diff --git a/tests/psa-client-server/psasim/.gitignore b/tests/psa-client-server/psasim/.gitignore new file mode 100644 index 0000000000..4065abf771 --- /dev/null +++ b/tests/psa-client-server/psasim/.gitignore @@ -0,0 +1,12 @@ +bin/* +*.o +*.so +test/psa_ff_bootstrap.c +test/psa_manifest/* +test/client +test/partition +cscope.out +*.orig +*.swp +*.DS_Store +*psa_ff_bootstrap_* diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile new file mode 100644 index 0000000000..a84483c8f8 --- /dev/null +++ b/tests/psa-client-server/psasim/Makefile @@ -0,0 +1,23 @@ +CFLAGS ?= -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L + +ifeq ($(DEBUG),1) + CFLAGS += -DDEBUG -O0 -g +endif + +.PHONY: all lib test run + +all: lib test + +lib: + $(MAKE) -C src CFLAGS="$(CFLAGS)" + +test: lib + $(MAKE) -C test CFLAGS="$(CFLAGS)" + +clean: + rm -f $(PSA_LIB) $(PSA_LIB_OBJS) + $(MAKE) -C test clean + $(MAKE) -C src clean + +run: test + cd test && ./run_test.sh diff --git a/tests/psa-client-server/psasim/README.md b/tests/psa-client-server/psasim/README.md new file mode 100644 index 0000000000..1b950d6b1d --- /dev/null +++ b/tests/psa-client-server/psasim/README.md @@ -0,0 +1,61 @@ +# psasim + +This tool simulates a PSA Firmware Framework implementation. +It allows you to develop secure partitions and their clients on a desktop computer. +It should be able to run on all systems that support POSIX and System V IPC: +e.g. macOS, Linux, FreeBSD, and perhaps Windows 10 WSL2. + +Please note that the code in this directory is maintained by the Mbed TLS / PSA Crypto project solely for the purpose of testing the use of Mbed TLS with client/service separation. We do not recommend using this code for any other purpose. In particular: + +* This simulator is not intended to pass or demonstrate compliance. +* This code is only intended for simulation and does not have any security goals. It does not isolate services from clients. + +## Building + +To build and run the test program make sure you have `make`, `python` and a +C compiler installed and then enter the following commands: + +```sh +make run +``` + +Optionally the `DEBUG=1` command line option can be enabled to increase verbosity: + +```sh +make DEBUG=1 run +``` + +Once done with the test, it is possible to clean all the generated files with: + +```sh +make clean +``` + +## Features + +The implemented API is intended to be compliant with PSA-FF 1.0.0 with the exception of a couple of things that are a work in progress: + +* `psa_notify` support +* "strict" policy in manifest + +The only supported "interrupts" are POSIX signals, which act +as a "virtual interrupt". + +The standard PSA RoT APIs are not included (e.g. cryptography, attestation, lifecycle etc). + +## Design + +The code is designed to be readable rather than fast or secure. +In this implementation only one message is delivered to a +RoT service at a time. +The code is not thread-safe. + +## Unsupported features + +Because this is a simulator there are a few things that +can't be reasonably emulated: + +* Manifest MMIO regions are unsupported +* Manifest priority field is ignored +* Partition IDs are in fact POSIX `pid_t`, which are only assigned at runtime, + making it infeasible to populate pid.h with correct values. diff --git a/tests/psa-client-server/psasim/include/psa/client.h b/tests/psa-client-server/psasim/include/psa/client.h new file mode 100644 index 0000000000..d1af993f4f --- /dev/null +++ b/tests/psa-client-server/psasim/include/psa/client.h @@ -0,0 +1,73 @@ +/* PSA Firmware Framework client header for psasim. */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef __PSA_CLIENT_H__ +#define __PSA_CLIENT_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include + +#include "psa/error.h" +/*********************** PSA Client Macros and Types *************************/ + +#define PSA_FRAMEWORK_VERSION (0x0100) + +#define PSA_VERSION_NONE (0) + +/* PSA response types */ +#define PSA_CONNECTION_REFUSED PSA_ERROR_CONNECTION_REFUSED +#define PSA_CONNECTION_BUSY PSA_ERROR_CONNECTION_BUSY +#define PSA_DROP_CONNECTION PSA_ERROR_PROGRAMMER_ERROR + +/* PSA message handles */ +#define PSA_NULL_HANDLE ((psa_handle_t) 0) + +#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t) (handle) > 0) +#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t) (handle)) + +/** + * A read-only input memory region provided to an RoT Service. + */ +typedef struct psa_invec { + const void *base; + size_t len; +} psa_invec; + +/** + * A writable output memory region provided to an RoT Service. + */ +typedef struct psa_outvec { + void *base; + size_t len; +} psa_outvec; + +/*************************** PSA Client API **********************************/ + +uint32_t psa_framework_version(void); + +uint32_t psa_version(uint32_t sid); + +psa_handle_t psa_connect(uint32_t sid, uint32_t version); + +psa_status_t psa_call(psa_handle_t handle, + int32_t type, + const psa_invec *in_vec, + size_t in_len, + psa_outvec *out_vec, + size_t out_len); + +void psa_close(psa_handle_t handle); + +#ifdef __cplusplus +} +#endif + +#endif /* __PSA_CLIENT_H__ */ diff --git a/tests/psa-client-server/psasim/include/psa/common.h b/tests/psa-client-server/psasim/include/psa/common.h new file mode 100644 index 0000000000..d0205d291a --- /dev/null +++ b/tests/psa-client-server/psasim/include/psa/common.h @@ -0,0 +1,53 @@ +/* Common definitions used for clients and services */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef _COMMON_H_ +#define _COMMON_H_ + +#include +#include + +/* Increasing this might break on some platforms */ +#define MAX_FRAGMENT_SIZE 200 + +#define CONNECT_REQUEST 1 +#define CALL_REQUEST 2 +#define CLOSE_REQUEST 3 +#define VERSION_REQUEST 4 +#define READ_REQUEST 5 +#define READ_RESPONSE 6 +#define WRITE_REQUEST 7 +#define WRITE_RESPONSE 8 +#define SKIP_REQUEST 9 +#define PSA_REPLY 10 + +#define NON_SECURE (1 << 30) + +typedef int32_t psa_status_t; +typedef int32_t psa_handle_t; + +#define PSA_MAX_IOVEC (4u) + +#define PSA_IPC_CALL (0) + +struct message_text { + int qid; + int32_t psa_type; + char buf[MAX_FRAGMENT_SIZE]; +}; + +struct message { + long message_type; + struct message_text message_text; +}; + +typedef struct vector_sizes { + size_t invec_sizes[PSA_MAX_IOVEC]; + size_t outvec_sizes[PSA_MAX_IOVEC]; +} vector_sizes_t; + +#endif /* _COMMON_H_ */ diff --git a/tests/psa-client-server/psasim/include/psa/error.h b/tests/psa-client-server/psasim/include/psa/error.h new file mode 100644 index 0000000000..44fc0b1cbf --- /dev/null +++ b/tests/psa-client-server/psasim/include/psa/error.h @@ -0,0 +1,38 @@ +/* PSA status codes used by psasim. */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef PSA_ERROR_H +#define PSA_ERROR_H + +#include + +#include "psa/common.h" + +#define PSA_SUCCESS ((psa_status_t) 0) + +#define PSA_ERROR_PROGRAMMER_ERROR ((psa_status_t) -129) +#define PSA_ERROR_CONNECTION_REFUSED ((psa_status_t) -130) +#define PSA_ERROR_CONNECTION_BUSY ((psa_status_t) -131) +#define PSA_ERROR_GENERIC_ERROR ((psa_status_t) -132) +#define PSA_ERROR_NOT_PERMITTED ((psa_status_t) -133) +#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t) -134) +#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t) -135) +#define PSA_ERROR_INVALID_HANDLE ((psa_status_t) -136) +#define PSA_ERROR_BAD_STATE ((psa_status_t) -137) +#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t) -138) +#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t) -139) +#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t) -140) +#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t) -141) +#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t) -142) +#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t) -143) +#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t) -144) +#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t) -145) +#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t) -146) +#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t) -147) +#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t) -149) + +#endif diff --git a/tests/psa-client-server/psasim/include/psa/lifecycle.h b/tests/psa-client-server/psasim/include/psa/lifecycle.h new file mode 100644 index 0000000000..1148397a88 --- /dev/null +++ b/tests/psa-client-server/psasim/include/psa/lifecycle.h @@ -0,0 +1,17 @@ +/* PSA lifecycle states used by psasim. */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#define PSA_LIFECYCLE_PSA_STATE_MASK (0xff00u) +#define PSA_LIFECYCLE_IMP_STATE_MASK (0x00ffu) +#define PSA_LIFECYCLE_UNKNOWN (0x0000u) +#define PSA_LIFECYCLE_ASSEMBLY_AND_TEST (0x1000u) +#define PSA_LIFECYCLE_PSA_ROT_PROVISIONING (0x2000u) +#define PSA_LIFECYCLE_SECURED (0x3000u) +#define PSA_LIFECYCLE_NON_PSA_ROT_DEBUG (0x4000u) +#define PSA_LIFECYCLE_RECOVERABLE_PSA_ROT_DEBUG (0x5000u) +#define PSA_LIFECYCLE_DECOMMISSIONED (0x6000u) +#define psa_rot_lifecycle_state(void) PSA_LIFECYCLE_UNKNOWN diff --git a/tests/psa-client-server/psasim/include/psa/service.h b/tests/psa-client-server/psasim/include/psa/service.h new file mode 100644 index 0000000000..c8c00245ae --- /dev/null +++ b/tests/psa-client-server/psasim/include/psa/service.h @@ -0,0 +1,251 @@ +/* PSA Firmware Framework service header for psasim. */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef __PSA_SERVICE_H__ +#define __PSA_SERVICE_H__ + +#ifdef __cplusplus +extern "C" { +#endif +#include +#include +#include + +#include "psa/common.h" + +/********************** PSA Secure Partition Macros and Types ****************/ + +/* PSA wait timeouts */ +#define PSA_POLL (0x00000000u) +#define PSA_BLOCK (0x80000000u) + +/* A mask value that includes all Secure Partition signals */ +#define PSA_WAIT_ANY (~0u) + +/* Doorbell signal */ +#define PSA_DOORBELL (0x00000008u) + +/* PSA message types */ +#define PSA_IPC_CONNECT (-1) +#define PSA_IPC_DISCONNECT (-2) + +/* Return code from psa_get() */ +#define PSA_ERR_NOMSG (INT32_MIN + 3) + +/* Store a set of one or more Secure Partition signals */ +typedef uint32_t psa_signal_t; + +/** + * Describe a message received by an RoT Service after calling \ref psa_get(). + */ +typedef struct psa_msg_t { + uint32_t type; /* One of the following values: + * \ref PSA_IPC_CONNECT + * \ref PSA_IPC_CALL + * \ref PSA_IPC_DISCONNECT + */ + psa_handle_t handle; /* A reference generated by the SPM to the + * message returned by psa_get(). + */ + int32_t client_id; /* Partition ID of the sender of the message */ + void *rhandle; /* Be useful for binding a connection to some + * application-specific data or function + * pointer within the RoT Service + * implementation. + */ + size_t in_size[PSA_MAX_IOVEC]; /* Provide the size of each client input + * vector in bytes. + */ + size_t out_size[PSA_MAX_IOVEC];/* Provide the size of each client output + * vector in bytes. + */ +} psa_msg_t; + +/************************* PSA Secure Partition API **************************/ + +/** + * \brief Return the Secure Partition interrupt signals that have been asserted + * from a subset of signals provided by the caller. + * + * \param[in] signal_mask A set of signals to query. Signals that are not + * in this set will be ignored. + * \param[in] timeout Specify either blocking \ref PSA_BLOCK or + * polling \ref PSA_POLL operation. + * + * \retval >0 At least one signal is asserted. + * \retval 0 No signals are asserted. This is only seen when + * a polling timeout is used. + */ +psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout); + +/** + * \brief Retrieve the message which corresponds to a given RoT Service signal + * and remove the message from the RoT Service queue. + * + * \param[in] signal The signal value for an asserted RoT Service. + * \param[out] msg Pointer to \ref psa_msg_t object for receiving + * the message. + * + * \retval PSA_SUCCESS Success, *msg will contain the delivered + * message. + * \retval PSA_ERR_NOMSG Message could not be delivered. + * \retval "Does not return" The call is invalid because one or more of the + * following are true: + * \arg signal has more than a single bit set. + * \arg signal does not correspond to an RoT Service. + * \arg The RoT Service signal is not currently + * asserted. + * \arg The msg pointer provided is not a valid memory + * reference. + */ +psa_status_t psa_get(psa_signal_t signal, psa_msg_t *msg); + +/** + * \brief Associate some RoT Service private data with a client connection. + * + * \param[in] msg_handle Handle for the client's message. + * \param[in] rhandle Reverse handle allocated by the RoT Service. + * + * \retval void Success, rhandle will be provided with all + * subsequent messages delivered on this + * connection. + * \retval "Does not return" msg_handle is invalid. + */ +void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle); + +/** + * \brief Read a message parameter or part of a message parameter from a client + * input vector. + * + * \param[in] msg_handle Handle for the client's message. + * \param[in] invec_idx Index of the input vector to read from. Must be + * less than \ref PSA_MAX_IOVEC. + * \param[out] buffer Buffer in the Secure Partition to copy the + * requested data to. + * \param[in] num_bytes Maximum number of bytes to be read from the + * client input vector. + * + * \retval >0 Number of bytes copied. + * \retval 0 There was no remaining data in this input + * vector. + * \retval "Does not return" The call is invalid, one or more of the + * following are true: + * \arg msg_handle is invalid. + * \arg msg_handle does not refer to a + * \ref PSA_IPC_CALL message. + * \arg invec_idx is equal to or greater than + * \ref PSA_MAX_IOVEC. + * \arg the memory reference for buffer is invalid or + * not writable. + */ +size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx, + void *buffer, size_t num_bytes); + +/** + * \brief Skip over part of a client input vector. + * + * \param[in] msg_handle Handle for the client's message. + * \param[in] invec_idx Index of input vector to skip from. Must be + * less than \ref PSA_MAX_IOVEC. + * \param[in] num_bytes Maximum number of bytes to skip in the client + * input vector. + * + * \retval >0 Number of bytes skipped. + * \retval 0 There was no remaining data in this input + * vector. + * \retval "Does not return" The call is invalid, one or more of the + * following are true: + * \arg msg_handle is invalid. + * \arg msg_handle does not refer to a + * \ref PSA_IPC_CALL message. + * \arg invec_idx is equal to or greater than + * \ref PSA_MAX_IOVEC. + */ +size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes); + +/** + * \brief Write a message response to a client output vector. + * + * \param[in] msg_handle