1 /* 2 * Copyright (c) 2020 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef _TEE_CLIENT_API_H_ 17 #define _TEE_CLIENT_API_H_ 18 19 #include <string.h> 20 #include "tee_client_type.h" 21 22 #ifdef __cplusplus 23 extern "C" { 24 #endif 25 26 #define S_VAR_NOT_USED(variable) do { (void)(variable); } while (0) 27 28 /** 29 * @ingroup TEEC_BASIC_FUNC 30 * Calculate the values of the transfer parameters between REE and TEE 31 */ 32 #define TEEC_PARAM_TYPES(param0Type, param1Type, param2Type, param3Type) \ 33 ((param3Type) << 12 | (param2Type) << 8 | (param1Type) << 4 | (param0Type)) 34 35 /** 36 * @ingroup TEEC_BASIC_FUNC 37 * Get the index value in parmaTypes 38 */ 39 #define TEEC_PARAM_TYPE_GET(paramTypes, index) \ 40 (((paramTypes) >> (4 * (index))) & 0x0F) 41 42 /** 43 * @ingroup TEEC_BASIC_FUNC 44 * When the parameter type is #teec_value, if the member variable a or b is not assigned, 45 * you need to assign this value to it, indicates that this member variable is not used. 46 */ 47 #define TEEC_VALUE_UNDEF 0xFFFFFFFF 48 49 /** 50 * @ingroup TEEC_VERSION 51 * TEEC version number 1.0 : TrustedCore1.xx version 52 */ 53 #define TEEC_VERSION (100) 54 55 56 /** 57 * @ingroup TEEC_BASIC_FUNC 58 * Debug interface, it is valid when the macro TEEC_DEBUG is defined 59 */ 60 #ifdef TEEC_DEBUG 61 #define TEEC_Debug(fmt, args...) printf("%s: " fmt, __func__, ## args); 62 #else 63 #define TEEC_Debug(fmt, args...) 64 #endif 65 66 /** 67 * @ingroup TEEC_BASIC_FUNC 68 * Debug interface,API print error message 69 */ 70 #define TEEC_Error(fmt, args...) printf("%s: " fmt, __func__, ## args); 71 72 /** 73 * @ingroup TEEC_BASIC_FUNC 74 * @brief Initialize the TEE context 75 * 76 * @par Description 77 * Initialize the TEE context whose path is 'name'. The 'name' parameter can be left empty, 78 * TEE initialization is the basis for opening a session and sending a command, 79 * after the initialization is successful, a connection is set up between the CA and the TEE. 80 * 81 * @param name [IN] Tee context path 82 * @param context [IN/OUT] Context pointer,secure world environment handle 83 * 84 * @retval #TEEC_SUCCESS TEE context is successfully initialized 85 * @retval #TEEC_ERROR_BAD_PARAMETERS Parameter is incorrect, name is incorrect or context is empty 86 * @retval #TEEC_ERROR_GENERIC System resources are insufficient 87 * 88 * @par Dependency 89 * @li libteec: library 90 * @li tee_client_api.h: header file 91 * @see TEEC_FinalizeContext 92 */ 93 TEEC_Result TEEC_InitializeContext( 94 const char *name, 95 TEEC_Context *context); 96 97 /** 98 * @ingroup TEEC_BASIC_FUNC 99 * @brief Close tee context 100 * 101 * @par Description 102 * Close the TEE context to which the 'context' points, and disconnect the client application from the TEE environment. 103 * 104 * @param context [IN/OUT] The TEE context that has been successfully initialized 105 * 106 * @par Dependency 107 * @li libteec: library 108 * @li tee_client_api.h: header file 109 * @see TEEC_InitializeContext 110 */ 111 void TEEC_FinalizeContext( 112 TEEC_Context *context); 113 114 /* 115 * @ingroup TEEC_BASIC_FUNC 116 * @brief Open session 117 * 118 * @par Description 119 * Create a session which is from CA to the 'destination' UUID TA, 120 * the connection method is 'connectionMethod', and the connection data is 'connectionData', 121 * The transferred data is contained in the 'opetation'. 122 * After a session is opened successfully, the output parameter 'session' is a description of the connection. 123 * If the session fails to be opened, 'returnOrigin' is the error source. 124 * 125 * @param context [IN/OUT] The TEE context that has been successfully initialized 126 * @param session [OUT] Point to the session, the value cannot be empty. 