base_sha: Add support for basic SHA algorithms

base_sha/Android.mk

@@ -0,0 +1,17 @@
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_CFLAGS += -DANDROID_BUILD
+LOCAL_CFLAGS += -Wall
+
+LOCAL_SRC_FILES += host/main.c
+
+LOCAL_C_INCLUDES := $(LOCAL_PATH)/ta/include
+
+LOCAL_SHARED_LIBRARIES := libteec
+LOCAL_MODULE := optee_example_base_sha
+LOCAL_VENDOR_MODULE := true
+LOCAL_MODULE_TAGS := optional
+include $(BUILD_EXECUTABLE)
+
+include $(LOCAL_PATH)/ta/Android.mk

base_sha/CMakeLists.txt

@@ -0,0 +1,13 @@
+project (optee_example_base_sha C)
+
+set (SRC host/main.c)
+
+add_executable (${PROJECT_NAME} ${SRC})
+
+target_include_directories(${PROJECT_NAME}
+			   PRIVATE ta/include
+			   PRIVATE include)
+
+target_link_libraries (${PROJECT_NAME} PRIVATE teec)
+
+install (TARGETS ${PROJECT_NAME} DESTINATION ${CMAKE_INSTALL_BINDIR})

base_sha/Makefile

@@ -0,0 +1,15 @@
+export V ?= 0
+
+# If _HOST or _TA specific compilers are not specified, then use CROSS_COMPILE
+HOST_CROSS_COMPILE ?= $(CROSS_COMPILE)
+TA_CROSS_COMPILE ?= $(CROSS_COMPILE)
+
+.PHONY: all
+all:
+	$(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
+	$(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" LDFLAGS=""
+
+.PHONY: clean
+clean:
+	$(MAKE) -C host clean
+	$(MAKE) -C ta clean

base_sha/host/Makefile

@@ -0,0 +1,28 @@
+CC      ?= $(CROSS_COMPILE)gcc
+LD      ?= $(CROSS_COMPILE)ld
+AR      ?= $(CROSS_COMPILE)ar
+NM      ?= $(CROSS_COMPILE)nm
+OBJCOPY ?= $(CROSS_COMPILE)objcopy
+OBJDUMP ?= $(CROSS_COMPILE)objdump
+READELF ?= $(CROSS_COMPILE)readelf
+
+OBJS = main.o
+
+CFLAGS += -Wall -I../ta/include -I./include
+CFLAGS += -I$(TEEC_EXPORT)/include
+LDADD += -lteec -L$(TEEC_EXPORT)/lib
+
+BINARY = optee_example_base_sha
+
+.PHONY: all
+all: $(BINARY)
+
+$(BINARY): $(OBJS)
+	$(CC) $(LDFLAGS) -o $@ $< $(LDADD)
+
+.PHONY: clean
+clean:
+	rm -f $(OBJS) $(BINARY)
+
+%.o: %.c
+	$(CC) $(CFLAGS) -c $< -o $@

