1 /*
2 * Copyright (C) 2022 Huawei Technologies Co., Ltd.
3 * Licensed under the Mulan PSL v2.
4 * You can use this software according to the terms and conditions of the Mulan PSL v2.
5 * You may obtain a copy of Mulan PSL v2 at:
6 * http://license.coscl.org.cn/MulanPSL2
7 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
8 * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
9 * PURPOSE.
10 * See the Mulan PSL v2 for more details.
11 */
12 #include "tee_defines.h"
13 #include "ta_framework.h"
14 #include "tee_ss_agent_api.h"
15 #include "tee_mem_mgmt_api.h"
16 #include "tee_obj.h"
17 /* #keyserivce start */
18 #include "tee_ext_api.h"
19 /* #keyserivce end */
20 #include "tee_log.h"
21 #include "securec.h"
22 #include "ipclib.h"
23 #include "tee_property_inner.h"
24 #include "tee_obj_attr.h"
25 #include "tee_inner_uuid.h"
26 #include "mem_ops.h"
27 #include <ipclib_hal.h>
28
29 static TEE_UUID g_uuid = TEE_SERVICE_SSA;
30
restore_attr_buff(TEE_Attribute * attr,uint8_t ** buff)31 static TEE_Result restore_attr_buff(TEE_Attribute *attr, uint8_t **buff)
32 {
33 uint32_t attrlen = 0;
34 errno_t rc = memmove_s(&attrlen, sizeof(attrlen), *buff, sizeof(uint32_t));
35 if (rc != EOK)
36 return TEE_ERROR_SECURITY;
37
38 *buff += sizeof(attrlen);
39 attr->content.ref.length = attrlen;
40 attr->content.ref.buffer = TEE_Malloc(attrlen, 0);
41 if (attr->content.ref.buffer == NULL) {
42 tloge("Failed to allocate object attribute buffer\n");
43 return TEE_ERROR_OUT_OF_MEMORY;
44 }
45
46 rc = memmove_s(attr->content.ref.buffer, attr->content.ref.length, *buff, attr->content.ref.length);
47 if (rc != EOK)
48 return TEE_ERROR_SECURITY;
49
50 *buff += attr->content.ref.length;
51 return TEE_SUCCESS;
52 }
53
restore_attr_value(TEE_Attribute * attr,uint8_t ** buff)54 static TEE_Result restore_attr_value(TEE_Attribute *attr, uint8_t **buff)
55 {
56 errno_t rc = memmove_s(&(attr->content.value.a), sizeof(attr->content.value.a), *buff, sizeof(uint32_t));
57 if (rc != EOK)
58 return TEE_ERROR_SECURITY;
59
60 *buff += sizeof(uint32_t);
61 rc = memmove_s(&(attr->content.value.b), sizeof(attr->content.value.b), *buff, sizeof(uint32_t));
62 *buff += sizeof(uint32_t);
63 if (rc != EOK)
64 return TEE_ERROR_SECURITY;
65
66 return TEE_SUCCESS;
67 }
68
69 /* only used in create object */
restore_attrs(TEE_ObjectHandle object,const uint8_t * buff,uint32_t buff_size,uint32_t attr_size,uint32_t attr_count)70 TEE_Result restore_attrs(TEE_ObjectHandle object, const uint8_t *buff, uint32_t buff_size,
71 uint32_t attr_size, uint32_t attr_count)
72 {
73 uint32_t i, j;
74 uint32_t attr_id;
75 TEE_Result ret;
76 bool check = (object == NULL || buff == NULL || object->ObjectInfo == NULL ||
77 attr_count == 0 || attr_count > MAX_ATTR_COUNT_VALUE || buff_size < attr_count * sizeof(uint32_t));
78
79 if (check) {
80 tloge("params invalid\n");
81 return TEE_ERROR_BAD_PARAMETERS;
82 }
83
84 if ((object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_DATA) ||
85 ((object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_DATA_GP1_1)))
86 return TEE_SUCCESS;
87
88 object->Attribute = (TEE_Attribute *)TEE_Malloc(attr_count * sizeof(TEE_Attribute), 0);
89 if ((object->Attribute) == (TEE_Attribute *)NULL) {
90 tloge("Failed to allocate memory for object attribute.\n");
91 return TEE_ERROR_OUT_OF_MEMORY;
92 }
93
94 for (i = 0; i < attr_count; i++) {
95 if (memmove_s(&attr_id, sizeof(uint32_t), buff, sizeof(uint32_t)) != EOK) {
96 ret = TEE_ERROR_SECURITY;
97 goto clean;
98 }
99 buff += sizeof(uint32_t);
100
101 object->Attribute[i].attributeID = attr_id;
102 if (TEE_ATTR_IS_BUFFER(object->Attribute[i].attributeID)) /* buffer attribute */
103 ret = restore_attr_buff(&(object->Attribute[i]), (uint8_t **)&buff);
104 else
105 ret = restore_attr_value(&(object->Attribute[i]), (uint8_t **)&buff);
106
107 if (ret != TEE_SUCCESS)
108 goto clean;
109 }
110
111 object->attributesLen = attr_count;
112
113 return TEE_SUCCESS;
114 clean:
115 for (j = 0; j < i; j++) {
116 if (TEE_ATTR_IS_BUFFER(object->Attribute[i].attributeID)) {
117 if (object->Attribute[j].content.ref.buffer != NULL) {
118 TEE_Free(object->Attribute[j].content.ref.buffer);
119 object->Attribute[j].content.ref.buffer = NULL;
120 }
121 }
122 }
123 TEE_Free(object->Attribute);
124 object->Attribute = NULL;
125
126 (void)attr_size;
127 return ret;
128 }
129
130 /* copy a attribute to buffer *p */
copy_attribute(uint8_t ** p,const TEE_Attribute * attr)131 TEE_Result copy_attribute(uint8_t **p, const TEE_Attribute *attr)
132 {
133 errno_t rc;
134 uint32_t attr_len;
135
136 if ((p == NULL) || (*p == NULL) || (attr == NULL)) {
137 tloge("params invalid\n");
138 return TEE_ERROR_GENERIC;
139 }
140
141 tlogd("attributeID=0x%x\n", attr->attributeID);
142 rc = memmove_s(*p, sizeof(attr->attributeID), &(attr->attributeID), sizeof(attr->attributeID));
143 if (rc != EOK)
144 return TEE_ERROR_SECURITY;
145
146 *p += sizeof(attr->attributeID);
147
148 if (TEE_ATTR_IS_BUFFER(attr->attributeID)) {
149 /* buffer attribute */
150 if (attr->content.ref.buffer == NULL) {
151 tloge("params invalid, buffer attribute is null\n");
152 return TEE_ERROR_GENERIC;
153 }
154
155 attr_len = (uint32_t)attr->content.ref.length;
156 rc = memmove_s(*p, sizeof(attr_len), &attr_len, sizeof(attr_len));
157 if (rc != EOK)
158 return TEE_ERROR_SECURITY;
159 *p += sizeof(attr_len);
160 rc = memmove_s(*p, attr->content.ref.length, attr->content.ref.buffer, attr->content.ref.length);
161 if (rc != EOK)
162 return TEE_ERROR_SECURITY;
163 *p += attr->content.ref.length;
164 } else {
165 rc = memmove_s(*p, sizeof(attr->content.value.a), &(attr->content.value.a), sizeof(attr->content.value.a));
166 if (rc != EOK)
167 return TEE_ERROR_SECURITY;
168 *p += sizeof(attr->content.value.a);
169 rc = memmove_s(*p, sizeof(attr->content.value.b), &(attr->content.value.b), sizeof(attr->content.value.b));
170 if (rc != EOK)
171 return TEE_ERROR_SECURITY;
172 *p += sizeof(attr->content.value.b);
173 }
174
175 return TEE_SUCCESS;
176 }
177
178 #define DOUBLE_SIZE 2
179 /* Calculate size of attributes */
get_attr_buf_size(TEE_ObjectHandle object)180 uint32_t get_attr_buf_size(TEE_ObjectHandle object)
181 {
182 uint32_t i;
183 uint32_t attr_count;
184 uint32_t attr_buf_size = 0;
185 if (object == NULL || (object->ObjectInfo) == NULL || (object->Attribute) == NULL) {
