1 /*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TLOG_TAG "lib_hwaes_server"
18
19 #include <assert.h>
20 #include <lib/hwaes_server/hwaes_server.h>
21 #include <lib/tipc/tipc_srv.h>
22 #include <stdlib.h>
23 #include <sys/auxv.h>
24 #include <sys/mman.h>
25 #include <trusty/sys/mman.h>
26
27 #include <trusty_log.h>
28 #include <uapi/err.h>
29
30 #include <inttypes.h>
31
32 #define AUX_PAGE_SIZE() getauxval(AT_PAGESZ)
33
34 struct shm {
35 void* base;
36 size_t size;
37 int mmap_prot;
38 };
39
40 /**
41 * tipc_err_to_hwaes_err() - translates tipc/lk err to hwaes err value
42 * @tipc_err: tipc err value
43 *
44 * Returns: enum hwaes_err value
45 */
tipc_err_to_hwaes_err(int tipc_err)46 static enum hwaes_err tipc_err_to_hwaes_err(int tipc_err) {
47 switch (tipc_err) {
48 case NO_ERROR:
49 return HWAES_NO_ERROR;
50 case ERR_INVALID_ARGS:
51 return HWAES_ERR_INVALID_ARGS;
52 case ERR_IO:
53 return HWAES_ERR_IO;
54 case ERR_BAD_HANDLE:
55 return HWAES_ERR_BAD_HANDLE;
56 case ERR_NOT_IMPLEMENTED:
57 return HWAES_ERR_NOT_IMPLEMENTED;
58 default:
59 return HWAES_ERR_GENERIC;
60 }
61 }
62
63 /**
64 * int hwaes_send_resp() - send response to the client
65 * @chan: the channel handle.
66 * @buf: the pointer to the buffer to store the response.
67 * @buf_sz: the size of the buffer pointed by @buf parameter.
68 *
69 * Returns: NO_ERROR on success, negative error code on failure
70 */
hwaes_send_resp(handle_t chan,void * buf,size_t buf_sz)71 static int hwaes_send_resp(handle_t chan, void* buf, size_t buf_sz) {
72 struct hwaes_resp* resp_header = (struct hwaes_resp*)buf;
73 resp_header->cmd |= HWAES_RESP_BIT;
74
75 int rc = tipc_send1(chan, buf, buf_sz);
76 if ((size_t)rc != buf_sz) {
77 TLOGE("failed (%d) to send message. Expected to send %zu bytes.\n", rc,
78 buf_sz);
79 if (rc >= 0) {
80 rc = ERR_BAD_LEN;
81 }
82 return rc;
83 }
84 return NO_ERROR;
85 }
86
87 /**
88 * int hwaes_map_shm() - map the shared memories.
89 * @num: the number of shared memories.
90 * @handles: the array of shared memory handles.
91 * @shm_descs: the array of shared memory descriptors.
92 * @shms: the array of shared memories.
93 *
94 * Returns: NO_ERROR on success, negative error code on failure
95 */
hwaes_map_shm(size_t num,handle_t * handles,struct hwaes_shm_desc * shm_descs,struct shm * shms)96 static int hwaes_map_shm(size_t num,
97 handle_t* handles,
98 struct hwaes_shm_desc* shm_descs,
99 struct shm* shms) {
100 for (size_t i = 0; i < num; i++) {
101 if (shm_descs[i].reserved) {
102 TLOGE("bad shared memory descriptor, reserved not 0, (%d)\n",
103 shm_descs[i].reserved);
104 return ERR_IO;
105 }
106
107 if (~1U & shm_descs[i].write) {
108 TLOGE("the write flag (%u) of shared memory is invalid.\n",
109 shm_descs[i].write);
110 return ERR_IO;
111 }
112 int mmap_prot = PROT_READ;
113 if (shm_descs[i].write) {
114 mmap_prot |= PROT_WRITE;
115 }
116
117 uint64_t size64 = shm_descs[i].size;
118 if (size64 > SIZE_MAX) {
119 TLOGE("share memory size is larger than SIZE_MAX\n");
120 return ERR_INVALID_ARGS;
121 }
122
123 size_t size = size64;
124 if (size == 0 || size % AUX_PAGE_SIZE()) {
125 TLOGE("size (%zu) of shared memory is invalid.\n", size);
126 return ERR_INVALID_ARGS;
127 }
128
129 shms[i].base = mmap(0, shm_descs[i].size, mmap_prot, 0, handles[i], 0);
130 if (shms[i].base == MAP_FAILED) {
131 TLOGE("failed to mmap() shared memory for handle (%zu).\n", i);
132 return ERR_BAD_HANDLE;
133 }
134 shms[i].size = shm_descs[i].size;
135 shms[i].mmap_prot = mmap_prot;
136 }
137 return NO_ERROR;
138 }
139
140 /**
141 * void hwaes_unmap_shm() - unmap the shared memories.
