1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017, Linaro Limited 4 */ 5 6 #include <assert.h> 7 #include <bitstring.h> 8 #include <crypto/crypto.h> 9 #include <kernel/mutex.h> 10 #include <kernel/thread.h> 11 #include <mm/mobj.h> 12 #include <optee_rpc_cmd.h> 13 #include <stdio.h> 14 #include <string.h> 15 #include <tee_api_defines_extensions.h> 16 #include <tee/tadb.h> 17 #include <tee/tee_fs.h> 18 #include <tee/tee_fs_rpc.h> 19 #include <tee/tee_pobj.h> 20 #include <tee/tee_svc_storage.h> 21 #include <utee_defines.h> 22 23 #define TADB_MAX_BUFFER_SIZE (64U * 1024) 24 25 #define TADB_AUTH_ENC_ALG TEE_ALG_AES_GCM 26 #define TADB_IV_SIZE TEE_AES_BLOCK_SIZE 27 #define TADB_TAG_SIZE TEE_AES_BLOCK_SIZE 28 #define TADB_KEY_SIZE TEE_AES_MAX_KEY_SIZE 29 30 struct tee_tadb_dir { 31 const struct tee_file_operations *ops; 32 struct tee_file_handle *fh; 33 int nbits; 34 bitstr_t *files; 35 }; 36 37 /* 38 * struct tadb_entry - TA database entry 39 * @prop: properties of TA 40 * @file_number: encrypted TA is stored in <file_number>.ta 41 * @iv: Initialization vector of the authentication crypto 42 * @tag: Tag used to validate the authentication encrypted TA 43 * @key: Key used to decrypt the TA 44 */ 45 struct tadb_entry { 46 struct tee_tadb_property prop; 47 uint32_t file_number; 48 uint8_t iv[TADB_IV_SIZE]; 49 uint8_t tag[TADB_TAG_SIZE]; 50 uint8_t key[TADB_KEY_SIZE]; 51 }; 52 53 struct tadb_header { 54 uint32_t opaque_len; 55 uint8_t opaque[]; 56 }; 57 58 struct tee_tadb_ta_write { 59 struct tee_tadb_dir *db; 60 int fd; 61 struct tadb_entry entry; 62 size_t pos; 63 void *ctx; 64 }; 65 66 struct tee_tadb_ta_read { 67 struct tee_tadb_dir *db; 68 int fd; 69 struct tadb_entry entry; 70 size_t pos; 71 void *ctx; 72 struct mobj *ta_mobj; 73 uint8_t *ta_buf; 74 }; 75 76 static const char tadb_obj_id[] = "ta.db"; 77 static struct tee_tadb_dir *tadb_db; 78 static unsigned int tadb_db_refc; 79 static struct mutex tadb_mutex = MUTEX_INITIALIZER; 80 81 static void file_num_to_str(char *buf, size_t blen, uint32_t file_number) 82 { 83 int rc __maybe_unused = 0; 84 85 rc = snprintf(buf, blen, "%" PRIu32 ".ta", file_number); 86 assert(rc >= 0); 87 } 88 89 static bool is_null_uuid(const TEE_UUID *uuid) 90 { 91 const TEE_UUID null_uuid = { 0 }; 92 93 return !memcmp(uuid, &null_uuid, sizeof(*uuid)); 94 } 95 96 static TEE_Result ta_operation_open(unsigned int cmd, uint32_t file_number, 97 int *fd) 98 { 99 struct mobj *mobj; 100 TEE_Result res; 101 void *va; 102 103 va = thread_rpc_shm_cache_alloc(THREAD_SHM_CACHE_USER_FS, 104 THREAD_SHM_TYPE_APPLICATION, 105 TEE_FS_NAME_MAX, &mobj); 106 if (!va) 107 return TEE_ERROR_OUT_OF_MEMORY; 108 109 file_num_to_str(va, TEE_FS_NAME_MAX, file_number); 110 111 struct thread_param params[] = { 112 [0] = THREAD_PARAM_VALUE(IN, cmd, 0, 0), 113 [1] = THREAD_PARAM_MEMREF(IN, mobj, 0, TEE_FS_NAME_MAX), 114 [2] = THREAD_PARAM_VALUE(OUT, 0, 0, 0), 115 }; 116 117 res = thread_rpc_cmd(OPTEE_RPC_CMD_FS, ARRAY_SIZE(params), params); 118 if (!res) 119 *fd = params[2].u.value.a; 120 121 return res; 122 } 123 124 static TEE_Result ta_operation_remove(uint32_t