Add acipher example for asymetric cipher
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
diff --git a/acipher/Android.mk b/acipher/Android.mk
new file mode 100644
index 0000000..9421f7f
--- /dev/null
+++ b/acipher/Android.mk
@@ -0,0 +1,20 @@
+LOCAL_PATH := $(call my-dir)
+
+OPTEE_CLIENT_EXPORT ?= $(LOCAL_PATH)/../../optee_client/out/export
+
+include $(CLEAR_VARS)
+LOCAL_CFLAGS += -DANDROID_BUILD
+LOCAL_CFLAGS += -Wall
+
+LOCAL_SRC_FILES += host/main.c
+
+LOCAL_C_INCLUDES := $(LOCAL_PATH)/ta/include \
+ $(OPTEE_CLIENT_EXPORT)/include
+
+LOCAL_SHARED_LIBRARIES := libteec
+LOCAL_MODULE := optee_example_acipher
+LOCAL_VENDOR_MODULE := true
+LOCAL_MODULE_TAGS := optional
+include $(BUILD_EXECUTABLE)
+
+include $(LOCAL_PATH)/ta/Android.mk
diff --git a/acipher/CMakeLists.txt b/acipher/CMakeLists.txt
new file mode 100644
index 0000000..d749f62
--- /dev/null
+++ b/acipher/CMakeLists.txt
@@ -0,0 +1,13 @@
+project (acipher C)
+
+set (SRC host/main.c)
+
+add_executable (${PROJECT_NAME} ${SRC})
+
+target_include_directories(${PROJECT_NAME}
+ PRIVATE ta/include
+ PRIVATE include)
+
+target_link_libraries (${PROJECT_NAME} PRIVATE teec)
+
+install (TARGETS ${PROJECT_NAME} DESTINATION ${CMAKE_INSTALL_BINDIR})
diff --git a/acipher/Makefile b/acipher/Makefile
new file mode 100644
index 0000000..dfa4f8b
--- /dev/null
+++ b/acipher/Makefile
@@ -0,0 +1,15 @@
+export V ?= 0
+
+# If _HOST or _TA specific compilers are not specified, then use CROSS_COMPILE
+HOST_CROSS_COMPILE ?= $(CROSS_COMPILE)
+TA_CROSS_COMPILE ?= $(CROSS_COMPILE)
+
+.PHONY: all
+all:
+ $(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
+ $(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" LDFLAGS=""
+
+.PHONY: clean
+clean:
+ $(MAKE) -C host clean
+ $(MAKE) -C ta clean
diff --git a/acipher/host/Makefile b/acipher/host/Makefile
new file mode 100644
index 0000000..8f4bc8a
--- /dev/null
+++ b/acipher/host/Makefile
@@ -0,0 +1,28 @@
+CC ?= $(CROSS_COMPILE)gcc
+LD ?= $(CROSS_COMPILE)ld
+AR ?= $(CROSS_COMPILE)ar
+NM ?= $(CROSS_COMPILE)nm
+OBJCOPY ?= $(CROSS_COMPILE)objcopy
+OBJDUMP ?= $(CROSS_COMPILE)objdump
+READELF ?= $(CROSS_COMPILE)readelf
+
+OBJS = main.o
+
+CFLAGS += -Wall -I../ta/include -I./include
+CFLAGS += -I$(TEEC_EXPORT)/include
+LDADD += -lteec -L$(TEEC_EXPORT)/lib
+
+BINARY = optee_example_acipher
+
+.PHONY: all
+all: $(BINARY)
+
+$(BINARY): $(OBJS)
+ $(CC) -o $@ $< $(LDADD)
+
+.PHONY: clean
+clean:
+ rm -f $(OBJS) $(BINARY)
+
+%.o: %.c
+ $(CC) $(CFLAGS) -c $< -o $@
diff --git a/acipher/host/main.c b/acipher/host/main.c
new file mode 100644
index 0000000..54cb7a5
--- /dev/null
+++ b/acipher/host/main.c
@@ -0,0 +1,119 @@
+// SPDX-License-Identifier: BSD-2-Clause
+/*
+ * Copyright (c) 2018, Linaro Limited
+ */
+
+#include <err.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* OP-TEE TEE client API (built by optee_client) */
+#include <tee_client_api.h>
+
+/* To the the UUID (found the the TA's h-file(s)) */
+#include <acipher_ta.h>
+
+static void usage(int argc, char *argv[])
+{
+ const char *pname = "acipher";
+
+ if (argc)
+ pname = argv[0];
+
+ fprintf(stderr, "usage: %s <key_size> <string to encrypt>\n", pname);
+ exit(1);
+}
+
+static void get_args(int argc, char *argv[], size_t *key_size, void **inbuf,
