From ce1f02a28eaa7db39602c5f31e20583b4d54ae35 Mon Sep 17 00:00:00 2001 From: "[wang-xiao73]" <438948460@qq.com> Date: Fri, 22 Jul 2022 15:52:34 +0800 Subject: [PATCH] update certmanger to sdk --- test/CA/cert_manager/Makefile | 24 ++ test/CA/cert_manager/cert_common.h | 21 ++ test/CA/cert_manager/cert_file.c | 95 ++++++++ test/CA/cert_manager/cert_file.h | 26 ++ test/CA/cert_manager/cert_manager.c | 260 ++++++++++++++++++++ test/TA/cert_manager/CMakeLists.txt | 38 +++ test/TA/cert_manager/Makefile | 33 +++ test/TA/cert_manager/config.cmake | 11 + test/TA/cert_manager/config.mk | 12 + test/TA/cert_manager/config.sh | 34 +++ test/TA/cert_manager/include/cert_config.h | 63 +++++ test/TA/cert_manager/manifest.txt | 7 + test/TA/cert_manager/src/cert_logger.c | 157 ++++++++++++ test/TA/cert_manager/src/cert_logger.h | 31 +++ test/TA/cert_manager/src/cert_manager.c | 269 +++++++++++++++++++++ 15 files changed, 1081 insertions(+) create mode 100644 test/CA/cert_manager/Makefile create mode 100644 test/CA/cert_manager/cert_common.h create mode 100644 test/CA/cert_manager/cert_file.c create mode 100644 test/CA/cert_manager/cert_file.h create mode 100644 test/CA/cert_manager/cert_manager.c create mode 100644 test/TA/cert_manager/CMakeLists.txt create mode 100644 test/TA/cert_manager/Makefile create mode 100644 test/TA/cert_manager/config.cmake create mode 100644 test/TA/cert_manager/config.mk create mode 100644 test/TA/cert_manager/config.sh create mode 100644 test/TA/cert_manager/include/cert_config.h create mode 100644 test/TA/cert_manager/manifest.txt create mode 100644 test/TA/cert_manager/src/cert_logger.c create mode 100644 test/TA/cert_manager/src/cert_logger.h create mode 100644 test/TA/cert_manager/src/cert_manager.c diff --git a/test/CA/cert_manager/Makefile b/test/CA/cert_manager/Makefile new file mode 100644 index 0000000..aa6f12a --- /dev/null +++ b/test/CA/cert_manager/Makefile @@ -0,0 +1,24 @@ +CUR_DIR=$(shell pwd) +ITRUSTEE_BUILD_PATH=${CUR_DIR}/../../../ + +TARGET_APP := certmanager + +APP_SOURCES := ./cert_file.c +APP_SOURCES += ./cert_manager.c + +APP_SOURCES += $(ITRUSTEE_BUILD_PATH)/src/CA/libteec_adaptor.c + +APP_CFLAGS += -fstack-protector-strong -fPIC + +APP_CFLAGS += -I$(ITRUSTEE_BUILD_PATH)/include/CA \ + +APP_LDFLAGS += -ldl -lpthread + +APP_LDFLAGS += -z text -z now -z relro -z noexecstack -pie -s + +APP_OBJECTS := $(APP_SOURCES:.c=.o) +$(TARGET_APP): $(APP_SOURCES) + $(CC) $(APP_CFLAGS) -o $@ $(APP_SOURCES) $(APP_LDFLAGS) + +clean: + rm -f *.o $(TARGET_APP) \ No newline at end of file diff --git a/test/CA/cert_manager/cert_common.h b/test/CA/cert_manager/cert_common.h new file mode 100644 index 0000000..0368768 --- /dev/null +++ b/test/CA/cert_manager/cert_common.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * iTrustee licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: CA for certification management. + */ + +#ifndef CERT_COMMON_H +#define CERT_COMMON_H + +#define printf_err(msg, ...) fprintf(stderr, msg, ##__VA_ARGS__) +#define MAX_BUFFER_LEN 8192 +#define MAX_LOG_BUFFER_LEN 10000 + +#endif diff --git a/test/CA/cert_manager/cert_file.c b/test/CA/cert_manager/cert_file.c new file mode 100644 index 0000000..d0c04d8 --- /dev/null +++ b/test/CA/cert_manager/cert_file.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * iTrustee licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: CA for certification management. + */ +#include "cert_file.h" + +#include +#include +#include +#include +#include + +#include "cert_common.h" + +bool IsFileExist(const char *path) +{ + return access(path, F_OK) == 0; +} + +static int32_t GetFileSize(const char *path, long *size) +{ + int32_t ret; + struct stat buf; + ret = stat(path, &buf); + if (ret != 0) + printf_err("file stat failed: %s\n", path); + else + *size = buf.st_size; + return ret; +} + +int32_t LoadFromFs(void *buffer, size_t size, const char *filePath, size_t *fileSize) +{ + int32_t ret; + /* check file name */ + if (strstr(filePath, ".der") == NULL) { + ret = errno; + printf_err("only support der file\n"); + goto end; + } + /* get file length */ + ret = GetFileSize(filePath, fileSize); + if (ret != 