127 * @param destination [IN] UUID of a security service, a security service has a unique UUID. 128 * @param connectionMethod [IN] Connection mode. The value range is #TEEC_LoginMethod. 129 * @param connectionData [IN] Connection data corresponding to the link mode 130 * If connection mode is #TEEC_LOGIN_PUBLIC, #TEEC_LOGIN_USE, 131 * #TEEC_LOGIN_USER_APPLICATION, #TEEC_LOGIN_GROUP_APPLICATION, connection data must be empty. 132 * If connection mode is #TEEC_LOGIN_GROUP、#TEEC_LOGIN_GROUP_APPLICATION, 133 * the connection data must point to data of type uint32_t, 134 * which represents the user group that the client application expects to connect to. 135 * @param operation [IN/OUT] Data transferred between CAs and TAs 136 * @param returnOrigin [IN/OUT] Error source. The value range is #TEEC_ReturnCodeOrigin. 137 * 138 * @retval #TEEC_SUCCESS Open successfully. 139 * @retval #TEEC_ERROR_BAD_PARAMETERS The parameter is incorrect. 140 * @retval #TEEC_ERROR_ACCESS_DENIED Failed to access the system call permission. 141 * @retval #TEEC_ERROR_OUT_OF_MEMORY Insufficient system resources. 142 * @retval #TEEC_ERROR_TRUSTED_APP_LOAD_ERROR Failed to load the security service. 143 * @retval Other return values, see. #TEEC_ReturnCode 144 145 * @par Dependency 146 * @li libteec: library 147 * @li tee_client_api.h: header file 148 * @see TEEC_CloseSession 149 */ 150 TEEC_Result TEEC_OpenSession( 151 TEEC_Context *context, 152 TEEC_Session *session, 153 const TEEC_UUID *destination, 154 uint32_t connectionMethod, 155 const void *connectionData, 156 TEEC_Operation *operation, 157 uint32_t *returnOrigin); 158 159 /** 160 * @ingroup TEEC_BASIC_FUNC 161 * @brief Close session 162 * 163 * @par Description 164 * Close the session to which the session points, and disconnect the client application from the security service. 165 * 166 * @param session [IN/OUT] Point to a session that has been opened successfully 167 168 * @par Dependency 169 * @li libteec: library 170 * @li tee_client_api.h: header file 171 * @see TEEC_OpenSession 172 */ 173 void TEEC_CloseSession( 174 TEEC_Session *session); 175 176 /** 177 * @ingroup TEEC_BASIC_FUNC 178 * @brief Send a command. 179 * 180 * @par Description 181 * In a specified 'session', the CA sends the 'commandID' command to the TA. 182 * The sent data is 'operation'. 183 * If the command fails to be sent, the 'returnOrigin' indicate the error source. 184 * 185 * @param session [IN/OUT] Point to a session that has been successfully opened 186 * @param commandID [IN] Command ID supported by the security service, which is defined by the security service. 187 * @param operation [IN/OUT] Contain the data sent from the CA to the TA. 188 * @param returnOrigin [IN/OUT] Error source. The value range is #TEEC_ReturnCodeOrigin. 189 * 190 * @retval #TEEC_SUCCESS Command sent successfully. 191 * @retval #TEEC_ERROR_BAD_PARAMETERS The parameter is incorrect, 192 * the session parameter is empty or the operation parameter is in an incorrect format. 193 * @retval #TEEC_ERROR_ACCESS_DENIED Failed to access the system call permission. 194 * @retval #TEEC_ERROR_OUT_OF_MEMORY Insufficient system resources. 195 * @retval other return values, see. #TEEC_ReturnCode 196 * 197 * @par Dependency 198 * @li libteec: library 199 * @li tee_client_api.h: header file 200 */ 201 TEEC_Result TEEC_InvokeCommand( 202 TEEC_Session *session, 203 uint32_t commandID, 204 TEEC_Operation *operation, 205 uint32_t *returnOrigin); 206 207 /** 208 * @ingroup TEEC_BASIC_FUNC 209 * @brief Register the Shared Memory 210 * 211 * @par Description 212 * Registers the shared memory 'sharedMem' in the specified TEE 'context', 213 * the operating system needs to support zero copy to obtain the shared memory through registration, 214 * in the current implementation, zero copy cannot be implemented in this mode. 215 * 216 * @attention If the size field of the input parameter 'sharedMem' is set to 0, 217 * the function returns a success message, but this Shared memory field cannot be used, 218 * because this memory has no size 219 * @param context [IN/OUT] TEE context that has been successfully initialized 220 * @param sharedMem [IN/OUT] Pointer to the shared memory, the memory cannot be null or 0. 