From f2cc71ac472a5131fc146939418d5d3842c23141 Mon Sep 17 00:00:00 2001 From: houmingyong Date: Wed, 26 Apr 2023 11:19:11 +0800 Subject: [PATCH] support remote attestation --- CHANGELOG | 12 +- README | 20 + build/cmake/aarch64_toolchain.cmake | 14 + build/cmake/common.cmake | 54 + build/mk/common.mk | 39 + build/pack-Config/Config_pre.py | 284 +++ build/pack-Config/ReadMe.txt | 18 + build/pack-Config/config_cert/ReadMe.txt | 2 + build/pack-Config/config_v2.py | 122 ++ build/pack-Config/input/configs.xml | 15 + build/pack-Config/local_sign.sh | 61 + build/pack-Config/output/ReadMe.txt | 1 + build/pack-Config/ta_cert/ReadMe.txt | 1 + build/pack-TA/Readme.txt | 12 + build/pack-TA/build_ta.sh | 22 + build/pack-TA/input/Readme.txt | 4 + build/pack-TA/output/Readme.txt | 1 + build/signtools/auth_conf_parser.py | 260 +++ build/signtools/config_cloud.ini | 60 + build/signtools/config_tee_private_sample.ini | 35 + build/signtools/dyn_conf_checker.py | 512 ++++++ build/signtools/dyn_conf_parser.py | 315 ++++ build/signtools/generate_hash.py | 51 + build/signtools/generate_signature.py | 69 +- build/signtools/get_ta_elf_hash.py | 246 +++ build/signtools/manifest.py | 273 ++- build/signtools/manifest_tag_parse_dict.csv | 24 + build/signtools/rsa_public_key_cloud.pem | 11 + build/signtools/signtool_v3.py | 763 ++++++--- build/signtools/tag_parse_dict.csv | 120 ++ build/signtools/xml_trans_manifest.py | 109 ++ build/tools/srv_entry_check.sh | 13 + build/tools/ta_entry_check.sh | 52 + build/tools/ta_link_64.gcc_xom.ld | 226 +++ build/tools/ta_link_64.ld | 20 +- build/tools/ta_link_64.smee.ld | 262 +++ include/CA/tee_client_api.h | 21 +- include/CA/tee_client_constants.h | 68 +- include/CA/tee_client_list.h | 39 +- include/CA/tee_client_log.h | 9 +- include/CA/tee_client_type.h | 56 +- include/TA/huawei_ext/crypto_cert_wrapper.h | 87 + .../TA/huawei_ext/crypto_device_key_wrapper.h | 31 + include/TA/huawei_ext/crypto_ec_wrapper.h | 149 ++ .../TA/huawei_ext/crypto_ec_x509_wrapper.h | 53 + include/TA/huawei_ext/crypto_inner_wrapper.h | 71 + include/TA/huawei_ext/crypto_rsa_wrapper.h | 154 ++ include/TA/huawei_ext/crypto_wrapper.h | 583 +------ include/TA/huawei_ext/crypto_x509_wrapper.h | 169 ++ include/TA/huawei_ext/permsrv_api_cert.h | 22 + include/TA/huawei_ext/permsrv_api_legacy.h | 21 + include/TA/huawei_ext/qsi_data_structure.h | 27 + include/TA/huawei_ext/tee_crypto_err.h | 42 + include/TA/huawei_ext/tee_crypto_hal.h | 14 +- include/TA/huawei_ext/tee_err.h | 31 + include/TA/huawei_ext/tee_ext_api.h | 67 +- include/TA/huawei_ext/tee_hw_ext_api_legacy.h | 293 ++++ include/TA/huawei_ext/tee_log.h | 218 ++- include/TA/huawei_ext/tee_log_legacy.h | 18 + include/TA/huawei_ext/tee_openssl_err.h | 500 ++++++ include/TA/huawei_ext/tee_ra_api.h | 23 + include/TA/pthread_attr.h | 22 + include/TA/tee_arith_api.h | 27 +- include/TA/tee_core_api.h | 8 +- include/TA/tee_crypto_api.h | 168 +- include/TA/tee_defines.h | 284 +-- include/TA/tee_mem_mgmt_api.h | 5 +- include/TA/tee_object_api.h | 5 +- include/TA/tee_property_api.h | 7 +- include/TA/tee_time_api.h | 81 +- include/TA/tee_trusted_storage_api.h | 309 ++++ include/TA/tee_uuid.h | 27 + src/CA/libteec_adaptor.c | 269 +++ test/CA/cert_manager/Makefile | 27 + test/CA/cert_manager/cert_common.h | 21 + test/CA/cert_manager/cert_file.c | 100 ++ test/CA/cert_manager/cert_file.h | 25 + test/CA/cert_manager/cert_manager.c | 368 ++++ test/CA/helloworld/Makefile | 24 + test/CA/helloworld/ca_demo.c | 17 +- test/CA/libqca/Makefile | 42 + test/CA/libqca/include/ra_client_api.h | 22 + test/CA/libqca/src/ra_log.h | 27 + test/CA/libqca/src/ra_operate_api.c | 147 ++ test/CA/libqca/src/ra_operate_api.h | 24 + test/TA/cert_manager/CMakeLists.txt | 38 + test/TA/cert_manager/Makefile | 34 + test/TA/cert_manager/config.cmake | 11 + test/TA/cert_manager/config.mk | 12 + test/TA/cert_manager/config.sh | 34 + test/TA/cert_manager/include/cert_config.h | 63 + test/TA/cert_manager/manifest.txt | 7 + test/TA/cert_manager/src/cert_logger.c | 165 ++ test/TA/cert_manager/src/cert_logger.h | 31 + test/TA/cert_manager/src/cert_manager.c | 301 ++++ test/TA/helloworld/CMakeLists.txt | 30 + test/TA/helloworld/Makefile | 28 + test/TA/helloworld/ReadMe.txt | 7 +- test/TA/helloworld/auth_config.xml | 7 + test/TA/helloworld/config.cmake | 23 + test/TA/helloworld/config.mk | 19 +- test/TA/helloworld/config.sh | 34 + test/TA/helloworld/ta_demo.c | 15 +- test/TA/qta/CMakeLists.txt | 67 + test/TA/qta/Makefile | 41 + test/TA/qta/ReadMe.txt | 12 + test/TA/qta/config.cmake | 23 + test/TA/qta/config.mk | 23 + test/TA/qta/config.sh | 34 + test/TA/qta/manifest.txt | 7 + test/TA/qta/src/daa/daa_structure.c | 185 ++ test/TA/qta/src/daa/daa_structure.h | 64 + test/TA/qta/src/daa/validate_akcert.c | 191 +++ test/TA/qta/src/daa/validate_akcert.h | 20 + test/TA/qta/src/tee_qta.c | 279 +++ test/TA/qta/src/tee_qta.h | 29 + .../musl/libc/arch/aarch64/bits/alltypes.h | 251 ++- .../musl/libc/arch/aarch64/bits/hwcap.h | 12 + .../musl/libc/arch/aarch64/bits/mman.h | 2 + .../musl/libc/arch/aarch64/bits/signal.h | 4 +- .../musl/libc/arch/aarch64/bits/syscall.h | 1144 +++++++------ .../musl/libc/arch/aarch64/bits/syscall.h.in | 10 + .../musl/libc/arch/aarch64/bits/user.h | 2 +- .../musl/libc/arch/aarch64/pthread_arch.h | 9 +- .../musl/libc/arch/arm/bits/alltypes.h | 252 ++- .../musl/libc/arch/arm/bits/syscall.h | 1521 +++++++++-------- .../open_source/musl/libc/arch/arm/crt_arch.h | 27 + .../musl/libc/arch/generic/bits/fcntl.h | 6 + .../musl/libc/arch/generic/bits/shm.h | 2 +- thirdparty/open_source/musl/libc/arpa/inet.h | 5 - thirdparty/open_source/musl/libc/ctype.h | 7 + thirdparty/open_source/musl/libc/elf.h | 4 + thirdparty/open_source/musl/libc/float.h | 52 + thirdparty/open_source/musl/libc/limits.h | 2 + thirdparty/open_source/musl/libc/locale.h | 4 +- thirdparty/open_source/musl/libc/netinet/in.h | 8 +- .../open_source/musl/libc/netinet/tcp.h | 29 +- thirdparty/open_source/musl/libc/nl_types.h | 22 + thirdparty/open_source/musl/libc/pthread.h | 22 + thirdparty/open_source/musl/libc/sched.h | 1 + thirdparty/open_source/musl/libc/setjmp.h | 14 +- thirdparty/open_source/musl/libc/signal.h | 24 +- thirdparty/open_source/musl/libc/stddef.h | 6 +- thirdparty/open_source/musl/libc/stdio.h | 4 +- thirdparty/open_source/musl/libc/stdlib.h | 7 +- thirdparty/open_source/musl/libc/string.h | 4 +- thirdparty/open_source/musl/libc/sys/fcntl.h | 2 + thirdparty/open_source/musl/libc/sys/ioctl.h | 9 +- thirdparty/open_source/musl/libc/sys/mman.h | 5 +- thirdparty/open_source/musl/libc/sys/socket.h | 2 + thirdparty/open_source/musl/libc/time.h | 6 +- thirdparty/open_source/musl/libc/unistd.h | 8 +- thirdparty/open_source/musl/libc/wchar.h | 4 +- .../open_source}/openssl/crypto/asn1.h | 3 - .../open_source}/openssl/crypto/bn.h | 0 .../open_source}/openssl/crypto/ec.h | 6 - .../open_source}/openssl/crypto/err.h | 0 .../open_source}/openssl/internal/bio.h | 6 - .../open_source}/openssl/openssl/asn1.h | 7 +- .../open_source}/openssl/openssl/asn1err.h | 0 .../open_source}/openssl/openssl/asn1t.h | 17 - .../open_source}/openssl/openssl/bio.h | 14 +- .../open_source}/openssl/openssl/bioerr.h | 0 .../open_source}/openssl/openssl/bn.h | 127 +- .../open_source}/openssl/openssl/bnerr.h | 0 .../open_source}/openssl/openssl/buffer.h | 2 + .../open_source}/openssl/openssl/buffererr.h | 0 .../open_source}/openssl/openssl/cmac.h | 0 .../open_source}/openssl/openssl/crypto.h | 60 +- .../open_source}/openssl/openssl/cryptoerr.h | 0 .../open_source}/openssl/openssl/dh.h | 8 +- .../open_source}/openssl/openssl/dsa.h | 6 +- .../open_source}/openssl/openssl/e_os2.h | 14 +- .../open_source}/openssl/openssl/ec.h | 3 +- .../open_source}/openssl/openssl/ecdsa.h | 9 - .../open_source}/openssl/openssl/ecerr.h | 6 - .../open_source}/openssl/openssl/err.h | 12 - .../open_source}/openssl/openssl/evp.h | 19 +- .../open_source}/openssl/openssl/evperr.h | 2 - .../open_source}/openssl/openssl/hmac.h | 0 .../open_source}/openssl/openssl/kdf.h | 1 + .../open_source}/openssl/openssl/kdferr.h | 0 .../open_source}/openssl/openssl/lhash.h | 1 + .../open_source}/openssl/openssl/obj_mac.h | 105 -- .../open_source}/openssl/openssl/objects.h | 2 + .../open_source}/openssl/openssl/objectserr.h | 0 .../openssl/openssl/opensslconf.h | 0 .../open_source}/openssl/openssl/opensslv.h | 1 + .../open_source}/openssl/openssl/ossl_typ.h | 3 - .../open_source}/openssl/openssl/pem.h | 11 - .../open_source}/openssl/openssl/pemerr.h | 0 .../open_source}/openssl/openssl/pkcs7.h | 138 -- .../open_source}/openssl/openssl/pkcs7err.h | 15 - .../open_source}/openssl/openssl/rand.h | 10 - .../open_source}/openssl/openssl/randerr.h | 0 .../open_source}/openssl/openssl/rsa.h | 7 +- .../open_source}/openssl/openssl/rsaerr.h | 7 - .../open_source}/openssl/openssl/safestack.h | 0 .../open_source}/openssl/openssl/sha.h | 3 + .../open_source}/openssl/openssl/stack.h | 0 .../open_source}/openssl/openssl/symhacks.h | 0 .../open_source}/openssl/openssl/x509.h | 19 +- .../open_source}/openssl/openssl/x509_vfy.h | 5 +- .../open_source}/openssl/openssl/x509err.h | 5 - 204 files changed, 11281 insertions(+), 3625 deletions(-) create mode 100644 README create mode 100644 build/cmake/aarch64_toolchain.cmake create mode 100644 build/cmake/common.cmake create mode 100644 build/mk/common.mk create mode 100644 build/pack-Config/Config_pre.py create mode 100644 build/pack-Config/ReadMe.txt create mode 100644 build/pack-Config/config_cert/ReadMe.txt create mode 100644 build/pack-Config/config_v2.py create mode 100644 build/pack-Config/input/configs.xml create mode 100644 build/pack-Config/local_sign.sh create mode 100644 build/pack-Config/output/ReadMe.txt create mode 100644 build/pack-Config/ta_cert/ReadMe.txt create mode 100644 build/pack-TA/Readme.txt create mode 100644 build/pack-TA/build_ta.sh create mode 100644 build/pack-TA/input/Readme.txt create mode 100644 build/pack-TA/output/Readme.txt create mode 100644 build/signtools/auth_conf_parser.py create mode 100644 build/signtools/config_cloud.ini create mode 100644 build/signtools/config_tee_private_sample.ini create mode 100644 build/signtools/dyn_conf_checker.py create mode 100644 build/signtools/dyn_conf_parser.py create mode 100644 build/signtools/generate_hash.py create mode 100644 build/signtools/get_ta_elf_hash.py create mode 100644 build/signtools/manifest_tag_parse_dict.csv create mode 100644 build/signtools/rsa_public_key_cloud.pem create mode 100644 build/signtools/tag_parse_dict.csv create mode 100644 build/signtools/xml_trans_manifest.py create mode 100644 build/tools/srv_entry_check.sh create mode 100644 build/tools/ta_entry_check.sh create mode 100644 build/tools/ta_link_64.gcc_xom.ld create mode 100644 build/tools/ta_link_64.smee.ld create mode 100644 include/TA/huawei_ext/crypto_cert_wrapper.h create mode 100644 include/TA/huawei_ext/crypto_device_key_wrapper.h create mode 100644 include/TA/huawei_ext/crypto_ec_wrapper.h create mode 100644 include/TA/huawei_ext/crypto_ec_x509_wrapper.h create mode 100644 include/TA/huawei_ext/crypto_inner_wrapper.h create mode 100644 include/TA/huawei_ext/crypto_rsa_wrapper.h create mode 100644 include/TA/huawei_ext/crypto_x509_wrapper.h create mode 100644 include/TA/huawei_ext/permsrv_api_cert.h create mode 100644 include/TA/huawei_ext/permsrv_api_legacy.h create mode 100644 include/TA/huawei_ext/qsi_data_structure.h create mode 100644 include/TA/huawei_ext/tee_crypto_err.h create mode 100644 include/TA/huawei_ext/tee_err.h create mode 100644 include/TA/huawei_ext/tee_hw_ext_api_legacy.h create mode 100644 include/TA/huawei_ext/tee_log_legacy.h create mode 100644 include/TA/huawei_ext/tee_openssl_err.h create mode 100644 include/TA/huawei_ext/tee_ra_api.h create mode 100644 include/TA/pthread_attr.h create mode 100644 include/TA/tee_trusted_storage_api.h create mode 100644 include/TA/tee_uuid.h create mode 100644 src/CA/libteec_adaptor.c create mode 100644 test/CA/cert_manager/Makefile create mode 100644 test/CA/cert_manager/cert_common.h create mode 100644 test/CA/cert_manager/cert_file.c create mode 100644 test/CA/cert_manager/cert_file.h create mode 100644 test/CA/cert_manager/cert_manager.c create mode 100644 test/CA/helloworld/Makefile create mode 100644 test/CA/libqca/Makefile create mode 100644 test/CA/libqca/include/ra_client_api.h create mode 100644 test/CA/libqca/src/ra_log.h create mode 100644 test/CA/libqca/src/ra_operate_api.c create mode 100644 test/CA/libqca/src/ra_operate_api.h create mode 100644 test/TA/cert_manager/CMakeLists.txt create mode 100644 test/TA/cert_manager/Makefile create mode 100644 test/TA/cert_manager/config.cmake create mode 100644 test/TA/cert_manager/config.mk create mode 100644 test/TA/cert_manager/config.sh create mode 100644 test/TA/cert_manager/include/cert_config.h create mode 100644 test/TA/cert_manager/manifest.txt create mode 100644 test/TA/cert_manager/src/cert_logger.c create mode 100644 test/TA/cert_manager/src/cert_logger.h create mode 100644 test/TA/cert_manager/src/cert_manager.c create mode 100644 test/TA/helloworld/CMakeLists.txt create mode 100644 test/TA/helloworld/Makefile create mode 100644 test/TA/helloworld/auth_config.xml create mode 100644 test/TA/helloworld/config.cmake create mode 100644 test/TA/helloworld/config.sh create mode 100644 test/TA/qta/CMakeLists.txt create mode 100644 test/TA/qta/Makefile create mode 100644 test/TA/qta/ReadMe.txt create mode 100644 test/TA/qta/config.cmake create mode 100644 test/TA/qta/config.mk create mode 100644 test/TA/qta/config.sh create mode 100644 test/TA/qta/manifest.txt create mode 100644 test/TA/qta/src/daa/daa_structure.c create mode 100644 test/TA/qta/src/daa/daa_structure.h create mode 100644 test/TA/qta/src/daa/validate_akcert.c create mode 100644 test/TA/qta/src/daa/validate_akcert.h create mode 100644 test/TA/qta/src/tee_qta.c create mode 100644 test/TA/qta/src/tee_qta.h create mode 100644 thirdparty/open_source/musl/libc/arch/aarch64/bits/mman.h create mode 100644 thirdparty/open_source/musl/libc/arch/arm/crt_arch.h create mode 100644 thirdparty/open_source/musl/libc/float.h create mode 100644 thirdparty/open_source/musl/libc/nl_types.h create mode 100644 thirdparty/open_source/musl/libc/sys/fcntl.h rename {include/TA => thirdparty/open_source}/openssl/crypto/asn1.h (97%) rename {include/TA => thirdparty/open_source}/openssl/crypto/bn.h (100%) rename {include/TA => thirdparty/open_source}/openssl/crypto/ec.h (91%) rename {include/TA => thirdparty/open_source}/openssl/crypto/err.h (100%) rename {include/TA => thirdparty/open_source}/openssl/internal/bio.h (82%) rename {include/TA => thirdparty/open_source}/openssl/openssl/asn1.h (99%) rename {include/TA => thirdparty/open_source}/openssl/openssl/asn1err.h (100%) rename {include/TA => thirdparty/open_source}/openssl/openssl/asn1t.h (98%) rename {include/TA => thirdparty/open_source}/openssl/openssl/bio.h (98%) rename {include/TA => thirdparty/open_source}/openssl/openssl/bioerr.h (100%) rename {include/TA => thirdparty/open_source}/openssl/openssl/bn.h (83%) rename {include/TA => thirdparty/open_source}/openssl/openssl/bnerr.h (100%) rename {include/TA => thirdparty/open_source}/openssl/openssl/buffer.h (99%) rename {include/TA => thirdparty/open_source}/openssl/openssl/buffererr.h (100%) rename {include/TA => thirdparty/open_source}/openssl/openssl/cmac.h (100%) rename {include/TA => thirdparty/open_source}/openssl/openssl/crypto.h (90%) rename {include/TA => thirdparty/open_source}/openssl/openssl/cryptoerr.h (100%) rename {include/TA => thirdparty/open_source}/openssl/openssl/dh.h (98%) rename {include/TA => thirdparty/open_source}/openssl/openssl/dsa.h (98%) rename {include/TA => thirdparty/open_source}/openssl/openssl/e_os2.h (95%) rename {include/TA => thirdparty/open_source}/openssl/openssl/ec.h (99%) rename {include/TA => thirdparty/open_source}/openssl/openssl/ecdsa.h (68%) rename {include/TA => thirdparty/open_source}/openssl/openssl/ecerr.h (98%) rename {include/TA => thirdparty/open_source}/openssl/openssl/err.h (94%) rename {include/TA => thirdparty/open_source}/openssl/openssl/evp.h (99%) rename {include/TA => thirdparty/open_source}/openssl/openssl/evperr.h (98%) rename {include/TA => thirdparty/open_source}/openssl/openssl/hmac.h (100%) rename {include/TA => thirdparty/open_source}/openssl/openssl/kdf.h (99%) rename {include/TA => thirdparty/open_source}/openssl/openssl/kdferr.h (100%) rename {include/TA => thirdparty/open_source}/openssl/openssl/lhash.h (99%) rename {include/TA => thirdparty/open_source}/openssl/openssl/obj_mac.h (97%) rename {include/TA => thirdparty/open_source}/openssl/openssl/objects.h (99%) rename {include/TA => thirdparty/open_source}/openssl/openssl/objectserr.h (100%) rename {include/TA => thirdparty/open_source}/openssl/openssl/opensslconf.h (100%) rename {include/TA => thirdparty/open_source}/openssl/openssl/opensslv.h (99%) rename {include/TA => thirdparty/open_source}/openssl/openssl/ossl_typ.h (98%) rename {include/TA => thirdparty/open_source}/openssl/openssl/pem.h (97%) rename {include/TA => thirdparty/open_source}/openssl/openssl/pemerr.h (100%) rename {include/TA => thirdparty/open_source}/openssl/openssl/pkcs7.h (64%) rename {include/TA => thirdparty/open_source}/openssl/openssl/pkcs7err.h (84%) rename {include/TA => thirdparty/open_source}/openssl/openssl/rand.h (85%) rename {include/TA => thirdparty/open_source}/openssl/openssl/randerr.h (100%) rename {include/TA => thirdparty/open_source}/openssl/openssl/rsa.h (99%) rename {include/TA => thirdparty/open_source}/openssl/openssl/rsaerr.h (97%) rename {include/TA => thirdparty/open_source}/openssl/openssl/safestack.h (100%) rename {include/TA => thirdparty/open_source}/openssl/openssl/sha.h (97%) rename {include/TA => thirdparty/open_source}/openssl/openssl/stack.h (100%) rename {include/TA => thirdparty/open_source}/openssl/openssl/symhacks.h (100%) rename {include/TA => thirdparty/open_source}/openssl/openssl/x509.h (98%) rename {include/TA => thirdparty/open_source}/openssl/openssl/x509_vfy.h (99%) rename {include/TA => thirdparty/open_source}/openssl/openssl/x509err.h (95%) diff --git a/CHANGELOG b/CHANGELOG index 7e22858..e90d34c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,14 @@ -v0.1.0 (Apr 2, 2020) +v5.1.2 (Jun 21, 2021) +====== +Features: +--------- +* add support for cmake +v5.1.1 (May 21, 2021) +====== +Fixes: +------ +* The problem of storing the aeskey file is rectified, and the dependency on the pycryptodomex-3.10.1 plug-in package is introduced. +v5.1.0 (Apr 2, 2020) ====== Features: --------- diff --git a/README b/README new file mode 100644 index 0000000..6811e56 --- /dev/null +++ b/README @@ -0,0 +1,20 @@ +iTrustee SDK +============ + +Getting Started +--------------- +Before setup your own project, please download libboundscheck software for secure function library. +Decompress the openeuler-libboundscheck-master.zip package, then put this software to thirdparty/open_source path. +Ensure that the header file path is thirdparty/open_source/libboundscheck/include. +This software download address is https://gitee.com/openeuler/libboundscheck. + +build demo project: +$ cd test/CA/helloworld +$ make +$ cd test/TA/helloworld +$ make +copy build result CA executable file and TA binary(xxx.sec) to /vendor/bin/ +#the path "/vendor/bin/" may be changed as your opinion, make sure it consistent with the path defined in your TA's source code +$ /vendor/bin/demo_hello + +for more details please refor "iTrustee SDKֲ.chm" diff --git a/build/cmake/aarch64_toolchain.cmake b/build/cmake/aarch64_toolchain.cmake new file mode 100644 index 0000000..97dc45d --- /dev/null +++ b/build/cmake/aarch64_toolchain.cmake @@ -0,0 +1,14 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved. +# toolchain.cmake +set(CMAKE_SYSTEM_NAME Linux) +set(CMAKE_SYSTEM_PROCESSOR aarch64) + +#set(CMAKE_FIND_ROOT_PATH $ENV{TOOLCHAINS_ROOT}) + +set(CMAKE_C_COMPILER cc CACHE PATH "GCC 64 compiler") +set(CMAKE_LINKER ld CACHE PATH "GCC C64 LD") +set(CMAKE_OBJCOPY objcopy CACHE PATH "GCC 64 objcopy") + +set(CMAKE_SKIP_BUILD_RPATH TRUE CACHE BOOL "" FORCE) +set(CMAKE_C_CREATE_SHARED_LIBRARY " -o ") + diff --git a/build/cmake/common.cmake b/build/cmake/common.cmake new file mode 100644 index 0000000..f18d3f4 --- /dev/null +++ b/build/cmake/common.cmake @@ -0,0 +1,54 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved. +# compile flags +set(ITRUSTEE_BUILD_PATH $ENV{ITRUSTEE_BUILD_PATH}) +set(LIBC ${ITRUSTEE_BUILD_PATH}/thirdparty/open_source/musl) +set(LIBSECURE ${ITRUSTEE_BUILD_PATH}/thirdparty/open_source/libboundscheck) + +set(COMMON_INCLUDES + ${COMMON_INCLUDES} + ${LIBC}/libc + ${LIBC}/libc/arch/aarch64 + ${LIBC}/libc/arch/aarch64/bits + ${LIBC}/libc/arch/generic + ${LIBSECURE}/include + ${ITRUSTEE_BUILD_PATH}/include/TA + ${ITRUSTEE_BUILD_PATH}/include/TA/huawei_ext +) + +set(COMMON_CFLAGS + ${COMMON_CFLAGS} + -W + -Wall + -Werror + -fno-short-enums + -fno-omit-frame-pointer + -fstack-protector-strong + -Wextra + -nostdinc + -march=armv8-a -Os + -fPIC + -fno-common + -fsigned-char +) + +set(COMMON_LDFLAGS + ${COMMON_LDFLAGS} + "-s" + "SHELL:-z text" + "SHELL:-z now" + "SHELL:-z relro" + "SHELL:-z noexecstack" + "SHELL:-z max-page-size=0x1000" + "SHELL:-z common-page-size=0x1000" + "-shared" +) + +if ("${USE_SMEE}" STREQUAL "y") + list(APPEND COMMON_LDFLAGS + "-T${ITRUSTEE_BUILD_PATH}/build/tools/ta_link_64.smee.ld" + ) +else() + List(APPEND COMMON_LDFLAGS + "-T${ITRUSTEE_BUILD_PATH}/build/tools/ta_link_64.ld" + ) +endif() diff --git a/build/mk/common.mk b/build/mk/common.mk new file mode 100644 index 0000000..758e92d --- /dev/null +++ b/build/mk/common.mk @@ -0,0 +1,39 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved. +CUR_DIR=$(shell pwd) +ifeq ($(ITRUSTEE_BUILD_PATH), ) + ITRUSTEE_BUILD_PATH=${CUR_DIR}/../../.. +endif +SIGNTOOL_DIR=${ITRUSTEE_BUILD_PATH}/build/signtools + +LIBC=$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/musl +LIBSECURE=$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck + +# set compile parameters +CFLAGS += -W -Wall +CFLAGS += -Werror +CFLAGS += -fno-short-enums +CFLAGS += -fno-omit-frame-pointer +CFLAGS += -fstack-protector-strong +CFLAGS += -Wextra -nostdinc +CFLAGS += -march=armv8-a -Os -fPIC +CFLAGS += -fno-common -fsigned-char + +# set header directory +INCLUDEDIR += -I$(LIBC)/libc \ + -I$(LIBC)/libc/arch/aarch64 \ + -I$(LIBC)/libc/arch/aarch64/bits \ + -I$(LIBC)/libc/arch/generic + +INCLUDEDIR += -I$(LIBSECURE)/include + +INCLUDEDIR += -I$(ITRUSTEE_BUILD_PATH)/include/TA/ \ + -I$(ITRUSTEE_BUILD_PATH)/include/TA/huawei_ext/ \ + +# set LD flags +LDFLAGS += -s -z text -z now -z relro -z noexecstack -z max-page-size=0x1000 -z common-page-size=0x1000 -shared + +ifeq ($(USE_SMEE),y) + LDFLAGS += -T$(ITRUSTEE_BUILD_PATH)/build/tools/ta_link_64.smee.ld +else + LDFLAGS += -T$(ITRUSTEE_BUILD_PATH)/build/tools/ta_link_64.ld +endif diff --git a/build/pack-Config/Config_pre.py b/build/pack-Config/Config_pre.py new file mode 100644 index 0000000..39f3309 --- /dev/null +++ b/build/pack-Config/Config_pre.py @@ -0,0 +1,284 @@ +#!/usr/bin/env python +# coding=utf-8 +#---------------------------------------------------------------------------- +# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. +# Licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan +# PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY +# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +# tools for generating data for signing +#---------------------------------------------------------------------------- + +import struct +import os +import stat +import sys +import hashlib +import subprocess +import re +import logging +import shutil +import xml.etree.ElementTree as ET +sys.path.append('../signtools') +from dyn_conf_parser import parser_config_xml +from dyn_conf_parser import parser_dyn_conf + +CONFIG_VERSION = 2 +BASE_POLICY_VERSION_TEE = 0b001 + +XML2TLV_PARSE_TOOL_INDEX = 1 +XML2TLV_PY_VALUE = 1 << XML2TLV_PARSE_TOOL_INDEX + + +def get_policy_version(): + ''' get policy type ''' + policy_ver = BASE_POLICY_VERSION_TEE | XML2TLV_PY_VALUE + return policy_ver + + +def run_cmd(command): + ret = subprocess.run(command, shell=False, check=True) + if ret.returncode != 0: + logging.error("run command failed.") + sys.exit(1) + + +def whitelist_check(intput_str): + if not re.match(r"^[A-Za-z0-9\/\-_.]+$", intput_str): + return 1 + return 0 + + +class load_config_header: + str = struct.Struct('IHHIIIIIIIII') + + def __init__(self, data): + unpacked_data = (load_config_header.str).unpack(data.encode()) + self.unpacked_data = unpacked_data + self.magic_num = unpacked_data[0] + self.version = unpacked_data[1] + self.policy_versio = unpacked_data[2] + self.context_len = unpacked_data[3] + self.ta_cert_len = unpacked_data[4] + self.config_len = unpacked_data[5] + self.sign_verify_len = unpacked_data[6] + self.reserved1 = unpacked_data[7] + self.reserved2 = unpacked_data[8] + self.reserved3 = unpacked_data[9] + self.reserved4 = unpacked_data[10] + self.reserved5 = unpacked_data[11] + + def get_packed_data(self): + values = [self.magic_num, + self.version, + self.policy_version, + self.context_len, + self.ta_cert_len, + self.config_len, + self.sign_verify_len, + self.reserved1, + self.reserved2, + self.reserved3, + self.reserved4, + self.reserved5, + ] + return (load_config_header.str).pack(*values) + + +def pkg_config_header(hdr_len, magic_num, version, policy_version, \ + context_len, ta_cert_len, config_len, sign_verify_len): + config_hd_len = hdr_len + config_hd = load_config_header('\0' * config_hd_len) + config_hd.magic_num = magic_num + config_hd.version = version + config_hd.policy_version = policy_version + config_hd.context_len = context_len + config_hd.ta_cert_len = ta_cert_len + config_hd.config_len = config_len + config_hd.sign_verify_len = sign_verify_len + return config_hd + + +#---------------------------------------------------------------------------- +# generate hash use SHA256 +#---------------------------------------------------------------------------- +def generate_sha256_hash(in_buf): + # Initialize a SHA256 object from the Python hash library + obj = hashlib.sha256() + # Set the input buffer and return the output digest + obj.update(in_buf) + return obj.digest() + + +def check_dyn_perm(xml_config_file, input_path): + ''' check_dyn_perm ''' + xml_tree = ET.parse(xml_config_file) + xml_root = xml_tree.getroot() + drv_perm = None + for child in xml_root.findall('drv_perm'): + if child != '': + drv_perm = child + if os.path.exists(os.path.join(input_path, 'temp')): + out_save_file = os.path.join(input_path, \ + 'temp/configs_bak.xml') + xml_tree.write(out_save_file, encoding="utf-8") + xml_root.remove(child) + if drv_perm is not None: + newtree = ET.ElementTree(drv_perm) + if os.path.exists(os.path.join(input_path, 'temp')): + out_file = os.path.join(input_path, 'temp/dyn_perm.xml') + newtree.write(out_file, encoding="utf-8") + xml_tree.write(xml_config_file) + return 1 + return 0 + + +def creat_temp_folder(input_path_creat): + ''' creat temp ''' + creat_temp = os.path.join(input_path_creat, 'temp') + if os.path.exists(creat_temp): + shutil.rmtree(creat_temp) + temp_path = os.path.join(input_path_creat, 'temp') + cmd = ["mkdir", temp_path] + run_cmd(cmd) + + +def delete_temp_folder(input_path_delete): + ''' delete temp ''' + delete_temp = os.path.join(input_path_delete, 'temp') + delete_config_tlv = os.path.join(input_path_delete, 'config_tlv') + if os.path.exists(delete_temp): + shutil.rmtree(delete_temp) + if os.path.exists(delete_config_tlv): + os.remove(delete_config_tlv) + + +def convert_xml2tlv(xml_file, tlv_file, input_path): + ''' configs.xml exchange to tlv ''' + if (get_policy_version() & (1 << XML2TLV_PARSE_TOOL_INDEX)) == XML2TLV_PY_VALUE: + csv_dir = os.path.realpath(os.path.join(os.getcwd(), 'xml2tlv_tools/csv')) + tag_parse_dict_file_path = \ + os.path.join(csv_dir, 'tag_parse_dict.csv') + parser_config_xml(xml_file, tag_parse_dict_file_path, \ + tlv_file, input_path) + if os.path.isfile(tlv_file): + logging.critical("convert xml to tlv success") + else: + logging.error("convert xml to tlv failed") + raise RuntimeError + else: + logging.error("invlid policy version") + raise RuntimeError + + +def get_target_type_in_config(config_path, in_path): + ''' get target type ''' + tree = ET.parse(config_path) + flags = os.O_WRONLY | os.O_CREAT | os.O_EXCL + modes = stat.S_IRUSR | stat.S_IWUSR + drv_target_type = tree.find('./TA_Manifest_Info/target_type') + if drv_target_type is not None: + if drv_target_type.text == "1": + ans = "gpd.ta.dynConf:00000\n" + out_tlv = os.path.join(in_path, 'config_tlv') + with os.fdopen(os.open(out_tlv, flags, modes), 'w+') as conf: + conf.write(ans) + + +def gen_data_for_sign(input_path, ta_cert_path, config_cert_path): + ''' convert xml to tlv ''' + logging.critical(os.getcwd()) + creat_temp_folder(input_path) + tlv_dynconf_data = os.path.join(input_path, "config_tlv") + xml_config_file = os.path.join(input_path, "configs.xml") + tlv_config_file = os.path.join(input_path, "temp/configs_tlv") + if check_dyn_perm(xml_config_file, input_path) != 0: + sys.path.append('../signtools') + dyn_conf_xml_file_path = os.path.join(input_path, 'temp/dyn_perm.xml') + # may be use abspath + csv_dir = os.path.realpath(os.path.join(os.getcwd(), 'xml2tlv_tools/csv')) + tag_parse_dict_file_path = \ + os.path.join(csv_dir, 'tag_parse_dict.csv') + parser_dyn_conf(dyn_conf_xml_file_path, "", tag_parse_dict_file_path, input_path) + convert_xml2tlv(xml_config_file, tlv_config_file, input_path) + src_file_path = os.path.join(input_path, 'temp/configs_bak.xml') + cmd = ["mv", src_file_path, xml_config_file] + run_cmd(cmd) + else: + convert_xml2tlv(xml_config_file, tlv_config_file, input_path) + get_target_type_in_config(xml_config_file, input_path) + config_cert_size = 0 + if os.path.exists(config_cert_path): + config_cert_size = os.path.getsize(config_cert_path) + + if os.path.exists(tlv_dynconf_data): + with open(tlv_config_file, 'rb') as tlv_config_fp: + tlv_config_buf = \ + tlv_config_fp.read(os.path.getsize(tlv_config_file)) + with open(tlv_dynconf_data, 'rb') as tlv_dynconf_fp: + tlv_config_buf = tlv_config_buf + \ + tlv_dynconf_fp.read(os.path.getsize(tlv_dynconf_data)) + b"\n" + tlv_data_size = len(tlv_config_buf) + else: + tlv_data_size = os.path.getsize(tlv_config_file) + with open(tlv_config_file, 'rb') as tlv_config_fp: + tlv_config_buf = tlv_config_fp.read(tlv_data_size) + + ta_cert_size = 4 + os.path.getsize(ta_cert_path) + with open(ta_cert_path, 'rb') as ta_cert_fp: + ta_cert_buf = struct.pack('I', 1) + ta_cert_fp.read(ta_cert_size) + + sign_data_size = 4 + 4 + 4 + config_cert_size + 512 + + config_hd_len = 44 + context_size = ta_cert_size + tlv_data_size + sign_data_size + config_header = pkg_config_header(config_hd_len, 0xABCDABCD, \ + CONFIG_VERSION, get_policy_version(), \ + context_size, ta_cert_size, tlv_data_size, sign_data_size) + + logging.critical(os.getcwd()) + data_for_sign = os.path.join(input_path, "data_for_sign") + fd_sign = os.open(data_for_sign, os.O_WRONLY | os.O_CREAT, \ + stat.S_IWUSR | stat.S_IRUSR) + data_for_sign_fp = os.fdopen(fd_sign, "wb") + data_for_sign_fp.write(config_header.get_packed_data()) + data_for_sign_fp.write(ta_cert_buf) + data_for_sign_fp.write(tlv_config_buf) + data_for_sign_fp.close() + delete_temp_folder(input_path) + + +def main(): + argvs = sys.argv + ta_input_path = argvs[1] + ta_cert_path = argvs[2] + config_cert_path = argvs[3] + if not os.path.exists(ta_input_path): + logging.error("ta_input_path does not exist.") + sys.exit(1) + if not os.path.exists(ta_cert_path): + logging.error("ta_cert_path does not exist.") + sys.exit(1) + if not os.path.exists(config_cert_path): + # cloud Product Signing Config May Not Have Certificates + logging.error("config_cert_path does not exist.") + + if whitelist_check(ta_input_path): + logging.error("ta_input_path is incorrect.") + sys.exit(1) + if whitelist_check(ta_cert_path): + logging.error("ta_cert_path is incorrect.") + sys.exit(1) + if whitelist_check(config_cert_path): + logging.error("config_cert_path is incorrect.") + sys.exit(1) + gen_data_for_sign(ta_input_path, ta_cert_path, config_cert_path) + + +if __name__ == '__main__': + main() diff --git a/build/pack-Config/ReadMe.txt b/build/pack-Config/ReadMe.txt new file mode 100644 index 0000000..4eae5ad --- /dev/null +++ b/build/pack-Config/ReadMe.txt @@ -0,0 +1,18 @@ +使用说明 +1.taconfig.der(证书)和config_cert_private.key(私钥)放入config_cert文件夹下 + =>放置taconfig.der(证书)和config_cert_private.key(私钥)至换当前目录config_cert文件夹下,注意保持文件名一致 + =>taconfig.der(证书)为config证书,该证书应由导入证书CA签发(三方TA),证书内保存的公钥对应私钥为taconfig_key.pem + =>config_cert_private.key为taconfig.der证书公钥对应私钥,用来对signature段签名 +2.TA开发者的证书ta_cert.der放至在ta_cert目录 + =>ta_cert.der证书应至在ta_cert目录,该证书应由导入证书CA签发(三方TA),证书内保存的公钥用来验签TA +3.configs.xml文件放至在input目录 + =>configs.xml保存TA基础信息 +4.