diff options
| author | Jerome Forissier <jerome.forissier@linaro.org> | 2018-12-05 10:18:37 +0100 |
|---|---|---|
| committer | Jérôme Forissier <jerome.forissier@linaro.org> | 2018-12-11 10:27:03 +0100 |
| commit | e147a447ccc06a6eca7caeddae22dec06c168d19 (patch) | |
| tree | d73cb9963e52ed4f3954806bd9d98ceb048bde04 | |
| parent | 7309438688816c1f650a5e3a9e12c15b5baf4551 (diff) | |
Remove Secure Element API support
There is probably no-one using the Secure Element API. We have never heard
anyone asking questions about it, have no way to test it and we believe
it is not even working right now. Therefore, remove it.
- The reserved syscalls are still present, but return
TEE_ERROR_NOT_SUPPORTED
- The TEE_SE* functions (GlobalPlatform TEE Secure Element API,
GPD_SPE_024) are removed from libutee.a and the header file
tee_internal_se_api.h is removed as well
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
47 files changed, 32 insertions, 3839 deletions
diff --git a/.shippable.yml b/.shippable.yml index f10385a1..d78cd880 100644 --- a/.shippable.yml +++ b/.shippable.yml @@ -38,7 +38,6 @@ build: - _make CFG_RPMB_FS=y - _make CFG_RPMB_FS=y CFG_RPMB_TESTKEY=y - _make CFG_REE_FS=n CFG_RPMB_FS=y - - _make CFG_WITH_USER_TA=n CFG_CRYPTO=n CFG_SE_API=n CFG_PCSC_PASSTHRU_READER_DRV=y - _make CFG_WITH_PAGER=y CFG_WITH_LPAE=y CFG_RPMB_FS=y CFG_DT=y CFG_TEE_CORE_LOG_LEVEL=1 CFG_TEE_CORE_DEBUG=y CFG_CC_OPTIMIZE_FOR_SIZE=n CFG_DEBUG_INFO=y - _make CFG_WITH_PAGER=y CFG_WITH_LPAE=y CFG_RPMB_FS=y CFG_DT=y CFG_TEE_CORE_LOG_LEVEL=0 CFG_TEE_CORE_DEBUG=n DEBUG=0 - _make CFG_BUILT_IN_ARGS=y CFG_PAGEABLE_ADDR=0 CFG_NS_ENTRY_ADDR=0 CFG_DT_ADDR=0 CFG_DT=y diff --git a/core/arch/arm/include/kernel/user_ta.h b/core/arch/arm/include/kernel/user_ta.h index d547c0a4..b28f6d71 100644 --- a/core/arch/arm/include/kernel/user_ta.h +++ b/core/arch/arm/include/kernel/user_ta.h @@ -58,9 +58,6 @@ struct user_ta_ctx { struct vm_info *vm_info; void *ta_time_offs; struct tee_pager_area_head *areas; -#if defined(CFG_SE_API) - struct tee_se_service *se_service; -#endif #if defined(CFG_WITH_VFP) struct thread_user_vfp_state vfp; #endif diff --git a/core/arch/arm/plat-vexpress/conf.mk b/core/arch/arm/plat-vexpress/conf.mk index 7535c038..6d4dbe06 100644 --- a/core/arch/arm/plat-vexpress/conf.mk +++ b/core/arch/arm/plat-vexpress/conf.mk @@ -91,10 +91,6 @@ $(call force,CFG_BOOT_SECONDARY_REQUEST,y) $(call force,CFG_PSCI_ARM32,y) $(call force,CFG_DT,y) CFG_DTB_MAX_SIZE ?= 0x100000 -# SE API is only supported by QEMU Virt platform -CFG_SE_API ?= y -CFG_SE_API_SELF_TEST ?= y -CFG_PCSC_PASSTHRU_READER_DRV ?= n endif ifeq ($(PLATFORM_FLAVOR),qemu_armv8a) diff --git a/core/arch/arm/pta/se_api_self_tests.c b/core/arch/arm/pta/se_api_self_tests.c deleted file mode 100644 index 75c7936d..00000000 --- a/core/arch/arm/pta/se_api_self_tests.c +++ /dev/null @@ -1,476 +0,0 @@ -// SPDX-License-Identifier: BSD-2-Clause -/* - * Copyright (c) 2014, Linaro Limited - */ - -#include <compiler.h> -#include <kernel/pseudo_ta.h> -#include <tee_api_types.h> -#include <tee_api_defines.h> -#include <trace.h> - -#include <tee/se/manager.h> -#include <tee/se/reader.h> -#include <tee/se/session.h> -#include <tee/se/iso7816.h> -#include <tee/se/aid.h> -#include <tee/se/apdu.h> -#include <tee/se/channel.h> -#include <tee/se/util.h> - -#include <stdlib.h> -#include <string.h> - -#include "aid_priv.h" -#include "apdu_priv.h" -#include "reader_priv.h" - - -#define TA_NAME "se_api_self_tests.ta" - -#define MAX_READERS 10 - -#define CMD_SELF_TESTS 0 - -#define SE_API_SELF_TEST_UUID \ - { 0xAEB79790, 0x6F03, 0x11E4, \ - { 0x98, 0x03, 0x08, 0x00, 0x20, 0x0C, 0x9A, 0x66 } } - -#define ASSERT(expr) \ - do { \ - if (!(expr)) { \ - EMSG("assertion '%s' failed at %s:%d (func '%s')", \ - #expr, __FILE__, __LINE__, __func__); \ - return TEE_ERROR_GENERIC; \ - } \ - } while (0) - -#define CHECK(ret) \ - do { \ - if (ret != TEE_SUCCESS) \ - return ret; \ - } while (0) - -/* - * Trusted Application Entry Points - */ - -static TEE_Result test_reader(struct tee_se_reader_proxy **handle) -{ - TEE_Result ret; - uint8_t cmd[] = { ISO7816_CLA, MANAGE_CHANNEL_CMD, - OPEN_CHANNEL, OPEN_NEXT_AVAILABLE }; - uint8_t resp[3]; - size_t resp_size = sizeof(resp); - const int expected_channel_id = 1; - - DMSG("entry"); - /* transmit should fail since no one attached to the reader */ - ret = tee_se_reader_transmit(handle[0], cmd, sizeof(cmd), - resp, &resp_size); - ASSERT(ret == TEE_ERROR_BAD_STATE); - - ret = tee_se_reader_attach(handle[0]); - ASSERT(ret == TEE_SUCCESS); - - ret = tee_se_reader_attach(handle[0]); - ASSERT(ret == TEE_SUCCESS); - - /* referenced by 2 owners */ - ASSERT(2 == tee_se_reader_get_refcnt(handle[0])); - - ret = tee_se_reader_transmit(handle[0], cmd, sizeof(cmd), - resp, &resp_size); - ASSERT(ret == TEE_SUCCESS); - ASSERT(resp[0] == expected_channel_id && - resp[1] == CMD_OK_SW1 && resp[2] == CMD_OK_SW2); - - tee_se_reader_detach(handle[0]); - - ASSERT(1 == tee_se_reader_get_refcnt(handle[0])); - - tee_se_reader_detach(handle[0]); - DMSG("exit"); - - return TEE_SUCCESS; -} - -static TEE_Result test_aid(struct tee_se_reader_proxy **proxies) -{ - struct tee_se_session *s = NULL; - struct tee_se_channel *b = NULL, *l = NULL; - struct tee_se_aid *aid = NULL; - TEE_Result ret; - - DMSG("entry"); - ret = tee_se_aid_create("D0000CAFE00001", &aid); - ASSERT(ret == TEE_SUCCESS); - - ret = tee_se_reader_open_session(proxies[0], &s); - ASSERT(ret == TEE_SUCCESS); - - ret = tee_se_session_open_basic_channel(s, aid, &b); - ASSERT(ret == TEE_SUCCESS); - - ret = tee_se_session_open_logical_channel(s, aid, &l); - ASSERT(ret == TEE_SUCCESS); - - ASSERT(tee_se_aid_get_refcnt(aid) == 3); - - tee_se_session_close_channel(s, b); - tee_se_session_close_channel(s, l); - - ASSERT(tee_se_aid_get_refcnt(aid) == 1); - - tee_se_session_close(s); - tee_se_aid_release(aid); - DMSG("exit"); - - return TEE_SUCCESS; -} - -static TEE_Result test_session(struct tee_se_reader_proxy **proxies) -{ - struct tee_se_channel *c1 = NULL, *c2 = NULL; - struct tee_se_session *s1 = NULL, *s2 = NULL; - TEE_Result ret; - - DMSG("entry"); - ret = tee_se_reader_open_session(proxies[0], &s1); - ASSERT(ret == TEE_SUCCESS); - - /* should success, multiple sessions open by different user */ - ret = tee_se_reader_open_session(proxies[0], &s2); - ASSERT(ret == TEE_SUCCESS); - - /* open basic channel on s1 (should success) */ - ret = tee_se_session_open_basic_channel(s1, NULL, &c1); - ASSERT(ret == TEE_SUCCESS); - - /* open basic channel on s2 - * (should fail, basic channel is locked by s1) - */ - ret = tee_se_session_open_basic_channel(s2, NULL, &c2); - ASSERT(ret == TEE_ERROR_NOT_SUPPORTED); - ASSERT(c2 == NULL); - - /* close basic channel on s1 */ - tee_se_session_close_channel(s1, c1); - c1 = NULL; - - /* open basic channel on s2 (this time should success) */ - ret = tee_se_session_open_basic_channel(s1, NULL, &c2); - ASSERT(ret == TEE_SUCCESS); - - /* close basic channel on s2 */ - tee_se_session_close_channel(s2, c2); - c2 = NULL; - - /* open logical channel on s1 and s2 (both should success) */ - ret = tee_se_session_open_logical_channel(s1, NULL, &c1); - ASSERT(ret == TEE_SUCCESS); - ret = tee_se_session_open_logical_channel(s2, NULL, &c2); - ASSERT(ret == TEE_SUCCESS); - - /* clean up */ - tee_se_session_close_channel(s1, c1); - tee_se_session_close_channel(s2, c2); - - tee_se_session_close(s1); - tee_se_session_close(s2); - DMSG("exit"); - - return TEE_SUCCESS; -} - -static TEE_Result test_select_resp(struct tee_se_reader_proxy **proxies) -{ - struct tee_se_aid *aid = NULL; - struct tee_se_session *s = NULL; - struct tee_se_channel *c = NULL; - struct resp_apdu *resp; - TEE_Result ret; - - DMSG("entry"); - ret = tee_se_aid_create("D0000CAFE00001", &aid); - ASSERT(ret == TEE_SUCCESS); - - ret = tee_se_reader_open_session(proxies[0], &s); - ASSERT(ret == TEE_SUCCESS); - - ret = tee_se_session_open_logical_channel(s, aid, &c); - ASSERT(ret == TEE_SUCCESS); - - ret = tee_se_channel_get_select_response(c, &resp); - ASSERT(ret == TEE_SUCCESS); - - ASSERT((resp_apdu_get_sw1(resp) == CMD_OK_SW1) && - (resp_apdu_get_sw2(resp) == CMD_OK_SW2)); - - /* - * the ownership of resp apdu should be the channel - * and it should be the only owner - */ - ASSERT(apdu_get_refcnt(to_apdu_base(resp)) == 1); - - /* increase the reference counter of resp apdu */ - apdu_acquire(to_apdu_base(resp)); - - /* clean up */ - tee_se_session_close_channel(s, c); - - /* channel should release resp apdu when closed */ - ASSERT(apdu_get_refcnt(to_apdu_base(resp)) == 1); - apdu_release(to_apdu_base(resp)); - - tee_se_session_close(s); - tee_se_aid_release(aid); - DMSG("exit"); - - return TEE_SUCCESS; -} - -/* - * The JAVA Card Simulator (jcardsim.jar) built-in applet(s): - * - * AID |Type - * -------------------------------------+---------------------- - * D0000CAFE00001 | MultiSelectable - * (default selected on basic channel) | - * -------------------------------------+---------------------- - * D0000CAFE00002 | Non-MultiSelectable - * -------------------------------------+---------------------- - * - */ -static TEE_Result test_logical_channel(struct tee_se_reader_proxy **proxies) -{ - struct tee_se_channel *channel[MAX_LOGICAL_CHANNEL] = { NULL }; - struct tee_se_aid *aid = NULL; - struct tee_se_session *s = NULL; - TEE_Result ret; - int i; - - DMSG("entry"); - ret = tee_se_reader_open_session(proxies[0], &s); - ASSERT(ret == TEE_SUCCESS); - - /* - * test open logical channels based on AID selected on basic channel - * (D0000CAFE00001 is default selected on basic channel, - * this call should success since D0000CAFE00001 is MultiSelectable, - * upon open, each logical channel should select D0000CAFE00001) - */ - for (i = 1; i < MAX_LOGICAL_CHANNEL; i ++) { - ret = tee_se_session_open_logical_channel(s, NULL, &channel[i]); - ASSERT(ret == TEE_SUCCESS); - } - - /* - * should fail on next open - * (exceeds maximum logical channel number) - */ - ret = tee_se_session_open_logical_channel(s, NULL, &channel[0]); - ASSERT(ret == TEE_ERROR_NOT_SUPPORTED); - - /* close 3 channels */ - for (i = 1; i < 4; i++) { - tee_se_session_close_channel(s, channel[i]); - channel[i] = NULL; - } - - /* re-open 3 channels (should success) */ - for (i = 1; i < 4; i++) { - ret = tee_se_session_open_logical_channel(s, NULL, &channel[i]); - ASSERT(ret == TEE_SUCCESS); - } - - /* logical channel 1 select D0000CAFE00002 (should success) */ - tee_se_aid_create("D0000CAFE00002", &aid); - ret = tee_se_channel_select(channel[1], aid); - ASSERT(ret == TEE_SUCCESS); - - /* logical channel 2 select D0000CAFE00002 - * (should fail since D0000CAFE00002 is not MultiSelectable) - */ - ret = tee_se_channel_select(channel[2], aid); - ASSERT(ret == TEE_ERROR_NOT_SUPPORTED); - - /* clean up */ - for (i = 1; i < MAX_LOGICAL_CHANNEL; i++) - tee_se_session_close_channel(s, channel[i]); - tee_se_session_close(s); - tee_se_aid_release(aid); - DMSG("exit"); - - return TEE_SUCCESS; -} - -static TEE_Result verify_result(struct resp_apdu *apdu, const char *data) -{ - size_t str_length = strlen(data); - size_t byte_length = strlen(data) / 2; - uint8_t *resp_data = resp_apdu_get_data(apdu); - size_t resp_len = resp_apdu_get_data_len(apdu); - uint8_t bytes[byte_length]; - size_t i = 0; - - ASSERT(resp_len == byte_length); - - hex_decode(data, str_length, bytes); - while (i < resp_len) { - ASSERT(bytes[i] == resp_data[i]); - i++; - } - return TEE_SUCCESS; -} - -static TEE_Result test_transmit(struct tee_se_reader_proxy **proxies) -{ - struct tee_se_channel *c1 = NULL, *c2 = NULL; - struct tee_se_session *s1 = NULL, *s2 = NULL; - struct tee_se_aid *full_aid = NULL, *partial_aid = NULL; - struct cmd_apdu *cmd; - struct resp_apdu *resp; - size_t tx_buf_len = 0, rx_buf_len = 7; - TEE_Result ret; - - DMSG("entry"); - ret = tee_se_aid_create("D0000CAFE00001", &full_aid); - ASSERT(ret == TEE_SUCCESS); - - ret = tee_se_aid_create("D0000CAFE0000", &partial_aid); - ASSERT(ret == TEE_SUCCESS); - - cmd = alloc_cmd_apdu(ISO7816_CLA, 0xFF, 0x0, 0x0, - tx_buf_len, rx_buf_len, NULL); - ASSERT(cmd); - resp = alloc_resp_apdu(rx_buf_len); - ASSERT(resp); - - ret = tee_se_reader_open_session(proxies[0], &s1); - ASSERT(ret == TEE_SUCCESS); - - ret = tee_se_reader_open_session(proxies[0], &s2); - ASSERT(ret == TEE_SUCCESS); - - /* open logical channel on s1 (given full aid) */ - ret = tee_se_session_open_logical_channel(s1, full_aid, &c1); - ASSERT(ret == TEE_SUCCESS); - - /* should route to D0000CAFE00001 */ - ret = tee_se_channel_transmit(c1, cmd, resp); - ASSERT(ret == TEE_SUCCESS); - - /* select next should fail (full aid given) */ - ret = tee_se_channel_select_next(c1); - ASSERT(ret == TEE_ERROR_ITEM_NOT_FOUND); - - /* open logical channel on s2 (given partial aid) */ - ret = tee_se_session_open_logical_channel(s2, partial_aid, &c2); - ASSERT(ret == TEE_SUCCESS); - - /* should route to D0000CAFE00001 */ - ret = tee_se_channel_transmit(c2, cmd, resp); - ASSERT(ret == TEE_SUCCESS); - ret = verify_result(resp, "D0000CAFE00001"); - ASSERT(ret == TEE_SUCCESS); - - /* select next should success (select D0000CAFE00002) */ - ret = tee_se_channel_select_next(c2); - ASSERT(ret == TEE_SUCCESS); - - /* should route to D0000CAFE00002 */ - ret = tee_se_channel_transmit(c2, cmd, resp); - ASSERT(ret == TEE_SUCCESS); - ret = verify_result(resp, "D0000CAFE00002"); - ASSERT(ret == TEE_SUCCESS); - - /* select next should success (select D0000CAFE00001) */ - ret = tee_se_channel_select_next(c2); - ASSERT(ret == TEE_SUCCESS); - - /* should route to D0000CAFE00001 */ - ret = tee_se_channel_transmit(c2, cmd, resp); - ASSERT(ret == TEE_SUCCESS); - ret = verify_result(resp, "D0000CAFE00001"); - ASSERT(ret == TEE_SUCCESS); - - /* - * test