summaryrefslogtreecommitdiffstats
path: root/security/tee_client_api/tee_client_api_linux_driver.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/tee_client_api/tee_client_api_linux_driver.c')
-rw-r--r--security/tee_client_api/tee_client_api_linux_driver.c929
1 files changed, 929 insertions, 0 deletions
diff --git a/security/tee_client_api/tee_client_api_linux_driver.c b/security/tee_client_api/tee_client_api_linux_driver.c
new file mode 100644
index 0000000..08a8210
--- /dev/null
+++ b/security/tee_client_api/tee_client_api_linux_driver.c
@@ -0,0 +1,929 @@
+/**
+ * Copyright(c) 2011 Trusted Logic. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name Trusted Logic nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "tee_client_api.h"
+#include "schannel6_protocol.h"
+#include "s_error.h"
+#include "s_version.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <stdarg.h>
+#include <assert.h>
+
+#include <sys/ioctl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <unistd.h>
+#include <linux/limits.h>
+#include <time.h>
+#include <sys/time.h>
+
+/*
+ * SCX_VERSION_INFORMATION_BUFFER structure description
+ * Description of the sVersionBuffer handed over from user space to kernel space
+ * This field is filled after an IOCTL call and handed back to user space
+ */
+typedef struct
+{
+ uint8_t sDriverDescription[65];
+ uint8_t sSecureWorldDescription[65];
+} SCX_VERSION_INFORMATION_BUFFER;
+
+
+/* The IOCTLs to the driver */
+#define IOCTL_SCX_GET_VERSION \
+ _IO('z', 0)
+
+#define IOCTL_SCX_EXCHANGE \
+ _IOWR('z', 1, SCHANNEL6_COMMAND)
+
+#define IOCTL_SCX_GET_DESCRIPTION \
+ _IOR('z', 2, SCX_VERSION_INFORMATION_BUFFER)
+
+
+/* Expected driver interface version. */
+#define SM_DRIVER_VERSION 0x04000000
+
+#define SCX_DEFAULT_DEVICE_NAME "tf_driver"
+
+#define SCX_PARAM_TYPE_GET(nParamTypes, i) (((nParamTypes) >> (4*i)) & 0xF)
+
+#define VAR_NOT_USED(variable) do{(void)(variable);}while(0);
+
+#define SIZE_4KB 0x1000
+#define SIZE_1MB 0x100000
+
+/* ------------------------------------------------------------------------ */
+/* UTILS */
+/* ------------------------------------------------------------------------ */
+#ifdef NDEBUG
+/* Compile-out the traces */
+#define TRACE_ERROR(...)
+#define TRACE_WARNING(...)
+#define TRACE_INFO(...)
+#else
+static void TRACE_ERROR(const char* format, ...)
+{
+ va_list ap;
+ va_start(ap, format);
+ fprintf(stderr, "TRACE: ERROR: ");
+ vfprintf(stderr, format, ap);
+ fprintf(stderr, "\n");
+ va_end(ap);
+}
+
+static void TRACE_WARNING(const char* format, ...)
+{
+ va_list ap;
+ va_start(ap, format);
+ fprintf(stderr, "TRACE: WARNING: ");
+ vfprintf(stderr, format, ap);
+ fprintf(stderr, "\n");
+ va_end(ap);
+}
+
+static void TRACE_INFO(const char* format, ...)
