From: Krzysztof Dynowski Date: Tue, 13 Jun 2017 13:21:32 +0000 (+0200) Subject: TEF js-api implementation X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Fdraft%2Ffor%2Ftizen;p=platform%2Fcore%2Fwebapi%2Flibteec.git TEF js-api implementation Change-Id: I2c9f96e192c5fd756d8f4530f64d06e935f87d12 Signed-off-by: Krzysztof Dynowski --- diff --git a/index.html b/index.html new file mode 100644 index 0000000..b0b6c9c --- /dev/null +++ b/index.html @@ -0,0 +1,48 @@ + + + + + + + + + diff --git a/js/tef-libteec.js b/js/tef-libteec.js new file mode 100644 index 0000000..88c5fa5 --- /dev/null +++ b/js/tef-libteec.js @@ -0,0 +1,167 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +var Security = Security || {}; + +// namespace Security.TEEC +Security.TEEC = (function() { + var accessInernal=false; + return { + //enum LoginMethod + LoginMethod : Object.freeze({ + Public : 0x00000000, + User : 0x00000001, + Group : 0x00000002, + Application : 0x00000003, + }), + + //enum TEFValueType + TEFValueType : Object.freeze({ + Input : 0x00000001, + Output : 0x00000002, + InOut : 0x00000003, + }), + + //enum TEFTempMemoryType + TEFTempMemoryType : Object.freeze({ + Input : 0x00000005, + Output : 0x00000006, + InOut : 0x00000007, + }), + + //enum TEFRegisteredMemoryType + TEFRegisteredMemoryType : Object.freeze({ + Whole : 0x0000000C, + PartialInput : 0x0000000D, + PartialOutput : 0x0000000E, + PartialInOut : 0x0000000F, + }), + + //enum SharedMemoryFlags + SharedMemoryFlags : Object.freeze({ + Input : 0x00000001, + Output : 0x00000002, + InOut : 0x00000003, //=Input|Output + }), + + + //Universal Unique ID + TEF_UUID : function(tmLo, tmMid, tmHi, seq) { + this.timeLow=tmLo; + this.timeMid=tmMid; + this.timeHi=tmHi; + this.seq=seq; + }, + + //Shared memory handler + SharedMemory : function() { + if (!accessInernal) throw new Error('contructor is not accessible'); + }, + + //Registered shared memory paramter + RegisteredMemory : function(shm, s, o, type) { + this.shm = shm; + this.offs = o; + this.size = s; + }, + + //Temporary(local) memory parameter + TempMemory : function(s, type) { + this.mem = new ArrayBuffer(s); + }, + + //Value parameter + Value : function(a,b, type) { + this.a=a; + this.b=b; + }, + + + //private class Session (private) + Session : function (ctx) { + if (!accessInernal) throw new Error('contructor is not accessible'); + + var ctx=ctx; //private + var ses=this;//private + + this.open = function(destUUID, loginMethod, connectionData, params, onSuccess, onError) { + if (!accessInernal) throw new Error('open is not accessible'); + return setTimeout(function() { + if (onSuccess !== null) onSuccess(ses); + },1); + } + + this.close = function() { + } + + //return id of the requested operation + // callback: onSuccess(session) + // callback: onError(errorInfo) + this.invokeCommand = function(cmd, params, onSuccess, onError) { + return setTimeout(function() { + if (onSuccess !== null) onSuccess(0); + }); + } + }, + + //public class Context + Context : function (name) { + var ctx = this; // private + var name = name; // private + + //return name of the TEE driver selected + this.getName = function() { return name; } + + //return id of the requested operation + // callback: onSuccess(session) + // callback: onError(errorInfo) + this.openSession = function(uuid, loginMethod, connectionData, params, onSuccess, onError) { + if (!(uuid instanceof Security.TEEC.UUID)) throw new Error('Inavalid param type'); + + //TODO make real async call + accessInernal=true; + var ses = new Security.TEEC.Session(ctx); + var id = ses.open(uuid, loginMethod, connectionData, params, onSuccess, onError); + accessInernal=false; + return id; + } + + //return nothing + this.revokeCommand = function(opid) { + } + + //return shared memory handler + this.allocateSharedMemory = function(size,flags) { + accessInernal=true; + var shm = new Security.TEEC.SharedMemory(); + accessInernal=false; + return shm; + } + + //return shared memory handler + this.registerSharedMemory = function(addr,size,flags) { + accessInernal=true; + var shm = new Security.TEEC.SharedMemory(); + accessInernal=false; + return shm; + } + + this.releaseSharedMemory = function(shm) { + } + }, + };//outer return +}()); + diff --git a/web/widl/tizen/libteec.widl b/web/widl/tizen/libteec.widl deleted file mode 100644 index d735c77..0000000 --- a/web/widl/tizen/libteec.widl +++ /dev/null @@ -1,655 +0,0 @@ -/** - * \brief The LibTeec API provides functionality to communicate with application executed in trusted environment. - * - * Libteec can be understood as a universal API for communication with trusted execution environment (TEE). - * This API follows GlobalPlatform (GP) specification.
