diff options
Diffstat (limited to 'security/tf_daemon/delegation_client.c')
-rw-r--r-- | security/tf_daemon/delegation_client.c | 194 |
1 files changed, 180 insertions, 14 deletions
diff --git a/security/tf_daemon/delegation_client.c b/security/tf_daemon/delegation_client.c index 54ee112..a2bff0b 100644 --- a/security/tf_daemon/delegation_client.c +++ b/security/tf_daemon/delegation_client.c @@ -28,7 +28,7 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#if defined(__ANDROID32__) +#if defined(ANDROID) #include <stddef.h> #endif #include <stdio.h> @@ -43,12 +43,12 @@ #include <sys/types.h> #include <fcntl.h> -#if defined(LINUX) || defined(__ANDROID32__) +#if defined(LINUX) || defined(ANDROID) #include <unistd.h> #include <sys/resource.h> -#if defined(__ANDROID32__) +#if defined(ANDROID) /* fdatasync does not exist on Android */ #define fdatasync fsync #else @@ -58,14 +58,14 @@ * in some distributions */ int fdatasync(int fd); -#endif /* __ANDROID32__ */ +#endif /* ANDROID */ #include <syslog.h> #include <sys/types.h> #include <sys/stat.h> #include <pthread.h> #include <semaphore.h> #define PATH_SEPARATOR '/' -#endif /* LINUX || __ANDROID32__ */ +#endif /* LINUX || ANDROID */ #ifdef WIN32 #include <windows.h> @@ -97,6 +97,10 @@ int fdatasync(int fd); #include "delegation_client_extension.h" #endif +#ifdef TFSW_FDM_ANDROID +#include <android/log.h> +#endif + /*---------------------------------------------------------------------------- * Design notes * ============ @@ -109,7 +113,7 @@ int fdatasync(int fd); /*---------------------------------------------------------------------------- * Defines and structures *----------------------------------------------------------------------------*/ -#define ECHANGE_BUFFER_INSTRUCTIONS_NB 100 +#define ECHANGE_BUFFER_INSTRUCTIONS_NB 1000 #define DEFAULT_WORKSPACE_SIZE (128*1024) @@ -124,6 +128,21 @@ typedef struct uint8_t sWorkspace[1/*g_nWorkspaceSize*/]; } DELEGATION_EXCHANGE_BUFFER; +#ifdef SUPPORT_RPMB_PARTITION +typedef struct +{ + uint8_t pDummy[196]; + uint8_t pMAC[32]; + uint8_t pData[256]; + uint8_t pNonce[16]; + uint32_t nMC; + uint16_t nAddr; + uint16_t nBlockCount; + uint16_t nResult; + uint16_t nReqOrResp; +} DELEGATION_RPMB_MESSAGE; +#endif + #define MD_VAR_NOT_USED(variable) do{(void)(variable);}while(0); #define MD_INLINE __inline @@ -141,7 +160,7 @@ typedef struct in release builds whereas logs are visible to the customer. -----------------------------------------------*/ -#if defined(LINUX) || (defined __ANDROID32__) +#if defined(LINUX) || (defined ANDROID) static bool bDetached = false; @@ -155,9 +174,13 @@ static MD_INLINE void LogError(const char* format, ...) } else { +#ifdef TFSW_FDM_ANDROID + __android_log_vprint(ANDROID_LOG_ERROR , "TF Daemon", format, ap); +#else fprintf(stderr, "ERROR: "); vfprintf(stderr, format, ap); fprintf(stderr, "\n"); +#endif } va_end(ap); } @@ -172,9 +195,13 @@ static MD_INLINE void LogWarning(const char* format, ...) } else { +#ifdef TFSW_FDM_ANDROID + __android_log_vprint(ANDROID_LOG_WARN , "TF Daemon", format, ap); +#else fprintf(stderr, "WARNING: "); vfprintf(stderr, format, ap); fprintf(stderr, "\n"); +#endif } va_end(ap); } @@ -188,8 +215,12 @@ static MD_INLINE void LogInfo(const char* format, ...) } else { +#ifdef TFSW_FDM_ANDROID + __android_log_vprint(ANDROID_LOG_INFO , "TF Daemon", format, ap); +#else vfprintf(stderr, format, ap); fprintf(stderr, "\n"); +#endif } va_end(ap); } @@ -205,9 +236,13 @@ static MD_INLINE void TRACE_ERROR(const char* format, ...) } else { +#ifdef TFSW_FDM_ANDROID + __android_log_vprint(ANDROID_LOG_ERROR , "TF Daemon", format, ap); +#else fprintf(stderr, "TRACE: ERROR: "); vfprintf(stderr, format, ap); fprintf(stderr, "\n"); +#endif } va_end(ap); #else @@ -226,9 +261,13 @@ static MD_INLINE void