Merge pull request #9097 from valeriosetti/moving-psasim

[crypto_client_test] Moving psasim from the framework repo to the mbedtls one
This commit is contained in:
Tom Cosgrove 2024-05-05 16:10:39 +00:00 committed by GitHub
commit 4491ceafd9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
21 changed files with 2091 additions and 0 deletions

View File

@ -0,0 +1,6 @@
### PSA Crypto Client-Server Testing
Everything in this directory should currently be considered experimental. We are adding features and extending CI support for it.
Once stable, of production quality, and being tested by the CI, it will eventually be migrated into
the [MbedTLS framework repository](https://github.com/Mbed-TLS/mbedtls-framework).

View File

@ -0,0 +1,12 @@
bin/*
*.o
*.so
test/psa_ff_bootstrap.c
test/psa_manifest/*
test/client
test/partition
cscope.out
*.orig
*.swp
*.DS_Store
*psa_ff_bootstrap_*

View File

@ -0,0 +1,23 @@
CFLAGS ?= -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L
ifeq ($(DEBUG),1)
CFLAGS += -DDEBUG -O0 -g
endif
.PHONY: all lib test run
all: lib test
lib:
$(MAKE) -C src CFLAGS="$(CFLAGS)"
test: lib
$(MAKE) -C test CFLAGS="$(CFLAGS)"
clean:
rm -f $(PSA_LIB) $(PSA_LIB_OBJS)
$(MAKE) -C test clean
$(MAKE) -C src clean
run: test
cd test && ./run_test.sh

View File

@ -0,0 +1,61 @@
# psasim
This tool simulates a PSA Firmware Framework implementation.
It allows you to develop secure partitions and their clients on a desktop computer.
It should be able to run on all systems that support POSIX and System V IPC:
e.g. macOS, Linux, FreeBSD, and perhaps Windows 10 WSL2.
Please note that the code in this directory is maintained by the Mbed TLS / PSA Crypto project solely for the purpose of testing the use of Mbed TLS with client/service separation. We do not recommend using this code for any other purpose. In particular:
* This simulator is not intended to pass or demonstrate compliance.
* This code is only intended for simulation and does not have any security goals. It does not isolate services from clients.
## Building
To build and run the test program make sure you have `make`, `python` and a
C compiler installed and then enter the following commands:
```sh
make run
```
Optionally the `DEBUG=1` command line option can be enabled to increase verbosity:
```sh
make DEBUG=1 run
```
Once done with the test, it is possible to clean all the generated files with:
```sh
make clean
```
## Features
The implemented API is intended to be compliant with PSA-FF 1.0.0 with the exception of a couple of things that are a work in progress:
* `psa_notify` support
* "strict" policy in manifest
The only supported "interrupts" are POSIX signals, which act
as a "virtual interrupt".
The standard PSA RoT APIs are not included (e.g. cryptography, attestation, lifecycle etc).
## Design
The code is designed to be readable rather than fast or secure.
In this implementation only one message is delivered to a
RoT service at a time.
The code is not thread-safe.
## Unsupported features
Because this is a simulator there are a few things that
can't be reasonably emulated:
* Manifest MMIO regions are unsupported
* Manifest priority field is ignored
* Partition IDs are in fact POSIX `pid_t`, which are only assigned at runtime,
making it infeasible to populate pid.h with correct values.

View File

@ -0,0 +1,73 @@
/* PSA Firmware Framework client header for psasim. */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef __PSA_CLIENT_H__
#define __PSA_CLIENT_H__
#ifdef __cplusplus
extern "C" {
#endif
#include <stdint.h>
#include <stddef.h>
#include "psa/error.h"
/*********************** PSA Client Macros and Types *************************/
#define PSA_FRAMEWORK_VERSION (0x0100)
#define PSA_VERSION_NONE (0)
/* PSA response types */
#define PSA_CONNECTION_REFUSED PSA_ERROR_CONNECTION_REFUSED
#define PSA_CONNECTION_BUSY PSA_ERROR_CONNECTION_BUSY
#define PSA_DROP_CONNECTION PSA_ERROR_PROGRAMMER_ERROR
/* PSA message handles */
#define PSA_NULL_HANDLE ((psa_handle_t) 0)
#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t) (handle) > 0)
#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t) (handle))
/**
* A read-only input memory region provided to an RoT Service.
*/
typedef struct psa_invec {
const void *base;
size_t len;
} psa_invec;
/**
* A writable output memory region provided to an RoT Service.
*/
typedef struct psa_outvec {
void *base;
size_t len;
} psa_outvec;
/*************************** PSA Client API **********************************/
uint32_t psa_framework_version(void);
uint32_t psa_version(uint32_t sid);
psa_handle_t psa_connect(uint32_t sid, uint32_t version);
psa_status_t psa_call(psa_handle_t handle,
int32_t type,
const psa_invec *in_vec,
size_t in_len,
psa_outvec *out_vec,
size_t out_len);
void psa_close(psa_handle_t handle);
#ifdef __cplusplus
}
#endif
#endif /* __PSA_CLIENT_H__ */

View File

@ -0,0 +1,53 @@
/* Common definitions used for clients and services */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef _COMMON_H_
#define _COMMON_H_
#include <stdint.h>
#include <stddef.h>
/* Increasing this might break on some platforms */
#define MAX_FRAGMENT_SIZE 200
#define CONNECT_REQUEST 1
#define CALL_REQUEST 2
#define CLOSE_REQUEST 3
#define VERSION_REQUEST 4
#define READ_REQUEST 5
#define READ_RESPONSE 6
#define WRITE_REQUEST 7
#define WRITE_RESPONSE 8
#define SKIP_REQUEST 9
#define PSA_REPLY 10
#define NON_SECURE (1 << 30)
typedef int32_t psa_status_t;
typedef int32_t psa_handle_t;
#define PSA_MAX_IOVEC (4u)
#define PSA_IPC_CALL (0)
struct message_text {
int qid;
int32_t psa_type;
char buf[MAX_FRAGMENT_SIZE];
};
struct message {
long message_type;
struct message_text message_text;
};
typedef struct vector_sizes {
size_t invec_sizes[PSA_MAX_IOVEC];
size_t outvec_sizes[PSA_MAX_IOVEC];
} vector_sizes_t;
#endif /* _COMMON_H_ */

View File

@ -0,0 +1,38 @@
/* PSA status codes used by psasim. */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_ERROR_H
#define PSA_ERROR_H
#include <stdint.h>
#include "psa/common.h"
#define PSA_SUCCESS ((psa_status_t) 0)
#define PSA_ERROR_PROGRAMMER_ERROR ((psa_status_t) -129)
#define PSA_ERROR_CONNECTION_REFUSED ((psa_status_t) -130)
#define PSA_ERROR_CONNECTION_BUSY ((psa_status_t) -131)
#define PSA_ERROR_GENERIC_ERROR ((psa_status_t) -132)
#define PSA_ERROR_NOT_PERMITTED ((psa_status_t) -133)
#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t) -134)
#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t) -135)
#define PSA_ERROR_INVALID_HANDLE ((psa_status_t) -136)
#define PSA_ERROR_BAD_STATE ((psa_status_t) -137)
#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t) -138)
#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t) -139)
#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t) -140)
#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t) -141)
#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t) -142)
#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t) -143)
#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t) -144)
#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t) -145)
#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t) -146)
#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t) -147)
#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t) -149)
#endif

