1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017, Linaro Limited 4 */ 5 6 #include <bitstring.h> 7 #include <crypto/crypto.h> 8 #include <kernel/msg_param.h> 9 #include <kernel/mutex.h> 10 #include <kernel/refcount.h> 11 #include <kernel/thread.h> 12 #include <optee_msg_supplicant.h> 13 #include <string.h> 14 #include <tee_api_defines_extensions.h> 15 #include <tee/tadb.h> 16 #include <tee/tee_fs.h> 17 #include <tee/tee_fs_rpc.h> 18 #include <tee/tee_pobj.h> 19 #include <tee/tee_svc_storage.h> 20 #include <utee_defines.h> 21 22 #define TADB_MAX_BUFFER_SIZE (64U * 1024) 23 24 #define TADB_AUTH_ENC_ALG TEE_ALG_AES_GCM 25 #define TADB_IV_SIZE TEE_AES_BLOCK_SIZE 26 #define TADB_TAG_SIZE TEE_AES_BLOCK_SIZE 27 #define TADB_KEY_SIZE TEE_AES_MAX_KEY_SIZE 28 29 struct tee_tadb_dir { 30 const struct tee_file_operations *ops; 31 struct tee_file_handle *fh; 32 int nbits; 33 bitstr_t *files; 34 }; 35 36 struct tadb_entry { 37 struct tee_tadb_property prop; 38 uint32_t file_number; 39 uint8_t iv[TADB_IV_SIZE]; 40 uint8_t tag[TADB_TAG_SIZE]; 41 uint8_t key[TADB_KEY_SIZE]; 42 }; 43 44 struct tadb_header { 45 uint32_t opaque_len; 46 uint8_t opaque[]; 47 }; 48 49 struct tee_tadb_ta_write { 50 struct tee_tadb_dir *db; 51 int fd; 52 struct tadb_entry entry; 53 size_t pos; 54 void *ctx; 55 }; 56 57 struct tee_tadb_ta_read { 58 struct tee_tadb_dir *db; 59 int fd; 60 struct tadb_entry entry; 61 size_t pos; 62 void *ctx; 63 struct mobj *ta_mobj; 64 uint8_t *ta_buf; 65 }; 66 67 static const char tadb_obj_id[] = "ta.db"; 68 static struct tee_tadb_dir *tadb_db; 69 static struct refcount tadb_db_refc; 70 static struct mutex tadb_mutex = MUTEX_INITIALIZER; 71 72 static void file_num_to_str(char *buf, size_t blen, uint32_t file_number) 73 { 74 snprintf(buf, blen, "%" PRIu32 ".ta", file_number); 75 } 76 77 static bool is_null_uuid(const TEE_UUID *uuid) 78 { 79 const TEE_UUID null_uuid = { 0 }; 80 81 return !memcmp(uuid, &null_uuid, sizeof(*uuid)); 82 } 83 84 static TEE_Result ta_operation_open(unsigned int cmd, uint32_t file_number, 85 int *fd) 86 { 87 struct mobj *mobj; 88 TEE_Result res; 89 void *va; 90 struct optee_msg_param params[] = { 91 [0] = { .attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT, 92 .u.value.a = cmd }, 93 [2] = { .attr = OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT } 94 }; 95 96 va = tee_fs_rpc_cache_alloc(TEE_FS_NAME_MAX, &mobj); 97 if (!va) 98 return TEE_ERROR_OUT_OF_MEMORY; 99 100 if (!msg_param_init_memparam(params + 1, mobj, 0, TEE_FS_NAME_MAX, 101 MSG_PARAM_MEM_DIR_IN)) 102 return TEE_ERROR_BAD_STATE; 103 104 file_num_to_str(va, TEE_FS_NAME_MAX, file_number); 105 106 res = thread_rpc_cmd(OPTEE_MSG_RPC_CMD_FS, ARRAY_SIZE(params), params); 107 if (!res) 108 *fd = params[2].u.value.a; 109 110 return res; 111 } 112 113 static TEE_Result ta_operation_remove(uint32_t file_number) 114 { 115 struct mobj *mobj; 116 void *va; 117 struct optee_msg_param params[2] = { 118 [0] = { .attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT, 119 .u.value.a = OPTEE_MRF_REMOVE }, 120 }; 121 122 va = tee_fs_rpc_cache_alloc(TEE_FS_NAME_MAX, &mobj); 123 if (!va) 124 return TEE_ERROR_OUT_OF_MEMORY; 