void *data, size_t data_size)
+{
+ Data *ptr = NULL;
+ uint32_t ret = 0;
+ if (0 != self->out_data_offset) {
+ LOG("Invalid parameters. (data=%p|data_size=%d|self->out_data_offset=%d",
+ data, data_size, self->out_data_offset);
+ return -1;
+ }
+ ret = KM_ParamsSerializeData(self, data, data_size, sizeof(OutData), PSMagic_OutData,
+ &ptr);
+ if (ret != 0) {
+ return ret;
+ }
+
+ self->out_data_offset = self->global_offset;
+ self->global_offset += sizeof(OutData) + addAlignment(data_size);
+
+ return 0;
+}
+
+int KM_ParamsSerializeTagData(SymmetricInput *self, const void *data, size_t data_size)
+{
+ Data *ptr = NULL;
+ uint32_t ret = 0;
+ if (0 != self->tag_data_offset) {
+ LOG("Invalid parameters. (data=%p|data_size=%d|self->tag_data_offset=%d",
+ data, data_size, self->tag_data_offset);
+ return -1;
+ }
+ ret = KM_ParamsSerializeData(self, data, data_size, sizeof(TagData), PSMagic_TagData,
+ &ptr);
+ if (ret != 0) {
+ return ret;
+ }
+
+ self->tag_data_offset = self->global_offset;
+ self->global_offset += sizeof(TagData) + addAlignment(data_size);
+
+ return 0;
+}
+
+int KM_ParamsSerializeKey(SymmetricInput *self, const void *data, size_t data_size,
+ uint32_t bits_size)
+{
+ Key *ptr = NULL;
+ uint32_t ret = 0;
+ if (0 != self->key_data_offset) {
+ LOG("Invalid parameters. (data=%p|data_size=%d|self->key_data_offset=%d",
+ data, data_size, self->key_data_offset);
+ return -1;
+ }
+ ret = KM_ParamsSerializeData(self, data, data_size, sizeof(Key), PSMagic_Key,
+ (Data **) &ptr);
+ if (ret != 0) {
+ return ret;
+ }
+ ptr->key_bits_size = bits_size;
+
+ self->key_data_offset = self->global_offset;
+ self->global_offset += sizeof(Key) + addAlignment(data_size);
+
+ return 0;
+}
+
+int KM_ParamsSerializeKeyId(SymmetricInput *self, const void *data, size_t data_size)
+{
+ KeyId *ptr = NULL;
+ uint32_t ret = 0;
+ if (0 != self->key_id_data_offset) {
+ LOG("Invalid parameters. (data=%p|data_size=%d|self->key_data_offset=%d",
+ data, data_size, self->key_id_data_offset);
+ return -1;
+ }
+ ret = KM_ParamsSerializeData(self, data, data_size, sizeof(KeyId), PSMagic_KeyId, &ptr);
+ if (ret != 0) {
+ return ret;
+ }
+
+ self->key_id_data_offset = self->global_offset;
+ self->global_offset += sizeof(KeyId) + addAlignment(data_size);
+
+ return 0;
+}
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file serialization.c
- * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
- * @version 1.0
- * @brief Implementaion of tee commands parameters serialization
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "serialization.h"
-
-#define LOG(...) printf(__VA_ARGS__);
-
-static size_t addAlignment(size_t size)
-{
- if (size == 0) return 0;
- return ((int) (size - 1) / 4) * 4 + 4;
-}
-
-
-static int KM_ParamsDeserializeData(void *self, uint32_t offset, uint32_t magic,
- uint32_t size, Data **out)
-{
- uint32_t curr_ptr = 0;
- Data *ptr = NULL;
- if (NULL == self || NULL == out) {
- LOG("Invalid input.");
- return -1;
- }
-
- if (0 == offset) {
- // There's no data so we return gently
- return 0;
- }
-
- curr_ptr = ((uint32_t) self) + offset;
- ptr = (Data *) curr_ptr;
-
- if (magic != ptr->magic) {
- LOG("Invalid magic.");
- return -1;
- }
-
- if (0 < ptr->data_size) {
- ptr->data = (void *) (curr_ptr + size);
- } else {
- ptr->data = NULL;
- }
- *out = ptr;
- return 0;
-}
-
-static int KM_ParamsSerializeData(SymmetricInput *self, const void *data, size_t data_size,
- uint32_t size, uint32_t magic, Data **ptr)
-{
- uint32_t curr_ptr = 0;
- Data *tmp = NULL;
- if (self == NULL) {
- LOG("Provided NULL serialization pointer");
- return -1;
- }
-
- if (self->buffer_size < self->global_offset + size + data_size) {
- LOG("Invalid parameters. ("
- "self->buffer_size < self->global_offset + size + data_size=%d < %d",
- self->buffer_size, self->global_offset + size + data_size);
- return -1;
- }
- curr_ptr = ((uint32_t) self) + self->global_offset;
- tmp = (Data *) curr_ptr;
-
- tmp->magic = magic;
- tmp->data_size = data_size;
- if (0 < tmp->data_size) {
- tmp->data = (void *)(curr_ptr + size);
- memcpy(tmp->data, data, data_size);
- } else {
- tmp->data = NULL;
- }
- *ptr = tmp;
-
- return 0;
-}
-
-void KM_ParamsDump(SymmetricInput *input, InputData *input_data, IVData *iv_data,
- Key *key_data, KeyId *key_id_data, AEData *ae_data, OutData *out_data,
- TagData *tag_data)
-{
- if (input) {
- LOG("buffer_size=%d key_data_offset=%d key_id_data_offset=%d input_data_offset=%d "