View File

@ -0,0 +1,17 @@
/* PSA lifecycle states used by psasim. */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define PSA_LIFECYCLE_PSA_STATE_MASK (0xff00u)
#define PSA_LIFECYCLE_IMP_STATE_MASK (0x00ffu)
#define PSA_LIFECYCLE_UNKNOWN (0x0000u)
#define PSA_LIFECYCLE_ASSEMBLY_AND_TEST (0x1000u)
#define PSA_LIFECYCLE_PSA_ROT_PROVISIONING (0x2000u)
#define PSA_LIFECYCLE_SECURED (0x3000u)
#define PSA_LIFECYCLE_NON_PSA_ROT_DEBUG (0x4000u)
#define PSA_LIFECYCLE_RECOVERABLE_PSA_ROT_DEBUG (0x5000u)
#define PSA_LIFECYCLE_DECOMMISSIONED (0x6000u)
#define psa_rot_lifecycle_state(void) PSA_LIFECYCLE_UNKNOWN

View File

@ -0,0 +1,251 @@
/* PSA Firmware Framework service header for psasim. */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef __PSA_SERVICE_H__
#define __PSA_SERVICE_H__
#ifdef __cplusplus
extern "C" {
#endif
#include <stdlib.h>
#include <stdint.h>
#include <stddef.h>
#include "psa/common.h"
/********************** PSA Secure Partition Macros and Types ****************/
/* PSA wait timeouts */
#define PSA_POLL (0x00000000u)
#define PSA_BLOCK (0x80000000u)
/* A mask value that includes all Secure Partition signals */
#define PSA_WAIT_ANY (~0u)
/* Doorbell signal */
#define PSA_DOORBELL (0x00000008u)
/* PSA message types */
#define PSA_IPC_CONNECT (-1)
#define PSA_IPC_DISCONNECT (-2)
/* Return code from psa_get() */
#define PSA_ERR_NOMSG (INT32_MIN + 3)
/* Store a set of one or more Secure Partition signals */
typedef uint32_t psa_signal_t;
/**
* Describe a message received by an RoT Service after calling \ref psa_get().
*/
typedef struct psa_msg_t {
uint32_t type; /* One of the following values:
* \ref PSA_IPC_CONNECT
* \ref PSA_IPC_CALL
* \ref PSA_IPC_DISCONNECT
*/
psa_handle_t handle; /* A reference generated by the SPM to the
* message returned by psa_get().
*/
int32_t client_id; /* Partition ID of the sender of the message */
void *rhandle; /* Be useful for binding a connection to some
* application-specific data or function
* pointer within the RoT Service
* implementation.
*/
size_t in_size[PSA_MAX_IOVEC]; /* Provide the size of each client input
* vector in bytes.
*/
size_t out_size[PSA_MAX_IOVEC];/* Provide the size of each client output
* vector in bytes.
*/
} psa_msg_t;
/************************* PSA Secure Partition API **************************/
/**
* \brief Return the Secure Partition interrupt signals that have been asserted
* from a subset of signals provided by the caller.
*
* \param[in] signal_mask A set of signals to query. Signals that are not
* in this set will be ignored.
* \param[in] timeout Specify either blocking \ref PSA_BLOCK or
* polling \ref PSA_POLL operation.
*
* \retval >0 At least one signal is asserted.
* \retval 0 No signals are asserted. This is only seen when
* a polling timeout is used.
*/
psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout);
/**
* \brief Retrieve the message which corresponds to a given RoT Service signal
* and remove the message from the RoT Service queue.
*
* \param[in] signal The signal value for an asserted RoT Service.
* \param[out] msg Pointer to \ref psa_msg_t object for receiving
* the message.
*
* \retval PSA_SUCCESS Success, *msg will contain the delivered
* message.
* \retval PSA_ERR_NOMSG Message could not be delivered.
* \retval "Does not return" The call is invalid because one or more of the
* following are true:
* \arg signal has more than a single bit set.
* \arg signal does not correspond to an RoT Service.
* \arg The RoT Service signal is not currently
* asserted.
* \arg The msg pointer provided is not a valid memory
* reference.
*/
psa_status_t psa_get(psa_signal_t signal, psa_msg_t *msg);
/**
* \brief Associate some RoT Service private data with a client connection.
*
* \param[in] msg_handle Handle for the client's message.
* \param[in] rhandle Reverse handle allocated by the RoT Service.
*
* \retval void Success, rhandle will be provided with all
* subsequent messages delivered on this
* connection.
* \retval "Does not return" msg_handle is invalid.
*/
void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle);
/**
* \brief Read a message parameter or part of a message parameter from a client
* input vector.
*
* \param[in] msg_handle Handle for the client's message.
* \param[in] invec_idx Index of the input vector to read from. Must be
* less than \ref PSA_MAX_IOVEC.
* \param[out] buffer Buffer in the Secure Partition to copy the
* requested data to.
* \param[in] num_bytes Maximum number of bytes to be read from the
* client input vector.
*
* \retval >0 Number of bytes copied.
* \retval 0 There was no remaining data in this input
* vector.
* \retval "Does not return" The call is invalid, one or more of the
* following are true:
* \arg msg_handle is invalid.
* \arg msg_handle does not refer to a
* \ref PSA_IPC_CALL message.
* \arg invec_idx is equal to or greater than
* \ref PSA_MAX_IOVEC.
* \arg the memory reference for buffer is invalid or
* not writable.
*/
size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx,
void *buffer, size_t num_bytes);
/**
* \brief Skip over part of a client input vector.
*
* \param[in] msg_handle Handle for the client's message.
* \param[in] invec_idx Index of input vector to skip from. Must be
* less than \ref PSA_MAX_IOVEC.
* \param[in] num_bytes Maximum number of bytes to skip in the client
* input vector.
*
* \retval >0 Number of bytes skipped.
* \retval 0 There was no remaining data in this input
* vector.
* \retval "Does not return" The call is invalid, one or more of the
* following are true:
* \arg msg_handle is invalid.
* \arg msg_handle does not refer to a
* \ref PSA_IPC_CALL message.
* \arg invec_idx is equal to or greater than
* \ref PSA_MAX_IOVEC.
*/
size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes);
/**
* \brief Write a message response to a client output vector.
*
* \param[in] msg_handle Handle for the client's message.
* \param[out] outvec_idx Index of output vector in message to write to.
* Must be less than \ref PSA_MAX_IOVEC.
* \param[in] buffer Buffer with the data to write.
* \param[in] num_bytes Number of bytes to write to the client output
* vector.
*
* \retval void Success
* \retval "Does not return" The call is invalid, one or more of the
* following are true:
* \arg msg_handle is invalid.
* \arg msg_handle does not refer to a
* \ref PSA_IPC_CALL message.
* \arg outvec_idx is equal to or greater than
* \ref PSA_MAX_IOVEC.
* \arg The memory reference for buffer is invalid.
* \arg The call attempts to write data past the end
* of the client output vector.
*/
void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx,
const void *buffer, size_t num_bytes);
/**
* \brief Complete handling of a specific message and unblock the client.
*
* \param[in] msg_handle Handle for the client's message.
* \param[in] status Message result value to be reported to the
* client.
*
* \retval void Success.
* \retval "Does not return" The call is invalid, one or more of the
* following are true:
* \arg msg_handle is invalid.
* \arg An invalid status code is specified for the
* type of message.
*/
void psa_reply(psa_handle_t msg_handle, psa_status_t status);
/**
* \brief Send a PSA_DOORBELL signal to a specific Secure Partition.
*
* \param[in] partition_id Secure Partition ID of the target partition.
*
* \retval void Success.
* \retval "Does not return" partition_id does not correspond to a Secure
* Partition.
*/
void psa_notify(int32_t partition_id);
/**
* \brief Clear the PSA_DOORBELL signal.
*
* \retval void Success.
* \retval "Does not return" The Secure Partition's doorbell signal is not
* currently asserted.
*/
void psa_clear(void);
/**
* \brief Inform the SPM that an interrupt has been handled (end of interrupt).
*
* \param[in] irq_signal The interrupt signal that has been processed.
*
* \retval void Success.
* \retval "Does not return" The call is invalid, one or more of the
* following are true:
* \arg irq_signal is not an interrupt signal.
* \arg irq_signal indicates more than one signal.
* \arg irq_signal is not currently asserted.
*/
void psa_eoi(psa_signal_t irq_signal);
#define psa_panic(X) abort();
#ifdef __cplusplus
}
#endif
#endif /* __PSA_SERVICE_H__ */

