+CFG_TEE_TA_LOG_LEVEL ?= 4
-.NOTPARALLEL:
-.PHONY: ta host
+CFLAGS += -DCFG_TEE_TA_LOG_LEVEL=$(CFG_TEE_TA_LOG_LEVEL)
+CFLAGS32 := $(patsubst -march=%, , $(CFLAGS)) -fno-exceptions
+CFLAGS64 := $(CFLAGS32)
+CFLAGS := $(CFLAGS64)
-all: ta serialization-clean host
+# The UUID for the Trusted Application
+BINARY = 00000000-0000-0000-0000-666666555555
-clean: ta-clean host-clean
+libdirs += $(shell gcc -print-search-dirs | grep "install" | sed 's/install: //')
+libnames += gcc_eh
-ta:
- $(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)"
+include $(TA_DEV_KIT_DIR)/mk/ta_dev_kit.mk
-host:
- $(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)"
-
-serialization-clean:
- rm -rf serialization/*.o
-
-host-clean:
- $(MAKE) -C host clean
-
-ta-clean:
- $(MAKE) -C ta clean
+CURR_DIR = serialization
+include $(CURR_DIR)/serialization.mk
\ No newline at end of file
OBJDUMP = $(CROSS_COMPILE)objdump
READELF = $(CROSS_COMPILE)readelf
-OBJS = ca_km.o ../serialization/serialization.o
+OBJS = ca_km.o
-CFLAGS += -Wall -I../ta/include -I$(TEEC_EXPORT)/include -I../serialization/
-#Add/link other required libraries here
-LDADD += -lteec -L$(TEEC_EXPORT)/lib
+CFLAGS += -Wall -I/usr/include
+LDADD += -L/usr/lib/ -lkm_serialization -lteec
BINARY = km_ca
$(CC) $(CFLAGS) -c $< -o $@
$(BINARY): $(OBJS)
- $(CC) $(LDADD) -o $@ $(OBJS)
+ $(CC) $(LDADD) $(OBJS) -o $@
clean:
rm -f $(OBJS) $(BINARY)
.clockSeqAndNode = {0x0, 0x0, 0x66, 0x66, 0x66, 0x55, 0x55, 0x55},
};
+/*
#define LOG(format, arg...) do{ struct timespec tm; clock_gettime(CLOCK_REALTIME,&tm); \
fprintf(stderr,"%lu.%lu %s:%d:", tm.tv_sec%100, tm.tv_nsec,strrchr(__FILE__,'/')+1,__LINE__); \
fprintf(stderr,format,##arg);}while(0)
+*/
+#define LOG(format, arg...) do{fprintf(stderr,format,##arg);}while(0)
+
void printhex(const void *buf, unsigned len) {
unsigned i;
TEEC_SharedMemory *message_i, TEEC_SharedMemory *message_o, uint32_t *out_size) {
return send_symmetric_cmd(session, CMD_DECRYPT, key_type, algo, message_i, message_o, out_size);
}
-/*
-static TEEC_Result generate_test(TEEC_Context *context) {
- TEEC_Result ret;
- TEEC_Session session;
- uint32_t returnOrigin;
- unsigned n = 0;
-
- LOG("TEEC_OpenSession\n");
- ret = TEEC_OpenSession(context, &session, &km_uuid, 0, NULL, NULL, &returnOrigin);
- if (ret != TEEC_SUCCESS) {
- return ret;
- }
- ++n;
- do {
- ret = key_generate(context, &session, KEY_TYPE_DES, 56, NULL, NULL);
- LOG("%d key_generate returned %x\n", n, ret);
- if (ret != TEEC_SUCCESS) {
- break;
- }
- ++n;
- ret = key_generate(context, &session, KEY_TYPE_DES3, 112, NULL, NULL);
- LOG("%d key_generate returned %x\n", n, ret);
- if (ret != TEEC_SUCCESS) {
- break;
- }
- ++n;
- ret = key_generate(context, &session, KEY_TYPE_AES, 128, NULL, NULL);
- LOG("%d key_generate returned %x\n", n, ret);
- if (ret != TEEC_SUCCESS) {
- break;
- }
- } while (0);
-
- LOG("TEEC_CloseSession\n");
- TEEC_CloseSession(&session);
-
- return ret;
-}
-*/
static int serialize_all(void *buffer, uint32_t buffer_size, void *input, uint32_t input_size,
void *iv, uint32_t iv_size, void *key_id, uint32_t key_id_size, void *key,
uint32_t key_size, uint32_t key_bits_size, uint32_t tagLen,
goto out;
}
- LOG("generate_test\n");
-// ret = generate_test(&context);
LOG("all_symmetric_test\n");
ret = all_symmetric_test(&context);
LOG("all_symmetric_test failed:%d\n", ret);
- LOG(":TEEC_FinalizeContext;\n");
+ LOG("TEEC_FinalizeContext;\n");
TEEC_FinalizeContext(&context);
out: return (ret != TEEC_SUCCESS);
}
--- /dev/null
+<manifest>
+ <assign>
+ <filesystem path="/usr/bin/km_ca" exec_label="_" />
+ </assign>
+ <request>
+ <domain name="_" />
+ </request>
+</manifest>
--- /dev/null
+%define ta_dev_kit_dir /opt/optee/export-ta_arm%{__isa_bits}
+
+Name: key-manager-ca
+Summary: Central Key Manager Trusted Application
+Version: 0.1.24
+Release: 1
+Group: Security/Secure Storage
+License: Apache-2.0 and BSL-1.0 and BSD-3-Clause
+Source0: %{name}-%{version}.tar.gz
+Source1: %{name}.manifest
+
+Provides: %{name}
+
+BuildRequires: python
+BuildRequires: openssl
+BuildRequires: key-manager-ta-serialization
+BuildRequires: optee-client
+
+%description
+Key Manager Trusted Application working in the ARM® TrustZone® environment.
+
+%prep
+%setup -q
+
+%build
+make -C host CROSS_COMPILE=""
+
+%install
+mkdir -p %{buildroot}/%{_bindir}/
+cp -rf host/km_ca %{buildroot}/%{_bindir}/
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(-, root, root, -)
+%manifest packaging/%{name}.manifest
+%{_bindir}/km_ca
--- /dev/null
+<manifest>
+ <request>
+ <domain name="_" />
+ </request>
+</manifest>
--- /dev/null
+<manifest>
+ <request>
+ <domain name="_" />
+ </request>
+</manifest>
--- /dev/null
+%define ta_dev_kit_dir /opt/optee/export-ta_arm%{__isa_bits}
+
+Name: key-manager-ta
+Summary: Central Key Manager Trusted Application
+Version: 0.1.24
+Release: 1
+Group: Security/Secure Storage
+License: Apache-2.0 and BSL-1.0 and BSD-3-Clause
+Source0: %{name}-%{version}.tar.gz
+Source1: %{name}.manifest
+Source2: key-manager-ta-serialization.manifest
+
+Provides: %{name}
+
+BuildRequires: python
+BuildRequires: openssl
+BuildRequires: optee-os-ta
+
+%description
+Key Manager Trusted Application working in the ARM® TrustZone® environment.
+
+%package -n key-manager-ta-serialization
+Summary: Key Manager Trusted Application serialization library
+Group: Security/Secure Storage
+License: Apache-2.0 and BSL-1.0 and BSD-3-Clause
+Provides: libkm_serialization.so
+
+%description -n key-manager-ta-serialization
+Key Manager Trusted Application serialization library
+
+%prep
+%setup -q
+cp -a %{SOURCE1} .
+cp -a %{SOURCE2} .
+
+%build
+make TA_DEV_KIT_DIR=%{ta_dev_kit_dir}
+make TA_DEV_KIT_DIR=%{ta_dev_kit_dir} serialization/libkm_serialization.so
+
+%install
+mkdir -p %{buildroot}/%{_includedir}
+mkdir -p %{buildroot}/%{_libdir}/optee_armtz
+cp *.ta %{buildroot}/%{_libdir}/optee_armtz/
+cp serialization/libkm_serialization.so %{buildroot}/%{_libdir}/
+cp -rf serialization/include/* %{buildroot}/%{_includedir}
+
+%clean
+rm -rf %{buildroot}
+
+%files -n key-manager-ta-serialization
+%manifest key-manager-ta-serialization.manifest
+%defattr(-, root, root, -)
+#%manifest packaging/key-manager-ta-serialization.manifest
+%{_includedir}
+%{_libdir}/libkm_serialization.so
+
+%files -n key-manager-ta
+%manifest %{name}.manifest
+%defattr(-, root, root, -)
+#%manifest packaging/%{name}.manifest
+%{_libdir}/optee_armtz
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file serialization.h
+ * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
+ * @version 1.0
+ * @brief Implementaion of tee commands parameters serialization
+ */
+#ifndef __PARAMS_SERIALIZATION_H__
+#define __PARAMS_SERIALIZATION_H__
+
+#include <stdint.h>
+
+typedef enum KM_ParamsMagic {
+ PSMagic_SymmetricInput = 0x542345,
+ PSMagic_InputData = 0x575445,
+ PSMagic_IVData = 0x445234,
+ PSMagic_AEData = 0x810891,
+ PSMagic_OutData = 0x721513,
+ PSMagic_TagData = 0x721513,
+ PSMagic_Key = 0x946704,
+ PSMagic_KeyId = 0x946704
+} PSMagic;
+
+typedef struct Data_ {
+ uint32_t magic;
+ uint32_t data_size;
+ void *data;
+} Data;
+
+typedef struct Data_ InputData;
+
+typedef struct Data_ OutData;
+
+typedef struct Data_ IVData;
+
+typedef struct Data_ KeyId;
+
+typedef struct Data_ TagData;
+
+typedef struct AEData_ {
+ Data tag;
+ uint32_t tagLen;
+ uint32_t AADLen;
+ uint32_t payloadLen;
+} AEData;
+
+typedef struct Key_ {
+ Data key;
+ uint32_t key_bits_size;
+} Key;
+
+typedef struct SymmetricInput_ {
+ uint32_t magic;
+ uint32_t buffer_size;
+ uint32_t key_data_offset;
+ uint32_t key_id_data_offset;
+ uint32_t input_data_offset;
+ uint32_t iv_data_offset;
+ uint32_t ae_data_offset;
+ uint32_t out_data_offset;
+ uint32_t tag_data_offset;
+ uint32_t global_offset;
+} SymmetricInput;
+
+void KM_ParamsDump(SymmetricInput *input, InputData *input_data, IVData *iv_data,
+ Key *key_data, KeyId *key_id_data, AEData *ae_data, OutData *out_data,
+ TagData *tag_data);
+
+int KM_ParamsDeserializationInit(void *buffer, size_t buffer_size, SymmetricInput **out);
+int KM_ParamsDeserializeInputData(SymmetricInput *self, InputData **out);
+int KM_ParamsDeserializeIVData(SymmetricInput *self, IVData **out);
+int KM_ParamsDeserializeAEData(SymmetricInput *self, AEData **out);
+int KM_ParamsDeserializeOutData(SymmetricInput *self, OutData **out);
+int KM_ParamsDeserializeTagData(SymmetricInput *self, TagData **out);
+int KM_ParamsDeserializeKey(SymmetricInput *self, Key **out);
+int KM_ParamsDeserializeKeyId(SymmetricInput *self, KeyId **out);
+
+int KM_ParamsSerializationInit(void *buffer, size_t buffer_size, SymmetricInput **out);
+int KM_ParamsSerializeInputData(SymmetricInput *self, void *data, uint32_t data_size);
+int KM_ParamsSerializeIVData(SymmetricInput *self, void *data, uint32_t data_size);
+int KM_ParamsSerializeAEData(SymmetricInput *self, uint32_t tagLen, uint32_t AADLen,
+ uint32_t payloadLen, void *tag, uint32_t tag_size);
+int KM_ParamsSerializeOutData(SymmetricInput *self, void *data, size_t data_size);
+
+int KM_ParamsSerializeTagData(SymmetricInput *self, void *data, size_t data_size);
+
+int KM_ParamsSerializeKey(SymmetricInput *self, void *data, size_t data_size,
+ size_t bits_size);
+
+int KM_ParamsSerializeKeyId(SymmetricInput *self, void *data, size_t data_size);
+