186 tloge("params invalid\n");
187 return (uint32_t)TEE_ERROR_BAD_PARAMETERS;
188 }
189
190 attr_count = get_attr_count_for_object_type(object->ObjectInfo->objectType);
191
192 for (i = 0; i < attr_count; i++) {
193 attr_buf_size += sizeof(uint32_t); /* type */
194 if (TEE_ATTR_IS_BUFFER(object->Attribute[i].attributeID)) { /* buffer attribute */
195 attr_buf_size += (sizeof(uint32_t) + object->Attribute[i].content.ref.length);
196 } else {
197 attr_buf_size += DOUBLE_SIZE * sizeof(uint32_t);
198 tlogd("this is a value attribute\n");
199 }
200 }
201 return attr_buf_size;
202 }
203
get_gtask_and_ssa_handle(uint32_t * global_handle,uint32_t * ss_agent_handle)204 static uint32_t get_gtask_and_ssa_handle(uint32_t *global_handle, uint32_t *ss_agent_handle)
205 {
206 uint32_t global_taskid;
207
208 if (global_handle == NULL || ss_agent_handle == NULL)
209 return OS_ERROR;
210
211 if (ipc_hunt_by_name(GLOBAL_SERVICE_NAME, &global_taskid) != 0) {
212 tloge("Get global_handle handle error\n");
213 return OS_ERROR;
214 }
215 *global_handle = taskid_to_pid(global_taskid);
216
217 if (ipc_hunt_by_name(SSA_SERVICE_NAME, ss_agent_handle) != 0) {
218 tloge("Get ssa handle error\n");
219 return OS_ERROR;
220 }
221 return SRE_OK;
222 }
223
ss_agent_proc_cmd(uint32_t snd_cmd,const union ssa_agent_msg * snd_msg,uint32_t ack_cmd,struct ssa_agent_rsp * rsp_msg)224 void ss_agent_proc_cmd(uint32_t snd_cmd, const union ssa_agent_msg *snd_msg,
225 uint32_t ack_cmd, struct ssa_agent_rsp *rsp_msg)
226 {
227 uint32_t sndr = 0;
228 uint32_t global_handle = 0;
229 uint32_t rcv_cmd = 0;
230 uint32_t i;
231 uint32_t ret;
232 uint8_t *ret_data = NULL;
233 uint32_t ss_agent_handle;
234
235 if (snd_msg == NULL || rsp_msg == NULL)
236 return;
237
238 ret = get_gtask_and_ssa_handle(&global_handle, &ss_agent_handle);
239 if (ret != SRE_OK)
240 return;
241
242 ret = (uint32_t)ipc_msg_snd(snd_cmd, ss_agent_handle, snd_msg, sizeof(union ssa_agent_msg));
243 if (ret != SRE_OK) {
244 tloge("msg snd error %x\n", ret);
245 return;
246 }
247
248 do {
249 ret = (uint32_t)ipc_msg_rcv_a(OS_WAIT_FOREVER, &rcv_cmd, rsp_msg, sizeof(struct ssa_agent_rsp), &sndr);
250 if (ret != SRE_OK) {
251 if (ret == SRE_IPC_NO_CHANNEL_ERR) {
252 rsp_msg->ret = TEE_ERROR_COMMUNICATION;
253 tloge("msg rcv fail to get channel\n");
254 break;
255 }
256 tloge("msg rcv error %x\n", ret);
257 continue;
258 }
259
260 if (ack_cmd != rcv_cmd || (ss_agent_handle != sndr && global_handle != sndr)) {
261 tloge("Recv unexpected msg snd cmd 0x%x, rcv cmd 0x%x, from 0x%x\n", snd_cmd, rcv_cmd, sndr);
262
263 ret_data = (uint8_t *)(rsp_msg);
264 for (i = 0; i < sizeof(struct ssa_agent_rsp); i++)
265 tloge("msg get from sndr 0x%x is ret_data[%u] = 0x%x\n", sndr, i, ret_data[i]);
266
267 continue;
268 }
269
270 break;
271 } while (1);
272 }
273
274 #define ECC_MAX_KEY_SIZE_IN_BYTE 66
275 #define ECC_MAX_KEY_SIZE_IN_BIT 521
276 #define BITS_OF_ONE_BYTE 8
get_object_key_size(TEE_ObjectHandle attributes)277 uint32_t get_object_key_size(TEE_ObjectHandle attributes)
278 {
279 if (attributes == NULL || attributes->ObjectInfo == NULL)
280 return 0;
281
282 uint32_t key_size;
283 uint32_t api_level = tee_get_ta_api_level();
284 #ifndef GP_SUPPORT
285 key_size = attributes->ObjectInfo->maxObjectSize;
286 #else
287 key_size = attributes->ObjectInfo->maxKeySize;
288 #endif
289 if (api_level <= API_LEVEL1_0)
290 return key_size;
291 bool check = (attributes->ObjectInfo->objectType == TEE_TYPE_ECDSA_PUBLIC_KEY ||
292 attributes->ObjectInfo->objectType == TEE_TYPE_ECDSA_KEYPAIR ||
293 attributes->ObjectInfo->objectType == TEE_TYPE_ECDH_PUBLIC_KEY ||
294 attributes->ObjectInfo->objectType == TEE_TYPE_ECDH_KEYPAIR);
295 if (check && (key_size == ECC_MAX_KEY_SIZE_IN_BYTE))
296 return ECC_MAX_KEY_SIZE_IN_BIT;
297 return key_size * BITS_OF_ONE_BYTE;
298 }
299
ssa_agent_init_msg(union ssa_agent_msg * msg,struct ssa_agent_rsp * rsp)300 static void ssa_agent_init_msg(union ssa_agent_msg *msg, struct ssa_agent_rsp *rsp)
301 {
302 (void)memset_s(msg, sizeof(*msg), 0, sizeof(*msg));
303 (void)memset_s(rsp, sizeof(*rsp), 0, sizeof(*rsp));
304 }
305
fill_obj_info(TEE_ObjectHandle obj,uint32_t flags)306 static void fill_obj_info(TEE_ObjectHandle obj, uint32_t flags)
307 {
308 #ifndef GP_SUPPORT
309 obj->ObjectInfo->maxObjectSize = (uint32_t)TEE_DATA_OBJECT_MAX_SIZE;
310 obj->ObjectInfo->objectType = (uint32_t)TEE_TYPE_DATA;
311 obj->ObjectInfo->objectSize = 0;
312
313 #else
314 obj->ObjectInfo->maxKeySize = (uint32_t)TEE_DATA_OBJECT_MAX_SIZE;
315 obj->ObjectInfo->objectType = (uint32_t)TEE_TYPE_DATA_GP1_1;
316 obj->ObjectInfo->keySize = 0;
317 #endif
318 obj->ObjectInfo->dataSize = 0;
319 obj->ObjectInfo->dataPosition = 0;
320 obj->ObjectInfo->objectUsage = (uint32_t)TEE_USAGE_DEFAULT;
321 /* Set initialized flag:For a persistent object, always set */
322 obj->ObjectInfo->handleFlags =
323 ((uint32_t)TEE_HANDLE_FLAG_PERSISTENT) | ((uint32_t)TEE_HANDLE_FLAG_INITIALIZED) | flags;
324 }
325
326
fill_obj_info_to_attr_buf(TEE_ObjectHandle object,uint8_t * attr_buf,uint32_t attr_buf_size,uint32_t attr_count,uint32_t attr_size)327 static TEE_Result fill_obj_info_to_attr_buf(TEE_ObjectHandle object, uint8_t *attr_buf,
328 uint32_t attr_buf_size, uint32_t attr_count, uint32_t attr_size)
329 {
330 if (object == NULL || attr_buf == NULL) {
331 tloge("params invalid\n");
332 return TEE_ERROR_BAD_PARAMETERS;
333 }
334
335 errno_t rc = memmove_s(attr_buf, attr_buf_size, object->ObjectInfo, sizeof(TEE_ObjectInfo));
336 if (rc != EOK) {
337 tloge("memmove obj info fail\n");
338 return TEE_ERROR_SECURITY;
339 }
340
341 ((struct saved_attr_info_t *)attr_buf)->attr_count = attr_count;
342 ((struct saved_attr_info_t *)attr_buf)->attr_size = attr_size;
343 ((struct saved_attr_info_t *)attr_buf)->opt_attr_count = 0;
344 ((struct saved_attr_info_t *)attr_buf)->opt_attr_size = 0;
345
346 return TEE_SUCCESS;
347 }
348
fill_obj_data(TEE_ObjectHandle object,struct create_obj_msg_t * params)349 static TEE_Result fill_obj_data(TEE_ObjectHandle object, struct create_obj_msg_t *params)
350 {
351 if (object == NULL) {
352 tloge("params invalid\n");
353 return TEE_ERROR_BAD_PARAMETERS;
354 }
355 /*
356 * object_id_len is shorter than or equal to HASH_NAME_BUFF_LEN-1,
357 * and HASH_NAME_BUFF_LEN-1 is shorter than sizeof(dataName).