file_number) 125 { 126 struct mobj *mobj; 127 void *va; 128 129 va = thread_rpc_shm_cache_alloc(THREAD_SHM_CACHE_USER_FS, 130 THREAD_SHM_TYPE_APPLICATION, 131 TEE_FS_NAME_MAX, &mobj); 132 if (!va) 133 return TEE_ERROR_OUT_OF_MEMORY; 134 135 file_num_to_str(va, TEE_FS_NAME_MAX, file_number); 136 137 struct thread_param params[] = { 138 [0] = THREAD_PARAM_VALUE(IN, OPTEE_RPC_FS_REMOVE, 0, 0), 139 [1] = THREAD_PARAM_MEMREF(IN, mobj, 0, TEE_FS_NAME_MAX), 140 }; 141 142 return thread_rpc_cmd(OPTEE_RPC_CMD_FS, ARRAY_SIZE(params), params); 143 } 144 145 static TEE_Result maybe_grow_files(struct tee_tadb_dir *db, int idx) 146 { 147 void *p; 148 149 if (idx < db->nbits) 150 return TEE_SUCCESS; 151 152 p = realloc(db->files, bitstr_size(idx + 1)); 153 if (!p) 154 return TEE_ERROR_OUT_OF_MEMORY; 155 db->files = p; 156 157 bit_nclear(db->files, db->nbits, idx); 158 db->nbits = idx + 1; 159 160 return TEE_SUCCESS; 161 } 162 163 static TEE_Result set_file(struct tee_tadb_dir *db, int idx) 164 { 165 TEE_Result res = maybe_grow_files(db, idx); 166 167 if (!res) 168 bit_set(db->files, idx); 169 170 return res; 171 } 172 173 static void clear_file(struct tee_tadb_dir *db, int idx) 174 { 175 /* 176 * This is safe because db->nbits > 0 implies that 177 * db->files is non-NULL (see maybe_grow_files()). 178 */ 179 if (idx < db->nbits) 180 bit_clear(db->files, idx); 181 } 182 183 static bool test_file(struct tee_tadb_dir *db, int idx) 184 { 185 /* 186 * This is safe because db->nbits > 0 implies that 187 * db->files is non-NULL (see maybe_grow_files()). 188 */ 189 if (idx < db->nbits) 190 return bit_test(db->files, idx); 191 192 return false; 193 } 194 195 static TEE_Result read_ent(struct tee_tadb_dir *db, size_t idx, 196 struct tadb_entry *entry) 197 { 198 size_t l = sizeof(*entry); 199 TEE_Result res = db->ops->read(db->fh, idx * l, entry, &l); 200 201 if (!res && l != sizeof(*entry)) 202 return TEE_ERROR_ITEM_NOT_FOUND; 203 204 return res; 205 } 206 207 static TEE_Result write_ent(struct tee_tadb_dir *db, size_t idx, 208 const struct tadb_entry *entry) 209 { 210 const size_t l = sizeof(*entry); 211 212 return db->ops->write(db->fh, idx * l, entry, l); 213 } 214 215 static TEE_Result tadb_open(struct tee_tadb_dir **db_ret) 216 { 217 TEE_Result res; 218 struct tee_tadb_dir *db = calloc(1, sizeof(*db)); 219 struct tee_pobj po = { 220 .obj_id = (void *)tadb_obj_id, 221 .obj_id_len = sizeof(tadb_obj_id) 222 }; 223 224 if (!db) 225 return TEE_ERROR_OUT_OF_MEMORY; 226 227 db->ops = tee_svc_storage_file_ops(TEE_STORAGE_PRIVATE); 228 229 res = db->ops->open(&po, NULL, &db->fh); 230 if (res == TEE_ERROR_ITEM_NOT_FOUND) 231 res = db->ops->create(&po, false, NULL, 0, NULL, 0, NULL, 0, 232 &db->fh); 233 234 if (res) 235 free(db); 236 else 237 *db_ret = db; 238 239 return res; 240 } 241 242 static TEE_Result tee_tadb_open(struct tee_tadb_dir **db) 243 { 244 TEE_Result res = TEE_SUCCESS; 245 246 mutex_lock(&tadb_mutex); 247 if (!tadb_db_refc) { 248 assert(!tadb_db); 249 res = tadb_open(&tadb_db); 250 if (res) 251 goto err; 252 } 253 tadb_db_refc++; 254 *db = tadb_db; 255 