10 files changed, 267 insertions, 109 deletions
diff --git a/core/include/tee/cache.h b/core/include/tee/cache.h
new file mode 100644
index 0000000..d32e365
--- /dev/null
+++ b/core/include/tee/cache.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2015, Linaro Limited
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef TEE_CACHE_H
+#define TEE_CACHE_H
+
+#include <utee_types.h>
+
+TEE_Result cache_operation(enum utee_cache_operation op, void *va, size_t len);
+
+#endif /* TEE_CACHE_H */
diff --git a/core/include/tee/fs_htree.h b/core/include/tee/fs_htree.h
new file mode 100644
index 0000000..3d280db
--- /dev/null
+++ b/core/include/tee/fs_htree.h
@@ -0,0 +1,186 @@
+/*
+ * Copyright (c) 2017, Linaro Limited
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __TEE_FS_HTREE_H
+#define __TEE_FS_HTREE_H
+
+/*
+ * The purpose of this API is to provide file integrity and confidentiality
+ * in order to implement secure storage. On-disk data structures are
+ * duplicated to make updates atomic, an update is finalized to disk with
+ * tee_fs_htree_sync_to_storage().
+ *
+ * This implementation doesn't provide rollback protection, it only
+ * guarantees the integrity and confidentiality of the file.
+ */
+
+#include <tee_api_types.h>
+#include <utee_defines.h>
+
+#define TEE_FS_HTREE_HASH_SIZE		TEE_SHA256_HASH_SIZE
+#define TEE_FS_HTREE_IV_SIZE		16
+#define TEE_FS_HTREE_FEK_SIZE		16
+#define TEE_FS_HTREE_TAG_SIZE		16
+
+/* Internal struct provided to let the rpc callbacks know the size if needed */
+struct tee_fs_htree_node_image {
+	/* Note that calc_node_hash() depends on hash first in struct */
+	uint8_t hash[TEE_FS_HTREE_HASH_SIZE];
+	uint8_t iv[TEE_FS_HTREE_IV_SIZE];
+	uint8_t tag[TEE_FS_HTREE_TAG_SIZE];
+	uint16_t flags;
+};
+
+/*
+ * This struct is not interpreted by the hash tree, it's up to the user of
+ * the interface to update etc if needed.
+ */
+struct tee_fs_htree_meta {
+	uint64_t length;
+};
+
+/* Internal struct needed by struct tee_fs_htree_image */
+struct tee_fs_htree_imeta {
+	struct tee_fs_htree_meta meta;
+	uint32_t max_node_id;
+};
+
+/* Internal struct provided to let the rpc callbacks know the size if needed */
+struct tee_fs_htree_image {
+	uint8_t iv[TEE_FS_HTREE_IV_SIZE];
+	uint8_t tag[TEE_FS_HTREE_TAG_SIZE];
+	uint8_t enc_fek[TEE_FS_HTREE_FEK_SIZE];
+	uint8_t imeta[sizeof(struct tee_fs_htree_imeta)];
+	uint32_t counter;
+};
+
+/**
+ * enum tee_fs_htree_type - type of hash tree element
+ * @TEE_FS_HTREE_TYPE_HEAD: indicates a struct tee_fs_htree_image
+ * @TEE_FS_HTREE_TYPE_NODE: indicates a struct tee_fs_htree_node_image
+ * @TEE_FS_HTREE_TYPE_BLOCK: indicates a data block
+ */
+enum tee_fs_htree_type {
+	TEE_FS_HTREE_TYPE_HEAD,
+	TEE_FS_HTREE_TYPE_NODE,
+	TEE_FS_HTREE_TYPE_BLOCK,
+};
+
+struct tee_fs_rpc_operation;
+
+/**
+ * struct tee_fs_htree_storage - storage description supplied by user of
+ * this interface
+ * @block_size:		size of data blocks
+ * @rpc_read_init:	initialize a struct tee_fs_rpc_operation for an RPC read
+ *			operation
+ * @rpc_write_init:	initialize a struct tee_fs_rpc_operation for an RPC
+ *			write operation
+ *
+ * The @idx arguments starts counting from 0. The @vers arguments are either
+ * 0 or 1. The @data arguments is a pointer to a buffer in non-secure shared