0) { + printf_err("get file length failed: %s\n", filePath); + goto end; + } + /* check file content overflow */ + if (*fileSize > size) { + printf_err("file is too long: %s\n", filePath); + goto end; + } + /* read contents from file into buffer */ + FILE *fp = fopen(filePath, "r"); + if (fp == NULL) { + ret = errno; + printf_err("open file failed: %s\n", filePath); + goto end; + } + size_t readLen = fread(buffer, 1, size, fp); + if (readLen != *fileSize) { + ret = errno; + printf_err("read file failed: %s\n", filePath); + } + (void)fclose(fp); +end: + return ret; +} + +int32_t StoreToFs(const void *buffer, uint32_t size, const char *filePath) +{ + int32_t ret = 0; + /* write size of buffer into file */ + FILE *fp = fopen(filePath, "w"); + if (fp == NULL) { + ret = errno; + printf_err("open file failed: %s\n", filePath); + goto end; + } + size_t writeLen = fwrite(buffer, 1, size, fp); + if (writeLen != size) { + ret = errno; + printf_err("write file failed: %s\n", filePath); + } + (void)fclose(fp); +end: + return ret; +} \ No newline at end of file diff --git a/test/CA/cert_manager/cert_file.h b/test/CA/cert_manager/cert_file.h new file mode 100644 index 0000000..89c8835 --- /dev/null +++ b/test/CA/cert_manager/cert_file.h @@ -0,0 +1,26 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * iTrustee licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: CA for certification management. + */ + +#ifndef CERT_FILE_H +#define CERT_FILE_H + +#include +#include +#include +#include + +bool IsFileExist(const char *path); +int32_t LoadFromFs(void *buffer, size_t size, const char *filePath, size_t* fileSize); +int32_t StoreToFs(const void *buffer, uint32_t size, const char *filePath); + +#endif \ No newline at end of file diff --git a/test/CA/cert_manager/cert_manager.c b/test/CA/cert_manager/cert_manager.c new file mode 100644 index 0000000..31e9f39 --- /dev/null +++ b/test/CA/cert_manager/cert_manager.c @@ -0,0 +1,260 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * iTrustee licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: CA for certification management. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert_file.h" +#include "cert_common.h" + +#define TA_PATH "/usr/bin/4acaf7c8-c652-4643-9b7a-cc07e7a3187a.sec" + +/* commands */ +#define CMD_DESTROY "destroy" +#define CMD_IMPORT "import" +#define CMD_EXPORT "export" +/* sub commands of export */ +#define CMD_EXPORT_CERT "cert" +#define CMD_EXPORT_LOG "log" + +/* number of command arguments */ +#define CMD_IMPORT_ARGC 3 +#define CMD_EXPORT_CERT_ARGC 4 +#define CMD_EXPORT_LOG_ARGC 3 +#define CMD_DESTROY_ARGC 2 + +/* index of command parameters */ +#define CMD_NAME 1 +#define CMD_IMPORT_ARG_PATH 2 +#define CMD_EXPORT_SUBCMD 2 +#define CMD_EXPORT_ARG_PATH 3 + +enum { + IPC_IMPORT_CERT = 1, + IPC_EXPORT_CERT = 2, + IPC_DESTORY_CERT = 3, + IPC_EXPORT_LOG = 4 +}; + +static TEEC_Result Destroy(TEEC_Session *session) +{ + TEEC_Result result; + /* invoke ipc command */ + TEEC_Operation operation = { 0 }; + operation.started = 1; + operation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE); + result = TEEC_InvokeCommand(session, IPC_DESTORY_CERT, &operation, NULL); + if (result != TEEC_SUCCESS) + printf_err("ipc failed\n"); + return result; +} + +static TEEC_Result ProcessExportResult(TEEC_SharedMemory *sharedMem, uint32_t len, const char *certPath) +{ + TEEC_Result result = TEEC_SUCCESS; + uint8_t *outbuf = (uint8_t *)malloc(sharedMem->size); + if (outbuf == NULL) { + printf_err("memory allocate failed\n"); + result = TEEC_ERROR_OUT_OF_MEMORY; + goto end; + } + if (len == 0) + printf_err("warning: empty content\n"); + /* replaced with memcpy(outbuf, sharedMem->buffer, len) when memcpy_s is not supported */ + if (memcpy_s(outbuf, sharedMem->size, sharedMem->buffer, len) != EOK) { + result = TEEC_ERROR_OUT_OF_MEMORY; + printf_err("memcpy_s failed\n"); + goto end; + } + if (certPath != NULL) { + if (StoreToFs(outbuf, len, certPath) != 0) { + result = TEEC_ERROR_WRITE_DATA; + printf_err("write to file failed: %s\n", certPath); + } + } else { + printf("%s\n", outbuf); + } +end: + if (outbuf != NULL) + free(outbuf); + return result; +} + +static