- "iv_data_offset=%d ae_data_offset=%d out_data_offset=%d tag_data_offset=%d| "
- "global_offset=%d", input->buffer_size, input->key_data_offset,
- input->key_id_data_offset, input->input_data_offset, input->iv_data_offset,
- input->ae_data_offset, input->out_data_offset, input->tag_data_offset,
- input->global_offset);
- }
- if (key_data) {
- LOG("Key=%p, key_size=%d, key_bits_size=%d", key_data->key.data, key_data->key.data_size,
- key_data->key_bits_size);
- }
- if (key_id_data) {
- LOG("Key_id=%p, key_id_size=%d", key_id_data->data, key_id_data->data_size);
- }
- if (iv_data) {
- LOG("IV=%p, iv_size=%d", iv_data->data, iv_data->data_size);
- }
- if (input_data) {
- LOG("Input=%p, input_size=%d", input_data->data, input_data->data_size);
- }
- if (ae_data) {
- LOG("aad.data=%p, aad.size=%d, tagLen=%d, AADLen=%d, payloadLen=%d", ae_data->aad.data,
- ae_data->aad.data_size, ae_data->tagLen, ae_data->AADLen, ae_data->payloadLen);
- }
- if (out_data) {
- LOG("Out=%p, out_size=%d", out_data->data, out_data->data_size);
- }
- if (tag_data) {
- LOG("Tag=%p, tag_size=%d", tag_data->data, tag_data->data_size);
- }
-}
-
-int KM_ParamsDeserializationInit(void *buffer, size_t buffer_size, SymmetricInput **out)
-{
- SymmetricInput *self = (SymmetricInput *) buffer;
- if (buffer == NULL) {
- LOG("Invalid input buffer");
- return -1;
- }
- if (sizeof(SymmetricInput) > buffer_size) {
- LOG("Serialization buffer not big enough.");
- return -1;
- }
- if (PSMagic_SymmetricInput != self->magic) {
- LOG("Invalid magic.");
- return -1;
- }
- if (self->buffer_size > buffer_size) {
- LOG("Serialized object was bigger than input buffer.");
- return -1;
- }
-
- *out = self;
- return 0;
-}
-
-int KM_ParamsDeserializeInputData(SymmetricInput *self, InputData **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->input_data_offset, PSMagic_InputData,
- sizeof(InputData), (Data**) out);
-}
-
-int KM_ParamsDeserializeIVData(SymmetricInput *self, IVData **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->iv_data_offset, PSMagic_IVData,
- sizeof(IVData), (Data**) out);
-}
-
-int KM_ParamsDeserializeAEData(SymmetricInput *self, AEData **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->ae_data_offset, PSMagic_AEData,
- sizeof(AEData), (Data**) out);
-}
-
-int KM_ParamsDeserializeOutData(SymmetricInput *self, OutData **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->out_data_offset, PSMagic_OutData,
- sizeof(OutData), (Data**) out);
-}
-
-int KM_ParamsDeserializeTagData(SymmetricInput *self, TagData **out)
-{
-
- return KM_ParamsDeserializeData((void *)self, self->tag_data_offset, PSMagic_TagData,
- sizeof(TagData), (Data**) out);
-}
-
-int KM_ParamsDeserializeKey(SymmetricInput *self, Key **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->key_data_offset, PSMagic_Key,
- sizeof(Key), (Data**) out);
-}
-
-int KM_ParamsDeserializeKeyId(SymmetricInput *self, KeyId **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->key_id_data_offset, PSMagic_KeyId,
- sizeof(KeyId), (Data**) out);
-}
-
-int KM_ParamsSerializationInit(void *buffer, size_t buffer_size, SymmetricInput **out)
-{
- SymmetricInput *self = (SymmetricInput *) buffer;
- if (buffer == NULL) {
- LOG("Invalid input buffer");
- return -1;
- }
- if (sizeof(SymmetricInput) > buffer_size) {
- LOG("Serialization buffer not big enough");
- return -1;
- }
-
- memset(self, 0, sizeof(SymmetricInput));
- self->magic = PSMagic_SymmetricInput;
- self->buffer_size = buffer_size;
- self->global_offset = sizeof(SymmetricInput);
- *out = self;
-
- return 0;
-}
-
-int KM_ParamsSerializeInputData(SymmetricInput *self, const void *data, size_t data_size)
-{
- Data *ptr = NULL;
- uint32_t ret = 0;
- if (0 != self->input_data_offset) {
- LOG("Invalid parameters. (data=%p|data_size=%d|self->input_data_offset=%d",
- data, data_size, self->input_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(InputData),
- PSMagic_InputData, &ptr);
- if (ret != 0) {
- return ret;
- }
- self->input_data_offset = self->global_offset;
- self->global_offset += sizeof(InputData) + addAlignment(data_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeIVData(SymmetricInput *self, const void *data, size_t data_size)
-{
- Data *ptr = NULL;
- uint32_t ret = 0;
- if (0 != self->iv_data_offset) {
- LOG("Invalid parameters. (data=%p|data_size=%d|self->iv_data_offset=%d",
- data, data_size, self->iv_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(IVData), PSMagic_IVData,
- &ptr);
- if (ret != 0) {