+#endif //__PARAMS_SERIALIZATION_H__
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file serialization.c
- * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
- * @version 1.0
- * @brief Implementaion of tee commands parameters serialization
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "serialization.h"
-
-#define LOG printf
-
-#define LOG_ERR(...) LOG("%s:", __func__); LOG(__VA_ARGS__); LOG(" \n")
-
-static size_t addAlignment(size_t size)
-{
- if (size == 0) return 0;
- return ((int) (size - 1) / 4) * 4 + 4;
-}
-
-
-static int KM_ParamsDeserializeData(void *self, uint32_t offset, uint32_t magic,
- uint32_t size, Data **out)
-{
- uint32_t curr_ptr = 0;
- Data *ptr = NULL;
- if (NULL == self || NULL == out) {
- LOG_ERR("Invalid input.");
- return -1;
- }
-
- if (0 == offset) {
- // There's no data so we return gently
- return 0;
- }
-
- curr_ptr = ((uint32_t) self) + offset;
- ptr = (Data *) curr_ptr;
-
- if (magic != ptr->magic) {
- LOG_ERR("Invalid magic.");
- return -1;
- }
-
- if (0 < ptr->data_size) {
- ptr->data = (void *) (curr_ptr + size);
- } else {
- ptr->data = NULL;
- }
- *out = ptr;
- return 0;
-}
-
-static int KM_ParamsSerializeData(SymmetricInput *self, void *data, size_t data_size,
- uint32_t size, uint32_t magic, Data **ptr)
-{
- uint32_t curr_ptr = 0;
- Data *tmp = NULL;
- if (NULL == self || self->buffer_size < self->global_offset + size + data_size) {
- LOG_ERR("Invalid parameters. (self=%p|"
- "self->buffer_size < self->global_offset + size + data_size=%d < %d",
- (void *) self, self->buffer_size, self->global_offset + size + data_size);
- return -1;
- }
- curr_ptr = ((uint32_t) self) + self->global_offset;
- tmp = (Data *) curr_ptr;
-
- tmp->magic = magic;
- tmp->data_size = data_size;
- if (0 < tmp->data_size) {
- tmp->data = (void *)(curr_ptr + size);
- memcpy(tmp->data, data, data_size);
- } else {
- tmp->data = NULL;
- }
- *ptr = tmp;
-
- return 0;
-}
-
-void KM_ParamsDump(SymmetricInput *input, InputData *input_data, IVData *iv_data,
- Key *key_data, KeyId *key_id_data, AEData *ae_data, OutData *out_data,
- TagData *tag_data)
-{
- if (input) {
- LOG_ERR("buffer_size=%d key_data_offset=%d key_id_data_offset=%d input_data_offset=%d "
- "iv_data_offset=%d ae_data_offset=%d out_data_offset=%d tag_data_offset=%d| "
- "global_offset=%d", input->buffer_size, input->key_data_offset,
- input->key_id_data_offset, input->input_data_offset, input->iv_data_offset,
- input->ae_data_offset, input->out_data_offset, input->tag_data_offset,
- input->global_offset);
- }
- if (key_data) {
- LOG_ERR("Key=%p, key_size=%d, key_bits_size=%d", key_data->key.data, key_data->key.data_size,
- key_data->key_bits_size);
- }
- if (key_id_data) {
- LOG_ERR("Key_id=%p, key_id_size=%d", key_id_data->data, key_id_data->data_size);
- }
- if (iv_data) {
- LOG_ERR("IV=%p, iv_size=%d", iv_data->data, iv_data->data_size);
- }
- if (input_data) {
- LOG_ERR("Input=%p, input_size=%d", input_data->data, input_data->data_size);
- }
- if (ae_data) {
- LOG_ERR("Tag=%p, tag_size=%d, tagLen=%d, AADLen=%d, payloadLen=%d", ae_data->tag.data,
- ae_data->tag.data_size, ae_data->tagLen, ae_data->AADLen, ae_data->payloadLen);
- }
- if (out_data) {
- LOG_ERR("Out=%p, out_size=%d", out_data->data, out_data->data_size);
- }
- if (tag_data) {
- LOG_ERR("Tag=%p, tag_size=%d", tag_data->data, tag_data->data_size);
- }
-}
-
-int KM_ParamsDeserializationInit(void *buffer, size_t buffer_size, SymmetricInput **out)
-{
- SymmetricInput *self = (SymmetricInput *) buffer;
- if (NULL == buffer || sizeof(SymmetricInput) > buffer_size) {
- LOG_ERR("Invalid input");
- return -1;
- }
- if (PSMagic_SymmetricInput != self->magic) {
- LOG_ERR("Invalid magic.");
- return -1;
- }
- if (self->buffer_size > buffer_size) {
- LOG_ERR("Serialized object was bigger then input buffer.");
- return -1;
- }
-
- *out = self;
- return 0;
-}
-
-int KM_ParamsDeserializeInputData(SymmetricInput *self, InputData **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->input_data_offset, PSMagic_InputData,
- sizeof(InputData), (Data**) out);
-}
-
-int KM_ParamsDeserializeIVData(SymmetricInput *self, IVData **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->iv_data_offset, PSMagic_IVData,
- sizeof(IVData), (Data**) out);
-}
-
-int KM_ParamsDeserializeAEData(SymmetricInput *self, AEData **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->ae_data_offset, PSMagic_AEData,
- sizeof(AEData), (Data**) out);
-}
-
-int KM_ParamsDeserializeOutData(SymmetricInput *self, OutData **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->out_data_offset, PSMagic_OutData,
- sizeof(OutData), (Data**) out);
-}
-
-int KM_ParamsDeserializeTagData(SymmetricInput *self, TagData **out)
-{
-
- return KM_ParamsDeserializeData((void *)self, self->tag_data_offset, PSMagic_TagData,
- sizeof(TagData), (Data**) out);
-}
-
-int KM_ParamsDeserializeKey(SymmetricInput *self, Key **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->key_data_offset, PSMagic_Key,
- sizeof(Key), (Data**) out);
-}
-
-int KM_ParamsDeserializeKeyId(SymmetricInput *self, KeyId **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->key_id_data_offset, PSMagic_KeyId,
- sizeof(KeyId), (Data**) out);
-}
-
-int KM_ParamsSerializationInit(void *buffer, size_t buffer_size, SymmetricInput **out)
-{
- SymmetricInput *self = (SymmetricInput *) buffer;
- if (NULL == buffer || sizeof(SymmetricInput) > buffer_size) {
- LOG_ERR("Invalid input.");
- return -1;
- }
- memset(self, 0, sizeof(SymmetricInput));
- self->magic = PSMagic_SymmetricInput;
- self->buffer_size = buffer_size;
- self->global_offset = sizeof(SymmetricInput);
- *out = self;
-
- return 0;
-}
-
-int KM_ParamsSerializeInputData(SymmetricInput *self, void *data, size_t data_size)
-{
- Data *ptr = NULL;
- uint32_t ret = 0;
- if (0 != self->input_data_offset) {
- LOG_ERR("Invalid parameters. (data=%p|data_size=%d|self->input_data_offset=%d",
- data, data_size, self->input_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(InputData),
- PSMagic_InputData, &ptr);
- if (ret != 0) {
- return ret;
- }
- self->input_data_offset = self->global_offset;
- self->global_offset += sizeof(InputData) + addAlignment(data_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeIVData(SymmetricInput *self, void *data, size_t data_size)
-{
- Data *ptr = NULL;
- uint32_t ret = 0;
- if (0 != self->iv_data_offset) {
- LOG_ERR("Invalid parameters. (data=%p|data_size=%d|self->iv_data_offset=%d",
- data, data_size, self->iv_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(IVData), PSMagic_IVData,
- &ptr);
- if (ret != 0) {
- return ret;
- }
-
- self->iv_data_offset = self->global_offset;
- self->global_offset += sizeof(IVData) + addAlignment(data_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeAEData(SymmetricInput *self, uint32_t tagLen, uint32_t AADLen,
- uint32_t payloadLen, void *tag, uint32_t tag_size)
-{
- AEData *ptr = NULL;
- uint32_t ret = 0;
- if (0 != self->ae_data_offset) {
- LOG_ERR("Invalid parameters. (self->ae_data_offset=%d", self->ae_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, tag, tag_size, sizeof(AEData), PSMagic_AEData,
- (Data **) &ptr);
- if (ret != 0) {
- return ret;
- }
-
- ptr->tagLen = tagLen;
- ptr->AADLen = AADLen;
- ptr->payloadLen = payloadLen;
-
- self->ae_data_offset = self->global_offset;
- self->global_offset += sizeof(AEData) + addAlignment(tag_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeOutData(SymmetricInput *self, void *data, uint32_t data_size)
-{
- Data *ptr = NULL;
- uint32_t ret = 0;
- if (0 != self->out_data_offset) {
- LOG_ERR("Invalid parameters. (data=%p|data_size=%d|self->out_data_offset=%d",
- data, data_size, self->out_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(OutData), PSMagic_OutData,
- &ptr);
- if (ret != 0) {
- return ret;
- }
-
- self->out_data_offset = self->global_offset;
- self->global_offset += sizeof(OutData) + addAlignment(data_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeTagData(SymmetricInput *self, void *data, uint32_t data_size)
-{
- Data *ptr = NULL;
- uint32_t ret = 0;
- if (0 != self->tag_data_offset) {
- LOG_ERR("Invalid parameters. (data=%p|data_size=%d|self->tag_data_offset=%d",
- data, data_size, self->tag_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(TagData), PSMagic_TagData,
- &ptr);
- if (ret != 0) {
- return ret;
- }
-
- self->tag_data_offset = self->global_offset;
- self->global_offset += sizeof(TagData) + addAlignment(data_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeKey(SymmetricInput *self, void *data, size_t data_size,
- size_t bits_size)
-{
- Key *ptr = NULL;
- uint32_t ret = 0;
- if (0 != self->key_data_offset) {
- LOG_ERR("Invalid parameters. (data=%p|data_size=%d|self->key_data_offset=%d",
- data, data_size, self->key_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(Key), PSMagic_Key,
- (Data **) &ptr);
- if (ret != 0) {
- return ret;
- }
- ptr->key_bits_size = bits_size;
-
- self->key_data_offset = self->global_offset;
- self->global_offset += sizeof(Key) + addAlignment(data_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeKeyId(SymmetricInput *self, void *data, size_t data_size)
-{
- KeyId *ptr = NULL;
- uint32_t ret = 0;
- if (0 != self->key_id_data_offset) {
- LOG_ERR("Invalid parameters. (data=%p|data_size=%d|self->key_data_offset=%d",
