This is an automated email from the ASF dual-hosted git repository.
yuanz pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/incubator-teaclave-trustzone-sdk.git
The following commit(s) were added to refs/heads/master by this push:
new 3eb9272 Add tls client example (#76)
3eb9272 is described below
commit 3eb9272960a6cb703d772f2adfaecade17889481
Author: Yuan Zhuang <[email protected]>
AuthorDate: Thu May 12 10:35:48 2022 +0800
Add tls client example (#76)
* Add tls client example
* Update overview-of-optee-rust-examples.md
---
docs/overview-of-optee-rust-examples.md | 1 +
examples/tls_client-rs/Makefile | 24 ++
examples/tls_client-rs/host/Cargo.lock | 104 +++++++++
examples/tls_client-rs/host/Cargo.toml | 33 +++
examples/tls_client-rs/host/Makefile | 45 ++++
examples/tls_client-rs/host/src/main.rs | 37 ++++
examples/tls_client-rs/proto/Cargo.toml | 30 +++
examples/tls_client-rs/proto/build.rs | 34 +++
examples/tls_client-rs/proto/src/lib.rs | 33 +++
examples/tls_client-rs/ta/Cargo.lock | 363 +++++++++++++++++++++++++++++++
examples/tls_client-rs/ta/Cargo.toml | 50 +++++
examples/tls_client-rs/ta/Makefile | 53 +++++
examples/tls_client-rs/ta/Xargo.toml | 25 +++
examples/tls_client-rs/ta/build.rs | 62 ++++++
examples/tls_client-rs/ta/src/main.rs | 105 +++++++++
examples/tls_client-rs/ta/ta_aarch64.lds | 92 ++++++++
examples/tls_client-rs/ta/ta_arm.lds | 91 ++++++++
examples/tls_client-rs/ta/ta_static.rs | 98 +++++++++
examples/tls_client-rs/uuid.txt | 1 +
tests/test_tls_client.sh | 54 +++++
20 files changed, 1335 insertions(+)
diff --git a/docs/overview-of-optee-rust-examples.md
b/docs/overview-of-optee-rust-examples.md
index d9c3f8d..240d6f7 100644
--- a/docs/overview-of-optee-rust-examples.md
+++ b/docs/overview-of-optee-rust-examples.md
@@ -32,3 +32,4 @@ To compile one of the examples, run `make -C
examples/EXAMPLE_DIR`.
| time-rs | `21b1a1da-bdab-11eb-b614-275a7098826f` | Set
/ get TEE time. |
| udp_socket-rs | `87c2d78e-eb7b-11eb-8d25-df4d5338f285` | Do
UDP socket connection from Trusted Application. |
| signature_verification-rs | `c7e478c2-89b3-46eb-ac19-571e66c3830d` | Sign
a message and verify the signature using the third party crate
[ring](https://github.com/veracruz-project/ring). |
+| tls_client-rs | `ec55bfe2-d9c7-11eb-8b0e-f3f8fad927f7` | Do
TLS connection from Trusted Application. |
diff --git a/examples/tls_client-rs/Makefile b/examples/tls_client-rs/Makefile
new file mode 100644
index 0000000..09679cd
--- /dev/null
+++ b/examples/tls_client-rs/Makefile
@@ -0,0 +1,24 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+all:
+ @make -s -C host
+ @make -s -C ta
+
+clean:
+ @make -s -C host clean
+ @make -s -C ta clean
diff --git a/examples/tls_client-rs/host/Cargo.lock
b/examples/tls_client-rs/host/Cargo.lock
new file mode 100644
index 0000000..b38a9c6
--- /dev/null
+++ b/examples/tls_client-rs/host/Cargo.lock
@@ -0,0 +1,104 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "hex"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "805026a5d0141ffc30abb3be3173848ad46a1b1664fe632428479619a3644d77"
+
+[[package]]
+name = "libc"
+version = "0.2.125"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "5916d2ae698f6de9bfb891ad7a8d65c09d232dc58cc4ac433c7da3b2fd84bc2b"
+
+[[package]]
+name = "optee-teec"
+version = "0.2.0"
+dependencies = [
+ "hex",
+ "libc",
+ "optee-teec-macros",
+ "optee-teec-sys",
+ "uuid 0.7.4",
+]
+
+[[package]]
+name = "optee-teec-macros"
+version = "0.2.0"
+dependencies = [
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "optee-teec-sys"
+version = "0.2.0"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "0.4.30"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759"
+dependencies = [
+ "unicode-xid",
+]
+
+[[package]]
+name = "proto"
+version = "0.2.0"
+dependencies = [
+ "uuid 0.8.2",
+]
+
+[[package]]
+name = "quote"
+version = "0.6.13"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "syn"
+version = "0.15.44"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-xid",
+]
+
+[[package]]
+name = "tls_client-rs"
+version = "0.2.0"
+dependencies = [
+ "libc",
+ "optee-teec",
+ "proto",
+]
+
+[[package]]
+name = "unicode-xid"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc"
+
+[[package]]
+name = "uuid"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "90dbc611eb48397705a6b0f6e917da23ae517e4d127123d2cf7674206627d32a"
+
+[[package]]
+name = "uuid"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7"
diff --git a/examples/tls_client-rs/host/Cargo.toml
b/examples/tls_client-rs/host/Cargo.toml
new file mode 100644
index 0000000..aa09b6c
--- /dev/null
+++ b/examples/tls_client-rs/host/Cargo.toml
@@ -0,0 +1,33 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+[package]
+name = "tls_client-rs"
+version = "0.2.0"
+authors = ["Teaclave Contributors <[email protected]>"]
+license = "Apache-2.0"
+repository = "https://github.com/apache/incubator-teaclave-trustzone-sdk.git";
+description = "An example of Rust OP-TEE TrustZone SDK."
