This is an automated email from the ASF dual-hosted git repository.
yuanz pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/incubator-teaclave-trustzone-sdk.git
The following commit(s) were added to refs/heads/master by this push:
new 2e767f9 Add signature verification example (#73)
2e767f9 is described below
commit 2e767f9ab059453d47540b83d53a4303868eac34
Author: Yuan Zhuang <[email protected]>
AuthorDate: Sat May 7 10:39:44 2022 +0800
Add signature verification example (#73)
* Add signature verification example
* Update overview-of-optee-rust-examples.md
* Add the description of signature_verification-rs
---
ci/qemu-check.exp | 14 ++
docs/overview-of-optee-rust-examples.md | 2 +-
examples/signature_verification-rs/Makefile | 24 ++++
examples/signature_verification-rs/host/Cargo.lock | 104 +++++++++++++++
examples/signature_verification-rs/host/Cargo.toml | 33 +++++
examples/signature_verification-rs/host/Makefile | 45 +++++++
.../signature_verification-rs/host/src/main.rs | 76 +++++++++++
.../signature_verification-rs/proto/Cargo.toml | 30 +++++
examples/signature_verification-rs/proto/build.rs | 34 +++++
.../signature_verification-rs/proto/src/lib.rs | 35 +++++
examples/signature_verification-rs/ta/Cargo.lock | 142 +++++++++++++++++++++
examples/signature_verification-rs/ta/Cargo.toml | 46 +++++++
examples/signature_verification-rs/ta/Makefile | 53 ++++++++
examples/signature_verification-rs/ta/Xargo.toml | 25 ++++
examples/signature_verification-rs/ta/build.rs | 62 +++++++++
examples/signature_verification-rs/ta/src/main.rs | 138 ++++++++++++++++++++
.../signature_verification-rs/ta/ta_aarch64.lds | 92 +++++++++++++
examples/signature_verification-rs/ta/ta_arm.lds | 91 +++++++++++++
examples/signature_verification-rs/ta/ta_static.rs | 98 ++++++++++++++
examples/signature_verification-rs/uuid.txt | 1 +
tests/test_signature_verification.sh | 54 ++++++++
21 files changed, 1198 insertions(+), 1 deletion(-)
diff --git a/ci/qemu-check.exp b/ci/qemu-check.exp
index 4db75d5..d8d4b26 100644
--- a/ci/qemu-check.exp
+++ b/ci/qemu-check.exp
@@ -283,4 +283,18 @@ expect {
exit 1
}
}
+
+expect "# "
+info "Running signature_verification-rs...\n"
+send -- "signature_verification-rs\r"
+expect {
+ "Success" {
+ info "Test success\n"
+ }
+ timeout {
+ info "!!! Timeout: Test failed\n"
+ exit 1
+ }
+}
+
info "Test Rust application finished\n"
diff --git a/docs/overview-of-optee-rust-examples.md
b/docs/overview-of-optee-rust-examples.md
index 1473766..d9c3f8d 100644
--- a/docs/overview-of-optee-rust-examples.md
+++ b/docs/overview-of-optee-rust-examples.md
@@ -31,4 +31,4 @@ To compile one of the examples, run `make -C
examples/EXAMPLE_DIR`.
| tcp_client-rs | `59db8536-e5e6-11eb-8e9b-a316ce7a6568` | Do
HTTP connection from Trusted Application. |
| time-rs | `21b1a1da-bdab-11eb-b614-275a7098826f` | Set
/ get TEE time. |
| udp_socket-rs | `87c2d78e-eb7b-11eb-8d25-df4d5338f285` | Do
UDP socket connection from Trusted Application. |
-
+| signature_verification-rs | `c7e478c2-89b3-46eb-ac19-571e66c3830d` | Sign
a message and verify the signature using the third party crate
[ring](https://github.com/veracruz-project/ring). |
diff --git a/examples/signature_verification-rs/Makefile
b/examples/signature_verification-rs/Makefile
new file mode 100644
index 0000000..09679cd
--- /dev/null
+++ b/examples/signature_verification-rs/Makefile
@@ -0,0 +1,24 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+all:
+ @make -s -C host
+ @make -s -C ta
+
+clean:
+ @make -s -C host clean
+ @make -s -C ta clean
diff --git a/examples/signature_verification-rs/host/Cargo.lock
b/examples/signature_verification-rs/host/Cargo.lock
new file mode 100644
index 0000000..4e9b12b
--- /dev/null
+++ b/examples/signature_verification-rs/host/Cargo.lock
@@ -0,0 +1,104 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "hex"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "805026a5d0141ffc30abb3be3173848ad46a1b1664fe632428479619a3644d77"
+
+[[package]]
+name = "libc"
+version = "0.2.95"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "789da6d93f1b866ffe175afc5322a4d76c038605a1c3319bb57b06967ca98a36"
+
+[[package]]
+name = "optee-teec"
+version = "0.2.0"
+dependencies = [
+ "hex",
+ "libc",
+ "optee-teec-macros",
+ "optee-teec-sys",
+ "uuid 0.7.2",
+]
+
+[[package]]
+name = "optee-teec-macros"
+version = "0.2.0"
+dependencies = [
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "optee-teec-sys"
+version = "0.2.0"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "0.4.30"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759"
+dependencies = [
+ "unicode-xid",
+]
+
+[[package]]
+name = "proto"
+version = "0.1.0"
+dependencies = [
+ "uuid 0.8.2",
+]
+
+[[package]]
+name = "quote"
+version = "0.6.13"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "signature_verification-rs"
+version = "0.1.0"
+dependencies = [
+ "libc",
+ "optee-teec",
+ "proto",
+]
+
+[[package]]
+name = "syn"
+version = "0.15.44"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-xid",
+]
+
+[[package]]
+name = "unicode-xid"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc"
+
+[[package]]
+name = "uuid"
+version = "0.7.2"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "0238db0c5b605dd1cf51de0f21766f97fba2645897024461d6a00c036819a768"
+
+[[package]]
+name = "uuid"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7"
diff --git a/examples/signature_verification-rs/host/Cargo.toml
b/examples/signature_verification-rs/host/Cargo.toml
new file mode 100644
index 0000000..c8fb622
--- /dev/null
+++ b/examples/signature_verification-rs/host/Cargo.toml
@@ -0,0 +1,33 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+[package]
+name = "signature_verification-rs"
+version = "0.1.0"
+authors = ["Teaclave Contributors <[email protected]>"]
+license = "Apache-2.0"
+repository = "https://github.com/apache/incubator-teaclave-trustzone-sdk.git";
+description = "An example of Rust OP-TEE TrustZone SDK."