The original documentation (TEE_Client_API_Specification-xxx.pdf) - * is available to download from GlobalPlatform.org under Device section. - * - * The Libteec provides a set of functions for executing application in TrustZone and communicating with it. - * This way we have, so called, two worlds: rich world (like Linux) with Client Application (CA) and - * secure world with Trusted Application (TA). - * - * \def-api-feature http://tizen.org/feature/security.tee - * To guarantee that the CA is running on a device with TrustZone support, declare following feature in the config. - */ -module LibTeec { - - // https://heycam.github.io/webidl/#idl-namespaces - //namespace Tef { - - /** - * \brief This type denotes Session Login Method used in OpenSession. - * - * The following methods are supported: - * - * - * \version 4.0 - * - */ - enum TeecLoginMethod { - "PUBLIC", - "USER", - "GROUP", - "APPLICATION" - }; - - /** - * \brief This type denotes Value parameter. - * - * - * - * \version 4.0 - * - */ - enum TeecValueType { - "INPUT", - "OUTPUT", - "INOUT" - }; - - /** - * \brief This type denotes TempMemory parameter. - * - * - * - * \version 4.0 - * - */ - enum TeecTempMemoryType { - "INPUT", - "OUTPUT", - "INOUT" - }; - - /** - * \brief This type denotes RegisteredMemory parameter. - * - * - * - * \version 4.0 - * - */ - enum TeecRegisteredMemoryType { - "WHOLE", - "PARTIAL_INPUT", - "PARTIAL_OUTPUT", - "PARTIAL_INOUT" - }; - - /** - * \brief This type denotes SharedMemory access direction. - * - * - * - * \version 4.0 - * - */ - enum TeecSharedMemoryFlags { - "INPUT", - "OUTPUT", - "INOUT" - }; - - /** - * \brief This type contains a Universally Unique Resource Identifier (UUID) type as defined in RFC 4122. - * These UUID values are used to identify Trusted Applications. - * Example UUID strig representation: f81d4fae-7dec-11d0-a765-00a0c91e6bf6 - * - * \version 4.0 - */ - typedef DOMString TeecUuid; - - /** - * \brief Background process id. - * - * \version 4.0 - */ - typedef unsigned long TeecTaskId; - - /** - * \brief The LibTeecObject interface gives access to the LibTeec API from the tizen.teec object. - * - * \version 4.0 - * - */ - [NoInterfaceObject] interface LibTeecManagerObject { - readonly attribute LibTeecManager teec; - }; - Tizen implements LibTeecManagerObject; - - /** - * \brief The LibTeecManager interface provides methods to access Context and Session for GlobalPlatform libteec. - * - * Once a context object is obtained, it is possible to open a session to Trusted Application (TA) . - * - * \version 4.0 - * - */ - [NoInterfaceObject] interface LibTeecManager { - - /** - * \brief Get TEE context by name. - * - * \version 4.0 - * - * \privilegelevel partner - * \privilege http://tizen.org/privilege/tee.client - * - * \param name describes the TEE to connect to, when not given (or null) connects to default TEE. - * - * \throw WebAPIException with error type SecurityError, if application does not have privilege to access this method. - * \throw WebAPIException with error type NotSupportedError, if required feature is not supported. - * - * \return Context The created TeecContext - * - * \code - * try { - * var ctx = tizen.teec.getContext(); //get default TEE context - * } - * catch (err) - * { - * console.log(err.name + ": " + err.message); - * } - * \endcode - * - */ - TeecContext getContext(optional DOMString? name) raises (WebAPIException); - }; - - /** - * \brief This type denotes a TEE Context, the main logical container linking a Client Application with a particular TEE. - * - */ - [NoInterfaceObject] interface TeecContext { - /** - * \brief Open session with TA. - * - * The ErrorCallback() is launched with these error types: - * - * - * \version 4.0 - * - * \privilegelevel partner - * \privilege http://tizen.org/privilege/tee.client - * - * \param taUUID the UUID of destination TA. - * \param loginMethod the