1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements.  See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership.  The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License.  You may obtain a copy of the License at
8 //
9 //   http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing,
12 // software distributed under the License is distributed on an
13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14 // KIND, either express or implied.  See the License for the
15 // specific language governing permissions and limitations
16 // under the License.
17 
18 #![no_main]
19 
20 use optee_utee::{
21     ta_close_session, ta_create, ta_destroy, ta_invoke_command, ta_open_session, trace_println,
22 };
23 use optee_utee::{AlgorithmId, Asymmetric, OperationMode};
24 use optee_utee::{Error, ErrorKind, Parameters, Result};
25 use optee_utee::{TransientObject, TransientObjectType};
26 use proto::Command;
27 
28 pub struct RsaCipher {
29     pub key: TransientObject,
30 }
31 
32 impl Default for RsaCipher {
default() -> Self33     fn default() -> Self {
34         Self {
35             key: TransientObject::null_object(),
36         }
37     }
38 }
39 
40 #[ta_create]
create() -> Result<()>41 fn create() -> Result<()> {
42     trace_println!("[+] TA create");
43     Ok(())
44 }
45 
46 #[ta_open_session]
open_session(_params: &mut Parameters, _sess_ctx: &mut RsaCipher) -> Result<()>47 fn open_session(_params: &mut Parameters, _sess_ctx: &mut RsaCipher) -> Result<()> {
48     trace_println!("[+] TA open session");
49     Ok(())
50 }
51 
52 #[ta_close_session]
close_session(_sess_ctx: &mut RsaCipher)53 fn close_session(_sess_ctx: &mut RsaCipher) {
54     trace_println!("[+] TA close session");
55 }
56 
57 #[ta_destroy]
destroy()58 fn destroy() {
59     trace_println!("[+] TA destroy");
60 }
61 
gen_key(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()>62 fn gen_key(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()> {
63     let key_size = unsafe { params.0.as_value().unwrap().a() };
64     rsa.key =
65         TransientObject::allocate(TransientObjectType::RsaKeypair, key_size as usize).unwrap();
66     rsa.key.generate_key(key_size as usize, &[])?;
67     Ok(())
68 }
69 
get_size(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()>70 fn get_size(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()> {
71     let key_info = rsa.key.info().unwrap();
72     unsafe {
73         params
74             .0
75             .as_value()
76             .unwrap()
77             .set_a((key_info.object_size() / 8) as u32)
78     };
79     Ok(())
80 }
81 
encrypt(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()>82 fn encrypt(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()> {
83     let key_info = rsa.key.info().unwrap();
84     let mut p0 = unsafe { params.0.as_memref().unwrap() };
85     let plain_text = p0.buffer();
86     let mut p1 = unsafe { params.1.as_memref().unwrap() };
87     match Asymmetric::allocate(
88         AlgorithmId::RsaesPkcs1V15,
89         OperationMode::Encrypt,
90         key_info.object_size(),
91     ) {
92         Err(e) => Err(e),
93         Ok(cipher) => {
94             cipher.set_key(&rsa.key)?;
95             match cipher.encrypt(&[], &plain_text) {
96                 Err(e) => Err(e),
97                 Ok(cipher_text) => Ok(p1.buffer().clone_from_slice(&cipher_text)),
98             }
99         }
100     }
101 }
102 
decrypt(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()>103 fn decrypt(rsa: &mut RsaCipher, params: &mut Parameters) -> Result<()> {
104     let key_info = rsa.key.info().unwrap();
105     let mut p0 = unsafe { params.0.as_memref().unwrap() };
106     let mut cipher_text = p0.buffer();
107     let mut p1 = unsafe { params.1.as_memref().unwrap() };
108     match Asymmetric::allocate(
109         AlgorithmId::RsaesPkcs1V15,
110         OperationMode::Decrypt,
111         key_info.object_size(),
112     ) {
113         Err(e) => Err(e),
114         Ok(cipher) => {
115             cipher.set_key(&rsa.key)?;
116             match cipher.decrypt(&mut [], &mut cipher_text) {
117                 Err(e) => Err(e),
118                 Ok(plain_text) => Ok(p1.buffer().clone_from_slice(&plain_text)),
119             }
120         }
121     }
122 }
123 
124 #[ta_invoke_command]
invoke_command(sess_ctx: &mut RsaCipher, cmd_id: u32, params: &mut Parameters) -> Result<()>125 fn invoke_command(sess_ctx: &mut RsaCipher, cmd_id: u32, params: &mut Parameters) -> Result<()> {
126     trace_println!("[+] TA invoke command");
127     match Command::from(cmd_id) {
128         Command::GenKey => gen_key(sess_ctx, params),
129         Command::GetSize => get_size(sess_ctx, params),
130         Command::Encrypt => encrypt(sess_ctx, params),
131         Command::Decrypt => decrypt(sess_ctx, params),
132         _ => Err(Error::new(ErrorKind::BadParameters)),
133     }
134 }
135 
136 // TA configurations
137 const TA_FLAGS: u32 = 0;
138 const TA_DATA_SIZE: u32 = 32 * 1024;
139 const TA_STACK_SIZE: u32 = 2 * 1024;
140 const TA_VERSION: &[u8] = b"0.1\0";
141 const TA_DESCRIPTION: &[u8] = b"Example of TA using asymmetric cipher.\0";
142 const EXT_PROP_VALUE_1: &[u8] = b"Acipher TA\0";
143 const EXT_PROP_VALUE_2: u32 = 0x0010;
144 const TRACE_LEVEL: i32 = 4;
145 const TRACE_EXT_PREFIX: &[u8] = b"TA\0";
146 const TA_FRAMEWORK_STACK_SIZE: u32 = 2048;
147 
148 include!(concat!(env!("OUT_DIR"), "/user_ta_header.rs"));
149