+edition = "2018"
+
+[dependencies]
+libc = "0.2.48"
+proto = { path = "../proto" }
+optee-teec = { path = "../../../optee-teec" }
+
+[profile.release]
+lto = true
diff --git a/examples/tls_client-rs/host/Makefile
b/examples/tls_client-rs/host/Makefile
new file mode 100644
index 0000000..d68659b
--- /dev/null
+++ b/examples/tls_client-rs/host/Makefile
@@ -0,0 +1,45 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+NAME := tls_client-rs
+ARCH ?= aarch64
+
+OPTEE_DIR ?= ../../../optee
+
+ifeq ($(ARCH), arm)
+ OPTEE_BIN := $(OPTEE_DIR)/toolchains/aarch32/bin
+ OBJCOPY := $(OPTEE_BIN)/arm-linux-gnueabihf-objcopy
+ TARGET := arm-unknown-linux-gnueabihf
+else
+ OPTEE_BIN := $(OPTEE_DIR)/toolchains/$(ARCH)/bin
+ OBJCOPY := $(OPTEE_BIN)/aarch64-linux-gnu-objcopy
+ TARGET := aarch64-unknown-linux-gnu
+endif
+
+OUT_DIR := $(CURDIR)/target/$(TARGET)/release
+
+
+all: host strip
+
+host:
+ @cargo build --target $(TARGET) --release
+
+strip:
+ @$(OBJCOPY) --strip-unneeded $(OUT_DIR)/$(NAME) $(OUT_DIR)/$(NAME)
+
+clean:
+ @cargo clean
diff --git a/examples/tls_client-rs/host/src/main.rs
b/examples/tls_client-rs/host/src/main.rs
new file mode 100644
index 0000000..50516b1
--- /dev/null
+++ b/examples/tls_client-rs/host/src/main.rs
@@ -0,0 +1,37 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+use optee_teec::ParamNone;
+use optee_teec::{Context, Operation, Session, Uuid};
+use proto::{Command, UUID};
+
+fn tls_client(session: &mut Session) -> optee_teec::Result<()> {
+ let mut operation = Operation::new(0, ParamNone, ParamNone, ParamNone,
ParamNone);
+ session.invoke_command(Command::Start as u32, &mut operation)?;
+ Ok(())
+}
+
+fn main() -> optee_teec::Result<()> {
+ let mut ctx = Context::new()?;
+ let uuid = Uuid::parse_str(UUID).unwrap();
+ let mut session = ctx.open_session(uuid)?;
+
+ tls_client(&mut session)?;
+
+ println!("Success");
+ Ok(())
+}
diff --git a/examples/tls_client-rs/proto/Cargo.toml
b/examples/tls_client-rs/proto/Cargo.toml
new file mode 100644
index 0000000..a12d1c0
--- /dev/null
+++ b/examples/tls_client-rs/proto/Cargo.toml
@@ -0,0 +1,30 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+[package]
+name = "proto"
+version = "0.2.0"
+authors = ["Teaclave Contributors <[email protected]>"]
+license = "Apache-2.0"
+repository = "https://github.com/apache/incubator-teaclave-trustzone-sdk.git";
+description = "Data structures and functions shared by host and TA."
+edition = "2018"
+
+[dependencies]
+
+[build_dependencies]
+uuid = { version = "0.8" }
diff --git a/examples/tls_client-rs/proto/build.rs
b/examples/tls_client-rs/proto/build.rs
new file mode 100644
index 0000000..778819a
--- /dev/null
+++ b/examples/tls_client-rs/proto/build.rs
@@ -0,0 +1,34 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+use std::env;
+use std::fs;
+use std::fs::File;
+use std::io::Write;
+use std::path::PathBuf;
+
+fn main() {
+ let uuid = match fs::read_to_string("../uuid.txt") {
+ Ok(u) => u.trim().to_string(),
+ Err(_) => {
+ panic!("Cannot find uuid.txt");
+ }
+ };
+ let out = &PathBuf::from(env::var_os("OUT_DIR").unwrap());
+ let mut buffer = File::create(out.join("uuid.txt")).unwrap();
+ write!(buffer, "{}", uuid).unwrap();
+}
diff --git a/examples/tls_client-rs/proto/src/lib.rs
b/examples/tls_client-rs/proto/src/lib.rs
new file mode 100644
index 0000000..7679b2d
--- /dev/null
+++ b/examples/tls_client-rs/proto/src/lib.rs
@@ -0,0 +1,33 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+pub enum Command {
+ Start,
+ Unknown,
+}
+
+impl From<u32> for Command {
+ #[inline]
+ fn from(value: u32) -> Command {
+ match value {
+ 0 => Command::Start,
+ _ => Command::Unknown,
+ }
+ }
+}
+
+pub const UUID: &str = &include_str!(concat!(env!("OUT_DIR"), "/uuid.txt"));
diff --git a/examples/tls_client-rs/ta/Cargo.lock
b/examples/tls_client-rs/ta/Cargo.lock
new file mode 100644
index 0000000..1c24032
--- /dev/null
+++ b/examples/tls_client-rs/ta/Cargo.lock
@@ -0,0 +1,363 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "base64"
+version = "0.10.1"
+source =
"git+https://github.com/veracruz-project/rust-base64.git?branch=veracruz#9c3208ed29f179e395986c26c9290cf5f3dc9531";
+
+[[package]]
+name = "bitflags"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "228047a76f468627ca71776ecdebd732a3423081fcf5125585bcd7c49886ce12"
