1 /* 2 * Copyright (C) 2022 Huawei Technologies Co., Ltd. 3 * Licensed under the Mulan PSL v2. 4 * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 * You may obtain a copy of Mulan PSL v2 at: 6 * http://license.coscl.org.cn/MulanPSL2 7 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 * PURPOSE. 10 * See the Mulan PSL v2 for more details. 11 */ 12 #ifndef TEE_SFS_INTERNAL_H 13 #define TEE_SFS_INTERNAL_H 14 15 #include <tee_defines.h> 16 #include "tee_ss_agent_api.h" 17 18 #define HMAC_HASH_FUNC SHA256_HASH 19 #define HMAC_LEN 32 /* Bytes */ 20 #define HASH_LEN 32 /* Bytes */ 21 #define HASH_VERIFY_LEN (2 * HASH_LEN) 22 #define KEYSALT_LEN 16 /* Bytes */ 23 #define AES_BLOCK_SIZE 16 /* Bytes */ 24 #define AES256_KEY_LEN 32 /* Bytes */ 25 #define AES_KEY_LEN AES256_KEY_LEN 26 #define TA_ROOT_KEY_LEN 32 /* Bytes */ 27 #define MAX_ATTRIBUTES_SIZE 1024 /* Bytes */ 28 #define CRYPT_KEY_SIZE 32 /* Bytes */ 29 30 #define FILE_ID_SIZE HMAC_LEN 31 #define FILE_ID_ASCII_SIZE (FILE_ID_SIZE * 2 + 1) 32 33 /* Following values are used for salting root-key on key-derive. */ 34 #define DERIVE_KEY_SALT_LEN 16 35 36 /* The length of salt string have to be at least 16 */ 37 #define FILEKEY_SALT "0 file key salt." 38 #define MASTER_HMAC_SALT "master hmacsalt." 39 #define ENCRYPTION1_SALT "1 aes xti1 salt." 40 #define ENCRYPTION2_SALT "2 AES XTI2 Salt." 41 #define FILE_NAME_SALT "3 FileName salt." 42 43 #define TA_ROOTKEY_SIZE 32 44 45 #define FILE_DIR_FLAG "/" 46 #define CUR_FILE_DIR_FLAG "./" 47 #define USERID0_DIR_FLAG "0/" 48 #define MULTI_USERID 10 49 50 #define MAX_CLIENT_OPEN_FILES 24 /* maximum simultaneous open files on private storage per client */ 51 #define MAX_PRIVATE_OPEN_FILES 64 /* maximum simultaneous open files fon shared storage */ 52 53 __attribute__((weak)) uint32_t g_ssagent_handle; 54 55 /* file specific data */ 56 typedef struct { 57 struct sfd_t *sfd; /* pointer to secure file descriptor */ 58 int32_t link_count; /* how many instances uses this file */ 59 bool first_opened; 60 } file_link_t; 61 62 /* file instance specific data */ 63 typedef struct { 64 uint32_t seek_position; /* each file instance has own seek position */ 65 file_link_t *file_link; 66 } file_instance_t; 67 68 /* Client (TA) data. */ 69 typedef struct { 70 TEE_UUID uuid; 71 uint32_t task_id; 72 uint32_t user_id; 73 char dead; /* mark this client is to be unregister */ 74 bool ssa_enum_enable; 75 file_instance_t file_instance[MAX_CLIENT_OPEN_FILES]; 76 } client_t; 77 78 /* The architecture version is required in each stored data structures. 79 * Sooner or later there may be requirement to modify these structures. 80 * It is very easy to make system to backward compatible is any stored 81 * data structures has version information. 82 */ 83 typedef struct { 84 uint32_t arch_version; /* Architecture version */ 85 uint32_t storage_id; 86 uint32_t attributes_size; 87 uint32_t crypto_block_size; 88 uint8_t *file_id; 89 uint32_t file_id_len; 90 uint8_t *cur_encrypted_file_id; 91 uint8_t *cur_backup_file_id; 92 uint8_t *encrypted_file_id; 93 uint8_t *backup_file_id; 94 uint8_t ta_root_key[TA_ROOTKEY_SIZE]; 95 uint8_t file_key[CRYPT_KEY_SIZE]; 96 uint8_t xts_key1[CRYPT_KEY_SIZE]; 97 uint8_t xts_key2[CRYPT_KEY_SIZE]; 98 uint8_t hmac_key[CRYPT_KEY_SIZE]; 99 uint8_t file_id_key[CRYPT_KEY_SIZE]; 100 uint8_t master_hmac[HASH_VERIFY_LEN]; 101 TEE_UUID uuid; 102 uint8_t *joint_file_id; 103 } meta_data_t; 104 105 typedef void (*ssa_cmd_process)(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp); 106 typedef struct { 107 uint32_t cmd; 108 uint32_t need_ack; 109 uint32_t is_file_oper; 110 uint32_t is_file_modify; 111 ssa_cmd_process fn; 112 } ssa_cmd_t; 113 114 enum SS_AGENT_CMD_OPER_TYPE { 115 FILE_OPERATION = 1, 116 NOT_FILE_OPERATION = 2, 117 FILE_MODIFY = 3, 118 NOT_FILE_MODIFY = 4, 119 }; 120 121 typedef struct { 122 uintptr_t vm_addr; 123 uint32_t size; 124 bool mapped; 125 } mem_map_info_t; 126 127 #ifndef FILE_NAME_MAX_BUF 128 #define FILE_NAME_MAX_BUF 256 129 #endif 130 131 meta_data_t *create_meta_data(const uint8_t *obj_id, uint32_t obj_id_len, uint32_t storage_id, uint32_t flags, 132 const TEE_UUID *uuid, TEE_Result *error, uint32_t arch_version); 133 void free_meta_data(meta_data_t **ppmeta); 134 void set_meta_data_verion(meta_data_t *meta_data, uint32_t arch_version); 135 void ssa_create_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp); 136 void ssa_open_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp); 137 void ssa_write_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp); 138 void ssa_read_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp); 139 void ssa_seek_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp); 140 void ssa_truncate_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp); 141 void ssa_rename_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp); 142 void ssa_info_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp); 143 void ssa_close_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp); 144 void ssa_close_and_delete_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp); 145 uint32_t get_ree_user_id(); 146 void ssa_get_object_attr(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp); 147 void ssa_sync_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp); 148 void ssa_register_agent(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp); 149 void ssa_file_process_abort(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp); 150 ssa_cmd_t *ssa_find_cmd(uint32_t cmd); 151 bool TA_access_check(uint32_t sndr, const TEE_UUID *uuidArry, uint32_t count); 152 TEE_UUID *get_sender_uuid(uint32_t sender); 153 int ssa_map_from_task(uint32_t in_task_id, uint64_t va_addr, uint32_t size, uint32_t out_task_id, uintptr_t *vm_addr); 154 void ssa_unmap_from_task(uint32_t task_id, uintptr_t va_addr, uint32_t size, bool mapped); 155 void close_file_from_client(uint32_t sender, uint32_t obj); 156 TEE_Result delete_file(uint32_t sender, uint32_t obj); 157 int32_t get_file_path(uint32_t storage_id, const char *uuid_hmac, uint32_t uuid_hmac_len, char *path, 158 uint32_t path_len); 159 TEE_Result get_uuid_hmac(const TEE_UUID *uuid, char *uuid_hmac, uint32_t uuid_hmac_len); 160 void ssa_get_manage_info(const TEE_UUID *uuid, uint32_t *manager); 161 TEE_Result copy_and_check_file_name(const char *obj_id_in, uint32_t in_len, char *obj_id, uint32_t obj_len); 162 file_instance_t *get_file_pointer(uint32_t sender, int32_t obj); 163 client_t *get_sender_client(uint32_t sender); 164 bool is_enum_enable(const TEE_UUID *uuid); 165 bool check_shared_access(const struct sfd_t *sfd, uint32_t flags); 166 uint32_t open_file(meta_data_t *meta, uint32_t sndr, uint32_t flags, struct sfd_t **sfd, TEE_Result *error); 167 void init_global_param(void); 168 int32_t file_name_transfer(meta_data_t *meta, char *hash_name, uint32_t hash_name_len, bool is_file_hash); 169 void reset_meta(meta_data_t *meta); 170 #endif 171