+{
+ va_list ap;
+ va_start(ap, format);
+ fprintf(stderr, "TRACE: ");
+ vfprintf(stderr, format, ap);
+ fprintf(stderr, "\n");
+ va_end(ap);
+}
+#endif /* NDEBUG */
+
+
+/*
+ * ====================================================
+ * Internal functions
+ * =====================================================
+*/
+
+static void scxYield(void)
+{
+ sleep(0);
+}
+
+/* ------------------------------------------------------------------------ */
+
+
+/*
+ * Exchange a message with the Secure World
+ * by calling the ioctl command of the linux driver
+ *
+ * @param pContext
+ * @param pCommand a SChannel command message that must have been filled except for the operation parameters
+ * @param pAnswer a placeholder for the SChannel answer
+ * @param pOperation a TEEC_Operation structure that contains the operation parameters (and types)
+ * and is updated with the SChannel answer data as appropriate. This parameter is
+ * used only for the open and invoke operations
+ */
+static TEEC_Result scxExchangeMessage(
+ IN TEEC_Context* pContext,
+ IN SCHANNEL6_COMMAND* pCommand,
+ OUT SCHANNEL6_ANSWER* pAnswer,
+ IN TEEC_Operation* pOperation)
+{
+ TEEC_Result nResult = TEEC_SUCCESS;
+
+ TRACE_INFO("scxExchangeMessage[0x%X]\n",pContext);
+
+ if (pOperation != NULL)
+ {
+ /* Determine message parameters from operation parameters */
+ uint32_t i;
+ SCHANNEL6_COMMAND_PARAM* pSCXParams;
+
+ /* Note that nParamType is at the same position in an open and an invoke message */
+ pCommand->sHeader.nMessageInfo = pOperation->paramTypes;
+
+ if (pCommand->sHeader.nMessageType == SCX_OPEN_CLIENT_SESSION)
+ {
+ pSCXParams = pCommand->sOpenClientSession.sParams;
+ }
+ else
+ {
+ /* An invoke-command */
+ pSCXParams = pCommand->sInvokeClientCommand.sParams;
+ }
+
+ for (i = 0; i < 4; i++)
+ {
+ uint32_t nTEECParamType = SCX_PARAM_TYPE_GET(pOperation->paramTypes, i);
+ TEEC_Parameter* pTEECParam = &pOperation->params[i];
+ SCHANNEL6_COMMAND_PARAM* pSCXParam = &pSCXParams[i];
+
+ if (nTEECParamType & SCX_PARAM_TYPE_MEMREF_FLAG)
+ {
+ if (nTEECParamType & SCX_PARAM_TYPE_REGISTERED_MEMREF_FLAG)
+ {
+ /* A registered memref */
+ pSCXParam->sMemref.hBlock = pTEECParam->memref.parent->imp._hBlock;
+ if (nTEECParamType == TEEC_MEMREF_WHOLE)
+ {
+ /* A memref on the whole shared memory */
+ /* Set the direction from the shared memory flags */
+ pCommand->sInvokeClientCommand.nParamTypes |=
+ (pTEECParam->memref.parent->flags & (SCX_PARAM_TYPE_INPUT_FLAG | SCX_PARAM_TYPE_OUTPUT_FLAG))
+ << (4*i);
+ pSCXParam->sMemref.nSize = pTEECParam->memref.parent->size;
+ pSCXParam->sMemref.nOffset = 0;
+ }
+ else
+ {
+ /* A partial memref */
+ pSCXParam->sMemref.nSize = pTEECParam->memref.size;
+ pSCXParam->sMemref.nOffset = pTEECParam->memref.offset;
+ }
+ }
+ else
+ {
+ /* A temporary memref */
+ /* Set nOffset to the address in the client. This allows the server
+ to allocate a block with the same alignment and also to
+ detect a NULL tmpref.
+ */
+ pSCXParam->sTempMemref.nOffset = (uint32_t)pTEECParam->tmpref.buffer;
+ pSCXParam->sTempMemref.nDescriptor = (uint32_t)pTEECParam->tmpref.buffer;
+ pSCXParam->sTempMemref.nSize = pTEECParam->tmpref.size;
+ }
+ }
+ else if (nTEECParamType & SCX_PARAM_TYPE_INPUT_FLAG)
+ {
+ /* An input value */
+ pSCXParam->sValue.a = pTEECParam->value.a;
+ pSCXParam->sValue.b = pTEECParam->value.b;
+ }
+ }
+ }
+
+ pCommand->sHeader.nOperationID = (uint32_t)pAnswer;
+