358 */
359 errno_t rc;
360 rc = memmove_s(object->dataName, sizeof(object->dataName),
361 (void *)(uintptr_t)(params->object_id), params->obj_id_len);
362 if (rc != EOK) {
363 tloge("memmove obj name fail\n");
364 return TEE_ERROR_SECURITY;
365 }
366
367 object->dataName[params->obj_id_len] = '\0';
368 object->dataLen = params->obj_id_len;
369 object->storage_id = params->storage_id;
370
371 return TEE_SUCCESS;
372 }
373
ssa_send_msg_and_rcv(union ssa_agent_msg * msg,struct ssa_agent_rsp * rsp,struct create_obj_msg_t * params,TEE_ObjectHandle object)374 static TEE_Result ssa_send_msg_and_rcv(union ssa_agent_msg *msg, struct ssa_agent_rsp *rsp,
375 struct create_obj_msg_t *params, TEE_ObjectHandle object)
376 {
377 if (msg == NULL || rsp == NULL || object == NULL) {
378 tloge("params invalid\n");
379 return TEE_ERROR_BAD_PARAMETERS;
380 }
381 rsp->ret = TEE_ERROR_GENERIC;
382
383 ss_agent_proc_cmd(params->cmd_id, msg, params->cmd_id, rsp);
384 if (rsp->ret == TEE_SUCCESS) {
385 object->dataPtr = (void *)(uintptr_t)rsp->create_obj.obj_index;
386 object->ObjectInfo->dataSize = rsp->create_obj.new_size;
387 object->ObjectInfo->dataPosition = rsp->create_obj.new_seek_pos;
388 } else {
389 tloge("ssagent proc cmd fail\n");
390 return rsp->ret;
391 }
392
393 return TEE_SUCCESS;
394 }
395
add_object_to_list(uint32_t obj_inserted,TEE_ObjectHandle object)396 static TEE_Result add_object_to_list(uint32_t obj_inserted, TEE_ObjectHandle object)
397 {
398 if (object == NULL) {
399 tloge("params invalid\n");
400 return TEE_ERROR_BAD_PARAMETERS;
401 }
402
403 if (obj_inserted) /* to avoiding insert two obj if Attribute is not NULL */
404 (void)delete_object(object); /* no need to verify return value here */
405 if (add_object(object) != TEE_SUCCESS) {
406 tloge("insert new object to list failed\n");
407 return TEE_ERROR_OUT_OF_MEMORY;
408 }
409
410 return TEE_SUCCESS;
411 }
412
fill_msg_info(union ssa_agent_msg * msg,struct create_obj_msg_t * params,uint8_t * obj_id,uint8_t * attr_buf,uint32_t attr_buf_size)413 static TEE_Result fill_msg_info(union ssa_agent_msg *msg, struct create_obj_msg_t *params,
414 uint8_t *obj_id, uint8_t *attr_buf, uint32_t attr_buf_size)
415 {
416 uint8_t *buf = NULL;
417 uint32_t buf_size = 0;
418
419 msg->create_obj.storage_id = params->storage_id;
420 msg->create_obj.object_id = (uintptr_t)obj_id;
421 msg->create_obj.obj_id_len = params->obj_id_len;
422 msg->create_obj.attributes = (uintptr_t)attr_buf;
423 msg->create_obj.attributes_len = attr_buf_size;
424 msg->create_obj.flags = params->flags;
425 msg->create_obj.target_uuid = params->target_uuid;
426
427 bool initial_data_ready = (params->data_len > 0) &&
428 (params->data_len <= MAX_FILE_SIZE) &&
429 ((void *)(uintptr_t)(params->initial_data) != NULL);
430 if (initial_data_ready) {
431 buf_size = params->data_len;
432 buf = alloc_sharemem_aux(&g_uuid, buf_size);
433 if (buf == NULL) {
434 tloge("malloc shared_buff for initial_data failed, size=%u\n", params->data_len);
435 return TEE_ERROR_OUT_OF_MEMORY;
436 }
437
438 msg->create_obj.data_len = params->data_len;
439 msg->create_obj.initial_data = (uintptr_t)buf;
440
441 errno_t rc = memmove_s(buf, params->data_len, (void *)(uintptr_t)(params->initial_data), params->data_len);
442 if (rc != EOK) {
443 tloge("memmove initial data failed\n");
444 return TEE_ERROR_SECURITY;
445 }
446 }
447
448 return TEE_SUCCESS;
449 }
450
ssa_populate_msg(union ssa_agent_msg * msg,struct create_obj_msg_t * params,uint8_t * attr_buf,uint32_t attr_buf_size)451 static TEE_Result ssa_populate_msg(union ssa_agent_msg *msg, struct create_obj_msg_t *params,
452 uint8_t *attr_buf, uint32_t attr_buf_size)
453 {
454 errno_t rc;
455 uint8_t *obj_id = NULL;
456 uint32_t obj_id_size;
457 TEE_Result ret;
458
459 if (msg == NULL || attr_buf == NULL) {
460 tloge("params invalid\n");
461 return TEE_ERROR_BAD_PARAMETERS;
462 }
463
464 obj_id_size = params->obj_id_len + 1;
465 obj_id = alloc_sharemem_aux(&g_uuid, obj_id_size);
466 if (obj_id == NULL) {
467 tloge("malloc shared_buff for obj_id failed, size=%u\n", obj_id_size);
468 return TEE_ERROR_OUT_OF_MEMORY;
469 }
470
471 rc = memmove_s(obj_id, obj_id_size, (void *)(uintptr_t)(params->object_id), obj_id_size);
472 if (rc != EOK) {
473 tloge("memmove object_id failed\n");
474 return TEE_ERROR_SECURITY;
475 }
476
477 ret = fill_msg_info(msg, params, obj_id, attr_buf, attr_buf_size);
478
479 return ret;
480 }
481
alloc_transient_obj_fill_info(TEE_ObjectHandle attributes,uint32_t attr_count,TEE_ObjectHandle * object,uint32_t flags)482 static TEE_Result alloc_transient_obj_fill_info(TEE_ObjectHandle attributes,
483 uint32_t attr_count, TEE_ObjectHandle *object, uint32_t flags)
484 {
485 TEE_Result ret;
486
487 uint32_t key_size = get_object_key_size(attributes);
488 ret = TEE_AllocateTransientObject(attributes->ObjectInfo->objectType, key_size, object);
489 if (ret != TEE_SUCCESS) {
490 tloge("Failed to execute TEE_AllocateTransientObject. ret=%x\n", ret);
491 return ret;
492 }
493
494 ret = TEE_PopulateTransientObject(*object, attributes->Attribute, attr_count);
495 if (ret != TEE_SUCCESS) {
496 tloge("Failed to execute TEE_PopulateTransientObject.ret=%x\n", ret);
497 TEE_FreeTransientObject(*object);
498 return ret;
499 }
500
501 (*object)->ObjectInfo->objectUsage = attributes->ObjectInfo->objectUsage;
502 (*object)->ObjectInfo->handleFlags =
503 (uint32_t)TEE_HANDLE_FLAG_INITIALIZED | (uint32_t)TEE_HANDLE_FLAG_PERSISTENT | flags;
504
505 return TEE_SUCCESS;
506 }
507
fill_attributes_to_object(struct create_obj_msg_t * params,TEE_ObjectHandle * object,uint8_t ** attr_buf,uint32_t * attr_buf_size)508 static TEE_Result fill_attributes_to_object(struct create_obj_msg_t *params, TEE_ObjectHandle *object,
509 uint8_t **attr_buf, uint32_t *attr_buf_size)
510 {
511 TEE_Result ret;
512 TEE_ObjectHandle attributes = (TEE_ObjectHandle)(uintptr_t)(params->attributes);
513 if (attributes->ObjectInfo == NULL || attributes->Attribute == NULL) {
514 tloge("invalid params!\n");
515 return TEE_ERROR_BAD_PARAMETERS;
516 }
517
518 uint32_t attr_count = get_attr_count_for_object_type(attributes->ObjectInfo->objectType);