- return ret;
- }
-
- self->iv_data_offset = self->global_offset;
- self->global_offset += sizeof(IVData) + addAlignment(data_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeAEData(SymmetricInput *self, uint32_t tagLen, uint32_t AADLen,
- uint32_t payloadLen, const void *aad, size_t aad_size)
-{
- AEData *ptr = NULL;
- uint32_t ret = 0;
- if (0 != self->ae_data_offset) {
- LOG("Invalid parameters. (self->ae_data_offset=%d", self->ae_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, aad, aad_size, sizeof(AEData), PSMagic_AEData,
- (Data **) &ptr);
- if (ret != 0) {
- return ret;
- }
-
- ptr->tagLen = tagLen;
- ptr->AADLen = AADLen;
- ptr->payloadLen = payloadLen;
-
- self->ae_data_offset = self->global_offset;
- self->global_offset += sizeof(AEData) + addAlignment(aad_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeOutData(SymmetricInput *self, const void *data, size_t data_size)
-{
- Data *ptr = NULL;
- uint32_t ret = 0;
- if (0 != self->out_data_offset) {
- LOG("Invalid parameters. (data=%p|data_size=%d|self->out_data_offset=%d",
- data, data_size, self->out_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(OutData), PSMagic_OutData,
- &ptr);
- if (ret != 0) {
- return ret;
- }
-
- self->out_data_offset = self->global_offset;
- self->global_offset += sizeof(OutData) + addAlignment(data_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeTagData(SymmetricInput *self, const void *data, size_t data_size)
-{
- Data *ptr = NULL;
- uint32_t ret = 0;
- if (0 != self->tag_data_offset) {
- LOG("Invalid parameters. (data=%p|data_size=%d|self->tag_data_offset=%d",
- data, data_size, self->tag_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(TagData), PSMagic_TagData,
- &ptr);
- if (ret != 0) {
- return ret;
- }
-
- self->tag_data_offset = self->global_offset;
- self->global_offset += sizeof(TagData) + addAlignment(data_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeKey(SymmetricInput *self, const void *data, size_t data_size,
- uint32_t bits_size)
-{
- Key *ptr = NULL;
- uint32_t ret = 0;
- if (0 != self->key_data_offset) {
- LOG("Invalid parameters. (data=%p|data_size=%d|self->key_data_offset=%d",
- data, data_size, self->key_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(Key), PSMagic_Key,
- (Data **) &ptr);
- if (ret != 0) {
- return ret;
- }
- ptr->key_bits_size = bits_size;
-
- self->key_data_offset = self->global_offset;
- self->global_offset += sizeof(Key) + addAlignment(data_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeKeyId(SymmetricInput *self, const void *data, size_t data_size)
-{
- KeyId *ptr = NULL;
- uint32_t ret = 0;
- if (0 != self->key_id_data_offset) {
- LOG("Invalid parameters. (data=%p|data_size=%d|self->key_data_offset=%d",
- data, data_size, self->key_id_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(KeyId), PSMagic_KeyId, &ptr);
- if (ret != 0) {
- return ret;
- }
-
- self->key_id_data_offset = self->global_offset;
- self->global_offset += sizeof(KeyId) + addAlignment(data_size);
-
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file ca_km.h
- * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
- * @version 1.0
- * @brief
- */
-#ifndef __REE_CA_KM_H__
-#define __REE_CA_KM_H__
-
-typedef enum {
- CMD_NOP = 0,
- CMD_GENERATE_KEY,
- CMD_IMPORT_KEY,
- CMD_IMPORT_ENCRYPTED_KEY,
- CMD_ENCRYPT,
- CMD_DECRYPT,
- CMD_SIGN,
- CMD_VERIFY,
- CMD_GENERATE_IV,
- CMD_GENERATE_KEY_PWD,
-} tz_command;
-
-typedef enum {
- ALGO_NONE = 0,
- ALGO_AES_CTR,
- ALGO_AES_CBC,
- ALGO_AES_GCM,
- ALGO_AES_CFB, // TODO to implement
- ALGO_RSA_OAEP,
- ALGO_AES_GEN,
- ALGO_RSA_GEN,
-} tz_algo_type;
-
-// TODO this must be somehow confronted with TEE_OBJECT_ID_MAX_LEN
-#define KM_KEY_ID_SIZE 64
-
-// Errors
-#define KM_TA_SUCCESS 0
-#define KM_TA_ERROR_GENERIC 1
-#define KM_TA_ERROR_AUTH_FAILED 2
-
-#endif //__REE_CA_KM_H__
TEE_Result KM_ExecCmdAuth(uint32_t commandID, TEE_Param param[4]);
+TEE_Result KM_ExecCmdAsymmetric(uint32_t commandID, TEE_Param param[4]);
+
#endif // __CMD_EXEC_H__
\ No newline at end of file
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file km_ta_defines.h
+ * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
+ * @author Lukasz Kostyra (l.kostyra@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#ifndef __KM_TA_DEFINES_H__
+#define __KM_TA_DEFINES_H__
+
+typedef enum {
+ CMD_NOP = 0,
+ CMD_GENERATE_KEY,
+ CMD_IMPORT_KEY,
+ CMD_IMPORT_ENCRYPTED_KEY,
+ CMD_ENCRYPT,
+ CMD_DECRYPT,
+ CMD_SIGN,
+ CMD_VERIFY,