生成config二进制 + =>所需文件:input/configs.xml、config_cert/taconfig.der、config_cert/config_cert_private.key、ta_cert/ta_cert.der + =>生成待签名文件data_for_sign: python3 Config_pre.py input/ ${ta_cert_dir}/ta_cert.der ${config_cert_dir}/taconfig.der + =>生成签名文件data_for_sign.rsa(仅举例): openssl dgst -sign ${config_cert_dir}/config_cert_private.key -sha256 -out data_for_sign.rsa data_for_sign + =>生成config(使用公钥)python3 config_v2.py input/ output/ TYPE_PUBKEY + =>生成config(使用证书)cp ${config_cert_dir}/taconfig.der input/ ; python3 config_v2.py input/ output/ TYPE_CERT +5.config二进制生成在output目录 + =>参考local_sign.sh(包含步骤5中流程) + diff --git a/build/pack-Config/config_cert/ReadMe.txt b/build/pack-Config/config_cert/ReadMe.txt new file mode 100644 index 0000000..40fde8a --- /dev/null +++ b/build/pack-Config/config_cert/ReadMe.txt @@ -0,0 +1,2 @@ +1.config cert signed by CA +2.private key of config cert used for signing TA/DRV configuration diff --git a/build/pack-Config/config_v2.py b/build/pack-Config/config_v2.py new file mode 100644 index 0000000..7c801b4 --- /dev/null +++ b/build/pack-Config/config_v2.py @@ -0,0 +1,122 @@ +#!/usr/bin/env python +# coding=utf-8 +#---------------------------------------------------------------------------- +# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. +# Licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan +# PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY +# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +# tools for generating a signed config +#---------------------------------------------------------------------------- + +import struct +import os +import stat +import sys +import re +import configparser +import logging + +CONFIG_VERSION = 2 + + +class Configuration: + ''' Configuration ''' + sign_alg = "RSA_PKCS1" + + def __init__(self, file_name): + parser = configparser.ConfigParser() + parser.read(file_name) + self.sign_alg = parser.get("signConfigPrivateCfg", "configSignAlg") + if whitelist_check(self.sign_alg): + logging.error("configSignAlg is invalid.") + sys.exit(1) + + +def whitelist_check(intput_str): + if not re.match(r"^[A-Za-z0-9\/\-_.]+$", intput_str): + return 1 + return 0 + + +def gen_config_section(input_path, output_path, verify_type): + ''' generate config file section ''' + data_for_sign = os.path.join(input_path, "data_for_sign") + signature = os.path.join(input_path, "data_for_sign.rsa") + signed_config = os.path.join(output_path, "config") + config_certpath = os.path.join(input_path, "taconfig.der") + + config_path = input_path + '/../../signtools' + config_file = os.path.join(config_path, "config_tee_private_sample.ini") + if not os.path.exists(config_file): + logging.critical("config_tee_private_sample.ini is not exist.") + sign_conf_alg = 1 + else: + cfg = Configuration(config_file) + if cfg.sign_alg == "RSA_PKCS1": + sign_conf_alg = 1 + elif cfg.sign_alg == "RSA_PSS": + sign_conf_alg = 3 + elif cfg.sign_alg == "ECDSA": + sign_conf_alg = 2 + + data_for_sign_size = os.path.getsize(data_for_sign) + with open(data_for_sign, 'rb') as data_for_sign_fp: + data_for_sign_buf = data_for_sign_fp.read(data_for_sign_size) + + signature_size = os.path.getsize(signature) + with open(signature, 'rb') as signature_fp: + signature_buf = signature_fp.read(signature_size) + + if(verify_type == "TYPE_PUBKEY"): + sign_verify_buf = struct.pack('III', 0, sign_conf_alg, 0) + signature_buf + elif(verify_type == "TYPE_CERT"): + config_cert_size = os.path.getsize(config_certpath) + with open(config_certpath, 'rb') as config_cert_fp: + config_cert_buf = config_cert_fp.read(config_cert_size) + sign_verify_buf = struct.pack('III', 1, sign_conf_alg, config_cert_size) + \ + config_cert_buf + signature_buf + + fd_sign = os.open(signed_config, os.O_WRONLY | os.O_CREAT, \ + stat.S_IWUSR | stat.S_IRUSR) + signed_config_fp = os.fdopen(fd_sign, "wb") + # write data (header + ta cert + tlv config) + signed_config_fp.write(data_for_sign_buf) + # write config cert + signed_config_fp.write(sign_verify_buf) + signed_config_fp.close() + + +def main(): + argvs = sys.argv + input_file = argvs[1] + output_file = argvs[2] + verify_type = argvs[3] + if not os.path.exists(input_file): + logging.error("input does not exist.") + exit() + if not os.path.exists(output_file): + logging.error("ta_cert_path does not exist.") + exit() + + if whitelist_check(input_file): + logging.error("input is incorrect.") + exit() + if whitelist_check(output_file): + logging.error("output is incorrect.") + exit() + if whitelist_check(verify_type): + logging.error("output is incorrect.") + exit() + + gen_config_section(input_file, output_file, verify_type) + + +if __name__ == '__main__': + main() + diff --git a/build/pack-Config/input/configs.xml b/build/pack-Config/input/configs.xml new file mode 100644 index 0000000..631a708 --- /dev/null +++ b/build/pack-Config/input/configs.xml @@ -0,0 +1,15 @@ + + + + demo + 00000000-0000-0000-0000-000000000000 + + + false + 2048 + 20480 + false + true + true + + diff --git a/build/pack-Config/local_sign.sh b/build/pack-Config/local_sign.sh new file mode 100644 index 0000000..a3657e0 --- /dev/null +++ b/build/pack-Config/local_sign.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# make config binary +# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. +# Licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan +# PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY +# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +set -e +# generate and sign the config binary with local private key. + +work_dir=$(pwd) +input_dir=${work_dir}/"input" +config_cert_dir=${work_dir}/"config_cert" +ta_cert_dir=${work_dir}/"ta_cert" + +# prepare data for been signed. +python3 Config_pre.py input/ ${ta_cert_dir}/ta_cert.der ${config_cert_dir}/taconfig.der + +# begin sign. +cd ${input_dir} +if [ ! -f "data_for_sign" ]; then + echo "can't find data for sign" + echo "sign fail!" + exit -1 +fi + +# config_cert_private.key is the private key of the config certificate. +openssl dgst -sign ${config_cert_dir}/config_cert_private.key -sha256 -sigopt rsa_padding_mode:pss \ + -sigopt rsa_pss_saltlen:-1 -out data_for_sign.rsa data_for_sign + +# generate config binary +cd ${work_dir} + +if [ -f "${config_cert_dir}/taconfig.der" ]; then + echo "make config with config cert" + cp ${config_cert_dir}/taconfig.der ${input_dir}/ + python3 config_v2.py input/ output/ TYPE_CERT +else + python3 config_v2.py input/ output/ TYPE_PUBKEY +fi + +# clean +cd $input_dir +[ -f "$input_dir"/data_for_sign ] && rm data_for_sign +[ -f "$input_dir"/data_for_sign.rsa ] && rm data_for_sign.rsa +[ -f "$input_dir"/configs_tlv ] && rm configs_tlv +[ -f "$input_dir"/*.der ] && rm *.der + +if [ "$?" == 0 ]; then + echo "generate config binary success" + exit 0 +else + echo "generate config binary failed" + exit 1 +fi diff --git a/build/pack-Config/output/ReadMe.txt b/build/pack-Config/output/ReadMe.txt new file mode 100644 index 0000000..cbf7ad2 --- /dev/null +++ b/build/pack-Config/output/ReadMe.txt @@ -0,0 +1 @@ +output the signed perm_config diff --git a/build/pack-Config/ta_cert/ReadMe.txt b/build/pack-Config/ta_cert/ReadMe.txt new file mode 100644 index 0000000..cabddd4 --- /dev/null +++ b/build/pack-Config/ta_cert/ReadMe.txt @@ -0,0 +1 @@ +TA cert signed by CA to verify the identify of TA diff --git a/build/pack-TA/Readme.txt b/build/pack-TA/Readme.txt new file mode 100644 index 0000000..05a2a56 --- /dev/null +++ b/build/pack-TA/Readme.txt @@ -0,0 +1,12 @@ +1.TA Signature Packing Preparation Materials, and put these files to build/pack-TA/input folder: +1).libcombine.so TA compilation product +2).manifest.txt Basic TA configuration information +3).config.mk file + +2.Generate rsa key pair by cmd:openssl genrsa -out private_key.pem 4096, +then put this file to build/signtools/TA_cert/, file name must be private_key.pem. + +3.Apply for the TA config certificate from the Huawei contact person, then put this file to +build/signtools/signed_config/, file name must be config. + +4.Run build_TA_Linux_release.sh script. Obtain the signed TA product sec file from build/pack-TA/output folder. \ No newline at end of file diff --git a/build/pack-TA/build_ta.sh b/build/pack-TA/build_ta.sh new file mode 100644 index 0000000..97a6e0a --- /dev/null +++ b/build/pack-TA/build_ta.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Description: preare toolchains and env for build ta. +# Copyright @ Huawei Technologies Co., Ltd. 2021-2022. All rights reserved. +# Licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan +# PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY +# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +set -e + +LOCAL_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +ITRUSTEE_SDK_PATH=$LOCAL_PATH/../signtools/ + +INPUT_PATH=$LOCAL_PATH/input +OUTPUT_PATH=$LOCAL_PATH/output + +python3 -B ${ITRUSTEE_SDK_PATH}/signtool_v3.py ${INPUT_PATH} ${OUTPUT_PATH} --privateCfg ${ITRUSTEE_SDK_PATH}/config_cloud.ini diff --git a/build/pack-TA/input/Readme.txt b/build/pack-TA/input/Readme.txt new file mode 100644 index 0000000..28ae7f5 --- /dev/null +++ b/build/pack-TA/input/Readme.txt @@ -0,0 +1,4 @@ +TA Signature Packing Preparation Materials, and put these files in this folder: +1).libcombine.so TA compilation product +2).manifest.txt Basic TA configuration information +3).config.mk file \ No newline at end of file diff --git a/build/pack-TA/output/Readme.txt b/build/pack-TA/output/Readme.txt new file mode 100644 index 0000000..da8f565 --- /dev/null +++ b/build/pack-TA/output/Readme.txt @@ -0,0 +1 @@ +The final TA sec file is generated in this path. \ No newline at end of file diff --git a/build/signtools/auth_conf_parser.py b/build/signtools/auth_conf_parser.py new file mode 100644 index 0000000..cf525b1 --- /dev/null +++ b/build/signtools/auth_conf_parser.py @@ -0,0 +1,260 @@ +#!/usr/bin/env python3 +# coding=utf-8 +#---------------------------------------------------------------------------- +# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. +# Licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan +# PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY +# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +# tools for parsering the dynamic ca caller infomation +#---------------------------------------------------------------------------- +from __future__ import absolute_import +import os +import stat +import logging +import hashlib +import struct +from ctypes import create_string_buffer +from ctypes import c_uint32 +from ctypes import sizeof +from ctypes import memmove +from ctypes import byref +from defusedxml import ElementTree as ET + +logging.basicConfig(level=logging.INFO, + format='%(asctime)s line:%(lineno)d %(levelname)s:%(name)s:%(message)s', + datefmt='%H:%M:%S' + ) + + +# caller base config +MAX_CALLER_NUM = 16 +MAX_CMDLINE_LEN = 256 +MAX_USERNAME_LEN = 256 +AUTH_CONFIG_KEY = "gpd.ta.auth:" +DEFAULT_AUTH_TYPE_UID = True + + +# init caller info +g_caller_num = 0 +g_caller_enable = 1 +g_hash_byte_list = bytes("", 'utf-8') +g_auth_type = True # default auth type: cmdline + uid +g_big_endian = False + + +def print_hash(byte_buf): + """ print caller hash """ + buf = [hex(int(i)) for i in byte_buf] + logging.info(" ".join(buf)) + + +def calc_sha256(buf): + """ calcuate sha256 """ + md = hashlib.sha256() + md.update(buf) + return md.digest() + + +def calc_cmdline_uid_hash(cmdline, uid): + """ calcuate cmdline||uid hash """ + c_uid = c_uint32(uid) + c_str = create_string_buffer(cmdline.encode('utf-8'), len(cmdline) + sizeof(c_uid)) + memmove(byref(c_str, len(c_str.value)), byref(c_uid), sizeof(c_uid)) + return calc_sha256(c_str) + + +def calc_cmdline_username_hash(cmdline, username): + """ calcuate cmdline||username hash """ + c_str = create_string_buffer((cmdline + username).encode('utf-8'), len(cmdline) + MAX_USERNAME_LEN) + return calc_sha256(c_str) + + +def check_auth_enable_type(value): + """ check auth_enable type """ + if len(value) == 0: + raise RuntimeError("auth_enable value must be configured") + if value != "true" and value != 'false': + raise RuntimeError("auth_enable value must be true or false", value) + + +def get_auth_enable_value(value): + """ check auth_enable value """ + global g_caller_enable + if value == "false": + g_caller_enable = 0 + else: + g_caller_enable = 1 + + +def check_auth_type(value): + """ check auth type """ + if len(value) == 0: + raise RuntimeError("auth_uid_type value must be configured") + if value != "true" and value != 'false': + raise RuntimeError("auth_uid_type value must be true or false", value) + + +def get_auth_type_value(value): + """ check auth type value """ + global g_auth_type + if value == "false": + g_auth_type = False + else: + g_auth_type = True + + +def check_item_type(item): + """ check item value """ + if item.tag != "item" or len(item.attrib) != 2: + raise RuntimeError("invaild item attrib", item.tag, item.attrib, len(item.attrib)) + + +def check_cmdline_type(value): + """ check cmdline type """ + if len(value) == 0 or len(value) > MAX_CMDLINE_LEN: + raise RuntimeError("invaild cmdline, the cmdline length must be in range (0, {}]".format(MAX_CMDLINE_LEN), \ + value, len(value)) + + +def check_uid_type(value): + """ check uid type """ + if int(value, 10) > 0xffffffff or int(value, 10) < 0: + raise RuntimeError("invaild uid, the uid value must be in [0, 0xffffffff]", value) + + +def check_username_type(value): + """ check username type """ + if len(value) == 0 or len(value) > MAX_USERNAME_LEN: + raise RuntimeError("invaild username, the username length must be in range (0, {}]".format(MAX_USERNAME_LEN), \ + value, len(value)) + + +def get_item_value(item, auth_type): + """ get item value """ + cmdline = "" + uid = 0 + username = "" + caller_hash = "" + global g_caller_num + global g_hash_byte_list + + if auth_type == DEFAULT_AUTH_TYPE_UID: + attr_key = "uid" + else: + attr_key = "username" + + for attr in item.attrib: + value = item.attrib[attr] + if attr == "cmdline": + check_cmdline_type(value) + cmdline = value + elif attr == attr_key: + if auth_type == DEFAULT_AUTH_TYPE_UID: + check_uid_type(value) + uid = int(value, 10) + else: + check_username_type(value) + username = value + else: + raise RuntimeError("invaild item attr", attr) + + if auth_type == DEFAULT_AUTH_TYPE_UID: + caller_hash = calc_cmdline_uid_hash(cmdline, uid) + logging.info("cmdline %s, uid %s", cmdline, uid) + else: + caller_hash = calc_cmdline_username_hash(cmdline, username) + logging.info("cmdline %s, username %s", cmdline, username) + print_hash(caller_hash) + if g_big_endian is True: + pack_format = ">32s" + else: + pack_format = "32s" + g_hash_byte_list = g_hash_byte_list + struct.pack(pack_format, caller_hash) + g_caller_num = g_caller_num + 1 + if g_caller_num > MAX_CALLER_NUM: + raise RuntimeError("Exceed max caller num", MAX_CALLER_NUM) + + +def handle_auth_base_info(child): + """ handle auth_base_info """ + for attr in child.attrib: + if attr == "auth_enable": + check_auth_enable_type(child.attrib.get(attr)) + get_auth_enable_value(child.attrib.get(attr)) + elif attr == "auth_type_uid": + check_auth_type(child.attrib.get(attr)) + get_auth_type_value(child.attrib.get(attr)) + else: + raise RuntimeError("invaild auth_base_info attrib", attr) + + +def handle_auth_item(child, auth_type): + """ handle auth item """ + for item in child: + check_item_type(item) + get_item_value(item, auth_type) + + +def do_parser_auth_conf(root): + """ do parser auth config """ + auth_tag = "auth_cmdline_uid" + xml_line_num = 0 + for child in root: + if child.tag == "auth_base_info": + if xml_line_num != 0: + raise RuntimeError("the auth_base_info must be configured first") + handle_auth_base_info(child) + if g_auth_type != DEFAULT_AUTH_TYPE_UID: + auth_tag = "auth_cmdline_username" + elif child.tag == auth_tag: + handle_auth_item(child, g_auth_type) + else: + raise RuntimeError("not support xml tag", child.tag) + xml_line_num = xml_line_num + 1 + + +def parser_auth_xml(auth_xml_file_path, manifest_ext_path, big_endian=False): + """ parser auth xml """ + global g_caller_num + global g_hash_byte_list + global g_big_endian + + g_big_endian = big_endian + + if not os.path.exists(auth_xml_file_path): + raise RuntimeError("auth_config.xml file doesn't exist") + + tree = ET.parse(auth_xml_file_path) + root = tree.getroot() + + # parser auth config + do_parser_auth_conf(root) + + # gen auth header + if g_caller_enable == 0: + g_caller_num = 0 + g_hash_byte_list = bytes("", 'utf-8') + + if g_big_endian is True: + pack_format = ">II" + else: + pack_format = "II" + auth_header = struct.pack(pack_format, g_caller_enable, g_caller_num) + + #write auth to mani_ext + if not os.path.exists(manifest_ext_path): + fd_ext = os.open(manifest_ext_path, os.O_WRONLY | os.O_CREAT, stat.S_IWUSR | stat.S_IRUSR) + else: + fd_ext = os.open(manifest_ext_path, os.O_RDWR, 0o600) + with os.fdopen(fd_ext, 'ba+') as fp_mani_ext: + fp_mani_ext.write(bytes(AUTH_CONFIG_KEY, "utf-8")) + fp_mani_ext.write(auth_header) + fp_mani_ext.write(g_hash_byte_list) + fp_mani_ext.write(bytes("\n", "utf-8")) + fp_mani_ext.close() diff --git a/build/signtools/config_cloud.ini b/build/signtools/config_cloud.ini new file mode 100644 index 0000000..b366ad8 --- /dev/null +++ b/build/signtools/config_cloud.ini @@ -0,0 +1,60 @@ +[signSecPrivateCfg] +;;; +;private key length for signing TA: +;[fixed value] +;256 ECDSA Alg +;2048/4096 RSA Alg +secSignKeyLen = 4096 +;;; +;[fixed value] +;0 means SHA256 hash type +;1 means SHA512 hash type +secHashType = 0 +;;; +; [fixed value] +;0 means padding type is pkcs1v15 +;1 means padding type is PSS +;[fixed value] +secPaddingType = 1 +;;; +;[fixed value] +;RSA alg +;ECDSA alg +;SM2 alg +secSignAlg = RSA +;;; +;public key for encrypt TA +secEncryptKey = rsa_public_key_cloud.pem +;;; +;public key length +secEncryptKeyLen = 3072 + +[signSecPublicCfg] +;;; +;[fixed value] +; sec sign key type +;0 means debug +;1 means release +secReleaseType = 1 +;;; +;0 means TA not installed by OTRP +;1 means TA installed by OTRP +secOtrpFlag = 0 +;;; +;0 means not sign +;1 means signed by local private +;2 means signed using native sign tool; +;3 means signed by CI +;[fixed value] +secSignType = 1 +;;; +;server address for signing TA +secSignServerIp = +;;; +;private key for signing TA +;[private key owned by yourself] +secSignKey = TA_cert/private_key.pem +;;; +;config file +;[signed config file by Huawei] +configPath = signed_config/config diff --git a/build/signtools/config_tee_private_sample.ini b/build/signtools/config_tee_private_sample.ini new file mode 100644 index 0000000..5b2bb9c --- /dev/null +++ b/build/signtools/config_tee_private_sample.ini @@ -0,0 +1,35 @@ +[signSecPrivateCfg] +;;; +;private key length for signing TA +secSignKeyLen = 4096 +;;; +;0 means SHA256 hash type +;1 means SHA512 hash type +secHashType = 0 +;;; +; Fixed value +;1 means padding type is PSS +secPaddingType = 1 +;;; +;RSA alg +;ECDSA alg +secSignAlg = RSA +[signConfigPrivateCfg] +;;; +; Fixed value +;0 config证书 +configVersion = 0 +;;; +; Fixed value 1 +configPolicy = 1 +;;; +;RSA_PKCS1 alg +;RSA_PSS alg +;ECDSA alg +configSignAlg = RSA_PSS +;;; +;1 means signed by local private +configSignType = 1 +;;; +;private key for signing TA +configSignKey = taconfig_key.pem diff --git a/build/signtools/dyn_conf_checker.py b/build/signtools/dyn_conf_checker.py new file mode 100644 index 0000000..64eeaf2 --- /dev/null +++ b/build/signtools/dyn_conf_checker.py @@ -0,0 +1,512 @@ +#!/usr/bin/env python3 +# coding=utf-8 +#---------------------------------------------------------------------------- +# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. +# Licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan +# PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY +# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +# tools for generating a trusted application dyn perm checker +#---------------------------------------------------------------------------- + + +import re +import uuid + +uuid_split_sym_list = ['-'] +spilt_sym_list = [';', '|', ','] +unused_sym_list = ['_'] +unique_list = [] +permission_unique_dict = {} +cmd_unique_dict = {} + + +def check_csv_sym(value): + + for sym in value: + if sym in unused_sym_list: + continue + elif sym >= 'A' and sym <= 'Z': + continue + elif sym >= 'a' and sym <= 'z': + continue + elif sym >= '0' and sym <= '9': + continue + else: + raise RuntimeError("has invalid sym in csv", value) + + +def classify_uuid_list(value): + + ans = "" + uuid_list = value.split(',') + for uuid_item in uuid_list: + ans = "%s%s," % (ans, str(uuid.UUID(uuid_item))) + + return ans[:len(ans) - 1].strip() + + +def check_context_sym(old_item, attr, value): + + if len(value) == 0: + return -1 + + for sym in value: + if sym in uuid_split_sym_list: + continue + elif sym in spilt_sym_list: + continue + elif sym in unused_sym_list: + continue + elif sym >= 'A' and sym <= 'Z': + continue + elif sym >= 'a' and sym <= 'z': + continue + elif sym >= '0' and sym <= '9': + continue + else: + raise RuntimeError("has invalid sym in xml", \ + old_item + attr, value) + return 0 + + +def do_split_and_classify(old_item, attr, split_sym_index, value): + + ans = "" + value_list = value.split(spilt_sym_list[split_sym_index]) + for val in value_list: + val = val.strip() + if len(val) == 0: + raise RuntimeError("cannot split empty region", value) + if split_sym_index == len(spilt_sym_list) - 1: + if check_context_sym(old_item, attr, val) != 0: + raise RuntimeError("xml attrib cannot be NULL", \ + old_item + attr, value) + ans += val + spilt_sym_list[split_sym_index] + else: + ans += do_split_and_classify(old_item, attr, split_sym_index + 1,\ + val) + spilt_sym_list[split_sym_index] + + return ans[: len(ans) - 1] + + +def check_and_classify_attr(old_item, attr, value): + + if len(value) == 0: + raise RuntimeError("tag %s%s is NULL in xml" % (old_item, attr)) + + value = do_split_and_classify(old_item, attr, 0, value) + + if attr == "uuid": + value = classify_uuid_list(value) + + return value + + +def check_iomap_range(iomap_range): + + if len(iomap_range) == 0: + raise RuntimeError("you must define iomap_range") + + iomap_range.replace(" ", "") + iomap_ranges = iomap_range.split(";") + for iomap in iomap_ranges: + addrs = iomap.split(",") + # check if range is start,end format + if len(addrs) == 0: + continue + + if len(addrs) != 2: + raise RuntimeError("iomap must be start1,end1;\ +start2,end2....", addrs) + + if '0x' not in addrs[0] or '0x' not in addrs[1]: + raise RuntimeError("addr must be hex like \ +0xF8555000", addrs[0], addrs[1]) + + # check if addr is 4K aligned + start = int(addrs[0], 16) + end = int(addrs[1], 16) + if start > 0xffffffffffffffff or end > 0xffffffffffffffff: + raise RuntimeError("addr is so large", addrs[0], addrs[1]) + if start % 0x1000 != 0 or end % 0x1000 != 0: + raise RuntimeError("addr must be 4K aligned", addrs[0], addrs[1]) + if end <= start: + raise RuntimeError("iomap range start must \ +smaller than end ", addrs[0], addrs[1]) + + return 0 + + +def check_thread_limit(value): + + if len(value) > 0: + thread_limit = int(value) + if thread_limit > 0xffffffff or thread_limit <= 0: + raise RuntimeError("thread_limit is invalid", thread_limit) + + +def check_upgrade(value): + + if len(value) > 0: + if value.lower() != 'true' and value.lower() != 'false': + raise RuntimeError("upgrade must be true or false", value) + + +def check_virt2phys(value): + + if len(value) > 0: + if value.lower() != 'true' and value.lower() != 'false': + raise RuntimeError("virt2phys must be true or false", value) + + +def check_exception_mode(value): + + if value != "restart" and value != "syscrash" and value != "ddos": + raise RuntimeError("unknown exception mode", value) + + +def check_chip_type(attrib, value): + + if len(value) == 0: + raise RuntimeError("chip_type cannot be NULL") + + if not re.match(r"[A-Za-z0-9_,]*$", value): + raise RuntimeError("there has invalid sym in chip type", value) + + chips = value.split(",") + for chip in chips: + chip_item = chip.lower().strip() + if len(chip_item) > 31: + raise RuntimeError("{} length is larger than 31".format(chip_item), chip_item) + + flag = 0 + for attr in attrib: + if attr != "chip_type": + flag = 1 + break + if flag == 0: + raise RuntimeError("you cannot only set chip_type in item") + + +def check_drv_name(value): + + if len(value) > 31 or len(value) == 0: + raise RuntimeError("drv name should not be NULL or \ +length larger than 31", value) + + +def check_irq(value): + + if len(value) == 0: + raise RuntimeError("irq cannot be NULL") + + if ';' in value or '|' in value: + raise RuntimeError("irq can only split by ,", value) + + irq_list = value.split(',') + for irq in irq_list: + num = int(irq, 10) + if num < 32: + raise RuntimeError("irq shoule not smaller than 32", value) + + +def check_map_secure_uuid(attrib, value): + + if len(value) != 36: + raise RuntimeError("uuid len is invalid", value) + + flag = 0 + for attr in attrib: + if attr == "region": + flag = 1 + + if flag == 0: + raise RuntimeError("please set region in map secure item", attrib) + + +def check_map_secure_region(attrib, value): + + if len(value) == 0: + raise RuntimeError("region cannot