err: 256 mutex_unlock(&tadb_mutex); 257 return res; 258 } 259 260 static void tadb_put(struct tee_tadb_dir *db) 261 { 262 assert(db == tadb_db); 263 mutex_lock(&tadb_mutex); 264 assert(tadb_db_refc); 265 tadb_db_refc--; 266 if (!tadb_db_refc) { 267 db->ops->close(&db->fh); 268 free(db->files); 269 free(db); 270 tadb_db = NULL; 271 } 272 mutex_unlock(&tadb_mutex); 273 } 274 275 static void tee_tadb_close(struct tee_tadb_dir *db) 276 { 277 tadb_put(db); 278 } 279 280 static TEE_Result tadb_authenc_init(TEE_OperationMode mode, 281 const struct tadb_entry *entry, 282 void **ctx_ret) 283 { 284 TEE_Result res; 285 void *ctx; 286 const size_t enc_size = entry->prop.custom_size + entry->prop.bin_size; 287 288 res = crypto_authenc_alloc_ctx(&ctx, TADB_AUTH_ENC_ALG); 289 if (res) 290 return res; 291 292 res = crypto_authenc_init(ctx, mode, entry->key, sizeof(entry->key), 293 entry->iv, sizeof(entry->iv), 294 sizeof(entry->tag), 0, enc_size); 295 if (res) 296 crypto_authenc_free_ctx(ctx); 297 else 298 *ctx_ret = ctx; 299 300 return res; 301 } 302 303 static TEE_Result tadb_update_payload(void *ctx, TEE_OperationMode mode, 304 const void *src, size_t len, void *dst) 305 { 306 TEE_Result res; 307 size_t sz = len; 308 309 res = crypto_authenc_update_payload(ctx, mode, (const uint8_t *)src, 310 len, dst, &sz); 311 assert(res || sz == len); 312 return res; 313 } 314 315 static TEE_Result populate_files(struct tee_tadb_dir *db) 316 { 317 TEE_Result res; 318 size_t idx; 319 320 /* 321 * If db->files isn't NULL the bitfield is already populated and 322 * there's nothing left to do here for now. 323 */ 324 if (db->nbits) 325 return TEE_SUCCESS; 326 327 /* 328 * Iterate over the TA database and set the bits in the bit field 329 * for used file numbers. Note that set_file() will allocate and 330 * grow the bitfield as needed. 331 * 332 * At the same time clean out duplicate file numbers, the first 333 * entry with the file number has precedence. Duplicate entries is 334 * not supposed to be able to happen, but if it still does better 335 * to clean it out here instead of letting the error spread with 336 * unexpected side effects. 337 */ 338 for (idx = 0;; idx++) { 339 struct tadb_entry entry; 340 341 res = read_ent(db, idx, &entry); 342 if (res) { 343 if (res == TEE_ERROR_ITEM_NOT_FOUND) 344 return TEE_SUCCESS; 345 goto err; 346 } 347 348 if (is_null_uuid(&entry.prop.uuid)) 349 continue; 350 351 if (test_file(db, entry.file_number)) { 352 IMSG("Clearing duplicate file number %" PRIu32, 353 entry.file_number); 354 memset(&entry, 0, sizeof(entry)); 355 res = write_ent(db, idx, &entry); 356 if (res) 357 goto err; 358 continue; 359 } 360 361 res = set_file(db, entry.file_number); 362 if (res) 363 goto err; 364 } 365 366 err: 367 free(db->files); 368 db->files = NULL; 369 db->nbits = 0; 370 371 return res; 372 } 373 374 TEE_Result tee_tadb_ta_create(const struct tee_tadb_property *property, 375 struct tee_tadb_ta_write **ta_ret) 376 { 377 TEE_Result res; 378 struct tee_tadb_ta_write *ta; 379 int i = 0; 380 381 if (is_null_uuid(&property->uuid)) 382 return TEE_ERROR_GENERIC; 383 384 ta = calloc(1, sizeof(*ta)); 385 if (!ta) 386 return TEE_ERROR_OUT_OF_MEMORY; 387 388 res = tee_tadb_open(&ta->db); 389 if (res) 390 goto err_free; 391 392 mutex_lock(&tadb_mutex); 393 394 /* 395 * Since we're going to search for next free file number below we 396 * need to populate the bitfield holding used file numbers. 