route to the same applet in a row from different channel - * (both should success) - */ - ret = tee_se_channel_transmit(c1, cmd, resp); - ASSERT(ret == TEE_SUCCESS); - ret = verify_result(resp, "D0000CAFE00001"); - ASSERT(ret == TEE_SUCCESS); - - ret = tee_se_channel_transmit(c2, cmd, resp); - ASSERT(ret == TEE_SUCCESS); - ret = verify_result(resp, "D0000CAFE00001"); - ASSERT(ret == TEE_SUCCESS); - - /* clean up */ - tee_se_session_close_channel(s1, c1); - tee_se_session_close_channel(s2, c2); - - tee_se_session_close(s1); - tee_se_session_close(s2); - - tee_se_aid_release(full_aid); - tee_se_aid_release(partial_aid); - DMSG("exit"); - - return TEE_SUCCESS; -} - -static TEE_Result se_api_self_tests(uint32_t nParamTypes __unused, - TEE_Param pParams[TEE_NUM_PARAMS] __unused) -{ - size_t size = MAX_READERS; - TEE_Result ret; - struct tee_se_reader_proxy **proxies = - malloc(sizeof(void *) * MAX_READERS); - - tee_se_manager_get_readers(proxies, &size); - - ret = test_aid(proxies); - CHECK(ret); - - ret = test_select_resp(proxies); - CHECK(ret); - - ret = test_session(proxies); - CHECK(ret); - - ret = test_logical_channel(proxies); - CHECK(ret); - - ret = test_transmit(proxies); - CHECK(ret); - - ret = test_reader(proxies); - CHECK(ret); - - free(proxies); - - return TEE_SUCCESS; -} - -static TEE_Result invoke_command(void *pSessionContext __unused, - uint32_t nCommandID, uint32_t nParamTypes, - TEE_Param pParams[TEE_NUM_PARAMS]) -{ - DMSG("command entry point for pseudo TA \"%s\"", TA_NAME); - - switch (nCommandID) { - case CMD_SELF_TESTS: - return se_api_self_tests(nParamTypes, pParams); - default: - break; - } - return TEE_ERROR_BAD_PARAMETERS; -} - -pseudo_ta_register(.uuid = SE_API_SELF_TEST_UUID, .name = TA_NAME, - .flags = PTA_DEFAULT_FLAGS, - .invoke_command_entry_point = invoke_command); diff --git a/core/arch/arm/pta/sub.mk b/core/arch/arm/pta/sub.mk index e7e2427b..a4a49a77 100644 --- a/core/arch/arm/pta/sub.mk +++ b/core/arch/arm/pta/sub.mk @@ -14,8 +14,3 @@ srcs-$(CFG_TA_GPROF_SUPPORT) += gprof.c srcs-$(CFG_TEE_BENCHMARK) += benchmark.c srcs-$(CFG_SDP_PTA) += sdp_pta.c srcs-$(CFG_SYSTEM_PTA) += system.c - -ifeq ($(CFG_SE_API),y) -srcs-$(CFG_SE_API_SELF_TEST) += se_api_self_tests.c -cppflags-se_api_self_tests.c-y += -Icore/tee/se -endif diff --git a/core/arch/arm/tee/arch_svc.c b/core/arch/arm/tee/arch_svc.c index b2dd193c..cfb87184 100644 --- a/core/arch/arm/tee/arch_svc.c +++ b/core/arch/arm/tee/arch_svc.c @@ -18,7 +18,6 @@ #include <tee/arch_svc.h> #include <tee/tee_svc_cryp.h> #include <tee/tee_svc_storage.h> -#include <tee/se/svc.h> #include <tee/svc_cache.h> #include <tee_syscall_numbers.h> #include <trace.h> @@ -102,21 +101,21 @@ static const struct syscall_entry tee_svc_syscall_table[] = { SYSCALL_ENTRY(syscall_storage_obj_trunc), SYSCALL_ENTRY(syscall_storage_obj_seek), SYSCALL_ENTRY(syscall_obj_generate_key), - SYSCALL_ENTRY(syscall_se_service_open), - SYSCALL_ENTRY(syscall_se_service_close), - SYSCALL_ENTRY(syscall_se_service_get_readers), - SYSCALL_ENTRY(syscall_se_reader_get_prop), - SYSCALL_ENTRY(syscall_se_reader_get_name), - SYSCALL_ENTRY(syscall_se_reader_open_session), - SYSCALL_ENTRY(syscall_se_reader_close_sessions), - SYSCALL_ENTRY(syscall_se_session_is_closed), - SYSCALL_ENTRY(syscall_se_session_get_atr), - SYSCALL_ENTRY(syscall_se_session_open_channel), - SYSCALL_ENTRY(syscall_se_session_close), - SYSCALL_ENTRY(syscall_se_channel_select_next), - SYSCALL_ENTRY(syscall_se_channel_get_select_resp), - SYSCALL_ENTRY(syscall_se_channel_transmit), - SYSCALL_ENTRY(syscall_se_channel_close), + SYSCALL_ENTRY(syscall_not_supported), + SYSCALL_ENTRY(syscall_not_supported), + SYSCALL_ENTRY(syscall_not_supported), + SYSCALL_ENTRY(syscall_not_supported), + SYSCALL_ENTRY(syscall_not_supported), + SYSCALL_ENTRY(syscall_not_supported), + SYSCALL_ENTRY(syscall_not_supported), + SYSCALL_ENTRY(syscall_not_supported), + SYSCALL_ENTRY(syscall_not_supported), + SYSCALL_ENTRY(syscall_not_supported), + SYSCALL_ENTRY(syscall_not_supported), + SYSCALL_ENTRY(syscall_not_supported), + SYSCALL_ENTRY(syscall_not_supported), + SYSCALL_ENTRY(syscall_not_supported), + SYSCALL_ENTRY(syscall_not_supported), SYSCALL_ENTRY(syscall_cache_operation), }; diff --git a/core/include/tee/se/aid.h b/core/include/tee/se/aid.h deleted file mode 100644 index 1959471f..00000000 --- a/core/include/tee/se/aid.h +++ /dev/null @@ -1,18 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ -#ifndef TEE_SE_AID -#define TEE_SE_AID - -#define MAX_AID_LENGTH 16 -#define MIN_AID_LENGTH 5 - -struct tee_se_aid; - -TEE_Result tee_se_aid_create_from_buffer(uint8_t *id, size_t length, - struct tee_se_aid **aid); - -void tee_se_aid_release(struct tee_se_aid *aid); - -#endif diff --git a/core/include/tee/se/apdu.h b/core/include/tee/se/apdu.h deleted file mode 100644 index 992b13e0..00000000 --- a/core/include/tee/se/apdu.h +++ /dev/null @@ -1,38 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ -#ifndef TEE_SE_APDU -#define TEE_SE_APDU - -struct cmd_apdu; -struct resp_apdu; -struct apdu_base; - -#define to_apdu_base(apdu) ((struct apdu_base *)(apdu)) - -struct cmd_apdu *alloc_cmd_apdu(uint8_t cla, uint8_t ins, uint8_t p1, - uint8_t p2, uint8_t lc, uint8_t le, uint8_t *data); - -struct cmd_apdu *alloc_cmd_apdu_from_buf(uint8_t *buf, size_t length); - -struct resp_apdu *alloc_resp_apdu(uint8_t le); - -uint8_t *resp_apdu_get_data(struct resp_apdu *apdu); - -size_t resp_apdu_get_data_len(struct resp_apdu *apdu); - -uint8_t resp_apdu_get_sw1(struct resp_apdu *apdu); - -uint8_t resp_apdu_get_sw2(struct resp_apdu *apdu); - -uint8_t *apdu_get_data(struct apdu_base *apdu); - -size_t apdu_get_length(struct apdu_base *apdu); - -void apdu_acquire(struct apdu_base *apdu); - -void apdu_release(struct apdu_base *apdu); - - -#endif diff --git a/core/include/tee/se/channel.h b/core/include/tee/se/channel.h deleted file mode 100644 index 4cfe1fb6..00000000 --- a/core/include/tee/se/channel.h +++ /dev/null @@ -1,37 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef TEE_SE_CHANNEL_H -#define TEE_SE_CHANNEL_H - -struct tee_se_aid; - -/* - * GP Card API define the maximum logical channel number is 20, - * Numbered from 0 ~ 19, number 0 is basic logical channel - */ -#define MAX_LOGICAL_CHANNEL 20 - -struct tee_se_session *tee_se_channel_get_session(struct tee_se_channel *c); - -int tee_se_channel_get_id(struct tee_se_channel *c); - -TEE_Result tee_se_channel_select_next(struct tee_se_channel *c); - -TEE_Result tee_se_channel_select(struct tee_se_channel *c, - struct tee_se_aid *aid); - -void tee_se_channel_set_aid(struct tee_se_channel *c, - struct tee_se_aid *aid); - -void tee_se_channel_set_select_response(struct tee_se_channel *c, - struct resp_apdu *resp); - -TEE_Result tee_se_channel_get_select_response(struct tee_se_channel *c, - struct resp_apdu **resp); - -TEE_Result tee_se_channel_transmit(struct tee_se_channel *c, - struct cmd_apdu *cmd_apdu, struct resp_apdu *resp_apdu); -#endif diff --git a/core/include/tee/se/iso7816.h b/core/include/tee/se/iso7816.h deleted file mode 100644 index 5722b3a1..00000000 --- a/core/include/tee/se/iso7816.h +++ /dev/null @@ -1,56 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef TEE_SE_PROTOCOL_H -#define TEE_SE_PROTOCOL_H - -#define ISO7816_CLA 0x0 - -#define ISO7816_CLA_OFFSET 0x0 - -#define SELECT_CMD 0xA4 -/* P1 parameters */ -#define SELECT_BY_AID 0x04 -/* P2 parameters */ -#define FIRST_OR_ONLY_OCCURRENCE 0x0 -#define NEXT_OCCURRENCE 0x2 - -#define MANAGE_CHANNEL_CMD 0x70 -/* P1 parameters */ -#define OPEN_CHANNEL 0x00 -#define CLOSE_CHANNEL 0x80 -/* P2 parameters */ -#define OPEN_NEXT_AVAILABLE 0x00 - - -#define CMD_OK_SW1 0x90 -#define CMD_OK_SW2 0x00 - -struct tee_se_reader_proxy; -struct tee_se_session; -struct tee_se_channel; -struct tee_se_aid; -struct cmd_apdu; -struct resp_apdu; - -/* ISO7816 protocol handlers */ -TEE_Result iso7816_exchange_apdu(struct tee_se_reader_proxy *proxy, - struct cmd_apdu *cmd, struct resp_apdu *resp); - -TEE_Result iso7816_select(struct tee_se_channel *c, struct tee_se_aid *aid); - -TEE_Result iso7816_select_next(struct tee_se_channel *c); - -TEE_Result iso7816_open_available_logical_channel(struct tee_se_session *s, - int *channel_id); - -TEE_Result iso7816_close_logical_channel(struct tee_se_session *s, - int channel_id); - -int iso7816_get_cla_channel(int channel_id); - - -#endif - diff --git a/core/include/tee/se/manager.h b/core/include/tee/se/manager.h deleted file mode 100644 index 5dbcc7ba..00000000 --- a/core/include/tee/se/manager.h +++ /dev/null @@ -1,22 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef TEE_SE_MANAGER_H -#define TEE_SE_MANAGER_H - -#include <tee_api_types.h> - -struct tee_se_reader_proxy; - -TEE_Result tee_se_manager_get_readers( - struct tee_se_reader_proxy **proxy_list, - size_t *proxy_list_size); - -bool tee_se_manager_is_reader_proxy_valid( - struct tee_se_reader_proxy *proxy); - -size_t tee_se_manager_get_reader_count(void); - -#endif diff --git a/core/include/tee/se/reader.h b/core/include/tee/se/reader.h deleted file mode 100644 index 1e469da3..00000000 --- a/core/include/tee/se/reader.h +++ /dev/null @@ -1,43 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef TEE_SE_READER_H -#define TEE_SE_READER_H - -#include <tee_api_types.h> -#include <kernel/mutex.h> -#include <sys/queue.h> - -struct tee_se_reader_proxy; -struct tee_se_session; - -TEE_Result tee_se_reader_get_name(struct tee_se_reader_proxy *proxy, - char **reader_name, size_t *reader_name_len); - -void tee_se_reader_get_properties(struct tee_se_reader_proxy *proxy, - TEE_SEReaderProperties *prop); - -TEE_Result tee_se_reader_attach(struct tee_se_reader_proxy *proxy); - -void tee_se_reader_detach(struct tee_se_reader_proxy *proxy); - -TEE_Result tee_se_reader_open_session(struct tee_se_reader_proxy *proxy, - struct tee_se_session **session); - -void tee_se_reader_close_sessions(struct tee_se_reader_proxy *proxy); - -TEE_Result tee_se_reader_get_atr(struct tee_se_reader_proxy *proxy, - uint8_t **atr, size_t *atr_len); - -TEE_Result tee_se_reader_transmit(struct tee_se_reader_proxy *proxy, - uint8_t *tx_buf, size_t tx_buf_len, uint8_t *rx_buf, size_t *rx_buf_len); - -void tee_se_reader_lock_basic_channel(struct tee_se_reader_proxy *proxy); - -void tee_se_reader_unlock_basic_channel(struct tee_se_reader_proxy *proxy); - -bool tee_se_reader_is_basic_channel_locked(struct tee_se_reader_proxy *proxy); - -#endif diff --git a/core/include/tee/se/reader/interface.h b/core/include/tee/se/reader/interface.h deleted file mode 100644 index 7a5c6a72..00000000 --- a/core/include/tee/se/reader/interface.h +++ /dev/null @@ -1,44 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef TEE_READER_INTERFACE_H -#define TEE_READER_INTERFACE_H - -#include <tee_api_types.h> - -#include <sys/queue.h> - -struct tee_se_reader { - char name[TEE_SE_READER_NAME_MAX]; - struct tee_se_reader_ops *ops; - void *private_data; - TEE_SEReaderProperties prop; -}; - -enum tee_se_reader_state { - READER_STATE_SE_EJECTED, - READER_STATE_SE_INSERTED -}; - -enum tee_se_reader_type { - READER_TYPE_ESE, - READER_TYPE_SD, - READER_TYPE_UICC, -}; - -struct tee_se_reader_ops { - TEE_Result (*open)(struct tee_se_reader *); - void (*close)(struct tee_se_reader *); - enum tee_se_reader_state (*get_state)(struct tee_se_reader *); - TEE_Result (*get_atr)(struct tee_se_reader *, - uint8_t **atr, size_t *atr_len); - TEE_Result (*transmit)(struct tee_se_reader *, uint8_t *tx_buf, - size_t tx_len, uint8_t *rx_buf, size_t *rx_len); -}; - -TEE_Result tee_se_manager_register_reader(struct tee_se_reader *); -TEE_Result tee_se_manager_unregister_reader(struct tee_se_reader *); - -#endif diff --git a/core/include/tee/se/service.h b/core/include/tee/se/service.h deleted file mode 100644 index eecb07c9..00000000 --- a/core/include/tee/se/service.h +++ /dev/null @@ -1,50 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef TEE_SE_SERVICE_H -#define TEE_SE_SERVICE_H - -#include <tee_api_types.h> -#include <kernel/mutex.h> - -struct tee_se_service; -struct tee_se_session; -struct tee_se_channel; -struct tee_se_reader_proxy; - -TEE_Result tee_se_service_open( - struct tee_se_service **service); - -TEE_Result tee_se_service_add_session( - struct tee_se_service *service, - struct tee_se_session *session); - -void tee_se_service_close_session( - struct tee_se_service *service, - struct tee_se_session *session); - -void tee_se_service_close_sessions_by_reader( - struct tee_se_service *service, - struct tee_se_reader_proxy *proxy); - -TEE_Result tee_se_service_is_session_closed( - struct tee_se_service *service, - struct tee_se_session *session_service); - -TEE_Result tee_se_service_close( - struct tee_se_service *service); - -bool tee_se_service_is_valid( - struct tee_se_service *service); - -bool tee_se_service_is_session_valid( - struct tee_se_service *service, - struct tee_se_session *session_service); - -bool tee_se_service_is_channel_valid( - struct tee_se_service *service, - struct tee_se_channel *channel); - -#endif diff --git a/core/include/tee/se/session.h b/core/include/tee/se/session.h deleted file mode 100644 index d9efdaa2..00000000 --- a/core/include/tee/se/session.h +++ /dev/null @@ -1,41 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef TEE_SE_SESSION_H -#define TEE_SE_SESSION_H - -#include <tee_api_types.h> -#include <kernel/mutex.h> - -#include <sys/queue.h> - -struct tee_se_reader_proxy; -struct tee_se_channel; -struct tee_se_session; -struct tee_se_aid; -struct cmd_apdu; -struct resp_apdu; - -TEE_Result tee_se_session_open_basic_channel(struct tee_se_session *s, - struct tee_se_aid *aid, struct tee_se_channel **channel); - -TEE_Result tee_se_session_open_logical_channel(struct