be NULL") + + flag = 0 + for attr in attrib: + if attr == "uuid": + flag = 1 + + if flag == 0: + raise RuntimeError("please set uuid in map secure item", attrib) + + check_iomap_range(value) + + +def check_drv_cmd_perm_info_item_permission(attrs, perm): + + if len(perm) == 0: + raise RuntimeError("permssion len should not be NULL") + + if not re.match(r"^[0-9]*$", perm): + raise RuntimeError("there has invalid sym in perm", perm) + + if int(perm, 10) > 64 or int(perm, 10) < 1: + raise RuntimeError("perm can only in range 1-64", perm) + + flag = 0 + + for attr in attrs: + if attr == "cmd" and len(attrs[attr]) != 0: + flag = 1 + break + + if flag == 0: + raise RuntimeError("you should set cmd while you set cmd permission") + + +def check_drv_cmd_perm_info_item_cmd(attrs, dyn_key): + + if len(dyn_key) == 0: + raise RuntimeError("dyn_key len should not be 0") + + flag = 0 + + cmd = "" + for attr in attrs: + if attr == "permission" and len(attrs[attr]) != 0: + flag = 1 + if attr == "cmd" and len(attrs[attr]) != 0: + cmd = attrs[attr] + if (dyn_key, attrs[attr]) in unique_list: + raise RuntimeError("one cmd can only set \ +permission once", attrs[attr]) + + unique_list.append((dyn_key, cmd)) + + if flag == 0: + raise RuntimeError("you should set permission while \ +you set cmd permission") + + +def check_mac_info_item_permission(attrs, perm): + + if len(perm) == 0: + raise RuntimeError("permssion len should not be 0") + + if ',' in perm or ';' in perm: + raise RuntimeError("multi permssion can only split by | ", perm) + + flag = 0 + + for attr in attrs: + if attr == "uuid" and len(attrs[attr]) != 0: + flag = 1 + break + + if flag == 0: + raise RuntimeError("you should set uuid while \ +you set drvcall's permission") + + for perm_num in perm.split("|"): + if int(perm_num, 10) > 64 or int(perm_num, 10) < 1: + raise RuntimeError("perm can only in range 1-64", perm) + + +def check_mac_info_item_uuid(attrs, dyn_key): + + if len(dyn_key) == 0: + raise RuntimeError("dyn_key len should not be 0") + + uuid_str = "" + for attr in attrs: + if attr == "uuid" and len(attrs[attr]) != 0: + uuid_str = attrs[attr] + if ',' in uuid_str: + raise RuntimeError("uuid in mac can only set one", uuid_str) + if (dyn_key, uuid_str) in unique_list: + raise RuntimeError("uuid can only set once in mac", uuid_str) + + unique_list.append((dyn_key, uuid_str)) + + +def check_permssion_unique(value, origin_value): + + value_list = value.split("|") + origin_value_list = origin_value.split("|") + if len(value) == 0 or len(value_list) != len(origin_value_list): + RuntimeError("permssion trans by csv failed", value, origin_value) + + for (i, _) in enumerate(value_list): + if value_list[i] in permission_unique_dict.keys() and \ + permission_unique_dict.get(value_list[i]) != origin_value_list[i]: + raise RuntimeError("different permission set same num in csv",\ + value, origin_value) + permission_unique_dict[value_list[i]] = origin_value_list[i] + + +def check_cmd_unique(value, origin_value): + + value_list = value.split("|") + origin_value_list = origin_value.split("|") + if len(value) == 0 or len(value_list) != len(origin_value_list): + RuntimeError("cmd trans by csv failed", value, origin_value) + + for (i, _) in enumerate(value_list): + if value_list[i] in cmd_unique_dict.keys() and \ + cmd_unique_dict.get(value_list[i]) != origin_value_list[i]: + raise RuntimeError("different cmd set same num in csv", \ + value, origin_value) + cmd_unique_dict[value_list[i]] = origin_value_list[i] + + +def check_perm_apply_item(attrs, perm): + + if len(perm) == 0: + raise RuntimeError("permssion len should not be 0") + + flag = 0 + + for attr in attrs: + if attr == "name" and len(attrs[attr]) != 0: + flag = 1 + break + + if flag == 0: + raise RuntimeError("you should set drv's name while \ +you set drv's permission") + + +def check_ta_config_service_name(service_name): + + if len(service_name) == 0 or len(service_name) >= 40: + raise Exception("service name is invalid", service_name) + + +def check_ta_config_stack_size(stack_size): + + if int(stack_size, 10) > 0xffffffff or int(stack_size, 10) <= 0: + raise Exception("stack size is invalid", stack_size) + + +def check_ta_config_heap_size(heap_size): + + if int(heap_size, 10) > 0xffffffff or int(heap_size, 10) <= 0: + raise Exception("heap size is invalid", heap_size) + + +def check_ta_config_rpmb_size(rpmb_size): + + if int(rpmb_size, 10) > 0xffffffff or int(rpmb_size, 10) <= 0: + raise Exception("rpmb size is invalid", rpmb_size) + + +def check_ta_config_device_id(device_id): + + if len(device_id) != 64: + raise Exception("device_id len is invalid", device_id) + + for sym in device_id: + if sym >= 'A' and sym <= 'Z': + continue + elif sym >= '0' and sym <= '9': + continue + else: + raise RuntimeError("has invalid sym in device_id", sym, device_id) + + +def dyn_perm_check(dyn_key, attrib, value, origin_value): + + if dyn_key == 'drv_perm/drv_basic_info/thread_limit': + check_thread_limit(value) + elif dyn_key == 'drv_perm/drv_basic_info/upgrade': + check_upgrade(value) + elif dyn_key == 'drv_perm/drv_basic_info/virt2phys': + check_virt2phys(value) + elif dyn_key == 'drv_perm/drv_basic_info/exception_mode': + check_exception_mode(value) + elif dyn_key == 'drv_perm/drv_io_map/item/chip_type': + check_chip_type(attrib, value) + elif dyn_key == 'drv_perm/drv_io_map/item/iomap': + check_iomap_range(value) + elif dyn_key == 'drv_perm/irq/item/irq': + check_irq(value) + elif dyn_key == 'drv_perm/map_secure/item/chip_type': + check_chip_type(attrib, value) + elif dyn_key == 'drv_perm/map_secure/item/uuid': + check_map_secure_uuid(attrib, value) + return + elif dyn_key == 'drv_perm/map_secure/item/region': + check_map_secure_region(attrib, value) + elif dyn_key == 'drv_perm/map_nosecure/item/chip_type': + check_chip_type(attrib, value) + elif dyn_key == 'drv_perm/map_nosecure/item/uuid': + # uuid has been checked in classify_uuid() + return + elif dyn_key == 'drv_perm/drv_cmd_perm_info/item/cmd': + # cmd has been trans by csv, so it must be valied + check_drv_cmd_perm_info_item_cmd(attrib, dyn_key) + check_cmd_unique(value, origin_value) + return + elif dyn_key == 'drv_perm/drv_cmd_perm_info/item/permission': + check_drv_cmd_perm_info_item_permission(attrib, value) + check_permssion_unique(value, origin_value) + elif dyn_key == 'drv_perm/drv_mac_info/item/uuid': + # uuid has been checked in classify_uuid() + check_mac_info_item_uuid(attrib, dyn_key) + return + elif dyn_key == 'drv_perm/drv_mac_info/item/permission': + check_mac_info_item_permission(attrib, value) + check_permssion_unique(value, origin_value) + elif dyn_key == 'drvcall_conf/drvcall_perm_apply/item/permission': + check_perm_apply_item(attrib, value) + check_permssion_unique(value, origin_value) + elif dyn_key == 'ConfigInfo/TA_Basic_Info/service_name/service_name': + check_ta_config_service_name(value) + elif dyn_key == 'ConfigInfo/TA_Basic_Info/uuid/uuid': + classify_uuid_list(value) + elif dyn_key == 'ConfigInfo/TA_Manifest_Info/stack_size/stack_size': + check_ta_config_stack_size(value) + elif dyn_key == 'ConfigInfo/TA_Manifest_Info/heap_size/heap_size': + check_ta_config_heap_size(value) + elif dyn_key == 'ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/RPMB_size': + check_ta_config_rpmb_size(value) + elif dyn_key == \ + 'ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/DEBUG_device_id': + check_ta_config_device_id(value) + else: + return + + +def check_text_ava(old_item, text): + + if text is None or len(text.strip()) == 0: + raise Exception("text is invalied", old_item) + + +ta_config_item_list = [ + 'ConfigInfo/TA_Basic_Info/service_name/', + 'ConfigInfo/TA_Basic_Info/uuid/', + 'ConfigInfo/TA_Manifest_Info/instance_keep_alive/', + 'ConfigInfo/TA_Manifest_Info/stack_size/', + 'ConfigInfo/TA_Manifest_Info/heap_size/', + 'ConfigInfo/TA_Manifest_Info/multi_command/', + 'ConfigInfo/TA_Manifest_Info/multi_session/', + 'ConfigInfo/TA_Manifest_Info/single_instance/', + 'ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/', + 'ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/RPMB_general/', + 'ConfigInfo/TA_Control_Info/SE_Info/SE_open_session/', + 'ConfigInfo/TA_Control_Info/TUI_Info/TUI_general/', + 'ConfigInfo/TA_Control_Info/DEBUG_Info/debug_status/', + 'ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/'] + + +def check_ta_config(old_item, text): + + if old_item in ta_config_item_list: + check_text_ava(old_item, text) + + return True diff --git a/build/signtools/dyn_conf_parser.py b/build/signtools/dyn_conf_parser.py new file mode 100644 index 0000000..7ecb7f6 --- /dev/null +++ b/build/signtools/dyn_conf_parser.py @@ -0,0 +1,315 @@ +#!/usr/bin/env python3 +# coding=utf-8 +#---------------------------------------------------------------------------- +# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. +# Licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan +# PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY +# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +# tools for generating a trusted application dyn perm parser +#---------------------------------------------------------------------------- + +import string +import os +import stat +import logging +from defusedxml import ElementTree as ET +from dyn_conf_checker import dyn_perm_check +from dyn_conf_checker import check_and_classify_attr +from dyn_conf_checker import check_csv_sym +from dyn_conf_checker import check_ta_config + + +type_trans = {"TYPE_NONE": "-1", + "TYPE_CLASS": "0", + "TYPE_BOOL": "1", + "TYPE_INT": "2", + "TYPE_CHAR": "3"} + +# the length len in tlv +DYN_CONF_LEN_LEN = 4 + +tag_dict = {} +type_dict = {} +trans_dict = {} + + +def get_csv_size(path): + + with open(path, "r", encoding="utf-8") as csvfile: + lines = csvfile.readlines() + return len(lines) + return 0 + + +def get_csv_data(path, lnum, rnum): + + with open(path, "r", encoding="utf-8") as csvfile: + count = 0 + lines = csvfile.readlines() + for line in lines: + if count == lnum: + return str(line.split(",")[rnum]).strip() + count = count + 1 + return "" + + +def classify_tag(tag): + + while len(tag) < 3: + tag = "0%s" % (tag) + + return tag + + +# save tag type and trans dict +def handle_tag_dict(path): + + for i in range(0, get_csv_size(path)): + dyn_sym = get_csv_data(path, i, 0) + tag_dict[dyn_sym] = classify_tag(get_csv_data(path, i, 1)) + type_dict[dyn_sym] = type_trans.get(get_csv_data(path, i, 2)) + trans_dict[dyn_sym] = get_csv_data(path, i, 3) + + +def check_target_data_been_found(sym, find_out, path): + + if find_out == 1: + raise RuntimeError(sym + " can only set one time in " + path) + + +# trans value sym by trans dict +def handle_trans(value, path): + + datas = value.split("|") + + for i, data in enumerate(datas): + find_out = 0 + target_data = data + for j in range(0, get_csv_size(path)): + sym = get_csv_data(path, j, 0) + tag = get_csv_data(path, j, 1) + check_csv_sym(sym) + check_csv_sym(tag) + if sym == target_data: + # if one sym has been set more than one time in csv + check_target_data_been_found(sym, find_out, path) + datas[i] = tag + find_out = 1 # means we find sym in dict + + if find_out == 0: + raise RuntimeError("cannot find {} in {}".format(datas[i], path)) + + ans = datas[0] + for i in range(1, len(datas)): + ans = "%s|%s" % (ans, datas[i]) + + return ans + + +def get_value_by_name_in_config(config_name, in_path): + + config_file = os.path.join(in_path, config_name) + if not os.path.exists(config_file): + logging.error("configs.xml file doesn't exist") + return "" + xml_tree = ET.parse(config_file) + drv_perm = xml_tree.find('./TA_Basic_Info/service_name') + return drv_perm.text + + +def get_value_by_name_in_manifest(manifest_name, in_path): + + manifest = os.path.join(in_path, "manifest.txt") + if not os.path.exists(manifest): + name = get_value_by_name_in_config("configs.xml", in_path) + if name != "": + return name + else: + with open(manifest, 'r') as mani_fp: + for each_line in mani_fp: + if each_line.startswith("#") or not each_line.strip(): + continue + name = each_line.split(":")[0].strip() + if "{" + name + "}" == manifest_name: + return str(each_line.split(":")[1].strip()) + + raise RuntimeError("{" + manifest_name + "}" + \ + "cannot find in " + manifest) + + +def get_value_trans(old_item, value, attrib, key, in_path): + + # if name contains '.csv' means + # we can transform value by {manifest_name}.csv + # manifest_name must in manifest.txt + if ".csv" in trans_dict.get(key): + manifest_name = trans_dict.get(key).split(".csv")[0] + manifest_value = get_value_by_name_in_manifest(manifest_name, in_path) + trans_file_path = os.path.join(in_path, "{}.csv".format(manifest_value)) + return handle_trans(value, trans_file_path) + # if name not contains '.csv' means + # we can transform value by {attrib[attri]}.csv + # attrib[attri] must in xml file + for attri in attrib: + if old_item + attri == trans_dict.get(key): + if len(attrib[attri]) == 0: + raise RuntimeError("you should set drv name while \ + you set drv permission") + trans_file_path = os.path.join(in_path, "{}.csv".format(attrib[attri])) + return handle_trans(value, trans_file_path) + + raise RuntimeError("cannot find second trans file",\ + key, trans_dict.get(key)) + + +def item_zip(old_item, attr, value, attrib, in_path): + + dyn_key = old_item + attr + dyn_type = type_dict.get(dyn_key) + origin_value = value + + if len(trans_dict.get(dyn_key)) > 0: + value = get_value_trans(old_item, value, attrib, dyn_key, in_path) + + # check the xml is invalid for dyn perm + dyn_perm_check(dyn_key, attrib, value, origin_value) + + if dyn_type == type_trans.get("TYPE_BOOL"): + if value.lower() == "true": + return "1" + elif value.lower() == "false": + return "0" + else: + raise Exception("bool can only be true or false") + elif dyn_type == type_trans.get("TYPE_INT"): + if '0x' in value: + return str(int(value, base=16)) + elif '0b' in value: + return str(int(value, base=2)) + else: + return str(int(value, base=10)) + elif dyn_type == type_trans.get("TYPE_CHAR"): + return value + else: + raise RuntimeError("unknown type") + + +def get_length(value): + + length = len(value) + off = int((DYN_CONF_LEN_LEN / 2 - 1) * 8) + ans = "" + + for _ in range(int(DYN_CONF_LEN_LEN / 2)): + tmp = "" + dyn_len = (length >> off) & 0xFF; + if dyn_len >= 0 and dyn_len <= 0xF: + tmp = "0" + tmp += str(hex(dyn_len)).split("x")[1] + ans += tmp + off -= 8 + + return ans + + +def do_parser_dyn_conf(old_item, ele, in_path): + + attrs = "" + if len(ele.attrib) > 0: + for attr in ele.attrib: + ele.attrib[attr] = check_and_classify_attr(old_item,\ + attr, ele.attrib.get(attr)) + tag = tag_dict.get(old_item + attr) + dyn_type = type_dict.get(old_item + attr) + if dyn_type == type_trans.get("TYPE_NONE"): + continue + + value = item_zip(old_item, attr, ele.attrib[attr], + ele.attrib, in_path) + length = get_length(value) + attrs = attrs + tag + dyn_type + length + value + else: + for child in ele: + tmp_attrs = do_parser_dyn_conf(old_item + child.tag + "/", + child, in_path) + if tmp_attrs == "": + continue + attrs = attrs + tmp_attrs + + # handle inner context + if check_ta_config(old_item, ele.text) is True and \ + ele.text is not None and len(ele.text.strip()) > 0: + inner_text = item_zip(old_item + ele.tag, "", ele.text, {}, in_path) + attrs = attrs + tag_dict.get(old_item + ele.tag) + \ + type_dict.get(old_item + ele.tag) + \ + get_length(inner_text) + inner_text + + if len(tag_dict.get(old_item)) == 0 or attrs == "": + return "" + + return tag_dict.get(old_item) + type_dict.get(old_item) + \ + get_length(attrs) + attrs + + +def parser_dyn_conf(dyn_conf_xml_file_path, manifest_ext_path, + tag_parse_dict_path, in_path): + + if not os.path.exists(dyn_conf_xml_file_path): + logging.error("dyn perm xml file doesn't exist") + return + + if not os.path.exists(tag_parse_dict_path): + logging.error("tag_parse_dict.csv file doesn't exist") + return + + handle_tag_dict(tag_parse_dict_path) + tree = ET.parse(dyn_conf_xml_file_path) + root = tree.getroot() + + ans = do_parser_dyn_conf(root.tag + "/", root, in_path) + if ans == "": + ans = "00000" + + ans = "gpd.ta.dynConf:" + ans + "\n" + + if not os.path.exists(manifest_ext_path): + out_tlv = os.path.join(in_path, "config_tlv") + with os.fdopen(os.open(out_tlv, \ + os.O_RDWR | os.O_TRUNC | os.O_CREAT, \ + stat.S_IWUSR | stat.S_IRUSR), 'w+') as conf: + conf.write(ans) + else: + #write items to mani_ext + manifest_ext_path_fd = os.open(manifest_ext_path, os.O_RDWR, 0o600) + with os.fdopen(manifest_ext_path_fd, 'a+') as mani_ext_fp: + mani_ext_fp.write(ans) + + +def parser_config_xml(config_xml_file_path, tag_parse_dict_path, \ + out_path, in_path): + + if not os.path.exists(config_xml_file_path): + logging.error("config xml file doesn't exist") + return + if not os.path.exists(tag_parse_dict_path): + logging.error("tag_parse_dict.csv file doesn't exist") + return + + handle_tag_dict(tag_parse_dict_path) + tree = ET.parse(config_xml_file_path) + root = tree.getroot() + + ans = do_parser_dyn_conf(root.tag + "/", root, in_path) + if ans == "": + ans = "00000" + + # write items to mani_ext + config_path_fd = os.open(out_path, os.O_CREAT | os.O_RDWR, 0o600) + with os.fdopen(config_path_fd, 'a+') as config_fp: + config_fp.write(ans) diff --git a/build/signtools/generate_hash.py b/build/signtools/generate_hash.py new file mode 100644 index 0000000..fd90a01 --- /dev/null +++ b/build/signtools/generate_hash.py @@ -0,0 +1,51 @@ +#!/usr/bin/env python +# coding=utf-8 +#---------------------------------------------------------------------------- +# Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved. +# Licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan +# PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY +# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +# Description: cal hash for generating a trusted application load image +#---------------------------------------------------------------------------- + +import struct +import os +import hashlib +import stat + +HASH256 = 0 +HASH512 = 1 + + +def gen_hash(hash_type, in_data, out_file_path): + # Initialize a SHA256 object from the Python hash library + if int(hash_type) == HASH256: + hash_op = hashlib.sha256() + elif int(hash_type) == HASH512: + hash_op = hashlib.sha512() + hash_op.update(in_data) + + #-----hash file used for ras sign--- + fd_hash = os.open(out_file_path, os.O_WRONLY | os.O_CREAT, \ + stat.S_IWUSR | stat.S_IRUSR) + hash_fp = os.fdopen(fd_hash, "wb") + # fixed hash prefix value + if int(hash_type) == HASH256: + hash_fp.write(struct.pack('B' * 19, 0x30, 0x31, 0x30, 0x0d, 0x06, \ + 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, \ + 0x05, 0x00, 0x04, 0x20)) + elif int(hash_type) == HASH512: + hash_fp.write(struct.pack('B' * 19, 0x30, 0x51, 0x30, 0x0d, 0x06, \ + 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, \ + 0x05, 0x00, 0x04, 0x40)) + hash_fp.write(hash_op.digest()) + hash_fp.close() + return + + diff --git a/build/signtools/generate_signature.py b/build/signtools/generate_signature.py index 382aa91..95657e8 100644 --- a/build/signtools/generate_signature.py +++ b/build/signtools/generate_signature.py @@ -1,8 +1,8 @@ #!/usr/bin/env python -# coding:utf-8 +# coding=utf-8 #---------------------------------------------------------------------------- # Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved. -# iTrustee licensed under the Mulan PSL v2. +# Licensed under the Mulan PSL v2. # You can use this software according to the terms and conditions of the Mulan # PSL v2. # You may obtain a copy of Mulan PSL v2 at: @@ -11,44 +11,47 @@ # KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO # NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. # See the Mulan PSL v2 for more details. +# Description: tools for generating a trusted application load image #---------------------------------------------------------------------------- -import struct import os -import hashlib +import stat import subprocess +import logging -HASH256 = 0 -HASH512 = 1 +from generate_hash import gen_hash -def gen_hash(hash_type, in_file_path, out_file_path): - in_file_size = os.path.getsize(in_file_path) - # Initialize a SHA256 object from the Python hash library - if int(hash_type) == HASH256: - hash_op = hashlib.sha256() - elif int(hash_type) == HASH512: - hash_op = hashlib.sha512() - # Set the input buffer and return the output digest - with open(in_file_path, 'rb') as in_file: - hash_op.update(in_file.read(in_file_size)) - #-----hash file used for ras sign--- - with open(out_file_path, 'wb') as hash_fp: - # fixed hash prefix value - hash_fp.write(struct.pack('B'*19, 0x30, 0x31, 0x30, 0x0d, 0x06, \ - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, \ - 0x05, 0x00, 0x04, 0x20)) - hash_fp.write(hash_op.digest()) - return +def gen_ta_signature(cfg, uuid_str, raw_data, raw_data_path, hash_file_path, \ + out_file_path, out_path, key_info_data, is_big_ending): + msg_file = os.path.join(out_path, "temp", "config_msg") + fd_msg = os.open(msg_file, os.O_WRONLY | os.O_CREAT, \ + stat.S_IWUSR | stat.S_IRUSR) + msg_file_fp = os.fdopen(fd_msg, "wb") + msg_file_fp.write(raw_data) + msg_file_fp.close() + if cfg.sign_type == '1': # signed with local key + if cfg.padding_type == '0': + gen_hash(cfg.hash_type, raw_data, hash_file_path) + cmd = "openssl pkeyutl -sign -inkey {} -in {} -out {}".\ + format(cfg.sign_key, hash_file_path, out_file_path) + elif cfg.padding_type == '1': + if cfg.hash_type == '0': + cmd = "openssl dgst -sign {} -sha256 -sigopt \ + rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 \ + -out {} {}".format(cfg.sign_key, out_file_path, msg_file) + else: + cmd = "openssl dgst -sign {} -sha512 -sigopt \ + rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 \ + -out {} {}".format(cfg.sign_key, out_file_path, msg_file) + try: + subprocess.check_output(cmd.split(), shell=False) + except Exception: + logging.error("sign operation failed") + raise RuntimeError + else: + logging.error("unhandled signtype %s", cfg.sign_type) -def gen_ta_signature(cfg, uuid_str, raw_data_path, hash_file_path, out_file_path): - gen_hash(cfg.hash_type, raw_data_path, hash_file_path) - cmd = "openssl rsautl -sign -inkey {} -in {} -out {}".\ - format(cfg.sign_key, hash_file_path, out_file_path) - try: - subprocess.check_output(cmd.split(), shell=False) - except Exception: - print("sign operation failed") - raise RuntimeError return + diff --git a/build/signtools/get_ta_elf_hash.py b/build/signtools/get_ta_elf_hash.py new file mode 100644 index 0000000..89443e0 --- /dev/null +++ b/build/signtools/get_ta_elf_hash.py @@ -0,0 +1,246 @@ +#!/usr/bin/env python3 +# coding=utf-8 +#---------------------------------------------------------------------------- +# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. +# Licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan +# PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY +# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +# Calculate the elfhash values of TAs by segment and combine the values. +#---------------------------------------------------------------------------- + +""" +calculate the elfhash values of TA +""" + +from __future__ import print_function +import os +import sys +import hashlib +import struct +import logging + + +def elf_header_verify_check(elf_header): + """ check is elf file """ + elfinfo_mag0_index = 0 + elfinfo_mag1_index = 1 + elfinfo_mag2_index = 2 + elfinfo_mag3_index = 3 + elfinfo_mag0 = '\x7f' + elfinfo_mag1 = 'E' + elfinfo_mag2 = 'L' + elfinfo_mag3 = 'F' + + if (elf_header.e_ident[elfinfo_mag0_index] != ord(elfinfo_mag0)) or \ + (elf_header.e_ident[elfinfo_mag1_index] != ord(elfinfo_mag1)) or \ + (elf_header.e_ident[elfinfo_mag2_index] != ord(elfinfo_mag2)) or \ + (elf_header.e_ident[elfinfo_mag3_index] != ord(elfinfo_mag3)): + return False + return True + + +class ElfIdent: + """ define elf ident """ + s = struct.Struct('4sBBB9s') + + def __init__(self, data): + unpacked_data = (ElfIdent.s).unpack(data) + self.unpacked_data = unpacked_data + self.ei_magic = unpacked_data[0] + self.ei_class = unpacked_data[1] + self.ei_data = unpacked_data[2] + self.ei_ver = unpacked_data[3] + self.ei_pad = unpacked_data[4] + + +#---------------------------------------------------------------------------- +# ELF Header Class +#---------------------------------------------------------------------------- +class Elf32Ehdr: + """ 32bit elf file header """ + s = struct.Struct('16sHHIIIIIHHHHHH') + + def __init__(self, data): + unpacked_data = (Elf32Ehdr.s).unpack(data) + self.unpacked_data = unpacked_data + self.e_ident = unpacked_data[0] + self.e_type = unpacked_data[1] + self.e_machine = unpacked_data[2] + self.e_version = unpacked_data[3] + self.e_entry = unpacked_data[4] + self.e_phoff = unpacked_data[5] + self.e_shoff = unpacked_data[6] + self.e_flags = unpacked_data[7] + self.e_ehsize = unpacked_data[8] + self.e_phentsize = unpacked_data[9] + self.e_phnum = unpacked_data[10] + self.e_shentsize = unpacked_data[11] + self.e_shnum = unpacked_data[12] + self.e_shstrndx = unpacked_data[13] + + +class Elf64Ehdr: + """ 64bit elf file header """ + s = struct.Struct('16sHHIQQQIHHHHHH') + + def __init__(self, data): + unpacked_data = (Elf64Ehdr.s).unpack(data) + self.unpacked_data = unpacked_data + self.e_ident = unpacked_data[0] + self.e_type = unpacked_data[1] + self.e_machine = unpacked_data[2] + self.e_version = unpacked_data[3] + self.e_entry = unpacked_data[4] + self.e_phoff = unpacked_data[5] + self.e_shoff = unpacked_data[6] + self.e_flags = unpacked_data[7] + self.e_ehsize = unpacked_data[8] + self.e_phentsize = unpacked_data[9] + self.e_phnum = unpacked_data[10] + self.e_shentsize = unpacked_data[11] + self.e_shnum = unpacked_data[12] + self.e_shstrndx = unpacked_data[13] + + +#---------------------------------------------------------------------------- +# ELF Header Class +#---------------------------------------------------------------------------- +class Elf32Phdr: + """ 32bit elf file Phdr """ + s = struct.Struct('IIIIIIII') + + def __init__(self, data): + unpacked_data = (Elf32Phdr.s).unpack(data) + self.unpacked_data = unpacked_data + self.p_type = unpacked_data[0] + self.p_offset = unpacked_data[1] + self.p_vaddr = unpacked_data[2] + self.p_paddr = unpacked_data[3] + self.p_filesz = unpacked_data[4] + self.p_memsz = unpacked_data[5] + self.p_flags = unpacked_data[6] + self.p_align = unpacked_data[7] + + +class Elf64Phdr: + """ 64bit elf file Phdr """ + s = struct.Struct('IIQQQQQQ') + + def __init__(self, data): + unpacked_data = (Elf64Phdr.s).unpack(data) + self.unpacked_data = unpacked_data + self.p_type = unpacked_data[0] + self.p_flags = unpacked_data[1] + self.p_offset = unpacked_data[2] + self.p_vaddr = unpacked_data[3] + self.p_paddr = unpacked_data[4] + self.p_filesz = unpacked_data[5] + self.p_memsz = unpacked_data[6] + self.p_align = unpacked_data[7] + + +#---------------------------------------------------------------------------- +# generate hash use SHA256 +#---------------------------------------------------------------------------- +def generate_sha256_hash_hex(in_buf): + """ initialize a SHA256 object from the Python hash library """ + m = hashlib.sha256() + # Set the input buffer and return the output digest + m.update(in_buf) + return m.hexdigest() + + +def get_elf_file_hash(file_name): + """ get elf file hash """ + with open(file_name, 'rb') as elf_file_fp: + elf_buf = elf_file_fp.read() + return generate_sha256_hash_hex(elf_buf) + + +class ElfInfo: + """ elf info message """ + + def __init__(self): + self.elf32_phdr_size = 32 + self.elf64_phdr_size = 56 + self.elf_ident_size = 16 + self.elf64_hdr_size = 64 + self.elf32_hdr_size = 52 + self.elfinfo_class_32 = 1 + self.elfinfo_class_64 = 2 + self.load_type = 0x1 + self.write_flag = 0x2 + self.exec_flag = 0x1 + + +def get_code_segment_from_elf(elf_file_name, out_hash_file_name, sign_data): + """ verify ELF header information """ + hash_value_summary = "" + elf_info = ElfInfo() + + with open(elf_file_name, 'rb') as elf_fp: + elf_ident_buf = elf_fp.read(elf_info.elf_ident_size) + elf_ident = ElfIdent(elf_ident_buf) + elf_fp.seek(0) + if elf_ident.ei_class == elf_info.elfinfo_class_64: + elf_hd_buf = elf_fp.read(elf_info.elf64_hdr_size) + elf_header = Elf64Ehdr(elf_hd_buf) + elif elf_ident.ei_class == elf_info.elfinfo_class_32: + elf_hd_buf = elf_fp.read(elf_info.elf32_hdr_size) + elf_header = Elf32Ehdr(elf_hd_buf) + else: + logging.error("No Support ELFINFO_CLASS") + + if elf_header_verify_check(elf_header) is False: + logging.error("ELF file failed verification: %s", elf_file_name) + + for i_phd in range(0, elf_header.e_phnum): + if elf_ident.ei_class == elf_info.elfinfo_class_64: + elf_phd_header = Elf64Phdr(elf_fp.read(elf_info.elf64_phdr_size)) + elif elf_ident.ei_class == elf_info.elfinfo_class_32: + elf_phd_header = Elf32Phdr(elf_fp.read(elf_info.elf32_phdr_size)) + else: + logging.error("No Support ELFINFO_CLASS") + + if (elf_phd_header.p_type != elf_info.load_type) or \ + (elf_phd_header.p_flags & elf_info.exec_flag != elf_info.exec_flag) or \ + (elf_phd_header.p_flags & elf_info.write_flag == elf_info.write_flag): + continue + + # get segment buf form elf file + elf_fp.seek(elf_phd_header.p_offset) + elf_segment_buf = elf_fp.read(elf_phd_header.p_memsz) + + # buf 4k alignment + if len(elf_segment_buf) % 4096 != 0: + alignment_len = (len(elf_segment_buf) // 4096 + 1) * 4096 + elf_segment_buf = elf_segment_buf.ljust(alignment_len, b'\0') + # get hash from segment buf + hash_value_summary = hash_value_summary + generate_sha256_hash_hex(elf_segment_buf) + + # move the read pointer of the file to the original position. + if elf_ident.ei_class == elf_info.elfinfo_class_64: + elf_fp.seek((i_phd + 1) * elf_info.elf64_phdr_size + elf_info.elf64_hdr_size) + elif elf_ident.ei_class == elf_info.elfinfo_class_32: + elf_fp.seek((i_phd + 1) * elf_info.elf32_phdr_size + elf_info.elf32_hdr_size) + + elf_fp.seek(0) + with os.fdopen(os.open('hash_{}.txt'.format(out_hash_file_name), os.O_RDWR | os.O_CREAT, 0o755), \ + "w+", 0o755) as file_ob: + file_ob.write("mem_hash : {}\n".format(generate_sha256_hash_hex(bytes.fromhex(hash_value_summary)))) + file_ob.write("img_hash : {}".format(generate_sha256_hash_hex(sign_data))) + + +def main(): + """ main function """ + get_code_segment_from_elf(sys.argv[1], "test", sys.argv[3]) + + +if __name__ == '__main__': + main() diff --git a/build/signtools/manifest.py b/build/signtools/manifest.py index 6468190..bd6bf90 100755 --- a/build/signtools/manifest.py +++ b/build/signtools/manifest.py @@ -1,8 +1,8 @@ #!