+ nResult = ioctl((S_HANDLE)pContext->imp._hConnection, IOCTL_SCX_EXCHANGE, pCommand);
+ if (nResult != S_SUCCESS)
+ {
+ TRACE_INFO("scxExchangeMessage[0x%X]: Ioctl returned error: 0x%x (0x%x - %d)\n",pContext,nResult,errno,errno);
+ switch(errno)
+ {
+ case ENOMEM:
+ nResult=TEEC_ERROR_OUT_OF_MEMORY;
+ break;
+ case EACCES:
+ nResult=TEEC_ERROR_ACCESS_DENIED;
+ break;
+ default:
+ nResult=TEEC_ERROR_COMMUNICATION;
+ break;
+ }
+ }
+
+ if (pOperation != NULL)
+ {
+ /* Update the operation parameters from the answer message */
+ uint32_t i;
+ SCHANNEL6_ANSWER_PARAM * pSCXAnswers;
+ if (pAnswer->sHeader.nMessageType == SCX_OPEN_CLIENT_SESSION)
+ {
+ /* Open session */
+ pSCXAnswers = pAnswer->sOpenClientSession.sAnswers;
+ }
+ else
+ {
+ /* Invoke case */
+ pSCXAnswers = pAnswer->sInvokeClientCommand.sAnswers;
+ }
+
+ for (i = 0; i < 4; i++)
+ {
+ uint32_t nSCXParamType;
+ nSCXParamType = SCX_GET_PARAM_TYPE(pCommand->sHeader.nMessageInfo, i);
+ if (nSCXParamType & SCX_PARAM_TYPE_OUTPUT_FLAG)
+ {
+ if (nSCXParamType & SCX_PARAM_TYPE_MEMREF_FLAG)
+ {
+ /* Trick: the size field is at the same position in a memref or a tmpref */
+ pOperation->params[i].memref.size = pSCXAnswers[i].sSize.nSize;
+ }
+ else
+ {
+ /* An output value */
+ pOperation->params[i].value.a = pSCXAnswers[i].sValue.a;
+ pOperation->params[i].value.b = pSCXAnswers[i].sValue.b;
+ }
+ }
+ }
+ }
+
+ return nResult;
+}
+
+/* ------------------------------------------------------------------------ */
+
+static void* scxAllocateSharedMemory(
+ IN uint32_t nLength)
+{
+ if (nLength == 0)
+ {
+ /* This is valid, although we don't want to call mmap.
+ Just return a dummy non-NULL pointer */
+ return (void*)0x10;
+ }
+ else
+ {
+ return mmap(
+ 0,nLength,
+ PROT_READ | PROT_WRITE,
+ MAP_SHARED | MAP_ANONYMOUS,
+ 0,0);
+ }
+}
+
+/* ------------------------------------------------------------------------ */
+
+static void scxReleaseSharedMemory(IN void* pBuffer,
+ IN uint32_t nLength)
+{
+ if (nLength == 0)
+ {
+ return;
+ }
+ if (munmap(pBuffer, nLength)!= 0)
+ {
+ TRACE_WARNING("scxReleaseSharedMemory returned 0x%x \n",errno);
+ }
+}
+/* ------------------------------------------------------------------------ */
+
+uint64_t scxGetCurrentTime(void)
+{
+ uint64_t currentTime = 0;
+ struct timeval now;
+
+ gettimeofday(&now,NULL);
+ currentTime = now.tv_sec;
+ currentTime = (currentTime * 1000) + (now.tv_usec / 1000);
+
+ return currentTime;
+}
+/* ------------------------------------------------------------------------ */
+
+/*
+ * ====================================================
+ * TEE Client API
+ * =====================================================
+*/
+
+/**
+ * Get a time-limit equal to now + relative timeout expressed in milliseconds.
+ **/
+void TEEC_GetTimeLimit(
+ TEEC_Context* sContext,
+ uint32_t nTimeout,
+ TEEC_TimeLimit* sTimeLimit)
+{
+ uint64_t nTimeLimit = 0;
+ VAR_NOT_USED(sContext);
+
+ TRACE_INFO("TEEC_GetTimeLimit(0x%X, %u ms)", sContext, nTimeout);
+
+ if (nTimeout == 0xFFFFFFFF )
+ {
+ /* Infinite timeout */
+ nTimeLimit = SCTIME_INFINITE;
+ }
+ else
+ {
+ nTimeLimit = scxGetCurrentTime() + nTimeout;
+ }
+ TRACE_INFO("GetTimeLimit %ld\n",nTimeLimit);
+ memcpy(sTimeLimit, &nTimeLimit, sizeof(TEEC_TimeLimit));
+}
+
+//-----------------------------------------------------------------------------------------------------
+TEEC_Result TEEC_InitializeContext(
+ const char* pDeviceName,
+ TEEC_Context* pContext)
+{
+