142 * @num: the number of shared memories.
143 * @shms: the array of shared memories.
144 *
145 */
hwaes_unmap_shm(size_t num,struct shm * shms)146 static void hwaes_unmap_shm(size_t num, struct shm* shms) {
147 for (size_t i = 0; i < num; i++) {
148 if (shms[i].size) {
149 munmap(shms[i].base, shms[i].size);
150 }
151 }
152 }
153
154 /**
155 * int hwaes_set_arg_out() - set the output argument
156 * @data_desc_ptr: pointer to a data_desc.
157 * @mmap_prot: shared memory mmap flag required for the argument.
158 * @shms: the array of shared memories.
159 * @num_shms: the number of shared memories.
160 * @buf_start: the start of the buffer.
161 * @max_buf_sz: the maximum size of the buffer.
162 * @offset_ptr: pointer to the offset to the start of the buffer.
163 * @arg_ptr: pointer to the output argument.
164 *
165 * Returns: NO_ERROR on success, negative error code on failure
166 */
hwaes_set_arg_out(struct hwaes_data_desc * data_desc_ptr,int mmap_prot,struct shm * shms,size_t num_shms,uint8_t * buf_start,size_t max_buf_sz,size_t * offset_ptr,struct hwaes_arg_out * arg_ptr)167 static int hwaes_set_arg_out(struct hwaes_data_desc* data_desc_ptr,
168 int mmap_prot,
169 struct shm* shms,
170 size_t num_shms,
171 uint8_t* buf_start,
172 size_t max_buf_sz,
173 size_t* offset_ptr,
174 struct hwaes_arg_out* arg_ptr) {
175 if (data_desc_ptr->reserved) {
176 TLOGE("bad data descriptor, reserved not 0, (%d)\n",
177 data_desc_ptr->reserved);
178 return ERR_IO;
179 }
180
181 size_t offset = *offset_ptr;
182 if (data_desc_ptr->len) {
183 if (data_desc_ptr->len > SIZE_MAX) {
184 TLOGE("data length is larger than SIZE_MAX\n");
185 return ERR_INVALID_ARGS;
186 }
187 arg_ptr->len = data_desc_ptr->len;
188 if (HWAES_INVALID_INDEX != data_desc_ptr->shm_idx) {
189 if (data_desc_ptr->shm_idx >= num_shms) {
190 TLOGE("invalid shared memory index\n");
191 return ERR_IO;
192 }
193 int shm_mmap_prot = shms[data_desc_ptr->shm_idx].mmap_prot;
194 if (~shm_mmap_prot & mmap_prot) {
195 TLOGE("invalid shared memory protect flag\n");
196 return ERR_IO;
197 }
198 size_t end_offset;
199 if (__builtin_add_overflow(data_desc_ptr->offset,
200 data_desc_ptr->len, &end_offset)) {
201 TLOGE("the calculation of end_offset overflows \n");
202 return ERR_INVALID_ARGS;
203 }
204 if (shms[data_desc_ptr->shm_idx].size < end_offset) {
205 TLOGE("data exceeds shared memory boundaries\n");
206 return ERR_INVALID_ARGS;
207 }
208 arg_ptr->data_ptr =
209 shms[data_desc_ptr->shm_idx].base + data_desc_ptr->offset;
210 } else {
211 if (offset != data_desc_ptr->offset) {
212 /* Some buffers may have buffer alignment requirements.
213 * For inlined buffers, the offsets should be adjusted
214 * on the client side to achieve the required alignment.
215 * If this has been done, the offset needs updating here
216 * also, read it from the descriptor (it should be
217 * not less than end of the previous entry, though).