125 126 if (!msg_param_init_memparam(params + 1, mobj, 0, TEE_FS_NAME_MAX, 127 MSG_PARAM_MEM_DIR_IN)) 128 return TEE_ERROR_BAD_STATE; 129 130 file_num_to_str(va, TEE_FS_NAME_MAX, file_number); 131 132 return thread_rpc_cmd(OPTEE_MSG_RPC_CMD_FS, ARRAY_SIZE(params), params); 133 } 134 135 static TEE_Result maybe_grow_files(struct tee_tadb_dir *db, int idx) 136 { 137 void *p; 138 139 if (idx < db->nbits) 140 return TEE_SUCCESS; 141 142 p = realloc(db->files, bitstr_size(idx + 1)); 143 if (!p) 144 return TEE_ERROR_OUT_OF_MEMORY; 145 db->files = p; 146 147 bit_nclear(db->files, db->nbits, idx); 148 db->nbits = idx + 1; 149 150 return TEE_SUCCESS; 151 } 152 153 static TEE_Result set_file(struct tee_tadb_dir *db, int idx) 154 { 155 TEE_Result res = maybe_grow_files(db, idx); 156 157 if (!res) 158 bit_set(db->files, idx); 159 160 return res; 161 } 162 163 static void clear_file(struct tee_tadb_dir *db, int idx) 164 { 165 if (idx < db->nbits) 166 bit_clear(db->files, idx); 167 } 168 169 static bool test_file(struct tee_tadb_dir *db, int idx) 170 { 171 if (idx < db->nbits) 172 return bit_test(db->files, idx); 173 174 return false; 175 } 176 177 static TEE_Result read_ent(struct tee_tadb_dir *db, size_t idx, 178 struct tadb_entry *entry) 179 { 180 size_t l = sizeof(*entry); 181 TEE_Result res = db->ops->read(db->fh, idx * l, entry, &l); 182 183 if (!res && l != sizeof(*entry)) 184 return TEE_ERROR_ITEM_NOT_FOUND; 185 186 return res; 187 } 188 189 static TEE_Result write_ent(struct tee_tadb_dir *db, size_t idx, 190 const struct tadb_entry *entry) 191 { 192 const size_t l = sizeof(*entry); 193 194 return db->ops->write(db->fh, idx * l, entry, l); 195 } 196 197 static TEE_Result tadb_open(struct tee_tadb_dir **db_ret) 198 { 199 TEE_Result res; 200 struct tee_tadb_dir *db = calloc(1, sizeof(*db)); 201 struct tee_pobj po = { 202 .obj_id = (void *)tadb_obj_id, 203 .obj_id_len = sizeof(tadb_obj_id) 204 }; 205 206 if (!db) 207 return TEE_ERROR_OUT_OF_MEMORY; 208 209 db->ops = tee_svc_storage_file_ops(TEE_STORAGE_PRIVATE); 210 211 res = db->ops->open(&po, NULL, &db->fh); 212 if (res == TEE_ERROR_ITEM_NOT_FOUND) 213 res = db->ops->create(&po, false, NULL, 0, NULL, 0, NULL, 0, 214 &db->fh); 215 216 if (res) 217 free(db); 218 else 219 *db_ret = db; 220 221 return res; 222 } 223 224 static TEE_Result tee_tadb_open(struct tee_tadb_dir **db) 225 { 226 if (!refcount_inc(&tadb_db_refc)) { 227 TEE_Result res; 228 229 mutex_lock(&tadb_mutex); 230 if (!tadb_db) { 231 res = tadb_open(&tadb_db); 232 if (!res) 233 refcount_set(&tadb_db_refc, 1); 234 } else { 235 /* 236 * This case is handling the small window where the 237 * reference counter was decreased to 0 but before 238 * the mutex was acquired by tadb_put() this thread 239 * acquired the mutex instead. 240 * 241 * Since tadb_db isn't NULL it's enough to increase 242 * the reference counter. If the value of the 243 * counter is 0 refcount_inc() will fail and we'll 244 * have to set it directly with refcount_set() 245 * instead. 