View File

@ -0,0 +1,33 @@
/* Common definitions used for clients and services */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "psa/service.h"
#define PRINT(fmt, ...) \
fprintf(stdout, fmt "\n", ##__VA_ARGS__)
#if defined(DEBUG)
#define INFO(fmt, ...) \
fprintf(stdout, "Info (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__)
#define ERROR(fmt, ...) \
fprintf(stdout, "Error (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__)
#define FATAL(fmt, ...) \
{ \
fprintf(stdout, "Fatal (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__); \
abort(); \
}
#else /* DEBUG */
#define INFO(...)
#define ERROR(...)
#define FATAL(...)
#endif /* DEBUG*/
#define PROJECT_ID 'M'
#define PATHNAMESIZE 256
#define TMP_FILE_BASE_PATH "./"

View File

@ -0,0 +1,15 @@
/* Declarations of internal functions. */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <stdint.h>
#include <psa/service.h>
void raise_signal(psa_signal_t signal);
void __init_psasim(const char **array,
int size,
const int allow_ns_clients_array[32],
const uint32_t versions[32],
const int strict_policy_array[32]);

View File

@ -0,0 +1,17 @@
INCLUDE = -I../include/
PSA_LIB = libpsaff.a
PSA_LIB_OBJS = client.o service.o
.PHONY: all lib
all: $(PSA_LIB)
%.o: %.c
$(CC) $(INCLUDE) $(CFLAGS) -c $< -o $@
$(PSA_LIB): $(PSA_LIB_OBJS)
$(AR) rcs $(PSA_LIB) client.o service.o
clean:
rm -f $(PSA_LIB) $(PSA_LIB_OBJS)

