diff --git a/.gitignore b/.gitignore index 389c229..52ef516 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,14 @@ client/fd.cc client/internal.h client/transport_common.cc client/transport_common.h + +# TA +*.cmd +*.o +*.d +*dyn_list +*.lds +*.elf +*.map +*.dmp +*.ta \ No newline at end of file diff --git a/README.md b/README.md index 169ccf1..ce80831 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,7 @@ The following script will generate all necessary key-pairs : ### Build Several ARMv8 binaries are needed : - the client program +- the trusted application (TA) Then please execute the following script : ```bash diff --git a/build_programs.sh b/build_programs.sh index 6f36bf2..dab89b5 100755 --- a/build_programs.sh +++ b/build_programs.sh @@ -1,8 +1,10 @@ #!/bin/bash DEMO_DIR=$(pwd) -CXX=$DEMO_DIR/optee-qemuv8/toolchains/aarch64/bin/aarch64-linux-gnu-g++ +OPTEE_QEMU=$DEMO_DIR/optee-qemuv8 +CXX=$OPTEE_QEMU/toolchains/aarch64/bin/aarch64-linux-gnu-g++ BORINGSSL=$DEMO_DIR/boringssl + # Build client binary echo Building client... cd client @@ -13,7 +15,16 @@ $CXX -o client *.cc -Wall \ cd .. +# Build Trusted App. +echo Building TA... +cd ta +make \ + CROSS_COMPILE=$OPTEE_QEMU/toolchains/aarch64/bin/aarch64-linux-gnu- \ + BINARY=a3a8cd17-4156-41f5-8a66-fe2643a1c93e \ + -f $OPTEE_QEMU/optee_os/out/arm/export-ta_arm64/mk/ta_dev_kit.mk + +cd .. diff --git a/ta/TLS_signature.c b/ta/TLS_signature.c new file mode 100644 index 0000000..c762748 --- /dev/null +++ b/ta/TLS_signature.c @@ -0,0 +1,84 @@ +#include +#include +#include +#include +#include + +/* + * Called when the instance of the TA is created. This is the first call in the + * TA. + */ +TEE_Result TA_CreateEntryPoint(void) { + DMSG("has been called"); + return TEE_SUCCESS; +} + +/* + * Called when the instance of the TA is destroyed if the TA has not + * crashed or panicked. This is the last call in the TA. + */ +void TA_DestroyEntryPoint(void) { DMSG("has been called"); } + +/* + * Called when a new session is opened to the TA. *sess_ctx can be updated + * with a value to be able to identify this session in subsequent calls to the + * TA. In this function you will normally do the global initialization for the + * TA. + */ +TEE_Result TA_OpenSessionEntryPoint(uint32_t __unused param_types, + TEE_Param __maybe_unused params[4], + void __maybe_unused **sess_ctx) { + DMSG("has been called"); + return TEE_SUCCESS; +} + +/* + * Called when a session is closed, sess_ctx hold the value that was + * assigned by TA_OpenSessionEntryPoint(). + */ +void TA_CloseSessionEntryPoint(void __maybe_unused *sess_ctx) { + DMSG("has been called"); +} + +// Puts the key to the storage +static TEE_Result install_key(uint32_t param_types, TEE_Param params[4]) { + return TEE_SUCCESS; +} + +// Checks if key exists in the storage +static TEE_Result has_key(uint32_t param_types, TEE_Param params[4]) { + return TEE_SUCCESS; +} + +// Performs key deletion from the secure storage +static TEE_Result del_key(uint32_t param_types, TEE_Param params[4]) { + return TEE_SUCCESS; +} + +// Performs RSA signing with a key from secure storage +static TEE_Result sign_rsa(uint32_t param_types, TEE_Param params[4]) { + return TEE_SUCCESS; +} + +/* + * Called when a TA is invoked. sess_ctx hold that value that was + * assigned by TA_OpenSessionEntryPoint(). The rest of the paramters + * comes from normal world. + */ +TEE_Result TA_InvokeCommandEntryPoint(void __maybe_unused *sess_ctx, + uint32_t cmd_id, uint32_t param_types, + TEE_Param params[4]) { + (void)&sess_ctx; /* Unused parameter */ + switch (cmd_id) { + case TA_INSTALL_KEYS: + return install_key(param_types, params); + case TA_HAS_KEYS: + return has_key(param_types, params); + case TA_DEL_KEYS: + return del_key(param_types, params); + case TA_SIGN_RSA: + return sign_rsa(param_types, params); + default: + return TEE_ERROR_BAD_PARAMETERS; + } +} diff --git a/ta/sub.mk b/ta/sub.mk new file mode 100644 index 0000000..267b61f --- /dev/null +++ b/ta/sub.mk @@ -0,0 +1,5 @@ +# global-incdirs-y += include +srcs-y += TLS_signature.c + +# To remove a certain compiler flag, add a line like this +#cflags-template_ta.c-y += -Wno-strict-prototypes \ No newline at end of file diff --git a/ta/user_ta_header_defines.h b/ta/user_ta_header_defines.h new file mode 100644 index 0000000..51b9e1e --- /dev/null +++ b/ta/user_ta_header_defines.h @@ -0,0 +1,43 @@ +/* + * The name of this file must not be modified + */ + +#ifndef USER_TA_HEADER_DEFINES_H +#define USER_TA_HEADER_DEFINES_H +#include + +/* TA UUID*/ +#define TA_UUID \ + { \ + 0xa3a8cd17, 0x4156, 0x41f5, { \ + 0x8a, 0x66, 0xfe, 0x26, 0x43, 0xa1, 0xc9, 0x3e \ + } \ + } + +/* The function IDs implemented in this TA */ +#define TA_INSTALL_KEYS 0 +#define TA_HAS_KEYS 1 +#define TA_DEL_KEYS 2 +#define TA_SIGN_RSA 4 + +/* + * TA properties: multi-instance TA, no specific attribute + * TA_FLAG_EXEC_DDR is meaningless but mandated. + */ +#define TA_FLAGS TA_FLAG_EXEC_DDR + +/* Provisioned stack size */ +#define TA_STACK_SIZE (64 * 1024) + +/* Provisioned heap size for TEE_Malloc() and friends */ +#define TA_DATA_SIZE (64 * 1024) + +/* Extra properties (give a version id and a string name) */ +#define TA_CURRENT_TA_EXT_PROPERTIES \ + {"gp.ta.description", USER_TA_PROP_TYPE_STRING, \ + "TLS client private key signature"}, \ + { \ + "gp.ta.version", USER_TA_PROP_TYPE_U32, &(const uint32_t) { 0x0010 } \ + } + +#endif /* USER_TA_HEADER_DEFINES_H */