+ size_t *inbuf_len)
+{
+ char *ep;
+ long ks;
+
+ if (argc != 3) {
+ warnx("Unexpected number of arguments %d (expected 2)",
+ argc - 1);
+ usage(argc, argv);
+ }
+
+ ks = strtol(argv[1], &ep, 0);
+ if (*ep) {
+ warnx("cannot parse key_size \"%s\"", argv[1]);
+ usage(argc, argv);
+ }
+ if (ks < 0 || ks == LONG_MAX) {
+ warnx("bad key_size \"%s\" (%ld)", argv[1], ks);
+ usage(argc, argv);
+ }
+ *key_size = ks;
+
+ *inbuf = argv[2];
+ *inbuf_len = strlen(argv[2]);
+}
+
+static void teec_err(TEEC_Result res, uint32_t eo, const char *str)
+{
+ errx(1, "%s: %#" PRIx32 " (error origin %#" PRIx32 ")", str, res, eo);
+}
+
+int main(int argc, char *argv[])
+{
+ TEEC_Result res;
+ uint32_t eo;
+ TEEC_Context ctx;
+ TEEC_Session sess;
+ TEEC_Operation op;
+ size_t key_size;
+ void *inbuf;
+ size_t inbuf_len;
+ size_t n;
+ const TEEC_UUID uuid = TA_ACIPHER_UUID;
+
+ get_args(argc, argv, &key_size, &inbuf, &inbuf_len);
+
+ res = TEEC_InitializeContext(NULL, &ctx);
+ if (res)
+ errx(1, "TEEC_InitializeContext(NULL, x): %#" PRIx32, res);
+
+ res = TEEC_OpenSession(&ctx, &sess, &uuid, TEEC_LOGIN_PUBLIC, NULL,
+ NULL, &eo);
+ if (res)
+ teec_err(res, eo, "TEEC_OpenSession(TEEC_LOGIN_PUBLIC)");
+
+ memset(&op, 0, sizeof(op));
+ op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE,
+ TEEC_NONE, TEEC_NONE);
+ op.params[0].value.a = key_size;
+
+ res = TEEC_InvokeCommand(&sess, TA_ACIPHER_CMD_GEN_KEY, &op, &eo);
+ if (res)
+ teec_err(res, eo, "TEEC_InvokeCommand(TA_ACIPHER_CMD_GEN_KEY)");
+
+ memset(&op, 0, sizeof(op));
+ op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT,
+ TEEC_MEMREF_TEMP_OUTPUT,
+ TEEC_NONE, TEEC_NONE);
+ op.params[0].tmpref.buffer = inbuf;
+ op.params[0].tmpref.size = inbuf_len;
+
+ res = TEEC_InvokeCommand(&sess, TA_ACIPHER_CMD_ENCRYPT, &op, &eo);
+ if (eo != TEEC_ORIGIN_TRUSTED_APP || res != TEEC_ERROR_SHORT_BUFFER)
+ teec_err(res, eo, "TEEC_InvokeCommand(TA_ACIPHER_CMD_ENCRYPT)");
+
+ op.params[1].tmpref.buffer = malloc(op.params[1].tmpref.size);
+ if (!op.params[1].tmpref.buffer)
+ err(1, "Cannot allocate out buffer of size %" PRId32,
+ op.params[1].tmpref.size);
+
+ res = TEEC_InvokeCommand(&sess, TA_ACIPHER_CMD_ENCRYPT, &op, &eo);
+ if (res)
+ teec_err(res, eo, "TEEC_InvokeCommand(TA_ACIPHER_CMD_ENCRYPT)");
+
+ printf("Encrypted buffer: ");
+ for (n = 0; n < op.params[1].tmpref.size; n++)
+ printf("%02x ", ((uint8_t *)op.params[1].tmpref.buffer)[n]);
+ printf("\n");
+ return 0;
+}
diff --git a/acipher/ta/Android.mk b/acipher/ta/Android.mk
new file mode 100644
index 0000000..a2cc882
--- /dev/null
+++ b/acipher/ta/Android.mk
@@ -0,0 +1,4 @@
+LOCAL_PATH := $(call my-dir)
+
+local_module := a734eed9-d6a1-4244-aa50-7c99719e7b7b.ta
+include $(BUILD_OPTEE_MK)
diff --git a/acipher/ta/Makefile b/acipher/ta/Makefile
new file mode 100644
index 0000000..6d10fd4
--- /dev/null
+++ b/acipher/ta/Makefile
@@ -0,0 +1,13 @@
+CFG_TEE_TA_LOG_LEVEL ?= 4
+CPPFLAGS += -DCFG_TEE_TA_LOG_LEVEL=$(CFG_TEE_TA_LOG_LEVEL)
+
+# The UUID for the Trusted Application
+BINARY=a734eed9-d6a1-4244-aa50-7c99719e7b7b
+
+-include $(TA_DEV_KIT_DIR)/mk/ta_dev_kit.mk
+
+ifeq ($(wildcard $(TA_DEV_KIT_DIR)/mk/ta_dev_kit.mk), )
+clean:
+ @echo 'Note: $$(TA_DEV_KIT_DIR)/mk/ta_dev_kit.mk not found, cannot clean TA'