View File

@ -0,0 +1,392 @@
/* PSA firmware framework client API */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <stdint.h>
#include <stdlib.h>
#include <stddef.h>
#include <assert.h>
#include <stdio.h>
#include <string.h>
#include <strings.h>
#include <inttypes.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/msg.h>
#include "psa/client.h"
#include "psa/common.h"
#include "psa/error.h"
#include "psa/util.h"
typedef struct internal_handle {
int server_qid;
int client_qid;
int internal_server_qid;
int valid;
} internal_handle_t;
typedef struct vectors {
const psa_invec *in_vec;
size_t in_len;
psa_outvec *out_vec;
size_t out_len;
} vectors_t;
/* Note that this implementation is functional and not secure */
int __psa_ff_client_security_state = NON_SECURE;
/* Access to this global is not thread safe */
#define MAX_HANDLES 32
static internal_handle_t handles[MAX_HANDLES] = { { 0 } };
static int get_next_free_handle()
{
/* Never return handle 0 as it's a special null handle */
for (int i = 1; i < MAX_HANDLES; i++) {
if (handles[i].valid == 0) {
return i;
}
}
return -1;
}
static int handle_is_valid(psa_handle_t handle)
{
if (handle > 0 && handle < MAX_HANDLES) {
if (handles[handle].valid == 1) {
return 1;
}
}
ERROR("ERROR: Invalid handle");
return 0;
}
static int get_queue_info(char *path, int *cqid, int *sqid)
{
key_t server_queue_key;
int rx_qid, server_qid;
INFO("Attempting to contact a RoT service queue");
if ((rx_qid = msgget(IPC_PRIVATE, 0660)) == -1) {
ERROR("msgget: rx_qid");
return -1;
}
if ((server_queue_key = ftok(path, PROJECT_ID)) == -1) {
ERROR("ftok");
return -2;
}
if ((server_qid = msgget(server_queue_key, 0)) == -1) {
ERROR("msgget: server_qid");
return -3;
}
*cqid = rx_qid;
*sqid = server_qid;
return 0;
}
static psa_status_t process_response(int rx_qid, vectors_t *vecs, int type,
int *internal_server_qid)
{
struct message response, request;
psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED;
size_t invec_seek[4] = { 0 };
size_t data_size;
psa_status_t invec, outvec; /* TODO: Should these be size_t ? */
assert(internal_server_qid > 0);
while (1) {
data_size = 0;
invec = 0;
outvec = 0;
// read response from server
if (msgrcv(rx_qid, &response, sizeof(struct message_text), 0, 0) == -1) {
ERROR(" msgrcv failed");
return ret;
}
// process return message from server
switch (response.message_type) {
case PSA_REPLY:
memcpy(&ret, response.message_text.buf, sizeof(psa_status_t));
INFO(" Message received from server: %d", ret);
if (type == PSA_IPC_CONNECT && ret > 0) {
*internal_server_qid = ret;
INFO(" ASSSIGNED q ID %d", *internal_server_qid);
ret = PSA_SUCCESS;
}
return ret;
break;
case READ_REQUEST:
/* read data request */
request.message_type = READ_RESPONSE;
assert(vecs != 0);
memcpy(&invec, response.message_text.buf, sizeof(psa_status_t));
memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t));
INFO(" Partition asked for %lu bytes from invec %d", data_size, invec);
/* need to add more checks here */
assert(invec >= 0 && invec < PSA_MAX_IOVEC);
if (data_size > MAX_FRAGMENT_SIZE) {
data_size = MAX_FRAGMENT_SIZE;
}
/* send response */
INFO(" invec_seek[invec] is %lu", invec_seek[invec]);
INFO(" Reading from offset %p", vecs->in_vec[invec].base + invec_seek[invec]);
memcpy(request.message_text.buf,
(vecs->in_vec[invec].base + invec_seek[invec]),
data_size);
/* update invec base TODO: check me */
invec_seek[invec] = invec_seek[invec] + data_size;
INFO(" Sending message of type %li", request.message_type);
INFO(" with content %s", request.message_text.buf);
if (msgsnd(*internal_server_qid, &request,
sizeof(int) + sizeof(uint32_t) + data_size, 0) == -1) {
ERROR("Internal error: failed to respond to read request");
}
break;
case WRITE_REQUEST:
assert(vecs != 0);
request.message_type = WRITE_RESPONSE;
memcpy(&outvec, response.message_text.buf, sizeof(psa_status_t));
memcpy(&data_size, response.message_text.buf + sizeof(size_t), sizeof(size_t));
INFO(" Partition wants to write %lu bytes to outvec %d", data_size, outvec);
assert(outvec >= 0 && outvec < PSA_MAX_IOVEC);
/* copy memory into message and send back amount written */
size_t sofar = vecs->out_vec[outvec].len;
memcpy(vecs->out_vec[outvec].base + sofar,
response.message_text.buf+(sizeof(size_t)*2), data_size);
INFO(" Data size is %lu", data_size);
vecs->out_vec[outvec].len += data_size;
INFO(" Sending message of type %li", request.message_type);
/* send response */
if (msgsnd(*internal_server_qid, &request, sizeof(int) + data_size, 0) == -1) {
ERROR("Internal error: failed to respond to write request");
}
break;
case SKIP_REQUEST:
memcpy(&invec, response.message_text.buf, sizeof(psa_status_t));
memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t));
INFO(" Partition asked to skip %lu bytes in invec %d", data_size, invec);
assert(invec >= 0 && invec < PSA_MAX_IOVEC);
/* update invec base TODO: check me */
invec_seek[invec] = invec_seek[invec] + data_size;
break;
default:
FATAL(" ERROR: unknown internal message type: %ld",
response.message_type);
return ret;
}
}
}
static psa_status_t send(int rx_qid, int server_qid, int *internal_server_qid,
int32_t type, uint32_t minor_version, vectors_t *vecs)
{
{
psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED;
size_t request_msg_size = (sizeof(int) + sizeof(long)); /* msg type plus queue id */
struct message request;
request.message_type = 1; /* TODO: change this */
request.message_text.psa_type = type;
vector_sizes_t vec_sizes;
/* If the client is non-secure then set the NS bit */
if (__psa_ff_client_security_state != 0) {
request.message_type |= NON_SECURE;
}
assert(request.message_type >= 0);
INFO("SEND: Sending message of type %ld with psa_type %d", request.message_type, type);
INFO(" internal_server_qid = %i", *internal_server_qid);
request.message_text.qid = rx_qid;
if (type == PSA_IPC_CONNECT) {
memcpy(request.message_text.buf, &minor_version, sizeof(minor_version));
request_msg_size = request_msg_size + sizeof(minor_version);
INFO(" Request msg size is %lu", request_msg_size);
} else {
assert(internal_server_qid > 0);
}
if (vecs != NULL && type >= PSA_IPC_CALL) {
memset(&vec_sizes, 0, sizeof(vec_sizes));
/* Copy invec sizes */
for (size_t i = 0; i < (vecs->in_len); i++) {
vec_sizes.invec_sizes[i] = vecs->in_vec[i].len;
INFO(" Client sending vector %lu: %lu", i, vec_sizes.invec_sizes[i]);
}
/* Copy outvec sizes */
for (size_t i = 0; i < (vecs->out_len); i++) {
vec_sizes.outvec_sizes[i] = vecs->out_vec[i].len;
/* Reset to 0 since we need to eventually fill in with bytes written */
vecs->out_vec[i].len = 0;
}
memcpy(request.message_text.buf, &vec_sizes, sizeof(vec_sizes));
request_msg_size = request_msg_size + sizeof(vec_sizes);
}
INFO(" Sending and then waiting");
// send message to server
if (msgsnd(server_qid, &request, request_msg_size, 0) == -1) {
ERROR(" msgsnd failed");
return ret;
}
return process_response(rx_qid, vecs, type, internal_server_qid);
}
}
uint32_t psa_framework_version(void)
{
return PSA_FRAMEWORK_VERSION;
}
psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version)
{
int idx;
psa_status_t ret;
char pathname[PATHNAMESIZE] = { 0 };
idx = get_next_free_handle();
/* if there's a free handle available */
if (idx >= 0) {
snprintf(pathname, PATHNAMESIZE - 1, TMP_FILE_BASE_PATH "psa_service_%u", sid);
INFO("Attempting to contact RoT service at %s", pathname);
/* if communication is possible */
if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) {
ret = send(handles[idx].client_qid,
handles[idx].server_qid,
&handles[idx].internal_server_qid,
PSA_IPC_CONNECT,
minor_version,
NULL);
/* if connection accepted by RoT service */
if (ret >= 0) {
handles[idx].valid = 1;
return idx;
} else {
INFO("Server didn't like you");
}
} else {
INFO("Couldn't contact RoT service. Does it exist?");
if (__psa_ff_client_security_state == 0) {
ERROR("Invalid SID");
}
}
}
INFO("Couldn't obtain a free handle");
return PSA_ERROR_CONNECTION_REFUSED;
}
uint32_t psa_version(uint32_t sid)
{
int idx;
psa_status_t ret;
char pathname[PATHNAMESIZE] = { 0 };
idx = get_next_free_handle();
if (idx >= 0) {
snprintf(pathname, PATHNAMESIZE, TMP_FILE_BASE_PATH "psa_service_%u", sid);
if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) {
ret = send(handles[idx].client_qid,
handles[idx].server_qid,
&handles[idx].internal_server_qid,
VERSION_REQUEST,
0,
NULL);
INFO("psa_version: Recieved from server %d", ret);
if (ret > 0) {
return ret;
}
}
}
INFO("psa_version failed: does the service exist?");
return PSA_VERSION_NONE;
}
psa_status_t psa_call(psa_handle_t handle,
int32_t type,
const psa_invec *in_vec,
size_t in_len,
psa_outvec *out_vec,
size_t out_len)
{
handle_is_valid(handle);
if ((in_len + out_len) > PSA_MAX_IOVEC) {
ERROR("Too many iovecs: %lu + %lu", in_len, out_len);
}
vectors_t vecs = { 0 };
vecs.in_vec = in_vec;
vecs.in_len = in_len;
vecs.out_vec = out_vec;
vecs.out_len = out_len;
return send(handles[handle].client_qid,
handles[handle].server_qid,
&handles[handle].internal_server_qid,
type,
0,
&vecs);
}
void psa_close(psa_handle_t handle)
{
handle_is_valid(handle);
if (send(handles[handle].client_qid, handles[handle].server_qid,
&handles[handle].internal_server_qid, PSA_IPC_DISCONNECT, 0, NULL)) {
ERROR("ERROR: Couldn't send disconnect msg");
} else {
if (msgctl(handles[handle].client_qid, IPC_RMID, NULL) != 0) {
ERROR("ERROR: Failed to delete msg queue");
}
}
INFO("Closing handle %u", handle);
handles[handle].valid = 0;
}

View File

@ -0,0 +1,8 @@
/* Common code between clients and services */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "psa/common.h"