- data, data_size, self->key_id_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(KeyId), PSMagic_KeyId, &ptr);
- if (ret != 0) {
- return ret;
- }
-
- self->key_id_data_offset = self->global_offset;
- self->global_offset += sizeof(KeyId) + addAlignment(data_size);
-
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file serialization.h
- * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
- * @version 1.0
- * @brief Implementaion of tee commands parameters serialization
- */
-#ifndef __PARAMS_SERIALIZATION_H__
-#define __PARAMS_SERIALIZATION_H__
-
-#include <stdint.h>
-
-typedef enum KM_ParamsMagic {
- PSMagic_SymmetricInput = 0x542345,
- PSMagic_InputData = 0x575445,
- PSMagic_IVData = 0x445234,
- PSMagic_AEData = 0x810891,
- PSMagic_OutData = 0x721513,
- PSMagic_TagData = 0x721513,
- PSMagic_Key = 0x946704,
- PSMagic_KeyId = 0x946704
-} PSMagic;
-
-typedef struct Data_ {
- uint32_t magic;
- uint32_t data_size;
- void *data;
-} Data;
-
-typedef struct Data_ InputData;
-
-typedef struct Data_ OutData;
-
-typedef struct Data_ IVData;
-
-typedef struct Data_ KeyId;
-
-typedef struct Data_ TagData;
-
-typedef struct AEData_ {
- Data tag;
- uint32_t tagLen;
- uint32_t AADLen;
- uint32_t payloadLen;
-} AEData;
-
-typedef struct Key_ {
- Data key;
- uint32_t key_bits_size;
-} Key;
-
-typedef struct SymmetricInput_ {
- uint32_t magic;
- uint32_t buffer_size;
- uint32_t key_data_offset;
- uint32_t key_id_data_offset;
- uint32_t input_data_offset;
- uint32_t iv_data_offset;
- uint32_t ae_data_offset;
- uint32_t out_data_offset;
- uint32_t tag_data_offset;
- uint32_t global_offset;
-} SymmetricInput;
-
-void KM_ParamsDump(SymmetricInput *input, InputData *input_data, IVData *iv_data,
- Key *key_data, KeyId *key_id_data, AEData *ae_data, OutData *out_data,
- TagData *tag_data);
-
-int KM_ParamsDeserializationInit(void *buffer, uint32_t buffer_size, SymmetricInput **out);
-int KM_ParamsDeserializeInputData(SymmetricInput *self, InputData **out);
-int KM_ParamsDeserializeIVData(SymmetricInput *self, IVData **out);
-int KM_ParamsDeserializeAEData(SymmetricInput *self, AEData **out);
-int KM_ParamsDeserializeOutData(SymmetricInput *self, OutData **out);
-int KM_ParamsDeserializeTagData(SymmetricInput *self, TagData **out);
-int KM_ParamsDeserializeKey(SymmetricInput *self, Key **out);
-int KM_ParamsDeserializeKeyId(SymmetricInput *self, KeyId **out);
-
-int KM_ParamsSerializationInit(void *buffer, uint32_t buffer_size, SymmetricInput **out);
-int KM_ParamsSerializeInputData(SymmetricInput *self, void *data, uint32_t data_size);
-int KM_ParamsSerializeIVData(SymmetricInput *self, void *data, uint32_t data_size);
-int KM_ParamsSerializeAEData(SymmetricInput *self, uint32_t tagLen, uint32_t AADLen,
- uint32_t payloadLen, void *tag, uint32_t tag_size);
-int KM_ParamsSerializeOutData(SymmetricInput *self, void *data, uint32_t data_size);
-
-int KM_ParamsSerializeTagData(SymmetricInput *self, void *data, uint32_t data_size);
-
-int KM_ParamsSerializeKey(SymmetricInput *self, void *data, uint32_t data_size,
- uint32_t bits_size);
-
-int KM_ParamsSerializeKeyId(SymmetricInput *self, void *data, uint32_t data_size);
-
-#endif //__PARAMS_SERIALIZATION_H__
--- /dev/null
+KM_SOURCES = $(wildcard $(CURR_DIR)/src/*.c)
+
+KM_OBJS = $(KM_SOURCES:%.c=%.o)
+
+$(KM_OBJS):
+ $(CC$(sm)) -c -fPIC -I$(CURR_DIR)/include $(@:%.o=%.c) -o $@
+
+serialization/libkm_serialization.a: $(KM_OBJS)
+ $(AR$(sm)) -rcs $@ $^
+
+serialization/libkm_serialization.so: $(KM_OBJS)
+ $(CC$(sm)) -shared -o $@ $^
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file serialization.c
+ * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
+ * @version 1.0
+ * @brief Implementaion of tee commands parameters serialization
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "serialization.h"
+
+#define LOG printf
+
+#define LOG_ERR(...) LOG("%s:", __func__); LOG(__VA_ARGS__); LOG(" \n")
+
+static size_t addAlignment(size_t size)
+{
+ if (size == 0) return 0;
+ return ((int) (size - 1) / 4) * 4 + 4;
+}
+
+
+static int KM_ParamsDeserializeData(void *self, uint32_t offset, uint32_t magic,
+ uint32_t size, Data **out)
+{
+ uint32_t curr_ptr = 0;
+ Data *ptr = NULL;
+ if (NULL == self || NULL == out) {
+ LOG_ERR("Invalid input.");
+ return -1;
+ }
+
+ if (0 == offset) {
+ // There's no data so we return gently
+ return 0;
+ }
+
+ curr_ptr = ((uint32_t) self) + offset;
+ ptr = (Data *) curr_ptr;
+
+ if (magic != ptr->magic) {
+ LOG_ERR("Invalid magic.");
+ return -1;
+ }
+
+ if (0 < ptr->data_size) {
+ ptr->data = (void *) (curr_ptr + size);
+ } else {
+ ptr->data = NULL;
+ }
+ *out = ptr;
+ return 0;
+}
+
+static int KM_ParamsSerializeData(SymmetricInput *self, void *data, size_t data_size,
+ uint32_t size, uint32_t magic, Data **ptr)
+{
+ uint32_t curr_ptr = 0;
+ Data *tmp = NULL;
+ if (NULL == self || self->buffer_size < self->global_offset + size + data_size) {
+ LOG_ERR("Invalid parameters. (self=%p|"
+ "self->buffer_size < self->global_offset + size + data_size=%d < %d",
+ (void *) self, self->buffer_size, self->global_offset + size + data_size);
+ return -1;
+ }
+ curr_ptr = ((uint32_t) self) + self->global_offset;
+ tmp = (Data *) curr_ptr;
+
+ tmp->magic = magic;
+ tmp->data_size = data_size;
+ if (0 < tmp->data_size) {
+ tmp->data = (void *)(curr_ptr + size);
+ memcpy(tmp->data, data, data_size);
+ } else {
+ tmp->data = NULL;
+ }
+ *ptr = tmp;
+
+ return 0;
+}
+
+void KM_ParamsDump(SymmetricInput *input, InputData *input_data, IVData *iv_data,
+ Key *key_data, KeyId *key_id_data, AEData *ae_data, OutData *out_data,
+ TagData *tag_data)
+{
+ if (input) {
+ LOG_ERR("buffer_size=%d key_data_offset=%d key_id_data_offset=%d input_data_offset=%d "
+ "iv_data_offset=%d ae_data_offset=%d out_data_offset=%d tag_data_offset=%d| "
+ "global_offset=%d", input->buffer_size, input->key_data_offset,
+ input->key_id_data_offset, input->input_data_offset, input->iv_data_offset,
+ input->ae_data_offset, input->out_data_offset, input->tag_data_offset,
+ input->global_offset);
+ }
+ if (key_data) {
+ LOG_ERR("Key=%p, key_size=%d, key_bits_size=%d", key_data->key.data, key_data->key.data_size,
+ key_data->key_bits_size);
+ }
+ if (key_id_data) {
+ LOG_ERR("Key_id=%p, key_id_size=%d", key_id_data->data, key_id_data->data_size);
+ }
+ if (iv_data) {
+ LOG_ERR("IV=%p, iv_size=%d", iv_data->data, iv_data->data_size);
+ }
+ if (input_data) {
+ LOG_ERR("Input=%p, input_size=%d", input_data->data, input_data->data_size);
+ }
+ if (ae_data) {
+ LOG_ERR("Tag=%p, tag_size=%d, tagLen=%d, AADLen=%d, payloadLen=%d", ae_data->tag.data,
+ ae_data->tag.data_size, ae_data->tagLen, ae_data->AADLen, ae_data->payloadLen);
+ }
+ if (out_data) {
+ LOG_ERR("Out=%p, out_size=%d", out_data->data, out_data->data_size);
+ }
+ if (tag_data) {
+ LOG_ERR("Tag=%p, tag_size=%d", tag_data->data, tag_data->data_size);
+ }
+}
+
+int KM_ParamsDeserializationInit(void *buffer, size_t buffer_size, SymmetricInput **out)
+{
+ SymmetricInput *self = (SymmetricInput *) buffer;
+ if (NULL == buffer || sizeof(SymmetricInput) > buffer_size) {
+ LOG_ERR("Invalid input");
+ return -1;
+ }
+ if (PSMagic_SymmetricInput != self->magic) {
+ LOG_ERR("Invalid magic.");
+ return -1;
+ }
+ if (self->buffer_size > buffer_size) {
+ LOG_ERR("Serialized object was bigger then input buffer.");
+ return -1;
+ }
+
+ *out = self;
+ return 0;
+}
+
+int KM_ParamsDeserializeInputData(SymmetricInput *self, InputData **out)
+{
+ return KM_ParamsDeserializeData((void *)self, self->input_data_offset, PSMagic_InputData,
+ sizeof(InputData), (Data**) out);
+}
+
+int KM_ParamsDeserializeIVData(SymmetricInput *self, IVData **out)
+{
+ return KM_ParamsDeserializeData((void *)self, self->iv_data_offset, PSMagic_IVData,
+ sizeof(IVData), (Data**) out);
+}
+
+int KM_ParamsDeserializeAEData(SymmetricInput *self, AEData **out)
+{
+ return KM_ParamsDeserializeData((void *)self, self->ae_data_offset, PSMagic_AEData,
+ sizeof(AEData), (Data**) out);
+}
+
+int KM_ParamsDeserializeOutData(SymmetricInput *self, OutData **out)
+{
+ return KM_ParamsDeserializeData((void *)self, self->out_data_offset, PSMagic_OutData,
+ sizeof(OutData), (Data**) out);
+}
+
+int KM_ParamsDeserializeTagData(SymmetricInput *self, TagData **out)
+{
+
+ return KM_ParamsDeserializeData((void *)self, self->tag_data_offset, PSMagic_TagData,
+ sizeof(TagData), (Data**) out);
+}
+
+int KM_ParamsDeserializeKey(SymmetricInput *self, Key **out)
+{
+ return KM_ParamsDeserializeData((void *)self, self->key_data_offset, PSMagic_Key,
+ sizeof(Key), (Data**) out);
+}
+
+int KM_ParamsDeserializeKeyId(SymmetricInput *self, KeyId **out)
+{
+ return KM_ParamsDeserializeData((void *)self, self->key_id_data_offset, PSMagic_KeyId,
+ sizeof(KeyId), (Data**) out);
+}
+
+int KM_ParamsSerializationInit(void *buffer, size_t buffer_size, SymmetricInput **out)
+{
+ SymmetricInput *self = (SymmetricInput *) buffer;
+ if (NULL == buffer || sizeof(SymmetricInput) > buffer_size) {
+ LOG_ERR("Invalid input.");
+ return -1;
+ }
+ memset(self, 0, sizeof(SymmetricInput));
+ self->magic = PSMagic_SymmetricInput;
+ self->buffer_size = buffer_size;
+ self->global_offset = sizeof(SymmetricInput);
+ *out = self;
+
+ return 0;
+}
+
+int KM_ParamsSerializeInputData(SymmetricInput *self, void *data, size_t data_size)