+ TEEC_Result nError = TEEC_SUCCESS;
+ S_HANDLE hDriver = S_HANDLE_NULL;
+ char sFullDeviceName[PATH_MAX];
+ uint32_t nVersion;
+
+ if(pDeviceName == NULL)
+ {
+ pDeviceName = SCX_DEFAULT_DEVICE_NAME;
+ }
+ strcpy(sFullDeviceName, "/dev/");
+ strcat(sFullDeviceName, pDeviceName);
+
+ hDriver = open(sFullDeviceName, O_RDWR, 0);
+
+ if (hDriver == (uint32_t)-1)
+ {
+ TRACE_ERROR("scxOpen: open() failed 0x%x\n", errno);
+ switch(errno)
+ {
+ case ENOMEM:
+ nError = TEEC_ERROR_OUT_OF_MEMORY;
+ goto error;
+ case EINTR:
+ break;
+ default:
+ nError = TEEC_ERROR_COMMUNICATION;
+ goto error;
+ }
+ }
+ fcntl(hDriver, F_SETFD, FD_CLOEXEC);
+ nVersion = ioctl(hDriver, IOCTL_SCX_GET_VERSION);
+ if (nVersion != SM_DRIVER_VERSION)
+ {
+ TRACE_ERROR("scxOpen: Not expected driver version: 0x%x instead of 0x%x\n", nVersion,SM_DRIVER_VERSION);
+ switch(errno)
+ {
+ case ENOMEM:
+ nError=TEEC_ERROR_OUT_OF_MEMORY;
+ break;
+ default:
+ nError=TEEC_ERROR_COMMUNICATION;
+ break;
+ }
+ close(hDriver);
+ }
+error:
+ if(nError == TEEC_SUCCESS)
+ {
+ pContext->imp._hConnection = hDriver;
+ }
+ else
+ {
+ TRACE_ERROR("scxOpen failed 0x%x\n", nError);
+ pContext->imp._hConnection = 0;
+ }
+
+ return nError;
+}
+
+//-----------------------------------------------------------------------------------------------------
+void TEEC_FinalizeContext(TEEC_Context* pContext)
+{
+ TRACE_INFO("TEEC_FinalizeContext[0x%X]", pContext);
+
+ if (pContext == NULL) return;
+
+ close(pContext->imp._hConnection);
+ pContext->imp._hConnection = 0;
+}
+
+//-----------------------------------------------------------------------------------------------------
+TEEC_Result TEEC_OpenSession (
+ TEEC_Context* context,
+ TEEC_Session* session, /* OUT */
+ const TEEC_UUID* destination, /* The trusted application UUID we want to open the session with */
+ uint32_t connectionMethod, /* LoginType*/
+ void* connectionData, /* LoginData */
+ TEEC_Operation* operation, /* payload. If operation is NULL then no data buffers are exchanged with the Trusted Application, and the operation cannot be cancelled by the Client Application */
+ uint32_t* errorOrigin)
+{
+ return TEEC_OpenSessionEx(context,
+ session,
+ NULL,
+ destination,
+ connectionMethod,
+ connectionData,
+ operation,
+ errorOrigin);
+}
+
+//-----------------------------------------------------------------------------------------------------
+void TEEC_CloseSession (TEEC_Session* session)
+{
+ TEEC_Context* context;
+ SCHANNEL6_ANSWER sAnswer;
+ SCHANNEL6_COMMAND sCommand;
+ if (session == NULL) return;
+ context = session->imp._pContext;
+ memset(&sCommand,0,sizeof(sCommand));
+ sCommand.sHeader.nMessageType = SCX_CLOSE_CLIENT_SESSION;
+ sCommand.sHeader.nMessageSize = (sizeof(SCHANNEL6_CLOSE_CLIENT_SESSION_COMMAND)
+ - sizeof(SCHANNEL6_COMMAND_HEADER))/sizeof(uint32_t);
+ sCommand.sCloseClientSession.hClientSession = session->imp._hClientSession;
+ scxExchangeMessage(context, &sCommand, &sAnswer, NULL);
+ /* we ignore the error code of scxExchangeMessage */
+ session->imp._hClientSession = S_HANDLE_NULL;
+ session->imp._pContext = NULL;
+}
+
+//-----------------------------------------------------------------------------------------------------
+TEEC_Result TEEC_InvokeCommand(
+ TEEC_Session* session,
+ uint32_t commandID,
+ TEEC_Operation* operation,
+ uint32_t* errorOrigin)
+{
+ return TEEC_InvokeCommandEx(session,
+ NULL,
+ commandID,
+ operation,
+ errorOrigin);
+}
+
+