base_sha/host/main.c

@@ -0,0 +1,169 @@
+// SPDX-License-Identifier: BSD-2-Clause
+/*
+ * Copyright (c) 2025, Advanced Micro Devices, Inc. All rights reserved.
+ */
+
+#include <err.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <tee_client_api.h>
+
+#include <base_sha_ta.h>
+
+struct base_sha_ctx {
+	TEEC_Context ctx;
+	TEEC_Session sess;
+	uint32_t selected_algo;
+};
+
+static void usage(int argc, char *argv[])
+{
+	const char *pname = "base_sha";
+
+	if (argc)
+		pname = argv[0];
+
+	fprintf(stderr, "%s: %s <string to encrypt> <algo name>\n",
+		__func__, pname);
+	printf("SUPPORTED ALGORITHMS:\n");
+	printf("SHA1 - TA_ALG_SHA1\n");
+	printf("SHA224 - TA_ALG_SHA224\n");
+	printf("SHA256 - TA_ALG_SHA256\n");
+	printf("SHA384 - TA_ALG_SHA384\n");
+	printf("SHA512 - TA_ALG_SHA512\n");
+	printf("SHA3_224 - TA_ALG_SHA3_224\n");
+	printf("SHA3_256 - TA_ALG_SHA3_256\n");
+	printf("SHA3_384 - TA_ALG_SHA3_384\n");
+	printf("SHA3_512 - TA_ALG_SHA3_512\n");
+	printf("SHAKE128 - TA_ALG_SHAKE128\n");
+	printf("SHAKE256 - TA_ALG_SHAKE256\n");
+	exit(1);
+}
+
+static void get_args(int argc, char *argv[], void **msg, size_t *msg_len,
+		     uint32_t *algo_num)
+{
+	char *algo;
+
+	if ((argc < 2) || (argc > 3)) {
+		warnx("Unexpected number of arguments %d (expected 2)",
+		      argc - 1);
+		usage(argc, argv);
+	}
+
+	*msg = argv[1];
+	*msg_len = strlen(argv[1]);
+
+	if (argc > 2) {
+		algo = argv[2];
+		printf("%s algo selected\n", algo);
+		if (strcmp(algo, "TA_ALG_SHA1") == 0) {
+			*algo_num = TA_ALG_SHA1;
+		} else if (strcmp(algo, "TA_ALG_SHA224") == 0) {
+			*algo_num = TA_ALG_SHA224;
+		} else if (strcmp(algo, "TA_ALG_SHA256") == 0) {
+			*algo_num = TA_ALG_SHA256;
+		} else if (strcmp(algo, "TA_ALG_SHA384") == 0) {
+			*algo_num = TA_ALG_SHA384;
+		} else if (strcmp(algo, "TA_ALG_SHA512") == 0) {
+			*algo_num = TA_ALG_SHA512;
+		} else if (strcmp(algo, "TA_ALG_SHA3_224") == 0) {
+			*algo_num = TA_ALG_SHA3_224;
+		} else if (strcmp(algo, "TA_ALG_SHA3_256") == 0) {
+			*algo_num = TA_ALG_SHA3_256;
+		} else if (strcmp(algo, "TA_ALG_SHA3_384") == 0) {
+			*algo_num = TA_ALG_SHA3_384;
+		} else if (strcmp(algo, "TA_ALG_SHA3_512") == 0) {
+			*algo_num = TA_ALG_SHA3_512;
+		} else if (strcmp(algo, "TA_ALG_SHAKE128") == 0) {
+			*algo_num = TA_ALG_SHAKE128;
+		} else if (strcmp(algo, "TA_ALG_SHAKE256") == 0) {
+			*algo_num = TA_ALG_SHAKE256;
+		} else {
+			printf("%s algo is invalid\n", algo);
+			usage(argc, argv);
+		}
+	} else {
+		printf("TA_ALG_SHA256 algo selected\n");
+		*algo_num = TA_ALG_SHA256;
+	}
+}
+
+void compute_digest(struct base_sha_ctx *ctx, void *message, size_t msg_len,
+		    void *digest, size_t *digest_len)
+{
+	TEEC_Operation op;
+	uint32_t origin;
+	TEEC_Result res;
+
+	memset(&op, 0, sizeof(op));
+	op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT,
+					 TEEC_MEMREF_TEMP_OUTPUT,
+					 TEEC_VALUE_INPUT,
+					 TEEC_NONE);
+	op.params[0].tmpref.buffer = message;
+	op.params[0].tmpref.size = msg_len;
+	op.params[1].tmpref.buffer = digest;
+	op.params[1].tmpref.size = *digest_len;
+	op.params[2].value.a = ctx->selected_algo;
+
+	res = TEEC_InvokeCommand(&ctx->sess, CMD_COMPUTE_DIGEST, &op,
+				 &origin);
+	if (res == TEEC_SUCCESS) {
+		*digest_len = op.params[1].tmpref.size;
+	} else {
+		errx(1, "TEEC_InvokeCommand(COMPUTE DIGEST) failed 0x%x origin 0x%x",
+		     res, origin);
+	}
+}
+
+void prepare_tee_session(struct base_sha_ctx *ctx)
+{
+	TEEC_UUID uuid = TA_BASE_SHA_UUID;
+	uint32_t origin;
+	TEEC_Result res;
+
+	res = TEEC_InitializeContext(NULL, &ctx->ctx);
+	if (res != TEEC_SUCCESS)
+		errx(1, "TEEC_InitializeContext failed with code 0x%x", res);
+
+	res = TEEC_OpenSession(&ctx->ctx, &ctx->sess, &uuid,
+			       TEEC_LOGIN_PUBLIC, NULL, NULL, &origin);
+
+	if (res != TEEC_SUCCESS)
+		errx(1, "TEEC_Opensession failed with code 0x%x origin 0x%x",
+		     res, origin);
+}
+
+void terminate_tee_session(struct base_sha_ctx *sess)
+{
+	TEEC_CloseSession(&sess->sess);
+	TEEC_FinalizeContext(&sess->ctx);
+}
+
+int main(int argc, char *argv[])
+{
+	struct base_sha_ctx ctx;
+	void *msg;
+	size_t msg_len;
+	uint8_t digest[64];
+	size_t digest_len = sizeof(digest);
+
+	printf("Getting arg\n");
+	get_args(argc, argv, &msg, &msg_len, &ctx.selected_algo);
+
+	printf("Prepare session with the TA\n");
+	prepare_tee_session(&ctx);
+
+	printf("Compute digest\n");
+	compute_digest(&ctx, msg, msg_len, (void *)digest, &digest_len);
+
+	printf("digest:");
+	for (size_t i = 0; i < digest_len; i++)
+		printf("%02x ", digest[i]);
+	printf("\n");
+
+	terminate_tee_session(&ctx);
+	return 0;
+}

base_sha/ta/Android.mk

@@ -0,0 +1,3 @@
+LOCAL_PATH := $(call my-dir)
+local_module := abb97be3-f56b-46d5-b7fd-70f28cfed992.ta
+include $(BUILD_OPTEE_MK)

base_sha/ta/Makefile

@@ -0,0 +1,13 @@
+CFG_TEE_TA_LOG_LEVEL ?= 4
+CFG_TA_OPTEE_CORE_API_COMPAT_1_1=y
+
+# The UUID for the Trusted Application
+BINARY=abb97be3-f56b-46d5-b7fd-70f28cfed992
+
+-include $(TA_DEV_KIT_DIR)/mk/ta_dev_kit.mk
+
+ifeq ($(wildcard $(TA_DEV_KIT_DIR)/mk/ta_dev_kit.mk), )
+clean:
+	@echo 'Note: $$(TA_DEV_KIT_DIR)/mk/ta_dev_kit.mk not found, cannot clean TA'
+	@echo 'Note: TA_DEV_KIT_DIR=$(TA_DEV_KIT_DIR)'
+endif