ivila commented on code in PR #178: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/178#discussion_r2034329778
########## optee-utee/src/ta_session.rs: ########## @@ -0,0 +1,150 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +use core::ptr; +use optee_utee_sys as raw; + +use crate::{Error, Result, TeeParams, Uuid}; + +/// Represents a connection between a trusted application and another trusted application (can be user TA or pseudo TA). +pub struct TaSession { + raw: raw::TEE_TASessionHandle, + target_uuid: Uuid, + default_timeout: u32, +} + +impl TaSession { + /// Start configuring a new TA session with infinite timeout by default. + pub fn new(uuid: Uuid) -> Self { + Self { + raw: core::ptr::null_mut(), + target_uuid: uuid, + default_timeout: raw::TEE_TIMEOUT_INFINITE, + } + } + + /// Set the default timeout for this session. + /// Can be called both before and after opening the session. + pub fn timeout(mut self, timeout: u32) -> Self { + self.default_timeout = timeout; + self + } + + /// Set the default timeout for this session (mutable version). + /// Returns self to allow method chaining with invoke(). + pub fn with_timeout(&mut self, timeout: u32) -> &mut Self { + self.default_timeout = timeout; + self + } + + /// Open the session without parameters. + pub fn open(mut self) -> Result<Self> { + let mut err_origin: u32 = 0; + let mut raw_session: raw::TEE_TASessionHandle = core::ptr::null_mut(); + + match unsafe { + raw::TEE_OpenTASession( + self.target_uuid.as_raw_ptr(), + self.default_timeout, + 0, + ptr::null_mut(), + &mut raw_session, + &mut err_origin, + ) + } { + raw::TEE_SUCCESS => { + self.raw = raw_session; + Ok(self) + } + code => Err(Error::from_raw_error(code)), + } + } + + /// Open the session with parameters. + pub fn open_with_params(mut self, params: &mut TeeParams) -> Result<Self> { + let mut err_origin: u32 = 0; + let mut raw_session: raw::TEE_TASessionHandle = core::ptr::null_mut(); + let mut raw_params = params.as_raw(); + let param_types = params.raw_param_types(); + + match unsafe { + raw::TEE_OpenTASession( + self.target_uuid.as_raw_ptr(), + self.default_timeout, + param_types, + raw_params.as_mut_ptr(), + &mut raw_session, + &mut err_origin, + ) + } { + raw::TEE_SUCCESS => { + // Update the parameters with any results + params.update_from_raw(&raw_params); + self.raw = raw_session; + Ok(self) + } + code => Err(Error::from_raw_error(code)), + } + } + + /// Get the default timeout value for this session. + pub fn get_default_timeout(&self) -> u32 { + self.default_timeout + } + + /// Invokes a command with the provided parameters using the session's default timeout. + /// Returns the result directly without allowing further method chaining. + pub fn invoke_command(&mut self, command_id: u32, params: &mut TeeParams) -> Result<()> { + let mut err_origin: u32 = 0; + let mut raw_params = params.as_raw(); + let param_types = params.raw_param_types(); + + match unsafe { + raw::TEE_InvokeTACommand( + self.raw, + self.default_timeout, + command_id, + param_types, + raw_params.as_mut_ptr(), + &mut err_origin, + ) + } { + raw::TEE_SUCCESS => { + // Update the parameters with the results + params.update_from_raw(&raw_params); + trace_println!("TEE_InvokeTACommand: command_id: {} finished", command_id); + Ok(()) + } + code => Err(Error::from_raw_error(code)), + } + } + + pub fn as_mut_raw_ptr(&mut self) -> *mut raw::TEE_TASessionHandle { Review Comment: Shouldn't exposed to developers, maybe `pub(crate)`? ########## optee-utee/src/ta_session.rs: ########## @@ -0,0 +1,150 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +use core::ptr; +use optee_utee_sys as raw; + +use crate::{Error, Result, TeeParams, Uuid}; + +/// Represents a connection between a trusted application and another trusted application (can be user TA or pseudo TA). +pub struct TaSession { + raw: raw::TEE_TASessionHandle, + target_uuid: Uuid, + default_timeout: u32, +} + +impl TaSession { + /// Start configuring a new TA session with infinite timeout by default. + pub fn new(uuid: Uuid) -> Self { + Self { + raw: core::ptr::null_mut(), + target_uuid: uuid, + default_timeout: raw::TEE_TIMEOUT_INFINITE, + } + } + + /// Set the default timeout for this session. + /// Can be called both before and after opening the session. + pub fn timeout(mut self, timeout: u32) -> Self { + self.default_timeout = timeout; + self + } + + /// Set the default timeout for this session (mutable version). + /// Returns self to allow method chaining with invoke(). + pub fn with_timeout(&mut self, timeout: u32) -> &mut Self { + self.default_timeout = timeout; + self + } + + /// Open the session without parameters. + pub fn open(mut self) -> Result<Self> { + let mut err_origin: u32 = 0; + let mut raw_session: raw::TEE_TASessionHandle = core::ptr::null_mut(); + + match unsafe { + raw::TEE_OpenTASession( + self.target_uuid.as_raw_ptr(), + self.default_timeout, + 0, + ptr::null_mut(), + &mut raw_session, + &mut err_origin, + ) + } { + raw::TEE_SUCCESS => { + self.raw = raw_session; + Ok(self) + } + code => Err(Error::from_raw_error(code)), + } + } + + /// Open the session with parameters. + pub fn open_with_params(mut self, params: &mut TeeParams) -> Result<Self> { + let mut err_origin: u32 = 0; Review Comment: The `err_origin` never return, but I think some of the developers might read it (same as the `ERROR_TARGET_DEAD` problem in teec). ########## optee-utee/src/ta_session.rs: ########## @@ -0,0 +1,150 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +use core::ptr; +use optee_utee_sys as raw; + +use crate::{Error, Result, TeeParams, Uuid}; + +/// Represents a connection between a trusted application and another trusted application (can be user TA or pseudo TA). +pub struct TaSession { + raw: raw::TEE_TASessionHandle, + target_uuid: Uuid, + default_timeout: u32, +} + +impl TaSession { + /// Start configuring a new TA session with infinite timeout by default. + pub fn new(uuid: Uuid) -> Self { + Self { + raw: core::ptr::null_mut(), + target_uuid: uuid, + default_timeout: raw::TEE_TIMEOUT_INFINITE, + } + } + + /// Set the default timeout for this session. + /// Can be called both before and after opening the session. + pub fn timeout(mut self, timeout: u32) -> Self { + self.default_timeout = timeout; + self + } + + /// Set the default timeout for this session (mutable version). + /// Returns self to allow method chaining with invoke(). + pub fn with_timeout(&mut self, timeout: u32) -> &mut Self { + self.default_timeout = timeout; Review Comment: Should keep the same naming strategy with other files(like `tee_parameter.rs`). 1. `pub fn timeout(mut self)` => `pub fn set_timeout(&mut self)` prefix with `set_`, and change `mut self` to `&mut self` 3. `pub fn with_timeout(&mut self)` => `pub fn with_timeout(mut self)` change `&mut self` to `mut self` ########## optee-utee/src/ta_session.rs: ########## @@ -0,0 +1,150 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +use core::ptr; +use optee_utee_sys as raw; + +use crate::{Error, Result, TeeParams, Uuid}; + +/// Represents a connection between a trusted application and another trusted application (can be user TA or pseudo TA). +pub struct TaSession { + raw: raw::TEE_TASessionHandle, + target_uuid: Uuid, + default_timeout: u32, +} + +impl TaSession { + /// Start configuring a new TA session with infinite timeout by default. + pub fn new(uuid: Uuid) -> Self { + Self { + raw: core::ptr::null_mut(), + target_uuid: uuid, + default_timeout: raw::TEE_TIMEOUT_INFINITE, + } + } + + /// Set the default timeout for this session. + /// Can be called both before and after opening the session. + pub fn timeout(mut self, timeout: u32) -> Self { + self.default_timeout = timeout; + self + } + + /// Set the default timeout for this session (mutable version). + /// Returns self to allow method chaining with invoke(). + pub fn with_timeout(&mut self, timeout: u32) -> &mut Self { + self.default_timeout = timeout; + self + } + + /// Open the session without parameters. + pub fn open(mut self) -> Result<Self> { Review Comment: I think we should remove the `new` method and make `open` and `open_with_params` static methods instead. The current new method returns an invalid instance, and you must call `open` or `open_with_params` before doing anything useful—so it’s cleaner to just drop new altogether. ########## optee-utee/src/ta_session.rs: ########## @@ -0,0 +1,150 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +use core::ptr; +use optee_utee_sys as raw; + +use crate::{Error, Result, TeeParams, Uuid}; + +/// Represents a connection between a trusted application and another trusted application (can be user TA or pseudo TA). +pub struct TaSession { + raw: raw::TEE_TASessionHandle, + target_uuid: Uuid, + default_timeout: u32, +} + +impl TaSession { + /// Start configuring a new TA session with infinite timeout by default. + pub fn new(uuid: Uuid) -> Self { + Self { + raw: core::ptr::null_mut(), + target_uuid: uuid, + default_timeout: raw::TEE_TIMEOUT_INFINITE, + } + } + + /// Set the default timeout for this session. + /// Can be called both before and after opening the session. + pub fn timeout(mut self, timeout: u32) -> Self { + self.default_timeout = timeout; + self + } + + /// Set the default timeout for this session (mutable version). + /// Returns self to allow method chaining with invoke(). + pub fn with_timeout(&mut self, timeout: u32) -> &mut Self { + self.default_timeout = timeout; + self + } + + /// Open the session without parameters. + pub fn open(mut self) -> Result<Self> { + let mut err_origin: u32 = 0; + let mut raw_session: raw::TEE_TASessionHandle = core::ptr::null_mut(); + + match unsafe { + raw::TEE_OpenTASession( + self.target_uuid.as_raw_ptr(), + self.default_timeout, + 0, + ptr::null_mut(), + &mut raw_session, + &mut err_origin, + ) + } { + raw::TEE_SUCCESS => { + self.raw = raw_session; + Ok(self) + } + code => Err(Error::from_raw_error(code)), + } + } + + /// Open the session with parameters. + pub fn open_with_params(mut self, params: &mut TeeParams) -> Result<Self> { + let mut err_origin: u32 = 0; + let mut raw_session: raw::TEE_TASessionHandle = core::ptr::null_mut(); + let mut raw_params = params.as_raw(); + let param_types = params.raw_param_types(); + + match unsafe { + raw::TEE_OpenTASession( + self.target_uuid.as_raw_ptr(), + self.default_timeout, + param_types, + raw_params.as_mut_ptr(), + &mut raw_session, + &mut err_origin, + ) + } { + raw::TEE_SUCCESS => { + // Update the parameters with any results + params.update_from_raw(&raw_params); + self.raw = raw_session; + Ok(self) + } + code => Err(Error::from_raw_error(code)), + } + } + + /// Get the default timeout value for this session. + pub fn get_default_timeout(&self) -> u32 { + self.default_timeout + } + + /// Invokes a command with the provided parameters using the session's default timeout. + /// Returns the result directly without allowing further method chaining. + pub fn invoke_command(&mut self, command_id: u32, params: &mut TeeParams) -> Result<()> { + let mut err_origin: u32 = 0; + let mut raw_params = params.as_raw(); + let param_types = params.raw_param_types(); + + match unsafe { + raw::TEE_InvokeTACommand( + self.raw, + self.default_timeout, + command_id, + param_types, + raw_params.as_mut_ptr(), + &mut err_origin, + ) + } { + raw::TEE_SUCCESS => { + // Update the parameters with the results + params.update_from_raw(&raw_params); + trace_println!("TEE_InvokeTACommand: command_id: {} finished", command_id); + Ok(()) + } + code => Err(Error::from_raw_error(code)), + } + } + + pub fn as_mut_raw_ptr(&mut self) -> *mut raw::TEE_TASessionHandle { + &mut self.raw + } +} + +// Drop implementation to close the session +impl Drop for TaSession { + fn drop(&mut self) { + if !self.raw.is_null() { Review Comment: By removing the `new` method, we wouldn't need to check if `self.raw` is valid any more. ########## optee-utee/src/tee_parameter.rs: ########## @@ -0,0 +1,302 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +use crate::ParamType; +use core::ops::{Index, IndexMut}; +use optee_utee_sys as raw; + +#[derive(Copy, Clone, Debug)] +pub enum ParamIndex { + Arg0, + Arg1, + Arg2, + Arg3, +} + +impl ParamIndex { + fn to_usize(self) -> usize { + match self { + ParamIndex::Arg0 => 0, + ParamIndex::Arg1 => 1, + ParamIndex::Arg2 => 2, + ParamIndex::Arg3 => 3, + } + } +} + +enum ParamContent<'a> { + None, + MemrefInput { + buffer: &'a [u8], + }, + MemrefOutput { + buffer: &'a mut [u8], + written: usize, + }, + MemrefInout { + buffer: &'a mut [u8], + written: usize, + }, + ValueInput { + a: u32, + b: u32, + }, + ValueOutput { + a: u32, + b: u32, + }, + ValueInout { + a: u32, + b: u32, + }, +} + +pub struct Param<'a> { + content: ParamContent<'a>, +} + +impl<'a> Param<'a> { + fn new() -> Self { + Self { + content: ParamContent::None, + } + } + + pub fn written_slice(&self) -> Option<&[u8]> { Review Comment: Maybe return a `Result` type with `TEE_ERROR_BAD_FORMAT` or `TEE_ERROR_BAD_PARAMETERS`, and developers can easily convert the `Result` to `Option` using `ok()` or `err()` method. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
