Empty TA template

Soon available commands : TA_INSTALL_KEYS, TA_HAS_KEYS, TA_DEL_KEYS, TA_SIGN_RSA

.gitignore

@@ -16,3 +16,14 @@ client/fd.cc
 client/internal.h
 client/transport_common.cc
 client/transport_common.h
+
+# TA
+*.cmd
+*.o
+*.d
+*dyn_list
+*.lds
+*.elf
+*.map
+*.dmp
+*.ta

README.md

@@ -26,6 +26,7 @@ The following script will generate all necessary key-pairs :
 ### Build 
 Several ARMv8 binaries are needed :
 - the client program
+- the trusted application (TA)
 
 Then please execute the following script :
 ```bash

build_programs.sh

@@ -1,8 +1,10 @@
 #!/bin/bash
 DEMO_DIR=$(pwd)
-CXX=$DEMO_DIR/optee-qemuv8/toolchains/aarch64/bin/aarch64-linux-gnu-g++
+OPTEE_QEMU=$DEMO_DIR/optee-qemuv8
+CXX=$OPTEE_QEMU/toolchains/aarch64/bin/aarch64-linux-gnu-g++
 BORINGSSL=$DEMO_DIR/boringssl
 
+
 # Build client binary
 echo Building client...
 cd client
@@ -13,7 +15,16 @@ $CXX -o client *.cc -Wall \
 
 
 cd ..
+# Build Trusted App.
+echo Building TA...
+cd ta
+make \
+ CROSS_COMPILE=$OPTEE_QEMU/toolchains/aarch64/bin/aarch64-linux-gnu- \
+ BINARY=a3a8cd17-4156-41f5-8a66-fe2643a1c93e \
+ -f $OPTEE_QEMU/optee_os/out/arm/export-ta_arm64/mk/ta_dev_kit.mk 
+
 
+cd ..
 
 
 

ta/TLS_signature.c

@@ -0,0 +1,84 @@
+#include <stdio.h>
+#include <string.h>
+#include <tee_internal_api.h>
+#include <tee_internal_api_extensions.h>
+#include <user_ta_header_defines.h>
+
+/*
+ * Called when the instance of the TA is created. This is the first call in the
+ * TA.
+ */
+TEE_Result TA_CreateEntryPoint(void) {
+    DMSG("has been called");
+    return TEE_SUCCESS;
+}
+
+/*
+ * Called when the instance of the TA is destroyed if the TA has not
+ * crashed or panicked. This is the last call in the TA.
+ */
+void TA_DestroyEntryPoint(void) { DMSG("has been called"); }
+
+/*
+ * Called when a new session is opened to the TA. *sess_ctx can be updated
+ * with a value to be able to identify this session in subsequent calls to the
+ * TA. In this function you will normally do the global initialization for the
+ * TA.
+ */
+TEE_Result TA_OpenSessionEntryPoint(uint32_t __unused param_types,
+                                    TEE_Param __maybe_unused params[4],
+                                    void __maybe_unused **sess_ctx) {
+    DMSG("has been called");
+    return TEE_SUCCESS;
+}
+
+/*
+ * Called when a session is closed, sess_ctx hold the value that was
+ * assigned by TA_OpenSessionEntryPoint().
+ */
+void TA_CloseSessionEntryPoint(void __maybe_unused *sess_ctx) {
+    DMSG("has been called");
+}
+
+// Puts the key to the storage
+static TEE_Result install_key(uint32_t param_types, TEE_Param params[4]) {
+    return TEE_SUCCESS;
+}
+
+// Checks if key exists in the storage
+static TEE_Result has_key(uint32_t param_types, TEE_Param params[4]) {
+    return TEE_SUCCESS;
+}
+
+// Performs key deletion from the secure storage
+static TEE_Result del_key(uint32_t param_types, TEE_Param params[4]) {
+    return TEE_SUCCESS;
+}
+
+// Performs RSA signing with a key from secure storage
+static TEE_Result sign_rsa(uint32_t param_types, TEE_Param params[4]) {
+    return TEE_SUCCESS;
+}
+
+/*
+ * Called when a TA is invoked. sess_ctx hold that value that was
+ * assigned by TA_OpenSessionEntryPoint(). The rest of the paramters
+ * comes from normal world.
+ */
+TEE_Result TA_InvokeCommandEntryPoint(void __maybe_unused *sess_ctx,
+                                      uint32_t cmd_id, uint32_t param_types,
+                                      TEE_Param params[4]) {
+    (void)&sess_ctx; /* Unused parameter */
+    switch (cmd_id) {
+        case TA_INSTALL_KEYS:
+            return install_key(param_types, params);
+        case TA_HAS_KEYS:
+            return has_key(param_types, params);
+        case TA_DEL_KEYS:
+            return del_key(param_types, params);
+        case TA_SIGN_RSA:
+            return sign_rsa(param_types, params);
+        default:
+            return TEE_ERROR_BAD_PARAMETERS;
+    }
+}

ta/sub.mk

@@ -0,0 +1,5 @@
+# global-incdirs-y += include
+srcs-y += TLS_signature.c
+
+# To remove a certain compiler flag, add a line like this
+#cflags-template_ta.c-y += -Wno-strict-prototypes

ta/user_ta_header_defines.h

@@ -0,0 +1,43 @@
+/*
+ * The name of this file must not be modified
+ */
+
+#ifndef USER_TA_HEADER_DEFINES_H
+#define USER_TA_HEADER_DEFINES_H
+#include <stdint.h>
+
+/* TA UUID*/
+#define TA_UUID                                            \
+    {                                                      \
+        0xa3a8cd17, 0x4156, 0x41f5, {                      \
+            0x8a, 0x66, 0xfe, 0x26, 0x43, 0xa1, 0xc9, 0x3e \
+        }                                                  \
+    }
+
+/* The function IDs implemented in this TA */
+#define TA_INSTALL_KEYS 0
+#define TA_HAS_KEYS 1
+#define TA_DEL_KEYS 2
+#define TA_SIGN_RSA 4
+
+/*
+ * TA properties: multi-instance TA, no specific attribute
+ * TA_FLAG_EXEC_DDR is meaningless but mandated.
+ */
+#define TA_FLAGS TA_FLAG_EXEC_DDR
+
+/* Provisioned stack size */
+#define TA_STACK_SIZE (64 * 1024)
+
+/* Provisioned heap size for TEE_Malloc() and friends */
+#define TA_DATA_SIZE (64 * 1024)
+
+/* Extra properties (give a version id and a string name) */
+#define TA_CURRENT_TA_EXT_PROPERTIES                                         \
+    {"gp.ta.description", USER_TA_PROP_TYPE_STRING,                          \
+     "TLS client private key signature"},                                    \
+    {                                                                        \
+        "gp.ta.version", USER_TA_PROP_TYPE_U32, &(const uint32_t) { 0x0010 } \
+    }
+
+#endif /* USER_TA_HEADER_DEFINES_H */