/usr/bin/env python -# coding:utf-8 +# coding=utf-8 #---------------------------------------------------------------------------- # Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. -# iTrustee licensed under the Mulan PSL v2. +# Licensed under the Mulan PSL v2. # You can use this software according to the terms and conditions of the Mulan # PSL v2. # You may obtain a copy of Mulan PSL v2 at: @@ -11,33 +11,42 @@ # KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO # NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. # See the Mulan PSL v2 for more details. +# Description: tools for generating a trusted application load image #---------------------------------------------------------------------------- import string import struct import uuid import os +import re +import stat +import logging -PRODUCT_TA_IMAGE = 1 -PRODUCT_DYN_LIB = 2 -PRODUCT_SERVICE_IMAGE = 3 + +PRODUCT_TA_IMAGE = 1 +PRODUCT_DYN_LIB = 2 +PRODUCT_SERVICE_IMAGE = 3 +PRODUCT_CLIENT_IMAGE = 4 +PRODUCT_DRIVER_IMAGE = 5 class PackUuid: # Structure object to align and package the TEE_UUID data = struct.Struct('IHH8b') - def __init__(self, data): - unpacked_data = (PackUuid.data).unpack(str.encode(data)) - self.unpacked_data = unpacked_data - self.time_low = unpacked_data[0] - self.time_mid = unpacked_data[1] + def __init__(self, data, big_endian=False): + unpacked_data = (PackUuid.data).unpack(str.encode(data)) + self.unpacked_data = unpacked_data + self.time_low = unpacked_data[0] + self.time_mid = unpacked_data[1] self.time_hi_version = unpacked_data[2] - self.clock_seq_node = unpacked_data[3] + self.clock_seq_node = unpacked_data[3] + if big_endian: + PackUuid.data = struct.Struct('>IHH8b') def print_values(self): - print("ATTRIBUTE / VALUE") + logging.critical("ATTRIBUTE / VALUE") for attr, value in self.__dict__.items(): - print(attr, value) + logging.critical(attr, value) def get_pack_data(self): values = [self.time_low, @@ -57,20 +66,22 @@ class Manifest: # Structure object to align and package the Manifest data = struct.Struct('I' * 6) - def __init__(self, data): - unpacked_data = (Manifest.data).unpack(str.encode(data)) - self.unpacked_data = unpacked_data + def __init__(self, data, big_endian=False): + unpacked_data = (Manifest.data).unpack(str.encode(data)) + self.unpacked_data = unpacked_data self.single_instance = unpacked_data[0] - self.multi_session = unpacked_data[1] - self.multi_command = unpacked_data[2] - self.heap_size = unpacked_data[3] - self.stack_size = unpacked_data[4] + self.multi_session = unpacked_data[1] + self.multi_command = unpacked_data[2] + self.heap_size = unpacked_data[3] + self.stack_size = unpacked_data[4] self.instancekeepalive = unpacked_data[5] + if big_endian: + Manifest.data = struct.Struct('>' + 'I' * 6) def print_values(self): - print("ATTRIBUTE / VALUE") + logging.critical("ATTRIBUTE / VALUE") for attr, value in self.__dict__.items(): - print(attr, value) + logging.critical(attr, value) def get_pack_data(self): values = [self.single_instance, @@ -88,20 +99,20 @@ class Manifest: # verify property name in manifest file #---------------------------------------------------------------------------- def verify_property_name(str_line): - print('verify property name') + logging.critical("verify property name") alphas = string.ascii_letters + string.digits cont = "".join([alphas, '-', '_', '.']) if len(str_line) > 1: if str_line[0] not in alphas: - print('invalid first letter in property name') + logging.error("invalid first letter in property name") return False else: for otherchar in str_line[1:]: if otherchar not in cont: - print('invalid char in property name') + logging.error("invalid char in property name") return False else: - print('invalid property name') + logging.error("invalid property name") return False return True @@ -111,11 +122,11 @@ def verify_property_name(str_line): # verify property value in manifest file #---------------------------------------------------------------------------- def verify_property_value(str_line): - print('verify property value') + logging.critical("verify property value") filt_letter = chr(0) + chr(10) + chr(13) for thechar in str_line: if thechar in filt_letter: - print('invalid letter in prop value') + logging.error("invalid letter in prop value") return False return True @@ -124,12 +135,11 @@ def verify_property_value(str_line): # remove tabs and space in property value #---------------------------------------------------------------------------- def trailing_space_tabs(str_line): - print('trailing space tabs in value head and trail') + logging.critical("trailing space tabs in value head and trail") space_tabs = chr(9) + chr(32) + chr(160) space_tabs_newlines = space_tabs + chr(10) + chr(13) - print('tab: {}'.format(space_tabs)) - print('str in: {}'.format(str_line)) + logging.critical("str in: %s", str_line) index = 0 for thechar in str_line: if thechar in space_tabs: @@ -148,8 +158,8 @@ def trailing_space_tabs(str_line): else: break - str_ret = headvalue[0:strlen+1] + chr(10) - print('str ret: {}'.format(str_ret)) + str_ret = headvalue[0:strlen + 1] + chr(10) + logging.critical("str ret: %s", str_ret) return str_ret @@ -157,14 +167,14 @@ def trailing_space_tabs(str_line): #---------------------------------------------------------------------------- # verify manifest file, parse manifest file, generate a new manfiest file #---------------------------------------------------------------------------- -def parser_manifest(manifest, manifest_data_path, mani_ext): - print('verify manifest') +def parser_manifest(manifest, manifest_data_path, mani_ext, big_endian=False): + logging.critical("verify manifest") target_type = PRODUCT_TA_IMAGE - uuid_val = PackUuid('\0' * 16) + uuid_val = PackUuid('\0' * 16, big_endian) #manifest default - manifest_val = Manifest('\0'*24) + manifest_val = Manifest('\0' * 24, big_endian) manifest_val.single_instance = 1 manifest_val.multi_session = 0 @@ -174,40 +184,46 @@ def parser_manifest(manifest, manifest_data_path, mani_ext): manifest_val.stack_size = 2048 service_name = 'external_service' + dyn_conf_target_type = 0 - with open(manifest, 'r') as mani_fp, open(mani_ext, 'wb') as mani_ext_fp: + with open(manifest, 'r') as mani_fp: + fd_ext = os.open(mani_ext, os.O_WRONLY | os.O_CREAT, \ + stat.S_IWUSR | stat.S_IRUSR) + mani_ext_fp = os.fdopen(fd_ext, "wb") for each_line in mani_fp: - print(each_line) - if each_line.startswith("#") or not len(each_line.strip()): + logging.critical(each_line) + if each_line.startswith("#") or not each_line.strip(): continue index = each_line.find(':', 1, len(each_line)) prop_name = each_line[0:index] - prop_name_t = each_line[0:index+1] - prop_value_t = each_line[index+1:] - print('name is: {}; value is: {}'.format(prop_name, prop_value_t)) + prop_name_t = each_line[0:index + 1] + prop_value_t = each_line[index + 1:] + logging.critical("name is: %s; value is: %s", prop_name, prop_value_t) prop_value = trailing_space_tabs(prop_value_t) prop_len = len(prop_value) - prop_value_v = prop_value[0:prop_len-1] - print('prop value_v: {}'.format(prop_value_v)) + prop_value_v = prop_value[0:prop_len - 1] + logging.critical("prop value_v: %s", prop_value_v) if verify_property_name(prop_name) is False: - print('manifest format invalid, please check it') - return (False, 0) + logging.error("manifest format invalid, please check it") + mani_ext_fp.close() + return (False, 0, 0) if verify_property_value(prop_value_v) is False: - print('manifest format invalid, please check it') - return (False, 0) + logging.error("manifest format invalid, please check it") + mani_ext_fp.close() + return (False, 0, 0) # name:value to lowcase, and parse manifest prop_name_low = prop_name.lower() - print("name lower: {}".format(prop_name_low)) + logging.critical("name lower: %s", prop_name_low) if 'gpd.ta.appid' == prop_name_low: - print("compare name is srv id") + logging.critical("compare name is srv id") uuid_val = uuid.UUID(prop_value_v) - print('uuid str {}'.format(uuid_val)) - print('val fields {}'.format(uuid_val.fields)) + logging.critical("uuid str %s", uuid_val) + logging.critical("val fields %s", uuid_val.fields) elif 'gpd.ta.singleinstance' == prop_name_low: prop_value_low = prop_value_v.lower() @@ -216,7 +232,7 @@ def parser_manifest(manifest, manifest_data_path, mani_ext): elif 'false' == prop_value_low: manifest_val.single_instance = 0 else: - print('single_instance value error!') + logging.error("single_instance value error!") elif 'gpd.ta.multisession' == prop_name_low: prop_value_low = prop_value_v.lower() @@ -225,7 +241,7 @@ def parser_manifest(manifest, manifest_data_path, mani_ext): elif 'false' == prop_value_low: manifest_val.multi_session = 0 else: - print('multi_session value error!') + logging.error("multi_session value error!") elif 'gpd.ta.multicommand' == prop_name_low: prop_value_low = prop_value_v.lower() @@ -234,7 +250,7 @@ def parser_manifest(manifest, manifest_data_path, mani_ext): elif 'false' == prop_value_low: manifest_val.multi_command = 0 else: - print('multi_command value error!') + logging.error("multi_command value error!") elif 'gpd.ta.instancekeepalive' == prop_name_low: prop_value_low = prop_value_v.lower() @@ -243,77 +259,152 @@ def parser_manifest(manifest, manifest_data_path, mani_ext): elif 'false' == prop_value_low: manifest_val.instancekeepalive = 0 else: - print('instancekeepalive value error!') + logging.error("instancekeepalive value error!") elif 'gpd.ta.datasize' == prop_name_low: manifest_val.heap_size = int(prop_value_v) - print('b') + logging.critical('b') elif 'gpd.ta.stacksize' == prop_name_low: manifest_val.stack_size = int(prop_value_v) - print('b') + logging.critical('b') elif 'gpd.ta.service_name' == prop_name_low: service_name = prop_value_v - print('b') + logging.critical('b') + + elif 'gpd.ta.dynconf' == prop_name_low: + mani_ext_fp.close() + logging.error("gpd.ta.dynConf is reserved, cannot set") + return (False, 0, 0) else: - print('b') + logging.critical('b') #write have not paresed manifest into sample.manifest file mani_ext_fp.write(str.encode(prop_name_t)) mani_ext_fp.write(str.encode(prop_value)) - if 'gpd.ta.is_tee_service' == prop_name_low: - prop_value_low = prop_value_v.lower() - if 'true' == prop_value_low: - target_type = PRODUCT_SERVICE_IMAGE - elif 'gpd.ta.is_lib' == prop_name_low: + if 'gpd.ta.is_lib' == prop_name_low: prop_value_low = prop_value_v.lower() if 'true' == prop_value_low: target_type = PRODUCT_DYN_LIB - + elif 'gpd.ta.target_type' == prop_name_low: + dyn_conf_target_type = int(prop_value_v) + if dyn_conf_target_type > 0xFFFF or \ + dyn_conf_target_type < 0: + mani_ext_fp.close() + logging.error("gpd.ta.target_type must \ + in range [0, 0xFFFF]") + return (False, 0, 0) + + mani_ext_fp.close() #write the whole parsed manifest into sample.manifest file service_name_len = len(service_name) - print('service name: {}'.format(service_name)) - print('service name len: {}'.format(service_name_len)) - if service_name_len > 64: - print("service name len exceed MAX value 27") - raise RuntimeError + logging.critical("service name: %s", service_name) + logging.critical("service name len: %s", service_name_len) + + max_service_len = 64 + + # dyn_conf_target_type is 1 means that is drv + if dyn_conf_target_type == 1: + max_service_len = 32 + target_type = PRODUCT_DRIVER_IMAGE + if not re.match(r"^[A-Za-z0-9_]*$", service_name): + logging.error("drv's name only can use [A-Z] [a-z] [0-9] and '_'") + return (False, 0, 0) + + if dyn_conf_target_type == 3: + max_service_len = 32 + target_type = PRODUCT_SERVICE_IMAGE + if not re.match(r"^[A-Za-z0-9_]*$", service_name): + logging.error("drv's name only can use \ + [A-Z] [a-z] [0-9] and '_'") + return (False, 0, 0) + if dyn_conf_target_type == 4: + max_service_len = 32 + target_type = PRODUCT_CLIENT_IMAGE + if not re.match(r"^[A-Za-z0-9_]*$", service_name): + logging.error("drv's name only can use \ + [A-Z] [a-z] [0-9] and '_'") + return (False, 0, 0) + + if service_name_len > max_service_len: + logging.error("service name len cannot larger than %s", str(max_service_len)) + return (False, 0, 0) # get manifest string file len manifest_str_size = os.path.getsize(mani_ext) - print('manifest str size {}'.format(manifest_str_size)) - + logging.critical('manifest str size %s', manifest_str_size) # 2> manifest + service_name - print("bytes len {}".format(len(uuid_val.bytes_le))) - print("bytes len {}".format(len(manifest_val.get_pack_data()))) - print("bytes len {}".format(len(service_name))) + if big_endian: + logging.critical("bytes len %s", len(uuid_val.bytes)) + else: + logging.critical("bytes len %s", len(uuid_val.bytes_le)) + logging.critical("bytes len %s", len(manifest_val.get_pack_data())) + logging.critical("bytes len %s", len(service_name)) # 3> unparsed manifest, string manifest with open(mani_ext, 'rb') as string_mani_fp: - print("read manifest string size {}".format(manifest_str_size)) + logging.critical("read manifest string size %s", manifest_str_size) manifest_string_buf = string_mani_fp.read(manifest_str_size) - print("manifest strint: {}".format(manifest_string_buf)) + logging.critical("manifest strint: %s", manifest_string_buf) #---- write manifest parse context to manifest file - with open(manifest_data_path, 'wb') as out_manifest_fp: + fd_out = os.open(manifest_data_path, os.O_WRONLY | os.O_CREAT, \ + stat.S_IWUSR | stat.S_IRUSR) + out_manifest_fp = os.fdopen(fd_out, "wb") + if big_endian: + out_manifest_fp.write(uuid_val.bytes) + else: out_manifest_fp.write(uuid_val.bytes_le) - out_manifest_fp.write(str.encode(service_name)) - out_manifest_fp.write(manifest_val.get_pack_data()) + out_manifest_fp.write(str.encode(service_name)) + out_manifest_fp.write(manifest_val.get_pack_data()) + out_manifest_fp.close() + uuid_str = str(uuid_val) product_name = str(uuid_val) if target_type == PRODUCT_TA_IMAGE: - print("product type is ta image") - product_name = "".join([product_name, ".sec"]) + logging.critical("product type is ta image") + product_name = "".join([uuid_str, ".sec"]) + elif target_type == PRODUCT_DRIVER_IMAGE: + logging.critical("product type is driver") + product_name = "".join([service_name, ".sec"]) elif target_type == PRODUCT_SERVICE_IMAGE: - print("product type is service") - product_name = "".join([product_name, service_name, "_svr.sec"]) + logging.critical("product type is service") + product_name = "".join([service_name, ".sec"]) + elif target_type == PRODUCT_CLIENT_IMAGE: + logging.critical("product type is client") + product_name = "".join([service_name, ".so.sec"]) elif target_type == PRODUCT_DYN_LIB: - print("product type is dyn lib") - product_name = "".join([product_name, service_name, ".so.sec"]) + logging.critical("product type is dyn lib") + product_name = "".join([uuid_str, service_name, ".so.sec"]) else: - print("invalid product type!") - raise RuntimeError + logging.error("invalid product type!") + return (False, 0, 0) + + return (True, product_name, uuid_str) + + +class ManifestInfo: + ''' get manifest info ''' + def __init__(self, ret, product_name, uuid_str, manifest_txt_exist): + self.ret = ret + self.product_name = product_name + self.uuid_str = uuid_str + self.manifest_txt_exist = manifest_txt_exist + + +def process_manifest_file(xml_config_path, manifest_path, \ + manifest_data_path, mani_ext, big_endian=False): - return (True, product_name) + manifest_txt_exist = True + if not os.path.exists(manifest_path): + logging.critical("xml trans manifest cfg") + manifest_txt_exist = False + from xml_trans_manifest import trans_xml_to_manifest + trans_xml_to_manifest(xml_config_path, manifest_path) + ret, product_name, uuid_str = parser_manifest(manifest_path, \ + manifest_data_path, mani_ext, big_endian) + manifest_info = ManifestInfo(ret, product_name, uuid_str, manifest_txt_exist) + return manifest_info diff --git a/build/signtools/manifest_tag_parse_dict.csv b/build/signtools/manifest_tag_parse_dict.csv new file mode 100644 index 0000000..e56a82d --- /dev/null +++ b/build/signtools/manifest_tag_parse_dict.csv @@ -0,0 +1,24 @@ +ConfigInfo/,0,TYPE_CLASS, +ConfigInfo/TA_Basic_Info/,1,TYPE_CLASS, +ConfigInfo/TA_Basic_Info/service_name,2,TYPE_CHAR,gpd.ta.service_name +ConfigInfo/TA_Basic_Info/uuid,4,TYPE_CHAR,gpd.ta.appID +ConfigInfo/TA_Manifest_Info/,6,TYPE_CLASS, +ConfigInfo/TA_Manifest_Info/instance_keep_alive,7,TYPE_CHAR,gpd.ta.instanceKeepAlive +ConfigInfo/TA_Manifest_Info/stack_size,9,TYPE_CHAR,gpd.ta.stackSize +ConfigInfo/TA_Manifest_Info/heap_size,11,TYPE_CHAR,gpd.ta.dataSize +ConfigInfo/TA_Manifest_Info/target_type,13,TYPE_CHAR,gpd.ta.target_type +ConfigInfo/TA_Manifest_Info/multi_command,15,TYPE_CHAR,gpd.ta.multicommand +ConfigInfo/TA_Manifest_Info/multi_session,17,TYPE_CHAR,gpd.ta.multiSession +ConfigInfo/TA_Manifest_Info/single_instance,19,TYPE_CHAR,gpd.ta.singleInstance +ConfigInfo/TA_Manifest_Info/sdk_version,21,TYPE_CHAR,gpd.sdk.version +ConfigInfo/TA_Manifest_Info/is_tee_service,23,TYPE_CHAR,gpd.ta.is_tee_service +ConfigInfo/TA_Manifest_Info/is_lib,25,TYPE_CHAR,gpd.ta.is_lib +ConfigInfo/TA_Manifest_Info/objectEnumEnable,27,TYPE_CHAR,gpd.ta.objectEnumEnable +ConfigInfo/TA_Manifest_Info/distribution,29,TYPE_CHAR,gpd.ta.distribution +ConfigInfo/TA_Manifest_Info/target_version,31,TYPE_CHAR,gpd.elf.target_version +ConfigInfo/TA_Manifest_Info/mem_page_align,33,TYPE_CHAR,gpd.ta.mem_page_align +ConfigInfo/TA_Manifest_Info/hardWareType,35,TYPE_CHAR,gpd.ta.hardWareType +ConfigInfo/TA_Manifest_Info/is_need_release_ta_res,37,TYPE_CHAR,gpd.srv.is_need_release_ta_res +ConfigInfo/TA_Manifest_Info/srv_crash_callback,39,TYPE_CHAR,gpd.srv.crash_callback +ConfigInfo/TA_Manifest_Info/srv_is_need_create_msg,41,TYPE_CHAR,gpd.srv.is_need_create_msg +ConfigInfo/TA_Manifest_Info/srv_is_need_release_msg,43,TYPE_CHAR,gpd.srv.is_need_release_msg diff --git a/build/signtools/rsa_public_key_cloud.pem b/build/signtools/rsa_public_key_cloud.pem new file mode 100644 index 0000000..a321f63 --- /dev/null +++ b/build/signtools/rsa_public_key_cloud.pem @@ -0,0 +1,11 @@ +-----BEGIN PUBLIC KEY----- +MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzAPwbnbgBg7JgXERA9Bx +p7GLI1S3e1zL83RMd2+GXb6kO4yMKUL3NUCE2HhA2BtQYmLyGovx59UUcKnU58is +Xux++kH+A2shmOPjYvEFuX0Kt8tc19b8M9b/iHsY8ZmKykqia2a5U+IrECRFJo5p +DWUnl7jrHVtq78BSR1c7iXG1frrEC0AYCuqKJo/fxfmOKL0Y9mENCB3nAwjn9unD +BsO/OhkqvvB3nkeuMfNKPh4wCqtQPve13eTojbuxjX/3ePijplTI5X2Gr+n6Ximn +fYRlytQmMgMl/db0ARSKNApq9bmwzVNrnGWWZWJksdRvf6iL7t17Gs4L9AApOuC9 +WkzxPvwp5ZUqjsGd4oJGWeC6ZE6BTw2vxE+xMFI9uAKHxq9pBKkcGMa0g4fANNNV ++W+8JZGanxEXKB3y/M7BCyQAPCWOHC/RNjmRA1gczLYCPzC4pWu935UZdF1RR6zY +CD3t+FoOGGET/g4CwWgyhb5qkp65Hs6ayYt/DUAqo+yBAgMBAAE= +-----END PUBLIC KEY----- diff --git a/build/signtools/signtool_v3.py b/build/signtools/signtool_v3.py index 39a719d..b588707 100755 --- a/build/signtools/signtool_v3.py +++ b/build/signtools/signtool_v3.py @@ -1,8 +1,8 @@ #!/usr/bin/env python -# coding:utf-8 +# coding=utf-8 #---------------------------------------------------------------------------- # Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. -# iTrustee licensed under the Mulan PSL v2. +# Licensed under the Mulan PSL v2. # You can use this software according to the terms and conditions of the Mulan # PSL v2. # You may obtain a copy of Mulan PSL v2 at: @@ -11,31 +11,32 @@ # KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO # NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. # See the Mulan PSL v2 for more details. +# Description: tools for generating a trusted application load image #---------------------------------------------------------------------------- import struct import os import stat -import hashlib import binascii -import subprocess import shutil -import getpass import argparse +import configparser +import re +import logging -try: - from configparser import SafeConfigParser -except ImportError: - from ConfigParser import SafeConfigParser -from manifest import parser_manifest +from manifest import process_manifest_file from generate_signature import gen_ta_signature +from Crypto.Hash import SHA256 +from Crypto.Cipher import PKCS1_OAEP +from Crypto.PublicKey import RSA +from Crypto.Cipher import AES +from Crypto.Random import get_random_bytes -# fixed value, {1, 2} version are abandoned. -VERSION = 3 -TA_VERSION = 3 -MAX_EXT_PROP_LEN = 152 +TYPE_PUBKEY = 0 +TYPE_CERT = 1 +TYPE_CERT_CHAIN = 2 MAGIC1 = 0xA5A55A5A MAGIC2 = 0x55AA @@ -63,6 +64,21 @@ ELF_INFO_VERSION_INDEX = 6 ELF_INFO_VERSION_CURRENT = 1 ELF_BLOCK_ALIGN = 0x1000 +SEC_HEADER_BYTES = 16 +SING_BIG_ENDIAN = False + + +def whitelist_check(intput_str): + if not re.match(r"^[A-Za-z0-9\/\-_.]+$", intput_str): + return 1 + return 0 + + +def integer_check(intput_str): + if not str(intput_str).isdigit(): + return 1 + return 0 + #---------------------------------------------------------------------------- # Verify ELF header contents from an input ELF file @@ -70,7 +86,7 @@ ELF_BLOCK_ALIGN = 0x1000 def verify_elf_header(elf_path): elf_type = 0 with open(elf_path, 'rb') as elf: - elf_data = struct.unpack('B'*16, elf.read(16)) + elf_data = struct.unpack('B' * 16, elf.read(16)) elf_type = elf_data[4] if ((elf_data[ELF_INFO_MAGIC0_INDEX] != ELF_INFO_MAGIC0) or \ (elf_data[ELF_INFO_MAGIC1_INDEX] != ELF_INFO_MAGIC1) or \ @@ -78,7 +94,7 @@ def verify_elf_header(elf_path): (elf_data[ELF_INFO_MAGIC3_INDEX] != ELF_INFO_MAGIC3) or \ (elf_data[ELF_INFO_VERSION_INDEX] != \ ELF_INFO_VERSION_CURRENT)): - print("invalid elf header info") + logging.error("invalid elf header info") raise RuntimeError if ((elf_type == 1 and elf_data[ELF_INFO_CLASS_INDEX] != \ @@ -86,229 +102,410 @@ def verify_elf_header(elf_path): (elf_type == 2 and elf_data[ELF_INFO_CLASS_INDEX] != \ ELF_INFO_CLASS_64) or \ (elf_type != 1 and elf_type != 2)): - print("invliad elf format") + logging.error("invliad elf format") raise RuntimeError return -class Configuration: - release_type = 0 - otrp_flag = 0 - sign_type = 0 +class AllCfg: + release_type = "1" + otrp_flag = "0" + sign_type = "0" public_key = "" - pub_key_len = 0 + pub_key_len = "" + re_sign_flag = "0" server_ip = "" config_path = "" sign_key = "" - sign_key_len = 2048 - hash_type = 0 - padding_type = 0 + sign_key_type = "0" + sign_alg = "RSA" + ta_cert_chain = "" + ta_version = 3 + - def __init__(self, file_name): - parser = SafeConfigParser() +class PublicCfg: + def __init__(self, file_name, all_cfg): + cfg_section = "signSecPublicCfg" + parser = configparser.ConfigParser() parser.read(file_name) - self.release_type = parser.get("config", "releaseType") - self.otrp_flag = parser.get("config", "otrpFlag") - self.sign_type = parser.get("config", "signType") - self.public_key = parser.get("config", "encryptKey") - self.pub_key_len = parser.get("config", "encryptKeyLen") - self.server_ip = parser.get("config", "serverIp") - self.config_path = parser.get("config", "configPath") - self.sign_key = parser.get("config", "signKey") - self.sign_key_len = parser.get("config", "signKeyLen") - self.hash_type = parser.get("config", "hashType") - self.padding_type = parser.get("config", "paddingType") - - -def gen_header(content_len, key_version): - return struct.pack('IHHII', MAGIC1, MAGIC2, VERSION, content_len, \ - key_version) - - -def gen_aes_key_info(cfg, iv_file_path, key_file_path, out_file_path): - rand_iv_cmd = "openssl rand -out {} 16".format(iv_file_path) - rand_key_cmd = "openssl rand -out {} 32".format(key_file_path) - try: - subprocess.check_output(rand_iv_cmd.split(), shell=False) - subprocess.check_output(rand_key_cmd.split(), shell=False) - except Exception: - print("rand operation failed") - raise RuntimeError - os.chmod(iv_file_path, stat.S_IWUSR | stat.S_IRUSR) - os.chmod(key_file_path, stat.S_IWUSR | stat.S_IRUSR) + if parser.has_option(cfg_section, "secReleaseType"): + all_cfg.release_type = parser.get(cfg_section, "secReleaseType") + if parser.has_option(cfg_section, "secOtrpFlag"): + all_cfg.otrp_flag = parser.get(cfg_section, "secOtrpFlag") + + all_cfg.sign_type = parser.get(cfg_section, "secSignType") + if parser.has_option(cfg_section, "secSignServerIp"): + all_cfg.server_ip = parser.get(cfg_section, "secSignServerIp") + + all_cfg.config_path = parser.get(cfg_section, "configPath") + all_cfg.sign_key = parser.get(cfg_section, "secSignKey") + if parser.has_option(cfg_section, "secTaVersion"): + all_cfg.ta_version = int(parser.get(cfg_section, "secTaVersion")) + else: + all_cfg.ta_version = 3 + if parser.has_option(cfg_section, "secSignKeyType"): + all_cfg.sign_key_type = parser.get(cfg_section, "secSignKeyType") + if parser.has_option(cfg_section, "secTaCertChain"): + all_cfg.ta_cert_chain = parser.get(cfg_section, "secTaCertChain") + + +class PrivateCfg: + def __init__(self, file_name, all_cfg): + cfg_section = 'signSecPrivateCfg' + parser = configparser.ConfigParser() + parser.read(file_name) + if parser.has_option(cfg_section, "secEncryptKey"): + all_cfg.public_key = parser.get(cfg_section, "secEncryptKey") + + if parser.has_option(cfg_section, "secEncryptKeyLen"): + all_cfg.pub_key_len = parser.get(cfg_section, "secEncryptKeyLen") + + if parser.has_option(cfg_section, "secReSignFlag"): + all_cfg.re_sign_flag = parser.get(cfg_section, "secReSignFlag") + + all_cfg.hash_type = parser.get(cfg_section, "secHashType") + all_cfg.sign_key_len = parser.get(cfg_section, "secSignKeyLen") + all_cfg.padding_type = parser.get(cfg_section, "secPaddingType") + + if parser.has_option(cfg_section, "secSignAlg"): + all_cfg.sign_alg = parser.get(cfg_section, "secSignAlg") + + +def check_cfg(cfg): + ret = 0 + if cfg.release_type != "": + if integer_check(cfg.release_type): + logging.error("secReleaseType is invalid.") + ret = 1 + if cfg.otrp_flag != "": + if integer_check(cfg.otrp_flag): + logging.error("secOtrpFlag is invalid.") + ret = 1 + if cfg.sign_type != "": + if integer_check(cfg.sign_type): + logging.error("secSignType is invalid.") + ret = 1 + if cfg.server_ip != "": + if whitelist_check(cfg.server_ip): + logging.error("secSignServerIp is invalid.") + ret = 1 + if cfg.config_path != "": + if whitelist_check(cfg.config_path): + logging.error("configPath is invalid.") + ret = 1 + if cfg.sign_key != "": + if whitelist_check(cfg.sign_key): + logging.error("secSignKey is invalid.") + ret = 1 + if cfg.public_key != "": + if whitelist_check(cfg.public_key): + logging.error("secEncryptKey is invalid.") + ret = 1 + if cfg.pub_key_len != "": + if integer_check(cfg.pub_key_len): + logging.error("secEncryptKeyLen is invalid.") + ret = 1 + if cfg.re_sign_flag != "": + if integer_check(cfg.re_sign_flag): + logging.error("secReSignFlag is invalid.") + ret = 1 + if cfg.hash_type != "": + if integer_check(cfg.hash_type): + logging.error("secHashType is invalid.") + ret = 1 + if cfg.sign_key_len != "": + if integer_check(cfg.sign_key_len): + logging.error("secSignKeyLen is invalid.") + ret = 1 + if cfg.padding_type != "": + if integer_check(cfg.padding_type): + logging.error("secPaddingType is invalid.") + ret = 1 + if cfg.sign_alg != "": + if whitelist_check(cfg.sign_alg): + logging.error("secSignAlg is invalid.") + ret = 1 + return ret + + +def gen_header(content_len, key_version, cfg): + ''' gen header by endian ''' + if SING_BIG_ENDIAN: + head_tag = '>IHHII' + else: + head_tag = 'IHHII' + return struct.pack(head_tag, MAGIC1, MAGIC2, cfg.ta_version, content_len, key_version) + + +def get_sign_alg(cfg): sign_alg = 0 sign_alg = sign_alg | (int(cfg.release_type) << 28) sign_alg = sign_alg | (int(cfg.padding_type) << 27) sign_alg = sign_alg | (int(cfg.hash_type) << 26) - if cfg.sign_key_len == "2048": - sign_alg = sign_alg | 0x00002048 - elif cfg.sign_key_len == "4096": - sign_alg = sign_alg | 0x00004096 + if cfg.sign_alg == "RSA": + sign_alg = sign_alg | (2 << 20) + elif cfg.sign_alg == "ECDSA": + sign_alg = sign_alg | (1 << 20) + if cfg.sign_type == '4' or cfg.sign_type == '5' or cfg.sign_type == '6' : + sign_alg = sign_alg | 0x0000C000 + else: + if cfg.sign_key_len == "2048": + sign_alg = sign_alg | 0x00002048 + elif cfg.sign_key_len == "4096": + sign_alg = sign_alg | 0x00004096 + elif cfg.sign_key_len == "256": + sign_alg = sign_alg | 0x00000256 + return sign_alg + + +def gen_aes_key_info(cfg): + iv_data = get_random_bytes(16) + key_data = get_random_bytes(32) + if SING_BIG_ENDIAN: + aes_tag = '>3I' + else: + aes_tag = '<3I' + sign_alg = get_sign_alg(cfg) + key_info = struct.pack(aes_tag, 32, 16, sign_alg) + key_info += key_data + key_info += iv_data + return key_data, iv_data, key_info + + +def gen_sign_alg_info(cfg, out_file_path): + sign_alg = get_sign_alg(cfg) + logging.critical("sign_alg value is 0x%x", sign_alg) + if SING_BIG_ENDIAN: + info_tag = '>I' + else: + info_tag = 'I' + fd_out = os.open(out_file_path, os.O_WRONLY | os.O_CREAT, \ + stat.S_IWUSR | stat.S_IRUSR) + out_file = os.fdopen(fd_out, "wb") + out_file.write(struct.pack(info_tag, 0)) + out_file.write(struct.pack(info_tag, 0)) + out_file.write(struct.pack(info_tag, sign_alg)) + out_file.close() - print("sign_alg value is 0x%x" % sign_alg) - with open(out_file_path, 'wb') as out_file: - out_file.write(struct.pack('I', 32)) - out_file.write(struct.pack('I', 16)) - out_file.write(struct.pack('I', sign_alg)) + return - with open(key_file_path, 'rb') as key_file: - out_file.write(key_file.read(32)) - with open(iv_file_path, 'rb') as iv_file: - out_file.write(iv_file.read(16)) +def encrypt_aes_key(pubkey_path, in_data, out_path): + with open(pubkey_path, 'rb') as pubkey_file_fd: + pubkey_file = pubkey_file_fd.read(os.path.getsize(pubkey_path)) + pubkey = RSA.importKey(pubkey_file) + cipher = PKCS1_OAEP.new(pubkey) + ciphertext = cipher.encrypt(in_data) - os.chmod(out_file_path, stat.S_IWUSR | stat.S_IRUSR) + fd_out = os.open(out_path, os.O_WRONLY | os.O_CREAT, \ + stat.S_IWUSR | stat.S_IRUSR) + out_file = os.fdopen(fd_out, "wb") + out_file.write(ciphertext) + out_file.close() return -def encrypt_aes_key(pubkey_path, in_path, out_path): - cmd = "openssl rsautl -encrypt -pubin -oaep -inkey {} -in {} -out {}". \ - format(pubkey_path, in_path, out_path) - try: - subprocess.check_output(cmd.split(), shell=False) - except Exception: - print("RSA encrypt operation failed") - raise RuntimeError - os.chmod(out_path, stat.S_IWUSR | stat.S_IRUSR) - return - -def gen_signature(cfg, uuid_str, raw_data_path, hash_file_path, out_file_path): - gen_ta_signature(cfg, uuid_str, raw_data_path, hash_file_path, out_file_path) +def gen_signature(cfg, uuid_str, raw_data, raw_data_path, hash_file_path, \ + out_file_path, out_path, key_info_data): + gen_ta_signature(cfg, uuid_str, raw_data, raw_data_path, \ + hash_file_path, out_file_path, out_path, key_info_data, SING_BIG_ENDIAN) os.chmod(out_file_path, stat.S_IWUSR | stat.S_IRUSR) return + def gen_raw_data(manifest_data_path, manifest_ext_path, elf_file_path, \ - config_path, raw_file_path): + config_path, raw_file_path, ta_version): manifest_size = os.path.getsize(manifest_data_path) manifest_ext_size = os.path.getsize(manifest_ext_path) elf_size = os.path.getsize(elf_file_path) config_size = 0 - if manifest_ext_size > MAX_EXT_PROP_LEN: - print("too much data in \"manifest.txt\" to be handled. \ - extra string len %d" \ - % manifest_ext_size) - raise RuntimeError - verify_elf_header(elf_file_path) - with open(raw_file_path, 'wb') as file_op: - header = "" - if os.path.isfile(config_path): - config_size = os.path.getsize(config_path) - header = struct.pack('IIIII', TA_VERSION, manifest_size, \ - manifest_ext_size, \ - elf_size, config_size) - file_op.write(header) - - with open(manifest_data_path, 'rb') as manifest_data: - file_op.write(manifest_data.read(manifest_size)) - - with open(manifest_ext_path, 'rb') as manifest_ext: - file_op.write(manifest_ext.read(manifest_ext_size)) - - with open(elf_file_path, 'rb') as elf: - file_op.write(elf.read(elf_size)) - if config_size != 0: - with open(config_path, 'rb') as config: - file_op.write(config.read(config_size)) + fd_op = os.open(raw_file_path, os.O_WRONLY | os.O_CREAT, \ + stat.S_IWUSR | stat.S_IRUSR) + file_op = os.fdopen(fd_op, "wb") + header = "" + if os.path.isfile(config_path): + config_size = os.path.getsize(config_path) + if SING_BIG_ENDIAN: + raw_tag = '>IIIII' + else: + raw_tag = 'IIIII' + header = struct.pack(raw_tag, ta_version, manifest_size, \ + manifest_ext_size, \ + elf_size, config_size) + file_op.write(header) + + with open(manifest_data_path, 'rb') as manifest_data: + file_op.write(manifest_data.read(manifest_size)) + + with open(manifest_ext_path, 'rb') as manifest_ext: + file_op.write(manifest_ext.read(manifest_ext_size)) + + with open(elf_file_path, 'rb') as elf: + file_op.write(elf.read(elf_size)) + if config_size != 0: + with open(config_path, 'rb') as config: + file_op.write(config.read(config_size)) + file_op.close() return -def aes_encrypt(key_path, iv_path, in_file_path, out_file_path): - key_size = os.path.getsize(key_path) - with open(key_path, 'rb') as key_file: - key_data = key_file.read(key_size) - hex_key_str = binascii.b2a_hex(key_data) - - iv_size = os.path.getsize(iv_path) - with open(iv_path, 'rb') as iv_file: - iv_data = iv_file.read(iv_size) - hex_iv_str = binascii.b2a_hex(iv_data) - - cmd = "openssl enc -aes-256-cbc -in {} -out {} -K {} -iv {}".\ - format(in_file_path, out_file_path, \ - bytes.decode(hex_key_str), bytes.decode(hex_iv_str)) - try: - subprocess.check_output(cmd.split(), shell=False) - except Exception: - print("AES encrypt operation failed") - raise RuntimeError +def aes_encrypt(key_data, iv_data, in_file_path, out_file_path): + in_size = os.path.getsize(in_file_path) + with open(in_file_path, 'rb') as in_file: + in_data = in_file.read(in_size) + padding = 16 - in_size % 16 + in_data += bytes([padding]) * padding + + cipher = AES.new(key_data, AES.MODE_CBC, iv_data) + ciphertext = cipher.encrypt(in_data) + + fd_out = os.open(out_file_path, os.O_WRONLY | os.O_CREAT, \ + stat.S_IWUSR | stat.S_IRUSR) + out_file = os.fdopen(fd_out, "wb") + out_file.write(ciphertext) + out_file.close() - os.chmod(out_file_path, stat.S_IWUSR | stat.S_IRUSR) return -def parser_api_level(compile_config): +def parser_api_level(mk_compile_cfg, cmake_compile_cfg): default_api_level = 1 - if not os.path.exists(compile_config): - print("TA Make Config doesn't exist, ignore it") + compile_cfg_file = '' + + # The config.mk file is first searched. + # The config.cmake file is searched only when the config.mk file does + # not exist. If the API_LEVEL macro is not defined in either of the + # two files, the default value LEVEL 1 is used. + if os.path.exists(mk_compile_cfg): + compile_cfg_file = mk_compile_cfg + elif os.path.exists(cmake_compile_cfg): + compile_cfg_file = cmake_compile_cfg + else: + logging.error("Build config file doesn't exist, ignore it") return default_api_level - with open(compile_config) as file_op: + + with open(compile_cfg_file) as file_op: for line in file_op: - if line.startswith("#") or not "-DAPI_LEVEL" in line: + if line.startswith("#") or "-DAPI_LEVEL" not in line: continue key, value = line.strip().split("-DAPI_LEVEL=") - print("key info {}".format(key)) - print(("ta_api_level = {}".format(value))) - return value + logging.critical("key info %s", key) + logging.critical("ta_api_level = %s", value[0]) + return value[0] + + logging.error("Build Config file doesn't define API_LEVEL") return default_api_level -def update_api_level(compile_config, manifest): +def update_api_level(mk_compile_cfg, cmake_compile_cfg, manifest): data = '' with open(manifest, 'r') as file_op: for line in file_op: - if line.startswith("#") or not "gpd.ta.api_level" in line: + if line.startswith("#") or "gpd.ta.api_level" not in line: data += line - line = "\ngpd.ta.api_level:{}\n".format(parser_api_level(compile_config)) + + api_level = parser_api_level(mk_compile_cfg, cmake_compile_cfg) + line = "\ngpd.ta.api_level:{}\n".format(api_level) data += line - with open(manifest, "w") as file_op: - file_op.writelines(data) + fd_op = os.open(manifest, os.O_WRONLY | os.O_CREAT, \ + stat.S_IWUSR | stat.S_IRUSR) + file_op = os.fdopen(fd_op, "w") + file_op.writelines(data) + file_op.close() def update_otrp_flag(manifest): data = '' with open(manifest, 'r') as file_op: for line in file_op: - if line.startswith("#") or not "gpd.ta.otrp_flag" in line: + if line.startswith("#") or "gpd.ta.otrp_flag" not in line: data += line line = "\ngpd.ta.otrp_flag:{}\n".format('true') data += line - with open(manifest, "w") as file_op: - file_op.writelines(data) + fd_op = os.open(manifest, os.O_WRONLY | os.O_CREAT, \ + stat.S_IWUSR | stat.S_IRUSR) + file_op = os.fdopen(fd_op, "w") + file_op.writelines(data) + file_op.close() -def gen_data_for_sign(header, key_info, raw_file, data_sign): - key_info_len = os.path.getsize(key_info) +def gen_data_for_sign(header, key_data, raw_file): raw_file_len = os.path.getsize(raw_file) + with open(raw_file, 'rb') as raw_fp: + raw_data = raw_fp.read(raw_file_len) - with open(data_sign, 'wb') as data_fp, \ - open(key_info, 'rb') as key_fp, open(raw_file, 'rb') as raw_fp: - data_fp.write(header) - data_fp.write(key_fp.read(key_info_len)) - data_fp.write(raw_fp.read(raw_file_len)) + data_sign = header + data_sign += key_data + data_sign += raw_data + return data_sign def gen_key_version(cfg): - if cfg.pub_key_len == '3072': + if cfg.pub_key_len == '4096': + return int(0x0302) + elif cfg.pub_key_len == '3072': return int(0x0202) - if cfg.pub_key_len == '2048': + elif cfg.pub_key_len == '2048': return int(0x0002) - print("unhandled pulic key len %s" % cfg.pub_key_len) + elif cfg.pub_key_len == '': + return int(0x0000) + + logging.error("unhandled pulic key len %s", cfg.pub_key_len) raise RuntimeError +def pack_signature(signature_path, signature_size): + add_size = 72 - signature_size + with open(signature_path, 'rb+') as signature_file: + signature_buf = signature_file.read(signature_size) + signature_file.seek(0) + for _ in range(0, add_size): + signature_file.write(b'\x00') + signature_file.write(signature_buf) + + +def check_if_is_drv(manifest_path): + with open(manifest_path, 'r') as mani_fp: + for each_line in mani_fp: + if each_line.startswith("#") or not each_line.strip(): + continue + name = each_line.split(":")[0].strip() + if name == "gpd.ta.target_type" and \ + str(each_line.split(":")[1].strip()) == "1": + return 1 + return 0 + + +def get_sign_cert_block_buffer(cfg, signature_path, signature_size): + ''' get sign and cert buffer ''' + with open(signature_path, 'rb') as signature_file: + signature_buf = signature_file.read(signature_size) + ta_cert_len = 0 + if cfg.sign_key_type == TYPE_PUBKEY: + sign_verify_buf = struct.pack('II', TYPE_PUBKEY, 0) + signature_buf + else: + ta_cert_path = cfg.ta_cert_chain + ta_cert_len = os.path.getsize(ta_cert_path) + with open(ta_cert_path, 'rb') as ta_cert_file: + ta_cert_buf = ta_cert_file.read(ta_cert_len) + if cfg.sign_key_type == TYPE_CERT: + sign_verify_buf = struct.pack('II', TYPE_CERT, ta_cert_len) + ta_cert_buf + signature_buf + else: + sign_verify_buf = struct.pack('II', TYPE_CERT_CHAIN, ta_cert_len) + ta_cert_buf + signature_buf + return sign_verify_buf + + def gen_sec_image(in_path, out_path, cfg): # temporary files - temp_path = os.path.join(in_path, "temp") + temp_path = os.path.join(out_path, "temp") shutil.rmtree(temp_path, ignore_errors=True) os.mkdir(temp_path) os.chmod(temp_path, stat.S_IRWXU) - iv_file_path = os.path.join(temp_path, "iv.bin") - key_file_path = os.path.join(temp_path, "aeskey.bin") key_info_path = os.path.join(temp_path, "KeyInfo") enc_key_path = os.path.join(temp_path, "KeyInfo.enc") raw_file_path = os.path.join(temp_path, "rawData") @@ -322,63 +519,185 @@ def gen_sec_image(in_path, out_path, cfg): # mandentory input files manifest_path = os.path.join(in_path, "manifest.txt") elf_file_path = os.path.join(in_path, "libcombine.so") - compile_config_path = os.path.join(in_path, "config.mk") - - ret, product_name = parser_manifest(manifest_path, \ - manifest_data_path, manifest_ext_path) - if ret is False: + mk_cfg_path = os.path.join(in_path, "config.mk") + cmake_cfg_path = os.path.join(in_path, "config.cmake") + dyn_conf_xml_file_path = os.path.join(in_path, "dyn_perm.xml") + tag_parse_dict_file_path = os.path.join(os.getcwd(), "tag_parse_dict.csv") + xml_config_path = os.path.join(in_path, "configs.xml") + auth_xml_file_path = os.path.join(in_path, "auth_config.xml") + + ta_cert_path = cfg.ta_cert_chain + if cfg.ta_version == 5: + if cfg.sign_key_type == TYPE_PUBKEY: + ta_cert_len = 0 + else: + ta_cert_len = os.path.getsize(ta_cert_path) + + is_encrypt_sec = True + if cfg.public_key == "" or cfg.pub_key_len == "": + is_encrypt_sec = False + + # 1. parser_manifest + manifest_info = process_manifest_file(xml_config_path, \ + manifest_path, manifest_data_path, manifest_ext_path, SING_BIG_ENDIAN) + uuid_str = manifest_info.uuid_str + if manifest_info.ret is False: raise RuntimeError - update_api_level(compile_config_path, manifest_ext_path) + # 2. update_api_level + update_api_level(mk_cfg_path, cmake_cfg_path, manifest_ext_path) - if cfg.otrp_flag == 1: - print("package otrp sec file\n") + # 3. update_otrp_flag + if cfg.otrp_flag == "1": + logging.critical("package otrp sec file\n") update_otrp_flag(manifest_ext_path) + # 4. parser_dyn_conf + if os.path.exists(dyn_conf_xml_file_path): + # V3.1 ta/drv do not need manifest_ext + if not os.path.exists(cfg.config_path): + from dyn_conf_parser import parser_dyn_conf + parser_dyn_conf(dyn_conf_xml_file_path, manifest_ext_path, \ + tag_parse_dict_file_path, in_path) + else: + if check_if_is_drv(manifest_path) == 1: + if not os.path.exists(cfg.config_path): + ans = "gpd.ta.dynConf:00000\n" + manifest_ext_path_fd = os.open(manifest_ext_path, \ + os.O_RDWR, 0o600) + with os.fdopen(manifest_ext_path_fd, 'a+') as mani_ext_fp: + mani_ext_fp.write(ans) + + # parser auth config xml: the auth info must be packed in the end of manifest_ext. + if os.path.exists(auth_xml_file_path): + from auth_conf_parser import parser_auth_xml + parser_auth_xml(auth_xml_file_path, manifest_ext_path, SING_BIG_ENDIAN) + + # 5. gen_raw_data gen_raw_data(manifest_data_path, manifest_ext_path, elf_file_path, \ - cfg.config_path, raw_file_path) - - # generate AES key info to encrypt raw data - gen_aes_key_info(cfg, iv_file_path, key_file_path, key_info_path) - encrypt_aes_key(cfg.public_key, key_info_path, enc_key_path) - - aes_encrypt(key_file_path, iv_file_path, raw_file_path, enc_raw_path) + cfg.config_path, raw_file_path, cfg.ta_version) + + if cfg.sign_type == '4': + sign_len = 9219 + elif cfg.sign_type == '5': + sign_len = 0 + elif cfg.sign_type == '6': + sign_len = 9227 + else: + if int(cfg.sign_key_len) == 256: + sign_len = 72 + else: + sign_len = int(cfg.sign_key_len) / 8 + + # 6. gen aes key, and encrypt aes key with RSA key, + # and encrypt raw data with aes key + if is_encrypt_sec is True: + # generate AES key info to encrypt raw data + key_data, iv_data, key_info_data = gen_aes_key_info(cfg) + encrypt_aes_key(cfg.public_key, key_info_data, enc_key_path) + aes_encrypt(key_data, iv_data, raw_file_path, enc_raw_path) + + # generate Main Header + if cfg.ta_version == 5: + content_len = os.path.getsize(enc_key_path) \ + + 4 + 4 + ta_cert_len + sign_len \ + + os.path.getsize(enc_raw_path) + else: + content_len = os.path.getsize(enc_key_path) \ + + sign_len \ + + os.path.getsize(enc_raw_path) + else: + gen_sign_alg_info(cfg, key_info_path) + # generate Main Header + if cfg.ta_version == 5: + content_len = os.path.getsize(key_info_path) \ + + 4 + 4 + ta_cert_len + sign_len \ + + os.path.getsize(raw_file_path) + else: + content_len = os.path.getsize(key_info_path) \ + + sign_len \ + + os.path.getsize(raw_file_path) + with open(key_info_path, 'rb') as key_info_fp: + key_info_data = key_info_fp.read(os.path.getsize(key_info_path)) - # generate Main Header - content_len = os.path.getsize(enc_key_path) + \ - (int(cfg.sign_key_len) / 8) + \ - os.path.getsize(enc_raw_path) key_version = gen_key_version(cfg) - header = gen_header(int(content_len), key_version) - - gen_data_for_sign(header, key_info_path, raw_file_path, data_for_sign_path) - - uuid_str = product_name[0:36] - print('uuid str {}'.format(uuid_str)) - - gen_signature(cfg, uuid_str, data_for_sign_path, hash_path, signature_path) - - sec_img_path = os.path.join(out_path, product_name) - with open(sec_img_path, 'wb') as sec_image: - # write to sec file [1.header info] - sec_image.write(header) + header = gen_header(int(content_len), key_version, cfg) + data_for_sign = gen_data_for_sign(header, key_info_data, raw_file_path) + + uuid_str = uuid_str[0:36] + logging.critical("uuid str %s", uuid_str) + + # 7. gen signature + gen_signature(cfg, uuid_str, data_for_sign, data_for_sign_path, \ + hash_path, signature_path, out_path, key_info_data) + + if os.path.exists("get_ta_elf_hash.py"): + if os.path.exists(elf_file_path): + from get_ta_elf_hash import get_code_segment_from_elf + get_code_segment_from_elf(elf_file_path, uuid_str, data_for_sign) + + # 8. pack sec img: header || key || signature || raw_data + signature_size = os.path.getsize(signature_path) + if sign_len == 72: + if signature_size != 72: + pack_signature(signature_path, signature_size) + elif sign_len == 0: + sign_len = signature_size + # generate Main Header + if is_encrypt_sec is True: + key_data_path = enc_key_path + raw_data_path = enc_raw_path + else: + key_data_path = key_info_path + raw_data_path = raw_file_path + content_len = os.path.getsize(key_data_path) \ + + sign_len \ + + os.path.getsize(raw_data_path) + header = gen_header(int(content_len), key_version, cfg) + + sec_img_path = os.path.join(out_path, manifest_info.product_name) + fd_image = os.open(sec_img_path, os.O_WRONLY | os.O_CREAT, \ + stat.S_IWUSR | stat.S_IRUSR) + sec_image = os.fdopen(fd_image, "wb") + # write to sec file [1.header info] + sec_image.write(header) + if is_encrypt_sec is True: # write to sec file [2.AES key info] enc_key_size = os.path.getsize(enc_key_path) with open(enc_key_path, 'rb') as enc_key_info: sec_image.write(enc_key_info.read(enc_key_size)) - # write to sec file [3.signature] + else: + key_info_size = os.path.getsize(key_info_path) + with open(key_info_path, 'rb') as key_info_fp: + sec_image.write(key_info_fp.read(key_info_size)) + # write to sec file [3.signature] + if cfg.ta_version == 5: + signature_size = os.path.getsize(signature_path) + sign_cert_buf = get_sign_cert_block_buffer(cfg, signature_path, signature_size) + sec_image.write(sign_cert_buf) + else: signature_size = os.path.getsize(signature_path) with open(signature_path, 'rb') as signature_file: sec_image.write(signature_file.read(signature_size)) + if is_encrypt_sec is True: # write to sec file [4.encrypted raw data] enc_raw_size = os.path.getsize(enc_raw_path) with open(enc_raw_path, 'rb') as enc_raw_data: sec_image.write(enc_raw_data.read(enc_raw_size)) + else: + raw_file_size = os.path.getsize(raw_file_path) + with open(raw_file_path, 'rb') as raw_file_data: + sec_image.write(raw_file_data.read(raw_file_size)) + sec_image.truncate(int(SEC_HEADER_BYTES) + int(content_len)) + sec_image.close() - print("=========================SUCCESS============================") - print("generate TA(V3 format) load image success: ") - print(sec_img_path) - print("============================================================") + logging.critical("=========================SUCCESS============================") + logging.critical("generate sec(common format) load image success: ") + logging.critical(sec_img_path) + logging.critical("============================================================") + + if manifest_info.manifest_txt_exist is False and os.path.exists(manifest_path): + os.remove(manifest_path) #remove temp files shutil.rmtree(temp_path) @@ -386,23 +705,59 @@ def gen_sec_image(in_path, out_path, cfg): def main(): - sign_tool_dir = os.path.dirname(os.path.abspath(__file__)) + global SING_BIG_ENDIAN + sign_tool_dir = os.path.dirname(os.path.realpath(__file__)) parser = argparse.ArgumentParser() parser.add_argument("in_path", help="input path of data to be signed. \ (libcombine.so; manifest.txt; ...", type=str) parser.add_argument("out_path", help="input path of signed file. \ (xxx.sec)", type=str) - parser.add_argument("--config", help="sign configuation file", type=str) + parser.add_argument("--publicCfg", \ + help="sign cfg for ta developer", type=str) + parser.add_argument("--privateCfg", \ + help="sign cfg for product developer", type=str) + parser.add_argument("--sign_endian", \ + help="sign endian (little/big default little)", type=str) args = parser.parse_args() - if args.config: - cfg = Configuration(args.config) + cfg = AllCfg() + if args.privateCfg: + PrivateCfg(args.privateCfg, cfg) else: - cfg = Configuration(os.path.join(sign_tool_dir, "config.ini")) + logging.error("please config private cfg file") + raise RuntimeError - in_path = os.path.abspath(args.in_path) - out_path = os.path.abspath(args.out_path) + if args.publicCfg: + PublicCfg(args.publicCfg, cfg) + else: + PublicCfg(args.privateCfg, cfg) + + if args.sign_endian and args.sign_endian == "big": + SING_BIG_ENDIAN = True + + if check_cfg(cfg): + logging.error("the configuration file field is incorrect.") + exit() + in_path = os.path.realpath(args.in_path) + out_path = os.path.realpath(args.out_path) + if not os.path.exists(in_path): + logging.error("input_path does not exist.") + exit() + if not os.path.exists(out_path): + logging.error("out_path does not exist.") + exit() + if whitelist_check(in_path): + logging.error("input_path is incorrect.") + exit() + if whitelist_check(out_path): + logging.error("out_path is incorrect.") + exit() os.chdir(sign_tool_dir) - gen_sec_image(in_path, out_path, cfg) + + if cfg.re_sign_flag == "1": + from re_generate_signature import re_sign_sec_img + re_sign_sec_img(in_path, out_path, cfg) + else: + gen_sec_image(in_path, out_path, cfg) if __name__ == '__main__': diff --git a/build/signtools/tag_parse_dict.csv b/build/signtools/tag_parse_dict.csv new file mode 100644 index 0000000..22040ea --- /dev/null +++ b/build/signtools/tag_parse_dict.csv @@ -0,0 +1,120 @@ +drv_perm/,0,TYPE_CLASS, +drv_perm/drvcall_perm_apply/,1,TYPE_CLASS, +drv_perm/drvcall_perm_apply/item/,2,TYPE_CLASS, +drv_perm/drvcall_perm_apply/item/name,3,TYPE_CHAR, +drv_perm/drvcall_perm_apply/item/permission,4,TYPE_CHAR,drv_perm/drvcall_perm_apply/item/name +drv_perm/drv_basic_info/,5,TYPE_CLASS, +drv_perm/drv_basic_info/thread_limit,6,TYPE_INT, +drv_perm/drv_basic_info/upgrade,7,TYPE_BOOL, +drv_perm/drv_basic_info/virt2phys,8,TYPE_BOOL, +drv_perm/drv_basic_info/exception_mode,9,TYPE_CHAR, +drv_perm/drv_io_map/,10,TYPE_CLASS, +drv_perm/drv_io_map/item/,11,TYPE_CLASS, +drv_perm/drv_io_map/item/chip_type,12,TYPE_CHAR, +drv_perm/drv_io_map/item/iomap,13,TYPE_CHAR, +drv_perm/irq/,14,TYPE_CLASS, +drv_perm/irq/item/,15,TYPE_CLASS, +drv_perm/irq/item/chip_type,16,TYPE_CHAR, +drv_perm/irq/item/irq,17,TYPE_CHAR, +drv_perm/map_secure/,18,TYPE_CLASS, +drv_perm/map_secure/item/,19,TYPE_CLASS, +drv_perm/map_secure/item/chip_type,20,TYPE_CHAR, +drv_perm/map_secure/item/uuid,21,TYPE_CHAR, +drv_perm/map_secure/item/region,22,TYPE_CHAR, +drv_perm/map_nosecure/,23,TYPE_CLASS, +drv_perm/map_nosecure/item/,24,TYPE_CLASS, +drv_perm/map_nosecure/item/chip_type,25,TYPE_CHAR, +drv_perm/map_nosecure/item/uuid,26,TYPE_CHAR, +drv_perm/drv_cmd_perm_info/,27,TYPE_CLASS, +drv_perm/drv_cmd_perm_info/item/,28,TYPE_CLASS, +drv_perm/drv_cmd_perm_info/item/cmd,29,TYPE_CHAR,{gpd.ta.service_name}.csv +drv_perm/drv_cmd_perm_info/item/permission,30,TYPE_CHAR,{gpd.ta.service_name}.csv +drv_perm/drv_mac_info/,31,TYPE_CLASS, +drv_perm/drv_mac_info/item/,32,TYPE_CLASS, +drv_perm/drv_mac_info/item/uuid,33,TYPE_CHAR, +drv_perm/drv_mac_info/item/permission,34,TYPE_CHAR,{gpd.ta.service_name}.csv +ConfigInfo/drv_perm/,0,TYPE_CLASS, +ConfigInfo/drv_perm/drvcall_perm_apply/,1,TYPE_CLASS, +ConfigInfo/drv_perm/drvcall_perm_apply/item/,2,TYPE_CLASS, +ConfigInfo/drv_perm/drvcall_perm_apply/item/name,3,TYPE_CHAR, +ConfigInfo/drv_perm/drvcall_perm_apply/item/permission,4,TYPE_CHAR,ConfigInfo/drv_perm/drvcall_perm_apply/item/name +ConfigInfo/drv_perm/drv_basic_info/,5,TYPE_CLASS, +ConfigInfo/drv_perm/drv_basic_info/thread_limit,6,TYPE_INT, +ConfigInfo/drv_perm/drv_basic_info/upgrade,7,TYPE_BOOL, +ConfigInfo/drv_perm/drv_basic_info/virt2phys,8,TYPE_BOOL, +ConfigInfo/drv_perm/drv_basic_info/exception_mode,9,TYPE_CHAR, +ConfigInfo/drv_perm/drv_io_map/,10,TYPE_CLASS, +ConfigInfo/drv_perm/drv_io_map/item/,11,TYPE_CLASS, +ConfigInfo/drv_perm/drv_io_map/item/chip_type,12,TYPE_CHAR, +ConfigInfo/drv_perm/drv_io_map/item/iomap,13,TYPE_CHAR, +ConfigInfo/drv_perm/irq/,14,TYPE_CLASS, +ConfigInfo/drv_perm/irq/item/,15,TYPE_CLASS, +ConfigInfo/drv_perm/irq/item/chip_type,16,TYPE_CHAR, +ConfigInfo/drv_perm/irq/item/irq,17,TYPE_CHAR, +ConfigInfo/drv_perm/map_secure/,18,TYPE_CLASS, +ConfigInfo/drv_perm/map_secure/item/,19,TYPE_CLASS, +ConfigInfo/drv_perm/map_secure/item/chip_type,20,TYPE_CHAR, +ConfigInfo/drv_perm/map_secure/item/uuid,21,TYPE_CHAR, +ConfigInfo/drv_perm/map_secure/item/region,22,TYPE_CHAR, +ConfigInfo/drv_perm/map_nosecure/,23,TYPE_CLASS, +ConfigInfo/drv_perm/map_nosecure/item/,24,TYPE_CLASS, +ConfigInfo/drv_perm/map_nosecure/item/chip_type,25,TYPE_CHAR, +ConfigInfo/drv_perm/map_nosecure/item/uuid,26,TYPE_CHAR, +ConfigInfo/drv_perm/drv_cmd_perm_info/,27,TYPE_CLASS, +ConfigInfo/drv_perm/drv_cmd_perm_info/item/,28,TYPE_CLASS, +ConfigInfo/drv_perm/drv_cmd_perm_info/item/cmd,29,TYPE_CHAR,{gpd.ta.service_name}.csv +ConfigInfo/drv_perm/drv_cmd_perm_info/item/permission,30,TYPE_CHAR,{gpd.ta.service_name}.csv +ConfigInfo/drv_perm/drv_mac_info/,31,TYPE_CLASS, +ConfigInfo/drv_perm/drv_mac_info/item/,32,TYPE_CLASS, +ConfigInfo/drv_perm/drv_mac_info/item/uuid,33,TYPE_CHAR, +ConfigInfo/drv_perm/drv_mac_info/item/permission,34,TYPE_CHAR,{gpd.ta.service_name}.csv +ConfigInfo/,0,TYPE_CLASS, +ConfigInfo/TA_Basic_Info/,1,TYPE_CLASS, +ConfigInfo/TA_Basic_Info/service_name/,2,TYPE_CLASS, +ConfigInfo/TA_Basic_Info/service_name/service_name,3,TYPE_CHAR, +ConfigInfo/TA_Basic_Info/uuid/,4,TYPE_CLASS, +ConfigInfo/TA_Basic_Info/uuid/uuid,5,TYPE_CHAR, +ConfigInfo/TA_Manifest_Info/,6,TYPE_CLASS, +ConfigInfo/TA_Manifest_Info/instance_keep_alive/,7,TYPE_CLASS, +ConfigInfo/TA_Manifest_Info/instance_keep_alive/instance_keep_alive,8,TYPE_BOOL, +ConfigInfo/TA_Manifest_Info/stack_size/,9,TYPE_CLASS, +ConfigInfo/TA_Manifest_Info/stack_size/stack_size,10,TYPE_INT, +ConfigInfo/TA_Manifest_Info/heap_size/,11,TYPE_CLASS, +ConfigInfo/TA_Manifest_Info/heap_size/heap_size,12,TYPE_INT, +ConfigInfo/TA_Manifest_Info/target_type/,13,TYPE_CLASS, +ConfigInfo/TA_Manifest_Info/target_type/target_type,14,TYPE_INT, +ConfigInfo/TA_Manifest_Info/multi_command/,15,TYPE_CLASS, +ConfigInfo/TA_Manifest_Info/multi_command/multi_command,16,TYPE_BOOL, +ConfigInfo/TA_Manifest_Info/multi_session/,17,TYPE_CLASS, +ConfigInfo/TA_Manifest_Info/multi_session/multi_session,18,TYPE_BOOL, +ConfigInfo/TA_Manifest_Info/single_instance/,19,TYPE_CLASS, +ConfigInfo/TA_Manifest_Info/single_instance/single_instance,20,TYPE_BOOL, +ConfigInfo/TA_Control_Info/,21,TYPE_CLASS, +ConfigInfo/TA_Control_Info/RPMB_Info/,22,TYPE_CLASS, +ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/,23,TYPE_CLASS, +ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/RPMB_size,24,TYPE_INT, +ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/,25,TYPE_CLASS, +ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/RPMB_general/,26,TYPE_CLASS, +ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/RPMB_general/RPMB_general,27,TYPE_BOOL, +ConfigInfo/TA_Control_Info/SE_Info/,28,TYPE_CLASS, +ConfigInfo/TA_Control_Info/SE_Info/SE_open_session/,29,TYPE_CLASS, +ConfigInfo/TA_Control_Info/SE_Info/SE_open_session/SE_open_session,30,TYPE_BOOL, +ConfigInfo/TA_Control_Info/TUI_Info/,31,TYPE_CLASS, +ConfigInfo/TA_Control_Info/TUI_Info/TUI_general/,32,TYPE_CLASS, +ConfigInfo/TA_Control_Info/TUI_Info/TUI_general/TUI_general,33,TYPE_BOOL, +ConfigInfo/TA_Control_Info/DEBUG_Info/,34,TYPE_CLASS, +ConfigInfo/TA_Control_Info/DEBUG_Info/debug_status/,35,TYPE_CLASS, +ConfigInfo/TA_Control_Info/DEBUG_Info/debug_status/debug_status,36,TYPE_BOOL, +ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_status/,35,TYPE_CLASS, +ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_status/DEBUG_status,36,TYPE_BOOL, +ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/,37,TYPE_CLASS, +ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/DEBUG_device_id,38,TYPE_CHAR, +ConfigInfo/TA_Manifest_Info/mem_page_align/,39,TYPE_CLASS, +ConfigInfo/TA_Manifest_Info/mem_page_align/mem_page_align,40,TYPE_BOOL, +ConfigInfo/TA_Manifest_Info/sys_verify_ta/,41,TYPE_CLASS, +ConfigInfo/TA_Manifest_Info/sys_verify_ta/sys_verify_ta,42,TYPE_BOOL, +ConfigInfo/TA_Control_Info/TA_Manager/,43,TYPE_CLASS, +ConfigInfo/TA_Control_Info/TA_Manager/TA_Manager,44,TYPE_CHAR, +ConfigInfo/TA_Control_Info/CERT_Info/,45,TYPE_CLASS, +ConfigInfo/TA_Control_Info/CERT_Info/CERT_Permission/,46,TYPE_CLASS, +ConfigInfo/TA_Control_Info/CERT_Info/CERT_Permission/CERT_Permission,47,TYPE_BOOL, diff --git a/build/signtools/xml_trans_manifest.py b/build/signtools/xml_trans_manifest.py new file mode 100644 index 0000000..f9eb36a --- /dev/null +++ b/build/signtools/xml_trans_manifest.py @@ -0,0 +1,109 @@ +#!