+ CMD_GENERATE_IV,
+ CMD_GENERATE_KEY_PWD,
+} tz_command;
+
+typedef enum {
+ ALGO_NONE = 0,
+ ALGO_AES_CTR,
+ ALGO_AES_CBC,
+ ALGO_AES_GCM,
+ ALGO_AES_CFB,
+ ALGO_RSA,
+ ALGO_DSA,
+ ALGO_ECDSA,
+ ALGO_AES_GEN,
+ ALGO_RSA_GEN,
+ ALGO_DSA_GEN,
+ ALGO_ECDSA_GEN,
+} tz_algo_type;
+
+// TODO this must be somehow confronted with TEE_OBJECT_ID_MAX_LEN
+#define KM_KEY_ID_SIZE 64
+
+// Errors
+#define KM_TA_SUCCESS 0
+#define KM_TA_ERROR_GENERIC 1
+#define KM_TA_ERROR_AUTH_FAILED 2
+
+// UUID
+#define KM_TA_UUID { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x66, 0x66, 0x66, 0x55, 0x55, 0x55} }
+
+#endif //__KM_TA_DEFINES_H__
+++ /dev/null
-/*
- * Copyright (c) 2016, Linaro Limited
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * The name of this file must not be modified
- */
-
-#ifndef USER_TA_HEADER_DEFINES_H
-#define USER_TA_HEADER_DEFINES_H
-
-#define TA_UUID { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x66, 0x66, 0x66, 0x55, 0x55, 0x55} }
-
-#define TA_FLAGS (TA_FLAG_MULTI_SESSION | TA_FLAG_EXEC_DDR)
-#define TA_STACK_SIZE (2 * 1024)
-#define TA_DATA_SIZE (32 * 1024)
-
-#define TA_CURRENT_TA_EXT_PROPERTIES \
- { "gp.ta.description", USER_TA_PROP_TYPE_STRING, \
- "KEY MANAGER TA" }, \
- { "gp.ta.version", USER_TA_PROP_TYPE_U32, &(const uint32_t){ 0x0010 } }
-
-#endif /*USER_TA_HEADER_DEFINES_H*/
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns="http://www.samsungdforum.com/ns/packages" >
+ <properties>
+ <!-- Trusted Application Configuration Properties GPD TEE Internal API Specification v1.0 -->
+ <general
+ appID="00000000000000000000666666555555"
+ singleInstance="true"
+ multiSession="true"
+ instanceKeepAlive="false"
+ stackSize="4096"
+ dataSize="4096" />
+
+ <!-- Extended TEE specific -->
+ <extension
+ appName="key-manager"
+ appVersion="1"
+ type="application"
+ zone="internal"
+ sdkVersion="2.0"
+ launchMode="debug" />
+ </properties>
+ <!-- Access Control Policy -->
+ <policy>
+ <privilege name = "key-manager-ta" />
+ <protectionDomain>
+ <createDomain name = "keymanagerta" />
+ <allowedDomain name = "keymanagerta" />
+ </protectionDomain>
+
+ <permission>
+ <uses-permission name="system.permission.STORAGE" />
+ <uses-permission name="system.permission.CRYPTO" />
+ </permission>
+ </policy>
+
+ <taEncryption>
+ <model>
+ <modelName value="Debug"/>
+ <plainkeydata value="Y2FlZTI3MGJlN2IwZjMyNTM3OWRlZDU0OGQxMGMwZmZiZmJhYTc5NTY5MzY3Y2Q5ZTIzZWNjMmZiY2ExOGViZg0K" />
+ </model>
+ </taEncryption>
+
+ <information>
+ <description> "Key manager Trusted Application." </description>
+ <author> "Samsung Electronics" </author>
+ <terms> "This sample Application is provided as is. All rights reserved." </terms>
+ <copyright> "Copyright (c) 2017 Samsung Electronics" </copyright>
+ </information>
+
+</manifest>
#include <stdlib.h>
#include <tee_internal_api.h>
-#include <tee_internal_api_extensions.h>
-#include <ca_km.h>
+#include <km_ta_defines.h>
#include <internal.h>
#include <crypto_symmetric.h>
#include <crypto_auth.h>
#include <crypto_derive.h>
-#include <serialization.h>
+#include <km_serialization.h>
#include <cmd_exec.h>
#include <log.h>
+#if TEF_BUILD_OPTEE
+#include <tee_internal_api_extensions.h>
+#endif
+
// random value to mark unsupported algorithm
#define KM_TA_ALG_AES_CFB 0x50005050
switch (algo) {
case ALGO_AES_GEN: return TEE_TYPE_AES;
case ALGO_RSA_GEN: return TEE_TYPE_RSA_KEYPAIR;
+ case ALGO_DSA_GEN: return TEE_TYPE_DSA_KEYPAIR;
default: return 0;
}
}
static uint32_t KM_Algo2TeeAlgo(int algo)
{
switch (algo) {
- case ALGO_AES_CTR: return TEE_ALG_AES_CTR;
+ case ALGO_AES_CTR: return TEE_ALG_AES_CTR_NOPAD;
case ALGO_AES_CBC: return TEE_ALG_AES_CBC_NOPAD;
case ALGO_AES_CFB: return KM_TA_ALG_AES_CFB;
case ALGO_AES_GCM: return TEE_ALG_AES_GCM;
+ case ALGO_RSA: return TEE_ALG_RSA_NOPAD;
default: return 0;
}
}
+static TEE_Result KM_DeserializeInput(void* buffer, uint32_t buffer_size, SymmetricInput **input,
+ InputData **input_data, IVData **iv_data,
+ KeyId **key_id_data, Key **key_data,
+ AEData **ae_data, TagData **tag_data)
+{
+ if (buffer == NULL) {
+ LOG("Provided invalid buffer for deserialization");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ if (input == NULL) {
+ LOG("Provided invalid SymmetricInput structure for deserialization");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ if (KM_ParamsDeserializationInit(buffer, buffer_size, input) != 0) {
+ LOG("Failed to initialize deserialization structure");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ if (input_data == NULL) {