TEEC_Result Export(TEEC_Context *context, TEEC_Session *session, const char *cmdLine, const char *certPath) +{ + TEEC_Result result; + char realPath[PATH_MAX]; + /* 1. parse sub-command */ + uint32_t cmd; + if (memcmp(cmdLine, CMD_EXPORT_CERT, sizeof(CMD_EXPORT_CERT)) == 0) { + /* check Legality of certPath */ + if (realpath(certPath, realPath) == NULL) { + result = errno; + printf_err("illegal certification path: %s\n", certPath); + goto end; + } + cmd = IPC_EXPORT_CERT; + } else if (memcmp(cmdLine, CMD_EXPORT_LOG, sizeof(CMD_EXPORT_LOG)) == 0) { + cmd = IPC_EXPORT_LOG; + } else { + result = TEEC_ERROR_INVALID_CMD; + printf_err("unknown sub-command: %s\n", cmdLine); + goto end; + } + /* 2. allocate shared memory */ + TEEC_SharedMemory sharedMem; + sharedMem.size = (cmd == IPC_EXPORT_LOG) ? MAX_LOG_BUFFER_LEN : MAX_BUFFER_LEN; + sharedMem.flags = TEEC_MEM_OUTPUT | TEEC_MEM_INPUT; + result = TEEC_AllocateSharedMemory(context, &sharedMem); + if (result != TEEC_SUCCESS) { + printf_err("allocate shared memory failed\n"); + goto end; + } + /* 3. invoke ipc command */ + TEEC_Operation operation = { 0 }; + operation.started = 1; + operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INOUT, TEEC_NONE, TEEC_NONE, TEEC_NONE); + operation.params[0].memref.parent = &sharedMem; + operation.params[0].memref.offset = 0; + operation.params[0].memref.size = sharedMem.size; + result = TEEC_InvokeCommand(session, cmd, &operation, NULL); + if (result != TEEC_SUCCESS) { + printf_err("ipc failed\n"); + goto free_sharedMem; + } + /* 4. process ipc result */ + const char *path = cmd == IPC_EXPORT_CERT ? realPath : NULL; + result = ProcessExportResult(&sharedMem, operation.params[0].memref.size, path); +free_sharedMem: + TEEC_ReleaseSharedMemory(&sharedMem); +end: + return result; +} + +static TEEC_Result Import(TEEC_Context *context, TEEC_Session *session, const char *certPath) +{ + TEEC_Result result; + char realPath[PATH_MAX]; + /* 1. allocate shared memory */ + TEEC_SharedMemory sharedMem; + sharedMem.size = MAX_BUFFER_LEN; + sharedMem.flags = TEEC_MEM_OUTPUT | TEEC_MEM_INPUT; + result = TEEC_AllocateSharedMemory(context, &sharedMem); + if (result != TEEC_SUCCESS) { + printf_err("allocate shared memory failed\n"); + goto end; + } + /* 2. check certPath legality */ + if (realpath(certPath, realPath) == NULL) { + printf_err("illegal certification path:%s\n", certPath); + result = errno; + goto free_sharedMem; + } + if (!IsFileExist(realPath)) { + printf_err("certification not exsit:%s\n", certPath); + result = TEEC_ERROR_BAD_PARAMETERS; + goto free_sharedMem; + } + /* 3. read cert from filesystem to shared memory */ + size_t fileSize = 0; + if (LoadFromFs(sharedMem.buffer, sharedMem.size, certPath, &fileSize) != 0) { + result = TEEC_ERROR_READ_DATA; + printf_err("load certification failed\n"); + goto free_sharedMem; + } + /* 4. invoke ipc command */ + TEEC_Operation operation = { 0 }; + operation.started = 1; + operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INPUT, TEEC_NONE, TEEC_NONE, TEEC_NONE); + operation.params[0].memref.parent = &sharedMem; + operation.params[0].memref.offset = 0; + operation.params[0].memref.size = fileSize; + result = TEEC_InvokeCommand(session, IPC_IMPORT_CERT, &operation, NULL); + if (result != TEEC_SUCCESS) + printf_err("ipc failed\n"); +free_sharedMem: + TEEC_ReleaseSharedMemory(&sharedMem); +end: + return result; +} + +static TEEC_UUID g_taId = { + 0x4acaf7c8, 0xc652, 0x4643, + { 0x9b, 0x7a, 0xcc, 0x07, 0xe7, 0xa3, 0x18, 0x7a } +}; + +int main(int argc, char *argv[]) +{ + TEEC_Result result; + TEEC_Context context; + TEEC_Session session; + TEEC_UUID *uuidp = &g_taId; + TEEC_Operation operation = { 0 }; + /* 1. init context */ + if (argc < CMD_DESTROY_ARGC || argc > CMD_EXPORT_CERT_ARGC) { + printf_err("wrong parameters num \n"); + return -1; + } + + result = TEEC_InitializeContext(NULL, &context); + if (result != TEEC_SUCCESS) { + printf_err("teec initialize failed\n"); + goto end; + } + /* 2. open session */ + context.ta_path = (uint8_t *)TA_PATH; + operation.started = 1; + operation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE); + result = TEEC_OpenSession(&context, &session, uuidp, TEEC_LOGIN_IDENTIFY, NULL, &operation, NULL); + if (result != TEEC_SUCCESS) { + printf_err("teec open session failed, result is 0x%x\n", result); + goto finalize; + } + /* 3. process command line */ + if (memcmp(argv[CMD_NAME], CMD_IMPORT, sizeof(CMD_IMPORT)) == 0) { + /* import */ + result = (argc == CMD_IMPORT_ARGC) ? + Import(&context, &session, argv[CMD_IMPORT_ARG_PATH]) : + TEEC_ERROR_BAD_PARAMETERS; + } else if (memcmp(argv[CMD_NAME], CMD_EXPORT, sizeof(CMD_EXPORT)) == 0) { + /* export */ + result = (argc == CMD_EXPORT_CERT_ARGC || argc == CMD_EXPORT_LOG_ARGC) ? + Export(&context, &session, argv[CMD_EXPORT_SUBCMD], argv[CMD_EXPORT_ARG_PATH]) : + TEEC_ERROR_BAD_PARAMETERS; + } else if (memcmp(argv[CMD_NAME], CMD_DESTROY, sizeof(CMD_DESTROY)) == 0) { + /* destroy */ + result = (argc == CMD_DESTROY_ARGC) ? Destroy(&session) : TEEC_ERROR_BAD_PARAMETERS; + } else { + /* undefined */ + result = TEEC_ERROR_INVALID_CMD; + printf("invalid command 0x%x\n", result); + } +close: + TEEC_CloseSession(&session); +finalize: + TEEC_FinalizeContext(&context); +end: + if (result != TEEC_SUCCESS) { + printf_err("failed, errno: 0x%x\n", result); + return -1; + } else { + printf_err("success\n"); + return 0; + } +} \ No newline at end of file diff --git a/test/TA/cert_manager/CMakeLists.txt b/test/TA/cert_manager/CMakeLists.txt new file mode 100644 index 0000000..c452980 --- /dev/null +++ b/test/TA/cert_manager/CMakeLists.txt @@ -0,0 +1,38 @@ +# sdk cmake. +# Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved. +cmake_minimum_required(VERSION 3.16 FATAL_ERROR) +project(tee_sdk C) + +if (PROJECT_SOURCE_DIR STREQUAL PROJECT_BINARY_DIR) + message(FATAL_ERROR "Forbid compiling in the source tree") +endif() + +include(${CMAKE_CURRENT_SOURCE_DIR}/config.cmake) +include($ENV{ITRUSTEE_BUILD_PATH}/build/cmake/common.cmake) + +set(LIBRARY_OUTPUT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) +set(CURRENT_TARGET_SO "combine") + +set(SDK_C_SOURCES + ${SDK_C_SOURCES} + src/cert_logger.c + src/cert_manager.c +) + +set(COMMON_INCLUDES + ${COMMON_INCLUDES} + ${CMAKE_CURRENT_SOURCE_DIR}/include + ${CMAKE_CURRENT_SOURCE_DIR}/src + ${CMAKE_CURRENT_SOURCE_DIR}/../../../include/TA +) + +add_library(${CURRENT_TARGET_SO} SHARED ${SDK_C_SOURCES}) +target_include_directories(${CURRENT_TARGET_SO} PUBLIC ${COMMON_INCLUDES}) +target_compile_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_CFLAGS}) +target_link_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_LDFLAGS}) + +add_custom_command( + TARGET ${CURRENT_TARGET_SO} POST_BUILD + COMMAND sh $ENV{ITRUSTEE_BUILD_PATH}/build/tools/ta_entry_check.sh ${CMAKE_READELF} ${CMAKE_CURRENT_SOURCE_DIR}/libcombine.so n y ${TARGET_IS_ARM64} + COMMAND python3 -B $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/signtool_v3.py ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR} --privateCfg $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/config_cloud.ini +) \ No newline at end of file diff --git a/test/TA/cert_manager/Makefile b/test/TA/cert_manager/Makefile new file mode 100644 index 0000000..79c6529 --- /dev/null +++ b/test/TA/cert_manager/Makefile @@ -0,0 +1,33 @@ +include ./config.mk +include ../../../build/mk/common.mk + +# set the compilation tool chain example : export CC=path_to_gcc ; export LD=path_to_ld + +SRC += $(wildcard src/*.c) + +# set header directory +INCLUDEDIR += -I${CUR_DIR}/include +INCLUDEDIR += -I${CUR_DIR}/src +INCLUDEDIR += -I${CUR_DIR}/../../../include/TA + +#set libhwsecurec path example : INCLUDEDIR += -Ipath_to_libhwsecurec + +# set target +COBJS := $(SRC:%.c=%.o) +TARGET = $(COBJS) + +sec_binary:combine + python3 -B ${SIGNTOOL_DIR}/signtool_v3.py ${CUR_DIR} ${CUR_DIR} --privateCfg ${SIGNTOOL_DIR}/config_cloud.ini + +combine: $(TARGET) + $(LD) $(LDFLAGS) $(TARGET) $(EXTRAO) -o libcombine.so + bash $(ITRUSTEE_BUILD_PATH)/build/tools/ta_entry_check.sh $(READELF) $(shell pwd)/libcombine.so n y $(TARGET_IS_ARM64) + +src/%.o: ./src/%.c + $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@ + +%.o: %.c + $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@ + +clean: + rm -f $(COBJS) *.so *.sec \ No newline at end of file diff --git a/test/TA/cert_manager/config.cmake b/test/TA/cert_manager/config.cmake new file mode 100644 index 0000000..933d051 --- /dev/null +++ b/test/TA/cert_manager/config.cmake @@ -0,0 +1,11 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. +# +# API_LEVEL which indicates the GP API version of TA +# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee +# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner +# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support +# If no API_LEVEL is specified, API of GP 1.0 will be taken +set(COMMON_CFLAGS -DAPI_LEVEL=1) +if ("${TARGET_IS_ARM64}" STREQUAL "") + set(TARGET_IS_ARM64 y) +endif() \ No newline at end of file diff --git a/test/TA/cert_manager/config.mk b/test/TA/cert_manager/config.mk new file mode 100644 index 0000000..5e4ccfa --- /dev/null +++ b/test/TA/cert_manager/config.mk @@ -0,0 +1,12 @@ +# +# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. +# +# API_LEVEL which indicates the GP API version of TA +# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee +# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner +# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support +# If no API_LEVEL is specified, API of GP 1.0 will be taken +CFLAGS += -DAPI_LEVEL=1 +ifeq ($(TARGET_IS_ARM64),) + TARGET_IS_ARM64 = y +endif \ No newline at end of file diff --git a/test/TA/cert_manager/config.sh b/test/TA/cert_manager/config.sh new file mode 100644 index 0000000..ad3c822 --- /dev/null +++ b/test/TA/cert_manager/config.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. +# This script is used to compile the demo sdk. +set -e + +export SOURCE_PATH=$(dirname $0) +export ABS_SOURCE_PATH=$(cd ${SOURCE_PATH};pwd) +export ITRUSTEE_BUILD_PATH=${ABS_SOURCE_PATH}/../../.. + +#clean +if [ "$#" -eq 1 ] && [ "$1"x = "clean"x ]; then + rm -f *.o *.so *.sec + if [ -d "cmake_build" ]; then + rm -rf cmake_build + echo "rm -rf cmake_build" + fi + exit 0 +fi + +echo "Cmake compile TA begin" +if [ -d "cmake_build" ]; then + rm -rf cmake_build + echo "rm -rf cmake_build" +fi +mkdir -p cmake_build +echo "mkdir cmake_build" +cd cmake_build/ + +cmake -DCMAKE_TOOLCHAIN_FILE=${ITRUSTEE_BUILD_PATH}/build/cmake/aarch64_toolchain.cmake .. + +make VERBOSE=1 + +cd .. +rm -rf cmake_build \ No newline at end of file diff --git a/test/TA/cert_manager/include/cert_config.h b/test/TA/cert_manager/include/cert_config.h new file mode 100644 index 0000000..b799463 --- /dev/null +++ b/test/TA/cert_manager/include/cert_config.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved. + * iTrustee licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: declaration of logger tool interfaces. + */ +#ifndef CERT_CONFIG_H +#define CERT_CONFIG_H + +#define CERT_MANAGER_DEPLOY_PATH "/usr/bin/certmanager" +#define CERT_MANAGER_DEPLOY_USER "root" + +/* + * defines the public key for verifying the imported certification. + */ +const char g_root_public_key[] = { +/* add public_key len 550*/ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +}; + +#endif \ No newline at end of file diff --git a/test/TA/cert_manager/manifest.txt b/test/TA/cert_manager/manifest.txt new file mode 100644 index 0000000..c3f9b41 --- /dev/null +++ b/test/TA/cert_manager/manifest.txt @@ -0,0 +1,7 @@ +gpd.ta.appID: 4acaf7c8-c652-4643-9b7a-cc07e7a3187a +gpd.ta.service_name: certmanager +gpd.ta.singleInstance: true +gpd.ta.multiSession: true +gpd.ta.instanceKeepAlive: false +gpd.ta.dataSize: 2097152 +gpd.ta.stackSize: 32768 \ No newline at end of file diff --git a/test/TA/cert_manager/src/cert_logger.c b/test/TA/cert_manager/src/cert_logger.c new file mode 100644 index 0000000..6cdc364 --- /dev/null +++ b/test/TA/cert_manager/src/cert_logger.c @@ -0,0 +1,157 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * iTrustee licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: logger tool implementations. + */ +#include "cert_logger.h" + +#include +#include +#include +#include +#include + +static const char *g_log_path = "dyn_crt_op.log"; + +static TEE_Result log_open(TEE_ObjectHandle *obj, uint32_t flag) +{ + uint32_t storage_id = TEE_OBJECT_STORAGE_PRIVATE; + /* open