+//-----------------------------------------------------------------------------------------------------
+/* Used to implement both register and allocate */
+static TEEC_Result TEEC_RegisterSharedMemory0(
+ TEEC_Context* context,
+ TEEC_SharedMemory* sharedMem)
+{
+ TEEC_Result nResult;
+ SCHANNEL6_COMMAND sCommand;
+ SCHANNEL6_ANSWER sAnswer;
+
+ TRACE_INFO("TEEC_RegisterSharedMemory0 (%p, %p)",context, sharedMem);
+ memset(&sCommand, 0, sizeof(sCommand));
+
+ sCommand.sRegisterSharedMemory.nMessageSize = (sizeof(SCHANNEL6_REGISTER_SHARED_MEMORY_COMMAND) - sizeof(SCHANNEL6_COMMAND_HEADER))/4;
+ sCommand.sRegisterSharedMemory.nMessageType = SCX_REGISTER_SHARED_MEMORY;
+ sCommand.sRegisterSharedMemory.nMemoryFlags = sharedMem->flags;
+ sCommand.sRegisterSharedMemory.nSharedMemSize = sharedMem->size;
+ sCommand.sRegisterSharedMemory.nSharedMemStartOffset = 0;
+ sCommand.sRegisterSharedMemory.nSharedMemDescriptors[0] = (uint32_t)sharedMem->buffer;
+ nResult = scxExchangeMessage(context,
+ &sCommand,
+ &sAnswer,
+ NULL);
+ if (nResult == TEEC_SUCCESS)
+ {
+ nResult = sAnswer.sRegisterSharedMemory.nErrorCode;
+ }
+ if (nResult == TEEC_SUCCESS)
+ {
+ sharedMem->imp._pContext = context;
+ sharedMem->imp._hBlock = sAnswer.sRegisterSharedMemory.hBlock;
+ }
+ return nResult;
+}
+
+
+//-----------------------------------------------------------------------------------------------------
+TEEC_Result TEEC_RegisterSharedMemory(
+ TEEC_Context* context,
+ TEEC_SharedMemory* sharedMem)
+{
+ TRACE_INFO("TEEC_RegisterSharedMemory (%p)",context);
+ sharedMem->imp._pContext = NULL;
+ sharedMem->imp._hBlock = S_HANDLE_NULL;
+ sharedMem->imp._bAllocated = false;
+ return TEEC_RegisterSharedMemory0(context, sharedMem);
+}
+
+//-----------------------------------------------------------------------------------------------------
+TEEC_Result TEEC_AllocateSharedMemory(
+ TEEC_Context* context,
+ TEEC_SharedMemory* sharedMem)
+{
+ TEEC_Result nResult;
+ TRACE_INFO("TEEC_AllocateSharedMemory (%p)",context);
+
+ sharedMem->imp._pContext = NULL;
+ sharedMem->imp._hBlock = S_HANDLE_NULL;
+ sharedMem->buffer = scxAllocateSharedMemory(sharedMem->size);
+ if (sharedMem->buffer == NULL)
+ {
+ return TEEC_ERROR_OUT_OF_MEMORY;
+ }
+ sharedMem->imp._bAllocated = true;
+ nResult = TEEC_RegisterSharedMemory0(context, sharedMem);
+ if (nResult != TEEC_SUCCESS)
+ {
+ scxReleaseSharedMemory(sharedMem->buffer,sharedMem->size);
+ sharedMem->buffer = NULL;
+ }
+ return nResult;
+}
+
+//-----------------------------------------------------------------------------------------------------
+void TEEC_ReleaseSharedMemory (
+ TEEC_SharedMemory* sharedMem)
+{
+ SCHANNEL6_ANSWER sAnswer;
+ SCHANNEL6_COMMAND sMessage;
+ TEEC_Context* context;
+
+ context = (TEEC_Context *)sharedMem->imp._pContext;
+ memset(&sMessage, 0, sizeof(SCHANNEL6_COMMAND));
+ sMessage.sReleaseSharedMemory.nMessageType = SCX_RELEASE_SHARED_MEMORY;
+ sMessage.sReleaseSharedMemory.nMessageSize = (sizeof(SCHANNEL6_RELEASE_SHARED_MEMORY_COMMAND)
+ - sizeof(SCHANNEL6_COMMAND_HEADER))/sizeof(uint32_t);
+ sMessage.sReleaseSharedMemory.hBlock = sharedMem->imp._hBlock;
+ scxExchangeMessage(context,&sMessage, &sAnswer, NULL);
+ if (sharedMem->imp._bAllocated)
+ {
+ scxReleaseSharedMemory(sharedMem->buffer,sharedMem->size);
+ /* Update parameters:
+ * In this case the Implementation MUST set the buffer and size fields of the sharedMem structure
+ * to NULL and 0 respectively before returning.