519 if (attr_count == 0) {
520 tloge("invalid objectType, 0x%x\n", attributes->ObjectInfo->objectType);
521 return TEE_ERROR_BAD_PARAMETERS;
522 }
523
524 ret = alloc_transient_obj_fill_info(attributes, attr_count, object, params->flags);
525 if (ret != TEE_SUCCESS)
526 return ret;
527
528 uint32_t attr_head_size = sizeof(struct saved_attr_info_t);
529 *attr_buf_size = attr_head_size;
530
531 uint32_t attr_body_size = get_attr_buf_size(*object);
532 if (attr_body_size == (uint32_t)TEE_ERROR_BAD_PARAMETERS) {
533 tloge("get attr buf size error ret =0x%x\n", attr_body_size);
534 return TEE_ERROR_OUT_OF_MEMORY;
535 }
536 *attr_buf_size += attr_body_size;
537
538 *attr_buf = alloc_sharemem_aux(&g_uuid, *attr_buf_size);
539 if (*attr_buf == NULL) {
540 tloge("malloc shared_buff for attr_buf failed, size=%u\n", *attr_buf_size);
541 return TEE_ERROR_OUT_OF_MEMORY;
542 }
543
544 uint8_t *point = *attr_buf;
545
546 ret = fill_obj_info_to_attr_buf(*object, point,
547 sizeof(TEE_ObjectInfo), attr_count, *attr_buf_size - attr_head_size);
548 if (ret != TEE_SUCCESS)
549 return ret;
550
551 point += sizeof(struct saved_attr_info_t);
552
553 uint32_t i;
554 for (i = 0; i < attr_count; i++)
555 (void)copy_attribute(&point, &((*object)->Attribute[i])); /* no need to verify return value here */
556
557 return TEE_SUCCESS;
558 }
559
create_obj_and_fill_default_data(struct create_obj_msg_t * params,TEE_ObjectHandle * object,uint8_t ** attr_buf,uint32_t * attr_buf_size)560 static TEE_Result create_obj_and_fill_default_data(struct create_obj_msg_t *params, TEE_ObjectHandle *object,
561 uint8_t **attr_buf, uint32_t *attr_buf_size)
562 {
563 TEE_Result ret;
564
565 if (tee_obj_new(object) != TEE_SUCCESS) {
566 tloge("not available to allocate the object handle\n");
567 return TEE_ERROR_OUT_OF_MEMORY;
568 }
569
570 fill_obj_info(*object, params->flags);
571
572 *attr_buf_size = sizeof(struct saved_attr_info_t);
573 *attr_buf = alloc_sharemem_aux(&g_uuid, sizeof(struct saved_attr_info_t));
574 if (*attr_buf == NULL) {
575 tloge("malloc shared_buff for attr_buf failed, size=%u\n", *attr_buf_size);
576 return TEE_ERROR_OUT_OF_MEMORY;
577 }
578
579 ret = fill_obj_info_to_attr_buf(*object, *attr_buf, sizeof(struct saved_attr_info_t), 0, 0);
580 if (ret != TEE_SUCCESS)
581 return ret;
582
583 return TEE_SUCCESS;
584 }
585
free_temp_object(TEE_ObjectHandle attributes,TEE_ObjectHandle * object)586 static void free_temp_object(TEE_ObjectHandle attributes, TEE_ObjectHandle *object)
587 {
588 if (attributes == TEE_HANDLE_NULL) {
589 (void)tee_obj_free(object); /* never return fail */
590 } else {
591 /* Set object to transient so it can be deleted */
592 (*object)->ObjectInfo->handleFlags &= (~TEE_HANDLE_FLAG_PERSISTENT);
593 TEE_FreeTransientObject(*object);
594 }
595 }
596
ss_agent_create_object(struct create_obj_msg_t * params,TEE_ObjectHandle * object)597 TEE_Result ss_agent_create_object(struct create_obj_msg_t *params, TEE_ObjectHandle *object)
598 {
599 TEE_Result ret;
600 union ssa_agent_msg msg;
601 struct ssa_agent_rsp rsp;
602 uint8_t *attr_buf = NULL;
603 uint32_t attr_buf_size;
604 uint32_t obj_inserted = false;
605 TEE_ObjectHandle tmp_object = NULL;
606
607 ssa_agent_init_msg(&msg, &rsp);
608 if (params == NULL || (void *)(uintptr_t)(params->object_id) == NULL || object == NULL) {
609 tloge("object params invalid\n");
610 return TEE_ERROR_BAD_PARAMETERS;
611 }
612
613 *object = NULL;
614
615 if (params->attributes == TEE_HANDLE_NULL) {
616 ret = create_obj_and_fill_default_data(params, &tmp_object, &attr_buf, &attr_buf_size);
617 if (ret != TEE_SUCCESS)
618 goto errorHandler;
619 } else {
620 ret = fill_attributes_to_object(params, &tmp_object, &attr_buf, &attr_buf_size);
621 if (ret != TEE_SUCCESS)
622 goto errorHandler;
623
624 obj_inserted = true;
625 }
626
627 ret = fill_obj_data(tmp_object, params);
628 if (ret != TEE_SUCCESS)
629 goto errorHandler;
630
631 ret = ssa_populate_msg(&msg, params, attr_buf, attr_buf_size);
632 if (ret != TEE_SUCCESS)
633 goto errorHandler;
634
635 ret = ssa_send_msg_and_rcv(&msg, &rsp, params, tmp_object);
636 if (ret != TEE_SUCCESS)
637 goto errorHandler;
638
639 ret = add_object_to_list(obj_inserted, tmp_object);
640 if (ret != TEE_SUCCESS)
641 goto closeAndDeleteObj;
642
643 *object = tmp_object;
644 goto out;
645
646 closeAndDeleteObj:
647 msg.close_and_delete_obj.obj_index = (uintptr_t)tmp_object->dataPtr;
648 ss_agent_proc_cmd(SS_AGENT_CLOSE_AND_DELETE_OBJECT, &msg, SS_AGENT_CLOSE_AND_DELETE_OBJECT, &rsp);
649 errorHandler:
650 free_temp_object((TEE_ObjectHandle)(uintptr_t)(params->attributes), &tmp_object);
651
652 out: /* this is successful end. free share memory */
653 (void)free_sharemem((void *)(uintptr_t)(msg.create_obj.object_id), msg.create_obj.obj_id_len + 1);
654 (void)free_sharemem((void *)(uintptr_t)(msg.create_obj.initial_data), msg.create_obj.data_len);
655 (void)free_sharemem(attr_buf, attr_buf_size);
656 return ret;
657 }
658
open_obj_proc_cmd(struct create_obj_msg_t * params,struct saved_attr_info_t * attr_head,uint32_t attr_head_size,union ssa_agent_msg * msg,struct ssa_agent_rsp * rsp)659 static TEE_Result open_obj_proc_cmd(struct create_obj_msg_t *params, struct saved_attr_info_t *attr_head,
660 uint32_t attr_head_size, union ssa_agent_msg *msg, struct ssa_agent_rsp *rsp)
661 {
662 uint8_t *shared_buff = NULL;
663 uint32_t shared_buff_size = params->obj_id_len;
664
665 if (msg == NULL || rsp == NULL) {
666 tloge("params invalid\n");
667 return TEE_ERROR_BAD_PARAMETERS;
668 }
669
670 shared_buff = alloc_sharemem_aux(&g_uuid, shared_buff_size);
671 if (shared_buff == NULL) {
672 tloge("malloc shared_buff for obj_id failed, size=%u\n", shared_buff_size);
673 return TEE_ERROR_OUT_OF_MEMORY;
674 }
675
676 errno_t rc = memmove_s(shared_buff, shared_buff_size, (void *)(uintptr_t)(params->object_id), shared_buff_size);
677 if (rc != EOK) {
678 tloge("memmove object_id failed\n");
679 (void)free_sharemem(shared_buff, shared_buff_size);
680 return TEE_ERROR_SECURITY;
681 }
682
683 msg->open_obj.storage_id = (uintptr_t)params->storage_id;