+{
+ Data *ptr = NULL;
+ uint32_t ret = 0;
+ if (0 != self->input_data_offset) {
+ LOG_ERR("Invalid parameters. (data=%p|data_size=%d|self->input_data_offset=%d",
+ data, data_size, self->input_data_offset);
+ return -1;
+ }
+ ret = KM_ParamsSerializeData(self, data, data_size, sizeof(InputData),
+ PSMagic_InputData, &ptr);
+ if (ret != 0) {
+ return ret;
+ }
+ self->input_data_offset = self->global_offset;
+ self->global_offset += sizeof(InputData) + addAlignment(data_size);
+
+ return 0;
+}
+
+int KM_ParamsSerializeIVData(SymmetricInput *self, void *data, size_t data_size)
+{
+ Data *ptr = NULL;
+ uint32_t ret = 0;
+ if (0 != self->iv_data_offset) {
+ LOG_ERR("Invalid parameters. (data=%p|data_size=%d|self->iv_data_offset=%d",
+ data, data_size, self->iv_data_offset);
+ return -1;
+ }
+ ret = KM_ParamsSerializeData(self, data, data_size, sizeof(IVData), PSMagic_IVData,
+ &ptr);
+ if (ret != 0) {
+ return ret;
+ }
+
+ self->iv_data_offset = self->global_offset;
+ self->global_offset += sizeof(IVData) + addAlignment(data_size);
+
+ return 0;
+}
+
+int KM_ParamsSerializeAEData(SymmetricInput *self, uint32_t tagLen, uint32_t AADLen,
+ uint32_t payloadLen, void *tag, uint32_t tag_size)
+{
+ AEData *ptr = NULL;
+ uint32_t ret = 0;
+ if (0 != self->ae_data_offset) {
+ LOG_ERR("Invalid parameters. (self->ae_data_offset=%d", self->ae_data_offset);
+ return -1;
+ }
+ ret = KM_ParamsSerializeData(self, tag, tag_size, sizeof(AEData), PSMagic_AEData,
+ (Data **) &ptr);
+ if (ret != 0) {
+ return ret;
+ }
+
+ ptr->tagLen = tagLen;
+ ptr->AADLen = AADLen;
+ ptr->payloadLen = payloadLen;
+
+ self->ae_data_offset = self->global_offset;
+ self->global_offset += sizeof(AEData) + addAlignment(tag_size);
+
+ return 0;
+}
+
+int KM_ParamsSerializeOutData(SymmetricInput *self, void *data, uint32_t data_size)
+{
+ Data *ptr = NULL;
+ uint32_t ret = 0;
+ if (0 != self->out_data_offset) {
+ LOG_ERR("Invalid parameters. (data=%p|data_size=%d|self->out_data_offset=%d",
+ data, data_size, self->out_data_offset);
+ return -1;
+ }
+ ret = KM_ParamsSerializeData(self, data, data_size, sizeof(OutData), PSMagic_OutData,
+ &ptr);
+ if (ret != 0) {
+ return ret;
+ }
+
+ self->out_data_offset = self->global_offset;
+ self->global_offset += sizeof(OutData) + addAlignment(data_size);
+
+ return 0;
+}
+
+int KM_ParamsSerializeTagData(SymmetricInput *self, void *data, uint32_t data_size)
+{
+ Data *ptr = NULL;
+ uint32_t ret = 0;
+ if (0 != self->tag_data_offset) {
+ LOG_ERR("Invalid parameters. (data=%p|data_size=%d|self->tag_data_offset=%d",
+ data, data_size, self->tag_data_offset);
+ return -1;
+ }
+ ret = KM_ParamsSerializeData(self, data, data_size, sizeof(TagData), PSMagic_TagData,
+ &ptr);
+ if (ret != 0) {
+ return ret;
+ }
+
+ self->tag_data_offset = self->global_offset;
+ self->global_offset += sizeof(TagData) + addAlignment(data_size);
+
+ return 0;
+}
+
+int KM_ParamsSerializeKey(SymmetricInput *self, void *data, size_t data_size,
+ size_t bits_size)
+{
+ Key *ptr = NULL;
+ uint32_t ret = 0;
+ if (0 != self->key_data_offset) {
+ LOG_ERR("Invalid parameters. (data=%p|data_size=%d|self->key_data_offset=%d",
+ data, data_size, self->key_data_offset);
+ return -1;
+ }
+ ret = KM_ParamsSerializeData(self, data, data_size, sizeof(Key), PSMagic_Key,
+ (Data **) &ptr);
+ if (ret != 0) {
+ return ret;
+ }
+ ptr->key_bits_size = bits_size;
+
+ self->key_data_offset = self->global_offset;
+ self->global_offset += sizeof(Key) + addAlignment(data_size);
+
+ return 0;
+}
+
+int KM_ParamsSerializeKeyId(SymmetricInput *self, void *data, size_t data_size)
+{
+ KeyId *ptr = NULL;
+ uint32_t ret = 0;
+ if (0 != self->key_id_data_offset) {
+ LOG_ERR("Invalid parameters. (data=%p|data_size=%d|self->key_data_offset=%d",
+ data, data_size, self->key_id_data_offset);
+ return -1;
+ }
+ ret = KM_ParamsSerializeData(self, data, data_size, sizeof(KeyId), PSMagic_KeyId, &ptr);
+ if (ret != 0) {
+ return ret;
+ }
+
+ self->key_id_data_offset = self->global_offset;
+ self->global_offset += sizeof(KeyId) + addAlignment(data_size);
+
+ return 0;
+}
--- /dev/null
+srcs-y += serialization.c
--- /dev/null
+global-incdirs-y += include
+subdirs-y += src
--- /dev/null
+subdirs-y += ta
+subdirs-y += serialization
+++ /dev/null
-CFG_TEE_TA_LOG_LEVEL ?= 4
-CPPFLAGS += -DCFG_TEE_TA_LOG_LEVEL=$(CFG_TEE_TA_LOG_LEVEL)
-
-# The UUID for the Trusted Application
-BINARY=00000000-0000-0000-0000-666666555555
-
-include $(TA_DEV_KIT_DIR)/mk/ta_dev_kit.mk
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file ta_km.c
- * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
- * @version 1.0
- * @brief
- */
-
-#include <stdlib.h>
-#include <tee_internal_api.h>
-#include <ca_km.h>
-#include <internal.h>
-#include <crypto_symmetric.h>
-#include <crypto_auth.h>
-#include <serialization.h>
-#include <cmd_exec.h>
-#include <log.h>
-
-static uint32_t KM_KeyType2TeeType(int key_type)
-{
- switch (key_type) {
- case KEY_TYPE_DES:
- return TEE_TYPE_DES;
- case KEY_TYPE_DES3:
- return TEE_TYPE_DES3;
- case KEY_TYPE_AES:
- return TEE_TYPE_AES;
- default:
- return 0;
- }
-}
-
-static uint32_t KM_Cmd2TeeMode(int cmd)
-{
- switch (cmd) {
- case CMD_ENCRYPT:
- return TEE_MODE_ENCRYPT;
- case CMD_DECRYPT:
- return TEE_MODE_DECRYPT;
- default:
- return 0;
- }
- return 0;
-}
-
-static uint32_t KM_Algo2TeeAlgo(int kt, int algo)
-{
- uint32_t ka = KM_KeyType2TeeType(kt);
- ka &= 0x0fffffff;
- switch (algo) {
- case ALGO_ECB_NOPAD:
- ka |= 0x10000000;
- break;
- case ALGO_ECB_PKCS5:
- ka |= 0x1000000;
- break;
- case ALGO_ECB_PKCS7:
- ka |= 0x2000000;
- break;
- case ALGO_ECB_ISO9797_M1:
- ka |= 0x3000000;
- break;
- case ALGO_ECB_ISO9797_M2:
- ka |= 0x4000000;
- break;
- case ALGO_CBC_NOPAD:
- ka |= 0x10000100;
- break;
- case ALGO_CBC_PKCS5:
- ka |= 0x1000100;
- break;
- case ALGO_CBC_PKCS7:
- ka |= 0x2000100;
- case ALGO_CBC_ISO9797_M1:
- ka |= 0x3000100;
- break;
- case ALGO_CBC_ISO9797_M2:
- ka |= 0x4000100;
- break;
- case ALGO_CCM:
- ka |= 0x40000700;
- break;
- case ALGO_GCM:
- ka |= 0x40000800;
- break;
- default:
- break;
- }
- return ka;
-}
-
-TEE_Result KM_ExecCmdGenerateKey(TEE_Param param[4])
-{
- TEE_Result ret = TEE_SUCCESS;
- TEE_ObjectHandle hndl = TEE_HANDLE_NULL;
- SymmetricInput *input = NULL;
-
- uint32_t type = KM_KeyType2TeeType(param[0].value.a);
- uint32_t key_bits_size = param[0].value.b;
- uint32_t objId_size = TEE_OBJECT_ID_MAX_LEN;
- uint32_t *objId = malloc(objId_size);
-
- do {
- ret = KM_CreateRandomKey(type, key_bits_size, &hndl);
- if (TEE_SUCCESS != ret) {
- break;
- }
- ret = KM_SaveKey(NULL, 0, hndl, objId, objId_size);
- if (TEE_SUCCESS != ret) {
- break;
- }
-
- if (0 != KM_ParamsSerializationInit(param[1].memref.buffer, param[1].memref.size,
- &input) || 0 != KM_ParamsSerializeKeyId(input, objId, objId_size)) {
- ret = TEE_ERROR_BAD_PARAMETERS;
- }
- } while (0);
-
- TEE_FreeTransientObject(hndl);
- free(objId);
- return ret;
-}
-
-TEE_Result KM_ExecCmdSymmetric(uint32_t commandID, TEE_Param param[4])
-{
- TEE_Result ret = TEE_SUCCESS;
- TEE_OperationHandle hndl = TEE_HANDLE_NULL;
- SymmetricInput *input = NULL;
- InputData *input_data = NULL;
- IVData *iv_data = NULL;
- KeyId *key_id_data = NULL;
- Key *key_data = NULL;
-
- uint32_t *iv = NULL;
- uint32_t iv_size = 0;
- void *out = NULL;
- uint32_t out_size = 0;
-
- uint32_t type = 0;
- uint32_t algo = KM_Algo2TeeAlgo(param[0].value.a, param[0].value.b);
- uint32_t mode = KM_Cmd2TeeMode(commandID);
-
- if (0 != KM_ParamsDeserializationInit(param[1].memref.buffer, param[1].memref.size, &input)
- || 0 != KM_ParamsDeserializeInputData(input, &input_data)
- || 0 != KM_ParamsDeserializeIVData(input, &iv_data)
- || 0 != KM_ParamsDeserializeKeyId(input, &key_id_data)
- || 0 != KM_ParamsDeserializeKey(input, &key_data)) {
- return TEE_ERROR_BAD_PARAMETERS;
- }
- KM_ParamsDump(input, input_data, iv_data, key_data, key_id_data, NULL, NULL, NULL);
- if (!input_data) {
- LOG("There need to be InputData!");
- return TEE_ERROR_BAD_PARAMETERS;
- }
- if ((NULL != key_data && NULL != key_id_data) || (NULL == key_data && NULL == key_id_data)) {
- LOG("You need to specify key or keyId. At least one and only one.");
- return TEE_ERROR_BAD_PARAMETERS;
- }
- if (key_id_data) {
- ret = KM_CreateOperationWithKeyId(key_id_data->data, key_id_data->data_size, mode, algo,
- &hndl);
- } else if (key_data) {
- type = KM_KeyType2TeeType(param[0].value.a);
- ret = KM_CreateOperationWithKey(key_data->key.data, key_data->key.data_size, type, mode,
- algo, key_data->key_bits_size, &hndl);
- }
- if (TEE_SUCCESS != ret) {
- return ret;
- }
- out = malloc(input_data->data_size);
- out_size = input_data->data_size;
- if (iv_data) {
- iv = iv_data->data;
- iv_size = iv_data->data_size;
- }
- ret = KM_SymmetricCrypt(hndl, iv, iv_size, input_data->data, input_data->data_size, out, &out_size);
- if (TEE_SUCCESS != ret) {
- goto clean;
- }
- if (0 != KM_ParamsSerializationInit(param[2].memref.buffer, param[2].memref.size, &input)
- || 0 != KM_ParamsSerializeOutData(input, out, out_size)) {
- ret = TEE_ERROR_BAD_PARAMETERS;
- }
-clean:
- free(out);
- TEE_FreeOperation(hndl);
- return ret;
-}
-
-TEE_Result KM_ExecCmdAuth(uint32_t commandID, TEE_Param param[4])
-{
- TEE_Result ret = TEE_SUCCESS;
- TEE_OperationHandle hndl = TEE_HANDLE_NULL;
- SymmetricInput *input = NULL;