Handle for the client's message. + * \param[out] outvec_idx Index of output vector in message to write to. + * Must be less than \ref PSA_MAX_IOVEC. + * \param[in] buffer Buffer with the data to write. + * \param[in] num_bytes Number of bytes to write to the client output + * vector. + * + * \retval void Success + * \retval "Does not return" The call is invalid, one or more of the + * following are true: + * \arg msg_handle is invalid. + * \arg msg_handle does not refer to a + * \ref PSA_IPC_CALL message. + * \arg outvec_idx is equal to or greater than + * \ref PSA_MAX_IOVEC. + * \arg The memory reference for buffer is invalid. + * \arg The call attempts to write data past the end + * of the client output vector. + */ +void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, + const void *buffer, size_t num_bytes); + +/** + * \brief Complete handling of a specific message and unblock the client. + * + * \param[in] msg_handle Handle for the client's message. + * \param[in] status Message result value to be reported to the + * client. + * + * \retval void Success. + * \retval "Does not return" The call is invalid, one or more of the + * following are true: + * \arg msg_handle is invalid. + * \arg An invalid status code is specified for the + * type of message. + */ +void psa_reply(psa_handle_t msg_handle, psa_status_t status); + +/** + * \brief Send a PSA_DOORBELL signal to a specific Secure Partition. + * + * \param[in] partition_id Secure Partition ID of the target partition. + * + * \retval void Success. + * \retval "Does not return" partition_id does not correspond to a Secure + * Partition. + */ +void psa_notify(int32_t partition_id); + +/** + * \brief Clear the PSA_DOORBELL signal. + * + * \retval void Success. + * \retval "Does not return" The Secure Partition's doorbell signal is not + * currently asserted. + */ +void psa_clear(void); + +/** + * \brief Inform the SPM that an interrupt has been handled (end of interrupt). + * + * \param[in] irq_signal The interrupt signal that has been processed. + * + * \retval void Success. + * \retval "Does not return" The call is invalid, one or more of the + * following are true: + * \arg irq_signal is not an interrupt signal. + * \arg irq_signal indicates more than one signal. + * \arg irq_signal is not currently asserted. + */ +void psa_eoi(psa_signal_t irq_signal); + +#define psa_panic(X) abort(); + +#ifdef __cplusplus +} +#endif + +#endif /* __PSA_SERVICE_H__ */ diff --git a/tests/psa-client-server/psasim/include/psa/util.h b/tests/psa-client-server/psasim/include/psa/util.h new file mode 100644 index 0000000000..c3669a125d --- /dev/null +++ b/tests/psa-client-server/psasim/include/psa/util.h @@ -0,0 +1,33 @@ +/* Common definitions used for clients and services */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "psa/service.h" + +#define PRINT(fmt, ...) \ + fprintf(stdout, fmt "\n", ##__VA_ARGS__) + +#if defined(DEBUG) +#define INFO(fmt, ...) \ + fprintf(stdout, "Info (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__) + +#define ERROR(fmt, ...) \ + fprintf(stdout, "Error (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__) + +#define FATAL(fmt, ...) \ + { \ + fprintf(stdout, "Fatal (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__); \ + abort(); \ + } +#else /* DEBUG */ +#define INFO(...) +#define ERROR(...) +#define FATAL(...) +#endif /* DEBUG*/ + +#define PROJECT_ID 'M' +#define PATHNAMESIZE 256 +#define TMP_FILE_BASE_PATH "./" diff --git a/tests/psa-client-server/psasim/include/psasim/init.h b/tests/psa-client-server/psasim/include/psasim/init.h new file mode 100644 index 0000000000..9496fc2a1c --- /dev/null +++ b/tests/psa-client-server/psasim/include/psasim/init.h @@ -0,0 +1,15 @@ +/* Declarations of internal functions. */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include +#include +void raise_signal(psa_signal_t signal); +void __init_psasim(const char **array, + int size, + const int allow_ns_clients_array[32], + const uint32_t versions[32], + const int strict_policy_array[32]); diff --git a/tests/psa-client-server/psasim/src/Makefile b/tests/psa-client-server/psasim/src/Makefile new file mode 100644 index 0000000000..fc6ba25aab --- /dev/null +++ b/tests/psa-client-server/psasim/src/Makefile @@ -0,0 +1,17 @@ +INCLUDE = -I../include/ +PSA_LIB = libpsaff.a + +PSA_LIB_OBJS = client.o service.o + +.PHONY: all lib + +all: $(PSA_LIB) + +%.o: %.c + $(CC) $(INCLUDE) $(CFLAGS) -c $< -o $@ + +$(PSA_LIB): $(PSA_LIB_OBJS) + $(AR) rcs $(PSA_LIB) client.o service.o + +clean: + rm -f $(PSA_LIB) $(PSA_LIB_OBJS) diff --git a/tests/psa-client-server/psasim/src/client.c b/tests/psa-client-server/psasim/src/client.c new file mode 100644 index 0000000000..5a3986e32c --- /dev/null +++ b/tests/psa-client-server/psasim/src/client.c @@ -0,0 +1,392 @@ +/* PSA firmware framework client API */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "psa/client.h" +#include "psa/common.h" +#include "psa/error.h" +#include "psa/util.h" + +typedef struct internal_handle { + int server_qid; + int client_qid; + int internal_server_qid; + int valid; +} internal_handle_t; + +typedef struct vectors { + const psa_invec *in_vec; + size_t in_len; + psa_outvec *out_vec; + size_t out_len; +} vectors_t; + +/* Note that this implementation is functional and not secure */ +int __psa_ff_client_security_state = NON_SECURE; + +/* Access to this global is not thread safe */ +#define MAX_HANDLES 32 +static internal_handle_t handles[MAX_HANDLES] = { { 0 } }; + +static int get_next_free_handle() +{ + /* Never return handle 0 as it's a special null handle */ + for (int i = 1; i < MAX_HANDLES; i++) { + if (handles[i].valid == 0) { + return i; + } + } + return -1; +} + +static int handle_is_valid(psa_handle_t handle) +{ + if (handle > 0 && handle < MAX_HANDLES) { + if (handles[handle].valid == 1) { + return 1; + } + } + ERROR("ERROR: Invalid handle"); + return 0; +} + +static int get_queue_info(char *path, int *cqid, int *sqid) +{ + + key_t server_queue_key; + int rx_qid, server_qid; + + INFO("Attempting to contact a RoT service queue"); + + if ((rx_qid = msgget(IPC_PRIVATE, 0660)) == -1) { + ERROR("msgget: rx_qid"); + return -1; + } + + if ((server_queue_key = ftok(path, PROJECT_ID)) == -1) { + ERROR("ftok"); + return -2; + } + + if ((server_qid = msgget(server_queue_key, 0)) == -1) { + ERROR("msgget: server_qid"); + return -3; + } + + *cqid = rx_qid; + *sqid = server_qid; + + return 0; +} + +static psa_status_t process_response(int rx_qid, vectors_t *vecs, int type, + int *internal_server_qid) +{ + + struct message response, request; + psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; + size_t invec_seek[4] = { 0 }; + size_t data_size; + psa_status_t invec, outvec; /* TODO: Should these be size_t ? */ + + assert(internal_server_qid > 0); + + while (1) { + data_size = 0; + invec = 0; + outvec = 0; + + // read response from server + if (msgrcv(rx_qid, &response, sizeof(struct message_text), 0, 0) == -1) { + ERROR(" msgrcv failed"); + return ret; + } + + // process return message from server + switch (response.message_type) { + case PSA_REPLY: + memcpy(&ret, response.message_text.buf, sizeof(psa_status_t)); + INFO(" Message received from server: %d", ret); + if (type == PSA_IPC_CONNECT && ret > 0) { + *internal_server_qid = ret; + INFO(" ASSSIGNED q ID %d", *internal_server_qid); + ret = PSA_SUCCESS; + } + return ret; + break; + case READ_REQUEST: + /* read data request */ + request.message_type = READ_RESPONSE; + + assert(vecs != 0); + + memcpy(&invec, response.message_text.buf, sizeof(psa_status_t)); + memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t)); + INFO(" Partition asked for %lu bytes from invec %d", data_size, invec); + + /* need to add more checks here */ + assert(invec >= 0 && invec < PSA_MAX_IOVEC); + + if (data_size > MAX_FRAGMENT_SIZE) { + data_size = MAX_FRAGMENT_SIZE; + } + + /* send response */ + INFO(" invec_seek[invec] is %lu", invec_seek[invec]); + INFO(" Reading from offset %p", vecs->in_vec[invec].base + invec_seek[invec]); + memcpy(request.message_text.buf, + (vecs->in_vec[invec].base + invec_seek[invec]), + data_size); + + /* update invec base TODO: check me */ + invec_seek[invec] = invec_seek[invec] + data_size; + + INFO(" Sending message of type %li", request.message_type); + INFO(" with content %s", request.message_text.buf); + + if (msgsnd(*internal_server_qid, &request, + sizeof(int) + sizeof(uint32_t) + data_size, 0) == -1) { + ERROR("Internal error: failed to respond to read request"); + } + break; + case WRITE_REQUEST: + assert(vecs != 0); + + request.message_type = WRITE_RESPONSE; + + memcpy(&outvec, response.message_text.buf, sizeof(psa_status_t)); + memcpy(&data_size, response.message_text.buf + sizeof(size_t), sizeof(size_t)); + INFO(" Partition wants to write %lu bytes to outvec %d", data_size, outvec); + + assert(outvec >= 0 && outvec < PSA_MAX_IOVEC); + + /* copy memory into message and send back amount written */ + size_t sofar = vecs->out_vec[outvec].len; + memcpy(vecs->out_vec[outvec].base + sofar, + response.message_text.buf+(sizeof(size_t)*2), data_size); + INFO(" Data size is %lu", data_size); + vecs->out_vec[outvec].len += data_size; + + INFO(" Sending message of type %li", request.message_type); + + /* send response */ + if (msgsnd(*internal_server_qid, &request, sizeof(int) + data_size, 0) == -1) { + ERROR("Internal error: failed to respond to write request"); + } + break; + case SKIP_REQUEST: + memcpy(&invec, response.message_text.buf, sizeof(psa_status_t)); + memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t)); + INFO(" Partition asked to skip %lu bytes in invec %d", data_size, invec); + assert(invec >= 0 && invec < PSA_MAX_IOVEC); + /* update invec base TODO: check me */ + invec_seek[invec] = invec_seek[invec] + data_size; + break; + + default: + FATAL(" ERROR: unknown internal message type: %ld", + response.message_type); + return ret; + } + } +} + +static psa_status_t send(int rx_qid, int server_qid, int *internal_server_qid, + int32_t type, uint32_t minor_version, vectors_t *vecs) +{ + { + psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; + size_t request_msg_size = (sizeof(int) + sizeof(long)); /* msg type plus queue id */ + struct message request; + request.message_type = 1; /* TODO: change this */ + request.message_text.psa_type = type; + vector_sizes_t vec_sizes; + + /* If the client is non-secure then set the NS bit */ + if (__psa_ff_client_security_state != 0) { + request.message_type |= NON_SECURE; + } + + assert(request.message_type >= 0); + + INFO("SEND: Sending message of type %ld with psa_type %d", request.message_type, type); + INFO(" internal_server_qid = %i", *internal_server_qid); + + request.message_text.qid = rx_qid; + + if (type == PSA_IPC_CONNECT) { + memcpy(request.message_text.buf, &minor_version, sizeof(minor_version)); + request_msg_size = request_msg_size + sizeof(minor_version); + INFO(" Request msg size is %lu", request_msg_size); + } else { + assert(internal_server_qid > 0); + } + + if (vecs != NULL && type >= PSA_IPC_CALL) { + + memset(&vec_sizes, 0, sizeof(vec_sizes)); + + /* Copy invec sizes */ + for (size_t i = 0; i < (vecs->in_len); i++) { + vec_sizes.invec_sizes[i] = vecs->in_vec[i].len; + INFO(" Client sending vector %lu: %lu", i, vec_sizes.invec_sizes[i]); + } + + /* Copy outvec sizes */ + for (size_t i = 0; i < (vecs->out_len); i++) { + vec_sizes.outvec_sizes[i] = vecs->out_vec[i].len; + + /* Reset to 0 since we need to eventually fill in with bytes written */ + vecs->out_vec[i].len = 0; + } + + memcpy(request.message_text.buf, &vec_sizes, sizeof(vec_sizes)); + request_msg_size = request_msg_size + sizeof(vec_sizes); + } + + INFO(" Sending and then waiting"); + + // send message to server + if (msgsnd(server_qid, &request, request_msg_size, 0) == -1) { + ERROR(" msgsnd failed"); + return ret; + } + + return process_response(rx_qid, vecs, type, internal_server_qid); + } +} + + +uint32_t psa_framework_version(void) +{ + return PSA_FRAMEWORK_VERSION; +} + +psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version) +{ + + int idx; + psa_status_t ret; + char pathname[PATHNAMESIZE] = { 0 }; + + idx = get_next_free_handle(); + + /* if there's a free handle available */ + if (idx >= 0) { + snprintf(pathname, PATHNAMESIZE - 1, TMP_FILE_BASE_PATH "psa_service_%u", sid); + INFO("Attempting to contact RoT service at %s", pathname); + + /* if communication is possible */ + if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) { + + ret = send(handles[idx].client_qid, + handles[idx].server_qid, + &handles[idx].internal_server_qid, + PSA_IPC_CONNECT, + minor_version, + NULL); + + /* if connection accepted by RoT service */ + if (ret >= 0) { + handles[idx].valid = 1; + return idx; + } else { + INFO("Server didn't like you"); + } + } else { + INFO("Couldn't contact RoT service. Does it exist?"); + + if (__psa_ff_client_security_state == 0) { + ERROR("Invalid SID"); + } + } + } + + INFO("Couldn't obtain a free handle"); + return PSA_ERROR_CONNECTION_REFUSED; +} + +uint32_t psa_version(uint32_t sid) +{ + int idx; + psa_status_t ret; + char pathname[PATHNAMESIZE] = { 0 }; + + idx = get_next_free_handle(); + + if (idx >= 0) { + snprintf(pathname, PATHNAMESIZE, TMP_FILE_BASE_PATH "psa_service_%u", sid); + if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) { + ret = send(handles[idx].client_qid, + handles[idx].server_qid, + &handles[idx].internal_server_qid, + VERSION_REQUEST, + 0, + NULL); + INFO("psa_version: Recieved from server %d", ret); + if (ret > 0) { + return ret; + } + } + } + INFO("psa_version failed: does the service exist?"); + return PSA_VERSION_NONE; +} + +psa_status_t psa_call(psa_handle_t handle, + int32_t type, + const psa_invec *in_vec, + size_t in_len, + psa_outvec *out_vec, + size_t out_len) +{ + + handle_is_valid(handle); + + if ((in_len + out_len) > PSA_MAX_IOVEC) { + ERROR("Too many iovecs: %lu + %lu", in_len, out_len); + } + + vectors_t vecs = { 0 }; + vecs.in_vec = in_vec; + vecs.in_len = in_len; + vecs.out_vec = out_vec; + vecs.out_len = out_len; + + return send(handles[handle].client_qid, + handles[handle].server_qid, + &handles[handle].internal_server_qid, + type, + 0, + &vecs); +} + +void psa_close(psa_handle_t handle) +{ + handle_is_valid(handle); + if (send(handles[handle].client_qid, handles[handle].server_qid, + &handles[handle].internal_server_qid, PSA_IPC_DISCONNECT, 0, NULL)) { + ERROR("ERROR: Couldn't send disconnect msg"); + } else { + if (msgctl(handles[handle].client_qid, IPC_RMID, NULL) != 0) { + ERROR("ERROR: Failed to delete msg queue"); + } + } + INFO("Closing