+ * memory where the encrypted data is stored.
+ */
+struct tee_fs_htree_storage {
+	size_t block_size;
+	TEE_Result (*rpc_read_init)(void *aux, struct tee_fs_rpc_operation *op,
+				    enum tee_fs_htree_type type, size_t idx,
+				    uint8_t vers, void **data);
+	TEE_Result (*rpc_read_final)(struct tee_fs_rpc_operation *op,
+				     size_t *bytes);
+	TEE_Result (*rpc_write_init)(void *aux, struct tee_fs_rpc_operation *op,
+				     enum tee_fs_htree_type type, size_t idx,
+				     uint8_t vers, void **data);
+	TEE_Result (*rpc_write_final)(struct tee_fs_rpc_operation *op);
+};
+
+struct tee_fs_htree;
+
+/**
+ * tee_fs_htree_open() - opens/creates a hash tree
+ * @create:	true if a new hash tree is to be created, else the hash tree
+ *		is read in and verified
+ * @stor:	storage description
+ * @stor_aux:	auxilary pointer supplied to callbacks in struct
+ *		tee_fs_htree_storage
+ * @ht:		returned hash tree on success
+ */
+TEE_Result tee_fs_htree_open(bool create,
+			     const struct tee_fs_htree_storage *stor,
+			     void *stor_aux, struct tee_fs_htree **ht);
+/**
+ * tee_fs_htree_close() - close a hash tree
+ * @ht:		hash tree
+ */
+void tee_fs_htree_close(struct tee_fs_htree **ht);
+
+/**
+ * tee_fs_htree_get_meta() - get a pointer to associated struct
+ * tee_fs_htree_meta
+ * @ht:		hash tree
+ */
+struct tee_fs_htree_meta *tee_fs_htree_get_meta(struct tee_fs_htree *ht);
+
+/**
+ * tee_fs_htree_sync_to_storage() - synchronize hash tree to storage
+ * @ht:		hash tree
+ *
+ * Frees the hash tree and sets *ht to NULL on failure and returns an error code
+ */
+TEE_Result tee_fs_htree_sync_to_storage(struct tee_fs_htree **ht);
+
+/**
+ * tee_fs_htree_truncate() - truncate a hash tree
+ * @ht:		hash tree
+ * @block_num:	the number of nodes to truncate to
+ *
+ * Frees the hash tree and sets *ht to NULL on failure and returns an error code
+ */
+TEE_Result tee_fs_htree_truncate(struct tee_fs_htree **ht, size_t block_num);
+
+/**
+ * tee_fs_htree_write_block() - encrypt and write a data block to storage
+ * @ht:		hash tree
+ * @block_num:	block number
+ * @block:	pointer to a block of stor->block_size size
+ *
+ * Frees the hash tree and sets *ht to NULL on failure and returns an error code
+ */
+TEE_Result tee_fs_htree_write_block(struct tee_fs_htree **ht, size_t block_num,
+				    const void *block);
+/**
+ * tee_fs_htree_write_block() - read and decrypt a data block from storage
+ * @ht:		hash tree
+ * @block_num:	block number
+ * @block:	pointer to a block of stor->block_size size
+ *
+ * Frees the hash tree and sets *ht to NULL on failure and returns an error code
+ */
+TEE_Result tee_fs_htree_read_block(struct tee_fs_htree **ht, size_t block_num,
+				   void *block);
+
+#endif /*__TEE_FS_HTREE_H*/
diff --git a/core/include/tee/tee_fs_defs.h b/core/include/tee/svc_cache.h
index 9c11de9..d5d4972 100644
--- a/core/include/tee/tee_fs_defs.h
+++ b/core/include/tee/svc_cache.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, STMicroelectronics International N.V.
+ * Copyright (c) 2015, Linaro Limited
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -24,41 +24,16 @@
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
+#ifndef SVC_CACHE_H
+#define SVC_CACHE_H
 
