• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2022 Huawei Technologies Co., Ltd.
3  * Licensed under the Mulan PSL v2.
4  * You can use this software according to the terms and conditions of the Mulan PSL v2.
5  * You may obtain a copy of Mulan PSL v2 at:
6  *     http://license.coscl.org.cn/MulanPSL2
7  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
8  * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
9  * PURPOSE.
10  * See the Mulan PSL v2 for more details.
11  */
12 #ifndef TA_LIB_IMG_UNPACK_H
13 #define TA_LIB_IMG_UNPACK_H
14 #include "tee_defines.h"
15 #include "ta_framework.h"
16 
17 #define KEY_VER_BITE            0X8U
18 #define KEY_VER_MASK            0XFFU
19 #define SEC_IMG_TA_KEY_VERSION  2U
20 /* ta's sec file only signature not encrypt */
21 #define KEY_VER_NOT_ENCRYPT     0
22 #define PERMSRV_FILE_OPT  "permsrv_file_operation"
23 #define PERMSRV_SAVE_FILE "permsrv_save_file"
24 #define INVALID_OFFSET (-1)
25 #define MAX_TAFS_NAME_LEN 64
26 #define RWRIGHT 0600
27 #define COUNTER_STEP_SIZE 0x1010101
28 #define SERVICE_NAME_MAX_IN_MANIFEST 48
29 #define RET_KEEP_LOADING 3
30 #define SIGN_ALG_MASK 0x0000FFFF
31 #define RWRIGHT 0600
32 #define LOAD_TA_TMP_FILE "%s/gt_elf_%u.msec"
33 
34 #define DECIMAL_BASE         10
35 #define HEX_BASE             16
36 #define MIN_MANIFEST_SIZE    128
37 #define MAX_MANIFEST_SIZE    512
38 #define ADDITIONAL_BUF_SIZE  4096
39 #define TEE_RSA1024_BYTE_LEN 128
40 #define TEE_RSA2048_BYTE_LEN 256
41 #define TEE_RSA4096_BYTE_LEN 512
42 #define DECRY_OFFSET         10
43 
44 #define CIPHER_HDR_8_BYTE  8
45 #define CIPHER_HDR_16_BYTE 16
46 #define CIPHER_HDR_32_BYTE 32
47 #define CIPHER_HDR_64_BYTE 64
48 #define SIGN_ALGO_RSA_2048 0x00002048
49 #define SIGN_ALGO_RSA_4096 0x00004096
50 #define SIGN_ALGO_ECC_256  0x00000256
51 
52 #define SIGN_ALG_KEY_STYLE_MASK 0x10000000 /* 0: debug, 1: release */
53 #define SIGN_ALG_PADD_MASK      0x08000000 /* 0: pkcs1v5, 1: pss */
54 #define SIGN_ALG_HASH_MASK      0x04000000 /* 0: sha256, 1: sha512 */
55 #define SIGN_ALG_KEY_LEN_MASK   0x0000ffff /* only support 2048/4096bits */
56 
57 #define SIGN_TA_ALG_BITS       20
58 #define SIGN_ALG_TA_ALG_MASK   0xF
59 
60 #define RSA2048_SIGNATURE_SIZE 256
61 #define RSA4096_SIGNATURE_SIZE 512
62 #define ECC256_SIGNATURE_SIZE  72
63 #define MAX_SIGNATURE_SIZE     512
64 
65 #define OUTPUT_MEM_REF_INDEX 2
66 #define INPUT_VALUE_INDEX    3
67 
68 #define SIGNATURE_SIZE_INVALID 0
69 
70 #define TA_HEAD_MAGIC1 0xA5A55A5A
71 #define TA_HEAD_MAGIC2 0xAAAA
72 
73 #define IMAGE_BUF_EXTRA 4096
74 #define SHA1_LEN        20
75 #define SHA256_LEN      32 /* now use sha256 hash alg */
76 #define SHA512_LEN      64 /* now use sha256 hash alg */
77 #define HASH_UPDATA_LEN 1024 /* modify from 64 to 1024, reduce elf-load time */
78 
79 #define TEE_ERROR_IMG_DECRYPTO_FAIL  0xFF01 /* *< Image decryption failed */
80 #define TEE_ERROR_IMG_VERIFY_FAIL    0xFF02 /* *< Image verification failed */