TRACE_WARNING(const char* format, ...) } else { +#ifdef TFSW_FDM_ANDROID + __android_log_vprint(ANDROID_LOG_WARN , "TF Daemon", format, ap); +#else fprintf(stderr, "TRACE: WARNING: "); vfprintf(stderr, format, ap); fprintf(stderr, "\n"); +#endif } va_end(ap); #else @@ -247,9 +286,13 @@ static MD_INLINE void TRACE_INFO(const char* format, ...) } else { +#ifdef TFSW_FDM_ANDROID + __android_log_vprint(ANDROID_LOG_INFO , "TF Daemon", format, ap); +#else fprintf(stderr, "TRACE: "); vfprintf(stderr, format, ap); fprintf(stderr, "\n"); +#endif } va_end(ap); #else @@ -289,7 +332,7 @@ static MD_INLINE void TRACE_INFO(const char* format, ...) } #else -/* !defined(LINUX) || !defined(__ANDROID32__) */ +/* !defined(LINUX) || !defined(ANDROID) */ static MD_INLINE void LogError(const char* format, ...) { @@ -359,7 +402,7 @@ static MD_INLINE void TRACE_INFO(const char* format, ...) MD_VAR_NOT_USED(format); #endif /* NDEBUG */ } -#endif /* defined(LINUX) || defined(__ANDROID32__) */ +#endif /* defined(LINUX) || defined(ANDROID) */ /*---------------------------------------------------------------------------- * Globals @@ -483,7 +526,7 @@ int static_checkStorageDirAndAccessRights(char * directoryName) if (result == 0) { /* Storage dir exists. Check access rights */ -#if defined(LINUX) || (defined __ANDROID32__) +#if defined(LINUX) || (defined ANDROID) if ((buf.st_mode & (S_IXUSR | S_IWUSR)) != (S_IXUSR | S_IWUSR)) { LogError("storageDir '%s' does not have read-write access", directoryName); @@ -529,7 +572,7 @@ static TEEC_Result partitionDestroy(uint32_t nPartitionID) } /* Try to erase the file */ -#if defined(LINUX) || (defined __ANDROID32__) || defined (__SYMBIAN32__) +#if defined(LINUX) || (defined ANDROID) || defined (__SYMBIAN32__) if (unlink(g_pPartitionNames[nPartitionID]) != 0) #endif #ifdef WIN32 @@ -686,6 +729,46 @@ static TEEC_Result partitionRead(uint32_t nPartitionID, uint32_t nSectorIndex, u return S_SUCCESS; } +#ifdef SUPPORT_RPMB_PARTITION +static TEEC_Result rpmbRead(DELEGATION_RPMB_INSTRUCTION *pInstruction) +{ + DELEGATION_RPMB_MESSAGE* pMessages; + uint32_t nNbMsg, nIndex; + + nNbMsg = g_nSectorSize >> 8; + pMessages = (DELEGATION_RPMB_MESSAGE*)malloc(nNbMsg * sizeof(DELEGATION_RPMB_MESSAGE)); + if (pMessages == NULL) + { + return S_ERROR_OUT_OF_MEMORY; + } + memset(pMessages,0,nNbMsg * sizeof(DELEGATION_RPMB_MESSAGE)); + + for (nIndex=0;nIndex<nNbMsg;nIndex++) + { + memcpy(pMessages[nIndex].pNonce , pInstruction->pNonce, 16); + pMessages[nIndex].nAddr = pInstruction->nAddr; + pMessages[nIndex].nBlockCount = pInstruction->nBlockCount; + pMessages[nIndex].nReqOrResp = 0x0004; + } + memcpy(pMessages[nNbMsg-1].pMAC,pInstruction->nMAC,32); + + /* TODO: send to the RPMB driver */ + + memcpy(pInstruction->pNonce,pMessages[0].pNonce , 16); + pInstruction->nAddr = pMessages[0].nAddr; + pInstruction->nBlockCount = pMessages[0].nBlockCount; + for (nIndex=0;nIndex<nNbMsg;nIndex++) + { + memcpy(g_pWorkspaceBuffer + pInstruction->nWorkspaceOffset[nIndex],pMessages[nIndex].pData,256); + } + memcpy(pInstruction->nMAC, pMessages[nNbMsg-1].pMAC,32); + pInstruction->nResult=pMessages[nNbMsg-1].nResult; + + free(pMessages); + + return S_SUCCESS; +} +#endif /** * This function executes the WRITE instruction. * @@ -724,7 +807,42 @@ static TEEC_Result partitionWrite(uint32_t nPartitionID, uint32_t nSectorIndex, return S_SUCCESS; } +#ifdef SUPPORT_RPMB_PARTITION +static TEEC_Result rpmbWrite(DELEGATION_RPMB_INSTRUCTION *pInstruction) +{ + DELEGATION_RPMB_MESSAGE* pMessages; + uint32_t nNbMsg, nIndex; + nNbMsg = g_nSectorSize >> 8; + pMessages = (DELEGATION_RPMB_MESSAGE*)malloc(nNbMsg * sizeof(DELEGATION_RPMB_MESSAGE)); + if (pMessages == NULL) + { + return S_ERROR_OUT_OF_MEMORY; + } + memset(pMessages,0,nNbMsg * sizeof(DELEGATION_RPMB_MESSAGE)); + + for (nIndex=0;nIndex<nNbMsg;nIndex++) + { + memcpy(pMessages[nIndex].pData,g_pWorkspaceBuffer + pInstruction->nWorkspaceOffset[nIndex],256); + pMessages[nIndex].nMC = pInstruction->nMC; + pMessages[nIndex].nAddr = pInstruction->nAddr; + pMessages[nIndex].nBlockCount = pInstruction->nBlockCount; + pMessages[nIndex].nReqOrResp = 0x0003; + } + memcpy(pMessages[nNbMsg-1].pMAC,pInstruction->nMAC,32); + + /* TODO: send to the RPMB driver */ + + pInstruction->nAddr = pMessages[0].nAddr; + pInstruction->nMC = pMessages[0].nMC; + memcpy(pInstruction->nMAC, pMessages[nNbMsg-1].pMAC,32); + pInstruction->nResult=pMessages[nNbMsg-1].nResult; + + free(pMessages); + + return S_SUCCESS; +} +#endif /** * This function executes the SET_SIZE instruction. * @@ -774,7 +892,7 @@ static TEEC_Result partitionSetSize(uint32_t nPartitionID, uint32_t nNewSectorCo { int result = 0; /* Truncate the partition file */ -#if defined(LINUX) || (defined __ANDROID32__) +#if defined(LINUX) || (defined ANDROID) result = ftruncate(fileno(pFile),nNewSectorCount * g_nSectorSize); #endif #if defined (__SYMBIAN32__) @@ -819,7 +937,7 @@ static TEEC_Result partitionSync(uint32_t nPartitionID) } /* Then synchronize the file descriptor with the file-system */ -#if defined(LINUX) || (defined __ANDROID32__) +#if defined(LINUX) || (defined ANDROID) result=fdatasync(fileno(pFile)); #endif #if defined (__SYMBIAN32__) @@ -1008,6 +1126,13 @@ static int runSession(TEEC_Context* pContext, TEEC_Session* pSession, TEEC_Opera { case DELEGATION_INSTRUCTION_PARTITION_CREATE: nError = partitionCreate(nPartitionID); +#ifdef SUPPORT_RPMB_PARTITION + if (nPartitionID == RPMB_PARTITION_ID) + { + /* TODO: get the Write counter */ + pInstruction->sAuthRW.nMC = 0; + } +#endif TRACE_INFO("INSTRUCTION: ID=0x%x pid=%d err=%d", (nInstructionID & 0x0F), nPartitionID, nError); break; case DELEGATION_INSTRUCTION_PARTITION_OPEN: @@ -1019,9 +1144,33 @@ static int runSession(TEEC_Context* pContext, TEEC_Session* pSession, TEEC_Opera { g_pExchangeBuffer->sAdministrativeData.nPartitionOpenSizes[nPartitionID] = nPartitionSize; } +#ifdef SUPPORT_RPMB_PARTITION + if (nPartitionID == RPMB_PARTITION_ID) + { + /* TODO: get the Write counter */ + pInstruction->sAuthRW.nMC = 0; + } +#endif break; } case DELEGATION_INSTRUCTION_PARTITION_READ: +#ifdef SUPPORT_RPMB_PARTITION + if (nPartitionID == RPMB_PARTITION_ID) + { + if (nInstructionsIndex + sizeof(DELEGATION_RPMB_INSTRUCTION)-sizeof(uint32_t) <= nInstructionsBufferSize) + { + nInstructionsIndex+=sizeof(DELEGATION_RPMB_INSTRUCTION)-sizeof(uint32_t); + } + else + { + goto instruction_parse_end; + } + nError = rpmbRead(&pInstruction->sAuthRW); + TRACE_INFO("INSTRUCTION: ID=0x%x pid=%d err=%d", (nInstructionID & 0x0F), nPartitionID, nError); + break; + } + else +#endif { /* Parse parameters */ uint32_t nSectorID; @@ -1041,6 +1190,23 @@ static int runSession(TEEC_Context* pContext, TEEC_Session* pSession, TEEC_Opera break; } case DELEGATION_INSTRUCTION_PARTITION_WRITE: +#ifdef SUPPORT_RPMB_PARTITION + if (nPartitionID == RPMB_PARTITION_ID) + { + if (nInstructionsIndex + sizeof(DELEGATION_RPMB_INSTRUCTION)-sizeof(uint32_t) <= nInstructionsBufferSize) + { + nInstructionsIndex+=sizeof(DELEGATION_RPMB_INSTRUCTION)-sizeof(uint32_t); + } + else + { + goto instruction_parse_end; + } + nError = rpmbWrite(&pInstruction->sAuthRW); + TRACE_INFO("INSTRUCTION: ID=0x%x pid=%d err=%d", (nInstructionID & 0x0F), nPartitionID, nError); + break; + } + else +#endif { /* Parse parameters */ uint32_t nSectorID; @@ -1317,7 +1483,7 @@ int main(int argc, char* argv[]) * Detach the daemon from the console */ -#if defined(LINUX) || (defined __ANDROID32__) +#if defined(LINUX) || (defined ANDROID) { /* * Turns this application into a daemon => fork off parent process, setup logging, ... |