246 */ 247 if (!refcount_inc(&tadb_db_refc)) 248 refcount_set(&tadb_db_refc, 1); 249 res = TEE_SUCCESS; 250 } 251 mutex_unlock(&tadb_mutex); 252 if (res) 253 return res; 254 } 255 256 *db = tadb_db; 257 return TEE_SUCCESS; 258 } 259 260 static void tadb_put(struct tee_tadb_dir *db) 261 { 262 if (refcount_dec(&tadb_db_refc)) { 263 mutex_lock(&tadb_mutex); 264 if (!refcount_val(&tadb_db_refc) && tadb_db) { 265 db->ops->close(&db->fh); 266 free(db->files); 267 free(db); 268 tadb_db = NULL; 269 } 270 mutex_unlock(&tadb_mutex); 271 } 272 } 273 274 static void tee_tadb_close(struct tee_tadb_dir *db) 275 { 276 tadb_put(db); 277 } 278 279 static TEE_Result tadb_authenc_init(TEE_OperationMode mode, 280 const struct tadb_entry *entry, 281 void **ctx_ret) 282 { 283 TEE_Result res; 284 void *ctx; 285 const size_t enc_size = entry->prop.custom_size + entry->prop.bin_size; 286 287 res = crypto_authenc_alloc_ctx(&ctx, TADB_AUTH_ENC_ALG); 288 if (res) 289 return res; 290 291 res = crypto_authenc_init(ctx, TADB_AUTH_ENC_ALG, mode, 292 entry->key, sizeof(entry->key), 293 entry->iv, sizeof(entry->iv), 294 sizeof(entry->tag), 0, enc_size); 295 if (res) 296 crypto_authenc_free_ctx(ctx, TADB_AUTH_ENC_ALG); 297 else 298 *ctx_ret = ctx; 299 300 return res; 301 } 302 303 static TEE_Result tadb_update_payload(void *ctx, TEE_OperationMode mode, 304 const void *src, size_t len, void *dst) 305 { 306 TEE_Result res; 307 size_t sz = len; 308 309 res = crypto_authenc_update_payload(ctx, TADB_AUTH_ENC_ALG, mode, 310 (const uint8_t *)src, len, dst, 311 &sz); 312 assert(res || sz == len); 313 return res; 314 } 315 316 static TEE_Result populate_files(struct tee_tadb_dir *db) 317 { 318 TEE_Result res; 319 size_t idx; 320 321 /* 322 * If db->files isn't NULL the bitfield is already populated and 323 * there's nothing left to do here for now. 324 */ 325 if (db->files) 326 return TEE_SUCCESS; 327 328 /* 329 * Iterate over the TA database and set the bits in the bit field 330 * for used file numbers. Note that set_file() will allocate and 331 * grow the bitfield as needed. 332 * 333 * At the same time clean out duplicate file numbers, the first 334 * entry with the file number has precedence. Duplicate entries is 335 * not supposed to be able to happen, but if it still does better 336 * to clean it out here instead of letting the error spread with 337 * unexpected side effects. 338 */ 339 for (idx = 0;; idx++) { 340 struct tadb_entry entry; 341 342 res = read_ent(db, idx, &entry); 343 if (res) { 344 if (res == TEE_ERROR_ITEM_NOT_FOUND) 345 return TEE_SUCCESS; 346 goto err; 347 } 348 349 if (is_null_uuid(&entry.prop.uuid)) 350 continue; 351 352 if (test_file(db, entry.file_number)) { 353 IMSG("Clearing duplicate file number %" PRIu32, 354 entry.file_number); 355 memset(&entry, 0, sizeof(entry)); 356 res = write_ent(db, idx, &entry); 357 if (res) 358 goto err; 359 continue; 360 } 361 362 res = set_file(db, entry.file_number); 363 if (res) 364 goto err; 365 } 366 367 err: 368 free(db->files); 369 db->files = NULL; 370 db->nbits = 0; 371 372 return res; 373 } 374 375 TEE_Result tee_tadb_ta_create(const struct tee_tadb_property *property, 376 struct tee_tadb_ta_write **ta_ret) 377 { 378 TEE_Result res; 379 struct tee_tadb_ta_write *ta; 380 int i = 0; 381 382 if (is_null_uuid(&property->uuid)) 383 return TEE_ERROR_GENERIC; 384 385 ta = calloc(1, sizeof(*ta)); 386 if (!ta) 387 return TEE_ERROR_OUT_OF_MEMORY; 388 389 res = tee_tadb_open(&ta->db); 390 if (res) 391 goto err_free; 392 393 mutex_lock(&tadb_mutex); 394 395 /* 396 * Since we're going to search for next free file number below we 397 * need to populate the bitfield holding used file numbers. 