ivila commented on code in PR #177: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/177#discussion_r2024256798
########## examples/inter_ta-rs/ta/src/main.rs: ########## @@ -0,0 +1,123 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +#![no_std] +#![no_main] + +use optee_utee::{ + ta_close_session, ta_create, ta_destroy, ta_invoke_command, ta_open_session, trace_println, +}; +use optee_utee::{Error, ErrorKind, Parameters, Result, Uuid}; +use optee_utee::{TaSession, TeeParamMemref, TeeParamNone, TeeParamValue, TeeParameters}; +use optee_utee_sys as raw; +use proto::Command; + +const SYSTEM_PTA_UUID: &str = "3a2f8978-5dc0-11e8-9c2d-fa7ae01bbebc"; +const SYSTEM_PTA_CMD_DERIVE_TA_UNIQUE_KEY: u32 = 1; +const HELLO_WORLD_USER_TA_UUID: &str = "133af0ca-bdab-11eb-9130-43bf7873bf67"; Review Comment: Can we import the `proto` crate of `hello_world` instead of define them here? PS: [renaming-dependency](https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#renaming-dependencies-in-cargotoml) ########## examples/inter_ta-rs/ta/src/main.rs: ########## @@ -0,0 +1,123 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +#![no_std] +#![no_main] + +use optee_utee::{ + ta_close_session, ta_create, ta_destroy, ta_invoke_command, ta_open_session, trace_println, +}; +use optee_utee::{Error, ErrorKind, Parameters, Result, Uuid}; +use optee_utee::{TaSession, TeeParamMemref, TeeParamNone, TeeParamValue, TeeParameters}; +use optee_utee_sys as raw; +use proto::Command; + +const SYSTEM_PTA_UUID: &str = "3a2f8978-5dc0-11e8-9c2d-fa7ae01bbebc"; +const SYSTEM_PTA_CMD_DERIVE_TA_UNIQUE_KEY: u32 = 1; +const HELLO_WORLD_USER_TA_UUID: &str = "133af0ca-bdab-11eb-9130-43bf7873bf67"; +const HELLO_WORLD_USER_TA_CMD_INC_VALUE: u32 = 0; + +#[ta_create] +fn create() -> Result<()> { + trace_println!("[+] TA create"); + Ok(()) +} + +#[ta_open_session] +fn open_session(_params: &mut Parameters) -> Result<()> { + trace_println!("[+] TA open session"); + Ok(()) +} + +#[ta_close_session] +fn close_session() { + trace_println!("[+] TA close session"); +} + +#[ta_destroy] +fn destroy() { + trace_println!("[+] TA destroy"); +} + +fn test_invoke_system_pta() -> Result<()> { + let system_pta_uuid = + Uuid::parse_str(SYSTEM_PTA_UUID).map_err(|_| Error::from(ErrorKind::BadParameters))?; + let timeout = raw::TEE_TIMEOUT_INFINITE; + let mut session = TaSession::new(system_pta_uuid, timeout)?; + trace_println!("[+] TA open PTA session success"); + + let mut input: [u8; 32] = [0; 32]; + let mut output: [u8; 32] = [0; 32]; + + let param_in = TeeParamMemref::new_input(&mut input); Review Comment: Input might not be `mut` here. ########## optee-utee/src/ta_session.rs: ########## @@ -0,0 +1,108 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +use core::ptr; +use optee_utee_sys as raw; + +use crate::{Error, Result, TeeParam, TeeParameters, Uuid}; + +/// Represents a connection between a trusted application and another trusted application (can be user TA or pseudo TA). +pub struct TaSession { + raw: raw::TEE_TASessionHandle, +} + +impl TaSession { + /// Initializes a new TA Session. + pub fn new(uuid: Uuid, timeout: u32) -> Result<Self> { + // let mut raw_session = raw::TEE_HANDLE_NULL; + let mut raw_session: raw::TEE_TASessionHandle = ptr::null_mut(); + let mut err_origin: u32 = 0; + unsafe { Review Comment: I think `match unsafe { f() } { ...... }` is better. ########## examples/inter_ta-rs/ta/src/main.rs: ########## @@ -0,0 +1,123 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +#![no_std] +#![no_main] + +use optee_utee::{ + ta_close_session, ta_create, ta_destroy, ta_invoke_command, ta_open_session, trace_println, +}; +use optee_utee::{Error, ErrorKind, Parameters, Result, Uuid}; +use optee_utee::{TaSession, TeeParamMemref, TeeParamNone, TeeParamValue, TeeParameters}; +use optee_utee_sys as raw; +use proto::Command; + +const SYSTEM_PTA_UUID: &str = "3a2f8978-5dc0-11e8-9c2d-fa7ae01bbebc"; +const SYSTEM_PTA_CMD_DERIVE_TA_UNIQUE_KEY: u32 = 1; +const HELLO_WORLD_USER_TA_UUID: &str = "133af0ca-bdab-11eb-9130-43bf7873bf67"; +const HELLO_WORLD_USER_TA_CMD_INC_VALUE: u32 = 0; + +#[ta_create] +fn create() -> Result<()> { + trace_println!