View File

@ -0,0 +1,668 @@
/* PSA Firmware Framework service API */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/msg.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <strings.h>
#include <unistd.h>
#include <time.h>
#include <assert.h>
#include "psa/service.h"
#include "psasim/init.h"
#include "psa/error.h"
#include "psa/common.h"
#include "psa/util.h"
#define MAX_CLIENTS 128
#define MAX_MESSAGES 32
#define SLEEP_MS 50
struct connection {
uint32_t client;
void *rhandle;
int client_to_server_q;
};
/* Note that this implementation is functional and not secure. */
extern int __psa_ff_client_security_state;
static psa_msg_t messages[MAX_MESSAGES]; /* Message slots */
static uint8_t pending_message[MAX_MESSAGES] = { 0 }; /* Booleans indicating active message slots */
static uint32_t message_client[MAX_MESSAGES] = { 0 }; /* Each client's response queue */
static int nsacl[32];
static int strict_policy[32] = { 0 };
static uint32_t rot_svc_versions[32];
static int rot_svc_incoming_queue[32] = { -1 };
static struct connection connections[MAX_CLIENTS] = { { 0 } };
static uint32_t exposed_signals = 0;
void print_vectors(vector_sizes_t *sizes)
{
INFO("Printing iovec sizes");
for (int j = 0; j < PSA_MAX_IOVEC; j++) {
INFO("Invec %d: %lu", j, sizes->invec_sizes[j]);
}
for (int j = 0; j < PSA_MAX_IOVEC; j++) {
INFO("Outvec %d: %lu", j, sizes->outvec_sizes[j]);
}
}
int find_connection(uint32_t client)
{
for (int i = 1; i < MAX_CLIENTS; i++) {
if (client == connections[i].client) {
return i;
}
}
return -1;
}
void destroy_connection(uint32_t client)
{
int idx = find_connection(client);
if (idx >= 0) {
connections[idx].client = 0;
connections[idx].rhandle = 0;
INFO("Destroying connection");
} else {
ERROR("Couldn't destroy connection for %u", client);
}
}
int find_free_connection()
{
INFO("Allocating connection");
return find_connection(0);
}
static void reply(psa_handle_t msg_handle, psa_status_t status)
{
pending_message[msg_handle] = 1;
psa_reply(msg_handle, status);
pending_message[msg_handle] = 0;
}
psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout)
{
psa_signal_t mask;
struct message msg;
vector_sizes_t sizes;
struct msqid_ds qinfo;
uint32_t requested_version;
ssize_t len;
int idx;
#if !defined(PSASIM_USE_USLEEP)
const struct timespec ts_delay = { .tv_sec = 0, .tv_nsec = SLEEP_MS * 1000000 };
#endif
if (timeout == PSA_POLL) {
INFO("psa_wait: Called in polling mode");
}
do {
mask = signal_mask;
/* Check the status of each queue */
for (int i = 0; i < 32; i++) {
if (mask & 0x1) {
if (i < 3) {
// do nothing (reserved)
} else if (i == 3) {
// this must be psa doorbell
} else {
/* Check if this signal corresponds to a queue */
if (rot_svc_incoming_queue[i] >= 0 && (pending_message[i] == 0)) {
/* AFAIK there is no "peek" method in SysV, so try to get a message */
len = msgrcv(rot_svc_incoming_queue[i],
&msg,
sizeof(struct message_text),
0,
IPC_NOWAIT);
if (len > 0) {
INFO("Storing that QID in message_client[%d]", i);
INFO("The message handle will be %d", i);
msgctl(rot_svc_incoming_queue[i], IPC_STAT, &qinfo);
messages[i].client_id = qinfo.msg_lspid; /* PID of last msgsnd(2) call */
message_client[i] = msg.message_text.qid;
idx = find_connection(msg.message_text.qid);
if (msg.message_type & NON_SECURE) {
/* This is a non-secure message */
/* Check if NS client is allowed for this RoT service */
if (nsacl[i] <= 0) {
#if 0
INFO(
"Rejecting non-secure client due to manifest security policy");
reply(i, PSA_ERROR_CONNECTION_REFUSED);
continue; /* Skip to next signal */
#endif
}
msg.message_type &= ~(NON_SECURE); /* clear */
messages[i].client_id = messages[i].client_id * -1;
}
INFO("Got a message from client ID %d", messages[i].client_id);
INFO("Message type is %lu", msg.message_type);
INFO("PSA message type is %d", msg.message_text.psa_type);
messages[i].handle = i;
switch (msg.message_text.psa_type) {
case PSA_IPC_CONNECT:
if (len >= 16) {
memcpy(&requested_version, msg.message_text.buf,
sizeof(requested_version));
INFO("Requesting version %u", requested_version);
INFO("Implemented version %u", rot_svc_versions[i]);
/* TODO: need to check whether the policy is strict,
* and if so, then reject the client if the number doesn't match */
if (requested_version > rot_svc_versions[i]) {
INFO(
"Rejecting client because requested version that was too high");
reply(i, PSA_ERROR_CONNECTION_REFUSED);
continue; /* Skip to next signal */
}
if (strict_policy[i] == 1 &&
(requested_version != rot_svc_versions[i])) {
INFO(
"Rejecting client because enforcing a STRICT version policy");
reply(i, PSA_ERROR_CONNECTION_REFUSED);
continue; /* Skip to next signal */
} else {
INFO("Not rejecting client");
}
}
messages[i].type = PSA_IPC_CONNECT;
if (idx < 0) {
idx = find_free_connection();
}
if (idx >= 0) {
connections[idx].client = msg.message_text.qid;
} else {
/* We've run out of system wide connections */
reply(i, PSA_ERROR_CONNECTION_BUSY);
ERROR("Ran out of free connections");
continue;
}
break;
case PSA_IPC_DISCONNECT:
messages[i].type = PSA_IPC_DISCONNECT;
break;
case VERSION_REQUEST:
INFO("Got a version request");
reply(i, rot_svc_versions[i]);
continue; /* Skip to next signal */
break;
default:
/* PSA CALL */
if (msg.message_text.psa_type >= 0) {
messages[i].type = msg.message_text.psa_type;
memcpy(&sizes, msg.message_text.buf, sizeof(sizes));
print_vectors(&sizes);
memcpy(&messages[i].in_size, &sizes.invec_sizes,
(sizeof(size_t) * PSA_MAX_IOVEC));
memcpy(&messages[i].out_size, &sizes.outvec_sizes,
(sizeof(size_t) * PSA_MAX_IOVEC));
} else {
FATAL("UNKNOWN MESSAGE TYPE RECEIVED %li",
msg.message_type);
}
break;
}
messages[i].handle = i;
/* Check if the client has a connection */
if (idx >= 0) {
messages[i].rhandle = connections[idx].rhandle;
} else {
/* Client is begging for a programmer error */
reply(i, PSA_ERROR_PROGRAMMER_ERROR);
continue;
}
/* House keeping */
pending_message[i] = 1; /* set message as pending */
exposed_signals |= (0x1 << i); /* assert the signal */
}
}
}
mask = mask >> 1;
}
}
if ((timeout == PSA_BLOCK) && (exposed_signals > 0)) {
break;
} else {
/* There is no 'select' function in SysV to block on multiple queues, so busy-wait :( */
#if defined(PSASIM_USE_USLEEP)
usleep(SLEEP_MS * 1000);
#else /* PSASIM_USE_USLEEP */
nanosleep(&ts_delay, NULL);
#endif /* PSASIM_USE_USLEEP */
}
} while (timeout == PSA_BLOCK);
/* Assert signals */
return signal_mask & exposed_signals;
}
static int signal_to_index(psa_signal_t signal)
{
int i;
int count = 0;
int ret = -1;
for (i = 0; i < 32; i++) {
if (signal & 0x1) {
ret = i;
count++;
}
signal = signal >> 1;
}
if (count > 1) {
ERROR("ERROR: Too many signals");
return -1; /* Too many signals */
}
return ret;
}
static void clear_signal(psa_signal_t signal)
{
exposed_signals = exposed_signals & ~signal;
}
void raise_signal(psa_signal_t signal)
{
exposed_signals |= signal;
}
psa_status_t psa_get(psa_signal_t signal, psa_msg_t *msg)
{
int index = signal_to_index(signal);
if (index < 0) {
ERROR("Bad signal");
}
clear_signal(signal);
assert(messages[index].handle != 0);
if (pending_message[index] == 1) {
INFO("There is a pending message!");
memcpy(msg, &messages[index], sizeof(struct psa_msg_t));
assert(msg->handle != 0);
return PSA_SUCCESS;
} else {
INFO("no pending message");
}
return PSA_ERROR_DOES_NOT_EXIST;
}
static inline int is_valid_msg_handle(psa_handle_t h)
{
if (h > 0 && h < MAX_MESSAGES) {
return 1;
}
ERROR("Not a valid message handle");
return 0;
}
static inline int is_call_msg(psa_handle_t h)
{
assert(messages[h].type >= PSA_IPC_CALL);
return 1;
}
void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle)
{
is_valid_msg_handle(msg_handle);
int idx = find_connection(message_client[msg_handle]);
INFO("Setting rhandle to %p", rhandle);
assert(idx >= 0);
connections[idx].rhandle = rhandle;
}
/* Sends a message from the server to the client. Does not wait for a response */