684 msg->open_obj.object_id = (uintptr_t)shared_buff;
685 msg->open_obj.obj_id_len = shared_buff_size;
686 msg->open_obj.flags = params->flags;
687 msg->open_obj.attr_head_size = attr_head_size;
688 msg->open_obj.attr_head = (uintptr_t)attr_head;
689 msg->open_obj.target_uuid = params->target_uuid;
690
691 rsp->ret = TEE_ERROR_GENERIC;
692
693 ss_agent_proc_cmd(params->cmd_id, msg, params->cmd_id, rsp);
694
695 (void)free_sharemem(shared_buff, shared_buff_size);
696
697 return rsp->ret;
698 }
699
ssa_read_attribute_restore(struct saved_attr_info_t * attr_head,TEE_ObjectHandle object,union ssa_agent_msg * msg,struct ssa_agent_rsp * rsp)700 static TEE_Result ssa_read_attribute_restore(struct saved_attr_info_t *attr_head, TEE_ObjectHandle object,
701 union ssa_agent_msg *msg, struct ssa_agent_rsp *rsp)
702 {
703 uint8_t *shared_buff = NULL;
704 uint32_t shared_buff_size;
705 TEE_Result ret;
706
707 shared_buff_size = attr_head->attr_size;
708 shared_buff = alloc_sharemem_aux(&g_uuid, shared_buff_size);
709 if (shared_buff == NULL) {
710 tloge("alloc shared_buff for attrBuf failed, size=%u\n", attr_head->attr_size);
711 return TEE_ERROR_OUT_OF_MEMORY;
712 }
713
714 msg->get_obj_attrs.buffer = (uintptr_t)shared_buff;
715 msg->get_obj_attrs.size = shared_buff_size;
716 msg->get_obj_attrs.obj_index = (uintptr_t)object->dataPtr;
717
718 rsp->ret = TEE_ERROR_GENERIC;
719
720 ss_agent_proc_cmd(SS_AGENT_GET_OBJECT_ATTRIBUTES, msg, SS_AGENT_GET_OBJECT_ATTRIBUTES, rsp);
721
722 if (rsp->ret != TEE_SUCCESS) {
723 tloge("get attribute error!\n");
724 (void)free_sharemem(shared_buff, shared_buff_size);
725 return rsp->ret;
726 }
727
728 ret = restore_attrs(object, shared_buff, shared_buff_size, attr_head->attr_size, attr_head->attr_count);
729
730 (void)free_sharemem(shared_buff, shared_buff_size);
731
732 return ret;
733 }
734
fill_object_data_from_rsp(TEE_ObjectHandle object,struct ssa_agent_rsp * rsp,struct saved_attr_info_t * attr_head)735 static TEE_Result fill_object_data_from_rsp(TEE_ObjectHandle object,
736 struct ssa_agent_rsp *rsp, struct saved_attr_info_t *attr_head)
737 {
738 errno_t rc;
739
740 object->dataPtr = (void *)(uintptr_t)rsp->open_obj.obj_index;
741 rc = memmove_s(object->ObjectInfo, sizeof(TEE_ObjectInfo), &attr_head->object_info, sizeof(TEE_ObjectInfo));
742 if (rc != EOK) {
743 tloge("memmove_s object info fail!\n");
744 return TEE_ERROR_SECURITY;
745 }
746 object->ObjectInfo->dataSize = rsp->open_obj.new_size;
747 object->ObjectInfo->dataPosition = rsp->open_obj.new_seek_pos;
748
749 return TEE_SUCCESS;
750 }
751
obj_restore_attrbutes(struct create_obj_msg_t * params,struct saved_attr_info_t * attr_head,TEE_ObjectHandle object,union ssa_agent_msg * msg,struct ssa_agent_rsp * rsp)752 static TEE_Result obj_restore_attrbutes(struct create_obj_msg_t *params, struct saved_attr_info_t *attr_head,
753 TEE_ObjectHandle object, union ssa_agent_msg *msg, struct ssa_agent_rsp *rsp)
754 {
755 TEE_Result ret;
756
757 if (object == NULL || msg == NULL || rsp == NULL) {
758 tloge("params invalid\n");
759 return TEE_ERROR_BAD_PARAMETERS;
760 }
761
762 ret = fill_object_data_from_rsp(object, rsp, attr_head);
763 if (ret != TEE_SUCCESS)
764 return ret;
765
766 if (attr_head->attr_size > 0) {
767 ret = ssa_read_attribute_restore(attr_head, object, msg, rsp);
768 if (ret != TEE_SUCCESS) {
769 tloge("restore attribute fail!\n");
770 msg->close_obj.obj_index = (uintptr_t)object->dataPtr;
771 ss_agent_proc_cmd(SS_AGENT_CLOSE_OBJECT, msg, SS_AGENT_CLOSE_OBJECT, rsp);
772 return ret;
773 }
774 }
775
776 object->ObjectInfo->handleFlags =
777 (uint32_t)TEE_HANDLE_FLAG_PERSISTENT | (uint32_t)TEE_HANDLE_FLAG_INITIALIZED | params->flags;
778
779 ret = add_object(object);
780 if (ret != TEE_SUCCESS) {
781 msg->close_obj.obj_index = (uintptr_t)object->dataPtr;
782 ss_agent_proc_cmd(SS_AGENT_CLOSE_OBJECT, msg, SS_AGENT_CLOSE_OBJECT, rsp);
783 return ret;
784 }
785
786 return TEE_SUCCESS;
787 }
788
ss_agent_open_object(struct create_obj_msg_t * params,TEE_ObjectHandle * object)789 TEE_Result ss_agent_open_object(struct create_obj_msg_t *params, TEE_ObjectHandle *object)
790 {
791 union ssa_agent_msg msg;
792 struct ssa_agent_rsp rsp;
793 struct saved_attr_info_t *attr_head = NULL;
794 uint32_t attr_head_size = 0;
795 TEE_Result ret;
796 TEE_ObjectHandle tmp_object = NULL;
797
798 ssa_agent_init_msg(&msg, &rsp);
799 if (params == NULL || (void *)(uintptr_t)(params->object_id) == NULL || object == NULL) {
800 tloge("params invalid\n");
801 return TEE_ERROR_BAD_PARAMETERS;
802 }
803
804 *object = NULL;
805
806 if (tee_obj_new(&tmp_object) != TEE_SUCCESS) {
807 tloge("not available to allocate the object handle\n");
808 return TEE_ERROR_OUT_OF_MEMORY;
809 }
810
811 ret = fill_obj_data(tmp_object, params);
812 if (ret != TEE_SUCCESS)
813 goto errorHandler;
814
815 attr_head_size = sizeof(struct saved_attr_info_t);
816 attr_head = alloc_sharemem_aux(&g_uuid, attr_head_size);
817 if (attr_head == NULL) {
818 tloge("malloc attr_head failed\n");
819 ret = TEE_ERROR_OUT_OF_MEMORY;
820 goto errorHandler;
821 }
822
823 ret = open_obj_proc_cmd(params, attr_head, attr_head_size, &msg, &rsp);
824 if (ret == TEE_ERROR_ITEM_NOT_FOUND) {
825 /* file not exist, needn't print error log */
826 goto errorHandler;
827 } else if (ret != TEE_SUCCESS) {
828 /* open fail, return */
829 tloge("open failed, ret=0x%x\n", ret);
830 goto errorHandler;
831 }
832
833 ret = obj_restore_attrbutes(params, attr_head, tmp_object, &msg, &rsp);
834 if (ret != TEE_SUCCESS)
835 goto errorHandler;
836
837 *object = tmp_object;
838 goto out;
839
840 errorHandler:
841 (void)tee_obj_free(&tmp_object);
842
843 out:
844 (void)free_sharemem(attr_head, attr_head_size);
845 return ret;
846 }
847
write_object_data_proc(TEE_ObjectHandle object,const void * buffer,uint32_t size)848 static TEE_Result write_object_data_proc(TEE_ObjectHandle object, const void *buffer, uint32_t size)
849 {
850 union ssa_agent_msg msg;
851 struct ssa_agent_rsp rsp;
852 uint8_t *buf = NULL;
853 uint32_t split = 1;
854 const uint8_t *p = NULL;
855 uint32_t written = 0;
856
857 p = buffer;