+edition = "2018"
+
+[dependencies]
+libc = "0.2.48"
+proto = { path = "../proto" }
+optee-teec = { path = "../../../optee-teec" }
+
+[profile.release]
+lto = true
diff --git a/examples/signature_verification-rs/host/Makefile
b/examples/signature_verification-rs/host/Makefile
new file mode 100644
index 0000000..4ab88f9
--- /dev/null
+++ b/examples/signature_verification-rs/host/Makefile
@@ -0,0 +1,45 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+NAME := signature_verification-rs
+ARCH ?= aarch64
+
+OPTEE_DIR ?= ../../../optee
+
+ifeq ($(ARCH), arm)
+ OPTEE_BIN := $(OPTEE_DIR)/toolchains/aarch32/bin
+ OBJCOPY := $(OPTEE_BIN)/arm-linux-gnueabihf-objcopy
+ TARGET := arm-unknown-linux-gnueabihf
+else
+ OPTEE_BIN := $(OPTEE_DIR)/toolchains/$(ARCH)/bin
+ OBJCOPY := $(OPTEE_BIN)/aarch64-linux-gnu-objcopy
+ TARGET := aarch64-unknown-linux-gnu
+endif
+
+OUT_DIR := $(CURDIR)/target/$(TARGET)/release
+
+
+all: host strip
+
+host:
+ @cargo build --target $(TARGET) --release
+
+strip:
+ @$(OBJCOPY) --strip-unneeded $(OUT_DIR)/$(NAME) $(OUT_DIR)/$(NAME)
+
+clean:
+ @cargo clean
diff --git a/examples/signature_verification-rs/host/src/main.rs
b/examples/signature_verification-rs/host/src/main.rs
new file mode 100644
index 0000000..71e6d66
--- /dev/null
+++ b/examples/signature_verification-rs/host/src/main.rs
@@ -0,0 +1,76 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+use optee_teec::{Context, Operation, ParamNone, ParamTmpRef, ParamType,
Session, Uuid};
+use proto::{Command, UUID};
+
+const PUBLIC_KEY_SIZE: usize = 32;
+const SIGNATURE_SIZE: usize = 64;
+
+fn sign(
+ session: &mut Session,
+ message: &[u8],
+ public_key: &mut [u8],
+ signature: &mut [u8],
+) -> optee_teec::Result<()> {
+ let p0 = ParamTmpRef::new_input(message);
+ let p1 = ParamTmpRef::new_output(public_key);
+ let p2 = ParamTmpRef::new_output(signature);
+
+ let mut operation = Operation::new(0, p0, p1, p2, ParamNone);
+
+ session.invoke_command(Command::Sign as u32, &mut operation)?;
+
+ Ok(())
+}
+
+fn verify(
+ session: &mut Session,
+ message: &[u8],
+ public_key: &[u8],
+ signature: &[u8],
+) -> optee_teec::Result<()> {
+ let p0 = ParamTmpRef::new_input(message);
+ let p1 = ParamTmpRef::new_input(public_key);
+ let p2 = ParamTmpRef::new_input(signature);
+
+ let mut operation = Operation::new(0, p0, p1, p2, ParamNone);
+
+ session.invoke_command(Command::Verify as u32, &mut operation)?;
+
+ Ok(())
+}
+
+fn main() -> optee_teec::Result<()> {
+ let mut ctx = Context::new()?;
+ let uuid = Uuid::parse_str(UUID).unwrap();
+ let mut session = ctx.open_session(uuid)?;
+
+ let message: &[u8] = b"hello,world";
+ println!("CA: message: {:?}", &message);
+ let mut public_key = [0x00u8; PUBLIC_KEY_SIZE];
+ let mut signature = [0x00u8; SIGNATURE_SIZE];
+
+ sign(&mut session, &message, &mut public_key, &mut signature)?;
+ println!("CA: public key: {:?}", &public_key);
+ println!("CA: signature: {:?}", &signature);
+
+ verify(&mut session, &message, &public_key, &signature)?;
+ println!("Success");
+
+ Ok(())
+}
diff --git a/examples/signature_verification-rs/proto/Cargo.toml
b/examples/signature_verification-rs/proto/Cargo.toml
new file mode 100644
index 0000000..b829510
--- /dev/null
+++ b/examples/signature_verification-rs/proto/Cargo.toml
@@ -0,0 +1,30 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+[package]
+name = "proto"
+version = "0.1.0"
+authors = ["Teaclave Contributors <[email protected]>"]
+license = "Apache-2.0"
+repository = "https://github.com/apache/incubator-teaclave-trustzone-sdk.git";
+description = "Data structures and functions shared by host and TA."