static void send_msg(psa_handle_t msg_handle,
int ctrl_msg,
psa_status_t status,
size_t amount,
const void *data,
size_t data_amount)
{
struct message response;
int flags = 0;
assert(ctrl_msg > 0); /* According to System V, it must be greater than 0 */
response.message_type = ctrl_msg;
if (ctrl_msg == PSA_REPLY) {
memcpy(response.message_text.buf, &status, sizeof(psa_status_t));
} else if (ctrl_msg == READ_REQUEST || ctrl_msg == WRITE_REQUEST || ctrl_msg == SKIP_REQUEST) {
memcpy(response.message_text.buf, &status, sizeof(psa_status_t));
memcpy(response.message_text.buf+sizeof(size_t), &amount, sizeof(size_t));
if (ctrl_msg == WRITE_REQUEST) {
/* TODO: Check if too big */
memcpy(response.message_text.buf + (sizeof(size_t) * 2), data, data_amount);
}
}
/* TODO: sizeof doesn't need to be so big here for small responses */
if (msgsnd(message_client[msg_handle], &response, sizeof(response.message_text), flags) == -1) {
ERROR("Failed to reply");
}
}
static size_t skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes)
{
if (num_bytes < (messages[msg_handle].in_size[invec_idx] - num_bytes)) {
messages[msg_handle].in_size[invec_idx] = messages[msg_handle].in_size[invec_idx] -
num_bytes;
return num_bytes;
} else {
if (num_bytes >= messages[msg_handle].in_size[invec_idx]) {
size_t ret = messages[msg_handle].in_size[invec_idx];
messages[msg_handle].in_size[invec_idx] = 0;
return ret;
} else {
return num_bytes;
}
}
}
size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx,
void *buffer, size_t num_bytes)
{
size_t sofar = 0;
struct message msg = { 0 };
int idx;
ssize_t len;
is_valid_msg_handle(msg_handle);
is_call_msg(msg_handle);
if (invec_idx >= PSA_MAX_IOVEC) {
ERROR("Invalid iovec number");
}
/* If user wants more data than what's available, truncate their request */
if (num_bytes > messages[msg_handle].in_size[invec_idx]) {
num_bytes = messages[msg_handle].in_size[invec_idx];
}
while (sofar < num_bytes) {
INFO("Server: requesting %lu bytes from client", (num_bytes - sofar));
send_msg(msg_handle, READ_REQUEST, invec_idx, (num_bytes - sofar), NULL, 0);
idx = find_connection(message_client[msg_handle]);
assert(idx >= 0);
len = msgrcv(connections[idx].client_to_server_q, &msg, sizeof(struct message_text), 0, 0);
len = (len - sizeof(msg.message_text.qid));
if (len < 0) {
FATAL("Internal error: failed to dispatch read request to the client");
}
if (len > (num_bytes - sofar)) {
if ((num_bytes - sofar) > 0) {
memcpy(buffer+sofar, msg.message_text.buf, (num_bytes - sofar));
}
} else {
memcpy(buffer + sofar, msg.message_text.buf, len);
}
INFO("Printing what i got so far: %s", msg.message_text.buf);
sofar = sofar + len;
}
/* Update the seek count */
skip(msg_handle, invec_idx, num_bytes);
INFO("Finished psa_read");
return sofar;
}
void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx,
const void *buffer, size_t num_bytes)
{
size_t sofar = 0;
struct message msg = { 0 };
int idx;
ssize_t len;
is_valid_msg_handle(msg_handle);
is_call_msg(msg_handle);
if (outvec_idx >= PSA_MAX_IOVEC) {
ERROR("Invalid iovec number");
}
if (num_bytes > messages[msg_handle].out_size[outvec_idx]) {
ERROR("Program tried to write too much data %lu/%lu", num_bytes,
messages[msg_handle].out_size[outvec_idx]);
}
while (sofar < num_bytes) {
size_t sending = (num_bytes - sofar);
if (sending >= MAX_FRAGMENT_SIZE) {
sending = MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2);
}
INFO("Server: sending %lu bytes to client", sending);
send_msg(msg_handle, WRITE_REQUEST, outvec_idx, sending, buffer, sending);
idx = find_connection(message_client[msg_handle]);
assert(idx >= 0);
len = msgrcv(connections[idx].client_to_server_q, &msg, sizeof(struct message_text), 0, 0);
if (len < 1) {
FATAL("Client didn't give me a full response");
}
sofar = sofar + len;
}
/* Update the seek count */
messages[msg_handle].out_size[outvec_idx] -= num_bytes;
}
size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes)
{
is_valid_msg_handle(msg_handle);
is_call_msg(msg_handle);
size_t ret = skip(msg_handle, invec_idx, num_bytes);
/* notify client to skip */
send_msg(msg_handle, SKIP_REQUEST, invec_idx, num_bytes, NULL, 0);
return ret;
}
static void destroy_temporary_queue(int myqid)
{
if (msgctl(myqid, IPC_RMID, NULL) != 0) {
INFO("ERROR: Failed to delete msg queue %d", myqid);
}
}
static int make_temporary_queue()
{
int myqid;
if ((myqid = msgget(IPC_PRIVATE, 0660)) == -1) {
INFO("msgget: myqid");
return -1;
}
return myqid;
}
/**
* Assumes msg_handle is the index into the message array
*/
void psa_reply(psa_handle_t msg_handle, psa_status_t status)
{
int idx, q;
is_valid_msg_handle(msg_handle);
if (pending_message[msg_handle] != 1) {
ERROR("Not a valid message handle");
}
if (messages[msg_handle].type == PSA_IPC_CONNECT) {
switch (status) {
case PSA_SUCCESS:
idx = find_connection(message_client[msg_handle]);
q = make_temporary_queue();
if (q > 0 && idx >= 0) {
connections[idx].client_to_server_q = q;
status = q;
} else {
FATAL("What happened?");
}
break;
case PSA_ERROR_CONNECTION_REFUSED:
destroy_connection(message_client[msg_handle]);
break;
case PSA_ERROR_CONNECTION_BUSY:
destroy_connection(message_client[msg_handle]);
break;
case PSA_ERROR_PROGRAMMER_ERROR:
destroy_connection(message_client[msg_handle]);
break;
default:
ERROR("Not a valid reply %d", status);
}
} else if (messages[msg_handle].type == PSA_IPC_DISCONNECT) {
idx = find_connection(message_client[msg_handle]);
if (idx >= 0) {
destroy_temporary_queue(connections[idx].client_to_server_q);
}
destroy_connection(message_client[msg_handle]);
}
send_msg(msg_handle, PSA_REPLY, status, 0, NULL, 0);
pending_message[msg_handle] = 0;
message_client[msg_handle] = 0;
}
/* TODO: make sure you only clear interrupt signals, and not others */
void psa_eoi(psa_signal_t signal)
{
int index = signal_to_index(signal);
if (index >= 0 && (rot_svc_incoming_queue[index] >= 0)) {
clear_signal(signal);
} else {
ERROR("Tried to EOI a signal that isn't an interrupt");
}
}
void psa_notify(int32_t partition_id)
{
char pathname[PATHNAMESIZE] = { 0 };
if (partition_id < 0) {
ERROR("Not a valid secure partition");
}
snprintf(pathname, PATHNAMESIZE, "/tmp/psa_notify_%u", partition_id);
INFO("psa_notify: notifying partition %u using %s",
partition_id, pathname);
INFO("psa_notify is unimplemented");
}
void psa_clear(void)
{
clear_signal(PSA_DOORBELL);
}
void __init_psasim(const char **array,
int size,
const int allow_ns_clients_array[32],
const uint32_t versions[32],
const int strict_policy_array[32])
{
static uint8_t library_initialised = 0;
key_t key;
int qid;
FILE *fp;
char doorbell_path[PATHNAMESIZE] = { 0 };
char queue_path[PATHNAMESIZE];
snprintf(doorbell_path, PATHNAMESIZE, TMP_FILE_BASE_PATH "psa_notify_%u", getpid());
if (library_initialised > 0) {
return;
} else {
library_initialised = 1;
}
if (size != 32) {
FATAL("Unsupported value. Aborting.");
}
array[3] = doorbell_path;
for (int i = 0; i < 32; i++) {
if (strncmp(array[i], "", 1) != 0) {
INFO("Setting up %s", array[i]);
memset(queue_path, 0, sizeof(queue_path));
sprintf(queue_path, "%s%s", TMP_FILE_BASE_PATH, array[i]);
/* Create file if doesn't exist */
fp = fopen(queue_path, "ab+");
if (fp) {
fclose(fp);
}
if ((key = ftok(queue_path, PROJECT_ID)) == -1) {
FATAL("Error finding message queue during initialisation");
}
/* TODO: Investigate. Permissions are likely to be too relaxed */
if ((qid = msgget(key, IPC_CREAT | 0660)) == -1) {
FATAL("Error opening message queue during initialisation");
} else {
rot_svc_incoming_queue[i] = qid;
}
}
}
memcpy(nsacl, allow_ns_clients_array, sizeof(int) * 32);
memcpy(strict_policy, strict_policy_array, sizeof(int) * 32);
memcpy(rot_svc_versions, versions, sizeof(uint32_t) * 32);
memset(&connections, 0, sizeof(struct connection) * MAX_CLIENTS);
__psa_ff_client_security_state = 0; /* Set the client status to SECURE */
}