+ @echo 'Note: TA_DEV_KIT_DIR=$(TA_DEV_KIT_DIR)'
+endif
diff --git a/acipher/ta/acipher_ta.c b/acipher/ta/acipher_ta.c
new file mode 100644
index 0000000..71b918a
--- /dev/null
+++ b/acipher/ta/acipher_ta.c
@@ -0,0 +1,162 @@
+// SPDX-License-Identifier: BSD-2-Clause
+/*
+ * Copyright (c) 2018, Linaro Limited
+ */
+
+#include <inttypes.h>
+
+#include <tee_internal_api.h>
+
+#include <acipher_ta.h>
+
+struct acipher {
+ TEE_ObjectHandle key;
+};
+
+static TEE_Result cmd_gen_key(struct acipher *state, uint32_t pt,
+ TEE_Param params[TEE_NUM_PARAMS])
+{
+ TEE_Result res;
+ uint32_t key_size;
+ TEE_ObjectHandle key;
+ const uint32_t key_type = TEE_TYPE_RSA_KEYPAIR;
+ const uint32_t exp_pt = TEE_PARAM_TYPES(TEE_PARAM_TYPE_VALUE_INPUT,
+ TEE_PARAM_TYPE_NONE,
+ TEE_PARAM_TYPE_NONE,
+ TEE_PARAM_TYPE_NONE);
+
+ if (pt != exp_pt)
+ return TEE_ERROR_BAD_PARAMETERS;
+
+ key_size = params[0].value.a;
+
+ res = TEE_AllocateTransientObject(key_type, key_size, &key);
+ if (res) {
+ EMSG("TEE_AllocateTransientObject(%#" PRIx32 ", %" PRId32 "): %#" PRIx32, key_type, key_size, res);
+ return res;
+ }
+
+ res = TEE_GenerateKey(key, key_size, NULL, 0);
+ if (res) {
+ EMSG("TEE_GenerateKey(%" PRId32 "): %#" PRIx32,
+ key_size, res);
+ TEE_FreeTransientObject(key);
+ return res;
+ }
+
+ TEE_FreeTransientObject(state->key);
+ state->key = key;
+ return TEE_SUCCESS;
+}
+
+static TEE_Result cmd_enc(struct acipher *state, uint32_t pt,
+ TEE_Param params[TEE_NUM_PARAMS])
+{
+ TEE_Result res;
+ const void *inbuf;
+ uint32_t inbuf_len;
+ void *outbuf;
+ uint32_t outbuf_len;
+ TEE_OperationHandle op;
+ TEE_ObjectInfo key_info;
+ const uint32_t alg = TEE_ALG_RSAES_PKCS1_V1_5;
+ const uint32_t exp_pt = TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT,
+ TEE_PARAM_TYPE_MEMREF_OUTPUT,
+ TEE_PARAM_TYPE_NONE,
+ TEE_PARAM_TYPE_NONE);
+
+ if (pt != exp_pt)
+ return TEE_ERROR_BAD_PARAMETERS;
+ if (!state->key)
+ return TEE_ERROR_BAD_STATE;
+
+ res = TEE_GetObjectInfo1(state->key, &key_info);
+ if (res) {
+ EMSG("TEE_GetObjectInfo1: %#" PRIx32, res);
+ return res;
+ }
+
+ inbuf = params[0].memref.buffer;
+ inbuf_len = params[0].memref.size;
+ outbuf = params[1].memref.buffer;
+ outbuf_len = params[1].memref.size;
+
+ res = TEE_AllocateOperation(&op, alg, TEE_MODE_ENCRYPT,
+ key_info.keySize);
+ if (res) {
+ EMSG("TEE_AllocateOperation(TEE_MODE_ENCRYPT, %#" PRIx32 ", %" PRId32 "): %#" PRIx32, alg, key_info.keySize, res);
+ return res;
+ }
+
+ res = TEE_SetOperationKey(op, state->key);
+ if (res) {
+ EMSG("TEE_SetOperationKey: %#" PRIx32, res);
+ goto out;
+ }
+
+ res = TEE_AsymmetricEncrypt(op, NULL, 0, inbuf, inbuf_len, outbuf,
+ &outbuf_len);
+ if (res) {
+ EMSG("TEE_AsymmetricEncrypt(%" PRId32 ", %" PRId32 "): %#" PRIx32, inbuf_len, params[1].memref.size, res);
+ }
+ params[1].memref.size = outbuf_len;
+
+out:
+ TEE_FreeOperation(op);
+ return res;
+
+}
+
+TEE_Result TA_CreateEntryPoint(void)
+{
+ /* Nothing to do */
+ return TEE_SUCCESS;
+}
+
+void TA_DestroyEntryPoint(void)
+{
+ /* Nothing to do */
+}
+
+TEE_Result TA_OpenSessionEntryPoint(uint32_t __unused param_types,
+ TEE_Param __unused params[4],
+ void **session)
+{
+ struct acipher *state;
+
+ /*
+ * Allocate and init state for the session.