tee_se_session *s, - struct tee_se_aid *aid, struct tee_se_channel **channel); - -bool tee_se_session_is_channel_exist(struct tee_se_session *s, - struct tee_se_channel *c); - -void tee_se_session_close_channel(struct tee_se_session *s, - struct tee_se_channel *c); - -TEE_Result tee_se_session_get_atr(struct tee_se_session *s, - uint8_t **atr, size_t *atr_len); - -TEE_Result tee_se_session_transmit(struct tee_se_session *s, - struct cmd_apdu *c, struct resp_apdu *r); - -void tee_se_session_close(struct tee_se_session *s); - -#endif diff --git a/core/include/tee/se/svc.h b/core/include/tee/se/svc.h deleted file mode 100644 index 5e3b1184..00000000 --- a/core/include/tee/se/svc.h +++ /dev/null @@ -1,81 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef TEE_SVC_SE_H -#define TEE_SVC_SE_H - -#include <tee_api_types.h> - -#include <tee/se/service.h> -#include <tee/se/manager.h> -#include <tee/se/reader.h> -#include <tee/se/session.h> -#include <tee/se/channel.h> -#include <tee/se/aid.h> -#include <tee/se/apdu.h> -#include <tee/se/util.h> - -#if defined(CFG_SE_API) - -TEE_Result syscall_se_service_open(uint32_t *service_handle); - -TEE_Result syscall_se_service_close(unsigned long service_handle); - -TEE_Result syscall_se_service_get_readers(unsigned long service_handle, - uint32_t *reader_handles, uint64_t *len); - -TEE_Result syscall_se_reader_get_prop(unsigned long reader_handle, uint32_t *p); - -TEE_Result syscall_se_reader_get_name(unsigned long reader_handle, - char *name, uint64_t *name_len); - -TEE_Result syscall_se_reader_open_session(unsigned long reader_handle, - uint32_t *session_handle); - -TEE_Result syscall_se_reader_close_sessions(unsigned long reader_handle); - -TEE_Result syscall_se_session_is_closed(unsigned long session_handle); - -TEE_Result syscall_se_session_get_atr(unsigned long session_handle, - void *atr, uint64_t *atr_len); - -TEE_Result syscall_se_session_open_channel(unsigned long session_handle, - unsigned long is_logical, const void *aid_buf, - size_t aid_buf_len, uint32_t *channel_handle); - -TEE_Result syscall_se_session_close(unsigned long session_handle); - -TEE_Result syscall_se_channel_select_next(unsigned long channel_handle); - -TEE_Result syscall_se_channel_get_select_resp(unsigned long channel_handle, - void *resp, uint64_t *resp_len); - -TEE_Result syscall_se_channel_transmit(unsigned long channel_handle, - void *cmd, unsigned long cmd_len, void *resp, - uint64_t *resp_len); - -TEE_Result syscall_se_channel_close(unsigned long channel_handle); - -#else - -#define syscall_se_service_open syscall_not_supported -#define syscall_se_service_close syscall_not_supported -#define syscall_se_service_get_readers syscall_not_supported -#define syscall_se_reader_get_prop syscall_not_supported -#define syscall_se_reader_get_name syscall_not_supported -#define syscall_se_reader_open_session syscall_not_supported -#define syscall_se_reader_close_sessions syscall_not_supported -#define syscall_se_session_is_closed syscall_not_supported -#define syscall_se_session_get_atr syscall_not_supported -#define syscall_se_session_open_channel syscall_not_supported -#define syscall_se_session_close syscall_not_supported -#define syscall_se_channel_select_next syscall_not_supported -#define syscall_se_channel_get_select_resp syscall_not_supported -#define syscall_se_channel_transmit syscall_not_supported -#define syscall_se_channel_close syscall_not_supported - -#endif /* if defined(CFG_SE_API) */ - -#endif diff --git a/core/include/tee/se/util.h b/core/include/tee/se/util.h deleted file mode 100644 index 90175613..00000000 --- a/core/include/tee/se/util.h +++ /dev/null @@ -1,22 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef TEE_SE_UTIL_H -#define TEE_SE_UTIL_H - -#include <tee_api_types.h> - -#define DUMP_BUF_MAX 128 -char *print_buf(char *buf, size_t *remain_size, const char *fmt, ...) - __attribute__((__format__(__printf__, 3, 4))); - -void dump_hex(char *buf, size_t *remain_size, uint8_t *input_buf, - size_t input_size); - -void print_hex(uint8_t *input_buf, size_t input_size); - -uint8_t *hex_decode(const char *in, size_t len, uint8_t *out); - -#endif diff --git a/core/tee/se/aid.c b/core/tee/se/aid.c deleted file mode 100644 index 29a4742f..00000000 --- a/core/tee/se/aid.c +++ /dev/null @@ -1,73 +0,0 @@ -// SPDX-License-Identifier: BSD-2-Clause -/* - * Copyright (c) 2014, Linaro Limited - */ - -#include <assert.h> -#include <kernel/panic.h> -#include <stdlib.h> -#include <string.h> -#include <tee_api_types.h> -#include <trace.h> - -#include <tee/se/aid.h> -#include <tee/se/util.h> - -#include "aid_priv.h" - -TEE_Result tee_se_aid_create(const char *name, struct tee_se_aid **aid) -{ - size_t str_length = strlen(name); - size_t aid_length = str_length / 2; - - assert(aid); - if (*aid) - panic("aid already allocated"); - - if (str_length < MIN_AID_LENGTH || str_length > MAX_AID_LENGTH) - return TEE_ERROR_BAD_PARAMETERS; - - *aid = malloc(sizeof(struct tee_se_aid)); - if (!(*aid)) - return TEE_ERROR_OUT_OF_MEMORY; - - hex_decode(name, str_length, (*aid)->aid); - (*aid)->length = aid_length; - (*aid)->refcnt = 1; - return TEE_SUCCESS; -} - -TEE_Result tee_se_aid_create_from_buffer(uint8_t *id, size_t length, - struct tee_se_aid **aid) -{ - *aid = malloc(sizeof(struct tee_se_aid)); - if (!(*aid)) - return TEE_ERROR_OUT_OF_MEMORY; - - memcpy((*aid)->aid, id, length); - (*aid)->length = length; - (*aid)->refcnt = 1; - return TEE_SUCCESS; -} - -void tee_se_aid_acquire(struct tee_se_aid *aid) -{ - assert(aid); - aid->refcnt++; -} - -int tee_se_aid_get_refcnt(struct tee_se_aid *aid) -{ - assert(aid); - return aid->refcnt; -} - -void tee_se_aid_release(struct tee_se_aid *aid) -{ - assert(aid); - if (aid->refcnt <= 0) - panic(); - aid->refcnt--; - if (!aid->refcnt) - free(aid); -} diff --git a/core/tee/se/aid_priv.h b/core/tee/se/aid_priv.h deleted file mode 100644 index 2cd81aee..00000000 --- a/core/tee/se/aid_priv.h +++ /dev/null @@ -1,21 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef TEE_SE_AID_PRIV_H -#define TEE_SE_AID_PRIV_H - -struct tee_se_aid { - uint8_t aid[MAX_AID_LENGTH]; - size_t length; - int refcnt; -}; - -int tee_se_aid_get_refcnt(struct tee_se_aid *aid); - -TEE_Result tee_se_aid_create(const char *name, struct tee_se_aid **aid); - -void tee_se_aid_acquire(struct tee_se_aid *aid); - -#endif diff --git a/core/tee/se/apdu.c b/core/tee/se/apdu.c deleted file mode 100644 index fa3163b4..00000000 --- a/core/tee/se/apdu.c +++ /dev/null @@ -1,161 +0,0 @@ -// SPDX-License-Identifier: BSD-2-Clause -/* - * Copyright (c) 2014, Linaro Limited - */ - -#include <assert.h> -#include <stdlib.h> -#include <string.h> -#include <tee_api_types.h> -#include <trace.h> - -#include <tee/se/apdu.h> -#include <tee/se/util.h> - -#include "apdu_priv.h" - -/* - * APDU format, [..] means optional fields - * - * CMD_APDU: CLA, INS, P1, P2, [LC, DATA, LE] - * RESP_APDU: [DATA], SW1, SW2 - * - */ -#define CMD_APDU_SIZE(lc) ((lc) + 4) -#define RESP_APDU_SIZE(le) ((le) + 2) - -struct cmd_apdu *alloc_cmd_apdu(uint8_t cla, uint8_t ins, uint8_t p1, - uint8_t p2, uint8_t lc, uint8_t le, uint8_t *data) -{ - size_t apdu_length = CMD_APDU_SIZE(lc); - size_t total_length; - struct cmd_apdu *apdu; - uint8_t *buf; - - /* - * check if we need to reserve space for LC/LE - * (both fields are optional) - */ - if (lc) - apdu_length++; - if (le) - apdu_length++; - - total_length = sizeof(struct cmd_apdu) + apdu_length; - apdu = malloc(total_length); - - if (!apdu) - return NULL; - - apdu->base.length = apdu_length; - apdu->base.data_buf = (uint8_t *)(apdu + 1); - apdu->base.refcnt = 1; - - buf = apdu->base.data_buf; - buf[CLA] = cla; - buf[INS] = ins; - buf[P1] = p1; - buf[P2] = p2; - if (lc) - buf[LC] = lc; - if (data != NULL) - memmove(&buf[CDATA], data, lc); - if (le) - buf[CDATA + lc + OFF_LE] = le; - - return apdu; -} - -struct cmd_apdu *alloc_cmd_apdu_from_buf(uint8_t *buf, size_t length) -{ - struct cmd_apdu *apdu = malloc(sizeof(struct cmd_apdu)); - - if (!apdu) - return NULL; - apdu->base.length = length; - apdu->base.data_buf = buf; - apdu->base.refcnt = 1; - return apdu; -} - -struct resp_apdu *alloc_resp_apdu(uint8_t le) -{ - size_t total_length = sizeof(struct resp_apdu) + RESP_APDU_SIZE(le); - struct resp_apdu *apdu; - - apdu = malloc(total_length); - - if (!apdu) - return NULL; - - apdu->base.length = RESP_APDU_SIZE(le); - apdu->base.data_buf = (uint8_t *)(apdu + 1); - apdu->base.refcnt = 1; - - return apdu; -} - -uint8_t *resp_apdu_get_data(struct resp_apdu *apdu) -{ - assert(apdu); - return apdu->resp_data; -} - -size_t resp_apdu_get_data_len(struct resp_apdu *apdu) -{ - assert(apdu); - return apdu->resp_data_len; -} - -uint8_t resp_apdu_get_sw1(struct resp_apdu *apdu) -{ - assert(apdu); - return apdu->sw1; -} - -uint8_t resp_apdu_get_sw2(struct resp_apdu *apdu) -{ - assert(apdu); - return apdu->sw2; -} - -uint8_t *apdu_get_data(struct apdu_base *apdu) -{ - assert(apdu); - return apdu->data_buf; -} -size_t apdu_get_length(struct apdu_base *apdu) -{ - assert(apdu); - return apdu->length; -} -int apdu_get_refcnt(struct apdu_base *apdu) -{ - assert(apdu); - return apdu->refcnt; -} -void apdu_acquire(struct apdu_base *apdu) -{ - assert(apdu); - apdu->refcnt++; -} -void apdu_release(struct apdu_base *apdu) -{ - assert(apdu); - apdu->refcnt--; - if (apdu->refcnt == 0) - free(apdu); -} - -void parse_resp_apdu(struct resp_apdu *apdu) -{ - uint8_t *buf = apdu->base.data_buf; - /* resp data length = resp buf length - SW1 - SW2 */ - apdu->resp_data_len = apdu->base.length - 2; - if (apdu->resp_data_len > 0) - apdu->resp_data = &buf[RDATA]; - else - apdu->resp_data = NULL; - apdu->sw1 = buf[RDATA + apdu->resp_data_len + OFF_SW1]; - apdu->sw2 = buf[RDATA + apdu->resp_data_len + OFF_SW2]; -} diff --git a/core/tee/se/apdu_priv.h b/core/tee/se/apdu_priv.h deleted file mode 100644 index 675e0dc2..00000000 --- a/core/tee/se/apdu_priv.h +++ /dev/null @@ -1,47 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef TEE_SE_APDU_PRIV_H -#define TEE_SE_APDU_PRIV_H - -enum { - /* command APDU */ - CLA = 0, - INS = 1, - P1 = 2, - P2 = 3, - LC = 4, - CDATA = 5, - OFF_LE = 0, - - /* response APDU */ - RDATA = 0, - OFF_SW1 = 0, - OFF_SW2 = 1, -}; - -struct apdu_base { - uint8_t *data_buf; - size_t length; - int refcnt; -}; - -struct cmd_apdu { - struct apdu_base base; -}; - -struct resp_apdu { - struct apdu_base base; - uint8_t sw1; - uint8_t sw2; - uint8_t *resp_data; - size_t resp_data_len; -}; - -void parse_resp_apdu(struct resp_apdu *apdu); - -int apdu_get_refcnt(struct apdu_base *apdu); - -#endif diff --git a/core/tee/se/channel.c b/core/tee/se/channel.c deleted file mode 100644 index 7f42708c..00000000 --- a/core/tee/se/channel.c +++ /dev/null @@ -1,120 +0,0 @@ -// SPDX-License-Identifier: BSD-2-Clause -/* - * Copyright (c) 2014, Linaro Limited - */ - -#include <assert.h> -#include <tee_api_types.h> -#include <trace.h> - -#include <tee/se/session.h> -#include <tee/se/channel.h> -#include <tee/se/iso7816.h> -#include <tee/se/aid.h> -#include <tee/se/apdu.h> - -#include <stdlib.h> -#include <string.h> - -#include "aid_priv.h" -#include "channel_priv.h" - -struct tee_se_channel *tee_se_channel_alloc(struct tee_se_session *s, - int channel_id) -{ - struct tee_se_channel *c; - - c = malloc(sizeof(struct tee_se_channel)); - if (c) { - c->session = s; - c->channel_id = channel_id; - c->aid = NULL; - c->select_resp = NULL; - } - return c; -} - -void tee_se_channel_free(struct tee_se_channel *c) -{ - assert(c); - if (c->aid) - tee_se_aid_release(c->aid); - if (c->select_resp) - apdu_release(to_apdu_base(c->select_resp)); -} - -struct tee_se_session *tee_se_channel_get_session(struct tee_se_channel *c) -{ - assert(c); - return c->session; -} - -int tee_se_channel_get_id(struct tee_se_channel *c) -{ - assert(c); - return c->channel_id; -} - -void tee_se_channel_set_select_response(struct tee_se_channel *c, - struct resp_apdu *resp) -{ - assert(c); - - if (c->select_resp) - apdu_release(to_apdu_base(c->select_resp)); - apdu_acquire(to_apdu_base(resp)); - c->select_resp = resp; -} - -TEE_Result tee_se_channel_get_select_response(struct tee_se_channel *c, - struct resp_apdu **resp) -{ - assert(c && resp); - - if (c->select_resp) { - *resp = c->select_resp; - return TEE_SUCCESS; - } else { - return TEE_ERROR_NO_DATA; - } -} - -void tee_se_channel_set_aid(struct tee_se_channel *c, - struct tee_se_aid *aid) -{ - assert(c); - if (c->aid) - tee_se_aid_release(c->aid); - tee_se_aid_acquire(aid); - c->aid = aid; -} - - -TEE_Result tee_se_channel_select(struct tee_se_channel *c, - struct tee_se_aid *aid) -{ - assert(c); - return iso7816_select(c, aid); -} - -TEE_Result tee_se_channel_select_next(struct tee_se_channel *c) -{ - assert(c); - return iso7816_select_next(c); -} - -TEE_Result tee_se_channel_transmit(struct tee_se_channel *c, - struct cmd_apdu *cmd_apdu, struct resp_apdu *resp_apdu) -{ - struct tee_se_session *s; - uint8_t *cmd_buf; - int cla_channel; - - assert(c && cmd_apdu && resp_apdu); - - s = c->session; - cla_channel = iso7816_get_cla_channel(c->channel_id); - cmd_buf = apdu_get_data(to_apdu_base(cmd_apdu)); - cmd_buf[ISO7816_CLA_OFFSET] = ISO7816_CLA | cla_channel; - return tee_se_session_transmit(s, cmd_apdu, resp_apdu); -} diff --git a/core/tee/se/channel_priv.h b/core/tee/se/channel_priv.h deleted file mode 100644 index 0a4b2277..00000000 --- a/core/tee/se/channel_priv.h +++ /dev/null @@ -1,25 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef TEE_SE_CHANNEL_PRIV_H -#define TEE_SE_CHANNEL_PRIV_H - -struct tee_se_aid; - -struct tee_se_channel { - int channel_id; - struct tee_se_session *session; - struct tee_se_aid *aid; - struct resp_apdu *select_resp; - - TAILQ_ENTRY(tee_se_channel) link; -}; - -struct