View File

@ -0,0 +1,29 @@
INCLUDE := -I../include/ -I./psa_manifest
LIB := -L../src -lpsaff
TEST_BIN = psa_client \
psa_partition
GENERATED_H_FILES = psa_manifest/manifest.h \
psa_manifest/pid.h \
psa_manifest/sid.h
PARTITION_SERVER_BOOTSTRAP = psa_ff_bootstrap_TEST_PARTITION.c
.PHONY: all clean
all: $(TEST_BIN)
psa_client: client.c $(GENERATED_H_FILES)
$(CC) $(INCLUDE) $(CFLAGS) $< $(LIB) -o $@
psa_partition: $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES)
$(CC) $(INCLUDE) $(CFLAGS) $< $(LIB) -o $@
$(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): manifest.json server.c
../tools/psa_autogen.py $<
clean:
rm -f $(TEST_BIN) psa_ff_bootstrap_*.c
rm -f psa_notify_* psa_service_*
rm -f psa_manifest/*

View File

@ -0,0 +1,48 @@
/* psasim test client */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <psa/client.h>
#include <psa/util.h>
#include "psa_manifest/sid.h"
#include <stdio.h>
#include <unistd.h>
#define CLIENT_PRINT(fmt, ...) \
PRINT("Client: " fmt, ##__VA_ARGS__)
int main()
{
const char *text = "FOOBARCOOL!!";
char output[100] = { 0 };
CLIENT_PRINT("My PID: %d", getpid());
CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_SHA256_SID));
psa_handle_t h = psa_connect(PSA_SID_SHA256_SID, 1);
if (h < 0) {
CLIENT_PRINT("Couldn't connect %d", h);
return 1;
} else {
int type = 2;
CLIENT_PRINT("psa_call() w/o invec returned: %d", psa_call(h, type, NULL, 0, NULL, 0));
psa_invec invecs[1];
psa_outvec outvecs[1];
invecs[0].base = text;
invecs[0].len = sizeof(text);
outvecs[0].base = output;
outvecs[0].len = sizeof(output);
CLIENT_PRINT("invec len: %lu", invecs[0].len);
CLIENT_PRINT("psa_call() w/ invec returned: %d", psa_call(h, type, invecs, 1, outvecs, 1));
CLIENT_PRINT("Received payload len: %ld", outvecs[0].len);
CLIENT_PRINT("Received payload content: %s", output);
CLIENT_PRINT("Closing handle");
psa_close(h);
}
return 0;
}

View File

@ -0,0 +1,29 @@
{
"psa_framework_version":1.0,
"name":"TEST_PARTITION",
"type":"PSA-ROT",
"priority":"LOW",
"entry_point":"psa_sha256_main",
"stack_size":"0x400",
"heap_size":"0x100",
"services":[
{
"name":"PSA_SID_SHA256",
"sid":"0x0000F000",
"signal":"PSA_SHA256",
"non_secure_clients": "true",
"minor_version":1,
"minor_policy":"STRICT"
}
],
"irqs": [
{
"source": "SIGINT",
"signal": "SIGINT_SIG"
},
{
"source": "SIGTSTP",
"signal": "SIGSTP_SIG"
}
]
}

View File

@ -0,0 +1,34 @@
#!/bin/bash
# This is a simple bash script that tests psa_client/psa_server interaction.
# This script is automatically executed when "make run" is launched by the
# "psasim" root folder. The script can also be launched manually once
# binary files are built (i.e. after "make test" is executed from the "psasim"
# root folder).
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
set -e
function clean_run() {
pkill psa_partition || true
pkill psa_client || true
ipcs | grep q | awk '{ printf " -q " $$2 }' | xargs ipcrm > /dev/null 2>&1 || true
}
# The server creates some local files when it starts up so we can wait for this
# event as signal that the server is ready so that we can start client(s).
function wait_for_server_startup() {
while [ ! -f ./psa_notify_* ]; do
sleep 0.1
done
}
clean_run
./psa_partition -k &
SERV_PID=$!
wait_for_server_startup
./psa_client
wait $SERV_PID