handle %u", handle); + handles[handle].valid = 0; +} diff --git a/tests/psa-client-server/psasim/src/common.c b/tests/psa-client-server/psasim/src/common.c new file mode 100644 index 0000000000..287bb504ae --- /dev/null +++ b/tests/psa-client-server/psasim/src/common.c @@ -0,0 +1,8 @@ +/* Common code between clients and services */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "psa/common.h" diff --git a/tests/psa-client-server/psasim/src/service.c b/tests/psa-client-server/psasim/src/service.c new file mode 100644 index 0000000000..b2b6a08f54 --- /dev/null +++ b/tests/psa-client-server/psasim/src/service.c @@ -0,0 +1,668 @@ +/* PSA Firmware Framework service API */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "psa/service.h" +#include "psasim/init.h" +#include "psa/error.h" +#include "psa/common.h" +#include "psa/util.h" + +#define MAX_CLIENTS 128 +#define MAX_MESSAGES 32 + +#define SLEEP_MS 50 + +struct connection { + uint32_t client; + void *rhandle; + int client_to_server_q; +}; + +/* Note that this implementation is functional and not secure. */ +extern int __psa_ff_client_security_state; + +static psa_msg_t messages[MAX_MESSAGES]; /* Message slots */ +static uint8_t pending_message[MAX_MESSAGES] = { 0 }; /* Booleans indicating active message slots */ +static uint32_t message_client[MAX_MESSAGES] = { 0 }; /* Each client's response queue */ +static int nsacl[32]; +static int strict_policy[32] = { 0 }; +static uint32_t rot_svc_versions[32]; +static int rot_svc_incoming_queue[32] = { -1 }; +static struct connection connections[MAX_CLIENTS] = { { 0 } }; + +static uint32_t exposed_signals = 0; + +void print_vectors(vector_sizes_t *sizes) +{ + INFO("Printing iovec sizes"); + for (int j = 0; j < PSA_MAX_IOVEC; j++) { + INFO("Invec %d: %lu", j, sizes->invec_sizes[j]); + } + + for (int j = 0; j < PSA_MAX_IOVEC; j++) { + INFO("Outvec %d: %lu", j, sizes->outvec_sizes[j]); + } +} + +int find_connection(uint32_t client) +{ + for (int i = 1; i < MAX_CLIENTS; i++) { + if (client == connections[i].client) { + return i; + } + } + return -1; +} + +void destroy_connection(uint32_t client) +{ + int idx = find_connection(client); + if (idx >= 0) { + connections[idx].client = 0; + connections[idx].rhandle = 0; + INFO("Destroying connection"); + } else { + ERROR("Couldn't destroy connection for %u", client); + } +} + +int find_free_connection() +{ + INFO("Allocating connection"); + return find_connection(0); +} + +static void reply(psa_handle_t msg_handle, psa_status_t status) +{ + pending_message[msg_handle] = 1; + psa_reply(msg_handle, status); + pending_message[msg_handle] = 0; +} + +psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout) +{ + psa_signal_t mask; + struct message msg; + vector_sizes_t sizes; + struct msqid_ds qinfo; + uint32_t requested_version; + ssize_t len; + int idx; +#if !defined(PSASIM_USE_USLEEP) + const struct timespec ts_delay = { .tv_sec = 0, .tv_nsec = SLEEP_MS * 1000000 }; +#endif + + if (timeout == PSA_POLL) { + INFO("psa_wait: Called in polling mode"); + } + + do { + mask = signal_mask; + + /* Check the status of each queue */ + for (int i = 0; i < 32; i++) { + if (mask & 0x1) { + if (i < 3) { + // do nothing (reserved) + } else if (i == 3) { + // this must be psa doorbell + } else { + /* Check if this signal corresponds to a queue */ + if (rot_svc_incoming_queue[i] >= 0 && (pending_message[i] == 0)) { + + /* AFAIK there is no "peek" method in SysV, so try to get a message */ + len = msgrcv(rot_svc_incoming_queue[i], + &msg, + sizeof(struct message_text), + 0, + IPC_NOWAIT); + if (len > 0) { + + INFO("Storing that QID in message_client[%d]", i); + INFO("The message handle will be %d", i); + + msgctl(rot_svc_incoming_queue[i], IPC_STAT, &qinfo); + messages[i].client_id = qinfo.msg_lspid; /* PID of last msgsnd(2) call */ + message_client[i] = msg.message_text.qid; + idx = find_connection(msg.message_text.qid); + + if (msg.message_type & NON_SECURE) { + /* This is a non-secure message */ + + /* Check if NS client is allowed for this RoT service */ + if (nsacl[i] <= 0) { +#if 0 + INFO( + "Rejecting non-secure client due to manifest security policy"); + reply(i, PSA_ERROR_CONNECTION_REFUSED); + continue; /* Skip to next signal */ +#endif + } + + msg.message_type &= ~(NON_SECURE); /* clear */ + messages[i].client_id = messages[i].client_id * -1; + } + + INFO("Got a message from client ID %d", messages[i].client_id); + INFO("Message type is %lu", msg.message_type); + INFO("PSA message type is %d", msg.message_text.psa_type); + + messages[i].handle = i; + + switch (msg.message_text.psa_type) { + case PSA_IPC_CONNECT: + + if (len >= 16) { + memcpy(&requested_version, msg.message_text.buf, + sizeof(requested_version)); + INFO("Requesting version %u", requested_version); + INFO("Implemented version %u", rot_svc_versions[i]); + /* TODO: need to check whether the policy is strict, + * and if so, then reject the client if the number doesn't match */ + + if (requested_version > rot_svc_versions[i]) { + INFO( + "Rejecting client because requested version that was too high"); + reply(i, PSA_ERROR_CONNECTION_REFUSED); + continue; /* Skip to next signal */ + } + + if (strict_policy[i] == 1 && + (requested_version != rot_svc_versions[i])) { + INFO( + "Rejecting client because enforcing a STRICT version policy"); + reply(i, PSA_ERROR_CONNECTION_REFUSED); + continue; /* Skip to next signal */ + } else { + INFO("Not rejecting client"); + } + } + + messages[i].type = PSA_IPC_CONNECT; + + if (idx < 0) { + idx = find_free_connection(); + } + + if (idx >= 0) { + connections[idx].client = msg.message_text.qid; + } else { + /* We've run out of system wide connections */ + reply(i, PSA_ERROR_CONNECTION_BUSY); + ERROR("Ran out of free connections"); + continue; + } + + break; + case PSA_IPC_DISCONNECT: + messages[i].type = PSA_IPC_DISCONNECT; + break; + case VERSION_REQUEST: + INFO("Got a version request"); + reply(i, rot_svc_versions[i]); + continue; /* Skip to next signal */ + break; + + default: + + /* PSA CALL */ + if (msg.message_text.psa_type >= 0) { + messages[i].type = msg.message_text.psa_type; + memcpy(&sizes, msg.message_text.buf, sizeof(sizes)); + print_vectors(&sizes); + memcpy(&messages[i].in_size, &sizes.invec_sizes, + (sizeof(size_t) * PSA_MAX_IOVEC)); + memcpy(&messages[i].out_size, &sizes.outvec_sizes, + (sizeof(size_t) * PSA_MAX_IOVEC)); + } else { + FATAL("UNKNOWN MESSAGE TYPE RECEIVED %li", + msg.message_type); + } + break; + } + messages[i].handle = i; + + /* Check if the client has a connection */ + if (idx >= 0) { + messages[i].rhandle = connections[idx].rhandle; + } else { + /* Client is begging for a programmer error */ + reply(i, PSA_ERROR_PROGRAMMER_ERROR); + continue; + } + + /* House keeping */ + pending_message[i] = 1; /* set message as pending */ + exposed_signals |= (0x1 << i); /* assert the signal */ + } + } + } + mask = mask >> 1; + } + } + + if ((timeout == PSA_BLOCK) && (exposed_signals > 0)) { + break; + } else { + /* There is no 'select' function in SysV to block on multiple queues, so busy-wait :( */ +#if defined(PSASIM_USE_USLEEP) + usleep(SLEEP_MS * 1000); +#else /* PSASIM_USE_USLEEP */ + nanosleep(&ts_delay, NULL); +#endif /* PSASIM_USE_USLEEP */ + } + } while (timeout == PSA_BLOCK); + + /* Assert signals */ + return signal_mask & exposed_signals; +} + +static int signal_to_index(psa_signal_t signal) +{ + int i; + int count = 0; + int ret = -1; + + for (i = 0; i < 32; i++) { + if (signal & 0x1) { + ret = i; + count++; + } + signal = signal >> 1; + } + + if (count > 1) { + ERROR("ERROR: Too many signals"); + return -1; /* Too many signals */ + } + return ret; +} + +static void clear_signal(psa_signal_t signal) +{ + exposed_signals = exposed_signals & ~signal; +} + +void raise_signal(psa_signal_t signal) +{ + exposed_signals |= signal; +} + +psa_status_t psa_get(psa_signal_t signal, psa_msg_t *msg) +{ + int index = signal_to_index(signal); + if (index < 0) { + ERROR("Bad signal"); + } + + clear_signal(signal); + + assert(messages[index].handle != 0); + + if (pending_message[index] == 1) { + INFO("There is a pending message!"); + memcpy(msg, &messages[index], sizeof(struct psa_msg_t)); + assert(msg->handle != 0); + return PSA_SUCCESS; + } else { + INFO("no pending message"); + } + + return PSA_ERROR_DOES_NOT_EXIST; +} + +static inline int is_valid_msg_handle(psa_handle_t h) +{ + if (h > 0 && h < MAX_MESSAGES) { + return 1; + } + ERROR("Not a valid message handle"); + return 0; +} + +static inline int is_call_msg(psa_handle_t h) +{ + assert(messages[h].type >= PSA_IPC_CALL); + return 1; +} + +void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle) +{ + is_valid_msg_handle(msg_handle); + int idx = find_connection(message_client[msg_handle]); + INFO("Setting rhandle to %p", rhandle); + assert(idx >= 0); + connections[idx].rhandle = rhandle; +} + +/* Sends a message from the server to the client. Does not wait for a response */ +static void send_msg(psa_handle_t msg_handle, + int ctrl_msg, + psa_status_t status, + size_t amount, + const void *data, + size_t data_amount) +{ + struct message response; + int flags = 0; + + assert(ctrl_msg > 0); /* According to System V, it must be greater than 0 */ + + response.message_type = ctrl_msg; + if (ctrl_msg == PSA_REPLY) { + memcpy(response.message_text.buf, &status, sizeof(psa_status_t)); + } else if (ctrl_msg == READ_REQUEST || ctrl_msg == WRITE_REQUEST || ctrl_msg == SKIP_REQUEST) { + memcpy(response.message_text.buf, &status, sizeof(psa_status_t)); + memcpy(response.message_text.buf+sizeof(size_t), &amount, sizeof(size_t)); + if (ctrl_msg == WRITE_REQUEST) { + /* TODO: Check if too big */ + memcpy(response.message_text.buf + (sizeof(size_t) * 2), data, data_amount); + } + } + + /* TODO: sizeof doesn't need to be so big here for small responses */ + if (msgsnd(message_client[msg_handle], &response, sizeof(response.message_text), flags) == -1) { + ERROR("Failed to reply"); + } +} + +static size_t skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes) +{ + if (num_bytes < (messages[msg_handle].in_size[invec_idx] - num_bytes)) { + messages[msg_handle].in_size[invec_idx] = messages[msg_handle].in_size[invec_idx] - + num_bytes; + return num_bytes; + } else { + if (num_bytes >= messages[msg_handle].in_size[invec_idx]) { + size_t ret = messages[msg_handle].in_size[invec_idx]; + messages[msg_handle].in_size[invec_idx] = 0; + return ret; + } else { + return num_bytes; + } + } +} + +size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx, + void *buffer, size_t num_bytes) +{ + size_t sofar = 0; + struct message msg = { 0 }; + int idx; + ssize_t len; + + is_valid_msg_handle(msg_handle); + is_call_msg(msg_handle); + + if (invec_idx >= PSA_MAX_IOVEC) { + ERROR("Invalid iovec number"); + } + + /* If user wants more data than what's available, truncate their request */ + if (num_bytes > messages[msg_handle].in_size[invec_idx]) { + num_bytes = messages[msg_handle].in_size[invec_idx]; + } + + while (sofar < num_bytes) { + INFO("Server: requesting %lu bytes from client", (num_bytes - sofar)); + send_msg(msg_handle, READ_REQUEST, invec_idx, (num_bytes - sofar), NULL, 0); + + idx = find_connection(message_client[msg_handle]); + assert(idx >= 0); + + len = msgrcv(connections[idx].client_to_server_q, &msg, sizeof(struct message_text), 0, 0); + len = (len - sizeof(msg.message_text.qid)); + + if (len < 0) { + FATAL("Internal error: failed to dispatch read request to the client"); + } + + if (len > (num_bytes - sofar)) { + if ((num_bytes - sofar) > 0) { + memcpy(buffer+sofar, msg.message_text.buf, (num_bytes - sofar)); + } + } else { + memcpy(buffer + sofar, msg.message_text.buf, len); + } + + INFO("Printing what i got so far: %s", msg.message_text.buf); + + sofar = sofar + len; + } + + /* Update the seek count */ + skip(msg_handle, invec_idx, num_bytes); + INFO("Finished psa_read"); + return sofar; +} + +void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, + const void *buffer, size_t num_bytes) +{ + + size_t sofar = 0; + struct message msg = { 0 }; + int idx; + ssize_t len; + + is_valid_msg_handle(msg_handle); + is_call_msg(msg_handle); + + if (outvec_idx >= PSA_MAX_IOVEC) { + ERROR("Invalid iovec number"); + } + + if (num_bytes > messages[msg_handle].out_size[outvec_idx]) { + ERROR("Program tried to write too much data %lu/%lu", num_bytes, + messages[msg_handle].out_size[outvec_idx]); + } + + while (sofar < num_bytes) { + size_t sending = (num_bytes - sofar); + if (sending >= MAX_FRAGMENT_SIZE) { + sending = MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2); + } + + INFO("Server: sending %lu bytes to client", sending); + + send_msg(msg_handle, WRITE_REQUEST, outvec_idx, sending, buffer, sending); + + idx = find_connection(message_client[msg_handle]); + assert(idx >= 0); + + len = msgrcv(connections[idx].client_to_server_q, &msg, sizeof(struct message_text), 0, 0); + if (len < 1) { + FATAL("Client didn't give me a full response"); + } + sofar = sofar + len; + } + + /* Update the seek count */ + messages[msg_handle].out_size[outvec_idx] -= num_bytes; +} + +size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes) +{ + + is_valid_msg_handle(msg_handle); + is_call_msg(msg_handle); + + size_t ret = skip(msg_handle, invec_idx, num_bytes); + + /* notify client to skip */ + send_msg(msg_handle, SKIP_REQUEST, invec_idx, num_bytes, NULL, 0); + return ret; +} + +static void destroy_temporary_queue(int myqid) +{ + + if (msgctl(myqid, IPC_RMID, NULL) != 0) { + INFO("ERROR: Failed to delete msg queue %d", myqid); + } +} + +static int make_temporary_queue() +{ + int myqid; + if ((myqid = msgget(IPC_PRIVATE, 0660)) == -1) { + INFO("msgget: myqid"); + return -1; + } + return myqid; +} + +/** + * Assumes msg_handle is the index into the message array + */ +void psa_reply(psa_handle_t msg_handle, psa_status_t status) +{ + int idx, q; + is_valid_msg_handle(msg_handle); + + if (pending_message[msg_handle] != 1) { + ERROR("Not a valid message handle"); + } + + if (messages[msg_handle].type == PSA_IPC_CONNECT) { + switch (status) { + case PSA_SUCCESS: + idx = find_connection(message_client[msg_handle]); + q = make_temporary_queue(); + if (q > 0 && idx >= 0) { + connections[idx].client_to_server_q = q; + status = q; + } else { + FATAL("What happened?"); + } + break; + case PSA_ERROR_CONNECTION_REFUSED: + destroy_connection(message_client[msg_handle]); + break; + case PSA_ERROR_CONNECTION_BUSY: + destroy_connection(message_client[msg_handle]); + break; + case PSA_ERROR_PROGRAMMER_ERROR: + destroy_connection(message_client[msg_handle]); + break; + default: + ERROR("Not a valid reply %d", status); + } + } else if (messages[msg_handle].type == PSA_IPC_DISCONNECT) { + idx = find_connection(message_client[msg_handle]); + if (idx >= 0) { + destroy_temporary_queue(connections[idx].client_to_server_q); + } + destroy_connection(message_client[msg_handle]); + } + + send_msg(msg_handle, PSA_REPLY, status, 0, NULL, 0); + + pending_message[msg_handle] = 0; + message_client[msg_handle] = 0; +} + +/* TODO: make sure you only clear interrupt signals, and not others */ +void psa_eoi(psa_signal_t signal) +{ + int index = signal_to_index(signal); + if (index >= 0 && (rot_svc_incoming_queue[index] >= 0)) { + clear_signal(signal); + } else { + ERROR("Tried to EOI a signal that isn't an interrupt"); + } +} + +void psa_notify(int32_t partition_id) +{ + char pathname[PATHNAMESIZE] = { 0 }; + + if (partition_id < 0) { + ERROR("Not a valid secure partition"); + } + + snprintf(pathname, PATHNAMESIZE, "/tmp/psa_notify_%u", partition_id); + INFO("psa_notify: notifying partition %u using %s", + partition_id, pathname); + INFO("psa_notify is unimplemented"); +} + +void psa_clear(void) +{ + clear_signal(PSA_DOORBELL); +} + +void __init_psasim(const char **array, + int size, + const int allow_ns_clients_array[32], + const uint32_t versions[32], + const int strict_policy_array[32]) +{ + + static uint8_t library_initialised = 0; + key_t key; + int qid; + FILE *fp; + char doorbell_path[PATHNAMESIZE] = { 0 }; + char queue_path[PATHNAMESIZE]; + snprintf(doorbell_path, PATHNAMESIZE, TMP_FILE_BASE_PATH "psa_notify_%u", getpid()); + + if (library_initialised > 0) { + return; + } else { + library_initialised = 1; + } + + if (size != 32) { + FATAL("Unsupported value. Aborting."); + } + + array[3] = doorbell_path; + + for (int i = 0; i < 32; i++) { + if (strncmp(array[i], "", 1) != 0) { + INFO("Setting up %s", array[i]); + memset(queue_path, 0, sizeof(queue_path)); + sprintf(queue_path, "%s%s", TMP_FILE_BASE_PATH, array[i]); + + /* Create file if doesn't exist */ + fp = fopen(queue_path, "ab+"); + if (fp) { + fclose(fp); + } + + if ((key = ftok(queue_path, PROJECT_ID)) == -1) { + FATAL("Error finding message queue during initialisation"); + } + + /* TODO: Investigate. Permissions are likely to be too relaxed */ + if ((qid = msgget(key, IPC_CREAT | 0660)) == -1) { + FATAL("Error opening message queue during initialisation"); + } else { + rot_svc_incoming_queue[i] = qid; + } + } + } + + memcpy(nsacl, allow_ns_clients_array, sizeof(int) * 32); + memcpy(strict_policy, strict_policy_array, sizeof(int) * 32); + memcpy(rot_svc_versions, versions, sizeof(uint32_t) * 32); + memset(&connections, 0, sizeof(struct connection) * MAX_CLIENTS); + + __psa_ff_client_security_state = 0; /* Set the client status to SECURE */ +} diff --git a/tests/psa-client-server/psasim/test/Makefile b/tests/psa-client-server/psasim/test/Makefile new file mode 100644 index 0000000000..34b86b616c --- /dev/null +++ b/tests/psa-client-server/psasim/test/Makefile @@ -0,0 +1,29 @@ +INCLUDE := -I../include/ -I./psa_manifest +LIB := -L../src -lpsaff + +TEST_BIN = psa_client \ + psa_partition + +GENERATED_H_FILES = psa_manifest/manifest.h \ + psa_manifest/pid.h \ + psa_manifest/sid.h + +PARTITION_SERVER_BOOTSTRAP = psa_ff_bootstrap_TEST_PARTITION.c + +.PHONY: all clean + +all: $(TEST_BIN) + +psa_client: client.c $(GENERATED_H_FILES) + $(CC) $(INCLUDE) $(CFLAGS) $< $(LIB) -o $@ + +psa_partition: $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES) + $(CC) $(INCLUDE) $(CFLAGS) $< $(LIB) -o $@ + +$(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): manifest.json server.c + ../tools/psa_autogen.py $< + +clean: + rm -f $(TEST_BIN) psa_ff_bootstrap_*.c + rm -f psa_notify_* psa_service_* + rm -f psa_manifest/* diff --git a/tests/psa-client-server/psasim/test/client.c b/tests/psa-client-server/psasim/test/client.c new file mode 100644 index 0000000000..5bde82fa22 --- /dev/null +++ b/tests/psa-client-server/psasim/test/client.c @@ -0,0 +1,48 @@ +/* psasim test client */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include +#include +#include "psa_manifest/sid.h" +#include +#include + +#define CLIENT_PRINT(fmt, ...) \ + PRINT("Client: " fmt, ##__VA_ARGS__) + +int main() +{ + const char *text = "FOOBARCOOL!!"; + char output[100] = { 0 }; + CLIENT_PRINT("My PID: %d", getpid()); + + CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_SHA256_SID)); + psa_handle_t h = psa_connect(PSA_SID_SHA256_SID, 1); + + if (h < 0) { + CLIENT_PRINT("Couldn't connect %d", h); + return 1; + } else { + int type = 2; + CLIENT_PRINT("psa_call() w/o invec returned: %d", psa_call(h, type, NULL, 0, NULL, 0)); + psa_invec invecs[1]; + psa_outvec outvecs[1]; + invecs[0].base = text; + invecs[0].len = sizeof(text); + outvecs[0].base = output; + outvecs[0].len = sizeof(output); + + CLIENT_PRINT("invec len: %lu", invecs[0].len); + CLIENT_PRINT("psa_call() w/ invec returned: %d", psa_call(h, type, invecs, 1, outvecs, 1)); + CLIENT_PRINT("Received payload len: %ld", outvecs[0].len); + CLIENT_PRINT("Received payload content: %s", output); + CLIENT_PRINT("Closing handle"); + psa_close(h); + } + + return 0; +} diff --git a/tests/psa-client-server/psasim/test/manifest.json b/tests/psa-client-server/psasim/test/manifest.json new file mode 100644 index 0000000000..0ab83ef907 --- /dev/null +++ b/tests/psa-client-server/psasim/test/manifest.json @@ -0,0 +1,29 @@ +{ + "psa_framework_version":1.0, + "name":"TEST_PARTITION", + "type":"PSA-ROT", + "priority":"LOW", + "entry_point":"psa_sha256_main", + "stack_size":"0x400", + "heap_size":"0x100", + "services":[ + { + "name":"PSA_SID_SHA256", + "sid":"0x0000F000", + "signal":"PSA_SHA256", + "non_secure_clients": "true", + "minor_version":1, + "minor_policy":"STRICT" + } + ], + "irqs": [ + { + "source": "SIGINT", + "signal": "SIGINT_SIG" + }, + { + "source": "SIGTSTP", + "signal": "SIGSTP_SIG" + } + ] +} diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh new file mode 100755 index 0000000000..f0e7a62f1a --- /dev/null +++ b/tests/psa-client-server/psasim/test/run_test.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +# This is a simple bash script that tests psa_client/psa_server interaction. +# This script is automatically executed when "make run" is launched by the +# "psasim" root folder. The script can also be launched manually once +# binary files are built (i.e. after "make test" is executed from the "psasim" +# root folder). +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +set -e + +function clean_run() { + pkill psa_partition || true + pkill psa_client || true + ipcs | grep q | awk '{ printf " -q " $$2 }' | xargs ipcrm > /dev/null 2>&1 || true +} + +# The server creates some local files when it starts up so we can wait for this +# event as signal that the server is ready so that we can start client(s). +function wait_for_server_startup() { + while [ ! -f ./psa_notify_* ]; do + sleep 0.1 + done +} + +clean_run + +./psa_partition -k & +SERV_PID=$! +wait_for_server_startup +./psa_client +wait $SERV_PID diff --git a/tests/psa-client-server/psasim/test/server.c b/tests/psa-client-server/psasim/test/server.c new file mode 100644 index 0000000000..c4b6d9c9a2 --- /dev/null +++ b/tests/psa-client-server/psasim/test/server.c @@ -0,0 +1,119 @@ +/* psasim test server */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include +#include + +#include "psa/service.h" +#include "psa/error.h" +#include "psa/util.h" +#include "psa_manifest/manifest.h" + +#define SERVER_PRINT(fmt, ...) \ + PRINT("Server: " fmt, ##__VA_ARGS__) + +#define BUF_SIZE 25 + +static int kill_on_disconnect = 0; /* Kill the server on client disconnection. */ + +void parse_input_args(int argc, char *argv[]) +{ + int opt; + + while ((opt = getopt(argc, argv, "k")) != -1) { + switch (opt) { + case 'k': + kill_on_disconnect = 1; + break; + default: + fprintf(stderr, "Usage: %s [-k]\n", argv[0]); + exit(EXIT_FAILURE); + } + } +} + +int psa_sha256_main(int argc, char *argv[]) +{ + psa_status_t ret = PSA_ERROR_PROGRAMMER_ERROR; + psa_msg_t msg = { -1 }; + char foo[BUF_SIZE] = { 0 }; + const int magic_num = 66; + int client_disconnected = 0; + + parse_input_args(argc, argv); + SERVER_PRINT("Starting"); + + while (!