+
+[[package]]
+name = "bumpalo"
+version = "3.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "a4a45a46ab1f2412e53d3a0ade76ffad2025804294569aae387231a0cd6e0899"
+
+[[package]]
+name = "cc"
+version = "1.0.73"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11"
+
+[[package]]
+name = "cfg-if"
+version = "0.1.10"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"
+
+[[package]]
+name = "cfg-if"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+
+[[package]]
+name = "hex"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "805026a5d0141ffc30abb3be3173848ad46a1b1664fe632428479619a3644d77"
+
+[[package]]
+name = "js-sys"
+version = "0.3.57"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "671a26f820db17c2a2750743f1dd03bafd15b98c9f30c7c2628c024c05d73397"
+dependencies = [
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "lazy_static"
+version = "1.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
+
+[[package]]
+name = "libc"
+version = "0.2.99"
+
+[[package]]
+name = "libc"
+version = "0.2.125"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "5916d2ae698f6de9bfb891ad7a8d65c09d232dc58cc4ac433c7da3b2fd84bc2b"
+
+[[package]]
+name = "log"
+version = "0.4.8"
+source =
"git+https://github.com/veracruz-project/log.git?branch=veracruz#64f2e08980af31e25edb5b699f195bb86a8990dd";
+dependencies = [
+ "cfg-if 0.1.10",
+]
+
+[[package]]
+name = "log"
+version = "0.4.17"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
+dependencies = [
+ "cfg-if 1.0.0",
+]
+
+[[package]]
+name = "optee-utee"
+version = "0.2.0"
+dependencies = [
+ "bitflags",
+ "hex",
+ "libc 0.2.99",
+ "optee-utee-macros",
+ "optee-utee-sys",
+ "uuid",
+]
+
+[[package]]
+name = "optee-utee-macros"
+version = "0.2.0"
+dependencies = [
+ "quote 0.6.13",
+ "syn 0.15.44",
+]
+
+[[package]]
+name = "optee-utee-sys"
+version = "0.2.0"
+dependencies = [
+ "libc 0.2.99",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "0.4.30"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759"
+dependencies = [
+ "unicode-xid 0.1.0",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.38"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "9027b48e9d4c9175fa2218adf3557f91c1137021739951d4932f5f8268ac48aa"
+dependencies = [
+ "unicode-xid 0.2.3",
+]
+
+[[package]]
+name = "proto"
+version = "0.2.0"
+dependencies = [
+ "uuid",
+]
+
+[[package]]
+name = "quote"
+version = "0.6.13"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1"
+dependencies = [
+ "proc-macro2 0.4.30",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.18"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "a1feb54ed693b93a84e14094943b84b7c4eae204c512b7ccb95ab0c66d278ad1"
+dependencies = [
+ "proc-macro2 1.0.38",
+]
+
+[[package]]
+name = "ring"
+version = "0.16.11"
+source =
"git+https://github.com/veracruz-project/ring.git?branch=veracruz#47996e06f9a2cc392091392f010d62e83e9ed0f4";
+dependencies = [
+ "cc",
+ "lazy_static",
+ "libc 0.2.125",
+ "optee-utee",
+ "spin",
+ "untrusted",
+ "web-sys",
+ "winapi",
+]
+
+[[package]]
+name = "rustls"
+version = "0.16.0"
+source =
"git+https://github.com/DemesneGH/rustls.git?branch=veracruz#dd164b3d5a53f655a8b5cd5ae8eae2b35902f763";
+dependencies = [
+ "base64",
+ "log 0.4.8",
+ "optee-utee",
+ "ring",
+ "sct",
+ "webpki",
+]
+
+[[package]]
+name = "sct"
+version = "0.6.0"
+source =
"git+https://github.com/veracruz-project/sct.rs.git?branch=veracruz#bb479fe436843337a062610b0a95c86cf1a0d194";
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
+[[package]]
+name = "spin"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
+
+[[package]]
+name = "syn"
+version = "0.15.44"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5"
+dependencies = [
+ "proc-macro2 0.4.30",
+ "quote 0.6.13",
+ "unicode-xid 0.1.0",
+]
+
+[[package]]
+name = "syn"
+version = "1.0.93"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "04066589568b72ec65f42d65a1a52436e954b168773148893c020269563decf2"
+dependencies = [
+ "proc-macro2 1.0.38",
+ "quote 1.0.18",
+ "unicode-xid 0.2.3",
+]
+
+[[package]]
+name = "ta"
+version = "0.2.0"
+dependencies = [
+ "libc 0.2.99",
+ "optee-utee",
+ "optee-utee-sys",
+ "proto",
+ "rustls",
+ "uuid",
+ "webpki",
+ "webpki-roots",
+]
+
+[[package]]
+name = "unicode-xid"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc"