397 */ 398 res = populate_files(ta->db); 399 if (res) 400 goto err_mutex; 401 402 if (ta->db->files) { 403 bit_ffc(ta->db->files, ta->db->nbits, &i); 404 if (i == -1) 405 i = ta->db->nbits; 406 } 407 408 res = set_file(ta->db, i); 409 if (res) 410 goto err_mutex; 411 412 mutex_unlock(&tadb_mutex); 413 414 ta->entry.file_number = i; 415 ta->entry.prop = *property; 416 417 res = crypto_rng_read(ta->entry.iv, sizeof(ta->entry.iv)); 418 if (res) 419 goto err_put; 420 421 res = crypto_rng_read(ta->entry.key, sizeof(ta->entry.key)); 422 if (res) 423 goto err_put; 424 425 res = ta_operation_open(OPTEE_RPC_FS_CREATE, ta->entry.file_number, 426 &ta->fd); 427 if (res) 428 goto err_put; 429 430 res = tadb_authenc_init(TEE_MODE_ENCRYPT, &ta->entry, &ta->ctx); 431 if (res) 432 goto err_put; 433 434 *ta_ret = ta; 435 436 return TEE_SUCCESS; 437 438 err_mutex: 439 mutex_unlock(&tadb_mutex); 440 err_put: 441 tadb_put(ta->db); 442 err_free: 443 free(ta); 444 445 return res; 446 } 447 448 TEE_Result tee_tadb_ta_write(struct tee_tadb_ta_write *ta, const void *buf, 449 size_t len) 450 { 451 TEE_Result res; 452 const uint8_t *rb = buf; 453 size_t rl = len; 454 struct tee_fs_rpc_operation op; 455 456 while (rl) { 457 size_t wl = MIN(rl, TADB_MAX_BUFFER_SIZE); 458 void *wb; 459 460 res = tee_fs_rpc_write_init(&op, OPTEE_RPC_CMD_FS, ta->fd, 461 ta->pos, wl, &wb); 462 if (res) 463 return res; 464 465 res = tadb_update_payload(ta->ctx, TEE_MODE_ENCRYPT, 466 rb, wl, wb); 467 if (res) 468 return res; 469 470 res = tee_fs_rpc_write_final(&op); 471 if (res) 472 return res; 473 474 rl -= wl; 475 rb += wl; 476 ta->pos += wl; 477 } 478 479 return TEE_SUCCESS; 480 } 481 482 void tee_tadb_ta_close_and_delete(struct tee_tadb_ta_write *ta) 483 { 484 crypto_authenc_final(ta->ctx); 485 crypto_authenc_free_ctx(ta->ctx); 486 tee_fs_rpc_close(OPTEE_RPC_CMD_FS, ta->fd); 487 ta_operation_remove(ta->entry.file_number); 488 489 mutex_lock(&tadb_mutex); 490 clear_file(ta->db, ta->entry.file_number); 491 mutex_unlock(&tadb_mutex); 492 493 tadb_put(ta->db); 494 free(ta); 495 } 496 497 static TEE_Result find_ent(struct tee_tadb_dir *db, const TEE_UUID *uuid, 498 size_t *idx_ret, struct tadb_entry *entry_ret) 499 { 500 TEE_Result res; 501 size_t idx; 502 503 /* 504 * Search for the provided uuid, if it's found return the index it 505 * has together with TEE_SUCCESS. 506 * 507 * If the uuid can't be found return the number indexes together 508 * with TEE_ERROR_ITEM_NOT_FOUND. 