+ LOG("Invalid input buffer deserialization structure");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ if (KM_ParamsDeserializeInputData(*input, input_data) != 0) {
+ LOG("Failed to deserialize input data");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ if (iv_data != NULL) {
+ if (KM_ParamsDeserializeIVData(*input, iv_data) != 0) {
+ LOG("Failed to deserialize IV data");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+ }
+
+ if (key_id_data != NULL) {
+ if (KM_ParamsDeserializeKeyId(*input, key_id_data) != 0) {
+ LOG("Failed to deserialize key ID data");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+ }
+
+ if (key_data != NULL) {
+ if (KM_ParamsDeserializeKey(*input, key_data) != 0) {
+ LOG("Failed to deserialize key data");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+ }
+
+ if (ae_data != NULL) {
+ if (KM_ParamsDeserializeAEData(*input, ae_data) != 0) {
+ LOG("Failed to deserialize AE data");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+ }
+
+ if (tag_data != NULL) {
+ if (KM_ParamsDeserializeTagData(*input, tag_data) != 0) {
+ LOG("Failed to deserialize tag data");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+ }
+
+ KM_ParamsDump(*input, *input_data, *iv_data, *key_data, *key_id_data, *ae_data, NULL, *tag_data);
+
+ if (*input_data == NULL) {
+ LOG("No InputData in input buffer");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ if (key_data != NULL && key_id_data != NULL) {
+ if (((*key_data) != NULL && (*key_id_data) != NULL) ||
+ ((*key_data) == NULL && (*key_id_data) == NULL)) {
+ LOG("You need to specify key or keyId. At least one and only one.");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+ }
+
+ return TEE_SUCCESS;
+}
+
TEE_Result KM_ExecCmdGenerateKey(TEE_Param param[4])
{
TEE_Result ret = TEE_SUCCESS;
TEE_Result KM_ExecCmdGenerateKeyPwd(TEE_Param param[4])
{
+#if TEF_BUILD_OPTEE
TEE_Result ret = TEE_SUCCESS;
TEE_ObjectHandle derivedKey = TEE_HANDLE_NULL;
TEE_OperationHandle op = TEE_HANDLE_NULL;
goto clean;
}
- if (KM_ParamsDeserializationInit(param[1].memref.buffer, param[1].memref.size, &input) != 0
- || KM_ParamsDeserializeInputData(input, &input_data) != 0
- || KM_ParamsDeserializeIVData(input, &iv_data) != 0) {
- LOG("Failed to deserialize input data");
+ ret = KM_DeserializeInput(param[1].memref.buffer, param[1].memref.size,
+ &input, &input_data, &iv_data, NULL, NULL, NULL, NULL);
+ if (ret != TEE_SUCCESS) {
+ LOG("Failed to deserialize data from input buffer");
ret = TEE_ERROR_BAD_PARAMETERS;
goto clean;
}
if (op != TEE_HANDLE_NULL) TEE_FreeOperation(op);
free(objId);
return ret;
+#else
+ return TEE_ERROR_NOT_SUPPORTED;
+#endif
}
TEE_Result KM_ExecCmdSymmetric(uint32_t commandID, TEE_Param param[4])
return TEE_ERROR_BAD_PARAMETERS;
}
- if (0 != KM_ParamsDeserializationInit(param[1].memref.buffer, param[1].memref.size, &input)
- || 0 != KM_ParamsDeserializeInputData(input, &input_data)
- || 0 != KM_ParamsDeserializeIVData(input, &iv_data)
- || 0 != KM_ParamsDeserializeKeyId(input, &key_id_data)
- || 0 != KM_ParamsDeserializeKey(input, &key_data)) {
- return TEE_ERROR_BAD_PARAMETERS;
- }
-
- KM_ParamsDump(input, input_data, iv_data, key_data, key_id_data, NULL, NULL, NULL);
-
- if (!input_data) {
- LOG("There need to be InputData!");
- return TEE_ERROR_BAD_PARAMETERS;
- }
-
- if ((NULL != key_data && NULL != key_id_data) || (NULL == key_data && NULL == key_id_data)) {
- LOG("You need to specify key or keyId. At least one and only one.");
+ ret = KM_DeserializeInput(param[1].memref.buffer, param[1].memref.size,
+ &input, &input_data, &iv_data, &key_id_data,
+ &key_data, NULL, NULL);
+ if (ret != TEE_SUCCESS) {
+ LOG("Failed to deserialize data from input buffer");
return TEE_ERROR_BAD_PARAMETERS;
}
out_size_pad = AES_BLOCK_SIZE - (input_data->data_size % AES_BLOCK_SIZE);
- if (out_size_pad == AES_BLOCK_SIZE)
- out_size_pad = 0;
-
out_size = input_data->data_size + out_size_pad;
out = malloc(out_size);
if (out == NULL) {
// create empty (zeroed) IV based on AES block size
ownIVFlag = 1;
iv_size = AES_BLOCK_SIZE;
- iv = malloc(iv_size);
+ iv = (uint32_t*)malloc(iv_size);
if (iv == NULL) {
LOG("Failed to allocate IV buffer");
ret = TEE_ERROR_OUT_OF_MEMORY;
goto clean;
}
- ret = KM_SymmetricCrypt(operation, iv, iv_size, input_data->data, input_data->data_size, out, &out_size);
+ ret = KM_SymmetricCrypt(operation, iv, iv_size, input_data->data, input_data->data_size,