+ */
+ sharedMem->buffer = NULL;
+ sharedMem->size = 0;
+ }
+ sharedMem->imp._pContext = NULL;
+ sharedMem->imp._hBlock = S_HANDLE_NULL;
+}
+
+//-----------------------------------------------------------------------------------------------------
+void TEEC_RequestCancellation(TEEC_Operation* operation)
+{
+ uint32_t nOperationState;
+ TEEC_Result nResult;
+
+ if (operation == NULL) return;
+
+retry:
+ nOperationState = operation->started;
+ if (nOperationState == 2)
+ {
+ /* Operation already finished. Return immediately */
+ return;
+ }
+ else if (nOperationState == 1)
+ {
+ /* Operation is in progress */
+ TEEC_Context* context;
+ SCHANNEL6_ANSWER sAnswer;
+ SCHANNEL6_COMMAND sMessage;
+
+ context = operation->imp._pContext;
+
+ memset(&sMessage,0,sizeof(sMessage));
+ sMessage.sHeader.nMessageType = SCX_CANCEL_CLIENT_OPERATION;
+ sMessage.sHeader.nMessageSize = (sizeof(SCHANNEL6_CANCEL_CLIENT_OPERATION_COMMAND) - sizeof(SCHANNEL6_COMMAND_HEADER))/4;
+ sMessage.sCancelClientOperation.hClientSession = operation->imp._hSession;
+ sMessage.sCancelClientOperation.nCancellationID = (uint32_t)operation;
+ nResult = scxExchangeMessage(context,&sMessage, &sAnswer, NULL);
+
+ if (nResult != TEEC_SUCCESS)
+ {
+ /* Communication failure. Ignore the error: the operation is already cancelled anyway */
+ return;
+ }
+ if (sAnswer.sCancelClientOperation.nErrorCode == S_SUCCESS)
+ {
+ /* Command was successfully cancelled */
+ return;
+ }
+ /* Otherwise, the command has not yet reached the secure world or has already finished and we must retry */
+ }
+ /* This applies as well when nOperationState == 0. In this case, the operation has not yet
+ started yet and we don't even have a pointer to the context */
+ scxYield();
+ goto retry;
+}
+
+
+//-----------------------------------------------------------------------------------------------------
+TEEC_Result TEEC_ReadSignatureFile(
+ void** ppSignatureFile,
+ uint32_t* pnSignatureFileLength)
+{
+ TEEC_Result nErrorCode = TEEC_SUCCESS;
+
+ uint32_t nBytesRead;
+ uint32_t nSignatureSize = 0;
+ uint8_t* pSignature = NULL;
+ FILE* pSignatureFile = NULL;
+ char sFileName[PATH_MAX + 1 + 5]; /* Allocate room for the signature extension */
+ long nFileSize;
+
+ *pnSignatureFileLength = 0;
+ *ppSignatureFile = NULL;
+
+ if (realpath("/proc/self/exe", sFileName) == NULL)
+ {
+ TRACE_ERROR("TEEC_ReadSignatureFile: realpath failed [%d]", errno);
+ return TEEC_ERROR_OS;
+ }
+
+ /* Work out the signature file name */
+ strcat(sFileName, ".ssig");
+
+ pSignatureFile = fopen(sFileName, "rb");
+ if (pSignatureFile == NULL)
+ {
+ /* Signature doesn't exist */
+ return TEEC_ERROR_ITEM_NOT_FOUND;
+ }
+
+ if (fseek(pSignatureFile, 0, SEEK_END) != 0)
+ {
+ TRACE_ERROR("TEEC_ReadSignatureFile: fseek(%s) failed [%d]",
+ sFileName, errno);
+ nErrorCode = TEEC_ERROR_OS;
+ goto error;
+ }
+
+ nFileSize = ftell(pSignatureFile);
+ if (nFileSize < 0)
+ {
+ TRACE_ERROR("TEEC_ReadSignatureFile: ftell(%s) failed [%d]",
+ sFileName, errno);
+ nErrorCode = TEEC_ERROR_OS;
+ goto error;
+ }
+
+ nSignatureSize = (uint32_t)nFileSize;
+
+ if (nSignatureSize != 0)
+ {
+ pSignature = malloc(nSignatureSize);
+ if (pSignature == NULL)
+ {