+
+[[package]]
+name = "unicode-xid"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "957e51f3646910546462e67d5f7599b9e4fb8acdd304b087a6494730f9eebf04"
+
+[[package]]
+name = "untrusted"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
+
+[[package]]
+name = "uuid"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7"
+
+[[package]]
+name = "wasm-bindgen"
+version = "0.2.80"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "27370197c907c55e3f1a9fbe26f44e937fe6451368324e009cba39e139dc08ad"
+dependencies = [
+ "cfg-if 1.0.0",
+ "wasm-bindgen-macro",
+]
+
+[[package]]
+name = "wasm-bindgen-backend"
+version = "0.2.80"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "53e04185bfa3a779273da532f5025e33398409573f348985af9a1cbf3774d3f4"
+dependencies = [
+ "bumpalo",
+ "lazy_static",
+ "log 0.4.17",
+ "proc-macro2 1.0.38",
+ "quote 1.0.18",
+ "syn 1.0.93",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-macro"
+version = "0.2.80"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "17cae7ff784d7e83a2fe7611cfe766ecf034111b49deb850a3dc7699c08251f5"
+dependencies = [
+ "quote 1.0.18",
+ "wasm-bindgen-macro-support",
+]
+
+[[package]]
+name = "wasm-bindgen-macro-support"
+version = "0.2.80"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "99ec0dc7a4756fffc231aab1b9f2f578d23cd391390ab27f952ae0c9b3ece20b"
+dependencies = [
+ "proc-macro2 1.0.38",
+ "quote 1.0.18",
+ "syn 1.0.93",
+ "wasm-bindgen-backend",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-shared"
+version = "0.2.80"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "d554b7f530dee5964d9a9468d95c1f8b8acae4f282807e7d27d4b03099a46744"
+
+[[package]]
+name = "web-sys"
+version = "0.3.57"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "7b17e741662c70c8bd24ac5c5b18de314a2c26c32bf8346ee1e6f53de919c283"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "webpki"
+version = "0.21.2"
+source =
"git+https://github.com/veracruz-project/webpki.git?branch=veracruz#0139cf73ee0227de7587608ad043c0f85a4d4776";
+dependencies = [
+ "optee-utee",
+ "ring",
+ "untrusted",
+]
+
+[[package]]
+name = "webpki-roots"
+version = "0.19.0"
+source =
"git+https://github.com/veracruz-project/webpki-roots.git?branch=veracruz#a8023dba729f3b50841fe3d7ba87dd220b795f5e";
+dependencies = [
+ "webpki",
+]
+
+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
diff --git a/examples/tls_client-rs/ta/Cargo.toml
b/examples/tls_client-rs/ta/Cargo.toml
new file mode 100644
index 0000000..b7702b4
--- /dev/null
+++ b/examples/tls_client-rs/ta/Cargo.toml
@@ -0,0 +1,50 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+[package]
+name = "ta"
+version = "0.2.0"
+authors = ["Teaclave Contributors <[email protected]>"]
+license = "Apache-2.0"
+repository = "https://github.com/apache/incubator-teaclave-trustzone-sdk.git";
+description = "An example of Rust OP-TEE TrustZone SDK."
+edition = "2018"
+
+[dependencies]
+libc = { path = "../../../rust/libc" }
+proto = { path = "../proto" }
+optee-utee-sys = { path = "../../../optee-utee/optee-utee-sys" }
+optee-utee = { path = "../../../optee-utee" }
+
+rustls = { git = "https://github.com/DemesneGH/rustls.git";, branch =
"veracruz" }
+webpki = { git = "https://github.com/veracruz-project/webpki.git";, branch =
"veracruz", features = ["default"] }
+webpki-roots = { git = "https://github.com/veracruz-project/webpki-roots.git";,
branch = "veracruz", features = ["default"] }
+
+[build_dependencies]
+uuid = { version = "0.8" }
+proto = { path = "../proto" }
+
+[profile.release]
+lto = true
+
+# Patch optee-utee for webpki
+[patch."https://github.com/veracruz-project/rust-optee-trustzone-sdk.git";]
+optee-utee = { path = "../../../optee-utee" }
+
+# Patch optee-utee for rustls
+[patch."https://github.com/apache/incubator-teaclave-trustzone-sdk.git";]
+optee-utee = { path = "../../../optee-utee" }
diff --git a/examples/tls_client-rs/ta/Makefile
b/examples/tls_client-rs/ta/Makefile
new file mode 100644
index 0000000..ffee4b2
--- /dev/null
+++ b/examples/tls_client-rs/ta/Makefile
@@ -0,0 +1,53 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+OPTEE_DIR ?= ../../../optee
+OPTEE_OS_DIR ?= $(OPTEE_DIR)/optee_os
+UUID ?= $(shell cat "../uuid.txt")
+
+ARCH ?= aarch64
+
+ifeq ($(ARCH), arm)
+ TA_SIGN_KEY ?=