- InputData *input_data = NULL;
- IVData *iv_data = NULL;
- KeyId *key_id_data = NULL;
- Key *key_data = NULL;
- AEData *ae_data = NULL;
-
- void *out = NULL;
- uint32_t out_size = 0;
- void *tag = NULL;
- uint32_t tag_size = 0;
-
- uint32_t type = 0;
- uint32_t algo = KM_Algo2TeeAlgo(param[0].value.a, param[0].value.b);
- uint32_t mode = KM_Cmd2TeeMode(commandID);
-
- if (KEY_TYPE_AES != param[0].value.a) {
- LOG("Invalid key type=:%d.", param[0].value.a);
- return TEE_ERROR_BAD_PARAMETERS;
- }
-
- if (0 != KM_ParamsDeserializationInit(param[1].memref.buffer, param[1].memref.size, &input)
- || 0 != KM_ParamsDeserializeInputData(input, &input_data)
- || 0 != KM_ParamsDeserializeIVData(input, &iv_data)
- || 0 != KM_ParamsDeserializeKey(input, &key_data)
- || 0 != KM_ParamsDeserializeKeyId(input, &key_id_data)
- || 0 != KM_ParamsDeserializeAEData(input, &ae_data)) {
- return TEE_ERROR_BAD_PARAMETERS;
- }
- if (!ae_data || !input_data) {
- LOG("There need to be AEData or InputData!");
- return TEE_ERROR_BAD_PARAMETERS;
- }
- if (KM_CheckAESMode(algo, ae_data->tagLen)) {
- LOG("Tag has invalid length. (tagLen=%d)", ae_data->tagLen);
- return TEE_ERROR_BAD_PARAMETERS;
- }
-
- KM_ParamsDump(input, input_data, iv_data, key_data, NULL, ae_data, NULL, NULL);
- if ((NULL != key_data && NULL != key_id_data) || (NULL == key_data && NULL == key_id_data)) {
- LOG("You need to specify key or keyId. At least one and only one.");
- return TEE_ERROR_BAD_PARAMETERS;
- }
-
- if (key_id_data) {
- ret = KM_CreateOperationWithKeyId(key_id_data->data, key_id_data->data_size, mode, algo,
- &hndl);
- } else if (key_data) {
- type = KM_KeyType2TeeType(param[0].value.a);
- ret = KM_CreateOperationWithKey(key_data->key.data, key_data->key.data_size, type, mode,
- algo, key_data->key_bits_size, &hndl);
- }
- if (TEE_SUCCESS != ret) {
- return ret;
- }
- out = malloc(input_data->data_size);
- out_size = input_data->data_size;
- if (CMD_ENCRYPT == commandID) {
- tag = malloc(ae_data->tagLen);
- tag_size = ae_data->tagLen;
- ret = KM_AuthEncrypt(hndl, iv_data->data, iv_data->data_size, ae_data->tagLen,
- ae_data->AADLen, ae_data->payloadLen, input_data->data,
- input_data->data_size, out, &out_size, tag, &tag_size);
- } else {
- ret = KM_AuthDecrypt(hndl, iv_data->data, iv_data->data_size, ae_data->tagLen,
- ae_data->AADLen, ae_data->payloadLen, input_data->data,
- input_data->data_size, out, &out_size, ae_data->tag.data,
- ae_data->tag.data_size);
- }
- if (TEE_SUCCESS != ret) {
- goto clean;
- }
- if (0 != KM_ParamsSerializationInit(param[2].memref.buffer, param[2].memref.size, &input)
- || 0 != KM_ParamsSerializeOutData(input, out, out_size)) {
- ret = TEE_ERROR_BAD_PARAMETERS;
- goto clean;
- }
- if (tag) {
- if (0 != KM_ParamsSerializeTagData(input, tag, tag_size)) {
- ret = TEE_ERROR_BAD_PARAMETERS;
- }
- }
-clean:
- free(out);
- TEE_FreeOperation(hndl);
- return ret;
-}
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file crypto_auth.c
- * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
- * @version 1.0
- * @brief Implementation of Global Platform Internal API usage (authentication encryption)
- */
-
-#include <crypto_auth.h>
-#include <log.h>
-
-TEE_Result KM_AuthEncrypt(TEE_OperationHandle hndl, void *iv, uint32_t iv_size, uint32_t tagLen,
- uint32_t AADLen, uint32_t payloadLen, void *data, uint32_t data_size,
- void *out, uint32_t *out_size, void *tag, uint32_t *tag_size)
-{
- TEE_Result ret = TEE_SUCCESS;
-
- ret = TEE_AEInit(hndl, iv, (size_t) iv_size, tagLen, AADLen, payloadLen);
- if (TEE_SUCCESS != ret) {
- LOG("KM_AuthCryptoInit failed with error=%x.", ret);
- return ret;
- }
- ret = TEE_AEEncryptFinal(hndl, data, data_size, out, out_size, tag, tag_size);
- if (TEE_SUCCESS != ret) {
- LOG("TEE_AEEncryptFinal failed with error=%x.", ret);
- }
-
- return ret;
-}
-
-TEE_Result KM_AuthDecrypt(TEE_OperationHandle hndl, void *iv, uint32_t iv_size, uint32_t tagLen,
- uint32_t AADLen, uint32_t payloadLen, void *data, uint32_t data_size,
- void *out, uint32_t *out_size, void *tag, uint32_t tag_size)
-{
- TEE_Result ret = TEE_SUCCESS;
-
- ret = TEE_AEInit(hndl, iv, (size_t) iv_size, tagLen, AADLen, payloadLen);
- if (TEE_SUCCESS != ret) {
- LOG("KM_AuthCryptoInit failed with error=%x.", ret);
- return ret;
- }
- ret = TEE_AEDecryptFinal(hndl, data, data_size, out, out_size, tag, tag_size);
- if (TEE_SUCCESS != ret) {
- LOG("TEE_AEDecryptFinal failed with error=%x.", ret);
- }
- return ret;
-}
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file crypto_symmetric.c
- * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
- * @version 1.0
- * @brief Implementation of Global Platform Internal API usage (symmetric encryption)
- */
-
-#include <crypto_symmetric.h>
-#include <log.h>
-
-TEE_Result KM_SymmetricCrypt(TEE_OperationHandle hndl, void *iv, uint32_t iv_size, void *input,
- uint32_t input_size, void *output, uint32_t *output_size)
-{
- TEE_Result ret = TEE_SUCCESS;
-
- TEE_CipherInit(hndl, iv, iv_size);
-
- ret = TEE_CipherDoFinal(hndl, input, input_size, output, output_size);
- if (TEE_SUCCESS != ret) {
- LOG("TEE_CipherDoFinal has failed with=%x.", ret);
- }
-
- return ret;
-}
--- /dev/null
+/*
+ * Copyright (c) 2016, Linaro Limited
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * The name of this file must not be modified
+ */
+
+#ifndef USER_TA_HEADER_DEFINES_H
+#define USER_TA_HEADER_DEFINES_H
+
+#define TA_UUID { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x66, 0x66, 0x66, 0x55, 0x55, 0x55} }
+
+#define TA_FLAGS (TA_FLAG_MULTI_SESSION | TA_FLAG_EXEC_DDR)
+#define TA_STACK_SIZE (2 * 1024)
+#define TA_DATA_SIZE (32 * 1024)
+
+#define TA_CURRENT_TA_EXT_PROPERTIES \
+ { "gp.ta.description", USER_TA_PROP_TYPE_STRING, \
+ "KEY MANAGER TA" }, \
+ { "gp.ta.version", USER_TA_PROP_TYPE_U32, &(const uint32_t){ 0x0010 } }
+
+#endif /*USER_TA_HEADER_DEFINES_H*/
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file internal.c
- * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
- * @version 1.0
- * @brief
- */
-
-#include <internal.h>
-#include <log.h>
-
-
-#ifndef TEE_DATA_FLAG_OVERWRITE
-#define TEE_DATA_FLAG_OVERWRITE TEE_DATA_FLAG_EXCLUSIVE
-#endif
-
-int KM_CheckAESMode(uint32_t algo, uint32_t tagLen)
-{
- switch (tagLen) {
- case 128:
- return 0;
- case 120:
- return algo != TEE_ALG_AES_GCM;
- case 112:
- return 0;
- case 104:
- return algo != TEE_ALG_AES_GCM;
- case 96:
- return 0;
- case 64:
- return algo != TEE_ALG_AES_CCM;
- case 48:
- return algo != TEE_ALG_AES_CCM;
- case 32:
- return algo != TEE_ALG_AES_CCM;
- default:
- return 1;
- }
-}
-
-TEE_Result KM_CreateKey(uint32_t tee_key_type, uint32_t key_bits_size, void *key, size_t key_size,
- TEE_ObjectHandle *hndl)
-{
- TEE_Attribute attr;
- TEE_Result ret = TEE_SUCCESS;
-
- TEE_InitRefAttribute(&attr, TEE_ATTR_SECRET_VALUE, key, key_size);
- ret = TEE_AllocateTransientObject(tee_key_type, key_bits_size, hndl);
- if (TEE_SUCCESS != ret) {
- LOG("TEE_AllocateTransientObject has failed with=%x. Arguments=(tee_key_type=%X, "
- "key_bits_size=%d.", ret, tee_key_type, key_bits_size);
- return ret;
- }
-
- ret = TEE_PopulateTransientObject(*hndl, &attr, 1);
- if (TEE_SUCCESS != ret) {
- LOG("TEE_PopulateTransientObject has failed with=%x.", ret);
- TEE_FreeTransientObject(*hndl);
- *hndl = TEE_HANDLE_NULL;
- }
-
- return ret;
-}
-
-TEE_Result KM_CreateRandomKey(uint32_t tee_key_type, uint32_t key_bits_size, TEE_ObjectHandle *hndl)
-{
- TEE_Result ret = TEE_SUCCESS;
-
- ret = TEE_AllocateTransientObject(tee_key_type, key_bits_size, hndl);
- if (TEE_SUCCESS != ret) {
- LOG("TEE_AllocateTransientObject has failed with=%x.", ret);
- return ret;
- }
- ret = TEE_GenerateKey(*hndl, key_bits_size, NULL, 0);
- if (TEE_SUCCESS != ret) {
- LOG("TEE_GenerateKey has failed with=%x.", ret);
- TEE_FreeTransientObject(*hndl);
- *hndl = TEE_HANDLE_NULL;
- }
-
- return ret;
-}
-
-TEE_Result KM_CreateOperation(TEE_ObjectHandle obj_hndl, uint32_t algo, uint32_t mode,
- uint32_t key_bits_size, TEE_OperationHandle *hndl)
-{
- TEE_Result ret = TEE_SUCCESS;
-
- ret = TEE_AllocateOperation(hndl, algo, mode, key_bits_size);
- if (TEE_SUCCESS != ret) {
- LOG("TEE_AllocateOperation has failed with=%x.", ret);
- return ret;
- }
-
- ret = TEE_SetOperationKey(*hndl, obj_hndl);
- if (TEE_SUCCESS != ret) {
- LOG("TEE_SetOperationKey has failed with=%x.", ret);
- TEE_FreeOperation(*hndl);
- *hndl = TEE_HANDLE_NULL;
- }
-
- return ret;
-}
-
-TEE_Result KM_CreateOperationWithKey(void *key, uint32_t key_size, uint32_t type, uint32_t mode,
- uint32_t algo, uint32_t key_bits_size,
- TEE_OperationHandle *oper_hndl)
-{
- TEE_Result ret = TEE_SUCCESS;
- TEE_ObjectHandle hndl = TEE_HANDLE_NULL;
-
- ret = KM_CreateKey(type, key_bits_size, key, key_size, &hndl);
- if (TEE_SUCCESS != ret) {
- return ret;
- }
- ret = KM_CreateOperation(hndl, algo, mode, key_bits_size, oper_hndl);
- TEE_FreeTransientObject(hndl);
- return ret;
-}
-
-TEE_Result KM_CreateOperationWithKeyId(void *key_id, uint32_t key_id_size, uint32_t mode,
- uint32_t algo, TEE_OperationHandle *oper_hndl)
-{
- TEE_Result ret = TEE_SUCCESS;
- TEE_ObjectHandle hndl = TEE_HANDLE_NULL;
- uint32_t ks = 0;
-
- ret = KM_OpenKey(key_id, key_id_size, &ks, &hndl);
- if (TEE_SUCCESS != ret) {
- return ret;
- }
- ret = KM_CreateOperation(hndl, algo, mode, ks, oper_hndl);