+ */
+ state = TEE_Malloc(sizeof(*state), 0);
+ if (!state)
+ return TEE_ERROR_OUT_OF_MEMORY;
+
+ state->key = TEE_HANDLE_NULL;
+
+ *session = state;
+
+ return TEE_SUCCESS;
+}
+
+void TA_CloseSessionEntryPoint(void *session)
+{
+ struct acipher *state = session;
+
+ TEE_FreeTransientObject(state->key);
+ TEE_Free(state);
+}
+
+TEE_Result TA_InvokeCommandEntryPoint(void *session, uint32_t cmd,
+ uint32_t param_types,
+ TEE_Param params[TEE_NUM_PARAMS])
+{
+ switch (cmd) {
+ case TA_ACIPHER_CMD_GEN_KEY:
+ return cmd_gen_key(session, param_types, params);
+ case TA_ACIPHER_CMD_ENCRYPT:
+ return cmd_enc(session, param_types, params);
+ default:
+ EMSG("Command ID %#" PRIx32 " is not supported", cmd);
+ return TEE_ERROR_NOT_SUPPORTED;
+ }
+}
diff --git a/acipher/ta/include/acipher_ta.h b/acipher/ta/include/acipher_ta.h
new file mode 100644
index 0000000..6593d41
--- /dev/null
+++ b/acipher/ta/include/acipher_ta.h
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: BSD-2-Clause
+/*
+ * Copyright (c) 2018, Linaro Limited
+ */
+
+#ifndef __ACIPHER_TA_H__
+#define __ACIPHER_TA_H__
+
+/* UUID of the acipher example trusted application */
+#define TA_ACIPHER_UUID \
+ { 0xa734eed9, 0xd6a1, 0x4244, { \
+ 0xaa, 0x50, 0x7c, 0x99, 0x71, 0x9e, 0x7b, 0x7b } }
+
+/*
+ * in params[0].value.a key size
+ */
+#define TA_ACIPHER_CMD_GEN_KEY 0
+
+/*
+ * in params[1].memref input
+ * out params[2].memref output
+ */
+#define TA_ACIPHER_CMD_ENCRYPT 1
+
+#endif /* __ACIPHER_TA_H */
diff --git a/acipher/ta/sub.mk b/acipher/ta/sub.mk
new file mode 100644
index 0000000..37c3c21
--- /dev/null
+++ b/acipher/ta/sub.mk
@@ -0,0 +1,2 @@
+global-incdirs-y += include
+srcs-y += acipher_ta.c
diff --git a/acipher/ta/user_ta_header_defines.h b/acipher/ta/user_ta_header_defines.h
new file mode 100644
index 0000000..541f607
--- /dev/null
+++ b/acipher/ta/user_ta_header_defines.h
@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: BSD-2-Clause
+/*
+ * Copyright (c) 2018, Linaro Limited
+ */
+
+/*
+ * The name of this file must not be modified
+ */
+
+#ifndef USER_TA_HEADER_DEFINES_H
+#define USER_TA_HEADER_DEFINES_H
+
+#include <acipher_ta.h>
+
+#define TA_UUID TA_ACIPHER_UUID
+
+#define TA_FLAGS 0
+#define TA_STACK_SIZE (2 * 1024)
+#define TA_DATA_SIZE (32 * 1024)
+
+#define TA_CURRENT_TA_EXT_PROPERTIES \
+ { "gp.ta.description", USER_TA_PROP_TYPE_STRING, \
+ "Example of TA using asymmetric cipher" }, \
+ { "gp.ta.version", USER_TA_PROP_TYPE_U32, &(const uint32_t){ 0x0010 } }
+
+#endif /*USER_TA_HEADER_DEFINES_H*/