858
859 msg.write_obj.obj_index = (uintptr_t)object->dataPtr;
860 uint32_t buf_size = size;
861 buf = alloc_sharemem_aux(&g_uuid, buf_size);
862 /* If there is no enough memory for buffer, try to spit writing to smaller parts */
863 while ((buf == NULL) && (split < MAX_SPLIT_NUM)) {
864 split = DOUBLE(split);
865 buf_size = size / split + FILL_NUM;
866 buf = alloc_sharemem_aux(&g_uuid, buf_size);
867 }
868
869 if (buf == NULL) {
870 ss_agent_proc_cmd(SS_AGENT_FILE_ABORT, &msg, SS_AGENT_FILE_ABORT, &rsp);
871 tloge("malloc shared_buff failed, size=%u, split=%u\n", size, split);
872 return TEE_ERROR_OUT_OF_MEMORY;
873 }
874
875 /* if the size is odd, then it is not possible to divide it to parts with same size. */
876 /* Here the first parts are bigger and latest part is smaller. */
877 while (written < size) {
878 /* msg content are overwrote during msg-sending so they have be to rewrite */
879 msg.write_obj.buffer = (uintptr_t)buf;
880
881 if (size - written > buf_size)
882 msg.write_obj.len = buf_size;
883 else
884 msg.write_obj.len = size - written;
885
886 if (memmove_s(buf, buf_size, p, msg.write_obj.len) != EOK) {
887 rsp.ret = TEE_ERROR_SECURITY;
888 break;
889 }
890 p += msg.write_obj.len;
891 written += msg.write_obj.len;
892
893 rsp.ret = TEE_ERROR_GENERIC;
894
895 ss_agent_proc_cmd(SS_AGENT_WRITE_OBJECT, &msg, SS_AGENT_WRITE_OBJECT, &rsp);
896
897 if (rsp.ret != TEE_SUCCESS) {
898 tloge("write error\n");
899 break;
900 }
901 }
902
903 if (rsp.ret == TEE_SUCCESS) {
904 object->ObjectInfo->dataSize = rsp.write_obj.new_size;
905 object->ObjectInfo->dataPosition = rsp.write_obj.new_seek_pos;
906 }
907
908 (void)free_sharemem(buf, buf_size);
909 return rsp.ret;
910 }
911
ss_agent_write_object_data(TEE_ObjectHandle object,const void * buffer,uint32_t size)912 TEE_Result ss_agent_write_object_data(TEE_ObjectHandle object, const void *buffer, uint32_t size)
913 {
914 tlogd("start, write %u bytes\n", size);
915
916 if (buffer == NULL || object == NULL || object->ObjectInfo == NULL) {
917 tloge("params invalid\n");
918 return TEE_ERROR_BAD_PARAMETERS;
919 }
920
921 return write_object_data_proc(object, buffer, size);
922 }
923
read_object_data_proc(TEE_ObjectHandle object,void * buffer,uint32_t size,uint32_t * count)924 static TEE_Result read_object_data_proc(TEE_ObjectHandle object, void *buffer, uint32_t size, uint32_t *count)
925 {
926 union ssa_agent_msg msg;
927 struct ssa_agent_rsp rsp;
928 uint32_t split = 1;
929 uint32_t read_count = 0;
930 uint8_t *p = buffer;
931 uint32_t buf_size = size;
932 uint8_t *buf = alloc_sharemem_aux(&g_uuid, size);
933
934 /* If there is no enough memory for buffer, try to spit data to smaller parts */
935 while ((buf == NULL) && (split < MAX_SPLIT_NUM)) {
936 split = DOUBLE(split);
937 buf_size = size / split + FILL_NUM;
938 buf = alloc_sharemem_aux(&g_uuid, buf_size);
939 }
940 if (buf == NULL) {
941 tloge("malloc shared_buff failed, size=%u, split=%u\n", size, split);
942 return TEE_ERROR_OUT_OF_MEMORY;
943 }
944
945 /* if the size is odd, then it is not possible to divide it to parts with same size. */
946 /* Here the first parts are bigger and latest part is smaller. */
947 while (read_count < size) {
948 /* msg content are overwrote during msg-sending so they have be to rewrite */
949 msg.read_obj.obj_index = (uintptr_t)object->dataPtr;
950 if (size - read_count > buf_size)
951 msg.read_obj.len = buf_size;
952 else
953 msg.read_obj.len = size - read_count;
954
955 msg.read_obj.buffer = (uintptr_t)buf;
956 rsp.ret = TEE_ERROR_GENERIC;
957
958 ss_agent_proc_cmd(SS_AGENT_READ_OBJECT, &msg, SS_AGENT_READ_OBJECT, &rsp);
959
960 if (rsp.ret == TEE_SUCCESS) {
961 object->ObjectInfo->dataSize = rsp.read_obj.new_size;
962 object->ObjectInfo->dataPosition = rsp.read_obj.new_seek_pos;
963 if (rsp.read_obj.count == 0) {
964 /* no more data */
965 break;
966 }
967
968 if (memmove_s(p, size, buf, rsp.read_obj.count) != EOK) {
969 rsp.ret = TEE_ERROR_SECURITY;
970 break;
971 }
972 p += rsp.read_obj.count;
973 read_count += rsp.read_obj.count;
974 } else {
975 read_count = 0;
976 break;
977 }
978 }
979 *count = read_count;
980
981 (void)free_sharemem(buf, buf_size);
982 return rsp.ret;
983 }
984
ss_agent_read_object_data(TEE_ObjectHandle object,void * buffer,uint32_t size,uint32_t * count)985 TEE_Result ss_agent_read_object_data(TEE_ObjectHandle object, void *buffer, uint32_t size, uint32_t *count)
986 {
987 tlogd("start, read %u bytes\n", size);
988
989 if (object == NULL || buffer == NULL || count == NULL || (object->ObjectInfo) == NULL) {
990 tloge("params invalid\n");
991 return TEE_ERROR_BAD_PARAMETERS;
992 }
993
994 return read_object_data_proc(object, buffer, size, count);
995 }
996
ss_agent_seek_object_data(TEE_ObjectHandle object,int32_t offset,TEE_Whence whence)997 TEE_Result ss_agent_seek_object_data(TEE_ObjectHandle object, int32_t offset, TEE_Whence whence)
998 {
999 union ssa_agent_msg msg;
1000 struct ssa_agent_rsp rsp;
1001 TEE_Result ret;
1002
1003 if (object == NULL || (object->ObjectInfo) == NULL) {
1004 tloge("params invalid\n");
1005 return TEE_ERROR_BAD_PARAMETERS;
1006 }
1007
1008 msg.seek_obj.obj_index = (uintptr_t)object->dataPtr;
1009 msg.seek_obj.offset = offset;
1010 msg.seek_obj.whence = whence;
1011
1012 rsp.ret = TEE_ERROR_GENERIC;
1013
1014 ss_agent_proc_cmd(SS_AGENT_SEEK_OBJECT, &msg, SS_AGENT_SEEK_OBJECT, &rsp);
1015
1016 ret = rsp.ret;
1017
1018 if (ret == TEE_SUCCESS) {
1019 object->ObjectInfo->dataSize = rsp.seek_obj.new_size;
1020 object->ObjectInfo->dataPosition = rsp.seek_obj.new_seek_pos;
1021 }
1022
1023 return ret;
1024 }
1025
ss_agent_truncate_object_data(TEE_ObjectHandle object,int32_t size)1026 TEE_Result ss_agent_truncate_object_data(TEE_ObjectHandle object, int32_t size)
1027 {
1028 union ssa_agent_msg msg;
1029 struct ssa_agent_rsp rsp;
1030 TEE_Result ret;
1031
1032 if (object == NULL || (object->ObjectInfo) == NULL) {
1033 tloge("params invalid\n");
1034 return TEE_ERROR_BAD_PARAMETERS;
1035 }
1036
1037 msg.truncate_obj.obj_index = (uintptr_t)object->dataPtr;
1038 msg.truncate_obj.size = size;
1039