398 */ 399 res = populate_files(ta->db); 400 if (res) 401 goto err_mutex; 402 403 if (ta->db->files) { 404 bit_ffc(ta->db->files, ta->db->nbits, &i); 405 if (i == -1) 406 i = ta->db->nbits; 407 } 408 409 res = set_file(ta->db, i); 410 if (res) 411 goto err_mutex; 412 413 mutex_unlock(&tadb_mutex); 414 415 ta->entry.file_number = i; 416 ta->entry.prop = *property; 417 418 res = crypto_rng_read(ta->entry.iv, sizeof(ta->entry.iv)); 419 if (res) 420 goto err_put; 421 422 res = crypto_rng_read(ta->entry.key, sizeof(ta->entry.key)); 423 if (res) 424 goto err_put; 425 426 res = ta_operation_open(OPTEE_MRF_CREATE, ta->entry.file_number, 427 &ta->fd); 428 if (res) 429 goto err_put; 430 431 res = tadb_authenc_init(TEE_MODE_ENCRYPT, &ta->entry, &ta->ctx); 432 if (res) 433 goto err_put; 434 435 *ta_ret = ta; 436 437 return TEE_SUCCESS; 438 439 err_mutex: 440 mutex_unlock(&tadb_mutex); 441 err_put: 442 tadb_put(ta->db); 443 err_free: 444 free(ta); 445 446 return res; 447 } 448 449 TEE_Result tee_tadb_ta_write(struct tee_tadb_ta_write *ta, const void *buf, 450 size_t len) 451 { 452 TEE_Result res; 453 const uint8_t *rb = buf; 454 size_t rl = len; 455 struct tee_fs_rpc_operation op; 456 457 while (rl) { 458 size_t wl = MIN(rl, TADB_MAX_BUFFER_SIZE); 459 void *wb; 460 461 res = tee_fs_rpc_write_init(&op, OPTEE_MSG_RPC_CMD_FS, ta->fd, 462 ta->pos, wl, &wb); 463 if (res) 464 return res; 465 466 res = tadb_update_payload(ta->ctx, TEE_MODE_ENCRYPT, 467 rb, wl, wb); 468 if (res) 469 return res; 470 471 res = tee_fs_rpc_write_final(&op); 472 if (res) 473 return res; 474 475 rl -= wl; 476 rb += wl; 477 ta->pos += wl; 478 } 479 480 return TEE_SUCCESS; 481 } 482 483 void tee_tadb_ta_close_and_delete(struct tee_tadb_ta_write *ta) 484 { 485 crypto_authenc_final(ta->ctx, TADB_AUTH_ENC_ALG); 486 crypto_authenc_free_ctx(ta->ctx, TADB_AUTH_ENC_ALG); 487 tee_fs_rpc_close(OPTEE_MSG_RPC_CMD_FS, ta->fd); 488 ta_operation_remove(ta->entry.file_number); 489 490 mutex_lock(&tadb_mutex); 491 clear_file(ta->db, ta->entry.file_number); 492 mutex_unlock(&tadb_mutex); 493 494 tadb_put(ta->db); 495 free(ta); 496 } 497 498 static TEE_Result find_ent(struct tee_tadb_dir *db, const TEE_UUID *uuid, 499 size_t *idx_ret, struct tadb_entry *entry_ret) 500 { 501 TEE_Result res; 502 size_t idx; 503 504 /* 505 * Search for the provided uuid, if it's found return the index it 506 * has together with TEE_SUCCESS. 507 * 508 * If the uuid can't be found return the number indexes together 509 * with TEE_ERROR_ITEM_NOT_FOUND. 