221 * 222 * @retval #TEEC_SUCCESS Command sent successfully. 223 * @retval #TEEC_ERROR_BAD_PARAMETERS The parameter is incorrect. The context or sharedMem parameter is empty, 224 * or the memory to which the shared memory points is empty. 225 * 226 * @par Dependency 227 * @li libteec: library 228 * @li tee_client_api.h: header file 229 * @see TEEC_AllocateSharedMemory 230 */ 231 TEEC_Result TEEC_RegisterSharedMemory( 232 TEEC_Context *context, 233 TEEC_SharedMemory *sharedMem); 234 235 /** 236 * @ingroup TEEC_BASIC_FUNC 237 * @brief Apply for Shared Memory 238 * 239 * @par Description 240 * Apply for the shared memory 'sharedMem' in the specified TEE 'context', 241 * the shared memory can implement zero copy when data is transferred 242 * between the non-secure world and the secure world. 243 * 244 * @attention If the size field of the input parameter 'sharedMem' is set to 0, 245 * the function returns a success message, but this shared memory cannot be used, 246 * because this memory has neither address nor size. 247 * @param context [IN/OUT] TEE environment that has been successfully initialized 248 * @param sharedMem [IN/OUT] Point to the shared memory. The size of the shared memory cannot be 0. 249 * 250 * @retval #TEEC_SUCCESS Command sent successfully. 251 * @retval #TEEC_ERROR_BAD_PARAMETERS The parameter is incorrect. The context or sharedMem parameter is empty. 252 * @retval #TEEC_ERROR_OUT_OF_MEMORY Allocation failed due to insufficient system resources. 253 * 254 * @par Dependency 255 * @li libteec: library 256 * @li tee_client_api.h: header file 257 * @see TEEC_RegisterSharedMemory 258 */ 259 TEEC_Result TEEC_AllocateSharedMemory( 260 TEEC_Context *context, 261 TEEC_SharedMemory *sharedMem); 262 263 /** 264 * @ingroup TEEC_BASIC_FUNC 265 * @brief Release the shared memory. 266 * 267 * @par Description 268 * Releases the shared memory that has been registered or applied for. 269 * 270 * @attention If the shared memory is obtained in #TEEK_AllocateSharedMemory mode, When the memory is released, 271 * the memory is reclaimed. If the #TEEK_RegisterSharedMemory method is used:Obtained shared memory. 272 * The local memory to which the shared memory points is not reclaimed when the shared memory is released. 273 * @param sharedMem [IN/OUT] Pointing to the shared memory that has been registered or applied for successfully 274 * 275 * @par Dependency 276 * @li libteec: library 277 * @li tee_client_api.h: header file 278 * @see TEEC_RegisterSharedMemory | TEEC_AllocateSharedMemory 279 */ 280 void TEEC_ReleaseSharedMemory( 281 TEEC_SharedMemory *sharedMem); 282 283 284 /** 285 * @ingroup TEEC_BASIC_FUNC 286 * @brief cancel API 287 * 288 * @par Description 289 * Cancel a running open session or an invoke command. 290 * Send a cancel signal and return immediately. 291 * 292 * @attention This operation only sends a cancel message, 293 * whether to perform the cancel operation is determined by the TEE or TA. 294 * @param operation [IN/OUT] Contains the data sent from the CA to the TA. 295 * 296 * @par Dependency 297 * @li libteec: library 298 * @li tee_client_api.h: header file 299 */ 300 void TEEC_RequestCancellation(const TEEC_Operation *operation); 301 302 /** 303 * @ingroup TEEC_EXT_FUNC 304 * @brief register agent API 305 * 306 * @par Description 307 * Register the agent (listener) with the REE 308 * 309 * @attention This operation first maps and registers the shared memory (only 4 KB shared memory is supported), 310 * then register the agent. 