log file */ + TEE_Result ret = TEE_OpenPersistentObject(storage_id, g_log_path, strlen(g_log_path), flag, obj); + if (ret == TEE_ERROR_ITEM_NOT_FOUND && + ((flag & TEE_DATA_FLAG_ACCESS_WRITE != 0) || (flag & TEE_DATA_FLAG_ACCESS_WRITE_META != 0))) { + /* create it if file is not exist when writing or changing metadata */ + tlogi("file not exist, creating: %s\n", g_log_path); + ret = TEE_CreatePersistentObject(storage_id, g_log_path, strlen(g_log_path), + flag, TEE_HANDLE_NULL, + NULL, 0, obj); + if (ret != TEE_SUCCESS) + tloge("create file failed: %s\n", g_log_path); + } + return ret; +} + +/* truncate if the file beyonds MAX_LOG_LINE_NUM */ +static TEE_Result log_truncate(TEE_ObjectHandle obj) +{ + TEE_Result ret; + char buf[MAX_LOG_SIZE] = { 0 }; + uint32_t len = 0; + /* 1. read all content in the log file into memory buf */ + ret = TEE_SeekObjectData(obj, 0, TEE_DATA_SEEK_SET); + if (ret != TEE_SUCCESS) { + tloge("seek file failed: %s\n", g_log_path); + goto end; + } + ret = TEE_ReadObjectData(obj, buf, sizeof(buf), &len); + if (ret != TEE_SUCCESS) { + tloge("read file failed: %s\n", g_log_path); + goto end; + } + /* 2. statistic line-breaks for counting lines */ + int line_cnt = 0; + for (uint32_t i = 0; i < len; ++i) { + if (buf[i] == '\n') + line_cnt += 1; + } + /* 3. if the line number is overflow, remove the first (line_cnt - MAX_LOG_LINE_NUM) lines */ + if (line_cnt > MAX_LOG_LINE_NUM) { + /* line break */ + uint32_t line_break_idx = 0; + uint32_t remain = line_cnt - MAX_LOG_LINE_NUM; + for (uint32_t i = 0; remain > 0; ++i) { + if (buf[i] == '\n') { + line_break_idx = i; + remain--; + } + } + /* 3.1 override the first (line_cnt - MAX_LOG_LINE_NUM) lines */ + uint32_t resize_to = len - line_break_idx - 1; + if (memmove_s(buf, sizeof(buf), buf + line_break_idx + 1, resize_to) != EOK) { + tloge("memory movement failed\n"); + ret = TEE_ERROR_OUT_OF_MEMORY; + goto end; + } + /* 3.2 write back to the start of file */ + ret = TEE_SeekObjectData(obj, 0, TEE_DATA_SEEK_SET); + if (ret != TEE_SUCCESS) { + tloge("seek file failed: %s\n", g_log_path); + goto end; + } + ret = TEE_WriteObjectData(obj, buf, resize_to); + if (ret != TEE_SUCCESS) + tloge("write file failed: %s\n", g_log_path); + /* 3.3 truncate to correct size */ + ret = TEE_TruncateObjectData(obj, resize_to); + if (ret != TEE_SUCCESS) + tloge("truncate file failed: %s\n", g_log_path); + } +end: + return ret; +} + +/* write a NULL-terminated string into log */ +TEE_Result cert_log_write(char *log_info) +{ + TEE_Result ret; + TEE_ObjectHandle obj; + /* 1. open log file */ + uint32_t open_flag = TEE_DATA_FLAG_ACCESS_WRITE | + TEE_DATA_FLAG_ACCESS_WRITE_META | + TEE_DATA_FLAG_ACCESS_READ; + ret = log_open(&obj, open_flag); + if (ret != TEE_SUCCESS) { + tloge("open file failed: %s\n", g_log_path); + goto end; + } + /* 2. append log to the end */ + ret = TEE_SeekObjectData(obj, 0, TEE_DATA_SEEK_END); + if (ret != TEE_SUCCESS) { + tloge("seek file failed: %s\n", g_log_path); + goto close; + } + ret = TEE_WriteObjectData(obj, log_info, strlen(log_info)); + if (ret != TEE_SUCCESS) { + tloge("write file failed: %s\n", g_log_path); + goto close; + } + /* 3. truncate the file for keeping the number of lines MAX_LOG_LINE_NUM */ + ret = log_truncate(obj); + if (ret != TEE_SUCCESS) { + tloge("roll back file failed: %s\n", g_log_path); + goto close; + } + +close: + (void)TEE_SyncPersistentObject(obj); + TEE_CloseObject(obj); +end: + return ret; +} + +TEE_Result cert_log_read(char *dst, uint64_t dst_len, uint32_t *read_len) +{ + TEE_Result ret; + TEE_ObjectHandle obj; + /* 1. open log file */ + uint32_t open_flag = TEE_DATA_FLAG_ACCESS_READ; + ret = log_open(&obj, open_flag); + if (ret != TEE_SUCCESS) { + tloge("open file failed: %s\n", g_log_path); + goto end; + } + /* 2. read log file */ + ret = TEE_ReadObjectData(obj, dst, dst_len, read_len); + if (ret != TEE_SUCCESS) + tloge("read file failed: %s\n", g_log_path); + TEE_CloseObject(obj); +end: + return ret; +} \ No newline at end of file diff --git a/test/TA/cert_manager/src/cert_logger.h b/test/TA/cert_manager/src/cert_logger.h new file mode 100644 index 0000000..bb94743 --- /dev/null +++ b/test/TA/cert_manager/src/cert_logger.h @@ -0,0 +1,31 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * iTrustee licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: declaration of logger tool interfaces. + */ +#ifndef CERT_LOGGER_H +#define CERT_LOGGER_H + +#include + +/* + * MAX_LOG_LINE_NUM: defines the max line numbers of which the operation log records. + * MAX_LOG_LINE_LEN: defines the max length of each operation log entry. + * MAX_LOG_SIZE: defines the max size of the operation log file. + * Notice: MAX_LOG_LINE_NUM * MAX_LOG_LINE_LEN <= MAX_LOG_SIZE + */ +#define MAX_LOG_LINE_NUM 60 +#define MAX_LOG_LINE_LEN 150 +#define MAX_LOG_SIZE 10000 + +TEE_Result cert_log_write(char *log_info); +TEE_Result cert_log_read(char *dst, uint64_t dst_len, uint32_t *read_len); + +#endif \ No newline at end of file diff --git a/test/TA/cert_manager/src/cert_manager.c b/test/TA/cert_manager/src/cert_manager.c new file mode 100644 index 0000000..bffbbf2 --- /dev/null +++ b/test/TA/cert_manager/src/cert_manager.c @@ -0,0 +1,269 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * iTrustee licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: do cert management on kunpeng. + */ +#include +#include +#include +#include +#include +#include +#include + +#include "cert_logger.h" + +enum { + SAVE_CERT_CMD = 1, + SEARCH_CERT_CMD = 2, + DEL_CERT_CMD = 3, + SEARCH_LOG_CMD = 4 +}; + +#define ACTION_CRT_EXPORT "export" +#define ACTION_CRT_IMPORT "import" +#define ACTION_CRT_REMOVE "remove" +#define ACTION_CRT_UNDEFINED "undefined" +#define MAX_BUFFER_LEN 8192 +#define MAX_LOG_BUFFER_LEN 10000 +#define BASE_YEAR 1900 +#define BASE_MON 1 + +static void log_action(const char *action, TEE_Result result) +{ + /* format result */ + char *suc = result == TEE_SUCCESS ? "true" : "false"; + /* get system time */ + struct timespec time; + clock_gettime(CLOCK_REALTIME, &time); + struct tm *lt = localtime(&time.tv_sec); + if (lt == NULL) { + tloge("get UTC time failed\n"); + return; + } + /* format log entry: "[yyyy/mm/dd HH:MM:SS] ACTION: xxx, SUCCESS: true/false " */ + char buf[MAX_LOG_LINE_LEN]; + if (snprintf_s(buf, sizeof(buf), sizeof(buf) - 1, + "[UTC:%04d/%02d/%02d %02d:%02d:%02d] ACTION: %s, SUCCESS: %s.\n", + lt->tm_year + BASE_YEAR, lt->tm_mon + BASE_MON, lt->tm_mday, lt->tm_hour, lt->tm_min, lt->tm_sec, + action, suc) < 0) { + tloge("format log entry failed\n"); + return; + } + /* write into log file on ssa */ + if (cert_log_write(buf) != TEE_SUCCESS) + tloge("write to log failed\n"); +} + +/* ---------------------------------------------------------------------------- + * Trusted Application Entry Points + * ---------------------------------------------------------------------------- + */ + +static TEE_Result cert_verify_and_send(uint32_t param_types, TEE_Param params[4]) +{ + TEE_Result ret; + const char *pubkey = g_root_public_key; + uint32_t pubkey_len = sizeof(g_root_public_key) / sizeof(char); + if (!check_param_type(param_types, + TEE_PARAM_TYPE_MEMREF_INPUT, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE)) { + tloge("Bad expected parameter types, 0x%x.\n", param_types); + return TEE_ERROR_BAD_PARAMETERS; + } + + if (params[0].memref.size == 0 || params[0].memref.size > MAX_BUFFER_LEN || params[0].memref.buffer == NULL) { + tloge("Bad expected parameter.\n"); + return TEE_ERROR_BAD_PARAMETERS; + } + + ret = ta_signing_cert_import(params[0].memref.buffer, params[0].memref.size, pubkey, pubkey_len); + if (ret != TEE_SUCCESS) + tloge("cert store failed\n"); + return ret; +} + +static TEE_Result cert_search_service(uint32_t param_types, uint32_t cmd_id, TEE_Param params[4]) +{ + TEE_Result ret = TEE_SUCCESS; + uint32_t limit = params[0].memref.size; + uint32_t len = 0; + uint8_t *dst = NULL; + if (!check_param_type(param_types, + TEE_PARAM_TYPE_MEMREF_INOUT, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE)) { + tloge("Bad expected parameter types, 0x%x.\n", param_types); + return TEE_ERROR_BAD_PARAMETERS; + } + + if (params[0].memref.size == 0 || params[0].memref.size > MAX_LOG_BUFFER_LEN || params[0].memref.buffer == NULL) { + tloge("Bad expected parameter.