+edition = "2018"
+
+[dependencies]
+
+[build_dependencies]
+uuid = { version = "0.8" }
diff --git a/examples/signature_verification-rs/proto/build.rs
b/examples/signature_verification-rs/proto/build.rs
new file mode 100644
index 0000000..778819a
--- /dev/null
+++ b/examples/signature_verification-rs/proto/build.rs
@@ -0,0 +1,34 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+use std::env;
+use std::fs;
+use std::fs::File;
+use std::io::Write;
+use std::path::PathBuf;
+
+fn main() {
+ let uuid = match fs::read_to_string("../uuid.txt") {
+ Ok(u) => u.trim().to_string(),
+ Err(_) => {
+ panic!("Cannot find uuid.txt");
+ }
+ };
+ let out = &PathBuf::from(env::var_os("OUT_DIR").unwrap());
+ let mut buffer = File::create(out.join("uuid.txt")).unwrap();
+ write!(buffer, "{}", uuid).unwrap();
+}
diff --git a/examples/signature_verification-rs/proto/src/lib.rs
b/examples/signature_verification-rs/proto/src/lib.rs
new file mode 100644
index 0000000..b25e485
--- /dev/null
+++ b/examples/signature_verification-rs/proto/src/lib.rs
@@ -0,0 +1,35 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+pub enum Command {
+ Sign,
+ Verify,
+ Unknown,
+}
+
+impl From<u32> for Command {
+ #[inline]
+ fn from(value: u32) -> Command {
+ match value {
+ 0 => Command::Sign,
+ 1 => Command::Verify,
+ _ => Command::Unknown,
+ }
+ }
+}
+
+pub const UUID: &str = &include_str!(concat!(env!("OUT_DIR"), "/uuid.txt"));
diff --git a/examples/signature_verification-rs/ta/Cargo.lock
b/examples/signature_verification-rs/ta/Cargo.lock
new file mode 100644
index 0000000..0590206
--- /dev/null
+++ b/examples/signature_verification-rs/ta/Cargo.lock
@@ -0,0 +1,142 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "bitflags"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "228047a76f468627ca71776ecdebd732a3423081fcf5125585bcd7c49886ce12"
+
+[[package]]
+name = "cc"
+version = "1.0.73"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11"
+
+[[package]]
+name = "hex"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "805026a5d0141ffc30abb3be3173848ad46a1b1664fe632428479619a3644d77"
+
+[[package]]
+name = "lazy_static"
+version = "1.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
+
+[[package]]
+name = "libc"
+version = "0.2.99"
+
+[[package]]
+name = "optee-utee"
+version = "0.2.0"
+dependencies = [
+ "bitflags",
+ "hex",
+ "libc",
+ "optee-utee-macros",
+ "optee-utee-sys",
+ "uuid",
+]
+
+[[package]]
+name = "optee-utee-macros"
+version = "0.2.0"
+dependencies = [
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "optee-utee-sys"
+version = "0.2.0"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "0.4.30"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759"
+dependencies = [
+ "unicode-xid",
+]
+
+[[package]]
+name = "proto"
+version = "0.1.0"
+dependencies = [
+ "uuid",
+]
+
+[[package]]
+name = "quote"
+version = "0.6.12"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "faf4799c5d274f3868a4aae320a0a182cbd2baee377b378f080e16a23e9d80db"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "ring"
+version = "0.16.11"
+source =
"git+https://github.com/veracruz-project/ring.git?branch=veracruz#47996e06f9a2cc392091392f010d62e83e9ed0f4";
+dependencies = [
+ "cc",
+ "lazy_static",
+ "optee-utee",
+ "spin",
+ "untrusted",
+]
+
+[[package]]
+name = "spin"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
+
+[[package]]
+name = "syn"
+version = "0.15.39"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "b4d960b829a55e56db167e861ddb43602c003c7be0bee1d345021703fac2fb7c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-xid",
+]
+
+[[package]]
+name = "ta"
+version = "0.1.0"
+dependencies = [
+ "libc",
+ "optee-utee",
+ "optee-utee-sys",
+ "proto",
+ "ring",
+ "uuid",
+]
+
+[[package]]
+name = "unicode-xid"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc"
+
+[[package]]
+name = "untrusted"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
+
+[[package]]
+name = "uuid"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7"
diff --git a/examples/signature_verification-rs/ta/Cargo.toml
b/examples/signature_verification-rs/ta/Cargo.toml
new file mode 100644
index 0000000..5cff6b5
--- /dev/null
+++ b/examples/signature_verification-rs/ta/Cargo.toml
@@ -0,0 +1,46 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+[package]
+name = "ta"
+version = "0.1.0"
+authors = ["Teaclave Contributors <[email protected]>"]
+license = "Apache-2.0"
+repository = "https://github.com/apache/incubator-teaclave-trustzone-sdk.git";
+description = "An example of Rust OP-TEE TrustZone SDK."