tee_se_channel *tee_se_channel_alloc(struct tee_se_session *s, - int channel_id); - -void tee_se_channel_free(struct tee_se_channel *c); - -#endif diff --git a/core/tee/se/iso7816.c b/core/tee/se/iso7816.c deleted file mode 100644 index f4921e38..00000000 --- a/core/tee/se/iso7816.c +++ /dev/null @@ -1,183 +0,0 @@ -// SPDX-License-Identifier: BSD-2-Clause -/* - * Copyright (c) 2014, Linaro Limited - */ - -#include <assert.h> -#include <kernel/panic.h> -#include <malloc.h> -#include <stdlib.h> -#include <string.h> -#include <tee_api_types.h> -#include <tee/se/reader.h> -#include <tee/se/session.h> -#include <tee/se/iso7816.h> -#include <tee/se/aid.h> -#include <tee/se/apdu.h> -#include <tee/se/channel.h> -#include <tee/se/util.h> -#include <tee/se/reader/interface.h> -#include <trace.h> - -#include "session_priv.h" -#include "aid_priv.h" -#include "apdu_priv.h" - -TEE_Result iso7816_exchange_apdu(struct tee_se_reader_proxy *proxy, - struct cmd_apdu *cmd, struct resp_apdu *resp) -{ - TEE_Result ret; - - assert(cmd && resp); - ret = tee_se_reader_transmit(proxy, - cmd->base.data_buf, cmd->base.length, - resp->base.data_buf, &resp->base.length); - - if (ret == TEE_SUCCESS) - parse_resp_apdu(resp); - - return ret; -} - -int iso7816_get_cla_channel(int channel_id) -{ - int cla_channel; - /* - * From GP Card Spec, - * the logical channel number 0~3 should have CLA: 0x00 ~ 0x03, - * for channel number 4~19 should have CLA: 0x40 ~ 0x4f - */ - if (channel_id < 4) - cla_channel = channel_id; - else - cla_channel = 0x40 | (channel_id - 4); - - return cla_channel; -} - -static TEE_Result internal_select(struct tee_se_channel *c, - struct tee_se_aid *aid, int select_ops) -{ - struct cmd_apdu *cmd; - struct resp_apdu *resp; - struct tee_se_session *s; - TEE_Result ret; - TEE_SEReaderProperties prop; - size_t rx_buf_len = 0; - int channel_id; - uint8_t cla_channel; - - assert(c); - - s = tee_se_channel_get_session(c); - channel_id = tee_se_channel_get_id(c); - - if (channel_id >= MAX_LOGICAL_CHANNEL) - panic("invalid channel id"); - - cla_channel = iso7816_get_cla_channel(channel_id); - if (select_ops == FIRST_OR_ONLY_OCCURRENCE) { - assert(aid); - cmd = alloc_cmd_apdu(ISO7816_CLA | cla_channel, - SELECT_CMD, SELECT_BY_AID, - select_ops, aid->length, - rx_buf_len, aid->aid); - } else { - cmd = alloc_cmd_apdu(ISO7816_CLA | cla_channel, - SELECT_CMD, SELECT_BY_AID, - select_ops, 0, rx_buf_len, NULL); - } - - resp = alloc_resp_apdu(rx_buf_len); - - ret = tee_se_session_transmit(s, cmd, resp); - if (ret != TEE_SUCCESS) { - EMSG("exchange apdu failed: %d", ret); - return ret; - } - - tee_se_reader_get_properties(s->reader_proxy, &prop); - if (prop.selectResponseEnable) - tee_se_channel_set_select_response(c, resp); - if (aid) - tee_se_channel_set_aid(c, aid); - - if (resp->sw1 == CMD_OK_SW1 && resp->sw2 == CMD_OK_SW2) { - ret = TEE_SUCCESS; - } else { - EMSG("operation failed, sw1:%02X, sw2:%02X", - resp->sw1, resp->sw2); - if (resp->sw1 == 0x6A && resp->sw2 == 0x83) - ret = TEE_ERROR_ITEM_NOT_FOUND; - else - ret = TEE_ERROR_NOT_SUPPORTED; - } - - apdu_release(to_apdu_base(cmd)); - apdu_release(to_apdu_base(resp)); - - return ret; -} - -static TEE_Result internal_manage_channel(struct tee_se_session *s, - bool open_ops, int *channel_id) -{ - struct cmd_apdu *cmd; - struct resp_apdu *resp; - TEE_Result ret; - size_t tx_buf_len = 0, rx_buf_len = 1; - - uint8_t open_flag = (open_ops) ? OPEN_CHANNEL : CLOSE_CHANNEL; - uint8_t channel_flag = - (open_flag == OPEN_CHANNEL) ? OPEN_NEXT_AVAILABLE : *channel_id; - - assert(s); - - cmd = alloc_cmd_apdu(ISO7816_CLA, MANAGE_CHANNEL_CMD, open_flag, - channel_flag, tx_buf_len, rx_buf_len, NULL); - - resp = alloc_resp_apdu(rx_buf_len); - - ret = tee_se_session_transmit(s, cmd, resp); - if (ret != TEE_SUCCESS) { - EMSG("exchange apdu failed: %d", ret); - return ret; - } - - if (resp->sw1 == CMD_OK_SW1 && resp->sw2 == CMD_OK_SW2) { - if (open_ops) - *channel_id = resp->base.data_buf[0]; - ret = TEE_SUCCESS; - } else { - EMSG("operation failed, sw1:%02X, sw2:%02X", - resp->sw1, resp->sw2); - ret = TEE_ERROR_NOT_SUPPORTED; - } - - apdu_release(to_apdu_base(cmd)); - apdu_release(to_apdu_base(resp)); - - return ret; -} - -TEE_Result iso7816_open_available_logical_channel(struct tee_se_session *s, - int *channel_id) -{ - return internal_manage_channel(s, true, channel_id); -} - -TEE_Result iso7816_close_logical_channel(struct tee_se_session *s, - int channel_id) -{ - return internal_manage_channel(s, false, &channel_id); -} - -TEE_Result iso7816_select(struct tee_se_channel *c, struct tee_se_aid *aid) -{ - return internal_select(c, aid, FIRST_OR_ONLY_OCCURRENCE); -} - -TEE_Result iso7816_select_next(struct tee_se_channel *c) -{ - return internal_select(c, NULL, NEXT_OCCURRENCE); -} diff --git a/core/tee/se/manager.c b/core/tee/se/manager.c deleted file mode 100644 index 325fa13a..00000000 --- a/core/tee/se/manager.c +++ /dev/null @@ -1,131 +0,0 @@ -// SPDX-License-Identifier: BSD-2-Clause -/* - * Copyright (c) 2014, Linaro Limited - */ - -#include <initcall.h> -#include <trace.h> -#include <kernel/mutex.h> -#include <tee/se/manager.h> -#include <tee/se/session.h> -#include <tee/se/reader.h> -#include <tee/se/reader/interface.h> - -#include <stdlib.h> -#include <sys/queue.h> - -#include "reader_priv.h" -#include "session_priv.h" - -TAILQ_HEAD(reader_proxy_head, tee_se_reader_proxy); - -struct tee_se_manager_ctx { - /* number of readers registered */ - size_t reader_count; - /* mutex to pretect the reader proxy list */ - struct mutex mutex; - /* list of registered readers */ - struct reader_proxy_head reader_proxies; -}; -static struct tee_se_manager_ctx se_manager_ctx; - -TEE_Result tee_se_manager_register_reader(struct tee_se_reader *r) -{ - struct tee_se_manager_ctx *ctx = &se_manager_ctx; - struct tee_se_reader_proxy *proxy = - malloc(sizeof(struct tee_se_reader_proxy)); - if (!proxy) - return TEE_ERROR_OUT_OF_MEMORY; - - proxy->reader = r; - proxy->refcnt = 0; - proxy->basic_channel_locked = false; - mutex_init(&proxy->mutex); - - mutex_lock(&ctx->mutex); - TAILQ_INSERT_TAIL(&ctx->reader_proxies, proxy, link); - ctx->reader_count++; - mutex_unlock(&ctx->mutex); - - return TEE_SUCCESS; -} - -TEE_Result tee_se_manager_unregister_reader(struct tee_se_reader *r) -{ - struct tee_se_manager_ctx *ctx = &se_manager_ctx; - struct tee_se_reader_proxy *proxy, *next_proxy; - - mutex_lock(&ctx->mutex); - TAILQ_FOREACH_SAFE(proxy, &ctx->reader_proxies, link, next_proxy) - { - if (proxy->reader == r) - TAILQ_REMOVE(&ctx->reader_proxies, proxy, link); - free(proxy); - } - ctx->reader_count--; - mutex_unlock(&ctx->mutex); - - return TEE_SUCCESS; -} - -size_t tee_se_manager_get_reader_count(void) -{ - struct tee_se_manager_ctx *ctx = &se_manager_ctx; - - return ctx->reader_count; -} - -TEE_Result tee_se_manager_get_readers( - struct tee_se_reader_proxy **proxy_list, - size_t *proxy_list_size) -{ - struct tee_se_manager_ctx *ctx = &se_manager_ctx; - struct tee_se_reader_proxy *proxy; - size_t i = 0; - - if (TAILQ_EMPTY(&ctx->reader_proxies)) - return TEE_ERROR_ITEM_NOT_FOUND; - - TAILQ_FOREACH(proxy, &ctx->reader_proxies, link) { - if (i >= *proxy_list_size) - return TEE_ERROR_SHORT_BUFFER; - - proxy_list[i] = proxy; - i++; - } - *proxy_list_size = i; - - return TEE_SUCCESS; -} - -bool tee_se_manager_is_reader_proxy_valid( - struct tee_se_reader_proxy *proxy) -{ - struct tee_se_manager_ctx *ctx = &se_manager_ctx; - struct tee_se_reader_proxy *h; - - TAILQ_FOREACH(h, &ctx->reader_proxies, link) { - if (h == proxy) - return true; - } - - return false; -} - -static void context_init(struct tee_se_manager_ctx *ctx) -{ - TAILQ_INIT(&ctx->reader_proxies); - mutex_init(&ctx->mutex); - ctx->reader_count = 0; -} - -static TEE_Result tee_se_manager_init(void) -{ - struct tee_se_manager_ctx *ctx = &se_manager_ctx; - - context_init(ctx); - - return TEE_SUCCESS; -} - -service_init(tee_se_manager_init); diff --git a/core/tee/se/reader.c b/core/tee/se/reader.c deleted file mode 100644 index d520aa9d..00000000 --- a/core/tee/se/reader.c +++ /dev/null @@ -1,196 +0,0 @@ -// SPDX-License-Identifier: BSD-2-Clause -/* - * Copyright (c) 2014, Linaro Limited - */ - -#include <assert.h> -#include <kernel/mutex.h> -#include <kernel/panic.h> -#include <string.h> -#include <tee_api_types.h> -#include <trace.h> - -#include <tee/se/reader.h> -#include <tee/se/reader/interface.h> - -#include "reader_priv.h" -#include "session_priv.h" - -TEE_Result tee_se_reader_check_state(struct tee_se_reader_proxy *proxy) -{ - struct tee_se_reader *r; - - if (proxy->refcnt == 0) - return TEE_ERROR_BAD_STATE; - - r = proxy->reader; - if (r->ops->get_state) { - enum tee_se_reader_state state; - - mutex_lock(&proxy->mutex); - state = r->ops->get_state(r); - mutex_unlock(&proxy->mutex); - - if (state != READER_STATE_SE_INSERTED) - return TEE_ERROR_COMMUNICATION; - } - - return TEE_SUCCESS; -} - -TEE_Result tee_se_reader_get_name(struct tee_se_reader_proxy *proxy, - char **reader_name, size_t *reader_name_len) -{ - size_t name_len; - - assert(proxy && proxy->reader); - name_len = strlen(proxy->reader->name); - *reader_name = proxy->reader->name; - *reader_name_len = name_len; - - return TEE_SUCCESS; -} - -void tee_se_reader_get_properties(struct tee_se_reader_proxy *proxy, - TEE_SEReaderProperties *prop) -{ - assert(proxy && proxy->reader); - *prop = proxy->reader->prop; -} - -int tee_se_reader_get_refcnt(struct tee_se_reader_proxy *proxy) -{ - assert(proxy && proxy->reader); - return proxy->refcnt; -} - -TEE_Result tee_se_reader_attach(struct tee_se_reader_proxy *proxy) -{ - TEE_Result ret; - - mutex_lock(&proxy->mutex); - if (proxy->refcnt == 0) { - struct tee_se_reader *r = proxy->reader; - - if (r->ops->open) { - ret = r->ops->open(r); - if (ret != TEE_SUCCESS) { - mutex_unlock(&proxy->mutex); - return ret; - } - } - } - proxy->refcnt++; - mutex_unlock(&proxy->mutex); - return TEE_SUCCESS; -} - -void tee_se_reader_detach(struct tee_se_reader_proxy *proxy) -{ - if (proxy->refcnt <= 0) - panic("invalid refcnf"); - - mutex_lock(&proxy->mutex); - proxy->refcnt--; - if (proxy->refcnt == 0) { - struct tee_se_reader *r = proxy->reader; - - if (r->ops->close) - r->ops->close(r); - } - mutex_unlock(&proxy->mutex); - -} - -TEE_Result tee_se_reader_transmit(struct tee_se_reader_proxy *proxy, - uint8_t *tx_buf, size_t tx_buf_len, - uint8_t *rx_buf, size_t *rx_buf_len) -{ - struct tee_se_reader *r; - TEE_Result ret; - - assert(proxy && proxy->reader); - ret = tee_se_reader_check_state(proxy); - if (ret != TEE_SUCCESS) - return ret; - - mutex_lock(&proxy->mutex); - r = proxy->reader; - - assert(r->ops->transmit); - ret = r->ops->transmit(r, tx_buf, tx_buf_len, rx_buf, rx_buf_len); - - mutex_unlock(&proxy->mutex); - - return ret; -} - -void tee_se_reader_lock_basic_channel(struct tee_se_reader_proxy *proxy) -{ - assert(proxy); - - mutex_lock(&proxy->mutex); - proxy->basic_channel_locked = true; - mutex_unlock(&proxy->mutex); -} - -void tee_se_reader_unlock_basic_channel(struct tee_se_reader_proxy *proxy) -{ - assert(proxy); - - mutex_lock(&proxy->mutex); - proxy->basic_channel_locked = false; - mutex_unlock(&proxy->mutex); -} - -bool tee_se_reader_is_basic_channel_locked(struct tee_se_reader_proxy *proxy) -{ - assert(proxy); - return proxy->basic_channel_locked; -} - -TEE_Result tee_se_reader_get_atr(struct tee_se_reader_proxy *proxy, - uint8_t **atr, size_t *atr_len) -{ - TEE_Result ret; - struct tee_se_reader *r; - - assert(proxy && atr && atr_len); - ret = tee_se_reader_check_state(proxy); - if (ret != TEE_SUCCESS) - return ret; - - mutex_lock(&proxy->mutex); - r = proxy->reader; - - assert(r->ops->get_atr); - ret = r->ops->get_atr(r, atr, atr_len); - - mutex_unlock(&proxy->mutex); - return ret; -} - -TEE_Result tee_se_reader_open_session(struct tee_se_reader_proxy *proxy, - struct tee_se_session **session) -{ - TEE_Result ret; - struct tee_se_session *s; - - assert(session && !