authentication algorithm see TeecLoginMethod. - * \param connectionData the buffer of data required for login method. - * \param params the array of parameters (note. max is 4 items). - * \param successCallback callback function triggered when sucessfully done. - * \param errorCallback callback function triggered when error occured. - * - * \throw WebAPIException with error type SecurityError, if application does not have privilege to access this method. - * \throw WebAPIException with error type NotSupportedError, if required feature is not supported. - * \throw WebAPIException with error type InvalidValuesError, if any of input arguments is invalid. - * - * \return TeecTaskId The id of scheduled task which can be used to revoke (see revokeCommand). - * - * \code - * try { - * function sessionSuccess(session) { - * //session opened, now can communicate with TA - * console.log("session opened"); - * //... - * session.close(); - * } - * function sessionError(err) { - * console.log("openSession: " + err.name + ":" + err.message); - * } - * var ta = '123e4567-e89b-12d3-a456-426655440000'; - * var ctx = tizen.teec.getContext(); - * ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError); - * } - * catch (err) - * { - * console.log(err.name + ": " + err.message); - * } - * \endcode - * - */ - TeecTaskId openSession(TeecUuid taUUID, - TeecLoginMethod loginMethod, - byte[] connectionData, - TeecParameter[] params, - TeecOpenSuccessCallback successCallback, - optional ErrorCallback? errorCallback) raises (WebAPIException); - - /** - * \brief Revoke last operation identified by id. - * - * \version 4.0 - * - * \privilegelevel partner - * \privilege http://tizen.org/privilege/tee.client - * - * \param id the identifier of scheduled task see openSession, invokeCommand - * - * \throw WebAPIException with error type SecurityError, if application does not have privilege to access this method. - * \throw WebAPIException with error type NotSupportedError, if required feature is not supported. - * - * \code - * try { - * var ctx = tizen.teec.getContext(); - * function commandSuccess(cmd, params) { - * console.log("command " + cmd + ": ", params); - * } - * function sessionSuccess(session) { - * //session opened, now can communicate with TA - * var data = [1,2,3,4,45,6,7,7,7]; - * var p1 = new TeecValue(10, 100); //command parameter 1 - * var p2 = new TeecTempMemory(data); //command parameter 2 - * var id = session.invokeCommand(1, [p1, p2], commandSuccess); - * ctx.revokeCommand(id); // cancel above command - * session.close(); - * } - * function sessionError(err) { - * console.log("openSession: " + err.name + ":" + err.message); - * } - * var ta = '123e4567-e89b-12d3-a456-426655440000'; - * var cid = ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError); - * // cid can be used to revoke openSession request - * } - * catch (err) - * { - * console.log(err.name + ": " + err.message); - * } - * \endcode - * - */ - void revokeCommand(TeecTaskId id) raises (WebAPIException); - - /** - * Allocate shared memory. - * - * \version 4.0 - * - * \privilegelevel partner - * \privilege http://tizen.org/privilege/tee.client - * - * \param size the size of memory block to be allocated - * \param flags the access flags see SharedMemoryFlags - * - * \throw WebAPIException with error type SecurityError, if application does not have privilege to access this method. - * \throw WebAPIException with error type NotSupportedError, if required feature is not supported. - * \throw WebAPIException with error type InvalidValuesError, if any of input arguments is invalid. - * - * \code - * try { - * var ctx = tizen.teec.getContext(); - * var shm = ctx.allocateSharedMemory(1024*1024, TeecSharedMemoryFlags.INOUT); - * ctx.releaseSharedMemory(shm); - * } - * catch (err) - * { - * console.log(err.name + ": " + err.message); - * } - * \endcode - * - */ - TeecSharedMemory allocateSharedMemory(unsigned long size, TeecSharedMemoryFlags flags) raises (WebAPIException); - - /** - * Register shared memory. - * - * \version 4.0 - * - * \privilegelevel partner - * \privilege http://tizen.org/privilege/tee.client - * - * \param addr the address of memory block to share - * \param size the size of memory block to be allocated - * \param flags the access flags see SharedMemoryFlags - * - * \throw WebAPIException with error type SecurityError, if application does not have privilege to access this method. - * \throw WebAPIException with error type NotSupportedError, if required feature is not supported. - * \throw WebAPIException with error type InvalidValuesError, if any of input arguments is invalid. - * - * \code - * try { - * var ctx = tizen.teec.getContext(); - * var shm = ctx.registerSharedMemory(0x1234567, 1024*1024, TeecSharedMemoryFlags.INOUT); - * ctx.releaseSharedMemory(shm); - * } - * catch (err) - * { - * console.log(err.name + ": " + err.message); - * } - * \endcode - * - */ - TeecSharedMemory registerSharedMemory(unsigned long long addr, unsigned long size, TeecSharedMemoryFlags flags) raises (WebAPIException); - - /** - * Release shared memory, previously allocated or registered. - * - * \version 4.0 - * - * \privilegelevel partner - * \privilege http://tizen.org/privilege/tee.client - * - * \param shm the shared memory description object - * - * \throw WebAPIException with error type SecurityError, if application does not have privilege to access this method. - * \throw WebAPIException with error type NotSupportedError, if required feature is not supported. - * \throw WebAPIException with error type InvalidValuesError, if any of input arguments is invalid. - * - * \code - * try { - * var ctx = tizen.teec.getContext(); - * var shm = ctx.allocateSharedMemory(1024*1024, TeecSharedMemoryFlags.INOUT); - * ctx.releaseSharedMemory(shm); - * } - * catch (err) - * { - * console.log(err.name + ": " + err.message); - * } - * \endcode - * - */ - void releaseSharedMemory(TeecSharedMemory shm) raises (WebAPIException); - }; - - /** - * \brief This type denotes a TEE Session, the logical link between Client Application and a particular Trusted Application. - * - */ - [NoInterfaceObject] interface TeecSession { - /** - * \brief Close session with TA. - * - * \version 4.0 - * - * \privilegelevel partner - * \privilege http://tizen.org/privilege/tee.client - * - * \throw WebAPIException with error type SecurityError, if application does not have privilege to access this method. - * \throw WebAPIException with error type NotSupportedError, if required feature is not supported. - * - * \code - * try { - * function sessionSuccess(session) { - * //session opened, now can communicate with TA - * session.close(); - * } - * function sessionError(err) { - * console.log("openSession: " + err.name + ":" + err.message); - * } - * var ta = '123e4567-e89b-12d3-a456-426655440000'; - * var ctx = tizen.teec.getContext(); - * val cid = ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError); - * // openSession can be revoked also - * } - * catch (err) - * { - * console.log(err.name + ": " + err.message); - * } - * \endcode - * - */ - void close() raises (WebAPIException); - - /** - * \brief Send command to TA. - * - * The ErrorCallback() is launched with these error types: - * - * - * \version 4.0 - * - * \privilegelevel partner - * \privilege http://tizen.org/privilege/tee.client - * - * \param cmd the command. - * \param params the array of parameters (max 4 items). - * \param successCallback callback function triggered when sucessfully done. - * \param errorCallback callback function triggered when error occured. - * - * \throw WebAPIException with error type SecurityError, if application does not have privilege to access this method. - * \throw WebAPIException with error type NotSupportedError, if required feature is not supported. - * \throw WebAPIException with error type InvalidValuesError, if any of input arguments is invalid, like - * params contains more then 4 elements. - * \throw WebAPIException with error type TypeMismatchError, if the input parameter - * is not compatible with the expected type for that parameter. - * - * \return TeecTaskId The id of scheduled task which can be used to revoke (see revokeCommand). - * - * \code - * try { - * var globalSession; - * function commandError(err) { - * globalSession.close(); - * } - * function commandSuccess(cmd, params) { - * console.log("command " + cmd + ": ", params); - * globalSession.close(); - * } - * function sessionSuccess(session) { - * //session opened, now can communicate with TA - * globalSession = session; - * var data = [1,2,3,4,45,6,7,7,7]; - * var