1040 rsp.ret = TEE_ERROR_GENERIC;
1041
1042 ss_agent_proc_cmd(SS_AGENT_TRUNCATE_OBJECT, &msg, SS_AGENT_TRUNCATE_OBJECT, &rsp);
1043
1044 ret = rsp.ret;
1045 if (ret == TEE_SUCCESS) {
1046 object->ObjectInfo->dataSize = rsp.truncate_obj.new_size;
1047 object->ObjectInfo->dataPosition = rsp.truncate_obj.new_seek_pos;
1048 tlogd("seek %u, size %u\n", rsp.truncateObj.new_seek_pos, rsp.truncateObj.newSize);
1049 }
1050
1051 return ret;
1052 }
1053
ss_agent_rename_object(TEE_ObjectHandle object,const void * new_object_id,uint32_t new_object_id_len)1054 TEE_Result ss_agent_rename_object(TEE_ObjectHandle object, const void *new_object_id, uint32_t new_object_id_len)
1055 {
1056 union ssa_agent_msg msg;
1057 struct ssa_agent_rsp rsp;
1058 uint8_t *buf = NULL;
1059 uint32_t buf_size;
1060 TEE_Result ret;
1061 errno_t rc;
1062
1063 if (object == NULL || new_object_id == NULL) {
1064 tloge("params invalid\n");
1065 return TEE_ERROR_BAD_PARAMETERS;
1066 }
1067
1068 msg.rename_obj.obj_index = (uintptr_t)object->dataPtr;
1069
1070 buf_size = new_object_id_len;
1071 buf = alloc_sharemem_aux(&g_uuid, buf_size);
1072 if (buf == NULL) {
1073 tloge("malloc shared_buff failed, size=%u\n", new_object_id_len);
1074 ss_agent_proc_cmd(SS_AGENT_FILE_ABORT, &msg, SS_AGENT_FILE_ABORT, &rsp);
1075 return TEE_ERROR_OUT_OF_MEMORY;
1076 }
1077 rc = memmove_s(buf, buf_size, new_object_id, buf_size);
1078 if (rc != EOK) {
1079 ret = TEE_ERROR_SECURITY;
1080 goto out;
1081 }
1082
1083 msg.rename_obj.new_object_id = (uintptr_t)buf;
1084 msg.rename_obj.obj_id_len = buf_size;
1085
1086 rsp.ret = TEE_ERROR_GENERIC;
1087
1088 ss_agent_proc_cmd(SS_AGENT_RENAME_OBJECT, &msg, SS_AGENT_RENAME_OBJECT, &rsp);
1089
1090 ret = rsp.ret;
1091
1092 if (ret == TEE_SUCCESS) {
1093 ret = tee_obj_setname(object, (uint8_t *)new_object_id, new_object_id_len);
1094 if (ret != TEE_SUCCESS) {
1095 tloge("tee obj set name failed , 0x%x\n", ret);
1096 goto out;
1097 }
1098 }
1099
1100 out:
1101 (void)free_sharemem(buf, buf_size);
1102 return ret;
1103 }
1104
ss_agent_get_object_info(TEE_ObjectHandle object,uint32_t * pos,uint32_t * len)1105 TEE_Result ss_agent_get_object_info(TEE_ObjectHandle object, uint32_t *pos, uint32_t *len)
1106 {
1107 TEE_Result ret;
1108 union ssa_agent_msg msg;
1109 struct ssa_agent_rsp rsp;
1110 errno_t rc;
1111
1112 if (object == NULL || pos == NULL || len == NULL) {
1113 tloge("params invalid\n");
1114 return TEE_ERROR_BAD_PARAMETERS;
1115 }
1116
1117 msg.get_info_obj.obj_index = (uintptr_t)object->dataPtr;
1118
1119 rc = memset_s(&rsp, sizeof(rsp), 0, sizeof(rsp));
1120 if (rc != EOK)
1121 tlogw("memset failed, %x\n", rc);
1122 rsp.ret = TEE_ERROR_GENERIC;
1123
1124 ss_agent_proc_cmd(SS_AGENT_GET_OBJECT_INFO, &msg, SS_AGENT_GET_OBJECT_INFO, &rsp);
1125
1126 ret = rsp.ret;
1127 *pos = rsp.get_info_obj.pos;
1128 *len = rsp.get_info_obj.len;
1129 return ret;
1130 }
1131
ss_agent_close_object(TEE_ObjectHandle object)1132 void ss_agent_close_object(TEE_ObjectHandle object)
1133 {
1134 union ssa_agent_msg msg;
1135 struct ssa_agent_rsp rsp;
1136
1137 if (object == NULL || (object->ObjectInfo) == NULL) {
1138 tloge("params invalid\n");
1139 return;
1140 }
1141
1142 msg.close_obj.obj_index = (uintptr_t)object->dataPtr;
1143 rsp.ret = TEE_ERROR_GENERIC;
1144
1145 ss_agent_proc_cmd(SS_AGENT_CLOSE_OBJECT, &msg, SS_AGENT_CLOSE_OBJECT, &rsp);
1146
1147 /* Set object to to transient so it can be deleted */
1148 object->ObjectInfo->handleFlags &= (uint32_t)(~TEE_HANDLE_FLAG_PERSISTENT);
1149 TEE_FreeTransientObject(object);
1150 }
1151
ss_agent_close_and_delete_object(TEE_ObjectHandle object)1152 TEE_Result ss_agent_close_and_delete_object(TEE_ObjectHandle object)
1153 {
1154 union ssa_agent_msg msg;
1155 struct ssa_agent_rsp rsp;
1156 TEE_Result ret;
1157
1158 if (object == NULL || (object->ObjectInfo) == NULL) {
1159 tloge("params invalid\n");
1160 return TEE_ERROR_BAD_PARAMETERS;
1161 }
1162
1163 msg.close_and_delete_obj.obj_index = (uintptr_t)object->dataPtr;
1164 rsp.ret = TEE_ERROR_GENERIC;
1165
1166 ss_agent_proc_cmd(SS_AGENT_CLOSE_AND_DELETE_OBJECT, &msg, SS_AGENT_CLOSE_AND_DELETE_OBJECT, &rsp);
1167
1168 ret = rsp.ret;
1169 /* Set object to to transient so it can be deleted */
1170 object->ObjectInfo->handleFlags &= (uint32_t)(~TEE_HANDLE_FLAG_PERSISTENT);
1171 TEE_FreeTransientObject(object);
1172
1173 return ret;
1174 }
1175
ss_agent_sync_object(TEE_ObjectHandle object)1176 TEE_Result ss_agent_sync_object(TEE_ObjectHandle object)
1177 {
1178 union ssa_agent_msg msg;
1179 struct ssa_agent_rsp rsp;
1180 TEE_Result ret;
1181
1182 if (object == NULL) {
1183 tloge("params invalid\n");
1184 return TEE_ERROR_BAD_PARAMETERS;
1185 }
1186
1187 msg.sync_obj.obj_index = (uintptr_t)object->dataPtr;
1188 rsp.ret = TEE_ERROR_GENERIC;
1189
1190 ss_agent_proc_cmd(SS_AGENT_SYNC_OBJECT, &msg, SS_AGENT_SYNC_OBJECT, &rsp);
1191
1192 ret = rsp.ret;
1193 return ret;
1194 }
1195
ssagent_delete_all(TEE_UUID target)1196 TEE_Result ssagent_delete_all(TEE_UUID target)
1197 {
1198 union ssa_agent_msg msg;
1199 struct ssa_agent_rsp rsp;
1200
1201 msg.delete_obj.target_uuid = target;
1202 rsp.ret = TEE_ERROR_GENERIC;
1203 ss_agent_proc_cmd(SS_AGENT_EXT_DELETE_ALL_OBJECT, &msg, SS_AGENT_EXT_DELETE_ALL_OBJECT, &rsp);
1204
1205 return rsp.ret;
1206 }
1207
get_enum_file_size()1208 static uint32_t get_enum_file_size()
1209 {
1210 union ssa_agent_msg msg;
1211 struct ssa_agent_rsp rsp;
1212
1213 ssa_agent_init_msg(&msg, &rsp);
1214 rsp.ret = TEE_ERROR_GENERIC;
1215
1216 ss_agent_proc_cmd(SS_AGENT_GET_ENUM_FILE_SIZE, &msg, SS_AGENT_GET_ENUM_FILE_SIZE, &rsp);
1217
1218 if (rsp.ret != TEE_SUCCESS) {
1219 tloge("Failed to get the enum file size.\n");
1220 return 0;
1221 }
1222
1223 return rsp.get_info_obj.len;
1224 }
1225
allocate_enum_handle(TEE_ObjectEnumHandle * obj_enumerator)1226 TEE_Result allocate_enum_handle(TEE_ObjectEnumHandle *obj_enumerator)
1227 {
1228 if (obj_enumerator == NULL) {
1229 tloge("obj_enumerator is null");
1230 return TEE_ERROR_BAD_PARAMETERS;
1231 }
1232
1233 *obj_enumerator = (TEE_ObjectEnumHandle)TEE_Malloc(sizeof(struct __TEE_ObjectEnumHandle), 0);