+edition = "2018"
+
+[dependencies]
+libc = { path = "../../../rust/libc" }
+proto = { path = "../proto" }
+optee-utee-sys = { path = "../../../optee-utee/optee-utee-sys" }
+optee-utee = { path = "../../../optee-utee" }
+ring = { git = "https://github.com/veracruz-project/ring.git";, branch =
"veracruz", version = "=0.16.11", features = ["std"] }
+
+[build_dependencies]
+uuid = { version = "0.8" }
+proto = { path = "../proto" }
+
+[profile.release]
+lto = true
+opt-level = 1
+
+[patch."https://github.com/veracruz-project/rust-optee-trustzone-sdk.git";]
+optee-utee = { path = "../../../optee-utee" }
+libc = { path = "../../../rust/libc" }
+[patch."https://github.com/veracruz-project/ring.git";]
+optee-utee = { path = "../../../optee-utee" }
diff --git a/examples/signature_verification-rs/ta/Makefile
b/examples/signature_verification-rs/ta/Makefile
new file mode 100644
index 0000000..ffee4b2
--- /dev/null
+++ b/examples/signature_verification-rs/ta/Makefile
@@ -0,0 +1,53 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+OPTEE_DIR ?= ../../../optee
+OPTEE_OS_DIR ?= $(OPTEE_DIR)/optee_os
+UUID ?= $(shell cat "../uuid.txt")
+
+ARCH ?= aarch64
+
+ifeq ($(ARCH), arm)
+ TA_SIGN_KEY ?=
$(OPTEE_OS_DIR)/out/arm/export-ta_arm32/keys/default_ta.pem
+ SIGN := $(OPTEE_OS_DIR)/out/arm/export-ta_arm32/scripts/sign_encrypt.py
+ OPTEE_BIN := $(OPTEE_DIR)/toolchains/aarch32/bin
+ OBJCOPY := $(OPTEE_BIN)/arm-linux-gnueabihf-objcopy
+ TARGET := arm-unknown-optee-trustzone
+else
+ TA_SIGN_KEY ?=
$(OPTEE_OS_DIR)/out/arm/export-ta_arm64/keys/default_ta.pem
+ SIGN := $(OPTEE_OS_DIR)/out/arm/export-ta_arm64/scripts/sign_encrypt.py
+ OPTEE_BIN := $(OPTEE_DIR)/toolchains/$(ARCH)/bin
+ OBJCOPY := $(OPTEE_BIN)/aarch64-linux-gnu-objcopy
+ TARGET := aarch64-unknown-optee-trustzone
+endif
+
+OUT_DIR := $(CURDIR)/target/$(TARGET)/release
+
+all: ta strip sign
+
+ta:
+ @xargo build --target $(TARGET) --release --verbose
+
+strip:
+ @$(OBJCOPY) --strip-unneeded $(OUT_DIR)/ta $(OUT_DIR)/stripped_ta
+
+sign:
+ @$(SIGN) --uuid $(UUID) --key $(TA_SIGN_KEY) --in
$(OUT_DIR)/stripped_ta --out $(OUT_DIR)/$(UUID).ta
+ @echo "SIGN => ${UUID}"
+
+clean:
+ @xargo clean
diff --git a/examples/signature_verification-rs/ta/Xargo.toml
b/examples/signature_verification-rs/ta/Xargo.toml
new file mode 100644
index 0000000..c9ed04e
--- /dev/null
+++ b/examples/signature_verification-rs/ta/Xargo.toml
@@ -0,0 +1,25 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+[dependencies.std]
+path = "../../../rust/rust/library/std"
+
+[patch.crates-io]
+libc = { path = "../../../rust/libc" }
+compiler_builtins = { path = "../../../rust/compiler-builtins" }
+rustc-std-workspace-core = { path =
"../../../rust/rust/library/rustc-std-workspace-core" }
+rustc-std-workspace-alloc = { path =
"../../../rust/rust/library/rustc-std-workspace-alloc" }
diff --git a/examples/signature_verification-rs/ta/build.rs
b/examples/signature_verification-rs/ta/build.rs
new file mode 100644
index 0000000..4b4d42d
--- /dev/null
+++ b/examples/signature_verification-rs/ta/build.rs
@@ -0,0 +1,62 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+use proto;
+use std::env;
+use std::fs::File;
+use std::io::Write;
+use std::path::{Path, PathBuf};
+use uuid::Uuid;
+
+fn main() -> std::io::Result<()> {
+ let out = &PathBuf::from(env::var_os("OUT_DIR").unwrap());
+
+ let mut buffer = File::create(out.join("user_ta_header.rs"))?;
+ buffer.write_all(include_bytes!("ta_static.rs"))?;
+
+ let tee_uuid = Uuid::parse_str(proto::UUID).unwrap();
+ let (time_low, time_mid, time_hi_and_version, clock_seq_and_node) =
tee_uuid.as_fields();
+
+ write!(buffer, "\n")?;
+ write!(
+ buffer,
+ "const TA_UUID: optee_utee_sys::TEE_UUID = optee_utee_sys::TEE_UUID {{
+ timeLow: {:#x},
+ timeMid: {:#x},
+ timeHiAndVersion: {:#x},