81 #define TEE_ERROR_IMG_ELF_LOAD_FAIL  0xFF03 /* *< Image loading failed */
82 #define TEE_ERROR_IMG_NEED_LOAD_FAIL 0xFF04 /* *< Image loading judgement failed */
83 #define TEE_ERROR_IMG_PARSE_FAIL     0xFF05 /* *< Image parse failed */
84 
85 #define KEY_SIZE_MAX 64
86 
87 #define ELF_HEAD_SIZE      0x36
88 #define MANIFEST_PLAIN_LEN 116
89 #define RSA_SIGN_LEN       256
90 #define MIN_CRYPTO_LEN     128
91 #define AES_CIPHER_PAD(p)  (16 - (p) % 16)
92 #define SIZE_ALIGN(p)      (4 - (p) % 4)
93 #define RLEN               32
94 #define E_KEY_SIZE         65
95 #define KEY_HASH_MAX                 32
96 #define RSA_DIGEST_LEN               KEY_HASH_MAX
97 
98 #define RSA_PUB_D_SIZE     384
99 #define RSA_PRIV_ORIG_LEN  193
100 #define RSA_PUB_E_SIZE     3
101 
102 #define TA_LOAD_PERM_ALLOW 1
103 #define TA_LOAD_PERM_DENY  0
104 
105 #define UINT32_MAX_VALUE 0xFFFFFFFF
106 
107 typedef enum {
108     IMG_TYPE_APP         = 1,
109     IMG_TYPE_LIB         = 2,
110     IMG_TYPE_DYNAMIC_DRV = 3,
111     IMG_TYPE_CRYPTO_DRV  = 4,
112     IMG_TYPE_DYNAMIC_SRV = 5,
113     IMG_TYPE_DYNAMIC_CLIENT = 6,
114     IMG_TYPE_MAX         = 7,
115 } tee_img_type_t;
116 
117 enum {
118     HARDWARE_ENGINE_CRYPTO  = 1,
119     HARDWARE_ENGINE_MAX,
120 };
121 
122 /* Version 1, 2 have the same image head */
123 typedef struct {
124     uint32_t context_len;         /* manifest_crypto_len + cipher_bin_len */
125     uint32_t manifest_crypto_len; /* manifest crypto len */
126     uint32_t manifest_plain_len;  /* manfiest extension + manifest binary */
127     uint32_t manifest_str_len;    /* manifest extension len */
128     uint32_t cipher_bin_len;
129     uint32_t sign_len; /* sign file len, now rsa 2048 this len is 256 */
130 } teec_image_head;
131 
132 typedef struct {
133     uint32_t magic_num1;
134     uint16_t magic_num2;
135     uint16_t version_num;
136 } teec_image_identity;
137 
138 typedef struct {
139     teec_image_head img_hd;
140 } teec_ta_head_v1;
141 
142 /* V2 & V3 have the same TA HEADER */
143 typedef struct {
144     teec_image_identity img_identity;
145     teec_image_head img_hd;
146     uint8_t reserved[16]; // Reserve 16 bytes for further extension
147 } teec_ta_head_v2;
148 
149 typedef struct {
150     int32_t single_instance;
151     int32_t multi_session;
152     int32_t multi_command;
153     uint32_t heap_size;
154     uint32_t stack_size;
155     int32_t instance_keep_alive;
156 } ta_property_t;
157 
158 typedef struct {
159     ta_property_t ta_property;
160     uint32_t elf_hash_len;
161     uint32_t elf_cryptkey_len;
162     uint32_t service_name_len;
163 } manifest_info_t;
164 
165 typedef struct {
166     uint16_t distribution;
167     uint16_t api_level;
168     uint16_t sdk_version;
169     bool is_lib;
170     bool ssa_enum_enable;
171     bool mem_page_align;
172     bool sys_verify_ta;
173     uint16_t target_type;
174     uint16_t target_version;
175     uint16_t hardware_type;