-#ifndef TEE_FS_DEFS_H
-#define TEE_FS_DEFS_H
-
-/*
- * tee_fs_open
- */
-#define TEE_FS_O_RDONLY 0x1
-#define TEE_FS_O_WRONLY 0x2
-#define TEE_FS_O_RDWR   0x4
-#define TEE_FS_O_CREATE 0x8
-#define TEE_FS_O_EXCL   0x10
-#define TEE_FS_O_APPEND 0x20
-#define TEE_FS_O_TRUNC  0x40
-
-/*
- * tee_fs_lseek
- */
-#define TEE_FS_SEEK_SET 0x1
-#define TEE_FS_SEEK_END 0x2
-#define TEE_FS_SEEK_CUR 0x4
-
-/*
- * file modes
- */
-#define TEE_FS_S_IWUSR 0x1
-#define TEE_FS_S_IRUSR 0x2
-#define TEE_FS_S_IXUSR 0x4
-
-/*
- * access modes
- * X_OK is not supported
- */
-#define TEE_FS_R_OK    0x1
-#define TEE_FS_W_OK    0x2
-#define TEE_FS_F_OK    0x4
+#include <types_ext.h>
+#include <tee_api_types.h>
 
+#ifdef CFG_CACHE_API
+TEE_Result syscall_cache_operation(void *va, size_t len, unsigned long op);
+#else
+#define  syscall_cache_operation syscall_not_supported
 #endif
+
+#endif /*SVC_CACHE_H*/
diff --git a/core/include/tee/tee_cryp_utl.h b/core/include/tee/tee_cryp_utl.h
index 99304f5..b303a59 100644
--- a/core/include/tee/tee_cryp_utl.h
+++ b/core/include/tee/tee_cryp_utl.h
@@ -50,5 +50,10 @@ TEE_Result tee_aes_cbc_cts_update(void *cbc_ctx, void *ecb_ctx,
 
 TEE_Result tee_prng_add_entropy(const uint8_t *in, size_t len);
 void plat_prng_add_jitter_entropy(void);
+/*
+ * The _norpc version must not invoke Normal World, or infinite recursion
+ * may occur. As an exception however, using mutexes is allowed.
+ */
+void plat_prng_add_jitter_entropy_norpc(void);
 
 #endif
diff --git a/core/include/tee/tee_fs.h b/core/include/tee/tee_fs.h
index 299ef74..81253da 100644
--- a/core/include/tee/tee_fs.h
+++ b/core/include/tee/tee_fs.h
@@ -38,30 +38,31 @@ typedef int64_t tee_fs_off_t;
 typedef uint32_t tee_fs_mode_t;
 
 struct tee_fs_dirent {
-	char *d_name;
+	uint8_t oid[TEE_OBJECT_ID_MAX_LEN];
+	size_t oidlen;
 };
 
 struct tee_fs_dir;
 struct tee_file_handle;
+struct tee_pobj;
 
 /*
  * tee_fs implements a POSIX like secure file system with GP extension
  */
 struct tee_file_operations {
-	TEE_Result (*open)(const char *name, struct tee_file_handle **fh);
-	TEE_Result (*create)(const char *name, struct tee_file_handle **fh);
+	TEE_Result (*open)(struct tee_pobj *po, struct tee_file_handle **fh);
+	TEE_Result (*create)(struct tee_pobj *po, struct tee_file_handle **fh);
 	void (*close)(struct tee_file_handle **fh);
-	TEE_Result (*read)(struct tee_file_handle *fh, void *buf, size_t *len);
-	TEE_Result (*write)(struct tee_file_handle *fh, const void *buf,
-			    size_t len);
-	TEE_Result (*seek)(struct tee_file_handle *fh, int32_t offs,
-			   TEE_Whence whence, int32_t *new_offs);
-	TEE_Result (*rename)(const char *old_name, const char *new_name,
+	TEE_Result (*read)(struct tee_file_handle *fh, size_t pos,
+			   void *buf, size_t *len);
+	TEE_Result (*write)(struct tee_file_handle *fh, size_t pos,
+			    const void *buf, size_t len);
+	TEE_Result (*rename)(struct tee_pobj *old_po, struct tee_pobj *new_po,
 			     bool overwrite);
-	TEE_Result (*remove)(const char *name);
+	TEE_Result (*remove)(struct tee_pobj *po);
 	TEE_Result (*truncate)(struct tee_file_handle *fh, size_t size);
 