- TEE_CloseObject(hndl);
- return ret;
-}
-
-TEE_Result KM_SaveKey(void *data, size_t data_size, TEE_ObjectHandle key, void *objId,
- size_t objId_size)
-{
- TEE_Result ret = TEE_SUCCESS;
- TEE_ObjectHandle pers_handl;
- uint32_t flags =
- TEE_DATA_FLAG_ACCESS_WRITE | TEE_DATA_FLAG_OVERWRITE;
-
- TEE_GenerateRandom(objId, objId_size);
-
- ret = TEE_CreatePersistentObject(TEE_STORAGE_PRIVATE, objId, objId_size, flags, key, data,
- data_size, &pers_handl);
- if (TEE_SUCCESS != ret) {
- LOG("TEE_CreatePersistentObject has failed with=%x.", ret);
- }
-
- TEE_CloseObject(pers_handl);
- return ret;
-}
-
-TEE_Result KM_OpenKey(void *objId, size_t objId_size, uint32_t *key_bits_size,
- TEE_ObjectHandle *hndl)
-{
- TEE_Result ret = TEE_SUCCESS;
- TEE_ObjectInfo info;
- uint32_t flags =
- TEE_DATA_FLAG_ACCESS_READ;
-
- ret = TEE_OpenPersistentObject(TEE_STORAGE_PRIVATE, objId, objId_size, flags, hndl);
- if (TEE_SUCCESS != ret) {
- LOG("TEE_OpenPersistentObject has failed with=%x.", ret);
- return ret;
- }
-
- TEE_GetObjectInfo(*hndl, &info);
- *key_bits_size = info.maxObjectSize;
- return ret;
-}
-
-TEE_Result KM_ImportKey(TEE_ObjectHandle hndl, uint32_t tee_key_type, void *buffer,
- size_t *buffer_size)
-{
- TEE_Result ret = TEE_SUCCESS;
- if (NULL == buffer) {
- LOG("Buffer ptr is NULL.");
- return TEE_ERROR_BAD_PARAMETERS;
- }
-
- switch (tee_key_type)
- {
- case TEE_TYPE_DES:
- case TEE_TYPE_DES3:
- case TEE_TYPE_AES:
- ret = TEE_GetObjectBufferAttribute(hndl, TEE_ATTR_SECRET_VALUE, buffer, buffer_size);
- break;
- case TEE_TYPE_RSA_KEYPAIR:
- LOG("Copy generated key for RSA.");
- break;
- default:
- LOG("Can't generate key. Unknown key type=%d.", tee_key_type);
- ret = TEE_ERROR_BAD_PARAMETERS;
- }
- if (TEE_SUCCESS != ret) {
- LOG("Getting object has failed with=%x for type=%d", ret, tee_key_type);
- }
- return ret;
-}
-
-TEE_Result KM_GenerateIV(TEE_ObjectHandle *hndl, void *iv, size_t iv_size)
-{
- TEE_Result ret = TEE_SUCCESS;
- TEE_Attribute attr;
-
- TEE_GenerateRandom(iv, iv_size);
- TEE_InitRefAttribute(&attr, TEE_ATTR_SECRET_VALUE, iv, iv_size);
-
- ret = TEE_AllocateTransientObject(TEE_TYPE_GENERIC_SECRET, iv_size, hndl);
- if (TEE_SUCCESS != ret) {
- LOG("TEE_AllocateTransientObject has failed with=%x.", ret);
- return ret;
- }
- ret = TEE_PopulateTransientObject(*hndl, &attr, 1);
- if (TEE_SUCCESS != ret) {
- LOG("TEE_PopulateTransientObject has failed with=%x.", ret);
- TEE_FreeTransientObject(*hndl);
- hndl = TEE_HANDLE_NULL;
- return ret;
- }
- return ret;
-}
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file ta_km.c
+ * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
+ * @version 1.0
+ * @brief
+ */
+
+#include <stdlib.h>
+#include <tee_internal_api.h>
+#include <ca_km.h>
+#include <internal.h>
+#include <crypto_symmetric.h>
+#include <crypto_auth.h>
+#include <serialization.h>
+#include <cmd_exec.h>
+#include <log.h>
+
+static uint32_t KM_KeyType2TeeType(int key_type)
+{
+ switch (key_type) {
+ case KEY_TYPE_DES:
+ return TEE_TYPE_DES;
+ case KEY_TYPE_DES3:
+ return TEE_TYPE_DES3;
+ case KEY_TYPE_AES:
+ return TEE_TYPE_AES;
+ default:
+ return 0;
+ }
+}
+
+static uint32_t KM_Cmd2TeeMode(int cmd)
+{
+ switch (cmd) {
+ case CMD_ENCRYPT:
+ return TEE_MODE_ENCRYPT;
+ case CMD_DECRYPT:
+ return TEE_MODE_DECRYPT;
+ default:
+ return 0;
+ }
+ return 0;
+}
+
+static uint32_t KM_Algo2TeeAlgo(int kt, int algo)
+{
+ uint32_t ka = KM_KeyType2TeeType(kt);
+ ka &= 0x0fffffff;
+ switch (algo) {
+ case ALGO_ECB_NOPAD:
+ ka |= 0x10000000;
+ break;
+ case ALGO_ECB_PKCS5:
+ ka |= 0x1000000;
+ break;
+ case ALGO_ECB_PKCS7:
+ ka |= 0x2000000;
+ break;
+ case ALGO_ECB_ISO9797_M1:
+ ka |= 0x3000000;
+ break;
+ case ALGO_ECB_ISO9797_M2:
+ ka |= 0x4000000;
+ break;
+ case ALGO_CBC_NOPAD:
+ ka |= 0x10000100;
+ break;
+ case ALGO_CBC_PKCS5:
+ ka |= 0x1000100;
+ break;
+ case ALGO_CBC_PKCS7:
+ ka |= 0x2000100;
+ case ALGO_CBC_ISO9797_M1:
+ ka |= 0x3000100;
+ break;
+ case ALGO_CBC_ISO9797_M2:
+ ka |= 0x4000100;
+ break;
+ case ALGO_CCM:
+ ka |= 0x40000700;
+ break;
+ case ALGO_GCM:
+ ka |= 0x40000800;
+ break;
+ default:
+ break;
+ }
+ return ka;
+}
+
+TEE_Result KM_ExecCmdGenerateKey(TEE_Param param[4])
+{
+ TEE_Result ret = TEE_SUCCESS;
+ TEE_ObjectHandle hndl = TEE_HANDLE_NULL;
+ SymmetricInput *input = NULL;
+
+ uint32_t type = KM_KeyType2TeeType(param[0].value.a);
+ uint32_t key_bits_size = param[0].value.b;
+ uint32_t objId_size = TEE_OBJECT_ID_MAX_LEN;
+ uint32_t *objId = malloc(objId_size);
+
+ do {
+ ret = KM_CreateRandomKey(type, key_bits_size, &hndl);
+ if (TEE_SUCCESS != ret) {
+ break;
+ }
+ ret = KM_SaveKey(NULL, 0, hndl, objId, objId_size);
+ if (TEE_SUCCESS != ret) {
+ break;
+ }
+
+ if (0 != KM_ParamsSerializationInit(param[1].memref.buffer, param[1].memref.size,
+ &input) || 0 != KM_ParamsSerializeKeyId(input, objId, objId_size)) {
+ ret = TEE_ERROR_BAD_PARAMETERS;
+ }
+ } while (0);
+
+ TEE_FreeTransientObject(hndl);
+ free(objId);
+ return ret;
+}
+
+TEE_Result KM_ExecCmdSymmetric(uint32_t commandID, TEE_Param param[4])
+{
+ TEE_Result ret = TEE_SUCCESS;
+ TEE_OperationHandle hndl = TEE_HANDLE_NULL;
+ SymmetricInput *input = NULL;
+ InputData *input_data = NULL;
+ IVData *iv_data = NULL;
+ KeyId *key_id_data = NULL;
+ Key *key_data = NULL;
+
+ uint32_t *iv = NULL;
+ uint32_t iv_size = 0;
+ void *out = NULL;
+ uint32_t out_size = 0;
+
+ uint32_t type = 0;
+ uint32_t algo = KM_Algo2TeeAlgo(param[0].value.a, param[0].value.b);
+ uint32_t mode = KM_Cmd2TeeMode(commandID);
+
+ if (0 != KM_ParamsDeserializationInit(param[1].memref.buffer, param[1].memref.size, &input)
+ || 0 != KM_ParamsDeserializeInputData(input, &input_data)
+ || 0 != KM_ParamsDeserializeIVData(input, &iv_data)
+ || 0 != KM_ParamsDeserializeKeyId(input, &key_id_data)
+ || 0 != KM_ParamsDeserializeKey(input, &key_data)) {
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+ KM_ParamsDump(input, input_data, iv_data, key_data, key_id_data, NULL, NULL, NULL);
+ if (!input_data) {
+ LOG("There need to be InputData!");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+ if ((NULL != key_data && NULL != key_id_data) || (NULL == key_data && NULL == key_id_data)) {
+ LOG("You need to specify key or keyId. At least one and only one.");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+ if (key_id_data) {
+ ret = KM_CreateOperationWithKeyId(key_id_data->data, key_id_data->data_size, mode, algo,
+ &hndl);
+ } else if (key_data) {
+ type = KM_KeyType2TeeType(param[0].value.a);
+ ret = KM_CreateOperationWithKey(key_data->key.data, key_data->key.data_size, type, mode,
+ algo, key_data->key_bits_size, &hndl);
+ }
+ if (TEE_SUCCESS != ret) {
+ return ret;
+ }
+ out = malloc(input_data->data_size);
+ out_size = input_data->data_size;
+ if (iv_data) {
+ iv = iv_data->data;
+ iv_size = iv_data->data_size;
+ }
+ ret = KM_SymmetricCrypt(hndl, iv, iv_size, input_data->data, input_data->data_size, out, &out_size);
+ if (TEE_SUCCESS != ret) {
+ goto clean;
+ }
+ if (0 != KM_ParamsSerializationInit(param[2].memref.buffer, param[2].memref.size, &input)
+ || 0 != KM_ParamsSerializeOutData(input, out, out_size)) {
+ ret = TEE_ERROR_BAD_PARAMETERS;
+ }
+clean:
+ free(out);
+ TEE_FreeOperation(hndl);
+ return ret;
+}
+
+TEE_Result KM_ExecCmdAuth(uint32_t commandID, TEE_Param param[4])
+{
+ TEE_Result ret = TEE_SUCCESS;
+ TEE_OperationHandle hndl = TEE_HANDLE_NULL;
+ SymmetricInput *input = NULL;
+ InputData *input_data = NULL;
+ IVData *iv_data = NULL;
+ KeyId *key_id_data = NULL;
+ Key *key_data = NULL;
+ AEData *ae_data = NULL;
+
+ void *out = NULL;
+ uint32_t out_size = 0;
+ void *tag = NULL;
+ uint32_t tag_size = 0;
+
+ uint32_t type = 0;
+ uint32_t algo = KM_Algo2TeeAlgo(param[0].value.a, param[0].value.b);
+ uint32_t mode = KM_Cmd2TeeMode(commandID);
+
+ if (KEY_TYPE_AES != param[0].value.a) {
+ LOG("Invalid key type=:%d.", param[0].value.a);
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ if (0 != KM_ParamsDeserializationInit(param[1].memref.buffer, param[1].memref.size, &input)
+ || 0 != KM_ParamsDeserializeInputData(input, &input_data)
+ || 0 != KM_ParamsDeserializeIVData(input, &iv_data)
+ || 0 != KM_ParamsDeserializeKey(input, &key_data)
+ || 0 != KM_ParamsDeserializeKeyId(input, &key_id_data)
+ || 0 != KM_ParamsDeserializeAEData(input, &ae_data)) {
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+ if (!ae_data || !input_data) {
+ LOG("There need to be AEData or InputData!");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+ if (KM_CheckAESMode(algo, ae_data->tagLen)) {
+ LOG("Tag has invalid length. (tagLen=%d)", ae_data->tagLen);
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ KM_ParamsDump(input, input_data, iv_data, key_data, NULL, ae_data, NULL, NULL);
+ if ((NULL != key_data && NULL != key_id_data) || (NULL == key_data && NULL == key_id_data)) {
+ LOG("You need to specify key or keyId. At least one and only one.");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ if (key_id_data) {
+ ret = KM_CreateOperationWithKeyId(key_id_data->data, key_id_data->data_size, mode, algo,
+ &hndl);
+ } else if (key_data) {
+ type = KM_KeyType2TeeType(param[0].value.a);
+ ret = KM_CreateOperationWithKey(key_data->key.data, key_data->key.data_size, type, mode,
+ algo, key_data->key_bits_size, &hndl);
+ }