*session); - assert(proxy && proxy->reader); - - s = tee_se_session_alloc(proxy); - if (!s) - return TEE_ERROR_OUT_OF_MEMORY; - - ret = tee_se_reader_attach(proxy); - if (ret != TEE_SUCCESS) - goto err_free_session; - - *session = s; - - return TEE_SUCCESS; -err_free_session: - tee_se_session_free(s); - return ret; -} diff --git a/core/tee/se/reader/passthru_reader/driver.c b/core/tee/se/reader/passthru_reader/driver.c deleted file mode 100644 index 595f9867..00000000 --- a/core/tee/se/reader/passthru_reader/driver.c +++ /dev/null @@ -1,97 +0,0 @@ -// SPDX-License-Identifier: BSD-2-Clause -/* - * Copyright (c) 2014, Linaro Limited - */ - -#include <platform_config.h> -#include <io.h> -#include <initcall.h> -#include <tee/se/reader/interface.h> -#include <mm/core_memprot.h> - -#include <trace.h> - -#include <stdlib.h> - -#include "pcsc.h" -#include "reader.h" - -struct pcsc_context { - uint32_t mmio_base; - uint8_t num_readers; - struct pcsc_reader *readers; -}; -static struct pcsc_context pcsc_context; - -register_phys_mem(MEM_AREA_IO_SEC, PCSC_BASE, 0x1000); - -static uint32_t pcsc_read_reg(struct pcsc_context *ctx, uint8_t offset) -{ - return read32(ctx->mmio_base + offset); -} - -static void pcsc_write_reg(struct pcsc_context *ctx, uint8_t offset, - uint32_t value) __attribute__((unused)); -static void pcsc_write_reg(struct pcsc_context *ctx, uint8_t offset, - uint32_t value) -{ - write32(ctx->mmio_base + offset, value); -} - -static TEE_Result populate_readers(struct pcsc_context *ctx) -{ - int i; - uint32_t reader_mmio_base = ctx->mmio_base + PCSC_REG_MAX; - TEE_Result ret; - - ctx->readers = malloc(sizeof(struct pcsc_reader) * ctx->num_readers); - if (!ctx->readers) - return TEE_ERROR_OUT_OF_MEMORY; - - for (i = 0; i < ctx->num_readers; i++) { - uint32_t mmio_base = - reader_mmio_base + (i * PCSC_REG_READER_MAX); - struct pcsc_reader *r = &ctx->readers[i]; - - init_reader(r, i, mmio_base); - ret = tee_se_manager_register_reader(&r->se_reader); - if (ret != TEE_SUCCESS) - goto err_rollback; - } - - return TEE_SUCCESS; - -err_rollback: - i--; - while (i) { - tee_se_manager_unregister_reader(&ctx->readers[i].se_reader); - i--; - } - free(ctx->readers); - return ret; -} - -static void context_init(struct pcsc_context *ctx) -{ - ctx->mmio_base = (vaddr_t)phys_to_virt(PCSC_BASE, MEM_AREA_IO_SEC); - if (ctx->mmio_base) { - ctx->num_readers = pcsc_read_reg(ctx, PCSC_REG_NUM_READERS); - DMSG("%d reader detected", ctx->num_readers); - } -} - -static TEE_Result pcsc_passthru_reader_init(void) -{ - TEE_Result ret; - struct pcsc_context *ctx = &pcsc_context; - - context_init(ctx); - - ret = populate_readers(ctx); - if (ret != TEE_SUCCESS) - return ret; - - return TEE_SUCCESS; -} - -driver_init(pcsc_passthru_reader_init); diff --git a/core/tee/se/reader/passthru_reader/pcsc.h b/core/tee/se/reader/passthru_reader/pcsc.h deleted file mode 100644 index c3ad6d41..00000000 --- a/core/tee/se/reader/passthru_reader/pcsc.h +++ /dev/null @@ -1,61 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef PCSC_H -#define PCSC_H - -/* common control registers */ -#define PCSC_REG_NUM_READERS 0x0 -#define PCSC_REG_IRQ_STATUS 0x4 -#define PCSC_IRQ_STATE_CHANGE 0x1 -#define PCSC_REG_MAX 0x8 - -/* per-reader control/status registers */ -#define PCSC_REG_READER_CONTROL 0x0 -/* preferred protocol, directly mapped to pcsclite */ -#define PCSC_READER_CTL_PROTOCOL_T0 0x0001 -#define PCSC_READER_CTL_PROTOCOL_T1 0x0002 -#define PCSC_READER_CTL_PROTOCOL_T15 0x0004 -#define PCSC_READER_CTL_PROTOCOL_RAW 0x0008 -#define PCSC_READER_CTL_PROTOCOL_MASK 0x000f -/* shared mode, directly mapped to pcsclite */ -#define PCSC_READER_CTL_SHARE_MASK 0x0030 -#define PCSC_READER_CTL_SHARE_SHIFT 4 -#define PCSC_READER_CTL_SHARE_EXCLUSIVE 0x0010 -#define PCSC_READER_CTL_SHARE_SHARED 0x0020 -#define PCSC_READER_CTL_SHARE_DIRECT 0x0030 -/* disposition mode, directly mapped to pcsclite */ -#define PCSC_READER_CTL_DISPOSITION_MASK 0x0300 -#define PCSC_READER_CTL_DISPOSITION_SHIFT 8 -#define PCSC_READER_CTL_DISPOSITION_LEAVE_CARD 0x0000 -#define PCSC_READER_CTL_DISPOSITION_RESET_CARD 0x0100 -#define PCSC_READER_CTL_DISPOSITION_UNPOWER_CARD 0x0200 -#define PCSC_READER_CTL_DISPOSITION_EJECT_CARD 0x0300 -/* reader commands */ -#define PCSC_READER_CTL_CONNECT 0x1000 -#define PCSC_READER_CTL_DISCONNECT 0x2000 -#define PCSC_READER_CTL_READ_ATR 0x4000 -#define PCSC_READER_CTL_TRANSMIT 0x8000 -#define PCSC_REG_READER_STATE 0x4 -/* reader state, directly mapped to pcsclite */ -#define PCSC_READER_STATE_IGNORE 0x0001 -#define PCSC_READER_STATE_CHANGED 0x0002 -#define PCSC_READER_STATE_UNKNOWN 0x0004 -#define PCSC_READER_STATE_UNAVAILABLE 0x0008 -#define PCSC_READER_STATE_EMPTY 0x0010 -#define PCSC_READER_STATE_PRESENT 0x0020 -#define PCSC_READER_STATE_ATRMATCH 0x0040 -#define PCSC_READER_STATE_EXCLUSIVE 0x0080 -#define PCSC_READER_STATE_INUSE 0x0100 -#define PCSC_READER_STATE_MUTE 0x0200 -#define PCSC_READER_STATE_UNPOWERED 0x0400 -#define PCSC_REG_READER_TX_ADDR 0x8 -#define PCSC_REG_READER_TX_SIZE 0xc -#define PCSC_REG_READER_RX_ADDR 0x10 -#define PCSC_REG_READER_RX_SIZE 0x14 -#define PCSC_REG_READER_ATR_LEN 0x18 -#define PCSC_REG_READER_MAX 0x1c - -#endif diff --git a/core/tee/se/reader/passthru_reader/reader.c b/core/tee/se/reader/passthru_reader/reader.c deleted file mode 100644 index e3becf62..00000000 --- a/core/tee/se/reader/passthru_reader/reader.c +++ /dev/null @@ -1,226 +0,0 @@ -// SPDX-License-Identifier: BSD-2-Clause -/* - * Copyright (c) 2014, Linaro Limited - */ - -#include <io.h> -#include <kernel/panic.h> -#include <mm/core_memprot.h> -#include <stdio.h> -#include <trace.h> - -#include <tee/se/util.h> -#include <tee/se/reader/interface.h> - -#include "pcsc.h" -#include "reader.h" - -static void pcsc_reader_dump(struct pcsc_reader *r) -{ - DMSG("[%s]:", r->se_reader.name); - if (r->state & PCSC_READER_STATE_IGNORE) - DMSG(" Ignore this reader"); - - if (r->state & PCSC_READER_STATE_UNKNOWN) - DMSG(" Reader unknown"); - - if (r->state & PCSC_READER_STATE_UNAVAILABLE) - DMSG(" Status unavailable"); - - if (r->state & PCSC_READER_STATE_EMPTY) - DMSG(" Card removed"); - - if (r->state & PCSC_READER_STATE_PRESENT) - DMSG(" Card inserted"); - - if (r->state & PCSC_READER_STATE_ATRMATCH) - DMSG(" ATR matches card"); - - if (r->state & PCSC_READER_STATE_EXCLUSIVE) - DMSG(" Exclusive Mode"); - - if (r->state & PCSC_READER_STATE_INUSE) - DMSG(" Shared Mode"); - - if (r->state & PCSC_READER_STATE_MUTE) - DMSG(" Unresponsive card"); - - if (r->state & PCSC_READER_STATE_UNPOWERED) - DMSG(" Reader Unpowered,"); - - if (r->state & PCSC_READER_STATE_PRESENT) - DMSG("Card Connected: [%s]", - r->connected ? "Yes" : "No"); - - if (r->connected) { - char dumpbuf[DUMP_BUF_MAX], *buf = dumpbuf; - size_t remain = DUMP_BUF_MAX; - - buf = print_buf(buf, &remain, "ATR: "); - dump_hex(buf, &remain, r->atr, r->atr_len); - DMSG("%s", buf); - } -} - -static uint32_t pcsc_reader_read_reg(struct pcsc_reader *r, uint32_t offset) -{ - return read32(r->mmio_base + offset); -} - -static void pcsc_reader_write_reg(struct pcsc_reader *r, uint32_t offset, - uint32_t value) -{ - write32(value, r->mmio_base + offset); -} - -static void pcsc_reader_get_atr(struct pcsc_reader *r) -{ - uint32_t atr_paddr = 0; - uint32_t atr_len = pcsc_reader_read_reg(r, PCSC_REG_READER_ATR_LEN); - - atr_paddr = virt_to_phys((void *)r->atr); - pcsc_reader_write_reg(r, PCSC_REG_READER_RX_ADDR, - atr_paddr); - pcsc_reader_write_reg(r, PCSC_REG_READER_RX_SIZE, - atr_len); - pcsc_reader_write_reg(r, PCSC_REG_READER_CONTROL, - PCSC_READER_CTL_READ_ATR); - r->atr_len = atr_len; -} - -static void pcsc_reader_connect(struct pcsc_reader *r) -{ - if (r->connected) - panic(); - - pcsc_reader_write_reg(r, PCSC_REG_READER_CONTROL, - PCSC_READER_CTL_CONNECT | - PCSC_READER_CTL_PROTOCOL_T1 | - PCSC_READER_CTL_SHARE_SHARED); - r->connected = true; - pcsc_reader_get_atr(r); -} - -static void pcsc_reader_disconnect(struct pcsc_reader *r) -{ - if (!r->connected) - panic(); - - pcsc_reader_write_reg(r, PCSC_REG_READER_CONTROL, - PCSC_READER_CTL_DISCONNECT | - PCSC_READER_CTL_DISPOSITION_RESET_CARD); - r->connected = false; - r->atr_len = 0; -} - -static TEE_Result pcsc_reader_transmit(struct pcsc_reader *r, uint8_t *tx_buf, - size_t tx_len, uint8_t *rx_buf, size_t *rx_len) -{ - uint32_t tx_buf_paddr = 0, rx_buf_paddr = 0; - - if (!r->connected) - panic(); - - tx_buf_paddr = virt_to_phys((void *)tx_buf); - rx_buf_paddr = virt_to_phys((void *)rx_buf); - - pcsc_reader_write_reg(r, PCSC_REG_READER_TX_ADDR, - tx_buf_paddr); - pcsc_reader_write_reg(r, PCSC_REG_READER_TX_SIZE, - tx_len); - pcsc_reader_write_reg(r, PCSC_REG_READER_RX_ADDR, - rx_buf_paddr); - pcsc_reader_write_reg(r, PCSC_REG_READER_RX_SIZE, - *rx_len); - pcsc_reader_write_reg(r, PCSC_REG_READER_CONTROL, - PCSC_READER_CTL_TRANSMIT); - - *rx_len = pcsc_reader_read_reg(r, PCSC_REG_READER_RX_SIZE); - return TEE_SUCCESS; -} - -static TEE_Result pcsc_passthru_reader_open(struct tee_se_reader *se_reader) -{ - struct pcsc_reader *r = se_reader->private_data; - - if (!se_reader->prop.sePresent) { - EMSG("SE is not present"); - return TEE_ERROR_COMMUNICATION; - } - - pcsc_reader_connect(r); - - pcsc_reader_dump(r); - - return TEE_SUCCESS; -} - -static void pcsc_passthru_reader_close(struct tee_se_reader *se_reader) -{ - struct pcsc_reader *r = se_reader->private_data; - - pcsc_reader_disconnect(r); - - pcsc_reader_dump(r); -} - -static TEE_Result pcsc_passthru_reader_transmit(struct tee_se_reader *se_reader, - uint8_t *tx_buf, size_t tx_len, uint8_t *rx_buf, size_t *rx_len) -{ - struct pcsc_reader *r = se_reader->private_data; - - return pcsc_reader_transmit(r, tx_buf, tx_len, rx_buf, rx_len); -} - -static enum tee_se_reader_state pcsc_passthru_reader_get_state( - struct tee_se_reader *se_reader) -{ - struct pcsc_reader *r = se_reader->private_data; - - if (r->state & PCSC_READER_STATE_PRESENT) - return READER_STATE_SE_INSERTED; - else - return READER_STATE_SE_EJECTED; -} - -static TEE_Result pcsc_passthru_reader_get_atr( - struct tee_se_reader *se_reader, uint8_t **atr, - size_t *atr_len) -{ - struct pcsc_reader *r = se_reader->private_data; - - if (r->atr_len > 0) { - *atr = r->atr; - *atr_len = r->atr_len; - return TEE_SUCCESS; - } else - return TEE_ERROR_COMMUNICATION; -} - -static struct tee_se_reader_ops pcsc_passthru_reader_ops = { - .open = pcsc_passthru_reader_open, - .close = pcsc_passthru_reader_close, - .get_state = pcsc_passthru_reader_get_state, - .get_atr = pcsc_passthru_reader_get_atr, - .transmit = pcsc_passthru_reader_transmit, -}; - -void init_reader(struct pcsc_reader *r, uint8_t index, uint32_t mmio_base) -{ - r->index = index; - r->mmio_base = mmio_base; - r->atr_len = 0; - r->state = pcsc_reader_read_reg(r, PCSC_REG_READER_STATE); - - snprintf(r->se_reader.name, TEE_SE_READER_NAME_MAX, - "tee_reader_pcsc#%d", index); - r->se_reader.ops = &pcsc_passthru_reader_ops; - r->se_reader.prop.teeOnly = true; - r->se_reader.prop.selectResponseEnable = true; - if (r->state & PCSC_READER_STATE_PRESENT) - r->se_reader.prop.sePresent = true; - else - r->se_reader.prop.sePresent = false; - r->se_reader.private_data = r; -} - diff --git a/core/tee/se/reader/passthru_reader/reader.h b/core/tee/se/reader/passthru_reader/reader.h deleted file mode 100644 index 2ddba16d..00000000 --- a/core/tee/se/reader/passthru_reader/reader.h +++ /dev/null @@ -1,23 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef READER_H -#define READER_H - -#define MAX_ATR_SIZE 23 - -struct pcsc_reader { - bool connected; - uint8_t index; - uint32_t state; - uint32_t mmio_base; - uint8_t atr[MAX_ATR_SIZE]; - uint8_t atr_len; - struct tee_se_reader se_reader; -}; - -void init_reader(struct pcsc_reader *r, uint8_t index, uint32_t mmio_base); - -#endif diff --git a/core/tee/se/reader/passthru_reader/sub.mk b/core/tee/se/reader/passthru_reader/sub.mk deleted file mode 100644 index f5b1e08d..00000000 --- a/core/tee/se/reader/passthru_reader/sub.mk +++ /dev/null @@ -1 +0,0 @@ -srcs-y += driver.c reader.c diff --git a/core/tee/se/reader/sub.mk b/core/tee/se/reader/sub.mk deleted file mode 100644 index 7899bcc0..00000000 --- a/core/tee/se/reader/sub.mk +++ /dev/null @@ -1 +0,0 @@ -subdirs-${CFG_PCSC_PASSTHRU_READER_DRV} = passthru_reader diff --git a/core/tee/se/reader_priv.h b/core/tee/se/reader_priv.h deleted file mode 100644 index 3c777321..00000000 --- a/core/tee/se/reader_priv.h +++ /dev/null @@ -1,27 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef TEE_SE_READER_PRIV_H -#define TEE_SE_READER_PRIV_H - -/* - * Reader Proxy is used to serialize access from multiple seesions, - * and maintain reference counter. All access to the reader should - * go through Reader Proxy - */ -struct tee_se_reader_proxy { - struct tee_se_reader *reader; - int refcnt; - bool basic_channel_locked; - struct mutex mutex; - - TAILQ_ENTRY(tee_se_reader_proxy) link; -}; - -TEE_Result tee_se_reader_check_state(struct tee_se_reader_proxy *proxy); - -int tee_se_reader_get_refcnt(struct tee_se_reader_proxy *proxy); - -#endif diff --git a/core/tee/se/service.c b/core/tee/se/service.c deleted file mode 100644 index 885aeed8..00000000 --- a/core/tee/se/service.c +++ /dev/null @@ -1,187 +0,0 @@ -// SPDX-License-Identifier: BSD-2-Clause -/* - * Copyright (c) 2014, Linaro Limited - */ - -#include <assert.h> -#include <tee_api_types.h> -#include <trace.h> - -#include <kernel/tee_ta_manager.h> -#include <kernel/user_ta.h> -#include <tee/se/service.h> -#include <tee/se/session.h> -#include <tee/se/reader.h> - -#include "service_priv.h" -#include "reader_priv.h" -#include "session_priv.h" - -TEE_Result tee_se_service_open( - struct tee_se_service **service) -{ - TEE_Result ret; - struct tee_se_service *h; - struct tee_ta_session *sess; - struct user_ta_ctx *utc; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - utc = to_user_ta_ctx(sess->ctx); - - assert(service); - if (utc->se_service != NULL) - return TEE_ERROR_ACCESS_CONFLICT; - - h = malloc(sizeof(struct tee_se_service)); - if (!h) - return TEE_ERROR_OUT_OF_MEMORY; - - TAILQ_INIT(&h->opened_sessions); - TAILQ_INIT(&h->closed_sessions); - mutex_init(&h->mutex); - *service = h; - - utc->se_service = h; - - return TEE_SUCCESS; -} - -TEE_Result tee_se_service_add_session( - struct tee_se_service *service, - struct tee_se_session *session) -{ - assert(service && session); - - mutex_lock(&service->mutex); - TAILQ_INSERT_TAIL(&service->opened_sessions, session, link); - mutex_unlock(&service->mutex); - - return TEE_SUCCESS; -} - -TEE_Result tee_se_service_is_session_closed( - struct tee_se_service *service, - struct tee_se_session *session) -{ - struct tee_se_session *s; - - TAILQ_FOREACH(s, &service->closed_sessions, link) { - if (s == session) - return TEE_SUCCESS; - } - - return tee_se_reader_check_state(session->reader_proxy); -} - -void tee_se_service_close_session( - struct tee_se_service *service, - struct tee_se_session *session) -{ - assert(service && session); - - tee_se_session_close(session); - - mutex_lock(&service->mutex); - - TAILQ_REMOVE(&service->opened_sessions, - session, link); - TAILQ_INSERT_TAIL(&service->closed_sessions, - session, link); - - mutex_unlock(&service->mutex); -} - -void tee_se_service_close_sessions_by_reader( - struct tee_se_service *service, - struct tee_se_reader_proxy *proxy) -{ - struct tee_se_session *s; - - assert(service && proxy); - - TAILQ_FOREACH(s, &service->opened_sessions, link) { - if (s->reader_proxy == proxy) - tee_se_service_close_session(service, s); - } -} - -TEE_Result tee_se_service_close( - struct tee_se_service *service __unused) -{ - TEE_Result ret; - struct tee_se_service *h; - struct tee_se_session *s; - struct tee_ta_session *sess; - struct user_ta_ctx *utc; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - - utc = to_user_ta_ctx(sess->ctx); - assert(utc->se_service); - h = utc->se_service; - - /* clean up all sessions */ - mutex_lock(&h->mutex); - TAILQ_FOREACH(s, &h->opened_sessions, link) { - TAILQ_REMOVE(&h->opened_sessions, s, link); - tee_se_session_close(s); - } - - TAILQ_FOREACH(s, &h->closed_sessions, link) - TAILQ_REMOVE(&h->closed_sessions, s, link); - - mutex_unlock(&h->mutex); - - free(h); - - return TEE_SUCCESS; -} - -bool tee_se_service_is_valid(struct tee_se_service *service) -{ - TEE_Result ret; - struct tee_ta_session *sess; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return false; - - if (to_user_ta_ctx(sess->ctx)->se_service == service) - return true; - else - return false; -} - -bool tee_se_service_is_session_valid( - struct tee_se_service *service, - struct tee_se_session *session_service) -{ - struct tee_se_session *sh; - - TAILQ_FOREACH(sh, &service->opened_sessions, link) { - if (sh == session_service) - return true; - } - TAILQ_FOREACH(sh, &service->closed_sessions, link) { - if (sh == session_service) - return true; - } - return false; -} - -bool tee_se_service_is_channel_valid(struct tee_se_service *service, - struct tee_se_channel *channel) -{ - struct tee_se_session *s; - - TAILQ_FOREACH(s, &service->opened_sessions, link) { - if (tee_se_session_is_channel_exist(s, channel)) - return true; - } - - return false; -} diff --git a/core/tee/se/service_priv.h b/core/tee/se/service_priv.h deleted file mode 100644 index 946eaa05..00000000 --- a/core/tee/se/service_priv.h +++ /dev/null @@ -1,20 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef TEE_SE_SERVICE_PRIV_H -#define TEE_SE_SERVICE_PRIV_H - -TAILQ_HEAD(se_session_head, tee_se_session); - -struct tee_se_service { - /* list of sessions opened on the service */ - struct se_session_head opened_sessions; - /* list of sessions closed on the service */ - struct se_session_head closed_sessions; - /* mutex to pretect the session lists */ - struct mutex mutex; -}; - -#endif diff --git a/core/tee/se/session.c b/core/tee/se/session.c deleted file mode 100644 index 435b355c..00000000 --- a/core/tee/se/session.c +++ /dev/null @@ -1,172 +0,0 @@ -// SPDX-License-Identifier: BSD-2-Clause -/* - * Copyright (c) 2014, Linaro Limited - */ - -#include <assert.h> -#include <kernel/mutex.h> -#include <stdlib.h> -#include <sys/queue.h> -#include <trace.h> - -#include <tee/se/reader.h> -#include <tee/se/session.h> -#include <tee/se/channel.h> -#include <tee/se/iso7816.h> - -#include "session_priv.h" -#include "channel_priv.h" - -struct tee_se_session *tee_se_session_alloc( - struct tee_se_reader_proxy *proxy) -{ - struct tee_se_session *s; - - assert(proxy); - s = malloc(sizeof(struct tee_se_session)); - if (s) { - TAILQ_INIT(&s->channels); - s->reader_proxy = proxy; - } - return s; -} - -void tee_se_session_free(struct tee_se_session *s) -{ - free(s); -} - -bool tee_se_session_is_channel_exist(struct tee_se_session *s, - struct tee_se_channel *c) -{ - struct tee_se_channel *c1; - - TAILQ_FOREACH(c1, &s->channels, link) { - if (c1 == c) - return true; - } - return false; -} - -TEE_Result tee_se_session_get_atr(struct tee_se_session *s, - uint8_t **atr, size_t *atr_len) -{ - assert(s && atr && atr_len); - - return tee_se_reader_get_atr(s->reader_proxy, atr, atr_len); -} - -TEE_Result tee_se_session_open_basic_channel(struct tee_se_session *s, - struct tee_se_aid *aid, struct tee_se_channel **channel) -{ - struct tee_se_channel *c; - TEE_Result ret; - - assert(s && channel && !*channel); - - if (tee_se_reader_is_basic_channel_locked(s->reader_proxy)) { - *channel = NULL; - return TEE_ERROR_NOT_SUPPORTED; - } - - c = tee_se_channel_alloc(s, 0); - if (!c) - return TEE_ERROR_OUT_OF_MEMORY; - - if (aid) { - ret = iso7816_select(c, aid); - if (ret != TEE_SUCCESS) - goto err_free_channel; - } - - tee_se_reader_lock_basic_channel(s->reader_proxy); - *channel = c; - TAILQ_INSERT_TAIL(&s->channels, c, link); - - return TEE_SUCCESS; - -err_free_channel: - tee_se_channel_free(c); - return ret; -} - -TEE_Result tee_se_session_open_logical_channel(struct tee_se_session *s, - struct tee_se_aid *aid, struct tee_se_channel **channel) -{ - int channel_id; - struct tee_se_channel *c; - TEE_Result ret; - - assert(s && channel && !*channel); - - ret = iso7816_open_available_logical_channel(s, &channel_id); - if (ret != TEE_SUCCESS) - return ret; - - c = tee_se_channel_alloc(s, channel_id); - if (!c) - goto err_close_channel; - - if (aid != NULL) { - ret = iso7816_select(c, aid); - if (ret != TEE_SUCCESS) - goto err_free_channel; - } - - *channel = c; - TAILQ_INSERT_TAIL(&s->channels, c, link); - - return TEE_SUCCESS; - -err_free_channel: - tee_se_channel_free(c); -err_close_channel: - iso7816_close_logical_channel(s, channel_id); - - return ret; -} - -void tee_se_session_close_channel(struct tee_se_session *s, - struct tee_se_channel *c) -{ - int channel_id; - - assert(s && c); - channel_id = tee_se_channel_get_id(c); - if (channel_id > 0) { - iso7816_close_logical_channel(s, channel_id); - } else { - tee_se_reader_unlock_basic_channel(s->reader_proxy); - } - - TAILQ_REMOVE(&s->channels, c, link); - tee_se_channel_free(c); -} - -TEE_Result tee_se_session_transmit(struct tee_se_session *s, - struct cmd_apdu *c, struct resp_apdu *r) -{ - struct tee_se_reader_proxy *h = s->reader_proxy; - - /* - * This call might block the caller. - * The reader proxy will make sure only 1 session - * is transmitting. Others should wait until the - * activating transation finished. - */ - return iso7816_exchange_apdu(h, c, r); -} - -void tee_se_session_close(struct tee_se_session *s) -{ - struct tee_se_channel *c; - - assert(s); - - TAILQ_FOREACH(c, &s->channels, link) - tee_se_session_close_channel(s, c); - - tee_se_reader_detach(s->reader_proxy); - - tee_se_session_free(s); -} diff --git a/core/tee/se/session_priv.h b/core/tee/se/session_priv.h deleted file mode 100644 index 8f5fd0ea..00000000 --- a/core/tee/se/session_priv.h +++ /dev/null @@ -1,24 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -#ifndef TEE_SE_SESSION_PRIV_H -#define TEE_SE_SESSION_PRIV_H - -TAILQ_HEAD(channel_list, tee_se_channel); - -struct tee_se_session { - struct tee_se_reader_proxy *reader_proxy; - - /* list of channels opened on the session*/ - struct channel_list channels; - - TAILQ_ENTRY(tee_se_session) link; -}; - -struct tee_se_session *tee_se_session_alloc(struct tee_se_reader_proxy *proxy); - -void tee_se_session_free(struct tee_se_session *s); - -#endif diff --git a/core/tee/se/sub.mk b/core/tee/se/sub.mk deleted file mode 100644 index f5ebdd83..00000000 --- a/core/tee/se/sub.mk +++ /dev/null @@ -1,3 +0,0 @@ -srcs-y += service.c manager.c reader.c iso7816.c session.c channel.c aid.c apdu.c util.c svc.c - -subdirs-y += reader diff --git a/core/tee/se/svc.c b/core/tee/se/svc.c deleted file mode 100644 index bd261700..00000000 --- a/core/tee/se/svc.c +++ /dev/null @@ -1,494 +0,0 @@ -// SPDX-License-Identifier: BSD-2-Clause -/* - * Copyright (c) 2014, Linaro Limited - */ -#include <tee_api_types.h> -#include <kernel/tee_ta_manager.h> -#include <kernel/user_ta.h> -#include <tee/tee_svc.h> -#include <tee/se/svc.h> -#include <trace.h> -#include <utee_defines.h> - -TEE_Result syscall_se_service_open(uint32_t *service_handle) -{ - struct tee_ta_session *sess; - struct tee_se_service *kservice; - TEE_Result ret; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - - ret = tee_se_service_open(&kservice); - if (ret != TEE_SUCCESS) - return ret; - - return tee_svc_copy_kaddr_to_uref(service_handle, kservice); -} - -TEE_Result syscall_se_service_close(unsigned long service_handle) -{ - struct tee_se_service *h = tee_svc_uref_to_kaddr(service_handle); - - if (!tee_se_service_is_valid(h)) - return TEE_ERROR_BAD_PARAMETERS; - - return tee_se_service_close(h); -} - -TEE_Result syscall_se_service_get_readers(unsigned long service_handle, - uint32_t *reader_handles, uint64_t *len) -{ - TEE_Result ret; - size_t i; - size_t tmp_klen; - uint64_t klen; - struct tee_se_service *h = tee_svc_uref_to_kaddr(service_handle); - struct tee_ta_session *sess; - struct tee_se_reader_proxy **kreaders; - size_t kreaders_size; - - if (!tee_se_service_is_valid(h)) - return TEE_ERROR_BAD_PARAMETERS; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - - ret = tee_svc_copy_from_user(&klen, len, sizeof(klen)); - if (ret != TEE_SUCCESS) - return ret; - - if (klen < tee_se_manager_get_reader_count()) - return TEE_ERROR_SHORT_BUFFER; - - kreaders_size = klen * sizeof(struct tee_se_reader_proxy *); - kreaders = malloc(kreaders_size); - if (kreaders == NULL) - return TEE_ERROR_OUT_OF_MEMORY; - - tmp_klen = klen; - ret = tee_se_manager_get_readers(kreaders, &tmp_klen); - if (ret != TEE_SUCCESS) - goto err_free_kreaders; - klen = tmp_klen; - - for (i = 0; i < klen; i++) { - ret = tee_svc_copy_kaddr_to_uref(&reader_handles[i], - kreaders[i]); - if (ret != TEE_SUCCESS) - goto err_free_kreaders; - } - - ret = tee_svc_copy_to_user(len, &klen, sizeof(*len)); - -err_free_kreaders: - free(kreaders); - - return ret; -} - -TEE_Result syscall_se_reader_get_prop(unsigned long reader_handle, uint32_t *p) -{ - TEE_Result ret; - TEE_SEReaderProperties kprop; - uint32_t kp = 0; - struct tee_se_reader_proxy *r = tee_svc_uref_to_kaddr(reader_handle); - struct tee_ta_session *sess; - - if (!tee_se_manager_is_reader_proxy_valid(r)) - return TEE_ERROR_BAD_PARAMETERS; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - - tee_se_reader_get_properties(r, &kprop); - if (kprop.sePresent) - kp |= UTEE_SE_READER_PRESENT; - if (kprop.teeOnly) - kp |= UTEE_SE_READER_TEE_ONLY; - if (kprop.selectResponseEnable) - kp |= UTEE_SE_READER_SELECT_RESPONE_ENABLE; - ret = tee_svc_copy_to_user(p, &kp, sizeof(kp)); - if (ret != TEE_SUCCESS) - return ret; - - return TEE_SUCCESS; -} - -TEE_Result syscall_se_reader_get_name(unsigned long reader_handle, - char *name, uint64_t *name_len) -{ - TEE_Result ret; - struct tee_se_reader_proxy *r = tee_svc_uref_to_kaddr(reader_handle); - struct tee_ta_session *sess; - char *kname; - size_t kname_len; - uint64_t uname_len; - - if (!tee_se_manager_is_reader_proxy_valid(r)) - return TEE_ERROR_BAD_PARAMETERS; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - - ret = tee_svc_copy_from_user(&uname_len, name_len, sizeof(uname_len)); - if (ret != TEE_SUCCESS) - return ret; - - kname_len = uname_len; - tee_se_reader_get_name(r, &kname, &kname_len); - - if (uname_len < kname_len) - return TEE_ERROR_SHORT_BUFFER; - - ret = tee_svc_copy_to_user(name, kname, kname_len); - if (ret != TEE_SUCCESS) - return ret; - - uname_len = kname_len; - ret = tee_svc_copy_to_user(name_len, &uname_len, sizeof(*name_len)); - if (ret != TEE_SUCCESS) - return ret; - - return TEE_SUCCESS; -} - -TEE_Result syscall_se_reader_open_session(unsigned long reader_handle, - uint32_t *session_handle) -{ - TEE_Result ret; - struct tee_se_reader_proxy *r = tee_svc_uref_to_kaddr(reader_handle); - struct tee_ta_session *sess; - struct tee_se_service *service; - struct tee_se_session *ksession = NULL; - - if (!tee_se_manager_is_reader_proxy_valid(r)) - return TEE_ERROR_BAD_PARAMETERS; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - - ret = tee_se_reader_open_session(r, &ksession); - if (ret != TEE_SUCCESS) - return ret; - - service = to_user_ta_ctx(sess->ctx)->se_service; - ret = tee_se_service_add_session(service, ksession); - - ret = tee_svc_copy_kaddr_to_uref(session_handle, ksession); - if (ret != TEE_SUCCESS) - return ret; - - return TEE_SUCCESS; -} - -TEE_Result syscall_se_reader_close_sessions(unsigned long reader_handle) -{ - TEE_Result ret; - struct tee_se_reader_proxy *r = tee_svc_uref_to_kaddr(reader_handle); - struct tee_se_service *service; - struct tee_ta_session *sess; - - if (!tee_se_manager_is_reader_proxy_valid(r)) - return TEE_ERROR_BAD_PARAMETERS; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - - service = to_user_ta_ctx(sess->ctx)->se_service; - tee_se_service_close_sessions_by_reader(service, r); - - return TEE_SUCCESS; -} - -TEE_Result syscall_se_session_is_closed(unsigned long session_handle) -{ - TEE_Result ret; - struct tee_se_session *s = tee_svc_uref_to_kaddr(session_handle); - struct tee_ta_session *sess; - struct tee_se_service *service; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - - service = to_user_ta_ctx(sess->ctx)->se_service; - - if (!tee_se_service_is_session_valid(service, s)) - return TEE_ERROR_BAD_PARAMETERS; - - return tee_se_service_is_session_closed(service, s); -} - -TEE_Result syscall_se_session_get_atr(unsigned long session_handle, - void *atr, uint64_t *atr_len) -{ - TEE_Result ret; - struct tee_se_session *s = tee_svc_uref_to_kaddr(session_handle); - struct tee_ta_session *sess; - struct tee_se_service *service; - size_t katr_len; - uint64_t uatr_len; - uint8_t *katr; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - - service = to_user_ta_ctx(sess->ctx)->se_service; - if (!tee_se_service_is_session_valid(service, s)) - return TEE_ERROR_BAD_PARAMETERS; - - ret = tee_svc_copy_from_user(&uatr_len, atr_len, sizeof(uatr_len)); - if (ret != TEE_SUCCESS) - return ret; - - katr_len = uatr_len; - ret = tee_se_session_get_atr(s, &katr, &katr_len); - if (ret != TEE_SUCCESS) - return ret; - - if (uatr_len < katr_len) - return TEE_ERROR_SHORT_BUFFER; - - ret = tee_svc_copy_to_user(atr, katr, katr_len); - if (ret != TEE_SUCCESS) - return ret; - - uatr_len = katr_len; - ret = tee_svc_copy_to_user(atr_len, &uatr_len, sizeof(*atr_len)); - if (ret != TEE_SUCCESS) - return ret; - - return TEE_SUCCESS; -} - -TEE_Result syscall_se_session_open_channel(unsigned long session_handle, - unsigned long is_logical, const void *aid_buf, - size_t aid_buf_len, uint32_t *channel_handle) -{ - TEE_Result ret; - struct tee_se_session *s = tee_svc_uref_to_kaddr(session_handle); - struct tee_ta_session *sess; - struct tee_se_service *service; - struct tee_se_aid *se_aid = NULL; - struct tee_se_channel *kc = NULL; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - - service = to_user_ta_ctx(sess->ctx)->se_service; - if (!tee_se_service_is_session_valid(service, s)) - return TEE_ERROR_BAD_PARAMETERS; - - if (aid_buf) { - ret = tee_se_aid_create_from_buffer((void *)aid_buf, - aid_buf_len, &se_aid); - if (ret != TEE_SUCCESS) - return ret; - } - - if (is_logical) - ret = tee_se_session_open_logical_channel(s, se_aid, &kc); - else - ret = tee_se_session_open_basic_channel(s, se_aid, &kc); - if (ret != TEE_SUCCESS) - goto error_free_aid; - - ret = tee_svc_copy_kaddr_to_uref(channel_handle, kc); - if (ret != TEE_SUCCESS) - goto error_free_aid; - - return TEE_SUCCESS; - -error_free_aid: - if (se_aid) - tee_se_aid_release(se_aid); - return TEE_SUCCESS; -} - -TEE_Result syscall_se_session_close(unsigned long session_handle) -{ - TEE_Result ret; - struct tee_se_session *s = tee_svc_uref_to_kaddr(session_handle); - struct tee_ta_session *sess; - struct tee_se_service *service; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - - service = to_user_ta_ctx(sess->ctx)->se_service; - if (!tee_se_service_is_session_valid(service, s)) - return TEE_ERROR_BAD_PARAMETERS; - - tee_se_service_close_session(service, s); - - return TEE_SUCCESS; -} - -TEE_Result syscall_se_channel_select_next(unsigned long channel_handle) -{ - TEE_Result ret; - struct tee_se_channel *c = tee_svc_uref_to_kaddr(channel_handle); - struct tee_ta_session *sess; - struct tee_se_service *service; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - - service = to_user_ta_ctx(sess->ctx)->se_service; - if (!tee_se_service_is_channel_valid(service, c)) - return TEE_ERROR_BAD_PARAMETERS; - - tee_se_channel_select_next(c); - - return TEE_SUCCESS; -} - -TEE_Result syscall_se_channel_get_select_resp(unsigned long channel_handle, - void *resp, uint64_t *resp_len) -{ - TEE_Result ret; - struct tee_se_channel *c = tee_svc_uref_to_kaddr(channel_handle); - struct tee_ta_session *sess; - struct tee_se_service *service; - struct resp_apdu *resp_apdu; - size_t kresp_len; - uint64_t uresp_len; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - - service = to_user_ta_ctx(sess->ctx)->se_service; - if (!tee_se_service_is_channel_valid(service, c)) - return TEE_ERROR_BAD_PARAMETERS; - - ret = tee_svc_copy_from_user(&uresp_len, resp_len, sizeof(size_t)); - if (ret != TEE_SUCCESS) - return TEE_ERROR_BAD_PARAMETERS; - - ret = tee_se_channel_get_select_response(c, &resp_apdu); - if (ret != TEE_SUCCESS) - return ret; - - kresp_len = apdu_get_length(to_apdu_base(resp_apdu)); - if (uresp_len < kresp_len) - return TEE_ERROR_SHORT_BUFFER; - - ret = tee_svc_copy_to_user(resp, - apdu_get_data(to_apdu_base(resp_apdu)), kresp_len); - if (ret != TEE_SUCCESS) - return ret; - - uresp_len = kresp_len; - ret = tee_svc_copy_to_user(resp_len, &uresp_len, sizeof(*resp_len)); - if (ret != TEE_SUCCESS) - return ret; - - return TEE_SUCCESS; -} - -TEE_Result syscall_se_channel_transmit(unsigned long channel_handle, - void *cmd, unsigned long cmd_len, void *resp, - uint64_t *resp_len) -{ - TEE_Result ret; - struct tee_se_channel *c = tee_svc_uref_to_kaddr(channel_handle); - struct tee_ta_session *sess; - struct tee_se_service *service; - struct cmd_apdu *cmd_apdu; - struct resp_apdu *resp_apdu; - void *kcmd_buf; - uint64_t kresp_len; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - - service = to_user_ta_ctx(sess->ctx)->se_service; - if (!tee_se_service_is_channel_valid(service, c)) - return TEE_ERROR_BAD_PARAMETERS; - - ret = tee_svc_copy_from_user(&kresp_len, resp_len, sizeof(kresp_len)); - if (ret != TEE_SUCCESS) - return ret; - - kcmd_buf = malloc(cmd_len); - if (kcmd_buf == NULL) - return TEE_ERROR_OUT_OF_MEMORY; - - ret = tee_svc_copy_from_user(kcmd_buf, cmd, cmd_len); - if (ret != TEE_SUCCESS) - goto err_free_cmd_buf; - - cmd_apdu = - alloc_cmd_apdu_from_buf(kcmd_buf, cmd_len); - if (cmd_apdu == NULL) - goto err_free_cmd_buf; - - kresp_len -= 2; /* reserve space for SW1 and SW2 */ - resp_apdu = alloc_resp_apdu(kresp_len); - if (resp_apdu == NULL) - goto err_free_cmd_apdu; - - ret = tee_se_channel_transmit(c, cmd_apdu, resp_apdu); - if (ret != TEE_SUCCESS) - goto err_free_resp_apdu; - - kresp_len = apdu_get_length(to_apdu_base(resp_apdu)); - ret = tee_svc_copy_to_user(resp_len, &kresp_len, sizeof(*resp_len)); - if (ret != TEE_SUCCESS) - goto err_free_resp_apdu; - - ret = tee_svc_copy_to_user(resp, resp_apdu_get_data(resp_apdu), - kresp_len); - if (ret != TEE_SUCCESS) - goto err_free_resp_apdu; - - apdu_release(to_apdu_base(resp_apdu)); - apdu_release(to_apdu_base(cmd_apdu)); - free(kcmd_buf); - - return TEE_SUCCESS; - -err_free_resp_apdu: - apdu_release(to_apdu_base(resp_apdu)); -err_free_cmd_apdu: - apdu_release(to_apdu_base(cmd_apdu)); -err_free_cmd_buf: - free(kcmd_buf); - return ret; -} - -TEE_Result syscall_se_channel_close(unsigned long channel_handle) -{ - TEE_Result ret; - struct tee_se_channel *c = tee_svc_uref_to_kaddr(channel_handle); - struct tee_ta_session *sess; - struct tee_se_session *s; - struct tee_se_service *service; - - ret = tee_ta_get_current_session(&sess); - if (ret != TEE_SUCCESS) - return ret; - - service = to_user_ta_ctx(sess->ctx)->se_service; - if (!tee_se_service_is_channel_valid(service, c)) - return TEE_ERROR_BAD_PARAMETERS; - - s = tee_se_channel_get_session(c); - - tee_se_session_close_channel(s, c); - - return TEE_SUCCESS; -} diff --git a/core/tee/se/util.c b/core/tee/se/util.c deleted file mode 100644 index 61f0e8ef..00000000 --- a/core/tee/se/util.c +++ /dev/null @@ -1,56 +0,0 @@ -// SPDX-License-Identifier: BSD-2-Clause -/* - * Copyright (c) 2014, Linaro Limited - */ - -#include <tee_api_types.h> -#include <trace.h> -#include <tee/se/util.h> - -#include <stdio.h> - -char *print_buf(char *buf, size_t *remain_size, const char *fmt, ...) -{ - va_list ap; - size_t len; - - va_start(ap, fmt); - len = vsnprintf(buf, *remain_size, fmt, ap); - buf += len; - *remain_size -= len; - va_end(ap); - return buf; -} - -void dump_hex(char *buf, size_t *remain_size, uint8_t *input_buf, - size_t input_size) -{ - size_t i; - - for (i = 0; i < input_size; i++) - buf = print_buf(buf, remain_size, "%02X ", input_buf[i]); -} - -void print_hex(uint8_t *input_buf, size_t input_size) -{ - char buf[DUMP_BUF_MAX]; - size_t remain = sizeof(buf); - - dump_hex(buf, &remain, input_buf, input_size); - DMSG("%s", buf); -} - -uint8_t *hex_decode(const char *in, size_t len, uint8_t *out) -{ - size_t i, t, hn, ln; - - for (t = 0, i = 0; i < len; i += 2, ++t) { - hn = in[i] > '9' ? - (in[i] | 32) - 'a' + 10 : in[i] - '0'; - ln = in[i + 1] > '9' ? - (in[i + 1] | 32) - 'a' + 10 : in[i + 1] - '0'; - - out[t] = (hn << 4) | ln; - } - return out; -} diff --git a/core/tee/sub.mk b/core/tee/sub.mk index eef6081d..fb877ace 100644 --- a/core/tee/sub.mk +++ b/core/tee/sub.mk @@ -45,6 +45,3 @@ srcs-$(CFG_SECSTOR_TA) += tadb.c endif #CFG_WITH_USER_TA,y srcs-y += uuid.c - -subdirs-$(CFG_SE_API) += se - diff --git a/documentation/se_api_design.md b/documentation/se_api_design.md deleted file mode 100644 index 83023a8b..00000000 --- a/documentation/se_api_design.md +++ /dev/null @@ -1,145 +0,0 @@ -# GlobalPlatform Secure Element API Design Document - -### BACKGROUND - -A `Secure Element (SE)` is a tamper-resistant platform (typically a one chip -secure microcontroller) capable of securely hosting applications and their -confidential and cryptographic data (e.g. key management) in accordance with the -rules and security requirements set forth by a set of well-identified trusted -authorities. - ->Simplified speaking, SE is a secure platform that can run application (called ->Applet) on it. In order to communicate with Applet, we need a transport ->interface. - -SE can be implemented via one of the following technologies - -- Embedded SE (accessed via platform dependent interface, unremovable) -- Universal Integrated Circuit Card (UICC, accessed via SIM interface) -- Advanced secure MicroSD (accessed via sdio/mmc interface) - -Which means the physical interface between application processor (AP) and SE can -be quite different. GlobalPlatform tries to remove this gap and defined a -standard transport API called `Secure Element API` to cover those different -physical transport layer protocols. - -SE can be accessed directly in TEE, or indirectly accessed via REE. In later -case, a **secure channel** is needed to ensure the data stream is not hijacked -in REE. (For secure channel, we may leverage [TZC 400] to create a secure memory -that is not accessible in REE) - - - -To understand SE API, you need to understand the following terms - -- `Trusted Application (TA)`: An application execute in Trust Execution - Environment (TEE), which is the initiator of SE API. - -- `Applet`: Applications that run on smartcard OS. Secure Element API defines - the method to communicate between host application (in our case, TA) and - Applet. - -- `Service`: A service can be used to retrieve all SE readers available in - the system, it also provides a service to create a session from TA to a - specific Reader. - -- `Session`: It maintains the connection between TA and a specific Reader. - Different TAs can have a session opened on the same reader. It is SE manager's - responsibility to demux the request from different TAs. Upon a session is - opened by a TA, the card is power-up and ready to accept commands. - -- `Reader`: It is an abstraction to describe the transport interface between - the system and SEs. You can imagine that a SD card slot is a Reader connected - with assd. A ril daemon can be another read to talk with UICC cards. Even - embedded SE should have a (virtual) Reader attached to it. - -- `Logical Channel`: It is used by host application (in our case, a TA) to - communicate with applets on the smartcard. [GlobalPlatform Card Specification] - defines maximum 20 logical channels, numbered from 0~19. Channel number 0 is - so-called `Basic logical channel`, or in short, `Basic channel`. A channel can - be opened or closed by a host application. It is the smartcard OS's - responsibility to manage the state of each logical channel. Basic channel is - always open and cannot be closed. A channel must select an applet, which means - the command passed through the channel will be processed by the selected - applet. GlobalPlatform requires a default applet must be selected on basic - channel after system reset. Host application can select different applet by - issuing a `SELECT command` on basic channel. Other logical channels (numbered - 1~19) can be opened with or without a given `Application Identifier` (AID). If - AID is not given, the applet selected on basic channel will be selected on the - just opened logical channel. - -- `MultiSelectable or Non-MultiSelectable`: An applet can be MultiSelectable - or Non-MultiSelectable. For a Non-MultiSelectable applet, it can only be - selected by one channel, further `SELECT command` on another channel that is - targeting to the applet will fail. MultiSelectable applet can be selected by - multiple channels, the applet can decide maximum number of channels it is - willing to accept. - -### DESIGN - -The following figure shows initial architecture of SE API. - - -- `Manager (core/include/tee/se/manager.h)`: This component manages all - Readers on the system. It should provide reader interface for the Reader - developers to register their own Reader instance. (In the case of [JavaCard - Simulator], we should have [PC/SC Passthru Reader] to talk with simulator) It - also provides an interface for client to get `reader handle` on the system. - -- `Reader (core/include/tee/se/reader.h)`: It provides the operations that - can be applied on a `reader handle`. Just like get reader properties and - create session to a reader. It’s also responsible for routing an - operation(open, transmit...etc) to a specific Reader implementation. - -- `Protocol (core/include/tee/se/{protocol.h,aid.h,apdu.h})`: This module - implements the `ISO7816 transport layer` protocol that is used to talk with - smartcard. It relies on operations provided by Reader to transmit `Application - Protocol Data Unit` (APDU, refer to [ISO7816-4]) to a specific SE. - -- `Session (core/include/tee/se/session.h)`: It provides the operations that - can be applied on a session. Just like open basic or logical channel, and - transmit APDU on the session. It relies on protocol layer to create logical, - basic channel and transmit APDU. - -- `Channel (core/include/tee/se/channel.h)`: It provides the operations that - can be applied on a channel. Like transmit an APDU on the channel, select next - applet. It relies on protocol module to select AID, and session module to - transport APDU. - -- `Reader interface (core/include/tee/se/reader/interface.h)`: The abstract - layer used to implement a specific Reader instance, a set of operations need - to be implemented to support a new Reader. - - - `open()`: Triggered when the first session is connected, the Reader should - be powered on and reset. Doing initialization. Detect SE is present or not. - - `close()`: Triggered when the last session to the Reader has been closed. - The Reader can be powered down in this method. - - `get_properties()`: Get