• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2022 Huawei Technologies Co., Ltd.
3  * Licensed under the Mulan PSL v2.
4  * You can use this software according to the terms and conditions of the Mulan PSL v2.
5  * You may obtain a copy of Mulan PSL v2 at:
6  *     http://license.coscl.org.cn/MulanPSL2
7  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
8  * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
9  * PURPOSE.
10  * See the Mulan PSL v2 for more details.
11  */
12 #ifndef __TEE_SFS_H
13 #define __TEE_SFS_H
14 
15 #include "tee_defines.h"
16 #include <crypto_driver_adaptor.h>
17 #include "sfs_internal.h"
18 
19 /* Macros for access() */
20 #define R_OK 4 /* Read */
21 #define W_OK 2 /* Write */
22 #define F_OK 0 /* Existence */
23 
24 #define CRYPT_KEY_SIZE      32 /* file's crypt key size, now it's AES-256 */
25 #define AES_XTS_SINGLE_UNIT 1024
26 #define IDENTIFY_SIZE       16 /* TA info, now it's UUID */
27 
28 /* WARNING: once more definitions for `CRYPT_BLOCK_SIZE', SHOULD update `BLOCK_SIZE' */
29 #define CRYPT_BLOCK_SIZE         64   /* crypt block size */
30 #define CRYPT_BLOCK_SIZE_ENHANCE 512  /* increase crypto blocksize to enhance the perf */
31 #define CRYPT_BLOCK_SIZE_V3      3072 /* increase crypto blocksize to enhance the perf */
32 /* WARNING: once more definitions for `CRYPT_BLOCK_SIZE', SHOULD update `BLOCK_SIZE' */
33 #define LAST_SIZE       4
34 #define HASH_FILE_MAGIC 'h'
35 #define HASH_VERIFY_LEN (2 * HASH_LEN)
36 /* DIR_LEN is for mutiple sec storage partition and dir,e.g. sec_storage/dirA/file1.txt */
37 #define BLOCK_SIZE (CRYPT_BLOCK_SIZE_V3) /* read or write block */
38 
39 #define SFS_STORAGE_MAGIC_LO 0xfd48d1ef
40 #define SFS_STORAGE_MAGIC_HI 0x827d9a7b
41 #define DATAHMAC_HASH_SIZE   8
42 enum SFS_ARCH_VERSION {
43     SFS_ARCH_VERSION_INVALID = 0,
44     SFS_ARCH_VERSION_ECB,
45     SFS_ARCH_VERSION_AES_CBC, /* AES mode to CBC */
46     SFS_ARCH_VERSION_PO,      /* Performance Optimization */
47     SFS_ARCH_VERSION_SSA,     /* SSAgent */
48     SFS_ARCH_ITEM_NOT_FOUND = 0x10000,
49     SFS_ARCH_VERSION_MAX,
50 };
51 
52 #define META_STORATE_MAGIC_VERSION 0x5A5A0001
53 
54 enum SFS_DATA_ENCRYPTO_METHOD {
55     SFS_DATA_ENCRYPTO_XTS  = 0,
56     SFS_DATA_ENCRYPTO_METHOD_MAX,
57 };
58 #define U64_RESERVED_NUM  2
59 /*
60  * we ever need to modify structure of secure storage data we have to increase  arch_version
61  * so a new version of secure storage SW can use it to define if the structure of s-storage is
62  * new or old one and read it a correct way.