/usr/bin/env python +# coding=utf-8 +#---------------------------------------------------------------------------- +# Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved. +# Licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan +# PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY +# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +# Description: tools for xml trans +#---------------------------------------------------------------------------- + +import os +import logging +from defusedxml import ElementTree as ET + + +type_trans = {"TYPE_NONE": "-1", + "TYPE_CLASS": "0", + "TYPE_BOOL": "1", + "TYPE_INT": "2", + "TYPE_CHAR": "3"} + +type_dict = {} +manifest_dict = {} + + +def get_csv_size(path): + + with open(path, "r", encoding="utf-8") as csvfile: + lines = csvfile.readlines() + return len(lines) + return 0 + + +def get_csv_data(path, lnum, rnum): + with open(path, "r", encoding="utf-8") as csvfile: + count = 0 + lines = csvfile.readlines() + for line in lines: + if count == lnum: + return str(line.split(",")[rnum]).strip() + count = count + 1 + return "" + + +def classify_tag(tag): + + while len(tag) < 3: + tag = "0%s" % (tag) + + return tag + + +# save tag type and manifest item dict +def handle_manifest_tag_dict(path): + for index in range(0, get_csv_size(path)): + dyn_sym = get_csv_data(path, index, 0) + type_dict[dyn_sym] = type_trans.get(get_csv_data(path, index, 2)) + manifest_dict[dyn_sym] = get_csv_data(path, index, 3) + + +def process_xml_to_manifest(config_xml_file_path, manifest_path): + tree = ET.parse(config_xml_file_path) + root = tree.getroot() + #Layer 1 node name + old_item = root.tag + attrs = "" + write_data = False + + #write items to manifest.txt + manifest_fd = os.open(manifest_path, os.O_CREAT | os.O_RDWR, 0o600) + manifest_fp = os.fdopen(manifest_fd, "wb") + + #Traversing the second layer of the xml file + for child in root: + child_item = "{}/{}".format(old_item, child.tag) + #Traversing the third layer of the xml file + for children in child: + children_item = "{}/{}".format(child_item, children.tag) + dyn_type = type_dict.get(children_item + attrs) + manifest_item_name = manifest_dict.get(children_item + attrs) + if dyn_type == type_trans.get("TYPE_CHAR"): + value = "{}: {}\n".format(manifest_item_name, children.text) + manifest_fp.write(value.encode()) + write_data = True + + #close manifest.txt file + manifest_fp.close() + if write_data is False: + os.remove(manifest_path) + + +def trans_xml_to_manifest(config_xml_file_path, manifest_path): + if not os.path.exists(config_xml_file_path): + logging.error("config xml file doesn't exist") + return + if not os.path.exists("./manifest_tag_parse_dict.csv"): + logging.error("config manifest_tag_parse_dict.csv file doesn't exist") + return + if os.path.exists(manifest_path): + return + + handle_manifest_tag_dict("./manifest_tag_parse_dict.csv") + process_xml_to_manifest(config_xml_file_path, manifest_path) diff --git a/build/tools/srv_entry_check.sh b/build/tools/srv_entry_check.sh new file mode 100644 index 0000000..870076c --- /dev/null +++ b/build/tools/srv_entry_check.sh @@ -0,0 +1,13 @@ +#!/bin/bash +# Copyright Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. +set -e + +echo "------------- check SRV tee_task_entry begin --------------" +task_entry=$($1 -s $2 | grep -w tee_task_entry) || true +if [[ "$task_entry" != "" ]]; then + exit 0 +else + echo "----- SRV should define tee_task_entry symbol ---" + exit 1 +fi +echo "------------- check SRV tee_task_entry succ --------------" diff --git a/build/tools/ta_entry_check.sh b/build/tools/ta_entry_check.sh new file mode 100644 index 0000000..eab72a3 --- /dev/null +++ b/build/tools/ta_entry_check.sh @@ -0,0 +1,52 @@ +#!/bin/bash +# Copyright Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. +# iTrustee licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan +# PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY +# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. +set -e + +#params: $1-readelf cmd; $2-libcombine.so; $3-USE_ENTRY_BINARY; $4-DYN_LINK; $5-TARGET_IS_ARM64 + +# if USE_ENTRY_BINARY is y, means link elf_main_entry.o +# no need to check +if [ "$3" == "y" ]; then + echo "------ no need to check task_entry ----" + exit 0 +fi + +# for ta not link elf_main_entry.o +# should not define tee_task_entry symbol +echo "------------- check TA tee_task_entry begin --------------" +task_entry=$($1 -s $2 | grep -w tee_task_entry) || true +if [[ "$task_entry" != "" ]]; then + echo "----- ERROR TA should not define tee_task_entry symbol ---" + echo " $task_entry" + exit 1 +fi +echo "------------- check TA tee_task_entry succ --------------" + +# if TARGET_IS_ARM64 is y, means is aarch64 TA +# for aarch64 ta no need to compile ta_magic.c +if [ "$5" == "y" ]; then + echo "------- aarch64 TA no need check magic ----" + exit 0 +fi + +# if DYN_LINK is y, means is DYN TA +# for 32bit dyn ta should compile ta_magic.c +# since it not link elf_main_entry.o +task_magic=$($1 -S $2 | grep -w ".magic") || true +if [ "$4" == "y" ]; then + echo "------- check TA magic begin ------" + if [[ "$task_magic" == "" ]]; then + echo "------ ERROR DYN TA should compile ta_magic.c -----" + exit 1 + fi; + echo "------- check TA magic succ ------" +fi diff --git a/build/tools/ta_link_64.gcc_xom.ld b/build/tools/ta_link_64.gcc_xom.ld new file mode 100644 index 0000000..3023ed9 --- /dev/null +++ b/build/tools/ta_link_64.gcc_xom.ld @@ -0,0 +1,226 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: Define the link rule of dyn service 64 bits for xom + */ + +OUTPUT_FORMAT("elf64-littleaarch64", "elf64-bigaarch64", + "elf64-littleaarch64") +OUTPUT_ARCH(aarch64) +ENTRY(_start) +PHDRS +{ + phdr PT_PHDR PHDRS FLAGS (4); + rodata PT_LOAD FILEHDR PHDRS FLAGS (4); + xtext PT_LOAD FLAGS (1); + data PT_LOAD FLAGS (6); + dynamic PT_DYNAMIC FLAGS (6); + stack PT_GNU_STACK FLAGS (6); + relro 0x6474e552 FLAGS (4); +} +SEARCH_DIR("=/home/tcwg-buildslave/workspace/tcwg-make-release/builder_arch/amd64/label/tcwg-x86_64-build/target/aarch64-linux-gnu/_build/builds/destdir/x86_64-unknown-linux-gnu/aarch64-linux-gnu/lib64"); SEARCH_DIR("=/usr/local/lib64"); SEARCH_DIR("=/lib64"); SEARCH_DIR("=/usr/lib64"); SEARCH_DIR("=/home/tcwg-buildslave/workspace/tcwg-make-release/builder_arch/amd64/label/tcwg-x86_64-build/target/aarch64-linux-gnu/_build/builds/destdir/x86_64-unknown-linux-gnu/aarch64-linux-gnu/lib"); SEARCH_DIR("=/usr/local/lib"); SEARCH_DIR("=/lib"); SEARCH_DIR("=/usr/lib"); +SECTIONS +{ + /* Read-only sections, merged into text segment: */ + . = SEGMENT_START("text-segment", 0) + SIZEOF_HEADERS; + /* This should be the first section after program headers */ + .magic : { *(.magic) } : rodata + .note.gnu.build-id : { *(.note.gnu.build-id) } + .hash : { *(.hash) } + .gnu.hash : { *(.gnu.hash) } + .dynsym : { *(.dynsym) } + .dynstr : { *(.dynstr) } + .gnu.version : { *(.gnu.version) } + .gnu.version_d : { *(.gnu.version_d) } + .gnu.version_r : { *(.gnu.version_r) } + .rela.dyn : + { + *(.rela.init) + *(.rela.text .rela.text.* .rela.gnu.linkonce.t.*) + *(.rela.fini) + *(.rela.rodata .rela.rodata.* .rela.gnu.linkonce.r.*) + *(.rela.data .rela.data.* .rela.gnu.linkonce.d.*) + *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*) + *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*) + *(.rela.ctors) + *(.rela.dtors) + *(.rela.got) + *(.rela.bss .rela.bss.* .rela.gnu.linkonce.b.*) + *(.rela.ifunc) + } + .rela.plt : + { + *(.rela.plt) + *(.rela.iplt) + } + .rodata : { *(.rodata .rodata.* .gnu.linkonce.r.*) } + .rodata1 : { *(.rodata1) } + .eh_frame_hdr : { *(.eh_frame_hdr) *(.eh_frame_entry .eh_frame_entry.*) } + .eh_frame : ONLY_IF_RO { KEEP (*(.eh_frame)) *(.eh_frame.*) } + .gcc_except_table : ONLY_IF_RO { *(.gcc_except_table + .gcc_except_table.*) } + .gnu_extab : ONLY_IF_RO { *(.gnu_extab*) } + /* These sections are generated by the Sun/Oracle C++ compiler. */ + .exception_ranges : ONLY_IF_RO { *(.exception_ranges + .exception_ranges*) } + /* Make sure the address of text segment is aligned in 4k for xom */ + .init : + { + KEEP (*(SORT_NONE(.init))) + }:text + .fini : + { + KEEP (*(SORT_NONE(.fini))) + } + . = ALIGN(0x1000); + .plt : { *(.plt) } :xtext + .iplt : { *(.iplt) } + .xtext : + { + *(.text.unlikely .text.*_unlikely .text.unlikely.*) + *(.text.exit .text.exit.*) + *(.text.startup .text.startup.*) + *(.text.hot .text.hot.*) + *(.text .stub .text.* .gnu.linkonce.t.*) + /* .gnu.warning sections are handled specially by elf32.em. */ + *(.gnu.warning) + }:xtext + PROVIDE (__etext = .); + PROVIDE (_etext = .); + PROVIDE (etext = .); + /* Adjust the address for the data segment. We want to adjust up to + the same address within the page on the next page up. */ + . = DATA_SEGMENT_ALIGN (CONSTANT (MAXPAGESIZE), CONSTANT (COMMONPAGESIZE)); + /* Exception handling */ + /* Thread Local Storage sections */ + .tdata : { *(.tdata .tdata.* .gnu.linkonce.td.*) }:data + .tbss : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) } + .preinit_array : + { + KEEP (*(.preinit_array)) + } + .init_array : + { + PROVIDE_HIDDEN (__init_array_start = .); + KEEP (*(SORT_BY_INIT_PRIORITY(.init_array.*) SORT_BY_INIT_PRIORITY(.ctors.*))) + KEEP (*(.init_array EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .ctors)) + PROVIDE_HIDDEN (__init_array_end = .); + } + .fini_array : + { + PROVIDE_HIDDEN (__fini_array_start = .); + KEEP (*(SORT_BY_INIT_PRIORITY(.fini_array.*) SORT_BY_INIT_PRIORITY(.dtors.*))) + KEEP (*(.fini_array EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .dtors)) + PROVIDE_HIDDEN (__fini_array_end = .); + } + .ctors : + { + /* gcc uses crtbegin.o to find the start of + the constructors, so we make sure it is + first. Because this is a wildcard, it + doesn't matter if the user does not + actually link against crtbegin.o; the + linker won't look for a file to match a + wildcard. The wildcard also means that it + doesn't matter which directory crtbegin.o + is in. */ + KEEP (*crtbegin.o(.ctors)) + KEEP (*crtbegin?.o(.ctors)) + /* We don't want to include the .ctor section from + the crtend.o file until after the sorted ctors. + The .ctor section from the crtend file contains the + end of ctors marker and it must be last */ + KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .ctors)) + KEEP (*(SORT(.ctors.*))) + KEEP (*(.ctors)) + } + .dtors : + { + KEEP (*crtbegin.o(.dtors)) + KEEP (*crtbegin?.o(.dtors)) + KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .dtors)) + KEEP (*(SORT(.dtors.*))) + KEEP (*(.dtors)) + } + .jcr : { KEEP (*(.jcr)) } + .data.rel.ro : { *(.data.rel.ro.local* .gnu.linkonce.d.rel.ro.local.*) *(.data.rel.ro .data.rel.ro.* .gnu.linkonce.d.rel.ro.*) } : data : relro + .dynamic : { *(.dynamic) } : data : dynamic : relro + .got : { *(.got.plt) *(.igot.plt) *(.got) *(.igot) } : data : relro + . = DATA_SEGMENT_RELRO_END (0, .); + .data : + { + PROVIDE (__data_start = .); + *(.data .data.* .gnu.linkonce.d.*) + SORT(CONSTRUCTORS) + }:data + .data1 : { *(.data1) } + _edata = .; PROVIDE (edata = .); + . = .; + __bss_start = .; + __bss_start__ = .; + TA_BSS_START = .; + .bss : + { + *(.dynbss) + *(.bss .bss.* .gnu.linkonce.b.*) + *(COMMON) + . = ALIGN(. != 0 ? 64 / 8 : 1); + } + TA_BSS_END = .; + _bss_end__ = . ; __bss_end__ = . ; + . = ALIGN(64 / 8); + . = SEGMENT_START("ldata-segment", .); + . = ALIGN(64 / 8); + __end__ = . ; + _end = .; PROVIDE (end = .); + . = DATA_SEGMENT_END (.); + /* Stabs debugging sections. */ + .stab 0 : { *(.stab) } + .stabstr 0 : { *(.stabstr) } + .stab.excl 0 : { *(.stab.excl) } + .stab.exclstr 0 : { *(.stab.exclstr) } + .stab.index 0 : { *(.stab.index) } + .stab.indexstr 0 : { *(.stab.indexstr) } + .comment 0 : { *(.comment) } + /* DWARF debug sections. + Symbols in the DWARF debugging sections are relative to the beginning + of the section so we begin them at 0. */ + /* DWARF 1 */ + .debug 0 : { *(.debug) } + .line 0 : { *(.line) } + /* GNU DWARF 1 extensions */ + .debug_srcinfo 0 : { *(.debug_srcinfo) } + .debug_sfnames 0 : { *(.debug_sfnames) } + /* DWARF 1.1 and DWARF 2 */ + .debug_aranges 0 : { *(.debug_aranges) } + .debug_pubnames 0 : { *(.debug_pubnames) } + /* DWARF 2 */ + .debug_info 0 : { *(.debug_info .gnu.linkonce.wi.*) } + .debug_abbrev 0 : { *(.debug_abbrev) } + .debug_line 0 : { *(.debug_line .debug_line.* .debug_line_end ) } + .debug_frame 0 : { *(.debug_frame) } + .debug_str 0 : { *(.debug_str) } + .debug_loc 0 : { *(.debug_loc) } + .debug_macinfo 0 : { *(.debug_macinfo) } + /* SGI/MIPS DWARF 2 extensions */ + .debug_weaknames 0 : { *(.debug_weaknames) } + .debug_funcnames 0 : { *(.debug_funcnames) } + .debug_typenames 0 : { *(.debug_typenames) } + .debug_varnames 0 : { *(.debug_varnames) } + /* DWARF 3 */ + .debug_pubtypes 0 : { *(.debug_pubtypes) } + .debug_ranges 0 : { *(.debug_ranges) } + /* DWARF Extension. */ + .debug_macro 0 : { *(.debug_macro) } + .debug_addr 0 : { *(.debug_addr) } + .ARM.attributes 0 : { KEEP (*(.ARM.attributes)) KEEP (*(.gnu.attributes)) } + .note.gnu.arm.ident 0 : { KEEP (*(.note.gnu.arm.ident)) } + /DISCARD/ : { *(.note.GNU-stack) *(.gnu_debuglink) *(.gnu.lto_*) } +} diff --git a/build/tools/ta_link_64.ld b/build/tools/ta_link_64.ld index 61388e0..a3eb30a 100644 --- a/build/tools/ta_link_64.ld +++ b/build/tools/ta_link_64.ld @@ -8,6 +8,7 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: Describe the link file for 64bits TA */ OUTPUT_FORMAT("elf64-littleaarch64", "elf64-bigaarch64", @@ -19,6 +20,7 @@ SECTIONS { /* Read-only sections, merged into text segment: */ . = SEGMENT_START("text-segment", 0) + SIZEOF_HEADERS; + _start = .; /* This should be the first section after program headers */ .magic : { *(.magic) } .note.gnu.build-id : { *(.note.gnu.build-id) } @@ -49,7 +51,14 @@ SECTIONS *(.rela.plt) *(.rela.iplt) } - .rodata : { *(.rodata .rodata.* .gnu.linkonce.r.*) } + .rodata : + { + *(.rodata .rodata.* .gnu.linkonce.r.*) + . = ALIGN(16); + PROVIDE (__start___llvm_prf_names = .); + *(__llvm_prf_names) + PROVIDE (__stop___llvm_prf_names = .); + } .rodata1 : { *(.rodata1) } .eh_frame_hdr : { *(.eh_frame_hdr) *(.eh_frame_entry .eh_frame_entry.*) } .eh_frame : ONLY_IF_RO { KEEP (*(.eh_frame)) *(.eh_frame.*) } @@ -150,6 +159,15 @@ SECTIONS { PROVIDE (__data_start = .); *(.data .data.* .gnu.linkonce.d.*) + PROVIDE (__start___llvm_prf_cnts = .); + *(__llvm_prf_cnts) + PROVIDE (__stop___llvm_prf_cnts = .); + PROVIDE (__start___llvm_prf_data = .); + *(__llvm_prf_data) + PROVIDE (__stop___llvm_prf_data = .); + PROVIDE (__start___llvm_prf_vnds = .); + *(__llvm_prf_vnds); + PROVIDE (__stop___llvm_prf_vnds = .); SORT(CONSTRUCTORS) } .data1 : { *(.data1) } diff --git a/build/tools/ta_link_64.smee.ld b/build/tools/ta_link_64.smee.ld new file mode 100644 index 0000000..db72a53 --- /dev/null +++ b/build/tools/ta_link_64.smee.ld @@ -0,0 +1,262 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved. + * iTrustee licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: Describe the link file for 64bits TA + */ + +OUTPUT_FORMAT("elf64-littleaarch64", "elf64-bigaarch64", + "elf64-littleaarch64") +OUTPUT_ARCH(aarch64) +ENTRY(_start) +SEARCH_DIR("=/home/tcwg-buildslave/workspace/tcwg-make-release/builder_arch/amd64/label/tcwg-x86_64-build/target/aarch64-linux-gnu/_build/builds/destdir/x86_64-unknown-linux-gnu/aarch64-linux-gnu/lib64"); SEARCH_DIR("=/usr/local/lib64"); SEARCH_DIR("=/lib64"); SEARCH_DIR("=/usr/lib64"); SEARCH_DIR("=/home/tcwg-buildslave/workspace/tcwg-make-release/builder_arch/amd64/label/tcwg-x86_64-build/target/aarch64-linux-gnu/_build/builds/destdir/x86_64-unknown-linux-gnu/aarch64-linux-gnu/lib"); SEARCH_DIR("=/usr/local/lib"); SEARCH_DIR("=/lib"); SEARCH_DIR("=/usr/lib"); + +PHDRS +{ + phdr PT_PHDR PHDRS FLAGS (4); + text PT_LOAD FILEHDR PHDRS FLAGS (5); + xtext PT_LOAD FLAGS (1); + smee 0x65656d73 AT(smee_start) FLAGS (6); + data PT_LOAD FLAGS (6); + dynamic PT_DYNAMIC FLAGS (6); + relro 0x6474e552 FLAGS (4); + stack PT_GNU_STACK FLAGS (6); +} + +SECTIONS +{ + /* Read-only sections, merged into text segment: */ + . = SEGMENT_START("text-segment", 0) + SIZEOF_HEADERS; + _start = .; + /* This should be the first section after program headers */ + .magic : { *(.magic) } : text + .note.gnu.build-id : { *(.note.gnu.build-id) } + .hash : { *(.hash) } + .gnu.hash : { *(.gnu.hash) } + .dynsym : { *(.dynsym) } + .dynstr : { *(.dynstr) } + .gnu.version : { *(.gnu.version) } + .gnu.version_d : { *(.gnu.version_d) } + .gnu.version_r : { *(.gnu.version_r) } + .rela.dyn : + { + *(.rela.init) + *(.rela.text .rela.text.* .rela.gnu.linkonce.t.*) + *(.rela.fini) + *(.rela.rodata .rela.rodata.* .rela.gnu.linkonce.r.*) + *(.rela.data .rela.data.* .rela.gnu.linkonce.d.*) + *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*) + *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*) + *(.rela.ctors) + *(.rela.dtors) + *(.rela.got) + *(.rela.bss .rela.bss.* .rela.gnu.linkonce.b.*) + *(.rela.ifunc) + } + .rela.plt : + { + *(.rela.plt) + *(.rela.iplt) + } + .rodata : + { + *(.rodata .rodata.* .gnu.linkonce.r.*) + . = ALIGN(16); + PROVIDE (__start___llvm_prf_names = .); + *(__llvm_prf_names) + PROVIDE (__stop___llvm_prf_names = .); + } + .rodata1 : { *(.rodata1) } + .eh_frame_hdr : { *(.eh_frame_hdr) *(.eh_frame_entry .eh_frame_entry.*) } + .eh_frame : ONLY_IF_RO { KEEP (*(.eh_frame)) *(.eh_frame.*) } + .gcc_except_table : ONLY_IF_RO { *(.gcc_except_table + .gcc_except_table.*) } + .gnu_extab : ONLY_IF_RO { *(.gnu_extab*) } + /* These sections are generated by the Sun/Oracle C++ compiler. */ + .exception_ranges : ONLY_IF_RO { *(.exception_ranges + .exception_ranges*) } + /* Make sure the address of text segment is aligned in 4k for xom */ + . = ALIGN(0x1000); + .init : + { + KEEP (*(SORT_NONE(.init))) + } : xtext =0 + .plt : ALIGN(16) { *(.plt) *(.iplt) } + .text : + { + *(.text.unlikely .text.*_unlikely .text.unlikely.*) + *(.text.exit .text.exit.*) + *(.text.startup .text.startup.*) + *(.text.hot .text.hot.*) + *(.text .stub .text.* .gnu.linkonce.t.*) + /* .gnu.warning sections are handled specially by elf32.em. */ + *(.gnu.warning) + } =0 + .fini : + { + KEEP (*(SORT_NONE(.fini))) + } =0 + PROVIDE (__etext = .); + PROVIDE (_etext = .); + PROVIDE (etext = .); + + . = ALIGN(0x1000); + PROVIDE_HIDDEN (smee_start = .); + .smee : ALIGN(0x1000) + { + *(sram_protection_section) + *(smee* .smee* .*smee) + } : smee + + /* Adjust the address for the data segment. We want to adjust up to + the same address within the page on the next page up. */ + . = DATA_SEGMENT_ALIGN (CONSTANT (MAXPAGESIZE), CONSTANT (COMMONPAGESIZE)); + /* Exception handling */ + .eh_frame : ONLY_IF_RW { KEEP (*(.eh_frame)) *(.eh_frame.*) } + .gnu_extab : ONLY_IF_RW { *(.gnu_extab) } + .gcc_except_table : ONLY_IF_RW { *(.gcc_except_table .gcc_except_table.*) } + .exception_ranges : ONLY_IF_RW { *(.exception_ranges .exception_ranges*) } + /* Thread Local Storage sections */ + .tdata : { *(.tdata .tdata.* .gnu.linkonce.td.*) } + .tbss : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) } + .preinit_array : + { + KEEP (*(.preinit_array)) + } + .init_array : + { + PROVIDE_HIDDEN (__init_array_start = .); + KEEP (*(SORT_BY_INIT_PRIORITY(.init_array.*) SORT_BY_INIT_PRIORITY(.ctors.*))) + KEEP (*(.init_array EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .ctors)) + PROVIDE_HIDDEN (__init_array_end = .); + } + .fini_array : + { + PROVIDE_HIDDEN (__fini_array_start = .); + KEEP (*(SORT_BY_INIT_PRIORITY(.fini_array.*) SORT_BY_INIT_PRIORITY(.dtors.*))) + KEEP (*(.fini_array EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .dtors)) + PROVIDE_HIDDEN (__fini_array_end = .); + } + .ctors : + { + /* gcc uses crtbegin.o to find the start of + the constructors, so we make sure it is + first. Because this is a wildcard, it + doesn't matter if the user does not + actually link against crtbegin.o; the + linker won't look for a file to match a + wildcard. The wildcard also means that it + doesn't matter which directory crtbegin.o + is in. */ + KEEP (*crtbegin.o(.ctors)) + KEEP (*crtbegin?.o(.ctors)) + /* We don't want to include the .ctor section from + the crtend.o file until after the sorted ctors. + The .ctor section from the crtend file contains the + end of ctors marker and it must be last */ + KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .ctors)) + KEEP (*(SORT(.ctors.*))) + KEEP (*(.ctors)) + } + .dtors : + { + KEEP (*crtbegin.o(.dtors)) + KEEP (*crtbegin?.o(.dtors)) + KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .dtors)) + KEEP (*(SORT(.dtors.*))) + KEEP (*(.dtors)) + } + .jcr : { KEEP (*(.jcr)) } + .data.rel.ro : + { + *(.data.rel.ro.local* .gnu.linkonce.d.rel.ro.local.*) + *(.data.rel.ro .data.rel.ro.* .gnu.linkonce.d.rel.ro.*) + } : data : relro + .dynamic : { *(.dynamic) } : data : dynamic : relro + .got : { *(.got.plt) *(.igot.plt) *(.got) *(.igot) } : data : relro + . = DATA_SEGMENT_RELRO_END (0, .); + .data : + { + PROVIDE (__data_start = .); + *(.data .data.* .gnu.linkonce.d.*) + PROVIDE (__start___llvm_prf_cnts = .); + *(__llvm_prf_cnts) + PROVIDE (__stop___llvm_prf_cnts = .); + PROVIDE (__start___llvm_prf_data = .); + *(__llvm_prf_data) + PROVIDE (__stop___llvm_prf_data = .); + PROVIDE (__start___llvm_prf_vnds = .); + *(__llvm_prf_vnds); + PROVIDE (__stop___llvm_prf_vnds = .); + SORT(CONSTRUCTORS) + } : data + .data1 : { *(.data1) } + _edata = .; PROVIDE (edata = .); + . = .; + __bss_start = .; + __bss_start__ = .; + TA_BSS_START = .; + .bss : + { + *(.dynbss) + *(.bss .bss.* .gnu.linkonce.b.*) + *(COMMON) + . = ALIGN(. != 0 ? 64 / 8 : 1); + } : data + TA_BSS_END = .; + _bss_end__ = . ; __bss_end__ = . ; + . = ALIGN(64 / 8); + . = SEGMENT_START("ldata-segment", .); + . = ALIGN(64 / 8); + __end__ = . ; + _end = .; PROVIDE (end = .); + . = DATA_SEGMENT_END (.); + /* Stabs debugging sections. */ + .stab 0 : { *(.stab) } + .stabstr 0 : { *(.stabstr) } + .stab.excl 0 : { *(.stab.excl) } + .stab.exclstr 0 : { *(.stab.exclstr) } + .stab.index 0 : { *(.stab.index) } + .stab.indexstr 0 : { *(.stab.indexstr) } + .comment 0 : { *(.comment) } + /* DWARF debug sections. + Symbols in the DWARF debugging sections are relative to the beginning + of the section so we begin them at 0. */ + /* DWARF 1 */ + .debug 0 : { *(.debug) } + .line 0 : { *(.line) } + /* GNU DWARF 1 extensions */ + .debug_srcinfo 0 : { *(.debug_srcinfo) } + .debug_sfnames 0 : { *(.debug_sfnames) } + /* DWARF 1.1 and DWARF 2 */ + .debug_aranges 0 : { *(.debug_aranges) } + .debug_pubnames 0 : { *(.debug_pubnames) } + /* DWARF 2 */ + .debug_info 0 : { *(.debug_info .gnu.linkonce.wi.*) } + .debug_abbrev 0 : { *(.debug_abbrev) } + .debug_line 0 : { *(.debug_line .debug_line.* .debug_line_end ) } + .debug_frame 0 : { *(.debug_frame) } + .debug_str 0 : { *(.debug_str) } + .debug_loc 0 : { *(.debug_loc) } + .debug_macinfo 0 : { *(.debug_macinfo) } + /* SGI/MIPS DWARF 2 extensions */ + .debug_weaknames 0 : { *(.debug_weaknames) } + .debug_funcnames 0 : { *(.debug_funcnames) } + .debug_typenames 0 : { *(.debug_typenames) } + .debug_varnames 0 : { *(.debug_varnames) } + /* DWARF 3 */ + .debug_pubtypes 0 : { *(.debug_pubtypes) } + .debug_ranges 0 : { *(.debug_ranges) } + /* DWARF Extension. */ + .debug_macro 0 : { *(.debug_macro) } + .debug_addr 0 : { *(.debug_addr) } + .ARM.attributes 0 : { KEEP (*(.ARM.attributes)) KEEP (*(.gnu.attributes)) } + .note.gnu.arm.ident 0 : { KEEP (*(.note.gnu.arm.ident)) } + /DISCARD/ : { *(.note.GNU-stack) *(.gnu_debuglink) *(.gnu.lto_*) } +} diff --git a/include/CA/tee_client_api.h b/include/CA/tee_client_api.h index c139d4d..f9ce68e 100644 --- a/include/CA/tee_client_api.h +++ b/include/CA/tee_client_api.h @@ -1,6 +1,6 @@ /* - * Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Copyright (c) Huawei Technologies Co., Ltd. 2013-2023. All rights reserved. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,6 +8,7 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: TEE client API definitions */ #ifndef _TEE_CLIENT_API_H_ @@ -24,7 +25,7 @@ #include #include "tee_client_type.h" -#include +#include "tee_client_log.h" #ifdef __cplusplus extern "C" { @@ -44,7 +45,7 @@ extern "C" { * initializes a new TEE Context, forming a connection between this Client Application and the TEE * * @param name [IN] TEE name (unused) - * @param context [IN/OUT] pointer to TEEC_Context to be initialized + * @param context [OUT] pointer to TEEC_Context to be initialized * * @return TEEC_SUCCESS operation success * @return TEEC_ERROR_BAD_PARAMETERS invalid parameter @@ -74,11 +75,11 @@ void TEEC_FinalizeContext( * @param connectionData [IN] any necessary data required to support the connection method * @param operation [IN/OUT] a pointer to an Operation containing a set of Parameters to exchange with the * Trusted Application - * @param returnOrigin [IN/OUT] a pointer to a variable which will contain the return origin, This field may be NULL + * @param returnOrigin [OUT] a pointer to a variable which will contain the return origin, This field may be NULL * if the return origin is not needed * * @return TEEC_SUCCESS operation success - * @return TEEC_ERROR_BAD_PARAMETERS invalid parametercontext or session or destination is NULL + * @return TEEC_ERROR_BAD_PARAMETERS invalid parameter, context or session or destination is NULL * @return TEEC_ERROR_ACCESS_DENIED client Application's connection request is denied * @return TEEC_ERROR_OUT_OF_MEMORY system resource is out of use * @return TEEC_ERROR_TRUSTED_APP_LOAD_ERROR load Trusted Application failed @@ -109,10 +110,10 @@ void TEEC_CloseSession( * @param session [IN/OUT] the open Session in which the command will be invoked * @param commandID [IN] the identifier of the Command within the Trusted Application to invoke * @param operation [IN/OUT] a pointer to a Client Application initialized TEEC_Operation structure - * @param returnOrigin [IN/OUT] a pointer to a variable which will contain the return origin + * @param returnOrigin [OUT] a pointer to a variable which will contain the return origin * * @return TEEC_SUCCESS operation success - * @return TEEC_ERROR_BAD_PARAMETERS invalid parametersession is NULL or operation data invalid + * @return TEEC_ERROR_BAD_PARAMETERS invalid parameter, session is NULL or operation data invalid * @return TEEC_ERROR_ACCESS_DENIED invoke command operation is denied * @return TEEC_ERROR_OUT_OF_MEMORY system resource is out of use * @return others refer TEEC_ReturnCode @@ -155,8 +156,8 @@ TEEC_Result TEEC_AllocateSharedMemory( /* * deregisters or deallocates a previously initialized block of Shared Memory - * if memory is allocated by TEEC_AllocateSharedMemory, system will free this memory - * if memory is registered by TEEC_RegisterSharedMemory, system will not free this memory + * if memory is allocated by TEEC_AllocateSharedMemory, system will free this memory + * if memory is registered by TEEC_RegisterSharedMemory, system will not free this memory * * @param sharedMem [IN/OUT] a pointer to a valid Shared Memory structure * diff --git a/include/CA/tee_client_constants.h b/include/CA/tee_client_constants.h index 3b86dcb..896222d 100644 --- a/include/CA/tee_client_constants.h +++ b/include/CA/tee_client_constants.h @@ -1,6 +1,6 @@ /* - * Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Copyright (c) Huawei Technologies Co., Ltd. 2013-2023. All rights reserved. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,38 +8,39 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: static definitions of client API */ #ifndef _TEE_CLIENT_CONSTANTS_H_ #define _TEE_CLIENT_CONSTANTS_H_ enum TEEC_ReturnCode { - TEEC_SUCCESS = 0x0, /* success */ - TEEC_ERROR_INVALID_CMD, /* invalid command */ - TEEC_ERROR_SERVICE_NOT_EXIST, /* target service is not exist */ - TEEC_ERROR_SESSION_NOT_EXIST, /* session between client and service is not exist */ - TEEC_ERROR_SESSION_MAXIMUM, /* exceed max num of sessions */ - TEEC_ERROR_REGISTER_EXIST_SERVICE, /* cannot register the service which already exist */ - TEEC_ERROR_TAGET_DEAD_FATAL, /* system error occurs in TEE */ - TEEC_ERROR_READ_DATA, /* failed to read data in file */ - TEEC_ERROR_WRITE_DATA, /* failed to write data to file */ - TEEC_ERROR_TRUNCATE_OBJECT, /* data is truncated */ - TEEC_ERROR_SEEK_DATA, /* failed to seek data in file */ - TEEC_ERROR_FSYNC_DATA, /* failed to sync data in file */ - TEEC_ERROR_RENAME_OBJECT, /* failed to rename file */ - TEEC_ERROR_TRUSTED_APP_LOAD_ERROR, /* failed to load Trusted Application */ - TEEC_ERROR_GENERIC = 0xFFFF0000, /* generic error occurs */ - TEEC_ERROR_ACCESS_DENIED = 0xFFFF0001, /* permission check failed, in initilize context or - open session or invoke commnad */ - TEEC_ERROR_CANCEL = 0xFFFF0002, /* operation is already canceled */ + TEEC_SUCCESS = 0x0, /* success */ + TEEC_ERROR_INVALID_CMD, /* invalid command */ + TEEC_ERROR_SERVICE_NOT_EXIST, /* target service is not exist */ + TEEC_ERROR_SESSION_NOT_EXIST, /* session between client and service is not exist */ + TEEC_ERROR_SESSION_MAXIMUM, /* exceed max num of sessions */ + TEEC_ERROR_REGISTER_EXIST_SERVICE, /* cannot register the service which already exist */ + TEEC_ERROR_TAGET_DEAD_FATAL, /* system error occurs in TEE */ + TEEC_ERROR_READ_DATA, /* failed to read data in file */ + TEEC_ERROR_WRITE_DATA, /* failed to write data to file */ + TEEC_ERROR_TRUNCATE_OBJECT, /* data is truncated */ + TEEC_ERROR_SEEK_DATA, /* failed to seek data in file */ + TEEC_ERROR_FSYNC_DATA, /* failed to sync data in file */ + TEEC_ERROR_RENAME_OBJECT, /* failed to rename file */ + TEEC_ERROR_TRUSTED_APP_LOAD_ERROR, /* failed to load Trusted Application */ + TEEC_ERROR_GENERIC = 0xFFFF0000, /* generic error occurs */ + TEEC_ERROR_ACCESS_DENIED = 0xFFFF0001, /* permission check failed, in initilize context or + open session or invoke commnad */ + TEEC_ERROR_CANCEL = 0xFFFF0002, /* operation is already canceled */ TEEC_ERROR_ACCESS_CONFLICT = 0xFFFF0003, /* confilct occurs in concurrent access to data, error occurs in file operaions generally */ - TEEC_ERROR_EXCESS_DATA = 0xFFFF0004, /* exceed max data to be handled by system */ - TEEC_ERROR_BAD_FORMAT = 0xFFFF0005, /* data format is invalid, Trusted Application cannot - handle it */ - TEEC_ERROR_BAD_PARAMETERS = 0xFFFF0006, /* invalid parameters */ - TEEC_ERROR_BAD_STATE = 0xFFFF0007, /* operation failed in current state, when try to access - storage without initilize storage service */ + TEEC_ERROR_EXCESS_DATA = 0xFFFF0004, /* exceed max data to be handled by system */ + TEEC_ERROR_BAD_FORMAT = 0xFFFF0005, /* data format is invalid, Trusted Application cannot + handle it */ + TEEC_ERROR_BAD_PARAMETERS = 0xFFFF0006, /* invalid parameters */ + TEEC_ERROR_BAD_STATE = 0xFFFF0007, /* operation failed in current state, when try to access + storage without initilize storage service */ TEEC_ERROR_ITEM_NOT_FOUND = 0xFFFF0008, /* cannot find target item */ TEEC_ERROR_NOT_IMPLEMENTED = 0xFFFF0009, /* request operation is not implemented */ TEEC_ERROR_NOT_SUPPORTED = 0xFFFF000A, /* request operation is not supported */ @@ -52,7 +53,14 @@ enum TEEC_ReturnCode { TEEC_ERROR_SHORT_BUFFER = 0xFFFF0010, /* out buffer is not enough for current request */ TEEC_ERROR_MAC_INVALID = 0xFFFF3071, /* MAC value check failed */ TEEC_ERROR_TARGET_DEAD = 0xFFFF3024, /* Trusted Application is crashed */ - TEEC_FAIL = 0xFFFF5002 /* reserved error code */ + TEEC_FAIL = 0xFFFF5002, /* common error */ + TEEC_ERROR_EXTERNAL_CANCEL = 0xFFFF0011, /* used by adapt only, event caused User Interface operation aborted */ + TEEC_ERROR_OVERFLOW = 0xFFFF300F, /* used by adapt only */ + TEEC_ERROR_STORAGE_NO_SPACE = 0xFFFF3041, /* used by adapt only */ + TEEC_ERROR_SIGNATURE_INVALID = 0xFFFF3072, /* used by adapt only */ + TEEC_ERROR_TIME_NOT_SET = 0xFFFF5000, /* used by adapt only */ + TEEC_ERROR_TIME_NEEDS_RESET = 0xFFFF5001, /* used by adapt only */ + TEEC_ERROR_IPC_OVERFLOW = 0xFFFF9114 /* ipc overflow */ }; enum TEEC_ReturnCodeOrigin { @@ -66,7 +74,7 @@ enum TEEC_SharedMemCtl { TEEC_MEM_INPUT = 0x1, /* input type of memroy */ TEEC_MEM_OUTPUT = 0x2, /* output type of memory */ TEEC_MEM_INOUT = 0x3, /* memory is used as both input and output */ - TEEC_MEM_SHARED_INOUT = 0x4, /* no copy shared memory */ + TEEC_MEM_SHARED_INOUT = 0x4, /* no copy shared memory */ }; enum TEEC_ParamType { @@ -80,7 +88,7 @@ enum TEEC_ParamType { refer TEEC_TempMemoryReference */ TEEC_ION_INPUT = 0x08, /* input type of icon memory reference, refer TEEC_IonReference */ TEEC_ION_SGLIST_INPUT = 0x09, /* input type of ion memory block reference, refer TEEC_IonSglistReference */ - TEEC_MEMREF_SHARED_INOUT = 0xa, /* no copy mem */ + TEEC_MEMREF_SHARED_INOUT = 0x0a, /* no copy mem */ TEEC_MEMREF_WHOLE = 0xc, /* use whole memory block, refer TEEC_RegisteredMemoryReference */ TEEC_MEMREF_PARTIAL_INPUT = 0xd, /* input type of memory reference, refer TEEC_RegisteredMemoryReference */ TEEC_MEMREF_PARTIAL_OUTPUT = 0xe, /* output type of memory reference, refer TEEC_RegisteredMemoryReference */ @@ -105,7 +113,7 @@ enum TEEC_LoginMethod { TEEC_LOGIN_GROUP_APPLICATION = 0x6, /* Login data about the group running the Client Application and about the Client Application itself is provided */ - TEEC_LOGIN_IDENTIFY = 0x7, /* iTrustee defined login type, Login data is provided by REE system */ + TEEC_LOGIN_IDENTIFY = 0x7, /* Login data is provided by REE system */ }; enum TST_CMD_ID { TST_CMD_ID_01 = 1, diff --git a/include/CA/tee_client_list.h b/include/CA/tee_client_list.h index 4aa6a53..9f3bb1e 100644 --- a/include/CA/tee_client_list.h +++ b/include/CA/tee_client_list.h @@ -1,6 +1,6 @@ /* - * Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Copyright (c) Huawei Technologies Co., Ltd. 2013-2023. All rights reserved. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,6 +8,7 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: linked list data types and basic operations */ #ifndef TEE_CLIENT_LIST_H @@ -19,12 +20,12 @@ struct ListNode { }; #define OFFSET_OF(type, member) (unsigned long)(&(((type *)0)->member)) -#define CONTAINER_OF(pos, type, member) (type *)(((char *)(pos)) - OFFSET_OF(type, member)) +#define CONTAINER_OF(pos, type, member) (type *)(uintptr_t)(((char *)(pos)) - OFFSET_OF(type, member)) #define LIST_DECLARE(name) \ struct ListNode name = { \ - .next = &name, \ - .prev = &name, \ + .next = &(name), \ + .prev = &(name), \ } static inline void ListInit(struct ListNode *list) @@ -80,25 +81,21 @@ static inline struct ListNode *ListRemoveTail(struct ListNode *list) } #define LIST_ENTRY(ptr, type, member) \ - ((type *)((char *)(ptr)-(unsigned long)(&((type *)0)->member))) + ((type *)(((char *)(ptr)) - (unsigned long)(&(((type *)0)->member)))) #define LIST_FOR_EACH(pos, list) \ - for (pos = (list)->next; pos != (list); pos = pos->next) + for ((pos) = (list)->next; (pos) != (list); (pos) = (pos)->next) #define LIST_FOR_EACH_SAFE(pos, n, list) \ - for ((pos) = (list)->next, (n) = (pos)->next; \ - (pos) != (list); \ - (pos) = (n), (n) = (pos)->next) - -#define LIST_FOR_EACH_ENTRY(pos, list, member) \ - for (pos = LIST_ENTRY((list)->next, typeof(*pos), member); \ - &pos->member != (list); \ - pos = LIST_ENTRY(pos->member.next, typeof(*pos), member)) - -#define LIST_FOR_EACH_ENTRY_SAFE(pos, n, list, member) \ - for (pos = LIST_ENTRY((list)->next, typeof(*pos), member), \ - n = LIST_ENTRY(pos->member.next, typeof(*pos), member); \ - &pos->member != (list); \ - pos = n, n = LIST_ENTRY(n->member.next, typeof(*n), member)) + for ((pos) = (list)->next, (n) = (pos)->next; (pos) != (list); (pos) = (n), (n) = (pos)->next) + +#define LIST_FOR_EACH_ENTRY(pos, list, member) \ + for ((pos) = LIST_ENTRY((list)->next, typeof(*(pos)), member); &(pos)->member != (list); \ + (pos) = LIST_ENTRY((pos)->member.next, typeof(*(pos)), member)) + +#define LIST_FOR_EACH_ENTRY_SAFE(pos, n, list, member) \ + for ((pos) = LIST_ENTRY((list)->next, typeof(*(pos)), member), \ + (n) = LIST_ENTRY((pos)->member.next, typeof(*(pos)), member); \ + &(pos)->member != (list); (pos) = (n), (n) = LIST_ENTRY((n)->member.next, typeof(*(n)), member)) #endif diff --git a/include/CA/tee_client_log.h b/include/CA/tee_client_log.h index e3b7fae..1024015 100644 --- a/include/CA/tee_client_log.h +++ b/include/CA/tee_client_log.h @@ -1,6 +1,6 @@ /* * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,19 +8,20 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: TEE client log api */ #ifndef TEE_CLIENT_LOG_H #define TEE_CLIENT_LOG_H -#include +#include #ifdef TEEC_DEBUG -#define TEEC_Debug(...) syslog(LOG_USER | LOG_INFO, __VA_ARGS__); +#define TEEC_Debug(fmt, args...) printf("%s: " fmt, __func__, ## args) #else #define TEEC_Debug(...) #endif -#define TEEC_Error(...) syslog(LOG_USER | LOG_INFO, __VA_ARGS__); +#define TEEC_Error(fmt, args...) printf("%s: " fmt, __func__, ## args) #endif diff --git a/include/CA/tee_client_type.h b/include/CA/tee_client_type.h index c5b97e3..ed70482 100644 --- a/include/CA/tee_client_type.h +++ b/include/CA/tee_client_type.h @@ -1,6 +1,6 @@ /* * Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,47 +8,20 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: data type and structure definition according to GP */ #ifndef _TEE_CLIENT_TYPE_H_ #define _TEE_CLIENT_TYPE_H_ +#include +#include #include #include #include #include "tee_client_list.h" #include "tee_client_constants.h" -typedef unsigned int uint32_t; - -typedef signed int int32_t; - -typedef unsigned short uint16_t; - -typedef signed short int16_t; - -typedef unsigned char uint8_t; - -typedef signed char int8_t; - -#ifndef __cplusplus -#ifndef bool -#define bool uint8_t -#endif -#endif - -#ifndef true -#define true 1 -#endif - -#ifndef false -#define false 0 -#endif - -#ifndef NULL -#define NULL 0 -#endif - typedef enum TEEC_ReturnCode TEEC_Result; typedef struct { @@ -63,17 +36,23 @@ typedef struct { uint8_t *ta_path; struct ListNode session_list; struct ListNode shrd_mem_list; - struct { - void *buffer; - sem_t buffer_barrier; - } share_buffer; + union { + struct { + void *buffer; + sem_t buffer_barrier; + } share_buffer; + uint64_t imp; /* for adapt */ + }; } TEEC_Context; typedef struct { uint32_t session_id; TEEC_UUID service_id; uint32_t ops_cnt; - struct ListNode head; + union { + struct ListNode head; + uint64_t imp; /* for adapt */ + }; TEEC_Context *context; } TEEC_Session; @@ -83,7 +62,10 @@ typedef struct { uint32_t flags; /* reference to TEEC_SharedMemCtl */ uint32_t ops_cnt; bool is_allocated; /* identify whether the memory is registered or allocated */ - struct ListNode head; + union { + struct ListNode head; + void* imp; /* for adapt, imp is not used by system CA, only for vendor CA */ + }; TEEC_Context *context; } TEEC_SharedMemory; diff --git a/include/TA/huawei_ext/crypto_cert_wrapper.h b/include/TA/huawei_ext/crypto_cert_wrapper.h new file mode 100644 index 0000000..85e5a15 --- /dev/null +++ b/include/TA/huawei_ext/crypto_cert_wrapper.h @@ -0,0 +1,87 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: soft aes engine + */ +#ifndef __CRYPTO_CERT_WRAPPER_H__ +#define __CRYPTO_CERT_WRAPPER_H__ + +#include +#include +#include "crypto_x509_wrapper.h" + +/* + * Create attestation certificate with input params. + * + * @param cert [OUT] The certificate buffer + * @param cert_len [IN] The length of certificate buffer + * @param valid [IN] The valid date buffer + * @param issuer_tlv [IN] The issuer buffer + * @param issuer_tlv_len [IN] The length of issuer buffer + * @param subject_public_key [IN] The subject public key buffer + * @param subject_public_key_len [IN] The length of subject public key buffer + * @param attestation_ext [IN] The attestation extrol info buffer + * @param attestation_ext_len [IN] The length of attestation extrol info buffer + * @param priv_sign [IN] The private key buffer + * @param key_usage_sign_bit [IN] The usage sign flag + * @param key_usage_encrypt_bit [IN] The usage encrypt flag + * @param keytype [IN] The keytype of private key + * @param hash [IN] The hash func of digest + * + * @return -1: Create attestation certificate failed + * @return others: The real size of certificate + */ +int32_t create_attestation_cert(uint8_t *cert, uint32_t cert_len, const validity_period_t *valid, + const uint8_t *issuer_tlv, uint32_t issuer_tlv_len, + const uint8_t *subject_public_key, uint32_t subject_public_key_len, + const uint8_t *attestation_ext, uint32_t attestation_ext_len, void *priv_sign, + uint32_t key_usage_sign_bit, uint32_t key_usage_encrypt_bit, uint32_t key_type, + uint32_t hash); + +/* + * Get element number from certificate. + * + * @param elem [OUT] The element with elem_id + * @param elem_id [IN] The index of element + * @param cert [IN] The certificate buffer + * @param cert_len [IN] The length of certificate buffer + * + * @return -1: Get element failed + * @return others: The length of element + */ +int32_t get_tbs_element(uint8_t **elem, uint32_t elem_id, const uint8_t *cert, uint32_t cert_len); + +/* + * verify Cert in tee + * + * @param cert [IN] data for salt + * @param cert_len [IN] salt length + * @param parent_key [IN] size of generated key, fix-size 32 bytes + * @param parent_key_len [IN] pointer where key is saved + * + * @return TEE_SUCCESS OK + * @return TEE_ERROR_BAD_PARAMETERS illegal parameters + * @return TEE_ERROR_GENERIC internal error + */ +TEE_Result tee_verify_dev_cert(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len); + +/* + * create cert request in TEE + * + * @param buf [OUT] cert request output buffer + * @param len [OUT] output buffer size + * @param key_type [IN] key_type RSA 0; ECC 1 + * @param file_name [IN] pointer where key is saved + * + * @return TEE_SUCCESS operation success + * @return TEE_ERROR_BAD_PARAMETERS illegal parameters + */ +TEE_Result tee_create_cert_req(uint8_t *buf, size_t len, uint32_t key_type, uint8_t *file_name); +#endif diff --git a/include/TA/huawei_ext/crypto_device_key_wrapper.h b/include/TA/huawei_ext/crypto_device_key_wrapper.h new file mode 100644 index 0000000..2c8ba9e --- /dev/null +++ b/include/TA/huawei_ext/crypto_device_key_wrapper.h @@ -0,0 +1,31 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: soft device key engine + */ +#ifndef __CRYPTO_DEVICE_KEY_WRAPPER_H__ +#define __CRYPTO_DEVICE_KEY_WRAPPER_H__ + +#include +#include + +/* + * Get oem huk. + * + * @param huk [OUT] The oem huk buffer + * @param key [IN] The hmac key buffer + * @param key_size [IN] The length of hmac key buffer + * + * @return 0: Get oem huk success + * @return -1: Get oem huk failed + */ +int32_t get_class_oem_huk(uint8_t *huk, const uint8_t *key, uint32_t key_size); + +#endif diff --git a/include/TA/huawei_ext/crypto_ec_wrapper.h b/include/TA/huawei_ext/crypto_ec_wrapper.h new file mode 100644 index 0000000..934fc40 --- /dev/null +++ b/include/TA/huawei_ext/crypto_ec_wrapper.h @@ -0,0 +1,149 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: soft ec engine + */ +#ifndef __CRYPTO_EC_WRAPPER_H__ +#define __CRYPTO_EC_WRAPPER_H__ + +#include +#include + +#define ECC_PRIV_LEN 66 +#define ECC_PUB_LEN 66 + +struct ec_pub_info { + uint8_t *x; + uint32_t x_len; + uint8_t *y; + uint32_t y_len; +}; + +struct ec_priv_info { + uint32_t nid; + uint8_t *r; + uint32_t r_len; +}; + +typedef struct { + uint32_t domain; + uint8_t x[ECC_PUB_LEN]; + uint32_t x_len; + uint8_t y[ECC_PUB_LEN]; + uint32_t y_len; +} ecc_pub_key_t; + +typedef struct { + uint32_t domain; + uint8_t r[ECC_PRIV_LEN]; + uint32_t r_len; +} ecc_priv_key_t; + +/* + * Derive ecc public key from private key. + * + * @param priv_info [IN] The ecc_priv_key_t structure + * @param pub_info [OUT] The ecc_pub_key_t structure + * + * @return 0: Derive ecc public key success + * @return -1: Derive ecc public key failed + */ +int32_t ecc_derive_public_key(ecc_priv_key_t *priv_info, ecc_pub_key_t *pub_info); + +/* + * Derive ecc private key from huk. + * + * @param priv [OUT] The ecc_priv_key_t structure + * @param secret [IN] The huk buffer + * @param sec_len [IN] The length of huk buffer + * + * @return 0: Derive ecc private key success + * @return -1: Derive ecc private key failed + */ +int32_t derive_ecc_private_key_from_huk(ecc_priv_key_t *priv, const uint8_t *secret, uint32_t sec_len); + +/* + * Convert the ecc_pub_key_t structure passed in by the user into ecc public key buffer. + * + * @param out [OUT] The ecc public key buffer + * @param outlen [IN/OUT] The length of ecc public key buffer + * @param pub [IN] The ecc public key structure + * + * @return -1: Export ecc public key failed + * @return others: The real size of out buffer + */ +int32_t ecc_export_pub(uint8_t *out, uint32_t out_size, ecc_pub_key_t *pub); + +/* + * Convert the ecc public key passed in by the user into the ecc_pub_key_t structure. + * + * @param pub [OUT] The ecc public key structure + * @param in [IN] The ecc public key buffer + * @param inlen [IN] The length of ecc public key buffer + * + * @return 1: Import ecc public key success + * @return -1: Import ecc public key failed + */ +int32_t ecc_import_pub(ecc_pub_key_t *pub, const uint8_t *in, uint32_t inlen); + +/* + * Convert the ecc private key passed in by the user into the ecc_priv_key_t structure. + * + * @param priv [OUT] The ecc private key structure + * @param in [IN] The ecc private key buffer + * @param inlen [IN] The length of ecc private key buffer + * + * @return -1: Import ecc private key failed + * @return others: The width of ecc private key + */ +int32_t ecc_import_priv(ecc_priv_key_t *priv, const uint8_t *in, uint32_t inlen); + +/* + * Read next TLV (Type-Length-Value) from ASN1 buffer. + * + * @param type [OUT] Type of TLV + * @param header_len [OUT] Length of TLV + * @param buf [IN] Input TLV + * @param buf_len [IN] Length of buf in bytes + * + * @return -1: Get next TLV failed + * @return others: Length of next TLV + */ +int32_t get_next_tlv(uint32_t *type, uint32_t *header_len, const uint8_t *buf, uint32_t buf_len); + +/* + * Use ECC algorithm to sign user data. + * + * @param signature [OUT] The signature of input data + * @param sig_siz [IN/OUT] The length of signature + * @param in [IN] The data to be sign + * @param in_len [IN] The length of input data + * @param priv [IN] The ecc private key structure + * + * @return -1: Sign input buffer use ecc failed + * @return others: The length of signature + */ +int32_t ecc_sign_digest(uint8_t *signature, uint32_t sig_size, uint8_t *in, uint32_t in_len, ecc_priv_key_t *priv); + +/* + * Verify the data with ECC algorithm. + * + * @param signature [IN] The signature of input data + * @param sig_len [IN] The length of signature + * @param in [IN] The input data + * @param in_len [IN] The length of input data + * @param pub [IN] The ecc public key structure + * + * @return 1: Verify digest success + * @return -1: Verify digest failed + */ +int32_t ecc_verify_digest(const uint8_t *signature, uint32_t sig_len, uint8_t *in, uint32_t in_len, ecc_pub_key_t *pub); + +#endif diff --git a/include/TA/huawei_ext/crypto_ec_x509_wrapper.h b/include/TA/huawei_ext/crypto_ec_x509_wrapper.h new file mode 100644 index 0000000..73e2832 --- /dev/null +++ b/include/TA/huawei_ext/crypto_ec_x509_wrapper.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: soft ec x509 engine + */ +#ifndef __CRYPTO_EC_X509_WRAPPER_H__ +#define __CRYPTO_EC_X509_WRAPPER_H__ + +#include +#include +#include "crypto_x509_wrapper.h" + +/* + * Recover the root certificate. + * + * @param cert [OUT] The certificate buffer + * @param cert_len [IN/OUT] The length of certificate buffer + * @param priv [IN] The private key structure + * @param keytype [IN] The keytype of private key + * + * @return -1: Recover root certificate failed + * @return others: Recover root certificate success + */ +int32_t recover_root_cert(uint8_t *cert, uint32_t cert_len, const void *priv, uint32_t keytype); + +/* + * Sign the pkcs10 certificate. + * + * @param cert [OUT] The certificate buffer + * @param cert_len [IN] The length of certificate buffer + * @param csr [IN] The certificate signing request buffer + * @param csr_len [IN] The length of certificate signing request buffer + * @param valid [IN] The valid date buffer + * @param serial_number [IN] The serial number buffer + * @param serial_length [IN] The length of serial number buffer + * @param priv [IN] The private key structure + * @param keytype [IN] The keytype of private key + * + * @return -1: Sign the pkcs10 certificate failed + * @return others: The real size of certificate + */ +int32_t sign_pkcs10(uint8_t *cert, uint32_t cert_len, + const uint8_t *csr, uint32_t csr_len, const validity_period_t *valid, + const uint8_t *serial_number, uint32_t serial_length, const void *priv, uint32_t keytype); + +#endif diff --git a/include/TA/huawei_ext/crypto_inner_wrapper.h b/include/TA/huawei_ext/crypto_inner_wrapper.h new file mode 100644 index 0000000..01a171f --- /dev/null +++ b/include/TA/huawei_ext/crypto_inner_wrapper.h @@ -0,0 +1,71 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: soft inner engine + */ +#ifndef __CRYPTO_INNER_WRAPPER_H__ +#define __CRYPTO_INNER_WRAPPER_H__ + +#include +#include + +/* + * Get common name from certificate. + * + * @param name [OUT] The common name buffer + * @param name_size [IN/OUT] The length of common name buffer + * @param cert [IN] The certificate buffer + * @param cert_len [IN] The length of certificate buffer + * + * @return -1: Get common name failed + * @return others: Get common name success + */ +int32_t get_subject_CN(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len); + +/* + * Get organization name from certificate. + * + * @param name [OUT] The organization name buffer + * @param name_size [IN/OUT] The length of organization name buffer + * @param cert [IN] The certificate buffer + * @param cert_len [IN] The length of certificate buffer + * + * @return -1: Get organization name failed + * @return others: Get organization name success + */ +int32_t get_subject_OU(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len); + +/* + * verify Cert in tee + * + * @param cert [IN] data for salt + * @param cert_len [IN] salt length + * @param parent_key [IN] size of generated key, fix-size 32 bytes + * @param parent_key_len [IN] pointer where key is saved + * + * @return TEE_SUCCESS OK + * @return TEE_ERROR_BAD_PARAMETERS illegal parameters + * @return TEE_ERROR_GENERIC internal error + */ +TEE_Result TEE_EXT_verify_dev_cert(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len); + +/* + * create cert request in TEE + * + * @param buf [OUT] cert request output buffer + * @param len [OUT] output buffer size + * @param key_type [IN] key_type RSA 0; ECC 1 + * @param file_name [IN] pointer where key is saved + * + * @return TEE_SUCCESS operation success + * @return TEE_ERROR_BAD_PARAMETERS illegal parameters + */ +TEE_Result TEE_EXT_create_cert_req(uint8_t *buf, size_t len, uint32_t key_type, uint8_t *file_name); +#endif diff --git a/include/TA/huawei_ext/crypto_rsa_wrapper.h b/include/TA/huawei_ext/crypto_rsa_wrapper.h new file mode 100644 index 0000000..abae90c --- /dev/null +++ b/include/TA/huawei_ext/crypto_rsa_wrapper.h @@ -0,0 +1,154 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: soft rsa engine + */ +#ifndef __CRYPTO_RSA_WRAPPER_H__ +#define __CRYPTO_RSA_WRAPPER_H__ + +#include +#include + +#define RSA_PUB_LEN 1024 +#define RSA_PRIV_LEN 512 + +typedef struct { + uint8_t e[RSA_PUB_LEN]; + uint32_t e_len; + uint8_t n[RSA_PUB_LEN]; + uint32_t n_len; +} rsa_pub_key_t; + +typedef struct { + uint8_t e[RSA_PUB_LEN]; + uint32_t e_len; + uint8_t n[RSA_PUB_LEN]; + uint32_t n_len; + uint8_t d[RSA_PUB_LEN]; + uint32_t d_len; + uint8_t p[RSA_PRIV_LEN]; + uint32_t p_len; + uint8_t q[RSA_PRIV_LEN]; + uint32_t q_len; + uint8_t dp[RSA_PRIV_LEN]; + uint32_t dp_len; + uint8_t dq[RSA_PRIV_LEN]; + uint32_t dq_len; + uint8_t qinv[RSA_PRIV_LEN]; + uint32_t qinv_len; +} rsa_priv_key_t; + +/* + * Generate rsa key pair. + * @param priv [OUT] The rsa private key structure + * @param pub [OUT] The rsa public key structure + * @param e [IN] The exponent of rsa key + * @param key_size [IN] The size of rsa key + * + * @return 0: Generate rsa keypair success + * @return -1: Generate rsa keypair failed + */ +int32_t rsa_generate_keypair(rsa_priv_key_t *priv, rsa_pub_key_t *pub, uint32_t e, uint32_t key_size); + +/* + * Do rsa encryption. + * + * @param dest_data [OUT] The dest data buffer + * @param dest_len [IN/OUT] The length of dest data + * @param src_data [IN] The src data buffer + * @param src_len [IN] The length of src data + * @param pub [IN] The rsa public key structure + * @param padding [IN] The padding type of encryption + * @param hash_nid [IN] The hash_nid of encryption + * + * @return 0: Do rsa encryption success + * @return -1: Do rsa encryption failed + */ +int32_t rsa_encrypt(uint8_t *dest_data, uint32_t *dest_len, uint8_t *src_data, uint32_t src_len, rsa_pub_key_t *pub, + int32_t padding, int32_t hash_nid); + +/* + * Do rsa decryption. + * + * @param dest_data [OUT] The dest data buffer + * @param dest_len [IN/OUT] The length of dest data + * @param src_data [IN] The src data buffer + * @param src_len [IN] The length of src data + * @param priv [IN] THE rsa private key structure + * @param padding [IN] The padding type of encryption + * @param hash_nid [IN] The hash_nid of encryption + * + * @return 0: Do rsa decryption success + * @return -1: Do rsa decryption failed + */ +int32_t rsa_decrypt(uint8_t *dest_data, uint32_t *dest_len, uint8_t *src_data, uint32_t src_len, rsa_priv_key_t *priv, + uint32_t padding, int32_t hash_nid); + +/* + * Do rsa Sign digest. + * + * @param signature [OUT] The signature of input data + * @param sig_size [IN/OUT] The length of signature + * @param in [IN] The input data + * @param in_len [IN] The length of input data + * @param priv [IN] The rsa private key structure + * @param salt_len [IN] The length of salt + * @param hash_nid [IN] The hash_nid of encryption + * @param padding [IN] The padding type of encryption + * + * @return 0: Do rsa sign digest success + * @return -1: Do rsa Sign digest failed + */ +int32_t rsa_sign_digest(uint8_t *signature, uint32_t *sig_size, uint8_t *in, uint32_t in_len, rsa_priv_key_t *priv, + uint32_t salt_len, int32_t hash_nid, int32_t padding); + +/* + * Do rsa Verify digest. + * + * @param signature [IN] The signature of input data + * @param sig_size [IN] The length of signature + * @param in [IN] The input data + * @param in_len [IN] The length of input data + * @param pub [IN] The rsa public key structure + * @param salt_len [IN] The length of salt + * @param hash_nid [IN] The hash_nid of encryption + * @param padding [IN] The padding type of encryption + * + * @return 0: Do rsa verify success + * @return -1: Do rsa verify failed + */ +int32_t rsa_verify_digest(uint8_t *signature, uint32_t sig_size, uint8_t *in, uint32_t in_len, const rsa_pub_key_t *pub, + uint32_t salt_len, int32_t hash_nid, int32_t padding); + +/* + * Convert the rsa private key passed in by the user into the rsa_priv_key_t structure. + * + * @param priv [OUT] The rsa private key structure + * @param in [IN] The rsa private key buffer + * @param inlen [IN] The length of rsa private key buffer + * + * @return -1: Import rsa private key failed + * @return 0: Import rsa private key success + */ +int32_t rsa_import_priv(rsa_priv_key_t *priv, const uint8_t *in, uint32_t in_len); + +/* + * Convert the rsa_pub_key_t structure passed in by the user into rsa public key buffer. + * + * @param out [OUT] The rsa public key buffer + * @param outlen [IN] The length of rsa public key buffer + * @param pub [IN] The rsa public key structure + * + * @return -1: Export rsa public key failed + * @return others: The real size of out buffer + */ +int32_t rsa_export_pub_sp(uint8_t *out, uint32_t out_size, rsa_pub_key_t *pub); + +#endif diff --git a/include/TA/huawei_ext/crypto_wrapper.h b/include/TA/huawei_ext/crypto_wrapper.h index e05e90b..aba36c2 100755 --- a/include/TA/huawei_ext/crypto_wrapper.h +++ b/include/TA/huawei_ext/crypto_wrapper.h @@ -1,6 +1,6 @@ /* * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,63 +8,65 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: soft engine in boringssl */ #ifndef __CRYPTO_WRAPPER_H__ #define __CRYPTO_WRAPPER_H__ -#include +#include #include -#include - -#define SHA256_LEN 32 -#define OEM_KEY_LEN 16 - +#include "crypto_cert_wrapper.h" +#include "crypto_device_key_wrapper.h" +#include "crypto_ec_wrapper.h" +#include "crypto_ec_x509_wrapper.h" +#include "crypto_rsa_wrapper.h" +#include "crypto_x509_wrapper.h" +#include "crypto_inner_wrapper.h" + +#define SHA256_LEN 32 +#define OEM_KEY_LEN 16 #define ECC_P256_PRIV_LEN 64 #define ECC_P256_PUB_LEN 32 -#define RSA_PUB_LEN 1024 -#define RSA_PRIV_LEN 512 #define ATTEST_TBS_MAXSIZE 512 #define ATTESTATION_KEY_USAGE_OFFSET 16 #define EC_FIX_BUFFER_LEN 66 #define SHA256_HASH_LEN 32 -#define ECC_PRIV_LEN 66 -#define ECC_PUB_LEN 66 /* macro in tomcrypto start */ /* ECC domain id */ -#define NIST_P192 0 -#define NIST_P224 1 -#define NIST_P256 2 -#define NIST_P384 3 -#define NIST_P521 4 - -#define SHA1_HASH 1 -#define SHA224_HASH 2 -#define SHA256_HASH 3 -#define SHA384_HASH 4 -#define SHA512_HASH 5 +#define NIST_P192 0 +#define NIST_P224 1 +#define NIST_P256 2 +#define NIST_P384 3 +#define NIST_P521 4 + +#define SHA1_HASH 1 +#define SHA224_HASH 2 +#define SHA256_HASH 3 +#define SHA384_HASH 4 +#define SHA512_HASH 5 /* Algorithm id */ -#define RSA_ALG 0 -#define ECC_ALG 1 +#define RSA_ALG 0 +#define ECC_ALG 1 /* macro in tomcrypto end */ -#define DIR_ENC 0 -#define DIR_DEC 1 - -#define CRYPTO_NUMBER_TWO 2 -#define CRYPTO_NUMBER_THREE 3 -#define