(kill_on_disconnect && client_disconnected)) { + psa_signal_t signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK); + + if (signals > 0) { + SERVER_PRINT("Signals: 0x%08x", signals); + } + + if (signals & PSA_SHA256_SIGNAL) { + if (PSA_SUCCESS == psa_get(PSA_SHA256_SIGNAL, &msg)) { + SERVER_PRINT("My handle is %d", msg.handle); + SERVER_PRINT("My rhandle is %p", (int *) msg.rhandle); + switch (msg.type) { + case PSA_IPC_CONNECT: + SERVER_PRINT("Got a connection message"); + psa_set_rhandle(msg.handle, (void *) &magic_num); + ret = PSA_SUCCESS; + break; + case PSA_IPC_DISCONNECT: + SERVER_PRINT("Got a disconnection message"); + ret = PSA_SUCCESS; + client_disconnected = 1; + break; + + default: + SERVER_PRINT("Got an IPC call of type %d", msg.type); + ret = 42; + size_t size = msg.in_size[0]; + + if ((size > 0) && (size <= sizeof(foo))) { + psa_read(msg.handle, 0, foo, 6); + foo[(BUF_SIZE-1)] = '\0'; + SERVER_PRINT("Reading payload: %s", foo); + psa_read(msg.handle, 0, foo+6, 6); + foo[(BUF_SIZE-1)] = '\0'; + SERVER_PRINT("Reading payload: %s", foo); + } + + size = msg.out_size[0]; + if ((size > 0)) { + SERVER_PRINT("Writing response"); + psa_write(msg.handle, 0, "RESP", 4); + psa_write(msg.handle, 0, "ONSE", 4); + } + + if (msg.client_id > 0) { + psa_notify(msg.client_id); + } else { + SERVER_PRINT("Client is non-secure, so won't notify"); + } + + } + + psa_reply(msg.handle, ret); + } else { + SERVER_PRINT("Failed to retrieve message"); + } + } else if (SIGSTP_SIG & signals) { + SERVER_PRINT("Recieved SIGSTP signal. Gonna EOI it."); + psa_eoi(SIGSTP_SIG); + } else if (SIGINT_SIG & signals) { + SERVER_PRINT("Handling interrupt!"); + SERVER_PRINT("Gracefully quitting"); + psa_panic(); + } else { + SERVER_PRINT("No signal asserted"); + } + } + + return 0; +} diff --git a/tests/psa-client-server/psasim/tools/psa_autogen.py b/tests/psa-client-server/psasim/tools/psa_autogen.py new file mode 100755 index 0000000000..53b1fea746 --- /dev/null +++ b/tests/psa-client-server/psasim/tools/psa_autogen.py @@ -0,0 +1,165 @@ +#!/usr/bin/env python3 +"""This hacky script generates a partition from a manifest file""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +import json +import os +import sys +from os import listdir + +if len(sys.argv) != 2: + print("Usage: psa_autogen ") + sys.exit(1) + +FILENAME = str(sys.argv[1]) + + +with open(str(FILENAME), "r") as read_file: + data = json.load(read_file) + FILENAME = os.path.basename(FILENAME) + FILENAME = FILENAME.split('.')[0] + print("Base filename is " + str(FILENAME)) + + if str(data['psa_framework_version'] == "1.0"): + entry_point = str(data['entry_point']) + partition_name = str(data['name']) + services = data['services'] + try: + irqs = data['irqs'] + except KeyError: + irqs = [] + + try: + os.mkdir("psa_manifest") + print("Generating psa_manifest directory") + except OSError: + print ("PSA manifest directory already exists") + + man = open(str("psa_manifest/" + FILENAME + ".h"), "w") + pids = open("psa_manifest/pid.h", "a") + sids = open("psa_manifest/sid.h", "a") + + if len(services) > 28: + print ("Unsupported number of services") + + count = 4 # For creating SID array + nsacl = "const int ns_allowed[32] = { " + policy = "const int strict_policy[32] = { " + qcode = "const char *psa_queues[] = { " + versions = "const uint32_t versions[32] = { " + queue_path = "psa_service_" + start = False + + for x in range(0, count): + qcode = qcode + "\"\", " + nsacl = nsacl + "0, " + policy = policy + "0, " + versions = versions + "0, " + + # Go through all the services to make sid.h and pid.h + for svc in services: + man.write("#define {}_SIGNAL 0x{:08x}\n".format(svc['signal'], 2**count)) + sids.write("#define {}_SID {}\n".format(svc['name'], svc['sid'])) + qcode = qcode + "\"" + queue_path + str(int(svc['sid'], 16)) + "\"," + ns_clients = svc['non_secure_clients'] + print(str(svc)) + if ns_clients == "true": + nsacl = nsacl + "1, " + else: + nsacl = nsacl + "0, " + try: + versions = versions + str(svc['minor_version']) + ", " + except KeyError: + versions = versions + "1, " + + strict = 0 + try: + if str(svc['minor_policy']).lower() == "strict": + strict = 1 + policy = policy + "1, " + else: + policy = policy + "0, " + except KeyError: + strict = 0 + policy = policy + "0, " + + count = count+1 + + sigcode = "" + handlercode = "void __sig_handler(int signo) {\n" + irqcount = count + for irq in irqs: + man.write("#define {} 0x{:08x}\n".format(irq['signal'], 2**irqcount)) + sigcode = sigcode + " signal({}, __sig_handler);\n".format(irq['source']) + handlercode = handlercode + \ + " if (signo == {}) {{ raise_signal(0x{:08x}); }};\n".format(irq['source'], 2**irqcount) + irqcount = irqcount+1 + + handlercode = handlercode + "}\n" + + while (count < 32): + qcode = qcode + "\"\", " + nsacl = nsacl + "0, " + versions = versions + "0, " + policy = policy + "0, " + count = count + 1 + + qcode = qcode + "};\n" + nsacl = nsacl + "};\n" + versions = versions + "};\n" + policy = policy + "};\n" + + pids.close() + sids.close() + man.close() + + symbols = [] + # Go through all the files in the current directory and look for the entrypoint + + for root, directories, filenames in os.walk('.'): + for filename in filenames: + + if "psa_ff_bootstrap" in filename or filename == "psa_manifest": + continue + + try: + fullpath = os.path.join(root,filename) + with open(fullpath, encoding='utf-8') as currentFile: + text = currentFile.read() + if str(entry_point + "(") in text: + symbols.append(fullpath) + except IOError: + print("Couldn't open " + filename) + + except UnicodeDecodeError: + pass + + print(str("Number of entrypoints detected: " + str(len(symbols)))) + if len(symbols) < 1: + print("Couldn't find function " + entry_point) + sys.exit(1) + elif len(symbols) > 1: + print("Duplicate entrypoint symbol detected: " + str(symbols)) + sys.exit(2) + else: + bs = open(str("psa_ff_bootstrap_" + str(partition_name) + ".c"), "w") + bs.write("#include \n") + bs.write("#include \"" + symbols[0] + "\"\n") + bs.write("#include \n\n") + bs.write(qcode) + bs.write(nsacl) + bs.write(policy) + bs.write(versions) + bs.write("\n") + bs.write(handlercode) + bs.write("\n") + bs.write("int main(int argc, char *argv[]) {\n") + bs.write(" (void) argc;\n") + bs.write(sigcode) + bs.write(" __init_psasim(psa_queues, 32, ns_allowed, versions, strict_policy);\n") + bs.write(" " + entry_point + "(argc, argv);\n}\n") + bs.close() + + print("Success")