176     bool is_need_release_ta_res;
177     bool crash_callback;
178     bool is_need_create_msg;
179     bool is_need_release_msg;
180 } manifest_extension_t;
181 
182 typedef struct {
183     TEE_UUID srv_uuid;
184     manifest_info_t mani_info;
185     int8_t *hash_val;
186     int8_t *key_val;
187     int8_t *service_name;
188     manifest_extension_t ext;
189 } manifest_t;
190 
191 typedef struct {
192     manifest_t manifest;  /* save manifest info */
193     int8_t *manifest_buf; /* use malloc, save manifest extension */
194     int8_t *img_buf;      /* save image */
195     uint32_t img_offset;
196     uint32_t img_size;
197     uint32_t img_version;
198     bool dyn_conf_registed; /* using for dyn perm */
199 } load_img_info;
200 
201 typedef struct {
202     uint32_t key_size;
203     uint32_t iv_size;
204     uint32_t signature_alg;
205 } ta_cipher_hdr_t;
206 
207 typedef struct {
208     ta_cipher_hdr_t cipher_hdr;
209     uint8_t *key;
210     uint8_t *iv;
211 } ta_cipher_layer_t;
212 
213 typedef struct {
214     uint32_t format_version;
215     uint32_t mani_info_size;
216     uint32_t mani_ext_size;
217     uint32_t ta_elf_size;
218     uint32_t ta_conf_size;
219 } ta_payload_hdr_t;
220 
221 typedef struct {
222     ta_payload_hdr_t payload_hdr;
223     uint8_t *ta_elf;
224     uint8_t *ta_conf;
225     bool conf_registed;
226 } ta_payload_layer_t;
227 
228 typedef struct {
229     teec_image_identity img_identity;
230     uint32_t context_len;
231     uint32_t ta_key_version;
232 } ta_image_hdr_v3_t;
233 
234 #define MAX_HEADER_SIZE       0x400
235 #define MANIFEST_RESERVE_SIZE 128
236 
237 typedef struct {
238     uint32_t img_version;
239     uint32_t identity_len;
240     uint32_t header_len;
241     uint32_t image_len;
242     uint32_t total_len;
243     TEE_UUID srv_uuid;
244     int8_t   *service_name;
245     uint32_t service_name_len;
246     int32_t  multi_instance;
247     int32_t  multi_session;
248     int32_t  multi_command;
249     uint32_t heap_size;
250     uint32_t stack_size;
251     int32_t  instance_keep_alive;
252     uint8_t *manifest_buf;
253     uint8_t manifest_str_len;
254     int8_t   *img_buf;
255     uint32_t img_buf_len;
256     uint32_t img_buf_offset;
257 } teec_image_info;
258 
259 enum cipher_layer_len_ver {
260     CIPHER_LAYER_LEN_256 = 256,
261     CIPHER_LAYER_LEN_384 = 384,
262 };
263 
264 enum cipher_layer_key_ver {
265     CIPHER_LAYER_KEY_V1 = 1, /* 2048 bits key, default is also 2048 bits */
266     CIPHER_LAYER_KEY_V2 = 2, /* 3072 bits key */
267 };
268 
269 typedef struct {
270     int8_t *ptr_manifest_buf;
271     int8_t *ptr_ta_elf;
272     int8_t *img_buf;
273     uint32_t img_offset;
274     uint32_t img_size;
275     uint32_t img_version;
276     int32_t img_fp; /* fp here means a special fd */
277     uint32_t aligned_img_size;
278     char tmp_file_name[MAX_TAFS_NAME_LEN];
279     bool tmp_file_exist;
280 } elf_image_info;
281 
282 #endif
283