-	TEE_Result (*opendir)(const char *name, struct tee_fs_dir **d);
+	TEE_Result (*opendir)(const TEE_UUID *uuid, struct tee_fs_dir **d);
 	TEE_Result (*readdir)(struct tee_fs_dir *d, struct tee_fs_dirent **ent);
 	void (*closedir)(struct tee_fs_dir *d);
 };
diff --git a/core/include/tee/tee_fs_key_manager.h b/core/include/tee/tee_fs_key_manager.h
index 7f26d26..b7259aa 100644
--- a/core/include/tee/tee_fs_key_manager.h
+++ b/core/include/tee/tee_fs_key_manager.h
@@ -33,62 +33,17 @@
 
 #define TEE_FS_KM_CHIP_ID_LENGTH    32
 #define TEE_FS_KM_HMAC_ALG          TEE_ALG_HMAC_SHA256
-#define TEE_FS_KM_AUTH_ENC_ALG      TEE_ALG_AES_GCM
 #define TEE_FS_KM_ENC_FEK_ALG       TEE_ALG_AES_ECB_NOPAD
 #define TEE_FS_KM_SSK_SIZE          TEE_SHA256_HASH_SIZE
 #define TEE_FS_KM_TSK_SIZE          TEE_SHA256_HASH_SIZE
 #define TEE_FS_KM_FEK_SIZE          16  /* bytes */
-#define TEE_FS_KM_IV_LEN            12  /* bytes */
-#define TEE_FS_KM_MAX_TAG_LEN       16  /* bytes */
 
-
-#define BLOCK_FILE_SHIFT	12
-
-#define BLOCK_FILE_SIZE		(1 << BLOCK_FILE_SHIFT)
-
-#define NUM_BLOCKS_PER_FILE	1024
-
-enum tee_fs_file_type {
-	META_FILE,
-	BLOCK_FILE
-};
-
-struct tee_fs_file_info {
-	uint64_t length;
-	uint32_t backup_version_table[NUM_BLOCKS_PER_FILE / 32];
-};
-
-struct tee_fs_file_meta {
-	struct tee_fs_file_info info;
-	uint8_t encrypted_fek[TEE_FS_KM_FEK_SIZE];
-	uint32_t counter;
-};
-
-struct common_header {
-	uint8_t iv[TEE_FS_KM_IV_LEN];
-	uint8_t tag[TEE_FS_KM_MAX_TAG_LEN];
-};
-
-struct meta_header {
-	uint8_t encrypted_key[TEE_FS_KM_FEK_SIZE];
-	struct common_header common;
-};
-
-struct block_header {
-	struct common_header common;
-};
-
-size_t tee_fs_get_header_size(enum tee_fs_file_type type);
 TEE_Result tee_fs_generate_fek(uint8_t *encrypted_fek, int fek_size);
-TEE_Result tee_fs_encrypt_file(enum tee_fs_file_type file_type,
-		const uint8_t *plaintext, size_t plaintext_size,
-		uint8_t *ciphertext, size_t *ciphertext_size,
-		const uint8_t *encrypted_fek);
-TEE_Result tee_fs_decrypt_file(enum tee_fs_file_type file_type,
-		const uint8_t *data_in, size_t data_in_size,
-		uint8_t *plaintext, size_t *plaintext_size,
-		uint8_t *encrypted_fek);
 TEE_Result tee_fs_crypt_block(uint8_t *out, const uint8_t *in, size_t size,
 			      uint16_t blk_idx, const uint8_t *encrypted_fek,
 			      TEE_OperationMode mode);
+
+TEE_Result tee_fs_fek_crypt(TEE_OperationMode mode, const uint8_t *in_key,
+			    size_t size, uint8_t *out_key);
+
 #endif
diff --git a/core/include/tee/tee_fs_rpc.h b/core/include/tee/tee_fs_rpc.h
index 4d73c4b..43c7631 100644
--- a/core/include/tee/tee_fs_rpc.h
+++ b/core/include/tee/tee_fs_rpc.h
@@ -44,8 +44,8 @@ struct tee_fs_rpc_operation {
 	size_t num_params;
 };
 