+ clockSeqAndNode: {:#x?},
+}};",
+ time_low, time_mid, time_hi_and_version, clock_seq_and_node
+ )?;
+ let optee_os_dir =
env::var("OPTEE_OS_DIR").unwrap_or("../../../optee/optee_os".to_string());
+ let search_path = match env::var("ARCH") {
+ Ok(ref v) if v == "arm" => {
+
File::create(out.join("ta.lds"))?.write_all(include_bytes!("ta_arm.lds"))?;
+ Path::new(&optee_os_dir).join("out/arm/export-ta_arm32/lib")
+ }
+ _ => {
+
File::create(out.join("ta.lds"))?.write_all(include_bytes!("ta_aarch64.lds"))?;
+ Path::new(&optee_os_dir).join("out/arm/export-ta_arm64/lib")
+ }
+ };
+ println!("cargo:rustc-link-search={}", out.display());
+ println!("cargo:rerun-if-changed=ta.lds");
+
+ println!("cargo:rustc-link-search={}", search_path.display());
+ println!("cargo:rustc-link-lib=static=utee");
+ Ok(())
+}
diff --git a/examples/signature_verification-rs/ta/src/main.rs
b/examples/signature_verification-rs/ta/src/main.rs
new file mode 100644
index 0000000..c3fcc98
--- /dev/null
+++ b/examples/signature_verification-rs/ta/src/main.rs
@@ -0,0 +1,138 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#![no_main]
+
+use ring::signature::KeyPair;
+use ring::{rand, signature};
+
+use optee_utee::{
+ ta_close_session, ta_create, ta_destroy, ta_invoke_command,
ta_open_session, trace_println,
+};
+use optee_utee::{Error, ErrorKind, Parameters, Result};
+use proto::Command;
+
+#[ta_create]
+fn create() -> Result<()> {
+ trace_println!("[+] TA create");
+ Ok(())
+}
+
+#[ta_open_session]
+fn open_session(_params: &mut Parameters) -> Result<()> {
+ trace_println!("[+] TA open session");
+ Ok(())
+}
+
+#[ta_close_session]
+fn close_session() {
+ trace_println!("[+] TA close session");
+}
+
+#[ta_destroy]
+fn destroy() {
+ trace_println!("[+] TA destroy");
+}
+
+#[ta_invoke_command]
+fn invoke_command(cmd_id: u32, params: &mut Parameters) -> Result<()> {
+ trace_println!("[+] TA invoke command");
+ match Command::from(cmd_id) {
+ Command::Sign => {
+ return sign(params);
+ }
+ Command::Verify => {
+ return verify(params);
+ }
+ _ => Err(Error::new(ErrorKind::BadParameters)),
+ }
+}
+
+fn sign(params: &mut Parameters) -> Result<()> {
+ let mut p0 = unsafe { params.0.as_memref().unwrap() };
+ let mut p1 = unsafe { params.1.as_memref().unwrap() };
+ let mut p2 = unsafe { params.2.as_memref().unwrap() };
+ let message = p0.buffer();
+ trace_println!("[+] message: {:?}", &message);
+
+ // Generate a key pair in PKCS#8 (v2) format.
+ let rng = rand::SystemRandom::new();
+ let pkcs8_bytes = match signature::Ed25519KeyPair::generate_pkcs8(&rng) {
+ Ok(bytes) => bytes,
+ Err(e) => {
+ trace_println!("[+] error: {:?}", e);
+ return Err(Error::new(ErrorKind::Generic));
+ }
+ };
+ trace_println!("[+] pkcs8_bytes: {:?}", pkcs8_bytes.as_ref());
+
+ let key_pair = match
signature::Ed25519KeyPair::from_pkcs8(pkcs8_bytes.as_ref()) {
+ Ok(key_pair) => key_pair,
+ Err(e) => {
+ trace_println!("[+] error: {:?}", e);
+ return Err(Error::new(ErrorKind::Generic));
+ }
+ };
+ let sig = key_pair.sign(message);
+ trace_println!("[+] public key: {:?}", key_pair.public_key().as_ref());
+ trace_println!("[+] signature: {:?}", sig.as_ref());
+
+ p1.buffer().clone_from_slice(key_pair.public_key().as_ref());
+ p2.buffer().clone_from_slice(sig.as_ref());
+
+ Ok(())
+}
+
+fn verify(params: &mut Parameters) -> Result<()> {
+ let mut p0 = unsafe { params.0.as_memref().unwrap() };
+ let mut p1 = unsafe { params.1.as_memref().unwrap() };
+ let mut p2 = unsafe { params.2.as_memref().unwrap() };
+
+ let message = p0.buffer();
+ let public_key_bytes = p1.buffer();
+ let sig = p2.buffer();
+ trace_println!("[+] message: {:?}", &message);
+ trace_println!("[+] public_key: {:?}", &public_key_bytes);
+ trace_println!("[+] signature: {:?}", &sig);
+
+ // Verify the signature of the message using the public key.