\n"); + return TEE_ERROR_BAD_PARAMETERS; + } + + dst = (uint8_t *)malloc(params[0].memref.size); + if (dst == NULL) { + tloge("malloc failed\n"); + return TEE_ERROR_OUT_OF_MEMORY; + } + + switch (cmd_id) { + case SEARCH_CERT_CMD: + ret = ta_signing_cert_export((uint8_t *)dst, &len, limit); + break; + case SEARCH_LOG_CMD: + ret = cert_log_read((char *)dst, limit, &len); + if (len < limit) { + dst[len++] = '\0'; + } else { + dst[limit - 1] = '\0'; + len = limit; + } + break; + default: + break; + } + if (memcpy_s(params[0].memref.buffer, limit, dst, len) != EOK) { + free(dst); + dst = NULL; + return TEE_ERROR_SECURITY; + } + + params[0].memref.size = len; + if (ret != TEE_SUCCESS) + tloge("cert search failed\n"); + free(dst); + dst = NULL; + return ret; +} + +static TEE_Result cert_delete_service(uint32_t param_types) +{ + TEE_Result ret; + if (!check_param_type(param_types, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE)) { + tloge("Bad expected parameter types, 0x%x.\n", param_types); + return TEE_ERROR_BAD_PARAMETERS; + } + ret = ta_signing_cert_destroy(); + if (ret != TEE_SUCCESS) + tloge("cert delete failed\n"); + return ret; +} + +/** + * Function TA_CreateEntryPoint + * Description: + * The function TA_CreateEntryPoint is the Trusted Application's constructor, + * which the Framework calls when it creates a new instance of the Trusted Application. + */ +TEE_Result TA_CreateEntryPoint(void) +{ + TEE_Result ret = addcaller_ca_exec(CERT_MANAGER_DEPLOY_PATH, CERT_MANAGER_DEPLOY_USER); + if (ret != TEE_SUCCESS) + tloge("TA_CreateEntryPoint: AddCaller_CA_exec failed.\n"); + return ret; +} + +/** + * Function TA_OpenSessionEntryPoint + * Description: + * The Framework calls the function TA_OpenSessionEntryPoint + * when a client requests to open a session with the Trusted Application. + * The open session request may result in a new Trusted Application instance + * being created. + */ +TEE_Result TA_OpenSessionEntryPoint(uint32_t paramTypes, + TEE_Param params[4], void** sessionContext) +{ + /* -Wunused-parameter */ + (void)paramTypes; + /* -Wunused-parameter */ + (void)params; + /* -Wunused-parameter */ + (void)sessionContext; + SLogTrace("---- TA_OpenSessionEntryPoint -------- "); + return TEE_SUCCESS; +} + +/** + * Function TA_InvokeCommandEntryPoint: + * Description: + * The Framework calls this function when the client invokes a command + * within the given session. + */ +TEE_Result TA_InvokeCommandEntryPoint(void* sessionContext, uint32_t cmd_id, + uint32_t paramTypes, TEE_Param params[4]) +{ + /* -Wunused-parameter */ + (void)sessionContext; + TEE_Result ret; + char *action = NULL; + switch (cmd_id) { + case SAVE_CERT_CMD: + action = ACTION_CRT_IMPORT; + ret = cert_verify_and_send(paramTypes, params); + if (ret != TEE_SUCCESS) + tloge("certificate restoring failed\n"); + break; + case SEARCH_CERT_CMD: + /* fall through: to be handled with the same function as SEARCH_LOG_CMD case */ + case SEARCH_LOG_CMD: + action = ACTION_CRT_EXPORT; + ret = cert_search_service(paramTypes, cmd_id, params); + if (ret != TEE_SUCCESS) + tloge("certificate searching failed\n"); + break; + case DEL_CERT_CMD: + action = ACTION_CRT_REMOVE; + ret = cert_delete_service(paramTypes); + if (ret != TEE_SUCCESS) + tloge("certificate delete failed\n"); + break; + default: + action = ACTION_CRT_UNDEFINED; + ret = TEE_ERROR_BAD_PARAMETERS; + break; + } + log_action(action, ret); + return ret; +} + +/** + * Function TA_CloseSessionEntryPoint: + * Description: + * The Framework calls this function to close a client session. + * During the call to this function the implementation can use + * any session functions. + */ +void TA_CloseSessionEntryPoint(void* sessionContext) +{ + /* -Wunused-parameter */ + (void)sessionContext; + SLogTrace("---- TA_CloseSessionEntryPoint ----- "); +} + +/** + * Function TA_DestroyEntryPoint + * Description: + * The function TA_DestroyEntryPoint is the Trusted Application's destructor, + * which the Framework calls when the instance is being destroyed. + */ +void TA_DestroyEntryPoint(void) +{ + SLogTrace("---- TA_DestroyEntryPoint ---- "); +} \ No newline at end of file -- Gitee