properties of the Reader. Something like the - Reader is exclusive to TEE or not. SE is present...etc. - - `get_atr()`: Get ATR message from the Reader. ATR is defined in ISO7816-3, - and it is the message report by SE to describe the ability of SE. - - `transmit()`: Transmit an APDU through the Reader which SE attached to. - -### Reference Documents -- [ISO7816-4] -- [GP Secure Element API] -- [PC/SC Lite] -- [PC/SC Passthru Reader] - -### How to verify -To test SE API, you need [Modified QEMU] and enhanced [JavaCard simulator]. -Please use this [setup script] to setup test environment. - -[Modified QEMU]:https://github.com/m943040028/qemu/tree/smart_card_emul -[JavaCard simulator]:https://github.com/m943040028/jcardsim/tree/se_api -[PC/SC Passthru Reader]:https://github.com/m943040028/pcsc_passthru_driver -[PC/SC Lite]:https://pcsclite.alioth.debian.org/ -[GlobalPlatform Card Specification]:http://www.globalplatform.org/specificationscard.asp -[GP Secure Element API]: http://www.globalplatform.org/specificationsdevice.asp -[TZC 400]: -http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0504c/index.html -[ISO7816-4]: -http://www.embedx.com/pdfs/ISO_STD_7816/info_isoiec7816-4%7Bed2.0%7Den.pdf -[setup script]: -https://raw.githubusercontent.com/m943040028/optee_os/48fe3bf418bda0047784327cbf72e6613ff547b2/scripts/setup_seapi_optee.sh - diff --git a/lib/libutee/arch/arm/utee_syscalls_asm.S b/lib/libutee/arch/arm/utee_syscalls_asm.S index b2615971..7cf08942 100644 --- a/lib/libutee/arch/arm/utee_syscalls_asm.S +++ b/lib/libutee/arch/arm/utee_syscalls_asm.S @@ -121,47 +121,4 @@ UTEE_SYSCALL utee_cryp_obj_generate_key, \ TEE_SCN_CRYP_OBJ_GENERATE_KEY, 4 - UTEE_SYSCALL utee_se_service_open, TEE_SCN_SE_SERVICE_OPEN, 1 - - UTEE_SYSCALL utee_se_service_close, TEE_SCN_SE_SERVICE_CLOSE, 1 - - UTEE_SYSCALL utee_se_service_get_readers, \ - TEE_SCN_SE_SERVICE_GET_READERS, 3 - - UTEE_SYSCALL utee_se_reader_get_prop, \ - TEE_SCN_SE_READER_GET_PROP, 2 - - UTEE_SYSCALL utee_se_reader_get_name, \ - TEE_SCN_SE_READER_GET_NAME, 3 - - UTEE_SYSCALL utee_se_reader_open_session, \ - TEE_SCN_SE_READER_OPEN_SESSION, 2 - - UTEE_SYSCALL utee_se_reader_close_sessions, \ - TEE_SCN_SE_READER_CLOSE_SESSIONS, 1 - - UTEE_SYSCALL utee_se_session_is_closed, \ - TEE_SCN_SE_SESSION_IS_CLOSED, 1 - - UTEE_SYSCALL utee_se_session_get_atr, \ - TEE_SCN_SE_SESSION_GET_ATR, 3 - - UTEE_SYSCALL utee_se_session_open_channel, \ - TEE_SCN_SE_SESSION_OPEN_CHANNEL, 5 - - UTEE_SYSCALL utee_se_session_close, \ - TEE_SCN_SE_SESSION_CLOSE, 1 - - UTEE_SYSCALL utee_se_channel_select_next, \ - TEE_SCN_SE_CHANNEL_SELECT_NEXT, 1 - - UTEE_SYSCALL utee_se_channel_get_select_resp, \ - TEE_SCN_SE_CHANNEL_GET_SELECT_RESP, 3 - - UTEE_SYSCALL utee_se_channel_transmit, \ - TEE_SCN_SE_CHANNEL_TRANSMIT, 5 - - UTEE_SYSCALL utee_se_channel_close, \ - TEE_SCN_SE_CHANNEL_CLOSE, 1 - UTEE_SYSCALL utee_cache_operation, TEE_SCN_CACHE_OPERATION, 3 diff --git a/lib/libutee/include/tee_internal_se_api.h b/lib/libutee/include/tee_internal_se_api.h deleted file mode 100644 index 094da70f..00000000 --- a/lib/libutee/include/tee_internal_se_api.h +++ /dev/null @@ -1,56 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014, Linaro Limited - */ - -/* Based on GP TEE Secure Element API Specification Version 1.00 */ -#ifndef TEE_INTERNAL_SE_API_H -#define TEE_INTERNAL_SE_API_H - -#include <tee_api_defines.h> -#include <tee_api_types.h> - -TEE_Result TEE_SEServiceOpen(TEE_SEServiceHandle *seServiceHandle); - -void TEE_SEServiceClose(TEE_SEServiceHandle seServiceHandle); - -TEE_Result TEE_SEServiceGetReaders( - TEE_SEServiceHandle seServiceHandle, - TEE_SEReaderHandle *seReaderHandleList, - size_t *seReaderHandleListLen); - -void TEE_SEReaderGetProperties(TEE_SEReaderHandle seReaderHandle, - TEE_SEReaderProperties *readerProperties); - -TEE_Result TEE_SEReaderGetName(TEE_SEReaderHandle seReaderHandle, - char *readerName, size_t *readerNameLen); - -TEE_Result TEE_SEReaderOpenSession(TEE_SEReaderHandle seReaderHandle, - TEE_SESessionHandle *seSessionHandle); - -void TEE_SEReaderCloseSessions(TEE_SEReaderHandle seReaderHandle); - -TEE_Result TEE_SESessionGetATR(TEE_SESessionHandle seSessionHandle, - void *atr, size_t *atrLen); - -TEE_Result TEE_SESessionIsClosed(TEE_SESessionHandle seSessionHandle); - -void TEE_SESessionClose(TEE_SESessionHandle seSessionHandle); - -TEE_Result TEE_SESessionOpenBasicChannel(TEE_SESessionHandle seSessionHandle, - TEE_SEAID *seAID, TEE_SEChannelHandle *seChannelHandle); - -TEE_Result TEE_SESessionOpenLogicalChannel(TEE_SESessionHandle seSessionHandle, - TEE_SEAID *seAID, TEE_SEChannelHandle *seChannelHandle); - -TEE_Result TEE_SEChannelSelectNext(TEE_SEChannelHandle seChannelHandle); - -TEE_Result TEE_SEChannelGetSelectResponse(TEE_SEChannelHandle seChannelHandle, - void *response, size_t *responseLen); - -TEE_Result TEE_SEChannelTransmit(TEE_SEChannelHandle seChannelHandle, - void *command, size_t commandLen, - void *response, size_t *responseLen); - -void TEE_SEChannelClose(TEE_SEChannelHandle seChannelHandle); -#endif diff --git a/lib/libutee/include/tee_syscall_numbers.h b/lib/libutee/include/tee_syscall_numbers.h index 0e3afd9f..82d429b3 100644 --- a/lib/libutee/include/tee_syscall_numbers.h +++ b/lib/libutee/include/tee_syscall_numbers.h @@ -61,21 +61,23 @@ #define TEE_SCN_STORAGE_OBJ_TRUNC 52 #define TEE_SCN_STORAGE_OBJ_SEEK 53 #define TEE_SCN_CRYP_OBJ_GENERATE_KEY 54 -#define TEE_SCN_SE_SERVICE_OPEN 55 -#define TEE_SCN_SE_SERVICE_CLOSE 56 -#define TEE_SCN_SE_SERVICE_GET_READERS 57 -#define TEE_SCN_SE_READER_GET_PROP 58 -#define TEE_SCN_SE_READER_GET_NAME 59 -#define TEE_SCN_SE_READER_OPEN_SESSION 60 -#define TEE_SCN_SE_READER_CLOSE_SESSIONS 61 -#define TEE_SCN_SE_SESSION_IS_CLOSED 62 -#define TEE_SCN_SE_SESSION_GET_ATR 63 -#define TEE_SCN_SE_SESSION_OPEN_CHANNEL 64 -#define TEE_SCN_SE_SESSION_CLOSE 65 -#define TEE_SCN_SE_CHANNEL_SELECT_NEXT 66 -#define TEE_SCN_SE_CHANNEL_GET_SELECT_RESP 67 -#define TEE_SCN_SE_CHANNEL_TRANSMIT 68 -#define TEE_SCN_SE_CHANNEL_CLOSE 69 +/* Deprecated Secure Element API syscalls return TEE_ERROR_NOT_SUPPORTED */ +#define TEE_SCN_SE_SERVICE_OPEN__DEPRECATED 55 +#define TEE_SCN_SE_SERVICE_CLOSE__DEPRECATED 56 +#define TEE_SCN_SE_SERVICE_GET_READERS__DEPRECATED 57 +#define TEE_SCN_SE_READER_GET_PROP__DEPRECATED 58 +#define TEE_SCN_SE_READER_GET_NAME__DEPRECATED 59 +#define TEE_SCN_SE_READER_OPEN_SESSION__DEPRECATED 60 +#define TEE_SCN_SE_READER_CLOSE_SESSIONS__DEPRECATED 61 +#define TEE_SCN_SE_SESSION_IS_CLOSED__DEPRECATED 62 +#define TEE_SCN_SE_SESSION_GET_ATR__DEPRECATED 63 +#define TEE_SCN_SE_SESSION_OPEN_CHANNEL__DEPRECATED 64 +#define TEE_SCN_SE_SESSION_CLOSE__DEPRECATED 65 +#define TEE_SCN_SE_CHANNEL_SELECT_NEXT__DEPRECATED 66 +#define TEE_SCN_SE_CHANNEL_GET_SELECT_RESP__DEPRECATED 67 +#define TEE_SCN_SE_CHANNEL_TRANSMIT__DEPRECATED 68 +#define TEE_SCN_SE_CHANNEL_CLOSE__DEPRECATED 69 +/* End of deprecated Secure Element API syscalls */ #define TEE_SCN_CACHE_OPERATION 70 #define TEE_SCN_MAX 70 diff --git a/lib/libutee/sub.mk b/lib/libutee/sub.mk index a9bb3279..c608d5d5 100644 --- a/lib/libutee/sub.mk +++ b/lib/libutee/sub.mk @@ -9,7 +9,6 @@ srcs-y += tee_api_arith.c srcs-y += tee_api.c srcs-y += tee_api_objects.c srcs-y += tee_api_operations.c -srcs-y += tee_api_se.c srcs-y += tee_api_panic.c srcs-y += tee_tcpudp_socket.c srcs-y += tee_socket_pta.c diff --git a/lib/libutee/tee_api_se.c b/lib/libutee/tee_api_se.c deleted file mode 100644 index 6b3f026f..00000000 --- a/lib/libutee/tee_api_se.c +++ /dev/null @@ -1,270 +0,0 @@ -// SPDX-License-Identifier: BSD-2-Clause -/* - * Copyright (c) 2014, Linaro Limited - */ - - -#include <tee_api.h> - -#include <tee_internal_se_api.h> -#include <tee_internal_api_extensions.h> -#include <utee_defines.h> -#include <sys/queue.h> - -#include <utee_syscalls.h> - -#define VERIFY_HANDLE(handle, ops) \ -do { \ - if ((handle) == TEE_HANDLE_NULL) \ - TEE_Panic(0); \ - ret = (ops); \ - if (ret == TEE_ERROR_BAD_PARAMETERS) \ - TEE_Panic(0); \ -} while (0) - -TEE_Result TEE_SEServiceOpen( - TEE_SEServiceHandle *seServiceHandle) -{ - TEE_Result ret; - uint32_t s; - - if (seServiceHandle == NULL) - TEE_Panic(0); - - ret = utee_se_service_open(&s); - if (ret == TEE_SUCCESS) - *seServiceHandle = (TEE_SEServiceHandle)(uintptr_t)s; - return ret; -} - -void TEE_SEServiceClose( - TEE_SEServiceHandle seServiceHandle) -{ - TEE_Result ret; - - VERIFY_HANDLE(seServiceHandle, - utee_se_service_close((unsigned long)seServiceHandle)); - -} - -TEE_Result TEE_SEServiceGetReaders( - TEE_SEServiceHandle seServiceHandle, - TEE_SEReaderHandle *seReaderHandleList, - size_t *seReaderHandleListLen) -{ - TEE_Result ret = TEE_SUCCESS; - - if (seReaderHandleList == NULL || - seReaderHandleListLen == NULL) - TEE_Panic(0); - else { - uint64_t rl_len = *seReaderHandleListLen; - uint32_t rl[rl_len]; - size_t n; - - VERIFY_HANDLE(seServiceHandle, - utee_se_service_get_readers( - (unsigned long)seServiceHandle, rl, &rl_len)); - if (ret != TEE_SUCCESS) - return ret; - for (n = 0; n < rl_len; n++) - seReaderHandleList[n] = - (TEE_SEReaderHandle)(uintptr_t)rl[n]; - *seReaderHandleListLen = rl_len; - } - return ret; -} - -void TEE_SEReaderGetProperties(TEE_SEReaderHandle seReaderHandle, - TEE_SEReaderProperties *readerProperties) -{ - TEE_Result ret; - uint32_t prop; - - VERIFY_HANDLE(seReaderHandle, - utee_se_reader_get_prop((unsigned long)seReaderHandle, &prop)); - - readerProperties->sePresent = !!(prop & UTEE_SE_READER_PRESENT); - readerProperties->teeOnly = !!(prop & UTEE_SE_READER_TEE_ONLY); - readerProperties->selectResponseEnable = - !!(prop & UTEE_SE_READER_SELECT_RESPONE_ENABLE); -} - -TEE_Result TEE_SEReaderGetName(TEE_SEReaderHandle seReaderHandle, - char *readerName, size_t *readerNameLen) -{ - TEE_Result ret; - uint64_t nl; - - if (readerName == NULL || readerNameLen == NULL || - *readerNameLen == 0) - TEE_Panic(0); - - nl = *readerNameLen; - VERIFY_HANDLE(seReaderHandle, - utee_se_reader_get_name((unsigned long)seReaderHandle, - readerName, &nl)); - *readerNameLen = nl; - - return ret; -} - -TEE_Result TEE_SEReaderOpenSession(TEE_SEReaderHandle seReaderHandle, - TEE_SESessionHandle *seSessionHandle) -{ - TEE_Result ret; - uint32_t s; - - if (seSessionHandle == NULL) - TEE_Panic(0); - - VERIFY_HANDLE(seReaderHandle, - utee_se_reader_open_session((unsigned long)seReaderHandle, &s)); - if (ret == TEE_SUCCESS) - *seSessionHandle = (TEE_SESessionHandle)(uintptr_t)s; - return ret; -} - - -void TEE_SEReaderCloseSessions( - TEE_SEReaderHandle seReaderHandle) -{ - TEE_Result ret; - - VERIFY_HANDLE(seReaderHandle, - utee_se_reader_close_sessions((unsigned long)seReaderHandle)); -} - -TEE_Result TEE_SESessionGetATR(TEE_SESessionHandle seSessionHandle, - void *atr, size_t *atrLen) -{ - TEE_Result ret; - uint64_t al; - - if (atr == NULL || atrLen == NULL || *atrLen == 0) - TEE_Panic(0); - - al = *atrLen; - VERIFY_HANDLE(seSessionHandle, - utee_se_session_get_atr((unsigned long)seSessionHandle, - atr, &al)); - *atrLen = al; - return ret; -} - -TEE_Result TEE_SESessionIsClosed(TEE_SESessionHandle seSessionHandle) -{ - TEE_Result ret; - - VERIFY_HANDLE(seSessionHandle, - utee_se_session_is_closed((unsigned long)seSessionHandle)); - return ret; -} - -void TEE_SESessionClose(TEE_SESessionHandle seSessionHandle) -{ - TEE_Result ret; - - VERIFY_HANDLE(seSessionHandle, - utee_se_session_close((unsigned long)seSessionHandle)); -} - -TEE_Result TEE_SESessionOpenBasicChannel(TEE_SESessionHandle seSessionHandle, - TEE_SEAID *seAID, TEE_SEChannelHandle *seChannelHandle) -{ - TEE_Result ret; - uint32_t s; - const void *p = NULL; - size_t l = 0; - - if (seChannelHandle == NULL) - TEE_Panic(0); - - if (seAID) { - p = seAID->buffer; - l = seAID->bufferLen; - } - VERIFY_HANDLE(seSessionHandle, - utee_se_session_open_channel((unsigned long)seSessionHandle, - false, p, l, &s)); - if (ret == TEE_SUCCESS) - *seChannelHandle = (TEE_SEChannelHandle)(uintptr_t)s; - return ret; -} - -TEE_Result TEE_SESessionOpenLogicalChannel(TEE_SESessionHandle seSessionHandle, - TEE_SEAID *seAID, TEE_SEChannelHandle *seChannelHandle) -{ - TEE_Result ret; - uint32_t s; - const void *p = NULL; - size_t l = 0; - - if (seChannelHandle == NULL) - TEE_Panic(0); - - if (seAID) { - p = seAID->buffer; - l = seAID->bufferLen; - } - VERIFY_HANDLE(seSessionHandle, - utee_se_session_open_channel((unsigned long)seSessionHandle, - true, p, l, &s)); - if (ret == TEE_SUCCESS) - *seChannelHandle = (TEE_SEChannelHandle)(uintptr_t)s; - return ret; -} - -TEE_Result TEE_SEChannelSelectNext(TEE_SEChannelHandle seChannelHandle) -{ - TEE_Result ret; - - VERIFY_HANDLE(seChannelHandle, - utee_se_channel_select_next((unsigned long)seChannelHandle)); - return ret; -} - -TEE_Result TEE_SEChannelGetSelectResponse(TEE_SEChannelHandle seChannelHandle, - void *response, size_t *responseLen) -{ - TEE_Result ret; - uint64_t rl; - - if (!responseLen) - TEE_Panic(0); - - rl = *responseLen; - VERIFY_HANDLE(seChannelHandle, - utee_se_channel_get_select_resp((unsigned long)seChannelHandle, - response, &rl)); - if (ret == TEE_SUCCESS) - *responseLen = rl; - return ret; -} - -TEE_Result TEE_SEChannelTransmit(TEE_SEChannelHandle seChannelHandle, - void *command, size_t commandLen, - void *response, size_t *responseLen) -{ - TEE_Result ret; - uint64_t rl; - - if (!responseLen) - TEE_Panic(0); - - rl = *responseLen; - VERIFY_HANDLE(seChannelHandle, - utee_se_channel_transmit((unsigned long)seChannelHandle, - command, commandLen, response, &rl)); - if (ret == TEE_SUCCESS) - *responseLen = rl; - return ret; -} - -void TEE_SEChannelClose(TEE_SEChannelHandle seChannelHandle) -{ - TEE_Result ret; - - VERIFY_HANDLE(seChannelHandle, - utee_se_channel_close((unsigned long)seChannelHandle)); -} |