218 */
219 if (data_desc_ptr->offset < offset) {
220 TLOGE("invalid descriptor offset (%" PRIu64 " < %zu)\n",
221 data_desc_ptr->offset, offset);
222 return ERR_INVALID_ARGS;
223 }
224 offset = data_desc_ptr->offset;
225 }
226
227 if (__builtin_add_overflow(offset, data_desc_ptr->len, &offset)) {
228 TLOGE("the calculation of offset overflows\n");
229 return ERR_INVALID_ARGS;
230 }
231 if (offset > max_buf_sz) {
232 TLOGE("offset (%zu) exceeds the maximum message size\n",
233 offset);
234 return ERR_INVALID_ARGS;
235 }
236 arg_ptr->data_ptr = buf_start + data_desc_ptr->offset;
237 *offset_ptr = offset;
238 }
239 }
240 return NO_ERROR;
241 }
242
hwaes_set_arg_in(struct hwaes_data_desc * data_desc_ptr,int mmap_prot,struct shm * shms,size_t num_shms,uint8_t * buf_start,size_t max_buf_sz,size_t * offset_ptr,struct hwaes_arg_in * arg)243 static int hwaes_set_arg_in(struct hwaes_data_desc* data_desc_ptr,
244 int mmap_prot,
245 struct shm* shms,
246 size_t num_shms,
247 uint8_t* buf_start,
248 size_t max_buf_sz,
249 size_t* offset_ptr,
250 struct hwaes_arg_in* arg) {
251 int rc;
252 struct hwaes_arg_out out_arg = {0};
253 rc = hwaes_set_arg_out(data_desc_ptr, mmap_prot, shms, num_shms, buf_start,
254 max_buf_sz, offset_ptr, &out_arg);
255 if (rc != NO_ERROR) {
256 return rc;
257 }
258 arg->data_ptr = out_arg.data_ptr;
259 arg->len = out_arg.len;
260 return NO_ERROR;
261 }
262
263 /**
264 * int hwaes_handle_aes_cmd() - handle request with HWAES_AES command
265 * @chan: the channel handle.
266 * @req_msg_buf: the request message buffer.
267 * @req_msg_size: the size of request message.
268 * @resp_msg_buf: the response message buffer.
269 * @shm_handles: the array of shared memory handles.
270 * @num_handles: the number of shared memory handles.
271 *
272 * Returns: NO_ERROR on success, negative error code on failure
273 */
hwaes_handle_aes_cmd(handle_t chan,uint8_t * req_msg_buf,size_t req_msg_size,uint8_t * resp_msg_buf,handle_t * shm_handles,size_t num_handles)274 static int hwaes_handle_aes_cmd(handle_t chan,
275 uint8_t* req_msg_buf,
276 size_t req_msg_size,
277 uint8_t* resp_msg_buf,
278 handle_t* shm_handles,
279 size_t num_handles) {
280 int rc;
281 struct shm shms[HWAES_MAX_NUM_HANDLES] = {0};
282
283 struct hwaes_req* req_header = (struct hwaes_req*)req_msg_buf;
284
285 struct hwaes_resp* resp_header = (struct hwaes_resp*)resp_msg_buf;
286 size_t resp_msg_size = sizeof(*resp_header);
287
288 struct hwaes_aes_req* cmd_header =
289 (struct hwaes_aes_req*)(req_msg_buf + sizeof(*req_header));
290
291 if (cmd_header->reserved) {
292 TLOGE("bad cmd header, reserved not 0, (%d)\n", cmd_header->reserved);
293 return ERR_NOT_VALID;
294 }
295
296 size_t header_num_handles = cmd_header->num_handles;
297
298 if (header_num_handles != num_handles) {
299 TLOGE("header specified num_handles(%zu) is not equal to the num_handles(%zu)\n",
300 header_num_handles, num_handles);
301 return ERR_NOT_VALID;
302 }
303
304 size_t req_header_size = sizeof(*req_header) + sizeof(*cmd_header) +
305 num_handles * sizeof(struct hwaes_shm_desc);
306
307 if (req_header_size > HWAES_MAX_MSG_SIZE) {
308 TLOGE("request header size (%zu) exceeds the maximum message size\n",
309 req_header_size);
310 return ERR_NOT_VALID;