1234 if (*obj_enumerator == NULL) {
1235 tloge("allocate memory for enumerator failed\n");
1236 return TEE_ERROR_OUT_OF_MEMORY;
1237 }
1238
1239 (*obj_enumerator)->enum_handle = (uintptr_t)TEE_Malloc(sizeof(struct obj_enum_handle_t), 0);
1240 if ((*obj_enumerator)->enum_handle == 0) {
1241 tloge("allocate memory for enumerator failed\n");
1242 TEE_Free(*obj_enumerator);
1243 *obj_enumerator = NULL;
1244 return TEE_ERROR_OUT_OF_MEMORY;
1245 }
1246
1247 return TEE_SUCCESS;
1248 }
1249
free_enum_handle(TEE_ObjectEnumHandle obj_enumerator)1250 void free_enum_handle(TEE_ObjectEnumHandle obj_enumerator)
1251 {
1252 if (obj_enumerator == NULL) {
1253 tloge("obj_enumerator is null");
1254 return;
1255 }
1256
1257 struct obj_enum_handle_t *enum_handle = (struct obj_enum_handle_t *)(obj_enumerator->enum_handle);
1258 if (enum_handle != NULL) {
1259 TEE_Free(enum_handle->obj_enum_buf);
1260 enum_handle->obj_enum_buf = NULL;
1261 TEE_Free((void *)obj_enumerator->enum_handle);
1262 obj_enumerator->enum_handle = 0;
1263 }
1264
1265 TEE_Free(obj_enumerator);
1266 obj_enumerator = 0;
1267 }
1268
reset_enum_handle(TEE_ObjectEnumHandle obj_enumerator)1269 void reset_enum_handle(TEE_ObjectEnumHandle obj_enumerator)
1270 {
1271 errno_t ret_s;
1272
1273 if (obj_enumerator == NULL) {
1274 tloge("obj_enumerator is null");
1275 return;
1276 }
1277
1278 struct obj_enum_handle_t *enum_handle = (struct obj_enum_handle_t *)(obj_enumerator->enum_handle);
1279 if (enum_handle == NULL) {
1280 tloge("enum_handle is null");
1281 return;
1282 }
1283
1284 TEE_Free(enum_handle->obj_enum_buf);
1285 enum_handle->obj_enum_buf = NULL;
1286
1287 ret_s = memset_s(enum_handle, sizeof(struct obj_enum_handle_t), 0, sizeof(struct obj_enum_handle_t));
1288 if (ret_s != EOK) {
1289 tloge("Failed to memset objectEnumerator, please check.\n");
1290 return;
1291 }
1292 }
1293
ta_start_enumerator(TEE_ObjectEnumHandle obj_enumerator)1294 TEE_Result ta_start_enumerator(TEE_ObjectEnumHandle obj_enumerator)
1295 {
1296 union ssa_agent_msg msg;
1297 struct ssa_agent_rsp rsp;
1298
1299 if (obj_enumerator == NULL || obj_enumerator->enum_handle == 0)
1300 return TEE_ERROR_BAD_PARAMETERS;
1301
1302 struct obj_enum_handle_t *enum_handle = (struct obj_enum_handle_t *)(obj_enumerator->enum_handle);
1303
1304 if (enum_handle->active_status == ENUM_FLAG_ACTIVED) {
1305 tlogd("Enumerator has been started!");
1306 reset_enum_handle(obj_enumerator);
1307 }
1308
1309 uint32_t enum_file_len = get_enum_file_size();
1310 if (enum_file_len == 0) {
1311 enum_handle->active_status = ENUM_FLAG_ACTIVED;
1312 return TEE_ERROR_ITEM_NOT_FOUND;
1313 }
1314
1315 uint8_t *buf = alloc_sharemem_aux(&g_uuid, enum_file_len);
1316 if (buf == NULL)
1317 return TEE_ERROR_OUT_OF_MEMORY;
1318
1319 msg.read_obj.len = enum_file_len;
1320 msg.read_obj.buffer = (uintptr_t)buf;
1321 rsp.ret = TEE_ERROR_GENERIC;
1322 ss_agent_proc_cmd(SS_AGENT_START_ENUMERATOR, &msg, SS_AGENT_START_ENUMERATOR, &rsp);
1323 if (rsp.ret != TEE_SUCCESS) {
1324 tloge("Failed to get the enumerator information.\n");
1325 (void)free_sharemem(buf, enum_file_len);
1326 return rsp.ret;
1327 }
1328
1329 enum_handle->obj_enum_buf = TEE_Malloc(enum_file_len, 0);
1330 if (enum_handle->obj_enum_buf == NULL) {
1331 (void)free_sharemem(buf, enum_file_len);
1332 return TEE_ERROR_OUT_OF_MEMORY;
1333 }
1334
1335 errno_t ret_s = memcpy_s(enum_handle->obj_enum_buf, enum_file_len, buf, enum_file_len);
1336 if (ret_s != EOK) {
1337 tloge("mem copy obj_enum_buf fail");
1338 rsp.ret = TEE_ERROR_SECURITY;
1339 goto clean;
1340 }
1341
1342 enum_handle->offset = 0;
1343 enum_handle->obj_enum_buf_len = enum_file_len;
1344 enum_handle->active_status = ENUM_FLAG_ACTIVED;
1345
1346 (void)free_sharemem(buf, enum_file_len);
1347 return TEE_SUCCESS;
1348
1349 clean:
1350 TEE_Free(enum_handle->obj_enum_buf);
1351 (void)free_sharemem(buf, enum_file_len);
1352 return rsp.ret;
1353 }
1354
ta_get_next(TEE_ObjectEnumHandle obj_enumerator,TEE_ObjectInfo * object_info,uint8_t * object_id,size_t * object_id_len)1355 TEE_Result ta_get_next(TEE_ObjectEnumHandle obj_enumerator, TEE_ObjectInfo *object_info,
1356 uint8_t *object_id, size_t *object_id_len)
1357 {
1358 struct object_enum_info *obj_enum_info = NULL;
1359 errno_t ret_s;
1360
1361 bool param_check = (obj_enumerator == NULL) || (obj_enumerator->enum_handle == 0) || (object_info == NULL) ||
1362 (object_id == NULL) || (object_id_len == NULL);
1363 if (param_check)
1364 return TEE_ERROR_BAD_PARAMETERS;
1365
1366 struct obj_enum_handle_t *enum_handle = (struct obj_enum_handle_t *)(obj_enumerator->enum_handle);
1367
1368 if (enum_handle->active_status == ENUM_FLAG_NOT_ACTIVED) {
1369 tloge("The object enumerator is not started.\n");
1370 return TEE_ERROR_ITEM_NOT_FOUND;
1371 }
1372
1373 if (enum_handle->offset >= enum_handle->obj_enum_buf_len ||
1374 enum_handle->offset % sizeof(struct object_enum_info) != 0) {
1375 tloge("There are no more object in the enumeration.\n");
1376 return TEE_ERROR_ITEM_NOT_FOUND;
1377 }
1378
1379 if (enum_handle->obj_enum_buf == NULL) {
1380 tloge("There are no object in the enumeration.\n");
1381 return TEE_ERROR_ITEM_NOT_FOUND;
1382 }
1383
1384 obj_enum_info = (struct object_enum_info *)(enum_handle->obj_enum_buf + enum_handle->offset);
1385
1386 ret_s = memcpy_s(object_info, sizeof(TEE_ObjectInfo), &(obj_enum_info->obj_info), sizeof(TEE_ObjectInfo));
1387 if (ret_s != EOK) {
1388 tloge("Failed to copy object info.\n");
1389 return TEE_ERROR_SECURITY;
1390 }
1391
1392 if (*object_id_len < obj_enum_info->object_id_len + 1) {
1393 tloge("object id len is too short");
1394 *object_id_len = obj_enum_info->object_id_len + 1;
1395 return TEE_ERROR_SHORT_BUFFER;
1396 }
1397
1398 ret_s = memcpy_s(object_id, *object_id_len, obj_enum_info->object_id, obj_enum_info->object_id_len);
1399 if (ret_s != EOK) {
1400 tloge("Failed to copy ObjectID.\n");
1401 return TEE_ERROR_SECURITY;
1402 }
1403
1404 *object_id_len = obj_enum_info->object_id_len;
1405 object_id[*object_id_len] = '\0';
1406 enum_handle->offset += sizeof(struct object_enum_info);
1407
1408 return TEE_SUCCESS;
1409 }
1410
1411