+ let public_key = signature::UnparsedPublicKey::new(&signature::ED25519,
public_key_bytes);
+ match public_key.verify(message, sig) {
+ Ok(_) => {
+ trace_println!("[+] verify ok");
+ return Ok(());
+ }
+ Err(e) => {
+ trace_println!("[+] error: {:?}", e);
+ return Err(Error::new(ErrorKind::SignatureInvalid));
+ }
+ };
+}
+
+// TA configurations
+const TA_FLAGS: u32 = 0;
+const TA_DATA_SIZE: u32 = 4 * 1024 * 1024;
+const TA_STACK_SIZE: u32 = 4 * 1024;
+const TA_VERSION: &[u8] = b"0.1\0";
+const TA_DESCRIPTION: &[u8] = b"This is a signature verification example.\0";
+const EXT_PROP_VALUE_1: &[u8] = b"Signature Verification TA\0";
+const EXT_PROP_VALUE_2: u32 = 0x0010;
+const TRACE_LEVEL: i32 = 4;
+const TRACE_EXT_PREFIX: &[u8] = b"TA\0";
+const TA_FRAMEWORK_STACK_SIZE: u32 = 2048;
+
+include!(concat!(env!("OUT_DIR"), "/user_ta_header.rs"));
diff --git a/examples/signature_verification-rs/ta/ta_aarch64.lds
b/examples/signature_verification-rs/ta/ta_aarch64.lds
new file mode 100644
index 0000000..adb7603
--- /dev/null
+++ b/examples/signature_verification-rs/ta/ta_aarch64.lds
@@ -0,0 +1,92 @@
+OUTPUT_FORMAT("elf64-littleaarch64", "elf64-bigaarch64", "elf64-littleaarch64")
+OUTPUT_ARCH(aarch64)
+
+PHDRS {
+ /*
+ * Exec and rodata headers are hard coded to RX and RO
+ * respectively. This is needed because the binary is relocatable
+ * and the linker would automatically make any header writeable
+ * that need to be updated during relocation.
+ */
+ exec PT_LOAD FLAGS (5); /* RX */
+ rodata PT_LOAD FLAGS (4); /* RO */
+ rwdata PT_LOAD;
+ dyn PT_DYNAMIC;
+}
+
+SECTIONS {
+ .ta_head : {*(.ta_head)} :exec
+ .text : {
+ __text_start = .;
+ *(.text .text.*)
+ *(.stub)
+ *(.glue_7)
+ *(.glue_7t)
+ *(.gnu.linkonce.t.*)
+ /* Workaround for an erratum in ARM's VFP11 coprocessor */
+ *(.vfp11_veneer)
+ PROVIDE(__gnu_mcount_nc = __utee_mcount);
+ __text_end = .;
+ }
+ .plt : { *(.plt) }
+
+ .eh_frame : { *(.eh_frame) } :rodata
+ .rodata : {
+ *(.gnu.linkonce.r.*)
+ *(.rodata .rodata.*)
+ }
+ /* .ARM.exidx is sorted, so has to go in its own output section. */
+ .ARM.exidx : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) }
+ .ctors : { *(.ctors) }
+ .dtors : { *(.dtors) }
+ .rel.text : { *(.rel.text) *(.rel.gnu.linkonce.t*) }
+ .rela.text : { *(.rela.text) *(.rela.gnu.linkonce.t*) }
+ .rel.data : { *(.rel.data) *(.rel.gnu.linkonce.d*) }
+ .rela.data : { *(.rela.data) *(.rela.gnu.linkonce.d*) }
+ .rel.rodata : { *(.rel.rodata) *(.rel.gnu.linkonce.r*) }
+ .rela.rodata : { *(.rela.rodata) *(.rela.gnu.linkonce.r*) }
+ .rel.dyn : { *(.rel.dyn) }
+ .rel.got : { *(.rel.got) }
+ .rela.got : { *(.rela.got) }
+ .rel.ctors : { *(.rel.ctors) }
+ .rela.ctors : { *(.rela.ctors) }
+ .rel.dtors : { *(.rel.dtors) }
+ .rela.dtors : { *(.rela.dtors) }
+ .rel.init : { *(.rel.init) }
+ .rela.init : { *(.rela.init) }
+ .rel.fini : { *(.rel.fini) }
+ .rela.fini : { *(.rela.fini) }
+ .rel.bss : { *(.rel.bss) }
+ .rela.bss : { *(.rela.bss) }
+ .rel.plt : { *(.rel.plt) }
+ .rela.plt : { *(.rela.plt) }
+ .dynamic : { *(.dynamic) } :dyn :rodata
+ .dynsym : { *(.dynsym) } :rodata
+ .dynstr : { *(.dynstr) }
+ .hash : { *(.hash) }
+
+ /* Page align to allow dropping execute bit for RW data */
+ . = ALIGN(4096);
+
+ .data : { *(.data .data.* .gnu.linkonce.d.*) } :rwdata
+ .got : { *(.got.plt) *(.got) }
+ .bss : {
+ *(.bss .bss.* .gnu.linkonce.b.* COMMON)
+
+ /*
+ * TA profiling with gprof
+ * Reserve some space for the profiling buffer, only if the
+ * TA is instrumented (i.e., some files were built with -pg).