+ if (TEE_SUCCESS != ret) {
+ return ret;
+ }
+ out = malloc(input_data->data_size);
+ out_size = input_data->data_size;
+ if (CMD_ENCRYPT == commandID) {
+ tag = malloc(ae_data->tagLen);
+ tag_size = ae_data->tagLen;
+ ret = KM_AuthEncrypt(hndl, iv_data->data, iv_data->data_size, ae_data->tagLen,
+ ae_data->AADLen, ae_data->payloadLen, input_data->data,
+ input_data->data_size, out, &out_size, tag, &tag_size);
+ } else {
+ ret = KM_AuthDecrypt(hndl, iv_data->data, iv_data->data_size, ae_data->tagLen,
+ ae_data->AADLen, ae_data->payloadLen, input_data->data,
+ input_data->data_size, out, &out_size, ae_data->tag.data,
+ ae_data->tag.data_size);
+ }
+ if (TEE_SUCCESS != ret) {
+ goto clean;
+ }
+ if (0 != KM_ParamsSerializationInit(param[2].memref.buffer, param[2].memref.size, &input)
+ || 0 != KM_ParamsSerializeOutData(input, out, out_size)) {
+ ret = TEE_ERROR_BAD_PARAMETERS;
+ goto clean;
+ }
+ if (tag) {
+ if (0 != KM_ParamsSerializeTagData(input, tag, tag_size)) {
+ ret = TEE_ERROR_BAD_PARAMETERS;
+ }
+ }
+clean:
+ free(out);
+ TEE_FreeOperation(hndl);
+ return ret;
+}
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file crypto_auth.c
+ * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
+ * @version 1.0
+ * @brief Implementation of Global Platform Internal API usage (authentication encryption)
+ */
+
+#include <crypto_auth.h>
+#include <log.h>
+
+TEE_Result KM_AuthEncrypt(TEE_OperationHandle hndl, void *iv, uint32_t iv_size, uint32_t tagLen,
+ uint32_t AADLen, uint32_t payloadLen, void *data, uint32_t data_size,
+ void *out, uint32_t *out_size, void *tag, uint32_t *tag_size)
+{
+ TEE_Result ret = TEE_SUCCESS;
+
+ ret = TEE_AEInit(hndl, iv, (size_t) iv_size, tagLen, AADLen, payloadLen);
+ if (TEE_SUCCESS != ret) {
+ LOG("KM_AuthCryptoInit failed with error=%x.", ret);
+ return ret;
+ }
+ ret = TEE_AEEncryptFinal(hndl, data, data_size, out, out_size, tag, tag_size);
+ if (TEE_SUCCESS != ret) {
+ LOG("TEE_AEEncryptFinal failed with error=%x.", ret);
+ }
+
+ return ret;
+}
+
+TEE_Result KM_AuthDecrypt(TEE_OperationHandle hndl, void *iv, uint32_t iv_size, uint32_t tagLen,
+ uint32_t AADLen, uint32_t payloadLen, void *data, uint32_t data_size,
+ void *out, uint32_t *out_size, void *tag, uint32_t tag_size)
+{
+ TEE_Result ret = TEE_SUCCESS;
+
+ ret = TEE_AEInit(hndl, iv, (size_t) iv_size, tagLen, AADLen, payloadLen);
+ if (TEE_SUCCESS != ret) {
+ LOG("KM_AuthCryptoInit failed with error=%x.", ret);
+ return ret;
+ }
+ ret = TEE_AEDecryptFinal(hndl, data, data_size, out, out_size, tag, tag_size);
+ if (TEE_SUCCESS != ret) {
+ LOG("TEE_AEDecryptFinal failed with error=%x.", ret);
+ }
+ return ret;
+}
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file crypto_symmetric.c
+ * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
+ * @version 1.0
+ * @brief Implementation of Global Platform Internal API usage (symmetric encryption)
+ */
+
+#include <crypto_symmetric.h>
+#include <log.h>
+
+TEE_Result KM_SymmetricCrypt(TEE_OperationHandle hndl, void *iv, uint32_t iv_size, void *input,
+ uint32_t input_size, void *output, uint32_t *output_size)
+{
+ TEE_Result ret = TEE_SUCCESS;
+
+ TEE_CipherInit(hndl, iv, iv_size);
+
+ ret = TEE_CipherDoFinal(hndl, input, input_size, output, output_size);
+ if (TEE_SUCCESS != ret) {
+ LOG("TEE_CipherDoFinal has failed with=%x.", ret);
+ }
+
+ return ret;
+}
--- /dev/null
+#include <stdio.h>
+#include <stdlib.h>
+#include <tee_internal_api.h>
+#include <trace.h>
+#include <string.h>
+
+static uint32_t HMAC_password(void *psswrd, int passwrd_size)
+{
+ TEE_Result ret;
+ TEE_ObjectHandle hmac_key = (TEE_ObjectHandle) NULL;
+ TEE_OperationHandle hmac_handle = (TEE_OperationHandle) NULL;
+ uint32_t alg = TEE_ALG_HMAC_SHA1;
+ uint32_t fn_ret = 1; /* Initialized error return */
+
+ ret = TEE_AllocateTransientObject(TEE_TYPE_HMAC_SHA1, passwrd_size, &hmac_key);
+ if (ret != TEE_SUCCESS) {
+ PRI_FAIL("Failed to alloc transient object handle : 0x%x", ret);
+ goto err;
+ }
+
+ ret = TEE_GenerateKey(hmac_key, key_size, (TEE_Attribute *)NULL, 0);
+ if (ret != TEE_SUCCESS) {
+ PRI_FAIL("Generate key failure : 0x%x", ret);
+ goto err;
+ }
+
+ ret = TEE_AllocateOperation(&hmac_handle, alg, TEE_MODE_MAC, passwrd_size);
+ if (ret != TEE_SUCCESS) {
+ PRI_FAIL("Cant alloc first handler");
+ goto err;
+ }
+
+ ret = TEE_SetOperationKey(hmac_handle, hmac_key);
+ if (ret != TEE_SUCCESS) {
+ PRI_FAIL("Failed to set first operation key : 0x%x", ret);
+ goto err;
+ }
+
+ TEE_MACInit(hmac_handle, NULL, 0);
+
+ TEE_MACUpdate(hmac_handle, msg, msg_len);
+
+ ret = TEE_MACComputeFinal(hmac_handle, NULL, 0, mac, &mac_len);
+ if (ret != TEE_SUCCESS) {
+ PRI_FAIL("First final failed : 0x%x", ret);
+ goto err;
+ }
+
+ TEE_MACInit(hmac_handle2, NULL, 0);
+
+ ret = TEE_MACCompareFinal(hmac_handle2, msg, msg_len, mac, mac_len);
+ if (ret != TEE_SUCCESS) {
+ PRI_FAIL("MAC Invalid");
+ goto err;
+ }
+
+ fn_ret = 0; /* OK */
+err:
+ TEE_FreeTransientObject(hmac_key);
+ TEE_FreeOperation(hmac_handle);
+ TEE_FreeOperation(hmac_handle2);
+ TEE_Free(mac);
+ TEE_Free(msg);
+
+ if (fn_ret == 0)
+ PRI_OK("-");
+
+ return fn_ret;
+}
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file internal.c
+ * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
+ * @version 1.0
+ * @brief
+ */
+
+#include <internal.h>
+#include <log.h>
+
+
+#ifndef TEE_DATA_FLAG_OVERWRITE
+#define TEE_DATA_FLAG_OVERWRITE TEE_DATA_FLAG_EXCLUSIVE
+#endif
+
+int KM_CheckAESMode(uint32_t algo, uint32_t tagLen)
+{
+ switch (tagLen) {
+ case 128:
+ return 0;
+ case 120:
+ return algo != TEE_ALG_AES_GCM;
+ case 112:
+ return 0;
+ case 104:
+ return algo != TEE_ALG_AES_GCM;
+ case 96:
+ return 0;
+ case 64:
+ return algo != TEE_ALG_AES_CCM;
+ case 48:
+ return algo != TEE_ALG_AES_CCM;
+ case 32:
+ return algo != TEE_ALG_AES_CCM;
+ default:
+ return 1;
+ }
+}
+
+TEE_Result KM_CreateKey(uint32_t tee_key_type, uint32_t key_bits_size, void *key, size_t key_size,
+ TEE_ObjectHandle *hndl)
+{
+ TEE_Attribute attr;
+ TEE_Result ret = TEE_SUCCESS;
+
+ TEE_InitRefAttribute(&attr, TEE_ATTR_SECRET_VALUE, key, key_size);
+ ret = TEE_AllocateTransientObject(tee_key_type, key_bits_size, hndl);
+ if (TEE_SUCCESS != ret) {
+ LOG("TEE_AllocateTransientObject has failed with=%x. Arguments=(tee_key_type=%X, "
+ "key_bits_size=%d.", ret, tee_key_type, key_bits_size);
+ return ret;
+ }
+
+ ret = TEE_PopulateTransientObject(*hndl, &attr, 1);
+ if (TEE_SUCCESS != ret) {
+ LOG("TEE_PopulateTransientObject has failed with=%x.", ret);
+ TEE_FreeTransientObject(*hndl);
+ *hndl = TEE_HANDLE_NULL;
+ }
+
+ return ret;
+}
+
+TEE_Result KM_CreateRandomKey(uint32_t tee_key_type, uint32_t key_bits_size, TEE_ObjectHandle *hndl)
+{
+ TEE_Result ret = TEE_SUCCESS;
+
+ ret = TEE_AllocateTransientObject(tee_key_type, key_bits_size, hndl);
+ if (TEE_SUCCESS != ret) {
+ LOG("TEE_AllocateTransientObject has failed with=%x.", ret);
+ return ret;
+ }
+ ret = TEE_GenerateKey(*hndl, key_bits_size, NULL, 0);
+ if (TEE_SUCCESS != ret) {
+ LOG("TEE_GenerateKey has failed with=%x.", ret);
+ TEE_FreeTransientObject(*hndl);
+ *hndl = TEE_HANDLE_NULL;
+ }
+
+ return ret;
+}
+
+TEE_Result KM_CreateOperation(TEE_ObjectHandle obj_hndl, uint32_t algo, uint32_t mode,
+ uint32_t key_bits_size, TEE_OperationHandle *hndl)
+{
+ TEE_Result ret = TEE_SUCCESS;
+
+ ret = TEE_AllocateOperation(hndl, algo, mode, key_bits_size);
+ if (TEE_SUCCESS != ret) {
+ LOG("TEE_AllocateOperation has failed with=%x.", ret);
+ return ret;
+ }
+
+ ret = TEE_SetOperationKey(*hndl, obj_hndl);
+ if (TEE_SUCCESS != ret) {
+ LOG("TEE_SetOperationKey has failed with=%x.", ret);
+ TEE_FreeOperation(*hndl);
+ *hndl = TEE_HANDLE_NULL;
+ }
+
+ return ret;
+}
+
+TEE_Result KM_CreateOperationWithKey(void *key, uint32_t key_size, uint32_t type, uint32_t mode,
+ uint32_t algo, uint32_t key_bits_size,
+ TEE_OperationHandle *oper_hndl)
+{
+ TEE_Result ret = TEE_SUCCESS;
+ TEE_ObjectHandle hndl = TEE_HANDLE_NULL;
+
+ ret = KM_CreateKey(type, key_bits_size, key, key_size, &hndl);
+ if (TEE_SUCCESS != ret) {
+ return ret;
+ }
+ ret = KM_CreateOperation(hndl, algo, mode, key_bits_size, oper_hndl);
+ TEE_FreeTransientObject(hndl);
+ return ret;
+}
+
+TEE_Result KM_CreateOperationWithKeyId(void *key_id, uint32_t key_id_size, uint32_t mode,
+ uint32_t algo, TEE_OperationHandle *oper_hndl)
+{
+ TEE_Result ret = TEE_SUCCESS;
+ TEE_ObjectHandle hndl = TEE_HANDLE_NULL;
+ uint32_t ks = 0;
+
+ ret = KM_OpenKey(key_id, key_id_size, &ks, &hndl);
+ if (TEE_SUCCESS != ret) {
+ return ret;
+ }
+ ret = KM_CreateOperation(hndl, algo, mode, ks, oper_hndl);
+ TEE_CloseObject(hndl);
+ return ret;
+}
+
+TEE_Result KM_SaveKey(void *data, size_t data_size, TEE_ObjectHandle key, void *objId,
+ size_t objId_size)
+{
+ TEE_Result ret = TEE_SUCCESS;
+ TEE_ObjectHandle pers_handl;
+ uint32_t flags =
+ TEE_DATA_FLAG_ACCESS_WRITE | TEE_DATA_FLAG_OVERWRITE;
+
+ TEE_GenerateRandom(objId, objId_size);
+
+ ret = TEE_CreatePersistentObject(TEE_STORAGE_PRIVATE, objId, objId_size, flags, key, data,
+ data_size, &pers_handl);
+ if (TEE_SUCCESS != ret) {
+ LOG("TEE_CreatePersistentObject has failed with=%x.", ret);
+ }
+
+ TEE_CloseObject(pers_handl);
+ return ret;
+}
+
+TEE_Result KM_OpenKey(void *objId, size_t objId_size, uint32_t *key_bits_size,
+ TEE_ObjectHandle *hndl)
+{
+ TEE_Result ret = TEE_SUCCESS;