+ TRACE_ERROR("TEEC_ReadSignatureFile: Heap - Out of memory for %u bytes",
+ nSignatureSize);
+ nErrorCode = TEEC_ERROR_OUT_OF_MEMORY;
+ goto error;
+ }
+
+ rewind(pSignatureFile);
+
+ nBytesRead = fread(pSignature, 1, nSignatureSize, pSignatureFile);
+ if (nBytesRead < nSignatureSize)
+ {
+ TRACE_ERROR("TEEC_ReadSignatureFile: fread failed [%d]", errno);
+ nErrorCode = TEEC_ERROR_OS;
+ goto error;
+ }
+ }
+
+ fclose(pSignatureFile);
+
+ *pnSignatureFileLength = nSignatureSize;
+ *ppSignatureFile = pSignature;
+
+ return S_SUCCESS;
+
+error:
+ fclose(pSignatureFile);
+ free(pSignature);
+
+ return nErrorCode;
+}
+
+//-----------------------------------------------------------------------------------------------------
+TEEC_Result TEEC_OpenSessionEx (
+ TEEC_Context* context,
+ TEEC_Session* session, /* OUT */
+ const TEEC_TimeLimit* timeLimit,
+ const TEEC_UUID* destination, /* The trusted application UUID we want to open the session with */
+ uint32_t connectionMethod, /* LoginType*/
+ void* connectionData, /* LoginData */
+ TEEC_Operation* operation, /* payload. If operation is NULL then no data buffers are exchanged with the Trusted Application, and the operation cannot be cancelled by the Client Application */
+ uint32_t* returnOrigin)
+{
+ TEEC_Result nError;
+ uint32_t nReturnOrigin;
+ SCHANNEL6_ANSWER sAnswer;
+ SCHANNEL6_COMMAND sCommand;
+
+ memset(&sCommand, 0, sizeof(SCHANNEL6_COMMAND));
+
+ sCommand.sHeader.nMessageType = SCX_OPEN_CLIENT_SESSION;
+ sCommand.sHeader.nMessageSize = (sizeof(SCHANNEL6_OPEN_CLIENT_SESSION_COMMAND) - 20 -sizeof(SCHANNEL6_COMMAND_HEADER))/sizeof(uint32_t);
+ if (timeLimit == NULL)
+ {
+ sCommand.sOpenClientSession.sTimeout = SCTIME_INFINITE;
+ }
+ else
+ {
+ sCommand.sOpenClientSession.sTimeout = *(uint64_t*)timeLimit;
+ }
+ sCommand.sOpenClientSession.sDestinationUUID = *((S_UUID*)destination);
+ sCommand.sOpenClientSession.nLoginType = connectionMethod;
+ if ((connectionMethod == TEEC_LOGIN_GROUP)||(connectionMethod == TEEC_LOGIN_GROUP_APPLICATION))
+ {
+ /* connectionData MUST point to a uint32_t which contains the group
+ * which this Client Application wants to connect as. The Linux Driver
+ * is responsible for securely ensuring that the Client Application
+ * instance is actually a member of this group.
+ */
+ if (connectionData != NULL)
+ {
+ *(uint32_t*)sCommand.sOpenClientSession.sLoginData = *(uint32_t*)connectionData;
+ sCommand.sHeader.nMessageSize += sizeof(uint32_t);
+ }
+ }
+ sCommand.sOpenClientSession.nCancellationID = (uint32_t)operation; // used for TEEC_RequestCancellation
+
+ if (operation != NULL)
+ {
+ operation->imp._pContext = context;
+ operation->imp._hSession = S_HANDLE_NULL;
+ operation->started = 1;
+ }
+
+ nError = scxExchangeMessage(context, &sCommand, &sAnswer, operation);
+
+ if (operation != NULL) operation->started = 2;
+
+ if (nError != TEEC_SUCCESS)
+ {
+ nReturnOrigin = TEEC_ORIGIN_COMMS;
+ }
+ else
+ {
+ nError = sAnswer.sOpenClientSession.nErrorCode;
+ nReturnOrigin = sAnswer.sOpenClientSession.nReturnOrigin;
+ }
+
+ if (returnOrigin != NULL) *returnOrigin = nReturnOrigin;
+
+ if (nError == S_SUCCESS)
+ {
+ session->imp._hClientSession = sAnswer.sOpenClientSession.hClientSession;