$(OPTEE_OS_DIR)/out/arm/export-ta_arm32/keys/default_ta.pem
+ SIGN := $(OPTEE_OS_DIR)/out/arm/export-ta_arm32/scripts/sign_encrypt.py
+ OPTEE_BIN := $(OPTEE_DIR)/toolchains/aarch32/bin
+ OBJCOPY := $(OPTEE_BIN)/arm-linux-gnueabihf-objcopy
+ TARGET := arm-unknown-optee-trustzone
+else
+ TA_SIGN_KEY ?=
$(OPTEE_OS_DIR)/out/arm/export-ta_arm64/keys/default_ta.pem
+ SIGN := $(OPTEE_OS_DIR)/out/arm/export-ta_arm64/scripts/sign_encrypt.py
+ OPTEE_BIN := $(OPTEE_DIR)/toolchains/$(ARCH)/bin
+ OBJCOPY := $(OPTEE_BIN)/aarch64-linux-gnu-objcopy
+ TARGET := aarch64-unknown-optee-trustzone
+endif
+
+OUT_DIR := $(CURDIR)/target/$(TARGET)/release
+
+all: ta strip sign
+
+ta:
+ @xargo build --target $(TARGET) --release --verbose
+
+strip:
+ @$(OBJCOPY) --strip-unneeded $(OUT_DIR)/ta $(OUT_DIR)/stripped_ta
+
+sign:
+ @$(SIGN) --uuid $(UUID) --key $(TA_SIGN_KEY) --in
$(OUT_DIR)/stripped_ta --out $(OUT_DIR)/$(UUID).ta
+ @echo "SIGN => ${UUID}"
+
+clean:
+ @xargo clean
diff --git a/examples/tls_client-rs/ta/Xargo.toml
b/examples/tls_client-rs/ta/Xargo.toml
new file mode 100644
index 0000000..c9ed04e
--- /dev/null
+++ b/examples/tls_client-rs/ta/Xargo.toml
@@ -0,0 +1,25 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+[dependencies.std]
+path = "../../../rust/rust/library/std"
+
+[patch.crates-io]
+libc = { path = "../../../rust/libc" }
+compiler_builtins = { path = "../../../rust/compiler-builtins" }
+rustc-std-workspace-core = { path =
"../../../rust/rust/library/rustc-std-workspace-core" }
+rustc-std-workspace-alloc = { path =
"../../../rust/rust/library/rustc-std-workspace-alloc" }
diff --git a/examples/tls_client-rs/ta/build.rs
b/examples/tls_client-rs/ta/build.rs
new file mode 100644
index 0000000..4b4d42d
--- /dev/null
+++ b/examples/tls_client-rs/ta/build.rs
@@ -0,0 +1,62 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+use proto;
+use std::env;
+use std::fs::File;
+use std::io::Write;
+use std::path::{Path, PathBuf};
+use uuid::Uuid;
+
+fn main() -> std::io::Result<()> {
+ let out = &PathBuf::from(env::var_os("OUT_DIR").unwrap());
+
+ let mut buffer = File::create(out.join("user_ta_header.rs"))?;
+ buffer.write_all(include_bytes!("ta_static.rs"))?;
+
+ let tee_uuid = Uuid::parse_str(proto::UUID).unwrap();
+ let (time_low, time_mid, time_hi_and_version, clock_seq_and_node) =
tee_uuid.as_fields();
+
+ write!(buffer, "\n")?;
+ write!(
+ buffer,
+ "const TA_UUID: optee_utee_sys::TEE_UUID = optee_utee_sys::TEE_UUID {{
+ timeLow: {:#x},
+ timeMid: {:#x},
+ timeHiAndVersion: {:#x},
+ clockSeqAndNode: {:#x?},
+}};",
+ time_low, time_mid, time_hi_and_version, clock_seq_and_node
+ )?;
+ let optee_os_dir =
env::var("OPTEE_OS_DIR").unwrap_or("../../../optee/optee_os".to_string());
+ let search_path = match env::var("ARCH") {
+ Ok(ref v) if v == "arm" => {
+
File::create(out.join("ta.lds"))?.write_all(include_bytes!("ta_arm.lds"))?;
+ Path::new(&optee_os_dir).join("out/arm/export-ta_arm32/lib")
+ }
+ _ => {
+
File::create(out.join("ta.lds"))?.write_all(include_bytes!("ta_aarch64.lds"))?;
+ Path::new(&optee_os_dir).join("out/arm/export-ta_arm64/lib")
+ }
+ };
+ println!("cargo:rustc-link-search={}", out.display());
+ println!("cargo:rerun-if-changed=ta.lds");
+
+ println!("cargo:rustc-link-search={}", search_path.display());
+ println!("cargo:rustc-link-lib=static=utee");
+ Ok(())
+}
diff --git a/examples/tls_client-rs/ta/src/main.rs
b/examples/tls_client-rs/ta/src/main.rs
new file mode 100644
index 0000000..d316a2a
--- /dev/null
+++ b/examples/tls_client-rs/ta/src/main.rs
@@ -0,0 +1,105 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#![no_main]
+
+use optee_utee::net::TcpStream;
+use optee_utee::{
+ ta_close_session, ta_create, ta_destroy, ta_invoke_command,
ta_open_session, trace_println,
+};
+use optee_utee::{Error, ErrorKind, Parameters, Result};
+use proto::Command;
+use std::io::Read;
+use std::io::Write;
+use std::sync::Arc;
+
+#[ta_create]
+fn create() -> Result<()> {
+ trace_println!("[+] TA create");
+ Ok(())
+}
+
+#[ta_open_session]
+fn open_session(_params: &mut Parameters) -> Result<()> {
+ trace_println!("[+] TA open session");
+ Ok(())
+}
+
+#[ta_close_session]
+fn close_session() {
+ trace_println!("[+] TA close session");
+}
+
+#[ta_destroy]
+fn destroy() {
+ trace_println!("[+] TA destroy");
+}
+
+#[ta_invoke_command]