311 }
312
313 struct hwaes_shm_desc* shm_descs =
314 (struct hwaes_shm_desc*)(req_msg_buf + sizeof(*req_header) +
315 sizeof(*cmd_header));
316
317 rc = hwaes_map_shm(num_handles, shm_handles, shm_descs, shms);
318 if (rc != NO_ERROR) {
319 TLOGE("failed to hwaes_map_shm()\n");
320 resp_header->result = tipc_err_to_hwaes_err(rc);
321 goto out;
322 }
323
324 struct hwaes_aes_op_args args = {
325 .key_type = cmd_header->key_type,
326 .padding = cmd_header->padding,
327 .mode = cmd_header->mode,
328 .encrypt = !!cmd_header->encrypt,
329 };
330
331 size_t req_offset = req_header_size;
332 size_t resp_offset = resp_msg_size;
333
334 rc = hwaes_set_arg_in(&cmd_header->key, PROT_READ, shms, num_handles,
335 req_msg_buf, req_msg_size, &req_offset, &args.key);
336 if (rc != NO_ERROR) {
337 TLOGE("failed to set key\n");
338 resp_header->result = tipc_err_to_hwaes_err(rc);
339 goto out;
340 }
341
342 rc = hwaes_set_arg_in(&cmd_header->iv, PROT_READ, shms, num_handles,
343 req_msg_buf, req_msg_size, &req_offset, &args.iv);
344 if (rc != NO_ERROR) {
345 TLOGE("failed to set iv\n");
346 resp_header->result = tipc_err_to_hwaes_err(rc);
347 goto out;
348 }
349
350 rc = hwaes_set_arg_in(&cmd_header->aad, PROT_READ, shms, num_handles,
351 req_msg_buf, req_msg_size, &req_offset, &args.aad);
352 if (rc != NO_ERROR) {
353 TLOGE("failed to set aad\n");
354 resp_header->result = tipc_err_to_hwaes_err(rc);
355 goto out;
356 }
357
358 rc = hwaes_set_arg_in(&cmd_header->text_in, PROT_READ, shms, num_handles,
359 req_msg_buf, req_msg_size, &req_offset,
360 &args.text_in);
361 if (rc != NO_ERROR) {
362 TLOGE("failed to set text_in\n");
363 resp_header->result = tipc_err_to_hwaes_err(rc);
364 goto out;
365 }
366
367 rc = hwaes_set_arg_in(&cmd_header->tag_in, PROT_READ, shms, num_handles,
368 req_msg_buf, req_msg_size, &req_offset, &args.tag_in);
369 if (rc != NO_ERROR) {
370 TLOGE("failed to set tag_in\n");
371 resp_header->result = tipc_err_to_hwaes_err(rc);
372 goto out;
373 }
374
375 rc = hwaes_set_arg_out(&cmd_header->text_out, PROT_READ | PROT_WRITE, shms,
376 num_handles, resp_msg_buf, HWAES_MAX_MSG_SIZE,
377 &resp_offset, &args.text_out);
378 if (rc != NO_ERROR) {
379 TLOGE("failed to set text_out\n");
380 resp_header->result = tipc_err_to_hwaes_err(rc);
381 goto out;
382 }
383
384 rc = hwaes_set_arg_out(&cmd_header->tag_out, PROT_READ | PROT_WRITE, shms,
385 num_handles, resp_msg_buf, HWAES_MAX_MSG_SIZE,
386 &resp_offset, &args.tag_out);
387 if (rc != NO_ERROR) {
388 TLOGE("failed to set tag_out\n");
389 resp_header->result = tipc_err_to_hwaes_err(rc);
390 goto out;
391 }
392
393 resp_header->result = hwaes_aes_op(&args);
394 if (resp_header->result == HWAES_NO_ERROR) {
395 resp_msg_size = resp_offset;
396 }
397
398 out:
399 rc = hwaes_send_resp(chan, resp_msg_buf, resp_msg_size);
400 hwaes_unmap_shm(cmd_header->num_handles, shms);
401 return rc;
402 }
403
404 /**
405 * int hwaes_read_req() - read the request from the client
406 * @chan: the channel handle.
407 * @buf: the pointer to the buffer to store the request.
408 * @shm_handles: the array of shared memory handles.
409 * @num_handles_ptr: pointer to the number of shared memory handles.
410 * @req_msg_size_ptr: pointer to the size of request message.