510 */ 511 for (idx = 0;; idx++) { 512 struct tadb_entry entry; 513 514 res = read_ent(db, idx, &entry); 515 if (res) { 516 if (res == TEE_ERROR_ITEM_NOT_FOUND) 517 break; 518 return res; 519 } 520 521 if (!memcmp(&entry.prop.uuid, uuid, sizeof(*uuid))) { 522 if (entry_ret) 523 *entry_ret = entry; 524 break; 525 } 526 } 527 528 *idx_ret = idx; 529 return res; 530 } 531 532 static TEE_Result find_free_ent_idx(struct tee_tadb_dir *db, size_t *idx) 533 { 534 const TEE_UUID null_uuid = { 0 }; 535 TEE_Result res = find_ent(db, &null_uuid, idx, NULL); 536 537 /* 538 * Note that *idx is set to the number of entries on 539 * TEE_ERROR_ITEM_NOT_FOUND. 540 */ 541 if (res == TEE_ERROR_ITEM_NOT_FOUND) 542 return TEE_SUCCESS; 543 return res; 544 } 545 546 TEE_Result tee_tadb_ta_close_and_commit(struct tee_tadb_ta_write *ta) 547 { 548 TEE_Result res; 549 size_t dsz = 0; 550 size_t sz = sizeof(ta->entry.tag); 551 size_t idx; 552 struct tadb_entry old_ent; 553 bool have_old_ent = false; 554 555 res = crypto_authenc_enc_final(ta->ctx, TADB_AUTH_ENC_ALG, 556 NULL, 0, NULL, &dsz, 557 ta->entry.tag, &sz); 558 if (res) 559 goto err; 560 561 tee_fs_rpc_close(OPTEE_MSG_RPC_CMD_FS, ta->fd); 562 563 mutex_lock(&tadb_mutex); 564 /* 565 * First try to find an existing TA to replace. If there's one 566 * we'll use the entry, but we should also remove the old encrypted 567 * file. 568 * 569 * If there isn't an existing TA to replace, grab a new entry. 570 */ 571 res = find_ent(ta->db, &ta->entry.prop.uuid, &idx, &old_ent); 572 if (!res) { 573 have_old_ent = true; 574 } else { 575 res = find_free_ent_idx(ta->db, &idx); 576 if (res) 577 goto err_mutex; 578 } 579 res = write_ent(ta->db, idx, &ta->entry); 580 if (res) 581 goto err_mutex; 582 if (have_old_ent) 583 clear_file(ta->db, old_ent.file_number); 584 mutex_unlock(&tadb_mutex); 585 586 crypto_authenc_final(ta->ctx, TADB_AUTH_ENC_ALG); 587 crypto_authenc_free_ctx(ta->ctx, TADB_AUTH_ENC_ALG); 588 tadb_put(ta->db); 589 free(ta); 590 if (have_old_ent) 591 ta_operation_remove(old_ent.file_number); 592 return TEE_SUCCESS; 593 594 err_mutex: 595 mutex_unlock(&tadb_mutex); 596 err: 597 tee_tadb_ta_close_and_delete(ta); 598 return res; 599 } 600 601 TEE_Result tee_tadb_ta_delete(const TEE_UUID *uuid) 602 { 603 const struct tadb_entry null_entry = { { { 0 } } }; 604 struct tee_tadb_dir *db; 605 struct tadb_entry entry; 606 size_t idx; 607 TEE_Result res; 608 609 if (is_null_uuid(uuid)) 610 return TEE_ERROR_GENERIC; 611 612 res = tee_tadb_open(&db); 613 if (res) 614 return res; 615 616 mutex_lock(&tadb_mutex); 617 res = find_ent(db, uuid, &idx, &entry); 618 if (res) { 619 mutex_unlock(&tadb_mutex); 620 tee_tadb_close(db); 621 return res; 622 } 623 624 clear_file(db, entry.file_number); 625 res = write_ent(db, idx, &null_entry); 626 mutex_unlock(&tadb_mutex); 627 628 tee_tadb_close(db); 629 if (res) 630 return res; 631 632 ta_operation_remove(entry.file_number); 633 return TEE_SUCCESS; 634 } 635 636 TEE_Result tee_tadb_ta_open(const TEE_UUID *uuid, 637 struct tee_tadb_ta_read **ta_ret) 638 { 639 TEE_Result res; 640 size_t idx; 641 struct tee_tadb_ta_read *ta; 642 static struct tadb_entry last_entry; 643 644 if (is_null_uuid(uuid)) 645 return TEE_ERROR_GENERIC; 646 647 ta = calloc(1, sizeof(*ta)); 648 if (!ta) 649 return TEE_ERROR_OUT_OF_MEMORY; 650 651 if (!memcmp(uuid, &last_entry.prop.uuid, sizeof(*uuid))) { 652 ta->entry = last_entry; 653 } else { 654 res = tee_tadb_open(&ta->db); 655 if (res) 656 goto err_free; /* Mustn't all tadb_put() */ 657 658 mutex_read_lock(&tadb_mutex); 659 res = find_ent(ta->db, uuid, &idx, &ta->entry); 660 mutex_read_unlock(&tadb_mutex); 661 if (res) 662 goto err; 663 } 664 665 res = ta_operation_open(OPTEE_MRF_OPEN, ta->entry.file_number, &ta->fd); 666 if (res) 667 goto err; 668 669 res = tadb_authenc_init(TEE_MODE_DECRYPT, &ta->entry, &ta->ctx); 670 if (res) 671 goto err; 672 673 *ta_ret = ta; 674 675 return TEE_SUCCESS; 676 err: 677 tadb_put(ta->db); 678 err_free: 679 free(ta); 680 return res; 681 } 682 683 const struct tee_tadb_property * 684 tee_tadb_ta_get_property(struct tee_tadb_ta_read *ta) 685 { 686 return &ta->entry.prop; 687 } 688 689 static TEE_Result ta_load(struct tee_tadb_ta_read *ta) 690 { 691 TEE_Result res; 692 const size_t sz = ta->entry.prop.custom_size + ta->entry.prop.bin_size; 693 struct optee_msg_param params[2] = { 694 [0] = { .attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT, 695 .u.value.a = OPTEE_MRF_READ, 696 .u.value.b = ta->fd, 697 .u.value.c = 0 }, 698 }; 699 700 if (ta->ta_mobj) 701 return TEE_SUCCESS; 702 703 ta->ta_mobj = thread_rpc_alloc_payload(sz); 704 if (!ta->ta_mobj) 705 return TEE_ERROR_OUT_OF_MEMORY; 706 707 ta->ta_buf = mobj_get_va(ta->ta_mobj, 0); 708 assert(ta->ta_buf); 709 710 if (!msg_param_init_memparam(params + 1, ta->ta_mobj, 0, sz, 711 MSG_PARAM_MEM_DIR_OUT)) 712 return TEE_ERROR_BAD_STATE; 713 714 res = thread_rpc_cmd(OPTEE_MSG_RPC_CMD_FS, ARRAY_SIZE(params), params); 715 if (res) { 716 thread_rpc_free_payload(ta->ta_mobj); 717 ta->ta_mobj = NULL; 718 } 719 return res; 720 } 721 722 TEE_Result tee_tadb_ta_read(struct tee_tadb_ta_read *ta, void *buf, size_t *len) 723 { 724 TEE_Result res; 725 const size_t sz = ta->entry.prop.custom_size + ta->entry.prop.bin_size; 726 size_t l = MIN(*len, sz - ta->pos); 727 728 res = ta_load(ta); 729 if (res) 730 return res; 731 732 if (buf) { 733 res = tadb_update_payload(ta->ctx, TEE_MODE_DECRYPT, 734 ta->ta_buf + ta->pos, l, buf); 735 if (res) 736 return res; 737 } else { 738 size_t num_bytes = 0; 739 size_t b_size = MIN(256U, l); 740 uint8_t *b = malloc(b_size); 741 742 if (!b) 743 return TEE_ERROR_OUT_OF_MEMORY; 744 745 while (num_bytes < l) { 746 size_t n = MIN(b_size, l - num_bytes); 747 748 res = tadb_update_payload(ta->ctx, TEE_MODE_DECRYPT, 749 ta->ta_buf + ta->pos + 750 num_bytes, n, b); 751 if (res) 752 break; 753 num_bytes += n; 754 } 755 756 free(b); 757 if (res) 758 return res; 759 } 760 761 ta->pos += l; 762 if (ta->pos == sz) { 763 size_t dl = 0; 764 765 res = crypto_authenc_dec_final(ta->ctx, TADB_AUTH_ENC_ALG, 766 NULL, 0, NULL, &dl, 767 ta->entry.tag, TADB_TAG_SIZE); 768 if (res) 769 return res; 770 } 771 *len = l; 772 return TEE_SUCCESS; 773 } 774 775 void tee_tadb_ta_close(struct tee_tadb_ta_read *ta) 776 { 777 crypto_authenc_final(ta->ctx, TADB_AUTH_ENC_ALG); 778 crypto_authenc_free_ctx(ta->ctx, TADB_AUTH_ENC_ALG); 779 if (ta->ta_mobj) 780 thread_rpc_free_payload(ta->ta_mobj); 781 tee_fs_rpc_close(OPTEE_MSG_RPC_CMD_FS, ta->fd); 782 tadb_put(ta->db); 783 free(ta); 784 } 785