-TEE_Result tee_fs_rpc_open(uint32_t id, const char *fname, int *fd);
-TEE_Result tee_fs_rpc_create(uint32_t id, const char *fname, int *fd);
+TEE_Result tee_fs_rpc_open(uint32_t id, struct tee_pobj *po, int *fd);
+TEE_Result tee_fs_rpc_create(uint32_t id, struct tee_pobj *po, int *fd);
 TEE_Result tee_fs_rpc_close(uint32_t id, int fd);
 
 TEE_Result tee_fs_rpc_read_init(struct tee_fs_rpc_operation *op,
@@ -61,11 +61,11 @@ TEE_Result tee_fs_rpc_write_final(struct tee_fs_rpc_operation *op);
 
 
 TEE_Result tee_fs_rpc_truncate(uint32_t id, int fd, size_t len);
-TEE_Result tee_fs_rpc_remove(uint32_t id, const char *fname);
-TEE_Result tee_fs_rpc_rename(uint32_t id, const char *old_fname,
-			     const char *new_fname, bool overwrite);
+TEE_Result tee_fs_rpc_remove(uint32_t id, struct tee_pobj *po);
+TEE_Result tee_fs_rpc_rename(uint32_t id, struct tee_pobj *old,
+			     struct tee_pobj *new, bool overwrite);
 
-TEE_Result tee_fs_rpc_opendir(uint32_t id, const char *name,
+TEE_Result tee_fs_rpc_opendir(uint32_t id, const TEE_UUID *uuid,
 				  struct tee_fs_dir **d);
 TEE_Result tee_fs_rpc_closedir(uint32_t id, struct tee_fs_dir *d);
 TEE_Result tee_fs_rpc_readdir(uint32_t id, struct tee_fs_dir *d,
diff --git a/core/include/tee/tee_obj.h b/core/include/tee/tee_obj.h
index bb82c9c..2224233 100644
--- a/core/include/tee/tee_obj.h
+++ b/core/include/tee/tee_obj.h
@@ -40,9 +40,9 @@ struct tee_obj {
 	bool busy;		/* true if used by an operation */
 	uint32_t have_attrs;	/* bitfield identifying set properties */
 	void *attr;
+	size_t ds_pos;
 	struct tee_pobj *pobj;	/* ptr to persistant object */
 	struct tee_file_handle *fh;
-	uint32_t ds_size;	/* data stream size */
 	uint32_t flags;		/* permission flags for persistent objects */
 };
 
diff --git a/core/include/tee/tee_pobj.h b/core/include/tee/tee_pobj.h
index db7c9a6..29b7f77 100644
--- a/core/include/tee/tee_pobj.h
+++ b/core/include/tee/tee_pobj.h
@@ -40,12 +40,14 @@ struct tee_pobj {
 	void *obj_id;
 	uint32_t obj_id_len;
 	uint32_t flags;
+	bool temporary;
 	/* Filesystem handling this object */
 	const struct tee_file_operations *fops;
 };
 
 TEE_Result tee_pobj_get(TEE_UUID *uuid, void *obj_id, uint32_t obj_id_len,
-			uint32_t flags, const struct tee_file_operations *fops,
+			uint32_t flags, bool temporary,
+			const struct tee_file_operations *fops,
 			struct tee_pobj **obj);
 
 TEE_Result tee_pobj_release(struct tee_pobj *obj);
diff --git a/core/include/tee/tee_svc_storage.h b/core/include/tee/tee_svc_storage.h
index 7e4c10e..d3f0858 100644
--- a/core/include/tee/tee_svc_storage.h
+++ b/core/include/tee/tee_svc_storage.h
@@ -82,11 +82,11 @@ void tee_svc_storage_close_all_enum(struct user_ta_ctx *utc);
 
 void tee_svc_storage_init(void);
 
-char *tee_svc_storage_create_filename(struct tee_ta_session *sess,
-				      void *object_id,
-				      uint32_t object_id_len,
-				      bool transient);
+struct tee_pobj;
+TEE_Result tee_svc_storage_create_filename(void *buf, size_t blen,
+					   struct tee_pobj *po, bool transient);
 
-char *tee_svc_storage_create_dirname(struct tee_ta_session *sess);
+TEE_Result tee_svc_storage_create_dirname(void *buf, size_t blen,
+					  const TEE_UUID *uuid);
 
 #endif /* TEE_SVC_STORAGE_H */