("[+] TA create"); + Ok(()) +} + +#[ta_open_session] +fn open_session(_params: &mut Parameters) -> Result<()> { + trace_println!("[+] TA open session"); + Ok(()) +} + +#[ta_close_session] +fn close_session() { + trace_println!("[+] TA close session"); +} + +#[ta_destroy] +fn destroy() { + trace_println!("[+] TA destroy"); +} + +fn test_invoke_system_pta() -> Result<()> { + let system_pta_uuid = + Uuid::parse_str(SYSTEM_PTA_UUID).map_err(|_| Error::from(ErrorKind::BadParameters))?; + let timeout = raw::TEE_TIMEOUT_INFINITE; + let mut session = TaSession::new(system_pta_uuid, timeout)?; + trace_println!("[+] TA open PTA session success"); + + let mut input: [u8; 32] = [0; 32]; + let mut output: [u8; 32] = [0; 32]; + + let param_in = TeeParamMemref::new_input(&mut input); + let param_out = TeeParamMemref::new_output(&mut output); + + let mut parameters = TeeParameters::new(param_in, param_out, TeeParamNone, TeeParamNone); + + session.invoke_command( + timeout, + SYSTEM_PTA_CMD_DERIVE_TA_UNIQUE_KEY, + &mut parameters, + )?; + + let output = parameters.parameters().1.buffer().to_vec(); Review Comment: Do we need to convert them to vectors, or can we just use slice comparison here? Or even further, just `slice.iter().all(|&x| x == 0)` to check if all zeroes in the slice. ########## examples/inter_ta-rs/ta/src/main.rs: ########## @@ -0,0 +1,123 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +#![no_std] +#![no_main] + +use optee_utee::{ + ta_close_session, ta_create, ta_destroy, ta_invoke_command, ta_open_session, trace_println, +}; +use optee_utee::{Error, ErrorKind, Parameters, Result, Uuid}; +use optee_utee::{TaSession, TeeParamMemref, TeeParamNone, TeeParamValue, TeeParameters}; +use optee_utee_sys as raw; +use proto::Command; + +const SYSTEM_PTA_UUID: &str = "3a2f8978-5dc0-11e8-9c2d-fa7ae01bbebc"; +const SYSTEM_PTA_CMD_DERIVE_TA_UNIQUE_KEY: u32 = 1; +const HELLO_WORLD_USER_TA_UUID: &str = "133af0ca-bdab-11eb-9130-43bf7873bf67"; +const HELLO_WORLD_USER_TA_CMD_INC_VALUE: u32 = 0; + +#[ta_create] +fn create() -> Result<()> { + trace_println!("[+] TA create"); + Ok(()) +} + +#[ta_open_session] +fn open_session(_params: &mut Parameters) -> Result<()> { + trace_println!("[+] TA open session"); + Ok(()) +} + +#[ta_close_session] +fn close_session() { + trace_println!("[+] TA close session"); +} + +#[ta_destroy] +fn destroy() { + trace_println!("[+] TA destroy"); +} + +fn test_invoke_system_pta() -> Result<()> { + let system_pta_uuid = + Uuid::parse_str(SYSTEM_PTA_UUID).map_err(|_| Error::from(ErrorKind::BadParameters))?; + let timeout = raw::TEE_TIMEOUT_INFINITE; + let mut session = TaSession::new(system_pta_uuid, timeout)?; + trace_println!("[+] TA open PTA session success"); + + let mut input: [u8; 32] = [0; 32]; + let mut output: [u8; 32] = [0; 32]; + + let param_in = TeeParamMemref::new_input(&mut input); + let param_out = TeeParamMemref::new_output(&mut output); + + let mut parameters = TeeParameters::new(param_in, param_out, TeeParamNone, TeeParamNone); + + session.invoke_command( + timeout, + SYSTEM_PTA_CMD_DERIVE_TA_UNIQUE_KEY, + &mut parameters, + )?; + + let output = parameters.parameters().1.buffer().to_vec(); + if output == [0; 32].to_vec() { + return Err(Error::new(ErrorKind::Generic)); + } + trace_println!("[+] TA invoke PTA command success, output: {:?}", output); + + Ok(()) +} + +fn test_invoke_hello_world_user_ta() -> Result<()> { + let hello_world_user_ta_uuid = Uuid::parse_str(HELLO_WORLD_USER_TA_UUID) + .map_err(|_| Error::from(ErrorKind::BadParameters))?; + let timeout = raw::TEE_TIMEOUT_INFINITE; + let mut session = TaSession::new(hello_world_user_ta_uuid, timeout)?; + trace_println!("[+] TA open user TA session success"); + + let param_inout = TeeParamValue::new_inout(29, 0); + let mut parameters = TeeParameters::new(param_inout, TeeParamNone, TeeParamNone, TeeParamNone); + + session.invoke_command(timeout, HELLO_WORLD_USER_TA_CMD_INC_VALUE, &mut parameters)?; + + let output = parameters.parameters().0.a(); + if output != 129 { + return Err(Error::new(ErrorKind::Generic)); + } + trace_println!