+fn invoke_command(cmd_id: u32, _params: &mut Parameters) -> Result<()> {
+ trace_println!("[+] TA invoke command");
+ match Command::from(cmd_id) {
+ Command::Start => {
+ tls_client();
+ Ok(())
+ }
+ _ => Err(Error::new(ErrorKind::BadParameters)),
+ }
+}
+
+fn tls_client() {
+ let mut config = rustls::ClientConfig::new();
+ config
+ .root_store
+ .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
+ let rc_config = Arc::new(config);
+ let dns_name =
webpki::DNSNameRef::try_from_ascii_str("google.com").unwrap();
+ let mut conn = rustls::ClientSession::new(&rc_config, dns_name);
+ let mut sock = TcpStream::connect("google.com", 443).unwrap();
+ let mut tls = rustls::Stream::new(&mut conn, &mut sock);
+ tls.write_all(b"GET / HTTP/1.0\r\nHost: google.com\r\nAccept-Encoding:
identity\r\n\r\n")
+ .unwrap();
+ tls.flush().unwrap();
+
+ let mut response = Vec::new();
+ let mut chunk = [0u8; 1024];
+ loop {
+ match tls.read(&mut chunk) {
+ Ok(0) => break,
+ Ok(n) => response.extend_from_slice(&chunk[..n]),
+ Err(_) => {
+ trace_println!("Error");
+ panic!();
+ }
+ }
+ }
+ trace_println!("{}", String::from_utf8_lossy(&response));
+}
+
+// TA configurations
+const TA_FLAGS: u32 = 0;
+const TA_DATA_SIZE: u32 = 18 * 1024 * 1024;
+const TA_STACK_SIZE: u32 = 2 * 1024 * 1024;
+const TA_VERSION: &[u8] = b"0.2\0";
+const TA_DESCRIPTION: &[u8] = b"This is a tls client example.\0";
+const EXT_PROP_VALUE_1: &[u8] = b"TLS Client TA\0";
+const EXT_PROP_VALUE_2: u32 = 0x0010;
+const TRACE_LEVEL: i32 = 4;
+const TRACE_EXT_PREFIX: &[u8] = b"TA\0";
+const TA_FRAMEWORK_STACK_SIZE: u32 = 2048;
+
+include!(concat!(env!("OUT_DIR"), "/user_ta_header.rs"));
diff --git a/examples/tls_client-rs/ta/ta_aarch64.lds
b/examples/tls_client-rs/ta/ta_aarch64.lds
new file mode 100644
index 0000000..adb7603
--- /dev/null
+++ b/examples/tls_client-rs/ta/ta_aarch64.lds
@@ -0,0 +1,92 @@
+OUTPUT_FORMAT("elf64-littleaarch64", "elf64-bigaarch64", "elf64-littleaarch64")
+OUTPUT_ARCH(aarch64)
+
+PHDRS {
+ /*
+ * Exec and rodata headers are hard coded to RX and RO
+ * respectively. This is needed because the binary is relocatable
+ * and the linker would automatically make any header writeable
+ * that need to be updated during relocation.
+ */
+ exec PT_LOAD FLAGS (5); /* RX */
+ rodata PT_LOAD FLAGS (4); /* RO */
+ rwdata PT_LOAD;
+ dyn PT_DYNAMIC;
+}
+
+SECTIONS {
+ .ta_head : {*(.ta_head)} :exec
+ .text : {
+ __text_start = .;
+ *(.text .text.*)
+ *(.stub)
+ *(.glue_7)
+ *(.glue_7t)
+ *(.gnu.linkonce.t.*)
+ /* Workaround for an erratum in ARM's VFP11 coprocessor */
+ *(.vfp11_veneer)
+ PROVIDE(__gnu_mcount_nc = __utee_mcount);
+ __text_end = .;
+ }
+ .plt : { *(.plt) }
+
+ .eh_frame : { *(.eh_frame) } :rodata
+ .rodata : {
+ *(.gnu.linkonce.r.*)
+ *(.rodata .rodata.*)
+ }
+ /* .ARM.exidx is sorted, so has to go in its own output section. */
+ .ARM.exidx : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) }
+ .ctors : { *(.ctors) }
+ .dtors : { *(.dtors) }
+ .rel.text : { *(.rel.text) *(.rel.gnu.linkonce.t*) }
+ .rela.text : { *(.rela.text) *(.rela.gnu.linkonce.t*) }
+ .rel.data : { *(.rel.data) *(.rel.gnu.linkonce.d*) }
+ .rela.data : { *(.rela.data) *(.rela.gnu.linkonce.d*) }
+ .rel.rodata : { *(.rel.rodata) *(.rel.gnu.linkonce.r*) }
+ .rela.rodata : { *(.rela.rodata) *(.rela.gnu.linkonce.r*) }
+ .rel.dyn : { *(.rel.dyn) }
+ .rel.got : { *(.rel.got) }
+ .rela.got : { *(.rela.got) }
+ .rel.ctors : { *(.rel.ctors) }
+ .rela.ctors : { *(.rela.ctors) }
+ .rel.dtors : { *(.rel.dtors) }
+ .rela.dtors : { *(.rela.dtors) }
+ .rel.init : { *(.rel.init) }
+ .rela.init : { *(.rela.init) }
+ .rel.fini : { *(.rel.fini) }
+ .rela.fini : { *(.rela.fini) }
+ .rel.bss : { *(.rel.bss) }
+ .rela.bss : { *(.rela.bss) }
+ .rel.plt : { *(.rel.plt) }
+ .rela.plt : { *(.rela.plt) }
+ .dynamic : { *(.dynamic) } :dyn :rodata
+ .dynsym : { *(.dynsym) } :rodata
+ .dynstr : { *(.dynstr) }
+ .hash : { *(.hash) }
+
+ /* Page align to allow dropping execute bit for RW data */
+ . = ALIGN(4096);
+
+ .data : { *(.data .data.* .gnu.linkonce.d.*) } :rwdata
+ .got : { *(.got.plt) *(.got) }
+ .bss : {
+ *(.bss .bss.* .gnu.linkonce.b.* COMMON)
+
+ /*
+ * TA profiling with gprof
+ * Reserve some space for the profiling buffer, only if the
+ * TA is instrumented (i.e., some files were built with -pg).