411 *
412 * Returns: NO_ERROR on success, negative error code on failure
413 */
hwaes_read_req(handle_t chan,void * buf,handle_t * shm_handles,size_t * num_handles_ptr,size_t * req_msg_size_ptr)414 static int hwaes_read_req(handle_t chan,
415 void* buf,
416 handle_t* shm_handles,
417 size_t* num_handles_ptr,
418 size_t* req_msg_size_ptr) {
419 int rc;
420 struct ipc_msg_info msg_inf;
421
422 rc = get_msg(chan, &msg_inf);
423 if (rc != NO_ERROR) {
424 TLOGE("failed (%d) to get_msg()\n", rc);
425 return rc;
426 }
427
428 if (msg_inf.len < sizeof(struct hwaes_req) ||
429 msg_inf.len > HWAES_MAX_MSG_SIZE) {
430 TLOGE("unexpected msg size: buffer too small or too big\n");
431 rc = ERR_BAD_LEN;
432 goto free_msg;
433 }
434
435 if (msg_inf.num_handles > HWAES_MAX_NUM_HANDLES) {
436 TLOGE("too many shared memory handles\n");
437 rc = ERR_BAD_LEN;
438 goto free_msg;
439 }
440
441 struct iovec iov = {
442 .iov_base = buf,
443 .iov_len = HWAES_MAX_MSG_SIZE,
444 };
445 struct ipc_msg ipc_msg = {
446 .iov = &iov,
447 .num_iov = 1,
448 .handles = shm_handles,
449 .num_handles = msg_inf.num_handles,
450 };
451
452 rc = read_msg(chan, msg_inf.id, 0, &ipc_msg);
453 if (rc < 0) {
454 TLOGE("failed (%d) to read_msg()\n", rc);
455 goto free_msg;
456 }
457 assert(rc == (int)msg_inf.len);
458
459 *req_msg_size_ptr = rc;
460 *num_handles_ptr = msg_inf.num_handles;
461 rc = NO_ERROR;
462
463 free_msg:
464 put_msg(chan, msg_inf.id);
465 return rc;
466 }
467
hwaes_on_message(const struct tipc_port * port,handle_t chan,void * ctx)468 static int hwaes_on_message(const struct tipc_port* port,
469 handle_t chan,
470 void* ctx) {
471 int rc;
472
473 handle_t shm_handles[HWAES_MAX_NUM_HANDLES];
474 size_t num_handles = 0;
475 size_t req_msg_size;
476
477 uint8_t* req_msg_buf = memalign(AUX_PAGE_SIZE(), HWAES_MAX_MSG_SIZE);
478 uint8_t* resp_msg_buf = memalign(AUX_PAGE_SIZE(), HWAES_MAX_MSG_SIZE);
479
480 if (req_msg_buf == 0 || resp_msg_buf == 0) {
481 TLOGE("failed to allocate memory for req/resp msg.\n");
482 rc = ERR_NO_MEMORY;
483 goto free_handles;
484 }
485
486 rc = hwaes_read_req(chan, req_msg_buf, shm_handles, &num_handles,
487 &req_msg_size);
488 if (rc != NO_ERROR) {
489 TLOGE("failed (%d) to hwaes_read_req()\n", rc);
490 num_handles = 0;
491 goto free_handles;
492 };
493
494 struct hwaes_req* req_header = (struct hwaes_req*)req_msg_buf;
495 if (req_header->reserved) {
496 TLOGE("bad general header, reserved not 0, (%d)\n",
497 req_header->reserved);
498 rc = ERR_NOT_VALID;
499 goto free_handles;
500 }
501
502 struct hwaes_resp* resp_header = (struct hwaes_resp*)resp_msg_buf;
503
504 resp_header->cmd = req_header->cmd;
505
506 /* handle it */
507 switch (req_header->cmd) {
508 case HWAES_AES:
509 rc = hwaes_handle_aes_cmd(chan, req_msg_buf, req_msg_size, resp_msg_buf,
510 shm_handles, num_handles);
511 break;
512
513 default:
514 TLOGE("unsupported request: %d\n", (int)req_header->cmd);
515 resp_header->result = HWAES_ERR_NOT_IMPLEMENTED;
516 rc = hwaes_send_resp(chan, resp_header, sizeof(*resp_header));
517 }
518
519 free_handles:
520 for (size_t i = 0; i < num_handles; i++) {
521 close(shm_handles[i]);
522 }
523
524 free(req_msg_buf);
525 free(resp_msg_buf);
526
527 return rc;
528 }
529
add_hwaes_service(struct tipc_hset * hset,const uuid_t ** allowed_clients,size_t allowed_clients_len)530 int add_hwaes_service(struct tipc_hset* hset,
531 const uuid_t** allowed_clients,
532 size_t allowed_clients_len) {
533 static struct tipc_port_acl acl = {
534 .flags = IPC_PORT_ALLOW_TA_CONNECT,
535 };
536 acl.uuid_num = allowed_clients_len;
537 acl.uuids = allowed_clients;
538
539 static struct tipc_port port = {
540 .name = HWAES_PORT,
541 .msg_max_size = HWAES_MAX_MSG_SIZE,
542 .msg_queue_len = 1,
543 .acl = &acl,
544 };
545 static struct tipc_srv_ops ops = {
546 .on_message = hwaes_on_message,
547 };
548 return tipc_add_service(hset, &port, 1, 2, &ops);
549 }
550