509 */ 510 for (idx = 0;; idx++) { 511 struct tadb_entry entry; 512 513 res = read_ent(db, idx, &entry); 514 if (res) { 515 if (res == TEE_ERROR_ITEM_NOT_FOUND) 516 break; 517 return res; 518 } 519 520 if (!memcmp(&entry.prop.uuid, uuid, sizeof(*uuid))) { 521 if (entry_ret) 522 *entry_ret = entry; 523 break; 524 } 525 } 526 527 *idx_ret = idx; 528 return res; 529 } 530 531 static TEE_Result find_free_ent_idx(struct tee_tadb_dir *db, size_t *idx) 532 { 533 const TEE_UUID null_uuid = { 0 }; 534 TEE_Result res = find_ent(db, &null_uuid, idx, NULL); 535 536 /* 537 * Note that *idx is set to the number of entries on 538 * TEE_ERROR_ITEM_NOT_FOUND. 539 */ 540 if (res == TEE_ERROR_ITEM_NOT_FOUND) 541 return TEE_SUCCESS; 542 return res; 543 } 544 545 TEE_Result tee_tadb_ta_close_and_commit(struct tee_tadb_ta_write *ta) 546 { 547 TEE_Result res; 548 size_t dsz = 0; 549 size_t sz = sizeof(ta->entry.tag); 550 size_t idx; 551 struct tadb_entry old_ent; 552 bool have_old_ent = false; 553 554 res = crypto_authenc_enc_final(ta->ctx, NULL, 0, NULL, &dsz, 555 ta->entry.tag, &sz); 556 if (res) 557 goto err; 558 559 tee_fs_rpc_close(OPTEE_RPC_CMD_FS, ta->fd); 560 561 mutex_lock(&tadb_mutex); 562 /* 563 * First try to find an existing TA to replace. If there's one 564 * we'll use the entry, but we should also remove the old encrypted 565 * file. 566 * 567 * If there isn't an existing TA to replace, grab a new entry. 568 */ 569 res = find_ent(ta->db, &ta->entry.prop.uuid, &idx, &old_ent); 570 if (!res) { 571 have_old_ent = true; 572 } else { 573 res = find_free_ent_idx(ta->db, &idx); 574 if (res) 575 goto err_mutex; 576 } 577 res = write_ent(ta->db, idx, &ta->entry); 578 if (res) 579 goto err_mutex; 580 if (have_old_ent) 581 clear_file(ta->db, old_ent.file_number); 582 mutex_unlock(&tadb_mutex); 583 584 crypto_authenc_final(ta->ctx); 585 crypto_authenc_free_ctx(ta->ctx); 586 tadb_put(ta->db); 587 free(ta); 588 if (have_old_ent) 589 ta_operation_remove(old_ent.file_number); 590 return TEE_SUCCESS; 591 592 err_mutex: 593 mutex_unlock(&tadb_mutex); 594 err: 595 tee_tadb_ta_close_and_delete(ta); 596 return res; 597 } 598 599 TEE_Result tee_tadb_ta_delete(const TEE_UUID *uuid) 600 { 601 const struct tadb_entry null_entry = { { { 0 } } }; 602 struct tee_tadb_dir *db; 603 struct tadb_entry entry; 604 size_t idx; 605 TEE_Result res; 606 607 if (is_null_uuid(uuid)) 608 return TEE_ERROR_GENERIC; 609 610 res = tee_tadb_open(&db); 611 if (res) 612 return res; 613 614 mutex_lock(&tadb_mutex); 615 res = find_ent(db, uuid, &idx, &entry); 616 if (res) { 617 mutex_unlock(&tadb_mutex); 618 tee_tadb_close(db); 619 return res; 620 } 621 622 clear_file(db, entry.file_number); 623 res = write_ent(db, idx, &null_entry); 624 mutex_unlock(&tadb_mutex); 625 626 tee_tadb_close(db); 627 if (res) 628 return res; 629 630 ta_operation_remove(entry.file_number); 631 return TEE_SUCCESS; 632 } 633 634 TEE_Result tee_tadb_ta_open(const TEE_UUID *uuid, 635 struct tee_tadb_ta_read **ta_ret) 636 { 637 TEE_Result res = TEE_SUCCESS; 638 size_t idx = 0; 639 struct tee_tadb_ta_read *ta = NULL; 640 641 if (is_null_uuid(uuid)) 642 return TEE_ERROR_GENERIC; 643 644 ta = calloc(1, sizeof(*ta)); 645 if (!ta) 646 return TEE_ERROR_OUT_OF_MEMORY; 647 648 res = tee_tadb_open(&ta->db); 649 if (res) 650 goto err_free; /* Mustn't call tadb_put() */ 651 652 mutex_read_lock(&tadb_mutex); 653 res = find_ent(ta->db, uuid, &idx, &ta->entry); 