+ * Note that PROVIDE() above defines a symbol only if it is
+ * referenced in the object files.
+ * This also provides a way to detect at runtime if the TA is
+ * instrumented or not.
+ */
+ . = ALIGN(8);
+ __gprof_buf_start = .;
+ __gprof_buf_end = .;
+ }
+
+ /DISCARD/ : { *(.interp) }
+}
+
diff --git a/examples/tls_client-rs/ta/ta_arm.lds
b/examples/tls_client-rs/ta/ta_arm.lds
new file mode 100644
index 0000000..e9601b5
--- /dev/null
+++ b/examples/tls_client-rs/ta/ta_arm.lds
@@ -0,0 +1,91 @@
+OUTPUT_FORMAT("elf32-littlearm")
+OUTPUT_ARCH(arm)
+
+PHDRS {
+ /*
+ * Exec and rodata headers are hard coded to RX and RO
+ * respectively. This is needed because the binary is relocatable
+ * and the linker would automatically make any header writeable
+ * that need to be updated during relocation.
+ */
+ exec PT_LOAD FLAGS (5); /* RX */
+ rodata PT_LOAD FLAGS (4); /* RO */
+ rwdata PT_LOAD;
+ dyn PT_DYNAMIC;
+}
+
+SECTIONS {
+ .ta_head : {*(.ta_head)} :exec
+ .text : {
+ __text_start = .;
+ *(.text .text.*)
+ *(.stub)
+ *(.glue_7)
+ *(.glue_7t)
+ *(.gnu.linkonce.t.*)
+ /* Workaround for an erratum in ARM's VFP11 coprocessor */
+ *(.vfp11_veneer)
+ PROVIDE(__gnu_mcount_nc = __utee_mcount);
+ __text_end = .;
+ }
+ .plt : { *(.plt) }
+
+ .eh_frame : { *(.eh_frame) } :rodata
+ .rodata : {
+ *(.gnu.linkonce.r.*)
+ *(.rodata .rodata.*)
+ }
+ /* .ARM.exidx is sorted, so has to go in its own output section. */
+ .ARM.exidx : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) }
+ .ctors : { *(.ctors) }
+ .dtors : { *(.dtors) }
+ .got : { *(.got.plt) *(.got) }
+ .rel.text : { *(.rel.text) *(.rel.gnu.linkonce.t*) }
+ .rela.text : { *(.rela.text) *(.rela.gnu.linkonce.t*) }
+ .rel.data : { *(.rel.data) *(.rel.gnu.linkonce.d*) }
+ .rela.data : { *(.rela.data) *(.rela.gnu.linkonce.d*) }
+ .rel.rodata : { *(.rel.rodata) *(.rel.gnu.linkonce.r*) }
+ .rela.rodata : { *(.rela.rodata) *(.rela.gnu.linkonce.r*) }
+ .rel.dyn : { *(.rel.dyn) }
+ .rel.got : { *(.rel.got) }
+ .rela.got : { *(.rela.got) }
+ .rel.ctors : { *(.rel.ctors) }
+ .rela.ctors : { *(.rela.ctors) }
+ .rel.dtors : { *(.rel.dtors) }
+ .rela.dtors : { *(.rela.dtors) }
+ .rel.init : { *(.rel.init) }
+ .rela.init : { *(.rela.init) }
+ .rel.fini : { *(.rel.fini) }
+ .rela.fini : { *(.rela.fini) }
+ .rel.bss : { *(.rel.bss) }
+ .rela.bss : { *(.rela.bss) }
+ .rel.plt : { *(.rel.plt) }
+ .rela.plt : { *(.rela.plt) }
+ .dynamic : { *(.dynamic) } :dyn :rodata
+ .dynsym : { *(.dynsym) } :rodata
+ .dynstr : { *(.dynstr) }
+ .hash : { *(.hash) }
+
+ /* Page align to allow dropping execute bit for RW data */
+ . = ALIGN(4096);
+
+ .data : { *(.data .data.* .gnu.linkonce.d.*) } :rwdata
+ .bss : {
+ *(.bss .bss.* .gnu.linkonce.b.* COMMON)
+
+ /*
+ * TA profiling with gprof
+ * Reserve some space for the profiling buffer, only if the
+ * TA is instrumented (i.e., some files were built with -pg).
+ * Note that PROVIDE() above defines a symbol only if it is
+ * referenced in the object files.
+ * This also provides a way to detect at runtime if the TA is
+ * instrumented or not.