63  */
64 #ifdef CONFIG_THIRD_STORAGE_SUPPORT
65 typedef struct {
66     uint32_t magic_lo;
67     uint32_t magic_hi;
68     uint32_t arch_version; /* architecture version of storage, current version = 1 */
69     uint32_t last_block_realsize;
70     uint32_t magic_version;          /* META_STORATE_MAGIC_VERSION */
71     uint32_t first_iv;
72     uint32_t fname_datahmac_hash[DATAHMAC_HASH_SIZE];
73     uint32_t encrypto_meth;          /* 0 xts, etc */
74     uint32_t reserved[1]; /* aligned to 64 bytes */
75 } meta_storage_header_t;
76 #else
77 typedef struct {
78     uint32_t magic_lo;
79     uint32_t magic_hi;
80     uint32_t arch_version; /* architecture version of storage, current version = 1 */
81     uint32_t last_block_realsize;
82     uint32_t magic_version;          /* META_STORATE_MAGIC_VERSION */
83     uint32_t fname_datahmac_hash[DATAHMAC_HASH_SIZE];
84     uint32_t encrypto_meth;          /* 0 xts, etc */
85     uint32_t reserved[U64_RESERVED_NUM]; /* aligned to 64 bytes */
86 } meta_storage_header_t;
87 #endif
88 
89 typedef struct {
90     meta_storage_header_t hdr;
91     uint8_t meta_hmac[HASH_VERIFY_LEN];
92     uint8_t data_hmac[HASH_VERIFY_LEN];
93 } meta_storage_t;
94 
95 #define STR_FOR_EMPTY_FILE_HASH "appname"
96 #define _offsetof(TYPE, MEMBER) ((size_t) & ((TYPE *)0)->MEMBER)
97 
98 #define GET_ALIGNED_SIZE_UP(x, align)   (((x) + (align)-1) / (align) * (align))
99 #define GET_ALIGNED_SIZE_DOWN(x, align) ((x) / (align) * (align))
100 
101 #define SFS_METADATA_SIZE   (sizeof(meta_storage_t))
102 #define SFS_METAHMAC_OFFSET (_offsetof(meta_storage_t, meta_hmac))
103 #define SFS_DATAHMAC_OFFSET (_offsetof(meta_storage_t, data_hmac))
104 
105 #define SFS_BACKUP_FILE_SUFFIX ".bk"
106 
107 #define SFS_START_BLOCKID 0
108 
109 #define TA_KEY_COMPOSED_OF_TWO_16BYTES_KEYS 0 /* Derive TA root key by combining two 16-bytes keys */
110 
111 struct block_info_t {
112     uint8_t hash[HASH_LEN];
113     uint32_t block_id;
114     uint32_t reserved;
115     struct block_info_t *next;
116 };
117 
118 struct sfd_t {
119     int32_t nfd; /* Nonsecure file handler */
120     uint32_t crypto_block_size;
121     uint32_t start_block_id;
122     uint32_t flags;
123     uint32_t seek_position;
124     uint32_t size; /* dataSize. */
125     uint32_t last_block_size;
126     uint32_t attr_size;
127     /*
128      * `update_backup' show whether update backup file or not in s_fclose.
129      * true: creating file succeed, or,
130      *       the last calling s_fwrite succeed.
131      * false: opening file succeed without s_fwrite, or,
132      *       the last calling s_fwrite fail.
133      */
134     bool update_backup;
135     bool opened_orig; /* true:origal, false:backup */
136     bool need_update_hmac;
137 #ifdef CONFIG_THIRD_STORAGE_SUPPORT
138     uint32_t first_iv;
139 #endif
140     meta_data_t *meta_data;
141     struct block_info_t *first_block;
142     uint32_t data_encmeth; /* add the data encrypto method , 0 xts, etc */
143 };
144 
145 struct key_info_t {
146     uint8_t *key;
147     uint32_t key_len;
148 };
149 
150 struct ssa_rw_info {
151     int8_t end_flag;
152     int8_t start_flag;
153     uint32_t start_pos;
154     uint32_t start_offset;
155     uint32_t end_pos;
156     uint32_t end_offset;
157     uint32_t cur_pos;
158     uint8_t *crypto_buff;
159     uint32_t crypto_blocksize;
160     uint8_t *trans_buff;
161     uint32_t trans_size;
162 };
163 
164 struct ssa_rw_count_process {
165     uint32_t send_count;
166     uint32_t copy_count;