+ TEE_ObjectInfo info;
+ uint32_t flags =
+ TEE_DATA_FLAG_ACCESS_READ;
+
+ ret = TEE_OpenPersistentObject(TEE_STORAGE_PRIVATE, objId, objId_size, flags, hndl);
+ if (TEE_SUCCESS != ret) {
+ LOG("TEE_OpenPersistentObject has failed with=%x.", ret);
+ return ret;
+ }
+
+ TEE_GetObjectInfo(*hndl, &info);
+ *key_bits_size = info.maxObjectSize;
+ return ret;
+}
+
+TEE_Result KM_ImportKey(TEE_ObjectHandle hndl, uint32_t tee_key_type, void *buffer,
+ size_t *buffer_size)
+{
+ TEE_Result ret = TEE_SUCCESS;
+ if (NULL == buffer) {
+ LOG("Buffer ptr is NULL.");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ switch (tee_key_type)
+ {
+ case TEE_TYPE_DES:
+ case TEE_TYPE_DES3:
+ case TEE_TYPE_AES:
+ ret = TEE_GetObjectBufferAttribute(hndl, TEE_ATTR_SECRET_VALUE, buffer, buffer_size);
+ break;
+ case TEE_TYPE_RSA_KEYPAIR:
+ LOG("Copy generated key for RSA.");
+ break;
+ default:
+ LOG("Can't generate key. Unknown key type=%d.", tee_key_type);
+ ret = TEE_ERROR_BAD_PARAMETERS;
+ }
+ if (TEE_SUCCESS != ret) {
+ LOG("Getting object has failed with=%x for type=%d", ret, tee_key_type);
+ }
+ return ret;
+}
+
+TEE_Result KM_GenerateIV(TEE_ObjectHandle *hndl, void *iv, size_t iv_size)
+{
+ TEE_Result ret = TEE_SUCCESS;
+ TEE_Attribute attr;
+
+ TEE_GenerateRandom(iv, iv_size);
+ TEE_InitRefAttribute(&attr, TEE_ATTR_SECRET_VALUE, iv, iv_size);
+
+ ret = TEE_AllocateTransientObject(TEE_TYPE_GENERIC_SECRET, iv_size, hndl);
+ if (TEE_SUCCESS != ret) {
+ LOG("TEE_AllocateTransientObject has failed with=%x.", ret);
+ return ret;
+ }
+ ret = TEE_PopulateTransientObject(*hndl, &attr, 1);
+ if (TEE_SUCCESS != ret) {
+ LOG("TEE_PopulateTransientObject has failed with=%x.", ret);
+ TEE_FreeTransientObject(*hndl);
+ hndl = TEE_HANDLE_NULL;
+ return ret;
+ }
+ return ret;
+}
--- /dev/null
+srcs-y += ta_km.c
+srcs-y += crypto_symmetric.c
+srcs-y += crypto_auth.c
+srcs-y += internal.c
+srcs-y += cmd_exec.c
\ No newline at end of file
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file ta_km.c
+ * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
+ * @version 1.0
+ * @brief
+ */
+
+#include <tee_internal_api.h>
+#include <ca_km.h>
+#include <cmd_exec.h>
+#include <log.h>
+
+#undef S_VAR_NOT_USED
+#define S_VAR_NOT_USED(variable) do{(void)(variable);}while(0);
+
+TEE_Result TA_CreateEntryPoint(void)
+{
+ return TEE_SUCCESS;
+}
+
+void TA_DestroyEntryPoint(void)
+{
+}
+
+TEE_Result TA_OpenSessionEntryPoint(uint32_t paramTypes, TEE_Param params[4], void **sessionContext)
+{
+ S_VAR_NOT_USED(paramTypes);
+ S_VAR_NOT_USED(params);
+ S_VAR_NOT_USED(sessionContext);
+ return TEE_SUCCESS;
+}
+
+void TA_CloseSessionEntryPoint(void *sessionContext)
+{
+ S_VAR_NOT_USED(sessionContext);
+}
+
+TEE_Result TA_InvokeCommandEntryPoint(void *sessionContext, uint32_t commandID, uint32_t param_types,
+ TEE_Param param[4])
+{
+ TEE_Result ret = TEE_SUCCESS;
+ S_VAR_NOT_USED(sessionContext);
+ S_VAR_NOT_USED(param_types);
+
+ switch (commandID) {
+ case CMD_GENERATE_KEY:
+ ret = KM_ExecCmdGenerateKey(param);
+ break;
+ case CMD_ENCRYPT:
+ case CMD_DECRYPT:
+ if (KEY_TYPE_AES != param[0].value.a &&
+ KEY_TYPE_DES != param[0].value.a &&
+ KEY_TYPE_DES3 != param[0].value.a) {
+ LOG("Invalid key type=%d for command=%d.", param[0].value.a, commandID);
+ ret = TEE_ERROR_BAD_PARAMETERS;
+ break;
+ }
+ if (ALGO_GCM == param[0].value.b ||
+ ALGO_CCM == param[0].value.b) {
+ ret = KM_ExecCmdAuth(commandID, param);
+ } else {
+ ret = KM_ExecCmdSymmetric(commandID, param);
+ }
+ break;
+ default:
+ LOG("Unknown commandID=%d.", commandID);
+ ret = TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ return ret;
+}
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file crypto_auth.c
+ * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
+ * @version 1.0
+ * @brief Implementation of Global Platform Internal API usage (authentication encryption)
+ */
+
+#include <internal.h>
+#include <auth.h>
+
+#define PERSISTENT_ID_SIZE 64
+#define PERSISTENT_ID_SIZE 64
+#define MAX_IV_SIZE 16
+
+TEE_Result
+psswrd_crypt(char *passwrd, uint32_t algo, uint32_t mode, uint32_t key_bits_size, char *data, uint32_t data_size)
+{
+ TEE_Result ret;
+ TEE_ObjectHandle handl;
+ TEE_ObjectHandle IVhandl;
+ char iv[MAX_IV_SIZE];
+ char objId[PERSISTENT_ID_SIZE];
+
+ if (mode == TEE_MODE_ENCRYPT) {
+ ret = generateIV(&IVhndl, &iv[0], sizeof(iv));
+ if (TEE_SUCCESS != ret) {
+ LOG("generateIV has failed with=%x.", ret);
+ return ret;
+ }
+ }
+
+ ret = auth_crypt_init(&hndl, TEE_TYPE_AES, key_bits_size, uint32_t key, uint32_t key_size, algo, mode, &iv[0],
+ sizeof(iv), uint32_t tagLen, uint32_t AADLen, uint32_t payloadLen);
+ if (mode == TEE_MODE_ENCRYPT) {
+ ret = auth_encrypt_final(hndl, data, data_size, void *out, size_t *out_size, void *tag, size_t *tag_size);
+ } else if (mode == TEE_MODE_DECRYPT) {
+ ret = auth_encrypt_final(hndl, data, data_size, void *out, size_t *out_size, void *tag, size_t *tag_size);
+ } else {
+ LOG("Invalid mode=%x.", mode);
+ }
+ ret = saveKey(out, out_size, ivhndl, (void *) &objId[0], sizeof(objId));
+ return 0;
+}
global-incdirs-y += include
-global-incdirs-y += ../serialization
-srcs-y += ta_km.c
-srcs-y += crypto_symmetric.c
-srcs-y += crypto_auth.c
-srcs-y += internal.c
-srcs-y += cmd_exec.c
-srcs-y += ../serialization/serialization.c
+subdirs-y += src
\ No newline at end of file
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file ta_km.c
- * @author Rafał Tyminski (r.tyminski@partner.samsung.com)
- * @version 1.0
- * @brief
- */
-
-#include <tee_internal_api.h>
-#include <ca_km.h>
-#include <cmd_exec.h>
-#include <log.h>
-
-#undef S_VAR_NOT_USED
-#define S_VAR_NOT_USED(variable) do{(void)(variable);}while(0);
-
-TEE_Result TA_CreateEntryPoint(void)
-{
- return TEE_SUCCESS;
-}
-
-void TA_DestroyEntryPoint(void)
-{
-}
-
-TEE_Result TA_OpenSessionEntryPoint(uint32_t paramTypes, TEE_Param params[4], void **sessionContext)
-{
- S_VAR_NOT_USED(paramTypes);
- S_VAR_NOT_USED(params);
- S_VAR_NOT_USED(sessionContext);
- return TEE_SUCCESS;
-}
-
-void TA_CloseSessionEntryPoint(void *sessionContext)
-{
- S_VAR_NOT_USED(sessionContext);
-}
-
-TEE_Result TA_InvokeCommandEntryPoint(void *sessionContext, uint32_t commandID, uint32_t param_types,
- TEE_Param param[4])
-{
- TEE_Result ret = TEE_SUCCESS;
- S_VAR_NOT_USED(sessionContext);
- S_VAR_NOT_USED(param_types);
-
- switch (commandID) {
- case CMD_GENERATE_KEY:
- ret = KM_ExecCmdGenerateKey(param);
- break;
- case CMD_ENCRYPT:
- case CMD_DECRYPT:
- if (KEY_TYPE_AES != param[0].value.a &&
- KEY_TYPE_DES != param[0].value.a &&
- KEY_TYPE_DES3 != param[0].value.a) {
- LOG("Invalid key type=%d for command=%d.", param[0].value.a, commandID);
- ret = TEE_ERROR_BAD_PARAMETERS;
- break;
- }
- if (ALGO_GCM == param[0].value.b ||
- ALGO_CCM == param[0].value.b) {
- ret = KM_ExecCmdAuth(commandID, param);
- } else {
- ret = KM_ExecCmdSymmetric(commandID, param);
- }
- break;
- default:
- LOG("Unknown commandID=%d.", commandID);
- ret = TEE_ERROR_BAD_PARAMETERS;
- }
-
- return ret;
-}
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>
-<manifest xmlns="http://www.samsungdforum.com/ns/packages" >
- <properties>
- <!-- Trusted Application Configuration Properties GPD TEE Internal API Specification v1.0 -->
- <general
- appID="00000000-0000-0000-0000-666666555555"
- singleInstance="true"
- multiSession="true"
- instanceKeepAlive="true"
- stackSize="4086"
- dataSize="4086" />
-
- <!-- Extended TEE specific -->
- <extension
- appName="km"
- appVersion="1"
- type="application"
- zone="internal"
- sdkVersion="2.0"
- launchMode="debug" />
- </properties>
- <!-- Access Control Policy -->
- <policy>
- <privilege name = "platform" />
- <protectionDomain>
- <createDomain name = "domain1/domain2" />
- <allowedDomain name = "domain1" />
- <allowedDomain name = "domain3" />
- </protectionDomain>
-
- <permission>
- <uses-permission name="system.permission.CRYPTO" />
- <uses-permission name="system.permission.STORAGE" />
- </permission>
- </policy>
-
- <taEncryption>
- <model>
- <modelName value="Debug"/>
- <plainkeydata value="Y2FlZTI3MGJlN2IwZjMyNTM3OWRlZDU0OGQxMGMwZmZiZmJhYTc5NTY5MzY3Y2Q5ZTIzZWNjMmZiY2ExOGViZg0K" />
- </model>
- </taEncryption>
-
- <information>
- <description> "This is a backend module for Key-Mamager." </description>
- <author> "Samsung Electronics" </author>
- <terms> "This sample Application is provided as is. All rights reserved." </terms>
- <copyright> "Copyright (c) 2015 Samsung Electronics" </copyright>
- </information>
-
-</manifest>
+++ /dev/null
-/*
- * Copyright (c) 2016, Linaro Limited
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * The name of this file must not be modified
- */
-
-#ifndef USER_TA_HEADER_DEFINES_H
-#define USER_TA_HEADER_DEFINES_H
-
-#define TA_UUID { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x66, 0x66, 0x66, 0x55, 0x55, 0x55} }
-
-#define TA_FLAGS (TA_FLAG_MULTI_SESSION | TA_FLAG_EXEC_DDR)
-#define TA_STACK_SIZE (2 * 1024)
-#define TA_DATA_SIZE (32 * 1024)
-
-#define TA_CURRENT_TA_EXT_PROPERTIES \
- { "gp.ta.description", USER_TA_PROP_TYPE_STRING, \
- "KEY MANAGER TA" }, \
- { "gp.ta.version", USER_TA_PROP_TYPE_U32, &(const uint32_t){ 0x0010 } }
-
-#endif /*USER_TA_HEADER_DEFINES_H*/
projects / platform / core / security / trusted / key-manager-ta.git / commitdiff