+ */
+ . = ALIGN(8);
+ __gprof_buf_start = .;
+ __gprof_buf_end = .;
+ }
+
+ /DISCARD/ : { *(.interp) }
+}
diff --git a/examples/tls_client-rs/ta/ta_static.rs
b/examples/tls_client-rs/ta/ta_static.rs
new file mode 100644
index 0000000..b31f8c3
--- /dev/null
+++ b/examples/tls_client-rs/ta/ta_static.rs
@@ -0,0 +1,98 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#[no_mangle]
+pub static mut trace_level: libc::c_int = TRACE_LEVEL;
+
+#[no_mangle]
+pub static trace_ext_prefix: &[u8] = TRACE_EXT_PREFIX;
+
+#[no_mangle]
+#[link_section = ".ta_head"]
+pub static ta_head: optee_utee_sys::ta_head = optee_utee_sys::ta_head {
+ uuid: TA_UUID,
+ stack_size: TA_STACK_SIZE + TA_FRAMEWORK_STACK_SIZE,
+ flags: TA_FLAGS,
+ depr_entry: std::u64::MAX,
+};
+
+#[no_mangle]
+#[link_section = ".bss"]
+pub static ta_heap: [u8; TA_DATA_SIZE as usize] = [0; TA_DATA_SIZE as usize];
+
+#[no_mangle]
+pub static ta_heap_size: libc::size_t = std::mem::size_of::<u8>() *
TA_DATA_SIZE as usize;
+static FLAG_BOOL: bool = (TA_FLAGS & optee_utee_sys::TA_FLAG_SINGLE_INSTANCE)
!= 0;
+static FLAG_MULTI: bool = (TA_FLAGS & optee_utee_sys::TA_FLAG_MULTI_SESSION)
!= 0;
+static FLAG_INSTANCE: bool = (TA_FLAGS &
optee_utee_sys::TA_FLAG_INSTANCE_KEEP_ALIVE) != 0;
+
+#[no_mangle]
+pub static ta_num_props: libc::size_t = 9;
+
+#[no_mangle]
+pub static ta_props: [optee_utee_sys::user_ta_property; 9] = [
+ optee_utee_sys::user_ta_property {
+ name: optee_utee_sys::TA_PROP_STR_SINGLE_INSTANCE,
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_BOOL,
+ value: &FLAG_BOOL as *const bool as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: optee_utee_sys::TA_PROP_STR_MULTI_SESSION,
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_BOOL,
+ value: &FLAG_MULTI as *const bool as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: optee_utee_sys::TA_PROP_STR_KEEP_ALIVE,
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_BOOL,
+ value: &FLAG_INSTANCE as *const bool as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: optee_utee_sys::TA_PROP_STR_DATA_SIZE,
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_U32,
+ value: &TA_DATA_SIZE as *const u32 as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: optee_utee_sys::TA_PROP_STR_STACK_SIZE,
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_U32,
+ value: &TA_STACK_SIZE as *const u32 as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: optee_utee_sys::TA_PROP_STR_VERSION,
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_STRING,
+ value: TA_VERSION as *const [u8] as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: optee_utee_sys::TA_PROP_STR_DESCRIPTION,
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_STRING,
+ value: TA_DESCRIPTION as *const [u8] as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: "gp.ta.description\0".as_ptr(),
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_STRING,
+ value: EXT_PROP_VALUE_1 as *const [u8] as *mut _,
+ },
+ optee_utee_sys::user_ta_property {
+ name: "gp.ta.version\0".as_ptr(),
+ prop_type: optee_utee_sys::user_ta_prop_type::USER_TA_PROP_TYPE_U32,
+ value: &EXT_PROP_VALUE_2 as *const u32 as *mut _,
+ },
+];
+
+#[no_mangle]
+pub unsafe extern "C" fn tahead_get_trace_level() -> libc::c_int {
+ return trace_level;
+}
diff --git a/examples/tls_client-rs/uuid.txt b/examples/tls_client-rs/uuid.txt
new file mode 100644
index 0000000..b4a8678
--- /dev/null
+++ b/examples/tls_client-rs/uuid.txt
@@ -0,0 +1 @@
+ec55bfe2-d9c7-11eb-8b0e-f3f8fad927f7
diff --git a/tests/test_tls_client.sh b/tests/test_tls_client.sh
new file mode 100755
index 0000000..1252ffa
--- /dev/null
+++ b/tests/test_tls_client.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+set -xe
+
+rm -rf screenlog.0
+rm -rf optee-qemuv8-3.17.0-ubuntu-20.04
+rm -rf shared
+
+curl
https://nightlies.apache.org/teaclave/teaclave-trustzone-sdk/optee-qemuv8-3.17.0-ubuntu-20.04-expand-ta-memory.tar.gz
| tar zxv
+mkdir shared
+cp
../examples/tls_client-rs/ta/target/aarch64-unknown-optee-trustzone/release/*.ta
shared
+cp
../examples/tls_client-rs/host/target/aarch64-unknown-linux-gnu/release/tls_client-rs
shared
+
+screen -L -d -m -S qemu_screen ./optee-qemuv8.sh
+sleep 30
+screen -S qemu_screen -p 0 -X stuff "root\n"
+sleep 5
+screen -S qemu_screen -p 0 -X stuff "mkdir shared && mount -t 9p -o
trans=virtio host shared && cd shared\n"
+sleep 5
+screen -S qemu_screen -p 0 -X stuff "cp *.ta /lib/optee_armtz/\n"
+sleep 5
+screen -S qemu_screen -p 0 -X stuff "./tls_client-rs\n"
+sleep 5
+screen -S qemu_screen -p 0 -X stuff "^C"
+sleep 5
+
+{
+ grep -q "Success" screenlog.0
+} || {
+ cat -v screenlog.0
+ cat -v /tmp/serial.log
+ false
+}
+
+rm -rf screenlog.0
+rm -rf optee-qemuv8-3.17.0-ubuntu-20.04
+rm -rf shared
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