("[+] TA invoke user TA command success",); + + Ok(()) +} + +#[ta_invoke_command] +fn invoke_command(cmd_id: u32, _params: &mut Parameters) -> Result<()> { + trace_println!("[+] TA invoke command"); + match Command::from(cmd_id) { + Command::Test => { + test_invoke_system_pta()?; + test_invoke_hello_world_user_ta()?; + trace_println!("[+] Test passed"); + Ok(()) + } + _ => { + return Err(Error::new(ErrorKind::NotSupported)); Review Comment: Can remove the `return` keyword here. ########## optee-utee/src/ta_session.rs: ########## @@ -0,0 +1,108 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +use core::ptr; +use optee_utee_sys as raw; + +use crate::{Error, Result, TeeParam, TeeParameters, Uuid}; + +/// Represents a connection between a trusted application and another trusted application (can be user TA or pseudo TA). +pub struct TaSession { + raw: raw::TEE_TASessionHandle, Review Comment: Maybe in `TeeParameters`? ########## optee-utee/src/ta_session.rs: ########## @@ -0,0 +1,108 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +use core::ptr; +use optee_utee_sys as raw; + +use crate::{Error, Result, TeeParam, TeeParameters, Uuid}; + +/// Represents a connection between a trusted application and another trusted application (can be user TA or pseudo TA). +pub struct TaSession { + raw: raw::TEE_TASessionHandle, +} + +impl TaSession { + /// Initializes a new TA Session. + pub fn new(uuid: Uuid, timeout: u32) -> Result<Self> { + // let mut raw_session = raw::TEE_HANDLE_NULL; + let mut raw_session: raw::TEE_TASessionHandle = ptr::null_mut(); + let mut err_origin: u32 = 0; + unsafe { + match raw::TEE_OpenTASession( + uuid.as_raw_ptr(), + timeout, + 0, + core::ptr::null_mut(), + &mut raw_session, + &mut err_origin, + ) { + raw::TEE_SUCCESS => Ok(Self { raw: raw_session }), + code => Err(Error::from_raw_error(code)), + } + } + } + + /// Initializes a new TA Session with parameters. + pub fn new_with_params<A: TeeParam, B: TeeParam, C: TeeParam, D: TeeParam>( + uuid: Uuid, + timeout: u32, + params: &mut TeeParameters<A, B, C, D>, + ) -> Result<Self> { + let mut raw_session: raw::TEE_TASessionHandle = ptr::null_mut(); + let mut err_origin: u32 = 0; + unsafe { Review Comment: Same as line 34 ########## optee-utee/src/ta_session.rs: ########## @@ -0,0 +1,108 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +use core::ptr; +use optee_utee_sys as raw; + +use crate::{Error, Result, TeeParam, TeeParameters, Uuid}; + +/// Represents a connection between a trusted application and another trusted application (can be user TA or pseudo TA). +pub struct TaSession { + raw: raw::TEE_TASessionHandle, +} + +impl TaSession { + /// Initializes a new TA Session. + pub fn new(uuid: Uuid, timeout: u32) -> Result<Self> { + // let mut raw_session = raw::TEE_HANDLE_NULL; + let mut raw_session: raw::TEE_TASessionHandle = ptr::null_mut(); + let mut err_origin: u32 = 0; + unsafe { + match raw::TEE_OpenTASession( + uuid.as_raw_ptr(), + timeout, + 0, + core::ptr::null_mut(), + &mut raw_session, + &mut err_origin, + ) { + raw::TEE_SUCCESS => Ok(Self { raw: raw_session }), + code => Err(Error::from_raw_error(code)), + } + } + } + + /// Initializes a new TA Session with parameters. + pub fn new_with_params<A: TeeParam, B: TeeParam, C: TeeParam, D: TeeParam>( + uuid: Uuid, + timeout: u32, + params: &mut TeeParameters<A, B, C, D>, + ) -> Result<Self> { + let mut raw_session: raw::TEE_TASessionHandle = ptr::null_mut(); + let mut err_origin: u32 = 0; + unsafe { + match raw::TEE_OpenTASession( + uuid.as_raw_ptr(), + timeout, + params.raw_param_types(), + params.raw().as_mut_ptr(), + &mut raw_session, + &mut err_origin, + ) { + raw::TEE_SUCCESS => Ok(Self { raw: raw_session }), + code => Err(Error::from_raw_error(code)), + } + } + } + + /// Converts a TA Session to a raw pointer. + pub fn as_mut_raw_ptr(&mut self) -> *mut raw::TEE_TASessionHandle { Review Comment: Can we just make it `pub(crate)`? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
