From 43dd44d4dad3e8e2c868fcd533750b5b9c2e7277 Mon Sep 17 00:00:00 2001 From: Yuan Zhuang Date: Thu, 9 Mar 2023 13:53:13 +0000 Subject: [PATCH 1/4] Update interfaces for GP 1.3.1 --- examples/serde-rs/ta/src/main.rs | 2 +- optee-utee/optee-utee-sys/src/tee_api.rs | 145 ++++++++++-------- .../optee-utee-sys/src/tee_api_defines.rs | 29 +++- .../optee-utee-sys/src/tee_api_types.rs | 9 +- optee-utee/src/arithmetical.rs | 26 ++-- optee-utee/src/crypto_op.rs | 86 +++++------ optee-utee/src/object.rs | 30 ++-- optee-utee/src/parameter.rs | 2 +- 8 files changed, 185 insertions(+), 144 deletions(-) diff --git a/examples/serde-rs/ta/src/main.rs b/examples/serde-rs/ta/src/main.rs index dc9b8acd..e025e84d 100644 --- a/examples/serde-rs/ta/src/main.rs +++ b/examples/serde-rs/ta/src/main.rs @@ -67,7 +67,7 @@ fn invoke_command(cmd_id: u32, params: &mut Parameters) -> Result<()> { let len = buffer.write(serialized.as_bytes()).unwrap(); // update size of output buffer - unsafe { (*p.raw()).size = len as u32 }; + unsafe { (*p.raw()).size = len}; // Prints serialized = {"x":1,"y":2} trace_println!("serialized = {}", serialized); diff --git a/optee-utee/optee-utee-sys/src/tee_api.rs b/optee-utee/optee-utee-sys/src/tee_api.rs index 4b084718..2ef3e345 100644 --- a/optee-utee/optee-utee-sys/src/tee_api.rs +++ b/optee-utee/optee-utee-sys/src/tee_api.rs @@ -25,7 +25,7 @@ extern "C" { propsetOrEnumerator: TEE_PropSetHandle, name: *const c_char, valueBuffer: *mut c_char, - valueBufferLen: *mut u32, + valueBufferLen: *mut usize, ) -> TEE_Result; pub fn TEE_GetPropertyAsBool( propsetOrEnumerator: TEE_PropSetHandle, @@ -37,11 +37,16 @@ extern "C" { name: *const c_char, value: *mut u32, ) -> TEE_Result; + pub fn TEE_GetPropertyAsU64( + propsetOrEnumerator: TEE_PropSetHandle, + name: *const c_char, + value: *mut u64, + ) -> TEE_Result; pub fn TEE_GetPropertyAsBinaryBlock( propsetOrEnumerator: TEE_PropSetHandle, name: *const c_char, valueBuffer: *mut c_void, - valueBufferLen: *mut u32, + valueBufferLen: *mut usize, ) -> TEE_Result; pub fn TEE_GetPropertyAsUUID( propsetOrEnumerator: TEE_PropSetHandle, @@ -60,7 +65,7 @@ extern "C" { pub fn TEE_GetPropertyName( enumerator: TEE_PropSetHandle, nameBuffer: *mut c_void, - nameBufferLen: *mut u32, + nameBufferLen: *mut usize, ) -> TEE_Result; pub fn TEE_GetNextProperty(enumerator: TEE_PropSetHandle) -> TEE_Result; @@ -99,20 +104,20 @@ extern "C" { pub fn TEE_CheckMemoryAccessRights( accessFlags: u32, buffer: *mut c_void, - size: u32, + size: usize, ) -> TEE_Result; pub fn TEE_SetInstanceData(instanceData: *const c_void); pub fn TEE_GetInstanceData() -> *const c_void; - pub fn TEE_Malloc(size: u32, hint: u32) -> *mut c_void; - pub fn TEE_Realloc(buffer: *mut c_void, newSize: u32) -> *mut c_void; + pub fn TEE_Malloc(size: usize, hint: u32) -> *mut c_void; + pub fn TEE_Realloc(buffer: *mut c_void, newSize: usize) -> *mut c_void; pub fn TEE_Free(buffer: *mut c_void); - pub fn TEE_MemMove(dest: *mut c_void, src: *const c_void, size: u32) -> *mut c_void; + pub fn TEE_MemMove(dest: *mut c_void, src: *const c_void, size: usize) -> *mut c_void; pub fn TEE_MemCompare( buffer1: *const c_void, buffer2: *const c_void, - size: u32, + size: usize, ) -> i32; - pub fn TEE_MemFill(buff: *mut c_void, x: u32, size: u32) -> *mut c_void; + pub fn TEE_MemFill(buff: *mut c_void, x: u32, size: usize) -> *mut c_void; // Data and Key Storage API - Generic Object Functions @@ -127,7 +132,7 @@ extern "C" { object: TEE_ObjectHandle, attributeID: u32, buffer: *mut c_void, - size: *mut u32, + size: *mut usize, ) -> TEE_Result; pub fn TEE_GetObjectValueAttribute( object: TEE_ObjectHandle, @@ -141,7 +146,7 @@ extern "C" { pub fn TEE_AllocateTransientObject( objectType: TEE_ObjectType, - maxKeySize: u32, + maxObjectSize: u32, object: *mut TEE_ObjectHandle, ) -> TEE_Result; pub fn TEE_FreeTransientObject(object: TEE_ObjectHandle) -> c_void; @@ -155,7 +160,7 @@ extern "C" { attr: *mut TEE_Attribute, attributeID: u32, buffer: *const c_void, - length: u32, + length: usize, ) -> c_void; pub fn TEE_InitValueAttribute( attr: *mut TEE_Attribute, @@ -183,18 +188,18 @@ extern "C" { pub fn TEE_OpenPersistentObject( storageID: u32, objectID: *const c_void, - objectIDLen: u32, + objectIDLen: usize, flags: u32, object: *mut TEE_ObjectHandle, ) -> TEE_Result; pub fn TEE_CreatePersistentObject( storageID: u32, objectID: *const c_void, - objectIDLen: u32, + objectIDLen: usize, flags: u32, attributes: TEE_ObjectHandle, initialData: *const c_void, - initialDataLen: u32, + initialDataLen: usize, object: *mut TEE_ObjectHandle, ) -> TEE_Result; pub fn TEE_CloseAndDeletePersistentObject(object: TEE_ObjectHandle); @@ -202,7 +207,7 @@ extern "C" { pub fn TEE_RenamePersistentObject( object: TEE_ObjectHandle, newObjectID: *const c_void, - newObjectIDLen: u32, + newObjectIDLen: usize, ) -> TEE_Result; pub fn TEE_AllocatePersistentObjectEnumerator( objectEnumerator: *mut TEE_ObjectEnumHandle, @@ -217,7 +222,7 @@ extern "C" { objectEnumerator: TEE_ObjectEnumHandle, objectInfo: *mut TEE_ObjectInfo, objectID: *mut c_void, - objectIDLen: *mut u32, + objectIDLen: *mut usize, ) -> TEE_Result; // Data and Key Storage API - Data Stream Access Functions @@ -225,18 +230,18 @@ extern "C" { pub fn TEE_ReadObjectData( object: TEE_ObjectHandle, buffer: *mut c_void, - fsize: u32, - count: *mut u32, + size: usize, + count: *mut usize, ) -> TEE_Result; pub fn TEE_WriteObjectData( object: TEE_ObjectHandle, buffer: *const c_void, - fsize: u32, + size: usize, ) -> TEE_Result; - pub fn TEE_TruncateObjectData(object: TEE_ObjectHandle, size: u32) -> TEE_Result; + pub fn TEE_TruncateObjectData(object: TEE_ObjectHandle, size: usize) -> TEE_Result; pub fn TEE_SeekObjectData( object: TEE_ObjectHandle, - offset: i32, + offset: i32, //intmax_t whence: TEE_Whence, ) -> TEE_Result; @@ -256,7 +261,7 @@ extern "C" { pub fn TEE_GetOperationInfoMultiple( operation: TEE_OperationHandle, operationInfoMultiple: *mut TEE_OperationInfoMultiple, - operationSize: *mut u32, + operationSize: *mut usize, ) -> TEE_Result; pub fn TEE_ResetOperation(operation: TEE_OperationHandle) -> c_void; pub fn TEE_SetOperationKey(operation: TEE_OperationHandle, key: TEE_ObjectHandle) @@ -280,14 +285,14 @@ extern "C" { pub fn TEE_DigestUpdate( operation: TEE_OperationHandle, chunk: *const c_void, - chunkSize: u32, + chunkSize: usize, ) -> c_void; pub fn TEE_DigestDoFinal( operation: TEE_OperationHandle, chunk: *const c_void, - chunkLen: u32, + chunkLen: usize, hash: *mut c_void, - hashLen: *mut u32, + hashLen: *mut usize, ) -> TEE_Result; // Cryptographic Operations API - Symmetric Cipher Functions @@ -295,21 +300,21 @@ extern "C" { pub fn TEE_CipherInit( operation: TEE_OperationHandle, IV: *const c_void, - IVLen: u32, + IVLen: usize, ) -> c_void; pub fn TEE_CipherUpdate( operation: TEE_OperationHandle, srcData: *const c_void, - srcLen: u32, + srcLen: usize, destData: *mut c_void, - destLen: *mut u32, + destLen: *mut usize, ) -> TEE_Result; pub fn TEE_CipherDoFinal( operation: TEE_OperationHandle, srcData: *const c_void, - srcLen: u32, + srcLen: usize, destData: *mut c_void, - destLen: *mut u32, + destLen: *mut usize, ) -> TEE_Result; // Cryptographic Operations API - MAC Functions @@ -317,26 +322,26 @@ extern "C" { pub fn TEE_MACInit( operation: TEE_OperationHandle, IV: *const c_void, - IVLen: u32, + IVLen: usize, ) -> c_void; pub fn TEE_MACUpdate( operation: TEE_OperationHandle, chunk: *const c_void, - chunkSize: u32, + chunkSize: usize, ) -> c_void; pub fn TEE_MACComputeFinal( operation: TEE_OperationHandle, message: *const c_void, - messageLen: u32, + messageLen: usize, mac: *mut c_void, - macLen: *mut u32, + macLen: *mut usize, ) -> TEE_Result; pub fn TEE_MACCompareFinal( operation: TEE_OperationHandle, message: *const c_void, - messageLen: u32, + messageLen: usize, mac: *const c_void, - macLen: u32, + macLen: usize, ) -> TEE_Result; // Cryptographic Operations API - Authenticated Encryption Functions @@ -344,40 +349,40 @@ extern "C" { pub fn TEE_AEInit( operation: TEE_OperationHandle, nonce: *const c_void, - nonceLen: u32, + nonceLen: usize, tagLen: u32, - AADLen: u32, - payloadLen: u32, + AADLen: usize, + payloadLen: usize, ) -> TEE_Result; pub fn TEE_AEUpdateAAD( operation: TEE_OperationHandle, AADdata: *const c_void, - AADdataLen: u32, + AADdataLen: usize, ) -> c_void; pub fn TEE_AEUpdate( operation: TEE_OperationHandle, srcData: *const c_void, - srcLen: u32, + srcLen: usize, destData: *mut c_void, - destLen: *mut u32, + destLen: *mut usize, ) -> TEE_Result; pub fn TEE_AEEncryptFinal( operation: TEE_OperationHandle, srcData: *const c_void, - srcLen: u32, + srcLen: usize, destData: *mut c_void, - destLen: *mut u32, + destLen: *mut usize, tag: *mut c_void, - tagLen: *mut u32, + tagLen: *mut usize, ) -> TEE_Result; pub fn TEE_AEDecryptFinal( operation: TEE_OperationHandle, srcData: *const c_void, - srcLen: u32, + srcLen: usize, destData: *mut c_void, - destLen: *mut u32, + destLen: *mut usize, tag: *mut c_void, - tagLen: u32, + tagLen: usize, ) -> TEE_Result; // Cryptographic Operations API - Asymmetric Functions @@ -387,36 +392,36 @@ extern "C" { params: *const TEE_Attribute, paramCount: u32, srcData: *const c_void, - srcLen: u32, + srcLen: usize, destData: *mut c_void, - destLen: *mut u32, + destLen: *mut usize, ) -> TEE_Result; pub fn TEE_AsymmetricDecrypt( operation: TEE_OperationHandle, params: *const TEE_Attribute, paramCount: u32, srcData: *const c_void, - srcLen: u32, + srcLen: usize, destData: *mut c_void, - destLen: *mut u32, + destLen: *mut usize, ) -> TEE_Result; pub fn TEE_AsymmetricSignDigest( operation: TEE_OperationHandle, params: *const TEE_Attribute, paramCount: u32, digest: *const c_void, - digestLen: u32, + digestLen: usize, signature: *mut c_void, - signatureLen: *mut u32, + signatureLen: *mut usize, ) -> TEE_Result; pub fn TEE_AsymmetricVerifyDigest( operation: TEE_OperationHandle, params: *const TEE_Attribute, paramCount: u32, digest: *const c_void, - digestLen: u32, + digestLen: usize, signature: *const c_void, - signatureLen: u32, + signatureLen: usize, ) -> TEE_Result; // Cryptographic Operations API - Key Derivation Functions @@ -430,7 +435,7 @@ extern "C" { // Cryptographic Operations API - Random Number Generation Functions - pub fn TEE_GenerateRandom(randomBuffer: *mut c_void, randomBufferLen: u32) -> c_void; + pub fn TEE_GenerateRandom(randomBuffer: *mut c_void, randomBufferLen: usize) -> c_void; // Date & Time API @@ -442,30 +447,30 @@ extern "C" { // TEE Arithmetical API - Memory allocation and size of objects - pub fn TEE_BigIntFMMSizeInU32(modulusSizeInBits: u32) -> u32; - pub fn TEE_BigIntFMMContextSizeInU32(modulusSizeInBits: u32) -> u32; + pub fn TEE_BigIntFMMSizeInU32(modulusSizeInBits: usize) -> usize; + pub fn TEE_BigIntFMMContextSizeInU32(modulusSizeInBits: usize) -> usize; // TEE Arithmetical API - Initialization functions - pub fn TEE_BigIntInit(bigInt: *mut TEE_BigInt, len: u32) -> c_void; + pub fn TEE_BigIntInit(bigInt: *mut TEE_BigInt, len: usize) -> c_void; pub fn TEE_BigIntInitFMMContext( context: *mut TEE_BigIntFMMContext, - len: u32, + len: usize, modulus: *const TEE_BigInt, ) -> c_void; - pub fn TEE_BigIntInitFMM(bigIntFMM: *mut TEE_BigIntFMM, len: u32) -> c_void; + pub fn TEE_BigIntInitFMM(bigIntFMM: *mut TEE_BigIntFMM, len: usize) -> c_void; // TEE Arithmetical API - Converter functions pub fn TEE_BigIntConvertFromOctetString( dest: *mut TEE_BigInt, buffer: *const u8, - bufferLen: u32, + bufferLen: usize, sign: i32, ) -> TEE_Result; pub fn TEE_BigIntConvertToOctetString( buffer: *mut u8, - bufferLen: *mut u32, + bufferLen: *mut usize, bigInt: *const TEE_BigInt, ) -> TEE_Result; pub fn TEE_BigIntConvertFromS32(dest: *mut TEE_BigInt, shortVal: i32) -> c_void; @@ -482,6 +487,9 @@ extern "C" { ) -> c_void; pub fn TEE_BigIntGetBit(src: *const TEE_BigInt, bitIndex: u32) -> bool; pub fn TEE_BigIntGetBitCount(src: *const TEE_BigInt) -> u32; + pub fn TEE_BigIntSetBit(src: *const TEE_BigInt, bitIndex: u32, value: bool) -> TEE_Result; + pub fn TEE_BigIntAssign(dest: *mut TEE_BigInt, src: *const TEE_BigInt) -> TEE_Result; + pub fn TEE_BigIntAbs(dest: *mut TEE_BigInt, src: *const TEE_BigInt) -> TEE_Result; pub fn TEE_BigIntAdd( dest: *mut TEE_BigInt, op1: *const TEE_BigInt, @@ -541,6 +549,13 @@ extern "C" { op: *const TEE_BigInt, n: *const TEE_BigInt, ) -> c_void; + pub fn TEE_BigIntExpMod( + dest: *mut TEE_BigInt, + op1: *const TEE_BigInt, + op2: *const TEE_BigInt, + n: *const TEE_BigInt, + context: *const TEE_BigIntFMMContext, + ) -> TEE_Result; // TEE Arithmetical API - Other arithmetic operations diff --git a/optee-utee/optee-utee-sys/src/tee_api_defines.rs b/optee-utee/optee-utee-sys/src/tee_api_defines.rs index 171f162f..3de3e120 100644 --- a/optee-utee/optee-utee-sys/src/tee_api_defines.rs +++ b/optee-utee/optee-utee-sys/src/tee_api_defines.rs @@ -18,7 +18,9 @@ use super::tee_api_types::*; use std::ptr::null; -pub const TEE_INT_CORE_API_SPEC_VERSION: u32 = 0x0000000A; +pub const TEE_CORE_API_MAJOR_VERSION: u32 = 0x00000001; +pub const TEE_CORE_API_MINOR_VERSION: u32 = 0x00000003; +pub const TEE_CORE_API_MAINTENANCE_VERSION: u32 = 0x00000001; pub const TEE_HANDLE_NULL: *const u32 = null(); @@ -30,6 +32,7 @@ pub const TEE_ERROR_CORRUPT_OBJECT: u32 = 0xF0100001; pub const TEE_ERROR_CORRUPT_OBJECT_2: u32 = 0xF0100002; pub const TEE_ERROR_STORAGE_NOT_AVAILABLE: u32 = 0xF0100003; pub const TEE_ERROR_STORAGE_NOT_AVAILABLE_2: u32 = 0xF0100004; +pub const TEE_ERROR_UNSUPPORTED_VERSION: u32 = 0xF0100005; pub const TEE_ERROR_CIPHERTEXT_INVALID: u32 = 0xF0100006; pub const TEE_ERROR_GENERIC: u32 = 0xFFFF0000; pub const TEE_ERROR_ACCESS_DENIED: u32 = 0xFFFF0001; @@ -49,6 +52,7 @@ pub const TEE_ERROR_COMMUNICATION: u32 = 0xFFFF000E; pub const TEE_ERROR_SECURITY: u32 = 0xFFFF000F; pub const TEE_ERROR_SHORT_BUFFER: u32 = 0xFFFF0010; pub const TEE_ERROR_EXTERNAL_CANCEL: u32 = 0xFFFF0011; +pub const TEE_ERROR_TIMEOUT: u32 = 0xFFFF3001; pub const TEE_ERROR_OVERFLOW: u32 = 0xFFFF300F; pub const TEE_ERROR_TARGET_DEAD: u32 = 0xFFFF3024; pub const TEE_ERROR_STORAGE_NO_SPACE: u32 = 0xFFFF3041; @@ -91,8 +95,26 @@ pub const TEE_MEMORY_ACCESS_READ: u32 = 0x00000001; pub const TEE_MEMORY_ACCESS_WRITE: u32 = 0x00000002; pub const TEE_MEMORY_ACCESS_ANY_OWNER: u32 = 0x00000004; -// Memory