View File

@ -0,0 +1,119 @@
/* psasim test server */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <unistd.h>
#include <stdio.h>
#include "psa/service.h"
#include "psa/error.h"
#include "psa/util.h"
#include "psa_manifest/manifest.h"
#define SERVER_PRINT(fmt, ...) \
PRINT("Server: " fmt, ##__VA_ARGS__)
#define BUF_SIZE 25
static int kill_on_disconnect = 0; /* Kill the server on client disconnection. */
void parse_input_args(int argc, char *argv[])
{
int opt;
while ((opt = getopt(argc, argv, "k")) != -1) {
switch (opt) {
case 'k':
kill_on_disconnect = 1;
break;
default:
fprintf(stderr, "Usage: %s [-k]\n", argv[0]);
exit(EXIT_FAILURE);
}
}
}
int psa_sha256_main(int argc, char *argv[])
{
psa_status_t ret = PSA_ERROR_PROGRAMMER_ERROR;
psa_msg_t msg = { -1 };
char foo[BUF_SIZE] = { 0 };
const int magic_num = 66;
int client_disconnected = 0;
parse_input_args(argc, argv);
SERVER_PRINT("Starting");
while (!(kill_on_disconnect && client_disconnected)) {
psa_signal_t signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK);
if (signals > 0) {
SERVER_PRINT("Signals: 0x%08x", signals);
}
if (signals & PSA_SHA256_SIGNAL) {
if (PSA_SUCCESS == psa_get(PSA_SHA256_SIGNAL, &msg)) {
SERVER_PRINT("My handle is %d", msg.handle);
SERVER_PRINT("My rhandle is %p", (int *) msg.rhandle);
switch (msg.type) {
case PSA_IPC_CONNECT:
SERVER_PRINT("Got a connection message");
psa_set_rhandle(msg.handle, (void *) &magic_num);
ret = PSA_SUCCESS;
break;
case PSA_IPC_DISCONNECT:
SERVER_PRINT("Got a disconnection message");
ret = PSA_SUCCESS;
client_disconnected = 1;
break;
default:
SERVER_PRINT("Got an IPC call of type %d", msg.type);
ret = 42;
size_t size = msg.in_size[0];
if ((size > 0) && (size <= sizeof(foo))) {
psa_read(msg.handle, 0, foo, 6);
foo[(BUF_SIZE-1)] = '\0';
SERVER_PRINT("Reading payload: %s", foo);
psa_read(msg.handle, 0, foo+6, 6);
foo[(BUF_SIZE-1)] = '\0';
SERVER_PRINT("Reading payload: %s", foo);
}
size = msg.out_size[0];
if ((size > 0)) {
SERVER_PRINT("Writing response");
psa_write(msg.handle, 0, "RESP", 4);
psa_write(msg.handle, 0, "ONSE", 4);
}
if (msg.client_id > 0) {
psa_notify(msg.client_id);
} else {
SERVER_PRINT("Client is non-secure, so won't notify");
}
}
psa_reply(msg.handle, ret);
} else {
SERVER_PRINT("Failed to retrieve message");
}
} else if (SIGSTP_SIG & signals) {
SERVER_PRINT("Recieved SIGSTP signal. Gonna EOI it.");
psa_eoi(SIGSTP_SIG);
} else if (SIGINT_SIG & signals) {
SERVER_PRINT("Handling interrupt!");
SERVER_PRINT("Gracefully quitting");
psa_panic();
} else {
SERVER_PRINT("No signal asserted");
}
}
return 0;
}

View File

@ -0,0 +1,165 @@
#!/usr/bin/env python3
"""This hacky script generates a partition from a manifest file"""
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import json
import os
import sys
from os import listdir
if len(sys.argv) != 2:
print("Usage: psa_autogen <manifest_file>")
sys.exit(1)
FILENAME = str(sys.argv[1])
with open(str(FILENAME), "r") as read_file:
data = json.load(read_file)
FILENAME = os.path.basename(FILENAME)
FILENAME = FILENAME.split('.')[0]
print("Base filename is " + str(FILENAME))
if str(data['psa_framework_version'] == "1.0"):
entry_point = str(data['entry_point'])
partition_name = str(data['name'])
services = data['services']
try:
irqs = data['irqs']
except KeyError:
irqs = []
try:
os.mkdir("psa_manifest")
print("Generating psa_manifest directory")
except OSError:
print ("PSA manifest directory already exists")
man = open(str("psa_manifest/" + FILENAME + ".h"), "w")
pids = open("psa_manifest/pid.h", "a")
sids = open("psa_manifest/sid.h", "a")
if len(services) > 28:
print ("Unsupported number of services")
count = 4 # For creating SID array
nsacl = "const int ns_allowed[32] = { "
policy = "const int strict_policy[32] = { "
qcode = "const char *psa_queues[] = { "
versions = "const uint32_t versions[32] = { "
queue_path = "psa_service_"
start = False
for x in range(0, count):
qcode = qcode + "\"\", "
nsacl = nsacl + "0, "
policy = policy + "0, "
versions = versions + "0, "
# Go through all the services to make sid.h and pid.h
for svc in services:
man.write("#define {}_SIGNAL 0x{:08x}\n".format(svc['signal'], 2**count))
sids.write("#define {}_SID {}\n".format(svc['name'], svc['sid']))
qcode = qcode + "\"" + queue_path + str(int(svc['sid'], 16)) + "\","
ns_clients = svc['non_secure_clients']
print(str(svc))
if ns_clients == "true":
nsacl = nsacl + "1, "
else:
nsacl = nsacl + "0, "
try:
versions = versions + str(svc['minor_version']) + ", "
except KeyError:
versions = versions + "1, "
strict = 0
try:
if str(svc['minor_policy']).lower() == "strict":
strict = 1
policy = policy + "1, "
else:
policy = policy + "0, "
except KeyError:
strict = 0
policy = policy + "0, "
count = count+1
sigcode = ""
handlercode = "void __sig_handler(int signo) {\n"
irqcount = count
for irq in irqs:
man.write("#define {} 0x{:08x}\n".format(irq['signal'], 2**irqcount))
sigcode = sigcode + " signal({}, __sig_handler);\n".format(irq['source'])
handlercode = handlercode + \
" if (signo == {}) {{ raise_signal(0x{:08x}); }};\n".format(irq['source'], 2**irqcount)
irqcount = irqcount+1
handlercode = handlercode + "}\n"
while (count < 32):
qcode = qcode + "\"\", "
nsacl = nsacl + "0, "
versions = versions + "0, "
policy = policy + "0, "
count = count + 1
qcode = qcode + "};\n"
nsacl = nsacl + "};\n"
versions = versions + "};\n"
policy = policy + "};\n"
pids.close()
sids.close()
man.close()
symbols = []
# Go through all the files in the current directory and look for the entrypoint
for root, directories, filenames in os.walk('.'):
for filename in filenames:
if "psa_ff_bootstrap" in filename or filename == "psa_manifest":
continue
try:
fullpath = os.path.join(root,filename)
with open(fullpath, encoding='utf-8') as currentFile:
text = currentFile.read()
if str(entry_point + "(") in text:
symbols.append(fullpath)
except IOError:
print("Couldn't open " + filename)
except UnicodeDecodeError:
pass
print(str("Number of entrypoints detected: " + str(len(symbols))))
if len(symbols) < 1:
print("Couldn't find function " + entry_point)
sys.exit(1)
elif len(symbols) > 1:
print("Duplicate entrypoint symbol detected: " + str(symbols))
sys.exit(2)
else:
bs = open(str("psa_ff_bootstrap_" + str(partition_name) + ".c"), "w")
bs.write("#include <psasim/init.h>\n")
bs.write("#include \"" + symbols[0] + "\"\n")
bs.write("#include <signal.h>\n\n")
bs.write(qcode)
bs.write(nsacl)
bs.write(policy)
bs.write(versions)
bs.write("\n")
bs.write(handlercode)
bs.write("\n")
bs.write("int main(int argc, char *argv[]) {\n")
bs.write(" (void) argc;\n")
bs.write(sigcode)
bs.write(" __init_psasim(psa_queues, 32, ns_allowed, versions, strict_policy);\n")
bs.write(" " + entry_point + "(argc, argv);\n}\n")
bs.close()
print("Success")