+ * Note that PROVIDE() above defines a symbol only if it is
+ * referenced in the object files.
+ * This also provides a way to detect at runtime if the TA is
+ * instrumented or not.
+ */
+ . = ALIGN(8);
+ __gprof_buf_start = .;
+ __gprof_buf_end = .;
+ }
+
+ /DISCARD/ : { *(.interp) }
+}
+
diff --git a/examples/signature_verification-rs/ta/ta_arm.lds
b/examples/signature_verification-rs/ta/ta_arm.lds
new file mode 100644
index 0000000..764ea25
--- /dev/null
+++ b/examples/signature_verification-rs/ta/ta_arm.lds
@@ -0,0 +1,91 @@
+OUTPUT_FORMAT("elf32-littlearm")
+OUTPUT_ARCH(arm)
+
+PHDRS {
+ /*
+ * Exec and rodata headers are hard coded to RX and RO
+ * respectively. This is needed because the binary is relocatable
+ * and the linker would automatically make any header writeable
+ * that need to be updated during relocation.
+ */
+ exec PT_LOAD FLAGS (5); /* RX */
+ rodata PT_LOAD FLAGS (4); /* RO */
+ rwdata PT_LOAD;
+ dyn PT_DYNAMIC;
+}
+
+SECTIONS {
+ .ta_head : {*(.ta_head)} :exec
+ .text : {
+ __text_start = .;
+ *(.text .text.*)
+ *(.stub)
+ *(.glue_7)
+ *(.glue_7t)
+ *(.gnu.linkonce.t.*)
+ /* Workaround for an erratum in ARM's VFP11 coprocessor */
+ *(.vfp11_veneer)
+ PROVIDE(__gnu_mcount_nc = __utee_mcount);
+ __text_end = .;
+ }
+ .plt : { *(.plt) }
+
+ .eh_frame : { *(.eh_frame) } :rodata
+ .rodata : {
+ *(.gnu.linkonce.r.*)
+ *(.rodata .rodata.*)
+ }
+ /* .ARM.exidx is sorted, so has to go in its own output section. */
+ .ARM.exidx : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) }
+ .ctors : { *(.ctors) }
+ .dtors : { *(.dtors) }
+ .rel.text : { *(.rel.text) *(.rel.gnu.linkonce.t*) }
+ .rela.text : { *(.rela.text) *(.rela.gnu.linkonce.t*) }
+ .rel.data : { *(.rel.data) *(.rel.gnu.linkonce.d*) }
+ .rela.data : { *(.rela.data) *(.rela.gnu.linkonce.d*) }
+ .rel.rodata : { *(.rel.rodata) *(.rel.gnu.linkonce.r*) }
+ .rela.rodata : { *(.rela.rodata) *(.rela.gnu.linkonce.r*) }
+ .rel.dyn : { *(.rel.dyn) }
+ .rel.got : { *(.rel.got) }
+ .rela.got : { *(.rela.got) }
+ .rel.ctors : { *(.rel.ctors) }
+ .rela.ctors : { *(.rela.ctors) }
+ .rel.dtors : { *(.rel.dtors) }
+ .rela.dtors : { *(.rela.dtors) }
+ .rel.init : { *(.rel.init) }
+ .rela.init : { *(.rela.init) }
+ .rel.fini : { *(.rel.fini) }
+ .rela.fini : { *(.rela.fini) }
+ .rel.bss : { *(.rel.bss) }
+ .rela.bss : { *(.rela.bss) }
+ .rel.plt : { *(.rel.plt) }
+ .rela.plt : { *(.rela.plt) }
+ .dynamic : { *(.dynamic) } :dyn :rodata
+ .dynsym : { *(.dynsym) } :rodata
+ .dynstr : { *(.dynstr) }
+ .hash : { *(.hash) }
+
+ /* Page align to allow dropping execute bit for RW data */
+ . = ALIGN(4096);
+
+ .data : { *(.data .data.* .gnu.linkonce.d.*) } :rwdata
+ .got : { *(.got.plt) *(.got) }
+ .bss : {
+ *(.bss .bss.* .gnu.linkonce.b.* COMMON)
+
+ /*
+ * TA profiling with gprof
+ * Reserve some space for the profiling buffer, only if the
+ * TA is instrumented (i.e., some files were built with -pg).
+ * Note that PROVIDE() above defines a symbol only if it is
+ * referenced in the object files.
+ * This also provides a way to detect at runtime if the TA is
+ * instrumented or not.