+ out, &out_size);
}
if (TEE_SUCCESS != ret) {
goto clean;
}
- out_size -= out_size_pad;
LOGD("LKDEBUG out_size = %u", out_size);
if (0 != KM_ParamsSerializationInit(param[2].memref.buffer, param[2].memref.size, &input)
return TEE_ERROR_BAD_PARAMETERS;
}
- if (0 != KM_ParamsDeserializationInit(param[1].memref.buffer, param[1].memref.size, &input)
- || 0 != KM_ParamsDeserializeInputData(input, &input_data)
- || 0 != KM_ParamsDeserializeIVData(input, &iv_data)
- || 0 != KM_ParamsDeserializeKey(input, &key_data)
- || 0 != KM_ParamsDeserializeKeyId(input, &key_id_data)
- || 0 != KM_ParamsDeserializeAEData(input, &ae_data)
- || 0 != KM_ParamsDeserializeTagData(input, &tag_data)) {
- return TEE_ERROR_BAD_PARAMETERS;
- }
- if (!ae_data || !input_data) {
- LOG("There need to be AEData or InputData!");
+ ret = KM_DeserializeInput(param[1].memref.buffer, param[1].memref.size,
+ &input, &input_data, &iv_data, &key_id_data,
+ &key_data, &ae_data, &tag_data);
+ if (ret != TEE_SUCCESS) {
+ LOG("Failed to deserialize data from input buffer");
return TEE_ERROR_BAD_PARAMETERS;
}
return TEE_ERROR_BAD_PARAMETERS;
}
- KM_ParamsDump(input, input_data, iv_data, key_data, NULL, ae_data, NULL, tag_data);
- if ((NULL != key_data && NULL != key_id_data) || (NULL == key_data && NULL == key_id_data)) {
- LOG("You need to specify key or keyId. At least one and only one.");
- return TEE_ERROR_BAD_PARAMETERS;
- }
-
if (KM_CheckAESMode(algo, ae_data->tagLen)) {
LOG("Tag has invalid length. (tagLen=%d)", ae_data->tagLen);
return TEE_ERROR_BAD_PARAMETERS;
if (hndl != TEE_HANDLE_NULL) TEE_FreeOperation(hndl);
return ret;
}
+
+TEE_Result KM_ExecCmdAsymmetric(uint32_t commandID, TEE_Param param[4])
+{
+ TEE_Result ret = TEE_SUCCESS;
+ TEE_OperationHandle operation = TEE_HANDLE_NULL;
+ SymmetricInput *input = NULL;
+ InputData *input_data = NULL;
+ IVData *iv_data = NULL;
+ KeyId *key_id_data = NULL;
+ Key *key_data = NULL;
+ char ownIVFlag = 0;
+
+ uint32_t *iv = NULL;
+ uint32_t iv_size = 0;
+ void *out = NULL;
+ uint32_t out_size = 0;
+ uint32_t out_size_pad = 0;
+
+ uint32_t type = 0;
+ uint32_t algo = KM_Algo2TeeAlgo(param[0].value.a);
+ uint32_t mode = KM_Cmd2TeeMode(commandID);
+
+ if (algo == 0) {
+ LOG("Unsupported algorithm provided: %u", algo);
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ ret = KM_DeserializeInput(param[1].memref.buffer, param[1].memref.size,
+ &input, &input_data, &iv_data, &key_id_data,
+ &key_data, NULL, NULL);
+ if (ret != TEE_SUCCESS) {
+ LOG("Failed to deserialize data from input buffer");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ out_size_pad = AES_BLOCK_SIZE - (input_data->data_size % AES_BLOCK_SIZE);
+ out_size = input_data->data_size + out_size_pad;
+ out = malloc(out_size);
+ if (out == NULL) {
+ LOG("Failed to allocate output buffer");
+ ret = TEE_ERROR_OUT_OF_MEMORY;
+ goto clean;
+ }
+
+ if (iv_data) {
+ iv = iv_data->data;
+ iv_size = iv_data->data_size;
+ } else {
+ // create empty (zeroed) IV based on AES block size
+ ownIVFlag = 1;
+ iv_size = AES_BLOCK_SIZE;
+ iv = malloc(iv_size);
+ if (iv == NULL) {
+ LOG("Failed to allocate IV buffer");
+ ret = TEE_ERROR_OUT_OF_MEMORY;
+ goto clean;
+ }
+ memset(iv, 0x00, iv_size);
+ }
+
+ if (algo == KM_TA_ALG_AES_CFB) {
+ ret = KM_SymmetricCrypt_AES_CFB(key_id_data->data, key_id_data->data_size, mode, iv, iv_size,
+ input_data->data, input_data->data_size, out, &out_size);
+ } else {
+ if (key_id_data) {
+ ret = KM_CreateOperationWithKeyId(key_id_data->data, key_id_data->data_size, mode, algo, &operation);
+ } else if (key_data) {
+ type = KM_AlgoType2TeeType(param[0].value.a);
+ ret = KM_CreateOperationWithKey(key_data->key.data, key_data->key.data_size, type, mode,
+ algo, key_data->key_bits_size, &operation);
+ }
+
+ if (TEE_SUCCESS != ret) {
+ goto clean;
+ }
+
+ ret = KM_SymmetricCrypt(operation, iv, iv_size, input_data->data, input_data->data_size,
+ out, &out_size);
+ }
+
+ if (TEE_SUCCESS != ret) {
+ goto clean;
+ }
+
+ LOG("LKDEBUG out_size = %u", out_size);
+
+ if (0 != KM_ParamsSerializationInit(param[2].memref.buffer, param[2].memref.size, &input)
+ || 0 != KM_ParamsSerializeOutData(input, out, out_size)) {
+ ret = TEE_ERROR_BAD_PARAMETERS;
+ }
+
+clean:
+ free(out);
+ if (ownIVFlag) free(iv);
+ if (operation != TEE_HANDLE_NULL) TEE_FreeOperation(operation);
+ return ret;
+}
*/
#include <crypto_derive.h>
-#include <tee_internal_api_extensions.h>
#include <log.h>
+#ifdef TEF_BUILD_OPTEE