311 * @param agent_id [IN] Agent_id is the unique identifier for communicating with the TA, 312 * so TA use this agent_id to send a message to the CA 313 * @param dev_fd [OUT] The descriptor for accessing the TEE driver device. 314 * @param buffer [OUT] User-Mode Address Pointing to the Shared Memory 315 * @retval #TEEC_SUCCESS agent regiter success 316 * @retval #TEEC_ERROR_GENERIC generic error 317 * 318 * @par Dependency 319 * @li libteec: library 320 * @li tee_client_api.h: header file 321 */ 322 TEEC_Result TEEC_EXT_RegisterAgent(uint32_t agentId, int *devFd, void **buffer); 323 324 /** 325 * @ingroup TEEC_EXT_FUNC 326 * @brief wait for event from TA 327 * 328 * @par Description 329 * REE agent wait for TEE TA evnet 330 * 331 * @attention This API will be blocked, invoking this API in the newly thread is suggested. 332 * @param agent_id [IN] Agent_id is the unique identifier for communicating with the TA, 333 * so TA use this agent_id to send a message to the CA 334 * @param dev_fd [IN] The descriptor for accessing the TEE driver device. 335 * @retval #TEEC_SUCCESS agent wait for TA message success 336 * @retval #TEEC_ERROR_GENERIC generic error 337 * 338 * @par Dependency 339 * @li libteec: library 340 * @li tee_client_api.h: header file 341 */ 342 TEEC_Result TEEC_EXT_WaitEvent(uint32_t agentId, int devFd); 343 344 /** 345 * @ingroup TEEC_EXT_FUNC 346 * @brief send response to TA 347 * 348 * @par Description 349 * Agent response TA event 350 * 351 * @attention This API will wake up main thread 352 * @param agent_id [IN] Agent_id is the unique identifier for communicating with the TA, 353 * so TA use this agent_id to send a message to the CA 354 * @param dev_fd [IN] The descriptor for accessing the TEE driver device. 355 * @retval #TEEC_SUCCESS Agent response send success 356 * @retval #TEEC_ERROR_GENERIC Generic error 357 * 358 * @par Dependency 359 * @li libteec: library 360 * @li tee_client_api.h: header 361 */ 362 TEEC_Result TEEC_EXT_SendEventResponse(uint32_t agentId, int devFd); 363 364 /** 365 * @ingroup TEEC_EXT_FUNC 366 * @brief unregister agent API 367 * 368 * @par Description 369 * Agent(listener)unregister 370 * 371 * @attention The API instructs the kernel to deregister the agent and release the shared memory. 372 * Therefore, the user-mode pointer cannot be used any more. 373 * @param agent_id [IN] Agent_id is the unique identifier for communicating with the TA, 374 * so TA use this agent_id to send a message to the CA 375 * @param dev_fd [IN] The descriptor for accessing the TEE driver device. 376 * @param buffer [IN] The user-state address that shares memory, and the function returns with a pointer null 377 * @retval #TEEC_SUCCESS Agent unregister success 378 * @retval #TEEC_ERROR_GENERIC Generic error 379 * 380 * @par Dependency 381 * @li libteec: library 382 * @li tee_client_api.h: header 383 */ 384 TEEC_Result TEEC_EXT_UnregisterAgent(uint32_t agentId, int devFd, void **buffer); 385 386 /** 387 * @ingroup TEEC_GetTEEVersion 388 * @brief send response to TA 389 * 390 * @par Description 391 * Ree get tee version 392 * 393 * @par Dependency 394 * @li libteec: library 395 * @li tee_client_api.h: header 396 */ 397 uint32_t TEEC_GetTEEVersion(void); 398 399 /** 400 * Function: TEEC_Send_Secfile 401 * Description: This function sends a secfile to TEE and saves it for use. 402 * Parameters: session: the session to close. 403 * Return: NULL 404 */ 405 TEEC_Result TEEC_SendSecfile(const char *path, TEEC_Session *session); 406 407 #ifdef __cplusplus 408 } 409 #endif 410 411 #endif 412