+ */
+ . = ALIGN(8);
+ __gprof_buf_start = .;
+ __gprof_buf_end = .;
+ }
+
+ /DISCARD/ : { *(.interp) }
+}
diff --git a/examples/signature_verification-rs/ta/ta_static.rs
b/examples/signature_verification-rs/ta/ta_static.rs
new file mode 100644
index 0000000..b31f8c3
--- /dev/null
+++ b/examples/signature_verification-rs/ta/ta_static.rs
@@ -0,0 +1,98 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#[no_mangle]
+pub static mut trace_level: libc::c_int = TRACE_LEVEL;
+
+#[no_mangle]
+pub static trace_ext_prefix: &[u8] = TRACE_EXT_PREFIX;
+
+#[no_mangle]
+#[link_section = ".ta_head"]
+pub static ta_head: optee_utee_sys::ta_head = optee_utee_sys::ta_head {
+ uuid: TA_UUID,
+ stack_size: TA_STACK_SIZE + TA_FRAMEWORK_STACK_SIZE,
+ flags: TA_FLAGS,
+ depr_entry: std::u64::MAX,
+};
+
+#[no_mangle]
+#[link_section = ".bss"]
+pub static ta_heap: [u8; TA_DATA_SIZE as usize] = [0; TA_DATA_SIZE as usize];
+
+#[no_mangle]
+pub static ta_heap_size: libc::size_t = std::mem::size_of::<u8>() *
TA_DATA_SIZE as usize;
+static FLAG_BOOL: bool = (TA_FLAGS & optee_utee_sys::TA_FLAG_SINGLE_INSTANCE)
!= 0;
+static FLAG_MULTI: bool = (TA_FLAGS & optee_utee_sys::TA_FLAG_MULTI_SESSION)
!= 0;
+static FLAG_INSTANCE: bool = (TA_FLAGS &
optee_utee_sys::TA_FLAG_INSTANCE_KEEP_ALIVE) != 0;
+
+#[no_mangle]
+pub static ta_num_props: libc::size_t = 9;
+
+#[no_mangle]
+pub static ta_props: [optee_utee_sys::user_ta_property; 9] = [
+ optee_utee_sys::user_ta_property {
+ name: optee_utee_sys::TA_PROP_STR_SINGLE_INSTANCE,
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_BOOL,
+ value: &FLAG_BOOL as *const bool as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: optee_utee_sys::TA_PROP_STR_MULTI_SESSION,
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_BOOL,
+ value: &FLAG_MULTI as *const bool as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: optee_utee_sys::TA_PROP_STR_KEEP_ALIVE,
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_BOOL,
+ value: &FLAG_INSTANCE as *const bool as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: optee_utee_sys::TA_PROP_STR_DATA_SIZE,
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_U32,
+ value: &TA_DATA_SIZE as *const u32 as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: optee_utee_sys::TA_PROP_STR_STACK_SIZE,
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_U32,
+ value: &TA_STACK_SIZE as *const u32 as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: optee_utee_sys::TA_PROP_STR_VERSION,
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_STRING,
+ value: TA_VERSION as *const [u8] as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: optee_utee_sys::TA_PROP_STR_DESCRIPTION,
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_STRING,
+ value: TA_DESCRIPTION as *const [u8] as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: "gp.ta.description\0".as_ptr(),
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_STRING,
+ value: EXT_PROP_VALUE_1 as *const [u8] as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: "gp.ta.version\0".as_ptr(),
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_U32,
+ value: &EXT_PROP_VALUE_2 as *const u32 as *mut _,
+ },
+];
+
+#[no_mangle]
+pub unsafe extern "C" fn tahead_get_trace_level() -> libc::c_int {
+ return trace_level;
+}
diff --git a/examples/signature_verification-rs/uuid.txt
b/examples/signature_verification-rs/uuid.txt
new file mode 100644
index 0000000..cc340c8
--- /dev/null
+++ b/examples/signature_verification-rs/uuid.txt
@@ -0,0 +1 @@
+c7e478c2-89b3-46eb-ac19-571e66c3830d
diff --git a/tests/test_signature_verification.sh
b/tests/test_signature_verification.sh
new file mode 100755
index 0000000..25d3d08
--- /dev/null
+++ b/tests/test_signature_verification.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+set -xe
+
+rm -rf screenlog.0
+rm -rf optee-qemuv8-3.17.0-ubuntu-20.04
+rm -rf shared
+
+curl http://mesalock-linux.org/assets/optee-qemuv8-3.17.0-ubuntu-20.04.tar.gz
| tar zxv
+mkdir shared
+cp
../examples/signature_verification-rs/ta/target/aarch64-unknown-optee-trustzone/release/*.ta
shared
+cp
../examples/signature_verification-rs/host/target/aarch64-unknown-linux-gnu/release/signature_verification-rs
shared
+
+screen -L -d -m -S qemu_screen ./optee-qemuv8.sh
+sleep 30
+screen -S qemu_screen -p 0 -X stuff "root\n"
+sleep 5
+screen -S qemu_screen -p 0 -X stuff "mkdir shared && mount -t 9p -o
trans=virtio host shared && cd shared\n"
+sleep 5
+screen -S qemu_screen -p 0 -X stuff "cp *.ta /lib/optee_armtz/\n"
+sleep 5
+screen -S qemu_screen -p 0 -X stuff "./signature_verification-rs\n"
+sleep 5
+screen -S qemu_screen -p 0 -X stuff "^C"
+sleep 5
+
+{
+ grep -q "Success" screenlog.0
+} || {
+ cat -v screenlog.0
+ cat -v /tmp/serial.log
+ false
+}
+
+rm -rf screenlog.0
+rm -rf optee-qemuv8-3.17.0-ubuntu-20.04
+rm -rf shared
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