p1 = new TeecValue(10, 100); //command parameter 1 - * var p2 = new TeecTempMemory(data); //command parameter 2 - * session.invokeCommand(1, [p1, p2], commandSuccess, commandError); - * } - * function sessionError(err) { - * console.log("openSession: " + err.name + ":" + err.message); - * } - * var ta = '123e4567-e89b-12d3-a456-426655440000'; - * var ctx = tizen.teec.getContext(); - * val cid = ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError); - * } - * catch (err) - * { - * console.log(err.name + ": " + err.message); - * } - * \endcode - * - */ - TeecTaskId invokeCommand(long cmd, - TeecParameter[] params, - TeecCommandSuccessCallback successCallback, - optional ErrorCallback? errorCallback) raises (WebAPIException); - }; - - /** - * \brief Shared memory reference object. - * Instance of this object can be obtained from TeecSession with one of methods: - * allocateSharedMemory or registerSharedMemory - * - * \version 4.0 - * - */ - [NoInterfaceObject] interface TeecSharedMemory { - /** - * \brief Size of this shared memory block. - * - * \version 4.0 - * - */ - readonly attribute unsigned long long size; - - /** - * \brief Convenient method to set some bytes in shared memory. - * - * \version 4.0 - * - * \param data sequence of bytes (buffer size is data.length) - * \param offset offset in shared memory to start writing - * - * \throw WebAPIException with error type TypeMismatchError, if a parameter has incorrect type. - * - */ - void setData(byte[] data, unsigned long long offset) raises (WebAPIException); - - /** - * \brief Convenient method to get some bytes from shared memory. - * - * \version 4.0 - * - * \param data buffer for bytes (buffer size is data.length) - * \param offset offset in shared memory to start reading - * - * \throw WebAPIException with error type TypeMismatchError, if a parameter has incorrect type. - * - */ - void getData(byte[] data, unsigned long long offset) raises (WebAPIException); - }; - - /** - * \brief Abstract parameter type. - * - * \version 4.0 - * - */ - [NoInterfaceObject] interface TeecParameter { - /** - * \brief The type of parameter - abstract class for all parameteres. - * This can be one of TeecValueType, TeecTempMemoryType, TeecRegisteredMemoryType - * - * \version 4.0 - * - */ - attribute DOMString type; - }; - - [Constructor(TeecSharedMemory memory, unsigned long long offset, unsigned long long size)] - /** - * \brief Registered memory parameter. - * - * \version 4.0 - * - */ - interface TeecRegisteredMemory : TeecParameter { - /** - * \brief Referred shared memory. - * - * \version 4.0 - * - */ - attribute TeecSharedMemory shm; - - /** - * \brief Offset in shared memory (start of accessed block). - * - * \version 4.0 - * - */ - attribute unsigned long long offset; - - /** - * \brief Size of block in shared memory (length of the block). - * - * \version 4.0 - * - */ - attribute unsigned long long size; - }; - - [Constructor(byte[] mem)] - /** - * \brief Temporary memory parameter. - * - * \version 4.0 - * - */ - interface TeecTempMemory : TeecParameter { - /** - * \brief Local memory block. - * - * \version 4.0 - * - */ - attribute byte[] mem; - }; - - [Constructor(long a, long b)] - /** - * \brief Value parameter. - * - * \version 4.0 - * - */ - interface TeecValue : TeecParameter { - /** - * \brief Integer number to be delivered. - * - * \version 4.0 - * - */ - attribute long a; - /** - * \brief Integer number to be delivered. - * - * \version 4.0 - * - */ - attribute long b; - }; - - /** - * \brief The success callback to be invoked when session was opened. - * \version 4.0 - */ - [Callback=FunctionOnly, NoInterfaceObject] - interface TeecOpenSuccessCallback { - /** - * \brief Called when the session is opened successfully. - * - * \version 4.0 - * - * \param session TeecSession object - * - */ - void onsuccess(TeecSession session); - }; - - /** - * \brief The success callback to be invoked when command performed on TA is finished. - * \version 4.0 - */ - [Callback=FunctionOnly, NoInterfaceObject] - interface TeecCommandSuccessCallback { - /** - * \brief Called when the command is done successfully. - * - * \version 4.0 - * - * \param params array of TeecParam objects - * - */ - void onsuccess(long cmd, TeecParameter[] params); - }; - - //}; // namespace Tef -};