167     uint32_t actual_count;
168     uint32_t add_count;
169     uint32_t read_count;
170 };
171 
172 struct sfd_t *ssa_create(meta_data_t *meta, uint32_t flag, TEE_Result *error);
173 
174 struct sfd_t *ssa_open(meta_data_t *meta, uint32_t flag, TEE_Result *error);
175 
176 uint32_t ssa_read(uint8_t *out_buf, uint32_t count, struct sfd_t *sfd, TEE_Result *error);
177 
178 uint32_t ssa_write(const uint8_t *content, uint32_t count, struct sfd_t *sfd, TEE_Result *error);
179 
180 TEE_Result ssa_close(struct sfd_t *sfd);
181 
182 TEE_Result ssa_close_and_delete(struct sfd_t *sfd, bool is_delete);
183 
184 TEE_Result ssa_rename(struct sfd_t *sfd, const uint8_t *new_obj_id, uint32_t new_obj_len);
185 
186 TEE_Result ssa_sync(const struct sfd_t *sfd);
187 
188 TEE_Result ssa_seek(struct sfd_t *sfd, int32_t offset, uint32_t whence);
189 
190 TEE_Result ssa_info(struct sfd_t *sfd, uint32_t *pos, uint32_t *len);
191 
192 TEE_Result ssa_truncate(struct sfd_t *sfd, uint32_t len);
193 
194 TEE_Result get_hname(const char *src, int32_t length, char *dest, uint32_t dest_len, meta_data_t *meta);
195 
196 TEE_Result ssa_write_mac(struct sfd_t *sfd);
197 void create_object(const struct create_obj_msg_t *create_obj, uint32_t sndr, const TEE_UUID *uuid,
198                    struct sfd_t **sfd, uint32_t *obj, TEE_Result *error);
199 void open_object(struct open_obj_msg_t *open_obj, const TEE_UUID *uuid, uint32_t sndr, struct ssa_agent_rsp *rsp);
200 TEE_Result calculate_master_hmac(struct sfd_t *sfd, uint8_t *hmac_buf, uint32_t *buf_size);
201 void str_tran(const unsigned char *sha_buff, uint32_t buff_len, char *dest, uint32_t dest_len);
202 TEE_Result calc_filename_datahmac_hash(meta_storage_t *sfs_meta, const struct sfd_t *sfd);
203 TEE_Result calculate_hmac(const uint8_t *src, uint32_t src_len, uint8_t *dest,
204                           uint32_t dest_len, const struct sfd_t *sfd);
205 TEE_Result aes_xts_crypto(uint32_t mode, const struct sfd_t *sfd, const struct memref_t *tweak,
206                           const struct memref_t *data_in, struct memref_t *data_out);
207 TEE_Result fill_file_hole(struct sfd_t *sfd, uint32_t start_offset, uint32_t size);
208 TEE_Result calculate_block_hash(uint8_t *sha_buff, uint32_t sha_size, const uint8_t *data, uint32_t data_size);
209 TEE_Result get_spec_errno(TEE_Result ret_default);
210 TEE_Result calc_hmac256(struct key_info_t *key_info, const uint8_t *src, int32_t length,
211                         uint8_t *dest, uint32_t *dest_len);
212 TEE_Result cmd_hash(const uint8_t *src_data, uint32_t src_len, uint8_t *dest_data, size_t dest_len);
213 uint32_t create_file_instance_to_client(uint32_t sender, struct sfd_t *sfd);
214 TEE_Result aes_cbc_crypto(uint32_t mode, uint8_t *key_value, uint32_t key_size, const uint8_t *iv,
215     uint32_t iv_size, const uint8_t *data_in, uint32_t data_in_size, uint8_t *data_out);
216 void ssa_removefile(const uint8_t *filename, const char *file_desc, uint32_t storage_id);
217 int32_t get_hmac_from_meta_data(struct sfd_t *sfd, uint8_t *hmac_buff, uint32_t hmac_buff_len);
218 TEE_Result do_rename(struct sfd_t *sfd, meta_data_t *new_meta_data);
219 TEE_Result encrypt_blocks_with_cbc(const uint8_t *src, uint32_t len, uint8_t *dst, const struct sfd_t *sfd,
220                                    uint32_t mode);
221 TEE_Result encrypt_blocks_with_xts(const uint8_t *src, uint32_t len, uint8_t *dst, const struct sfd_t *sfd,
222                                    uint32_t mode);
223 #endif
224