+#include <tee_internal_api_extensions.h>
+#endif
+
const uint32_t ITERATION_COUNT = 1024;
TEE_Result KM_DeriveKey(TEE_OperationHandle op, void *salt, uint32_t salt_size,
uint32_t key_bits_size, TEE_ObjectHandle* out_key)
{
- TEE_Result ret = TEE_SUCCESS;
+ TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
+
+#ifdef TEF_BUILD_OPTEE
+ // TODO implement natively
const uint32_t ATTRIBUTE_COUNT = 3;
TEE_Attribute attrs[ATTRIBUTE_COUNT];
TEE_ObjectHandle derived_key = TEE_HANDLE_NULL;
TEE_DeriveKey(op, attrs, ATTRIBUTE_COUNT, derived_key);
*out_key = derived_key;
+#endif
return ret;
}
{
TEE_Result ret = TEE_SUCCESS;
+ LOG("Cipher init");
TEE_CipherInit(hndl, iv, iv_size);
+ LOG("Cipher do final");
ret = TEE_CipherDoFinal(hndl, input, input_size, output, output_size);
if (TEE_SUCCESS != ret) {
LOG("TEE_CipherDoFinal has failed with=%x.", ret);
return ret;
}
+ LOG("Cipher done");
return ret;
}
#include <internal.h>
#include <log.h>
-#include <tee_internal_api_extensions.h>
#include <stdlib.h>
{
TEE_Attribute attr;
TEE_Result ret = TEE_SUCCESS;
-
+/*
if (tee_key_type == TEE_TYPE_PBKDF2_PASSWORD)
TEE_InitRefAttribute(&attr, TEE_ATTR_PBKDF2_PASSWORD, key, key_size);
- else
- TEE_InitRefAttribute(&attr, TEE_ATTR_SECRET_VALUE, key, key_size);
+ else*/
+ TEE_InitRefAttribute(&attr, TEE_ATTR_SECRET_VALUE, key, key_size);
ret = TEE_AllocateTransientObject(tee_key_type, key_bits_size, hndl);
if (TEE_SUCCESS != ret) {
ret = TEE_AllocateTransientObject(tee_key_type, key_bits_size, hndl);
if (TEE_SUCCESS != ret) {
- LOG("TEE_AllocateTransientObject has failed with=%x. %x %u", ret, tee_key_type, key_bits_size);
+ LOG("TEE_AllocateTransientObject has failed with=%x. key_type = %x size_bits = %u",
+ ret, tee_key_type, key_bits_size);
return ret;
}
+
ret = TEE_GenerateKey(*hndl, key_bits_size, NULL, 0);
if (TEE_SUCCESS != ret) {
LOG("TEE_GenerateKey has failed with=%x.", ret);
return ret;
}
- LOG("OpKey: %p %p", (void*)*hndl, (void*)op_key_hndl);
ret = TEE_SetOperationKey(*hndl, op_key_hndl);
if (TEE_SUCCESS != ret) {
LOG("TEE_SetOperationKey has failed with=%x.", ret);
TEE_GetObjectInfo(key, &keyInfo);
- ret = KM_CreateOperation(key, algo, mode, keyInfo.keySize, oper_hndl);
+ ret = KM_CreateOperation(key, algo, mode, keyInfo.objectSize, oper_hndl);
TEE_CloseObject(key);
if (TEE_SUCCESS != ret) {
TEE_Result ret = TEE_SUCCESS;
TEE_ObjectHandle pers_handl;
uint32_t flags =
- TEE_DATA_FLAG_ACCESS_WRITE | TEE_DATA_FLAG_OVERWRITE;
+ TEE_DATA_FLAG_ACCESS_READ | TEE_DATA_FLAG_ACCESS_WRITE | TEE_DATA_FLAG_OVERWRITE;
TEE_GenerateRandom(objId, objId_size);
LOGD("LKDEBUG Key info:");
LOGD(" objType: %x", info.objectType);
- LOGD(" keySize: %x", info.keySize);
- LOGD(" maxKeySize: %x", info.maxKeySize);
+ LOGD(" objectSize: %x", info.objectSize);
+ LOGD(" maxObjectSize: %x", info.maxObjectSize);
LOGD(" objectUsage: %x", info.objectUsage);
LOGD(" dataSize: %x", info.dataSize);
LOGD(" dataPosition: %x", info.dataPosition);
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file ta_km.c
+ * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
+ * @version 1.0
+ * @brief
+ */
+
+#include <tee_internal_api.h>
+#include <km_ta_defines.h>
+#include <cmd_exec.h>
+#include <log.h>
+#include <internal.h>
+
+#ifdef S_VAR_NOT_USED
+#undef S_VAR_NOT_USED
+#endif // S_VAR_NOT_USED
+
+#define S_VAR_NOT_USED(variable) do { (void)(variable); } while (0);
+
+TEE_Result TA_CreateEntryPoint(void)
+{
+ return TEE_SUCCESS;
+}
+
+void TA_DestroyEntryPoint(void)
+{
+}
+
+TEE_Result TA_OpenSessionEntryPoint(uint32_t paramTypes, TEE_Param params[4], void **sessionContext)
+{
+ S_VAR_NOT_USED(paramTypes);
+ S_VAR_NOT_USED(params);
+ S_VAR_NOT_USED(sessionContext);
+ return TEE_SUCCESS;
+}
+
+void TA_CloseSessionEntryPoint(void *sessionContext)
+{
+ S_VAR_NOT_USED(sessionContext);
+}
+
+TEE_Result TA_InvokeCommandEntryPoint(void *sessionContext, uint32_t commandID, uint32_t param_types,
+ TEE_Param param[4])
+{
+ TEE_Result ret = TEE_SUCCESS;
+ S_VAR_NOT_USED(sessionContext);
+ S_VAR_NOT_USED(param_types);
+
+ switch (commandID) {
+ case CMD_GENERATE_KEY:
+ LOGD("!!! Generate key !!!");
+ ret = KM_ExecCmdGenerateKey(param);
+ break;
+ case CMD_GENERATE_IV:
+ LOGD("!!! Generate IV !!!");
+ KM_GenerateIV(param[1].memref.buffer, param[1].memref.size);
+ break;
+ case CMD_GENERATE_KEY_PWD:
+ LOGD("!!! Generate PWD !!!");
+ ret = KM_ExecCmdGenerateKeyPwd(param);
+ break;
+ case CMD_ENCRYPT:
+ case CMD_DECRYPT:
+ LOGD("!!! %scrypt !!!", (commandID == CMD_ENCRYPT) ? "En" : "De");