Management Constant +// Memory Management Constants pub const TEE_MALLOC_FILL_ZERO: u32 = 0x00000000; +pub const TEE_MALLOC_NO_FILL: u32 = 0x00000001; +pub const TEE_MALLOC_NO_SHARE: u32 = 0x00000002; + +// TEE_Whence Constants +pub const TEE_DATA_SEEK_SET: u32 = 0x00000000; +pub const TEE_DATA_SEEK_CUR: u32 = 0x00000001; +pub const TEE_DATA_SEEK_END: u32 = 0x00000002; +pub const TEE_WHENCE_ILLEGAL_VALUE: u32 = 0x7FFFFFFF; + +// TEE_OperationMode Values +pub const TEE_MODE_ENCRYPT: u32 = 0x00000000; +pub const TEE_MODE_DECRYPT: u32 = 0x00000001; +pub const TEE_MODE_SIGN: u32 = 0x00000002; +pub const TEE_MODE_VERIFY: u32 = 0x00000003; +pub const TEE_MODE_MAC: u32 = 0x00000004; +pub const TEE_MODE_DIGEST: u32 = 0x00000005; +pub const TEE_MODE_DERIVE: u32 = 0x00000006; +pub const TEE_MODE_ILLEGAL_VALUE: u32 = 0x7FFFFFFF; // Other constants pub const TEE_STORAGE_PRIVATE: u32 = 0x00000001; @@ -116,6 +138,7 @@ pub const TEE_HANDLE_FLAG_PERSISTENT: u32 = 0x00010000; pub const TEE_HANDLE_FLAG_INITIALIZED: u32 = 0x00020000; pub const TEE_HANDLE_FLAG_KEY_SET: u32 = 0x00040000; pub const TEE_HANDLE_FLAG_EXPECT_TWO_KEYS: u32 = 0x00080000; +pub const TEE_HANDLE_FLAG_EXTRACTING: u32 = 0x00100000; pub const TEE_OPERATION_CIPHER: u32 = 1; pub const TEE_OPERATION_MAC: u32 = 3; pub const TEE_OPERATION_AE: u32 = 4; @@ -125,7 +148,9 @@ pub const TEE_OPERATION_ASYMMETRIC_SIGNATURE: u32 = 7; pub const TEE_OPERATION_KEY_DERIVATION: u32 = 8; pub const TEE_OPERATION_STATE_INITIAL: u32 = 0x00000000; pub const TEE_OPERATION_STATE_ACTIVE: u32 = 0x00000001; +pub const TEE_OPERATION_STATE_EXTRACTING: u32 = 0x00000002; +// below constants are not updated to 1.3.1 // Algorithm Identifiers pub const TEE_ALG_AES_ECB_NOPAD: u32 = 0x10000010; pub const TEE_ALG_AES_CBC_NOPAD: u32 = 0x10000110; diff --git a/optee-utee/optee-utee-sys/src/tee_api_types.rs b/optee-utee/optee-utee-sys/src/tee_api_types.rs index f349dea5..140cdbf4 100644 --- a/optee-utee/optee-utee-sys/src/tee_api_types.rs +++ b/optee-utee/optee-utee-sys/src/tee_api_types.rs @@ -40,7 +40,7 @@ pub struct TEE_Identity { #[repr(C)] pub struct Memref { pub buffer: *mut c_void, - pub size: u32, + pub size: usize, } #[derive(Copy, Clone)] @@ -94,15 +94,15 @@ pub type TEE_ObjectType = u32; #[repr(C)] pub struct TEE_ObjectInfo { pub objectType: u32, - // remove to 2 unions here, only keep 1.1.1 spec version pub objectSize: u32, pub maxObjectSize: u32, pub objectUsage: u32, - pub dataSize: u32, - pub dataPosition: u32, + pub dataSize: usize, + pub dataPosition: usize, pub handleFlags: u32, } +// Reserve the GP 1.1.1 type #[repr(C)] pub enum TEE_Whence { TEE_DATA_SEEK_SET, @@ -126,6 +126,7 @@ pub struct TEE_Attribute { // Cryptographic Operations API +// Reserve the GP 1.1.1 type #[repr(C)] pub enum TEE_OperationMode { TEE_MODE_ENCRYPT, diff --git a/optee-utee/src/arithmetical.rs b/optee-utee/src/arithmetical.rs index 451f1866..13bbf293 100644 --- a/optee-utee/src/arithmetical.rs +++ b/optee-utee/src/arithmetical.rs @@ -38,7 +38,7 @@ impl BigInt { pub fn new(bits: u32) -> Self { let size: usize = Self::size_in_u32(bits) as usize; let mut tmp_vec: Vec = vec![0; size]; - unsafe { raw::TEE_BigIntInit(tmp_vec.as_mut_ptr(), size as u32) }; + unsafe { raw::TEE_BigIntInit(tmp_vec.as_mut_ptr(), size as usize) }; Self(tmp_vec) } @@ -47,7 +47,7 @@ impl BigInt { raw::TEE_BigIntConvertFromOctetString( self.0.as_mut_ptr(), buffer.as_ptr(), - buffer.len() as u32, + buffer.len() as usize, sign, ) } { @@ -57,17 +57,17 @@ impl BigInt { } pub fn convert_to_octet_string(&self) -> Result> { - let mut buffer_size: u32 = (self.0.len() as u32 - 2) * 4; - let mut tmp_vec = vec![0u8; buffer_size as usize]; + let mut buffer_size: usize = (self.0.len() - 2) * 4; + let mut tmp_vec = vec![0u8; buffer_size]; match unsafe { raw::TEE_BigIntConvertToOctetString( tmp_vec.as_mut_ptr(), - &mut buffer_size as _, + &mut buffer_size, self.data_ptr(), ) } { raw::TEE_SUCCESS => { - tmp_vec.truncate(buffer_size as usize); + tmp_vec.truncate(buffer_size); return Ok(tmp_vec); } code => Err(Error::from_raw_error(code)), @@ -264,16 +264,16 @@ impl BigIntFMMContext { self.0.as_ptr() } - fn size_in_u32(size: u32) -> u32 { + fn size_in_u32(size: usize) -> usize { unsafe { raw::TEE_BigIntFMMContextSizeInU32(size) } } // Globalplatform define FMMContext1 here while OP-TEE does not update yet pub fn new(bits: u32, modulus: BigInt) -> Result { - let size: usize = Self::size_in_u32(bits) as usize; + let size: usize = Self::size_in_u32(bits as usize) as usize; let mut tmp_vec: Vec = vec![0; size]; unsafe { - raw::TEE_BigIntInitFMMContext(tmp_vec.as_mut_ptr(), size as u32, modulus.data_ptr()) + raw::TEE_BigIntInitFMMContext(tmp_vec.as_mut_ptr(), size, modulus.data_ptr()) }; Ok(Self(tmp_vec)) } @@ -286,14 +286,14 @@ impl BigIntFMM { self.0.as_ptr() } - fn size_in_u32(size: u32) -> u32 { + fn size_in_u32(size: usize) -> usize { unsafe { raw::TEE_BigIntFMMSizeInU32(size) } } pub fn new(bits: u32) -> Self { - let size: usize = Self::size_in_u32(bits) as usize; + let size: usize = Self::size_in_u32(bits as usize) as usize; let mut tmp_vec: Vec = vec![0; size]; - unsafe { raw::TEE_BigIntInitFMM(tmp_vec.as_mut_ptr(), size as u32) }; + unsafe { raw::TEE_BigIntInitFMM(tmp_vec.as_mut_ptr(), size) }; Self(tmp_vec) } @@ -328,7 +328,7 @@ impl BigIntFMM { }; } } -//OP-TEE does not implement function: +//OP-TEE in version GP 1.1.1 does not implement function: //TEE_BigIntSetBit //TEE_BigIntAssign //TEE_BigIntAbs diff --git a/optee-utee/src/crypto_op.rs b/optee-utee/src/crypto_op.rs index a53a49a5..854b9027 100644 --- a/optee-utee/src/crypto_op.rs +++ b/optee-utee/src/crypto_op.rs @@ -194,13 +194,13 @@ impl OperationHandle { } fn info_multiple(&self, info_buf: &mut [u8]) -> Result { - let mut tmp_size: u32 = 0; + let mut tmp_size: usize = 0; match unsafe { raw::TEE_GetOperationInfoMultiple(self.handle(), info_buf.as_ptr() as _, &mut tmp_size) } { raw::TEE_SUCCESS => Ok(OperationInfoMultiple::from_raw( info_buf.as_ptr() as _, - tmp_size as usize, + tmp_size, )), code => Err(Error::from_raw_error(code)), } @@ -274,7 +274,7 @@ impl Digest { /// 4) If the Implementation detects any other error. pub fn update(&self, chunk: &[u8]) { unsafe { - raw::TEE_DigestUpdate(self.handle(), chunk.as_ptr() as _, chunk.len() as u32); + raw::TEE_DigestUpdate(self.handle(), chunk.as_ptr() as _, chunk.len()); } } @@ -320,17 +320,17 @@ impl Digest { /// 4) If the Implementation detects any other error. //hash size is dynamic changed so we returned it's updated size pub fn do_final(&self, chunk: &[u8], hash: &mut [u8]) -> Result { - let mut hash_size: u32 = hash.len() as u32; + let mut hash_size: usize = hash.len(); match unsafe { raw::TEE_DigestDoFinal( self.handle(), chunk.as_ptr() as _, - chunk.len() as u32, + chunk.len(), hash.as_mut_ptr() as _, &mut hash_size, ) } { - raw::TEE_SUCCESS => return Ok(hash_size as usize), + raw::TEE_SUCCESS => return Ok(hash_size), code => Err(Error::from_raw_error(code)), } } @@ -535,7 +535,7 @@ impl Cipher { /// 4) Hardware or cryptographic algorithm failure. /// 5) If the Implementation detects any other error. pub fn init(&self, iv: &[u8]) { - unsafe { raw::TEE_CipherInit(self.handle(), iv.as_ptr() as _, iv.len() as u32) }; + unsafe { raw::TEE_CipherInit(self.handle(), iv.as_ptr() as _, iv.len()) }; } /// Encrypt or decrypt the source data. @@ -589,12 +589,12 @@ impl Cipher { /// 3) Hardware or cryptographic algorithm failure. /// 4) If the Implementation detects any other error. pub fn update(&self, src: &[u8], dest: &mut [u8]) -> Result { - let mut dest_size: u32 = dest.len() as u32; + let mut dest_size: usize = dest.len(); match unsafe { raw::TEE_CipherUpdate( self.handle(), src.as_ptr() as _, - src.len() as u32, + src.len(), dest.as_mut_ptr() as _, &mut dest_size, ) @@ -625,12 +625,12 @@ impl Cipher { /// 3) Hardware or cryptographic algorithm failure. /// 4) If the Implementation detects any other error. pub fn do_final(&self, src: &[u8], dest: &mut [u8]) -> Result { - let mut dest_size: u32 = dest.len() as u32; + let mut dest_size: usize = dest.len(); match unsafe { raw::TEE_CipherDoFinal( self.handle(), src.as_ptr() as _, - src.len() as u32, + src.len(), dest.as_mut_ptr() as _, &mut dest_size, ) @@ -762,7 +762,7 @@ impl Mac { /// 4) Hardware or cryptographic algorithm failure. /// 5) If the Implementation detects any other error. pub fn init(&self, iv: &[u8]) { - unsafe { raw::TEE_MACInit(self.handle(), iv.as_ptr() as _, iv.len() as u32) }; + unsafe { raw::TEE_MACInit(self.handle(), iv.as_ptr() as _, iv.len()) }; } /// Accumulate data for a MAC calculation. @@ -784,7 +784,7 @@ impl Mac { /// 4) Hardware or cryptographic algorithm failure. /// 5) If the Implementation detects any other error. pub fn update(&self, chunk: &[u8]) { - unsafe { raw::TEE_MACUpdate(self.handle(), chunk.as_ptr() as _, chunk.len() as u32) }; + unsafe { raw::TEE_MACUpdate(self.handle(), chunk.as_ptr() as _, chunk.len()) }; } /// Finalize the MAC operation with a last chunk of message, and computes the MAC. /// Afterwards the operation handle can be reused or re-initialized with a new key. @@ -833,17 +833,17 @@ impl Mac { /// 4) Hardware or cryptographic algorithm failure. /// 5) If the Implementation detects any other error. pub fn compute_final(&self, message: &[u8], mac: &mut [u8]) -> Result { - let mut mac_size: u32 = mac.len() as u32; + let mut mac_size: usize = mac.len(); match unsafe { raw::TEE_MACComputeFinal( self.handle(), message.as_ptr() as _, - message.len() as u32, + message.len(), mac.as_mut_ptr() as _, &mut mac_size, ) } { - raw::TEE_SUCCESS => Ok(mac_size as usize), + raw::TEE_SUCCESS => Ok(mac_size), code => Err(Error::from_raw_error(code)), } } @@ -873,9 +873,9 @@ impl Mac { raw::TEE_MACCompareFinal( self.handle(), message.as_ptr() as _, - message.len() as u32, + message.len(), mac.as_ptr() as _, - mac.len() as u32, + mac.len(), ) } { raw::TEE_SUCCESS => Ok(()), @@ -967,10 +967,10 @@ impl AE { raw::TEE_AEInit( self.handle(), nonce.as_ptr() as _, - nonce.len() as u32, + nonce.len(), tag_len as u32, - aad_len as u32, - pay_load_len as u32, + aad_len, + pay_load_len, ) } { raw::TEE_SUCCESS => return Ok(()), @@ -996,7 +996,7 @@ impl AE { /// 6) If the Implementation detects any other error. pub fn update_aad(&self, aad_data: &[u8]) { unsafe { - raw::TEE_AEUpdateAAD(self.handle(), aad_data.as_ptr() as _, aad_data.len() as u32) + raw::TEE_AEUpdateAAD(self.handle(), aad_data.as_ptr() as _, aad_data.len()) }; } @@ -1024,18 +1024,18 @@ impl AE { /// 5) Hardware or cryptographic algorithm failure. /// 6) If the Implementation detects any other error. pub fn update(&self, src: &[u8], dest: &mut [u8]) -> Result { - let mut dest_size: u32 = dest.len() as u32; + let mut dest_size: usize = dest.len(); match unsafe { raw::TEE_AEUpdate( self.handle(), src.as_ptr() as _, - src.len() as u32, + src.len(), dest.as_mut_ptr() as _, &mut dest_size, ) } { raw::TEE_SUCCESS => { - return Ok(dest_size as usize); + return Ok(dest_size); } code => Err(Error::from_raw_error(code)), } @@ -1103,13 +1103,13 @@ impl AE { dest: &mut [u8], tag: &mut [u8], ) -> Result<(usize, usize)> { - let mut dest_size: u32 = dest.len() as u32; - let mut tag_size: u32 = tag.len() as u32; + let mut dest_size: usize = dest.len(); + let mut tag_size: usize = tag.len(); match unsafe { raw::TEE_AEEncryptFinal( self.handle(), src.as_ptr() as _, - src.len() as u32, + src.len(), dest.as_mut_ptr() as _, &mut dest_size, tag.as_mut_ptr() as _, @@ -1117,7 +1117,7 @@ impl AE { ) } { raw::TEE_SUCCESS => { - return Ok((dest_size as usize, tag_size as usize)); + return Ok((dest_size, tag_size)); } code => Err(Error::from_raw_error(code)), } @@ -1147,20 +1147,20 @@ impl AE { /// 4) Hardware or cryptographic algorithm failure. /// 5) If the Implementation detects any other error. pub fn decrypt_final(&self, src: &[u8], dest: &mut [u8], tag: &[u8]) -> Result { - let mut dest_size: u32 = dest.len() as u32; + let mut dest_size: usize = dest.len(); match unsafe { raw::TEE_AEDecryptFinal( self.handle(), src.as_ptr() as _, - src.len() as u32, + src.len(), dest.as_mut_ptr() as _, &mut dest_size, tag.as_ptr() as _, - tag.len() as u32, + tag.len(), ) } { raw::TEE_SUCCESS => { - return Ok(dest_size as usize); + return Ok(dest_size); } code => Err(Error::from_raw_error(code)), } @@ -1270,7 +1270,7 @@ impl Asymmetric { // Define this function as unsafe because we need to return Ok for short buffer error. pub fn encrypt(&self, params: &[Attribute], src: &[u8]) -> Result> { let p: Vec = params.iter().map(|p| p.raw()).collect(); - let mut res_size: u32 = self.info().key_size(); + let mut res_size: usize = self.info().key_size() as usize; let mut res_vec: Vec = vec![0u8; res_size as usize]; match unsafe { raw::TEE_AsymmetricEncrypt( @@ -1278,13 +1278,13 @@ impl Asymmetric { p.as_ptr() as _, params.len() as u32, src.as_ptr() as _, - src.len() as u32, + src.len(), res_vec.as_mut_ptr() as _, &mut res_size, ) } { raw::TEE_SUCCESS => { - res_vec.truncate(res_size as usize); + res_vec.truncate(res_size); return Ok(res_vec); } code => Err(Error::from_raw_error(code)), @@ -1313,7 +1313,7 @@ impl Asymmetric { /// 4) If the Implementation detects any other error. pub fn decrypt(&self, params: &[Attribute], src: &[u8]) -> Result> { let p: Vec = params.iter().map(|p| p.raw()).collect(); - let mut res_size: u32 = self.info().key_size(); + let mut res_size: usize = self.info().key_size() as usize; let mut res_vec: Vec = vec![0u8; res_size as usize]; match unsafe { raw::TEE_AsymmetricDecrypt( @@ -1321,7 +1321,7 @@ impl Asymmetric { p.as_ptr() as _, params.len() as u32, src.as_ptr() as _, - src.len() as u32, + src.len(), res_vec.as_mut_ptr() as _, &mut res_size, ) @@ -1362,20 +1362,20 @@ impl Asymmetric { signature: &mut [u8], ) -> Result { let p: Vec = params.iter().map(|p| p.raw()).collect(); - let mut signature_size: u32 = signature.len() as u32; + let mut signature_size: usize = signature.len(); match unsafe { raw::TEE_AsymmetricSignDigest( self.handle(), p.as_ptr() as _, params.len() as u32, digest.as_ptr() as _, - digest.len() as u32, + digest.len(), signature.as_mut_ptr() as _, &mut signature_size, ) } { raw::TEE_SUCCESS => { - return Ok(signature_size as usize); + return Ok(signature_size); } code => Err(Error::from_raw_error(code)), } @@ -1415,9 +1415,9 @@ impl Asymmetric { p.as_ptr() as _, params.len() as u32, digest.as_ptr() as _, - digest.len() as u32, + digest.len(), signature.as_ptr() as _, - signature.len() as u32, + signature.len(), ) } { raw::TEE_SUCCESS => Ok(()), diff --git a/optee-utee/src/object.rs b/optee-utee/src/object.rs index ac23b1c9..031c9c13 100644 --- a/optee-utee/src/object.rs +++ b/optee-utee/src/object.rs @@ -95,7 +95,7 @@ impl<'attrref> AttributeMemref<'attrref> { &mut res.raw, id as u32, buffer.as_ptr() as *mut _, - buffer.len() as u32, + buffer.len(), ); } res @@ -240,16 +240,16 @@ impl ObjectHandle { } fn ref_attribute(&self, id: AttributeId, buffer: &mut [u8]) -> Result { - let mut size = buffer.len() as u32; + let mut size = buffer.len(); match unsafe { raw::TEE_GetObjectBufferAttribute( self.handle(), id as u32, buffer as *mut _ as _, - &mut size as _, + &mut size, ) } { - raw::TEE_SUCCESS => Ok(size as usize), + raw::TEE_SUCCESS => Ok(size), code => Err(Error::from_raw_error(code)), } } @@ -908,7 +908,7 @@ impl PersistentObject { raw::TEE_OpenPersistentObject( storage_id as u32, object_id.as_ptr() as _, - object_id.len() as u32, + object_id.len(), flags.bits(), raw_handle as *mut _, ) @@ -993,11 +993,11 @@ impl PersistentObject { raw::TEE_CreatePersistentObject( storage_id as u32, object_id.as_ptr() as _, - object_id.len() as u32, + object_id.len(), flags.bits(), attributes, initial_data.as_ptr() as _, - initial_data.len() as u32, + initial_data.len(), raw_handle as *mut _, ) } { @@ -1099,7 +1099,7 @@ impl PersistentObject { raw::TEE_RenamePersistentObject( self.0.handle(), new_object_id.as_ptr() as _, - new_object_id.len() as u32, + new_object_id.len(), ) } { raw::TEE_SUCCESS => Ok(()), @@ -1190,16 +1190,16 @@ impl PersistentObject { /// 2) If the Implementation detects any other error associated with this function which is not /// explicitly associated with a defined return code for this function. pub fn read(&self, buf: &mut [u8]) -> Result { - let mut count: u32 = 0; + let mut count: usize = 0; match unsafe { raw::TEE_ReadObjectData( self.handle(), buf.as_mut_ptr() as _, - buf.len() as u32, + buf.len(), &mut count, ) } { - raw::TEE_SUCCESS => Ok(count), + raw::TEE_SUCCESS => Ok(count as u32), code => Err(Error::from_raw_error(code)), } } @@ -1245,7 +1245,7 @@ impl PersistentObject { /// explicitly associated with a defined return code for this function. pub fn write(&mut self, buf: &[u8]) -> Result<()> { match unsafe { - raw::TEE_WriteObjectData(self.handle(), buf.as_ptr() as _, buf.len() as u32) + raw::TEE_WriteObjectData(self.handle(), buf.as_ptr() as _, buf.len()) } { raw::TEE_SUCCESS => Ok(()), code => Err(Error::from_raw_error(code)), @@ -1286,7 +1286,7 @@ impl PersistentObject { /// 2) If the Implementation detects any other error associated with this function which is not /// explicitly associated with a defined return code for this function. pub fn truncate(&self, size: u32) -> Result<()> { - match unsafe { raw::TEE_TruncateObjectData(self.handle(), size) } { + match unsafe { raw::TEE_TruncateObjectData(self.handle(), size as usize) } { raw::TEE_SUCCESS => Ok(()), code => Err(Error::from_raw_error(code)), } @@ -1407,7 +1407,7 @@ impl ObjectEnumHandle { object_info: &mut ObjectInfo, object_id: &mut [u8], ) -> Result { - let mut object_id_len: u32 = 0; + let mut object_id_len: usize = 0; match unsafe { raw::TEE_GetNextPersistentObject( *self.raw, @@ -1416,7 +1416,7 @@ impl ObjectEnumHandle { &mut object_id_len, ) } { - raw::TEE_SUCCESS => Ok(object_id_len), + raw::TEE_SUCCESS => Ok(object_id_len as u32), code => Err(Error::from_raw_error(code)), } } diff --git a/optee-utee/src/parameter.rs b/optee-utee/src/parameter.rs index f8743097..5694c671 100644 --- a/optee-utee/src/parameter.rs +++ b/optee-utee/src/parameter.rs @@ -87,7 +87,7 @@ impl<'parameter> ParamMemref<'parameter> { } pub fn set_updated_size(&mut self, size: usize) { - unsafe { (*self.raw).size = size as u32}; + unsafe { (*self.raw).size = size}; } } From 487221dc6d67a9dba5a137ab156d63787f7f102c Mon Sep 17 00:00:00 2001 From: Yuan Zhuang Date: Thu, 9 Mar 2023 13:56:11 +0000 Subject: [PATCH 2/4] Temporarily disable our CI until the OP-TEE 3.21.0 is released --- .github/workflows/ci.yml | 56 ++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ab60caa1..d332df9e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,34 +22,34 @@ defaults: shell: bash jobs: - build-and-run-examples: - runs-on: ubuntu-20.04 - container: teaclave/teaclave-trustzone-sdk-build:0.3.0 - steps: - - name: Checkout repository - uses: actions/checkout@v2 - with: - submodules: recursive - - name: Setting up $HOME - run: | - cp /root/.bashrc $HOME/.bashrc && - ln -sf /root/.rustup ~/.rustup && - ln -sf /root/.cargo ~/.cargo - - name: Building - run: | - apt update && apt install libslirp-dev -y - export CARGO_NET_GIT_FETCH_WITH_CLI=true && - ./setup.sh && - source environment && - make optee && - . ~/.cargo/env && - rustup component add rust-src && - rustup target install aarch64-unknown-linux-gnu arm-unknown-linux-gnueabihf && - rustup default nightly-2021-09-20 && - make examples - - name: Run tests and examples - run: | - cd ci && ./ci.sh +# build-and-run-examples: +# runs-on: ubuntu-20.04 +# container: teaclave/teaclave-trustzone-sdk-build:0.3.0 +# steps: +# - name: Checkout repository +# uses: actions/checkout@v2 +# with: +# submodules: recursive +# - name: Setting up $HOME +# run: | +# cp /root/.bashrc $HOME/.bashrc && +# ln -sf /root/.rustup ~/.rustup && +# ln -sf /root/.cargo ~/.cargo +# - name: Building +# run: | +# apt update && apt install libslirp-dev -y +# export CARGO_NET_GIT_FETCH_WITH_CLI=true && +# ./setup.sh && +# source environment && +# make optee && +# . ~/.cargo/env && +# rustup component add rust-src && +# rustup target install aarch64-unknown-linux-gnu arm-unknown-linux-gnueabihf && +# rustup default nightly-2021-09-20 && +# make examples +# - name: Run tests and examples +# run: | +# cd ci && ./ci.sh build-utee-teec: runs-on: ubuntu-20.04 container: teaclave/teaclave-trustzone-sdk-build:0.3.0 From f72c3b6dbe73ff552699d124e08654ea17032d66 Mon Sep 17 00:00:00 2001 From: Yuan Zhuang Date: Fri, 10 Mar 2023 09:36:03 +0800 Subject: [PATCH 3/4] Update ci.yml test on the OP-TEE latest version --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d332df9e..20191fc7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -90,7 +90,7 @@ jobs: curl https://storage.googleapis.com/git-repo-downloads/repo-1 > ~/bin/repo && chmod a+x ~/bin/repo export PATH=~/bin:$PATH mkdir -p ~/optee-qemuv8 && cd ~/optee-qemuv8 && - repo init -u https://github.com/OP-TEE/manifest.git -m qemu_v8.xml -b 3.20.0 && + repo init -u https://github.com/OP-TEE/manifest.git -m qemu_v8.xml && repo sync -j4 --no-clone-bundle - name: Build images and run tests run: | From 8ef15ae19fbb2ae6f1a2ea48dbc7074ef7fd3560 Mon Sep 17 00:00:00 2001 From: Yuan Zhuang Date: Fri, 10 Mar 2023 07:34:52 +0000 Subject: [PATCH 4/4] Fix supp_plugin panic - update `tee_invoke_supp_plugin` interface - fix panic: the shared buffer cannot be sent as the plugin `inbuf` --- examples/supp_plugin-rs/ta/src/main.rs | 3 ++- .../src/tee_internal_api_extensions.rs | 4 ++-- optee-utee/src/extension.rs | 12 ++++++------ 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/examples/supp_plugin-rs/ta/src/main.rs b/examples/supp_plugin-rs/ta/src/main.rs index 72363bdb..2bd37757 100644 --- a/examples/supp_plugin-rs/ta/src/main.rs +++ b/examples/supp_plugin-rs/ta/src/main.rs @@ -50,6 +50,7 @@ fn destroy() { fn invoke_command(cmd_id: u32, params: &mut Parameters) -> Result<()> { trace_println!("[+] TA invoke command"); let mut p0 = unsafe { params.0.as_memref().unwrap() }; + let mut inbuf = p0.buffer().to_vec(); trace_println!("[+] TA received value {:?} then send to plugin", p0.buffer()); let uuid = Uuid::parse_str(PLUGIN_UUID).unwrap(); @@ -59,7 +60,7 @@ fn invoke_command(cmd_id: u32, params: &mut Parameters) -> Result<()> { let outbuf = plugin.invoke( PluginCommand::Print as u32, PLUGIN_SUBCMD_NULL, - p0.buffer() + &inbuf ).unwrap(); trace_println!("[+] TA received out value {:?} outlen {:?}", outbuf, outbuf.len()); diff --git a/optee-utee/optee-utee-sys/src/tee_internal_api_extensions.rs b/optee-utee/optee-utee-sys/src/tee_internal_api_extensions.rs index 8f4ac24d..e9401433 100644 --- a/optee-utee/optee-utee-sys/src/tee_internal_api_extensions.rs +++ b/optee-utee/optee-utee-sys/src/tee_internal_api_extensions.rs @@ -32,8 +32,8 @@ extern "C" { cmd: u32, sub_cmd: u32, buf: *mut c_char, - len: u32, - outlen: *mut u32, + len: usize, + outlen: *mut usize, ) -> TEE_Result; } diff --git a/optee-utee/src/extension.rs b/optee-utee/src/extension.rs index 74f9a557..92638035 100644 --- a/optee-utee/src/extension.rs +++ b/optee-utee/src/extension.rs @@ -28,21 +28,21 @@ impl LoadablePlugin { } pub fn invoke(&mut self, command_id: u32, subcommand_id: u32, data: &[u8]) -> Result> { let raw_uuid: Uuid = self.uuid; - let mut outlen: u32 = 0; + let mut outlen: usize = 0; match unsafe { raw::tee_invoke_supp_plugin( raw_uuid.as_raw_ptr(), command_id as u32, subcommand_id as u32, data.as_ptr() as _, - data.len() as u32, - &mut outlen as *mut u32, + data.len(), + &mut outlen as *mut usize, ) } { raw::TEE_SUCCESS => { - assert!(outlen <= (data.len() as u32)); - let mut outbuf = vec![0; outlen as usize]; - outbuf.copy_from_slice(&data[..(outlen as usize)]); + assert!(outlen <= (data.len())); + let mut outbuf = vec![0; outlen]; + outbuf.copy_from_slice(&data[..outlen]); Ok(outbuf) },