+ session->imp._pContext = context;
+ }
+
+ return nError;
+}
+
+//-----------------------------------------------------------------------------------------------------
+TEEC_Result TEEC_InvokeCommandEx(
+ TEEC_Session* session,
+ const TEEC_TimeLimit* timeLimit,
+ uint32_t commandID,
+ TEEC_Operation* operation,
+ uint32_t* returnOrigin)
+{
+ TEEC_Result nError;
+ SCHANNEL6_ANSWER sAnswer;
+ SCHANNEL6_COMMAND sCommand;
+ uint32_t nReturnOrigin;
+ TEEC_Context * context;
+
+ context = (TEEC_Context *)session->imp._pContext;
+ memset(&sCommand, 0, sizeof(SCHANNEL6_COMMAND));
+
+ sCommand.sHeader.nMessageType = SCX_INVOKE_CLIENT_COMMAND;
+ sCommand.sHeader.nMessageSize = (sizeof(SCHANNEL6_INVOKE_CLIENT_COMMAND_COMMAND) - sizeof(SCHANNEL6_COMMAND_HEADER))/sizeof(uint32_t);
+ sCommand.sInvokeClientCommand.nClientCommandIdentifier = commandID;
+ if (timeLimit == NULL)
+ {
+ sCommand.sInvokeClientCommand.sTimeout = SCTIME_INFINITE;
+ }
+ else
+ {
+ sCommand.sInvokeClientCommand.sTimeout = *(uint64_t*)timeLimit;
+ }
+ sCommand.sInvokeClientCommand.hClientSession = session->imp._hClientSession;
+ sCommand.sInvokeClientCommand.nCancellationID = (uint32_t)operation; // used for TEEC_RequestCancellation
+
+ if (operation != NULL)
+ {
+ operation->imp._pContext = session->imp._pContext;
+ operation->imp._hSession = session->imp._hClientSession;
+ operation->started = 1;
+ }
+
+ nError = scxExchangeMessage(context, &sCommand, &sAnswer, operation);
+
+ if (operation != NULL)
+ {
+ operation->started = 2;
+ operation->imp._hSession = S_HANDLE_NULL;
+ operation->imp._pContext = NULL;
+ }
+
+ if (nError != TEEC_SUCCESS)
+ {
+ nReturnOrigin = TEEC_ORIGIN_COMMS;
+ }
+ else
+ {
+ nError = sAnswer.sInvokeClientCommand.nErrorCode;
+ nReturnOrigin = sAnswer.sInvokeClientCommand.nReturnOrigin;
+ }
+
+ if (returnOrigin != NULL) *returnOrigin = nReturnOrigin;
+
+ return nError;
+
+}
+
+//-----------------------------------------------------------------------------------------------------
+/*
+ * Retrieves information about the implementation
+ */
+void TEEC_GetImplementationInfo(
+ TEEC_Context* context,
+ TEEC_ImplementationInfo* description)
+{
+ TRACE_INFO("TEEC_GetImplementationInfo");
+
+ memset(description, 0, sizeof(TEEC_ImplementationInfo));
+
+ strcpy(description->apiDescription, S_VERSION_STRING);
+
+ if (context != NULL)
+ {
+ SCX_VERSION_INFORMATION_BUFFER sInfoBuffer;
+ uint32_t nResult;
+
+ nResult = ioctl((S_HANDLE)context->imp._hConnection, IOCTL_SCX_GET_DESCRIPTION, &sInfoBuffer);
+ if (nResult != S_SUCCESS)
+ {
+ TRACE_ERROR("TEEC_GetImplementationInfo[0x%X]: ioctl returned error: 0x%x ( %d)\n",context, nResult, errno);
+ return;
+ }
+
+ memcpy(description->commsDescription, sInfoBuffer.sDriverDescription, 64);
+ description->commsDescription[64] = 0;
+ memcpy(description->TEEDescription, sInfoBuffer.sSecureWorldDescription, 64);
+ description->TEEDescription[64] = 0;
+ }
+}
+
+void TEEC_GetImplementationLimits(
+ TEEC_ImplementationLimits* limits)
+{
+ memset(limits, 0, sizeof(TEEC_ImplementationLimits));
+
+ /* A temp mem ref can not be mapped on more than 1Mb */
+ limits->pageSize = SIZE_4KB;
+ limits->tmprefMaxSize = SIZE_1MB;
+ limits->sharedMemMaxSize = SIZE_1MB * 8;
+ }