+ if (ALGO_AES_CTR != param[0].value.a &&
+ ALGO_AES_CBC != param[0].value.a &&
+ ALGO_AES_GCM != param[0].value.a &&
+ ALGO_AES_CFB != param[0].value.a &&
+ ALGO_RSA != param[0].value.a) {
+ LOG("Invalid key type=%d for command=%d.", param[0].value.a, commandID);
+ ret = TEE_ERROR_BAD_PARAMETERS;
+ break;
+ }
+ if (ALGO_AES_GCM == param[0].value.a) {
+ ret = KM_ExecCmdAuth(commandID, param);
+ } else if (ALGO_RSA == param[0].value.a) {
+ ret = KM_ExecCmdAsymmetric(commandID, param);
+ } else {
+ ret = KM_ExecCmdSymmetric(commandID, param);
+ }
+ break;
+ default:
+ LOG("Unknown commandID=%d.", commandID);
+ ret = TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ // inform about successful operation, or about an error in authorization
+ // TEEC API has less return codes than TEE, so about some exceptional
+ // situations (like authorization failure) we must inform user in other ways
+ LOGD("Return value: %x", ret);
+ param[0].value.a = KM_TA_SUCCESS;
+ if (ret != TEE_SUCCESS) {
+ switch (ret) {
+ case TEE_ERROR_MAC_INVALID:
+ // error during auth cipher - revert return to success because
+ // TEE Client API does not support this error code and inform
+ // about it thorugh our own TA-specific return value
+ ret = TEE_SUCCESS;
+ param[0].value.a = KM_TA_ERROR_AUTH_FAILED;
+ break;
+ default:
+ // other errors can be added here as we need
+ param[0].value.a = KM_TA_ERROR_GENERIC;
+ break;
+ }
+ }
+
+ return ret;
+}
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file ta_km.c
- * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
- * @version 1.0
- * @brief
- */
-
-#include <tee_internal_api.h>
-#include <tee_internal_api_extensions.h>
-#include <ca_km.h>
-#include <cmd_exec.h>
-#include <log.h>
-#include <internal.h>
-
-#ifdef S_VAR_NOT_USED
-#undef S_VAR_NOT_USED
-#endif // S_VAR_NOT_USED
-
-#define S_VAR_NOT_USED(variable) do { (void)(variable); } while (0);
-
-TEE_Result TA_CreateEntryPoint(void)
-{
- return TEE_SUCCESS;
-}
-
-void TA_DestroyEntryPoint(void)
-{
-}
-
-TEE_Result TA_OpenSessionEntryPoint(uint32_t paramTypes, TEE_Param params[4], void **sessionContext)
-{
- S_VAR_NOT_USED(paramTypes);
- S_VAR_NOT_USED(params);
- S_VAR_NOT_USED(sessionContext);
- return TEE_SUCCESS;
-}
-
-void TA_CloseSessionEntryPoint(void *sessionContext)
-{
- S_VAR_NOT_USED(sessionContext);
-}
-
-TEE_Result TA_InvokeCommandEntryPoint(void *sessionContext, uint32_t commandID, uint32_t param_types,
- TEE_Param param[4])
-{
- TEE_Result ret = TEE_SUCCESS;
- S_VAR_NOT_USED(sessionContext);
- S_VAR_NOT_USED(param_types);
-
- switch (commandID) {
- case CMD_GENERATE_KEY:
- LOGD("!!! Generate key !!!");
- ret = KM_ExecCmdGenerateKey(param);
- break;
- case CMD_GENERATE_IV:
- LOGD("!!! Generate IV !!!");
- KM_GenerateIV(param[1].memref.buffer, param[1].memref.size);
- break;
- case CMD_GENERATE_KEY_PWD:
- LOGD("!!! Generate PWD !!!");
- ret = KM_ExecCmdGenerateKeyPwd(param);
- break;
- case CMD_ENCRYPT:
- case CMD_DECRYPT:
- LOGD("!!! %scrypt !!!", (commandID == CMD_ENCRYPT) ? "En" : "De");
- if (ALGO_AES_CTR != param[0].value.a &&
- ALGO_AES_CBC != param[0].value.a &&
- ALGO_AES_GCM != param[0].value.a &&
- ALGO_AES_CFB != param[0].value.a &&
- ALGO_RSA_OAEP != param[0].value.a) {
- LOG("Invalid key type=%d for command=%d.", param[0].value.a, commandID);
- ret = TEE_ERROR_BAD_PARAMETERS;
- break;
- }
- if (ALGO_AES_GCM == param[0].value.a) {
- ret = KM_ExecCmdAuth(commandID, param);
- } else {
- ret = KM_ExecCmdSymmetric(commandID, param);
- }
- break;
- default:
- LOG("Unknown commandID=%d.", commandID);
- ret = TEE_ERROR_BAD_PARAMETERS;
- }
-
- // inform about successful operation, or about an error in authorization
- // TEEC API has less return codes than TEE, so about some exceptional
- // situations (like authorization failure) we must inform user in other ways
- LOGD("Return value: %x", ret);
- param[0].value.a = KM_TA_SUCCESS;
- if (ret != TEE_SUCCESS) {
- switch (ret) {
- case TEE_ERROR_MAC_INVALID:
- // error during auth cipher - revert return to success because
- // TEE Client API does not support this error code and inform
- // about it thorugh our own TA-specific return value
- ret = TEE_SUCCESS;
- param[0].value.a = KM_TA_ERROR_AUTH_FAILED;
- break;
- default:
- // other errors can be added here as we need
- param[0].value.a = KM_TA_ERROR_GENERIC;
- break;
- }
- }
-
- return ret;
-}
projects / platform / core / security / trusted / key-manager-ta.git / commitdiff