654 mutex_read_unlock(&tadb_mutex); 655 if (res) 656 goto err; 657 658 res = ta_operation_open(OPTEE_RPC_FS_OPEN, ta->entry.file_number, 659 &ta->fd); 660 if (res) 661 goto err; 662 663 res = tadb_authenc_init(TEE_MODE_DECRYPT, &ta->entry, &ta->ctx); 664 if (res) 665 goto err; 666 667 *ta_ret = ta; 668 669 return TEE_SUCCESS; 670 err: 671 tadb_put(ta->db); 672 err_free: 673 free(ta); 674 return res; 675 } 676 677 const struct tee_tadb_property * 678 tee_tadb_ta_get_property(struct tee_tadb_ta_read *ta) 679 { 680 return &ta->entry.prop; 681 } 682 683 TEE_Result tee_tadb_get_tag(struct tee_tadb_ta_read *ta, uint8_t *tag, 684 unsigned int *tag_len) 685 { 686 if (!tag || *tag_len < sizeof(ta->entry.tag)) { 687 *tag_len = sizeof(ta->entry.tag); 688 return TEE_ERROR_SHORT_BUFFER; 689 } 690 *tag_len = sizeof(ta->entry.tag); 691 692 memcpy(tag, ta->entry.tag, sizeof(ta->entry.tag)); 693 694 return TEE_SUCCESS; 695 } 696 697 static TEE_Result ta_load(struct tee_tadb_ta_read *ta) 698 { 699 TEE_Result res; 700 const size_t sz = ta->entry.prop.custom_size + ta->entry.prop.bin_size; 701 702 if (ta->ta_mobj) 703 return TEE_SUCCESS; 704 705 ta->ta_mobj = thread_rpc_alloc_payload(sz); 706 if (!ta->ta_mobj) 707 return TEE_ERROR_OUT_OF_MEMORY; 708 709 ta->ta_buf = mobj_get_va(ta->ta_mobj, 0); 710 assert(ta->ta_buf); 711 712 struct thread_param params[] = { 713 [0] = THREAD_PARAM_VALUE(IN, OPTEE_RPC_FS_READ, ta->fd, 0), 714 [1] = THREAD_PARAM_MEMREF(OUT, ta->ta_mobj, 0, sz), 715 }; 716 717 res = thread_rpc_cmd(OPTEE_RPC_CMD_FS, ARRAY_SIZE(params), params); 718 if (res) { 719 thread_rpc_free_payload(ta->ta_mobj); 720 ta->ta_mobj = NULL; 721 } 722 return res; 723 } 724 725 TEE_Result tee_tadb_ta_read(struct tee_tadb_ta_read *ta, void *buf, size_t *len) 726 { 727 TEE_Result res; 728 const size_t sz = ta->entry.prop.custom_size + ta->entry.prop.bin_size; 729 size_t l = MIN(*len, sz - ta->pos); 730 731 res = ta_load(ta); 732 if (res) 733 return res; 734 735 if (buf) { 736 res = tadb_update_payload(ta->ctx, TEE_MODE_DECRYPT, 737 ta->ta_buf + ta->pos, l, buf); 738 if (res) 739 return res; 740 } else { 741 size_t num_bytes = 0; 742 size_t b_size = MIN(256U, l); 743 uint8_t *b = malloc(b_size); 744 745 if (!b) 746 return TEE_ERROR_OUT_OF_MEMORY; 747 748 while (num_bytes < l) { 749 size_t n = MIN(b_size, l - num_bytes); 750 751 res = tadb_update_payload(ta->ctx, TEE_MODE_DECRYPT, 752 ta->ta_buf + ta->pos + 753 num_bytes, n, b); 754 if (res) 755 break; 756 num_bytes += n; 757 } 758 759 free(b); 760 if (res) 761 return res; 762 } 763 764 ta->pos += l; 765 if (ta->pos == sz) { 766 size_t dl = 0; 767 768 res = crypto_authenc_dec_final(ta->ctx, NULL, 0, NULL, &dl, 769 ta->entry.tag, TADB_TAG_SIZE); 770 if (res) 771 return res; 772 } 773 *len = l; 774 return TEE_SUCCESS; 775 } 776 777 void tee_tadb_ta_close(struct tee_tadb_ta_read *ta) 778 { 779 crypto_authenc_final(ta->ctx); 780 crypto_authenc_free_ctx(ta->ctx); 781 if (ta->ta_mobj) 782 thread_rpc_free_payload(ta->ta_mobj); 783 tee_fs_rpc_close(OPTEE_RPC_CMD_FS, ta->fd); 784 tadb_put(ta->db); 785 free(ta); 786 } 787