CRYPTO_NUMBER_FOUR 4 -#define CRYPTO_NUMBER_FIVE 5 -#define CRYPTO_NUMBER_SIX 6 -#define CRYPTO_NUMBER_SEVEN 7 -#define CRYPTO_NUMBER_EIGHT 8 -#define VALIDITY_TIME_SIZE 13 -#define SECRET_KEY_MAX_LEN 64 -#define CER_PUBLIC_KEY_MAX_LEN 300 -#define VALIDITY_FIX_LEN 32 -#define KEY_USAGE_FIX_LEN 41 -#define ITEM_THREE_ADD_LEN 12 -#define ITEM_THREE_MOVE_LEN 27 -#define ITEM_TWO_ADD_LEN 23 +#define DIR_ENC 0 +#define DIR_DEC 1 + +#define CRYPTO_NUMBER_TWO 2 +#define CRYPTO_NUMBER_THREE 3 +#define CRYPTO_NUMBER_FOUR 4 +#define CRYPTO_NUMBER_FIVE 5 +#define CRYPTO_NUMBER_SIX 6 +#define CRYPTO_NUMBER_SEVEN 7 +#define CRYPTO_NUMBER_EIGHT 8 +#define VALIDITY_TIME_SIZE 13 +#define SECRET_KEY_MAX_LEN 64 +#define CER_PUBLIC_KEY_MAX_LEN 300 +#define VALIDITY_FIX_LEN 32 +#define KEY_USAGE_FIX_LEN 41 +#define ITEM_THREE_ADD_LEN 12 +#define ITEM_THREE_MOVE_LEN 27 +#define ITEM_TWO_ADD_LEN 23 /* table struct for match convert */ typedef struct { @@ -72,52 +74,6 @@ typedef struct { uint32_t dest; } crypto_u2u; -#define VALIDITY_TIME_SIZE 13 -typedef struct { - uint8_t start[VALIDITY_TIME_SIZE]; - uint8_t end[VALIDITY_TIME_SIZE]; -} validity_period_t; - -typedef struct { - uint32_t domain; - uint8_t x[ECC_PUB_LEN]; - uint32_t x_len; - uint8_t y[ECC_PUB_LEN]; - uint32_t y_len; -} ecc_pub_key_t; - -typedef struct { - uint32_t domain; - uint8_t r[ECC_PRIV_LEN]; - uint32_t r_len; -} ecc_priv_key_t; - -typedef struct { - uint8_t e[RSA_PUB_LEN]; - uint32_t e_len; - uint8_t n[RSA_PUB_LEN]; - uint32_t n_len; -} rsa_pub_key_t; - -typedef struct { - uint8_t e[RSA_PUB_LEN]; - uint32_t e_len; - uint8_t n[RSA_PUB_LEN]; - uint32_t n_len; - uint8_t d[RSA_PUB_LEN]; - uint32_t d_len; - uint8_t p[RSA_PRIV_LEN]; - uint32_t p_len; - uint8_t q[RSA_PRIV_LEN]; - uint32_t q_len; - uint8_t dp[RSA_PRIV_LEN]; - uint32_t dp_len; - uint8_t dq[RSA_PRIV_LEN]; - uint32_t dq_len; - uint8_t qinv[RSA_PRIV_LEN]; - uint32_t qinv_len; -} rsa_priv_key_t; - typedef struct { unsigned char *ou; unsigned char *o; @@ -125,455 +81,4 @@ typedef struct { unsigned char *cn; } dn_name_t; -struct ec_pub_info { - uint8_t *x; - uint32_t x_len; - uint8_t *y; - uint32_t y_len; -}; - -struct ec_priv_info { - uint32_t nid; - uint8_t *r; - uint32_t r_len; -}; - -/* - * Convert the ecc public key passed in by the user into the ecc_pub_key_t structure. - * - * @param pub [OUT] The ecc public key structure - * @param in [IN] The ecc public key buffer - * @param inlen [IN] The length of ecc public key buffer - * - * @return 1: Import ecc public key success - * @return -1: Import ecc public key failed - */ -int32_t ecc_import_pub(ecc_pub_key_t *pub, const uint8_t *in, uint32_t inlen); - -/* - * Convert the ecc_pub_key_t structure passed in by the user into ecc public key buffer. - * - * @param out [OUT] The ecc public key buffer - * @param outlen [IN/OUT] The length of ecc public key buffer - * @param pub [IN] The ecc public key structure - * - * @return -1: Export ecc public key failed - * @return others: The real size of out buffer - */ -int32_t ecc_export_pub(uint8_t *out, uint32_t out_size, ecc_pub_key_t *pub); - -/* - * Read next TLV (Type-Length-Value) from ASN1 buffer. - * - * @param type [OUT] Type of TLV - * @param header_len [OUT] Length of TLV - * @param buf [IN] Input TLV - * @param buf_len [IN] Length of buf in bytes - * - * @return -1: Get next TLV failed - * @return others: Length of next TLV - */ -int32_t get_next_tlv(uint32_t *type, uint32_t *header_len, const uint8_t *buf, uint32_t buf_len); - -/* - * Convert the ecc private key passed in by the user into the ecc_priv_key_t structure. - * - * @param priv [OUT] The ecc private key structure - * @param in [IN] The ecc private key buffer - * @param inlen [IN] The length of ecc private key buffer - * - * @return -1: Import ecc private key failed - * @return others: The width of ecc private key - */ -int32_t ecc_import_priv(ecc_priv_key_t *priv, const uint8_t *in, uint32_t inlen); - -/* - * Use ECC algorithm to sign user data. - * - * @param signature [OUT] The signature of input data - * @param sig_siz [IN/OUT] The length of signature - * @param in [IN] The data to be sign - * @param in_len [IN] The length of input data - * @param priv [IN] The ecc private key structure - * - * @return -1: Sign input buffer use ecc failed - * @return others: The length of signature - */ -int32_t ecc_sign_digest(uint8_t *signature, uint32_t sig_size, uint8_t *in, uint32_t in_len, ecc_priv_key_t *priv); - -/* - * Verify the data with ECC algorithm. - * - * @param signature [IN] The signature of input data - * @param sig_len [IN] The length of signature - * @param in [IN] The input data - * @param in_len [IN] The length of input data - * @param pub [IN] The ecc public key structure - * - * @return 1: Verify digest success - * @return -1: Verify digest failed - */ -int32_t ecc_verify_digest(const uint8_t *signature, uint32_t sig_len, uint8_t *in, uint32_t in_len, ecc_pub_key_t *pub); - -/* - * Generate rsa key pair. - * @param priv [OUT] The rsa private key structure - * @param pub [OUT] The rsa public key structure - * @param e [IN] The exponent of rsa key - * @param key_size [IN] The size of rsa key - * - * @return 0: Generate rsa keypair success - * @return -1: Generate rsa keypair failed - */ -int32_t rsa_generate_keypair(rsa_priv_key_t *priv, rsa_pub_key_t *pub, uint32_t e, uint32_t key_size); - -/* - * Do rsa encryption. - * - * @param dest_data [OUT] The dest data buffer - * @param dest_len [IN/OUT] The length of dest data - * @param src_data [IN] The src data buffer - * @param src_len [IN] The length of src data - * @param pub [IN] The rsa public key structure - * @param padding [IN] The padding type of encryption - * @param hash_nid [IN] The hash_nid of encryption - * - * @return 0: Do rsa encryption success - * @return -1: Do rsa encryption failed - */ -int32_t rsa_encrypt(uint8_t *dest_data, uint32_t *dest_len, uint8_t *src_data, uint32_t src_len, rsa_pub_key_t *pub, - int32_t padding, int32_t hash_nid); - -/* - * Do rsa decryption. - * - * @param dest_data [OUT] The dest data buffer - * @param dest_len [IN/OUT] The length of dest data - * @param src_data [IN] The src data buffer - * @param src_len [IN] The length of src data - * @param priv [IN] THE rsa private key structure - * @param padding [IN] The padding type of encryption - * @param hash_nid [IN] The hash_nid of encryption - * - * @return 0: Do rsa decryption success - * @return -1: Do rsa decryption failed - */ -int32_t rsa_decrypt(uint8_t *dest_data, uint32_t *dest_len, uint8_t *src_data, uint32_t src_len, rsa_priv_key_t *priv, - uint32_t padding, int32_t hash_nid); - -/* - * Do rsa Sign digest. - * - * @param signature [OUT] The signature of input data - * @param sig_size [IN/OUT] The length of signature - * @param in [IN] The input data - * @param in_len [IN] The length of input data - * @param priv [IN] The rsa private key structure - * @param salt_len [IN] The length of salt - * @param hash_nid [IN] The hash_nid of encryption - * @param padding [IN] The padding type of encryption - * - * @return 0: Do rsa sign digest success - * @return -1: Do rsa Sign digest failed - */ -int32_t rsa_sign_digest(uint8_t *signature, uint32_t *sig_size, uint8_t *in, uint32_t in_len, rsa_priv_key_t *priv, - uint32_t salt_len, int32_t hash_nid, int32_t padding); - -/* - * Do rsa Verify digest. - * - * @param signature [IN] The signature of input data - * @param sig_size [IN] The length of signature - * @param in [IN] The input data - * @param in_len [IN] The length of input data - * @param pub [IN] The rsa public key structure - * @param salt_len [IN] The length of salt - * @param hash_nid [IN] The hash_nid of encryption - * @param padding [IN] The padding type of encryption - * - * @return 0: Do rsa verify success - * @return -1: Do rsa verify failed - */ -int32_t rsa_verify_digest(uint8_t *signature, uint32_t sig_size, uint8_t *in, uint32_t in_len, const rsa_pub_key_t *pub, - uint32_t salt_len, int32_t hash_nid, int32_t padding); - -/* - * Convert the rsa private key passed in by the user into the rsa_priv_key_t structure. - * - * @param priv [OUT] The rsa private key structure - * @param in [IN] The rsa private key buffer - * @param inlen [IN] The length of rsa private key buffer - * - * @return -1: Import rsa private key failed - * @return 0: Import rsa private key success - */ -int rsa_import_priv(rsa_priv_key_t *priv, const uint8_t *in, uint32_t in_len); - -/* - * Check the certificate revocation list. - * - * @param cert [IN] The crl buffer - * @param cert_len [IN] The length of crl buffer - * @param parent_key [IN] The public key to verify the crl - * @param parent_key_len [IN] The length of public key - * - * @return 1: Check the crl success - * @return others: Check the crl failed - */ -int x509_crl_validate(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len); - -/* - * Check the x509 certificate. - * - * @param cert [IN] The certificate buffer - * @param cert_len [IN] The length of certificate buffer - * @param parent_key [IN] The public key to verify the crl - * @param parent_key_len [IN] The length of public key - * - * @return 1: Check the cert success - * @return others: Check the cert failed - */ -int x509_cert_validate(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len); - -/* - * Get public key from certificate. - * - * @param pub [OUT] The public key struct - * @param in [IN] The certificate buffer - * @param inlen [IN] The length of certificate buffer - * - * @return 0: Get public key success - * @return -1: Get public key failed - */ -int import_pub_from_sp(void *pub, const uint8_t *in, uint32_t inlen); - -/* - * Get public key from certificate. - * - * @param pub [OUT] The public key buffer - * @param cert [IN] The certificate buffer - * @param cert_len [IN] The length of certificate buffer - * - * @return -1: Get public key failed - * @return others: The length of public key buffer - */ -int get_subject_public_key(uint8_t *pub, const uint8_t *cert, uint32_t cert_len); - -/* - * Get public key from certificate. - * - * @param pub [OUT] The public key buffer - * @param pub_size [IN/OUT] The length of public key buffer - * @param cert [IN] The certificate buffer - * @param cert_len [IN] The length of certificate buffer - * - * @return -1: Get public key failed - * @return others: The length of public key buffer - */ -int get_subject_public_key_new(uint8_t *pub, uint32_t pub_size, const uint8_t *cert, uint32_t cert_len); - -/* - * Get valid date from certificate. - * - * @param vd [OUT] The valid data structure - * @param cert [IN] The certificate buffer - * @param cert_len [IN] The length of certificate buffer - * - * @return 0: Get valid date success - * @return -1: Get valid data failed - */ -int get_validity_from_cert(validity_period_t *vd, uint8_t *cert, uint32_t cert_len); - -/* - * Get common name from certificate. - * - * @param name [OUT] The common name buffer - * @param name_size [IN/OUT] The length of common name buffer - * @param cert [IN] The certificate buffer - * @param cert_len [IN] The length of certificate buffer - * - * @return -1: Get common name failed - * @return others: Get common name success - */ -int get_subject_CN(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len); - -/* - * Get organization name from certificate. - * - * @param name [OUT] The organization name buffer - * @param name_size [IN/OUT] The length of organization name buffer - * @param cert [IN] The certificate buffer - * @param cert_len [IN] The length of certificate buffer - * - * @return -1: Get organization name failed - * @return others: Get organization name success - */ -int get_subject_OU(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len); - -/* - * Get serial number from certificate. - * - * @param serial_number [OUT] The serial number buffer - * @param serial_number_size [IN/OUT] The length of serial number buffer - * @param cert [IN] The certificate buffer - * @param cert_len [IN] The length of certificate buffer - * - * @return -1: Get serial number failed - * @return others: Get serial number success - */ -int get_serial_number_from_cert(uint8_t *serial_number, uint32_t serial_number_size, uint8_t *cert, uint32_t cert_len); - -/* - * Get issuer from certificate. - * - * @param issuer [OUT] The issuer buffer - * @param issuer_size [IN/OUT] The length of issuer buffer - * @param cert [IN] The certificate buffer - * @param cert_len [IN] The length of certificate buffer - * - * @return -1: Get serial number failed - * @return others: Get serial number success - */ -int get_issuer_from_cert(uint8_t *issuer, uint32_t issuer_size, uint8_t *crl, uint32_t crl_len); - -/* - * Get element number from certificate. - * - * @param elem [OUT] The element with elem_id - * @param elem_id [IN] The index of element - * @param cert [IN] The certificate buffer - * @param cert_len [IN] The length of certificate buffer - * - * @return -1: Get element failed - * @return others: The length of element - */ -int32_t get_tbs_element(uint8_t **elem, uint32_t elem_id, const uint8_t *cert, uint32_t cert_len); - -/* - * Recover the root certificate. - * - * @param cert [OUT] The certificate buffer - * @param cert_len [IN/OUT] The length of certificate buffer - * @param priv [IN] The private key structure - * @param keytype [IN] The keytype of private key - * - * @return -1: Recover root certificate failed - * @return others: Recover root certificate success - */ -int32_t recover_root_cert(uint8_t *cert, uint32_t cert_len, const void *priv, uint32_t keytype); - -/* - * Convert the rsa_pub_key_t structure passed in by the user into rsa public key buffer. - * - * @param out [OUT] The rsa public key buffer - * @param outlen [IN] The length of rsa public key buffer - * @param pub [IN] The rsa public key structure - * - * @return -1: Export rsa public key failed - * @return others: The real size of out buffer - */ -int32_t rsa_export_pub_sp(uint8_t *out, uint32_t out_size, rsa_pub_key_t *pub); - -/* - * Sign the pkcs10 certificate. - * - * @param cert [OUT] The certificate buffer - * @param cert_len [IN] The length of certificate buffer - * @param csr [IN] The certificate signing request buffer - * @param csr_len [IN] The length of certificate signing request buffer - * @param valid [IN] The valid date buffer - * @param serial_number [IN] The serial number buffer - * @param serial_length [IN] The length of serial number buffer - * @param priv [IN] The private key structure - * @param keytype [IN] The keytype of private key - * - * @return -1: Sign the pkcs10 certificate failed - * @return others: The real size of certificate - */ -int32_t sign_pkcs10(uint8_t *cert, uint32_t cert_len, - const uint8_t *csr, uint32_t csr_len, const validity_period_t *valid, - const uint8_t *serial_number, uint32_t serial_length, const void *priv, uint32_t keytype); - -/* - * Create attestation certificate with input params. - * - * @param cert [OUT] The certificate buffer - * @param cert_len [IN] The length of certificate buffer - * @param valid [IN] The valid date buffer - * @param issuer_tlv [IN] The issuer buffer - * @param issuer_tlv_len [IN] The length of issuer buffer - * @param subject_public_key [IN] The subject public key buffer - * @param subject_public_key_len [IN] The length of subject public key buffer - * @param attestation_ext [IN] The attestation extrol infor buffer - * @param attestation_ext_len [IN] The length of attestation extrol infor buffer - * @param priv_sign [IN] The private key buffer - * @param key_usage_sign_bit [IN] The usage sign falg - * @param key_usage_encrypt_bit [IN] The usage encrypt flag - * @param keytype [IN] The keytype of private key - * @param hash [IN] The hash func of digest - * - * @return -1: Create attestation certificate failed - * @return others: The real size of certificate - */ -int32_t create_attestation_cert(uint8_t *cert, uint32_t cert_len, const validity_period_t *valid, - const uint8_t *issuer_tlv, uint32_t issuer_tlv_len, - const uint8_t *subject_public_key, uint32_t subject_public_key_len, - const uint8_t *attestation_ext, uint32_t attestation_ext_len, void *priv_sign, - uint32_t key_usage_sign_bit, uint32_t key_usage_encrypt_bit, uint32_t key_type, - uint32_t hash); - -/* - * Get oem huk. - * - * @param huk [OUT] The oem huk buffer - * @param key [IN] The hmac key buffer - * @param key_size [IN] The length of hmac key buffer - * - * @return 0: Get oem huk success - * @return -1: Get oem huk failed - */ -int get_class_oem_huk(uint8_t *huk, const uint8_t *key, uint32_t key_size); - -/* - * Derive ecc public key from private key. - * - * @param priv_info [IN] The ecc_priv_key_t structure - * @param pub_info [OUT] The ecc_pub_key_t structure - * - * @return 0: Derive ecc public key success - * @return -1: Derive ecc public key failed - */ -int ecc_derive_public_key(ecc_priv_key_t *priv_info, ecc_pub_key_t *pub_info); - -/* - * Derive ecc private key from huk. - * - * @param priv [OUT] The ecc_priv_key_t structure - * @param secret [IN] The huk buffer - * @param sec_len [IN] The length of huk buffer - * - * @return 0: Derive ecc private key success - * @return -1: Derive ecc private key failed - */ -int derive_ecc_private_key_from_huk(ecc_priv_key_t *priv, const uint8_t *secret, uint32_t sec_len); - -/* - * Do aes key wrap operation. - * @param params [IN/OUT] The cdrm_params structure contains key/iv/input/output info - * - * @return TEE_SUCCESS: Do aes key wrap operation success - * @return others: Do aes key wrap operation failed - */ -TEE_Result aes_key_wrap(struct cdrm_params *params); - -/* - * Do aes key unwrap operation. - * - * @param params [IN/OUT] The cdrm_params structure contains key/iv/input/output info - * - * @return TEE_SUCCESS: Do aes key unwrap operation success - * @return others: Do aes key unwrap operation failed - */ -TEE_Result aes_key_unwrap(struct cdrm_params *params); - #endif diff --git a/include/TA/huawei_ext/crypto_x509_wrapper.h b/include/TA/huawei_ext/crypto_x509_wrapper.h new file mode 100644 index 0000000..830e7dc --- /dev/null +++ b/include/TA/huawei_ext/crypto_x509_wrapper.h @@ -0,0 +1,169 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: soft ec x509 engine + */ +#ifndef __CRYPTO_X509_WRAPPER_H__ +#define __CRYPTO_X509_WRAPPER_H__ + +#include +#include + +#define VALIDITY_TIME_SIZE 13 +typedef struct { + uint8_t start[VALIDITY_TIME_SIZE]; + uint8_t end[VALIDITY_TIME_SIZE]; +} validity_period_t; + +/* + * Check the certificate revocation list. + * + * @param cert [IN] The crl buffer + * @param cert_len [IN] The length of crl buffer + * @param parent_key [IN] The public key to verify the crl + * @param parent_key_len [IN] The length of public key + * + * @return 1: Check the crl success + * @return others: Check the crl failed + */ +int32_t x509_crl_validate(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len); + +/* + * Check the x509 certificate. + * + * @param cert [IN] The certificate buffer + * @param cert_len [IN] The length of certificate buffer + * @param parent_key [IN] The public key to verify the crl + * @param parent_key_len [IN] The length of public key + * + * @return 1: Check the cert success + * @return others: Check the cert failed + */ +int32_t x509_cert_validate(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len); + +/* + * Get public key from certificate. + * + * @param pub [OUT] The public key struct + * @param in [IN] The certificate buffer + * @param inlen [IN] The length of certificate buffer + * + * @return 0: Get public key success + * @return -1: Get public key failed + */ +int32_t import_pub_from_sp(void *pub, const uint8_t *in, uint32_t inlen); + +/* + * Get public key from certificate. + * + * @param pub [OUT] The public key buffer + * @param cert [IN] The certificate buffer + * @param cert_len [IN] The length of certificate buffer + * + * @return -1: Get public key failed + * @return others: The length of public key buffer + */ +int32_t get_subject_public_key(uint8_t *pub, const uint8_t *cert, uint32_t cert_len); + +/* + * Get public key from certificate. + * + * @param pub [OUT] The public key buffer + * @param pub_size [IN/OUT] The length of public key buffer + * @param cert [IN] The certificate buffer + * @param cert_len [IN] The length of certificate buffer + * + * @return -1: Get public key failed + * @return others: The length of public key buffer + */ +int32_t get_subject_public_key_new(uint8_t *pub, uint32_t pub_size, const uint8_t *cert, uint32_t cert_len); + +/* + * Get valid date from certificate. + * + * @param vd [OUT] The valid date structure + * @param cert [IN] The certificate buffer + * @param cert_len [IN] The length of certificate buffer + * + * @return 0: Get valid date success + * @return -1: Get valid date failed + */ +int32_t get_validity_from_cert(validity_period_t *vd, uint8_t *cert, uint32_t cert_len); + +/* + * Get common name from certificate. + * + * @param name [OUT] The common name buffer + * @param name_size [IN/OUT] The length of common name buffer + * @param cert [IN] The certificate buffer + * @param cert_len [IN] The length of certificate buffer + * + * @return -1: Get common name failed + * @return others: Get common name success + */ +int32_t get_subject_x509_cn(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len); + +/* + * Get organization name from certificate. + * + * @param name [OUT] The organization name buffer + * @param name_size [IN/OUT] The length of organization name buffer + * @param cert [IN] The certificate buffer + * @param cert_len [IN] The length of certificate buffer + * + * @return -1: Get organization name failed + * @return others: Get organization name success + */ +int32_t get_subject_x509_ou(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len); + +/* + * Get serial number from certificate. + * + * @param serial_number [OUT] The serial number buffer + * @param serial_number_size [IN/OUT] The length of serial number buffer + * @param cert [IN] The certificate buffer + * @param cert_len [IN] The length of certificate buffer + * + * @return -1: Get serial number failed + * @return others: Get serial number success + */ +int32_t get_serial_number_from_cert(uint8_t *serial_number, uint32_t serial_number_size, + uint8_t *cert, uint32_t cert_len); + +/* + * Get issuer from certificate. + * + * @param issuer [OUT] The issuer buffer + * @param issuer_size [IN/OUT] The length of issuer buffer + * @param cert [IN] The certificate buffer + * @param cert_len [IN] The length of certificate buffer + * + * @return -1: Get serial number failed + * @return others: Get serial number success + */ +int32_t get_issuer_from_cert(uint8_t *issuer, uint32_t issuer_size, uint8_t *crl, uint32_t crl_len); + +/* + * Check cert chain valid. + * + * @param root_cert [IN] root ca cert presave + * @param root_cert_len [IN] The length of root ca cert + * @param second_cert [IN] secondary ca cert buffer + * @param second_cert_len [IN] The length of secondary ca cert + * @param leaf_cert [IN] leaf ca cert + * @param leaf_cert_len [IN] The length of leaf ca cert + * + * @return -1: failed + * @return >0: check success + */ +int x509_cert_chain_validate(uint8_t *root_cert, uint32_t root_cert_len, + uint8_t *second_cert, uint32_t second_cert_len, + uint8_t *leaf_cert, uint32_t leaf_cert_len); +#endif diff --git a/include/TA/huawei_ext/permsrv_api_cert.h b/include/TA/huawei_ext/permsrv_api_cert.h new file mode 100644 index 0000000..8be86b1 --- /dev/null +++ b/include/TA/huawei_ext/permsrv_api_cert.h @@ -0,0 +1,22 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: permsrv cert api interface head file + */ + +#ifndef PEMRSRV_API_CERT_H +#define PEMRSRV_API_CERT_H + +#include "tee_defines.h" + +TEE_Result ta_signing_cert_import(const char *cert_buf, uint32_t cert_size, const char *pub_key_buf, uint32_t pub_size); +TEE_Result ta_signing_cert_export(uint8_t *dst, uint32_t *len, uint32_t limit); +TEE_Result ta_signing_cert_destroy(void); +#endif diff --git a/include/TA/huawei_ext/permsrv_api_legacy.h b/include/TA/huawei_ext/permsrv_api_legacy.h new file mode 100644 index 0000000..e76f5b5 --- /dev/null +++ b/include/TA/huawei_ext/permsrv_api_legacy.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: Functions in this header file are deprecated. Do not use + */ + +#ifndef PERMSRV_API_LEGACY_H +#define PERMSRV_API_LEGACY_H + +#include "tee_defines.h" + +TEE_Result TEE_EXT_crl_cert_process(const char *crl_cert, uint32_t crl_cert_size); +TEE_Result TEE_EXT_ta_ctrl_list_process(const char *ctrl_list, uint32_t ctrl_list_size); +#endif diff --git a/include/TA/huawei_ext/qsi_data_structure.h b/include/TA/huawei_ext/qsi_data_structure.h new file mode 100644 index 0000000..2ffedf2 --- /dev/null +++ b/include/TA/huawei_ext/qsi_data_structure.h @@ -0,0 +1,27 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: Data Structure Definations of QSI. + */ +#ifndef QSI_DATA_STRUCTURE_H +#define QSI_DATA_STRUCTURE_H +#include + +enum seal_operation { + SEAL, + UNSEAL +}; + +struct ra_buffer_data { + uint32_t length; + uint8_t *buffer; +}; + +#endif diff --git a/include/TA/huawei_ext/tee_crypto_err.h b/include/TA/huawei_ext/tee_crypto_err.h new file mode 100644 index 0000000..6d019b7 --- /dev/null +++ b/include/TA/huawei_ext/tee_crypto_err.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: tee crypto err definitions + */ + +#ifndef TEE_CRYPTO_ERR_H +#define TEE_CRYPTO_ERR_H + +#include + +#define MAX_COMMON_CRYPTO_ENGINE_ERR 99 +/* + * notes: all extension tee error rule is TEE_EXT_ERROR_BASE | CRYPTO_MODULE_ERR_ID | ALG_ERR_ID | base_error_value, + * For example, the crypto module extension error codes are prefixed with 0x8002, + * and base_error_value is opensoure lib err. + */ +enum soft_algthorm_err_id { + SM2_LIB_ERR_ID = 0x0000, /* GMSSL common err and ec err */ + SM4_LIB_ERR_ID = 0x1000, /* GMSSL evp err */ + /* as below: for openssl opensource lib */ + COMM_LIB_ERR_ID = 0x2000, + BN_LIB_ERR_ID = 0x3000, + RSA_LIB_ERR_ID = 0x4000, + EVP_LIB_ERR_ID = 0x5000, + PEM_LIB_ERR_ID = 0x6000, + X509_LIB_ERR_ID = 0x7000, + ASN1_LIB_ERR_ID = 0x8000, + CRYPTO_LIB_ERR_ID = 0x9000, + EC_LIB_ERR_ID = 0xa000, + PKCS7_LIB_ERR_ID = 0xb000, + OTHER_LIB_ERR_ID = 0xc000, +}; + +#endif diff --git a/include/TA/huawei_ext/tee_crypto_hal.h b/include/TA/huawei_ext/tee_crypto_hal.h index 7444618..bfc0be5 100755 --- a/include/TA/huawei_ext/tee_crypto_hal.h +++ b/include/TA/huawei_ext/tee_crypto_hal.h @@ -1,6 +1,6 @@ /* * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,17 +8,18 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: crypto hal info function */ #ifndef TEE_CRYPTO_HAL_H #define TEE_CRYPTO_HAL_H #include "tee_crypto_api.h" enum CRYPTO_ENGINE { - DX_CRYPTO, - EPS_CRYPTO, - SOFT_CRYPTO, - SEC_CRYPTO, - CRYPTO_ENGINE_MAX, + DX_CRYPTO = 0, + EPS_CRYPTO = 1, + SOFT_CRYPTO = 2, + SEC_CRYPTO = 3, + CRYPTO_ENGINE_MAX = 1024, }; /* @@ -42,4 +43,5 @@ TEE_Result TEE_SetCryptoFlag(TEE_OperationHandle operation, uint32_t crypto); * @retval TEE_ERROR_BAD_PARAMETERS: Operation is NULLi or crypto is invalid */ TEE_Result TEE_SetObjectFlag(TEE_ObjectHandle object, uint32_t crypto); + #endif diff --git a/include/TA/huawei_ext/tee_err.h b/include/TA/huawei_ext/tee_err.h new file mode 100644 index 0000000..4b2b17c --- /dev/null +++ b/include/TA/huawei_ext/tee_err.h @@ -0,0 +1,31 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: Reference of TEE error definitions + */ + +#ifndef TEE_ERROR_H +#define TEE_ERROR_H + +#include + +/* + * notes: all extension tee error rule is TEE_EXT_ERROR_BASE | xx_MODULE_ERR_ID | base_error_value, + * For example, the crypto module extension error codes are prefixed with 0x8002. + */ +#define TEE_EXT_ERROR_BASE 0x80000000 + +enum ext_error_module { + OTRP_MODULE_ERR_ID = 0x000000, + SSA_MODULE_ERR_ID = 0x010000, + CRYPTO_MODULE_ERR_ID = 0x020000, +}; + +#endif diff --git a/include/TA/huawei_ext/tee_ext_api.h b/include/TA/huawei_ext/tee_ext_api.h index d74c749..309abe3 100644 --- a/include/TA/huawei_ext/tee_ext_api.h +++ b/include/TA/huawei_ext/tee_ext_api.h @@ -1,6 +1,6 @@ /* * Copyright (c) Huawei Technologies Co., Ltd. 2012-2019. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,13 +8,14 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: Tee ext api header file */ #ifndef TEE_EXT_API_H #define TEE_EXT_API_H #include "tee_defines.h" -#include "tee_core_api.h" +#include "tee_hw_ext_api_legacy.h" #ifdef __cplusplus #if __cplusplus @@ -35,14 +36,18 @@ extern "C" { #define TEE_GET_REEINFO_SUCCESS 0 #define TEE_GET_REEINFO_FAILED 1 +#define TEE_SMC_FROM_USR 0 +#define TEE_SMC_FROM_KERNEL 1 + #define RESERVED_BUF_SIZE 32 -typedef struct __caller_info { +typedef struct ta_caller_info { uint32_t session_type; union { TEE_UUID caller_uuid; uint8_t ca_info[RESERVED_BUF_SIZE]; } caller_identity; - uint8_t reserved[RESERVED_BUF_SIZE]; + uint8_t smc_from_kernel_mode; + uint8_t reserved[RESERVED_BUF_SIZE - 1]; } caller_info; /* @@ -54,7 +59,7 @@ typedef struct __caller_info { * return TEE_SUCCESS operation success * return others failed to get caller info */ -TEE_Result TEE_EXT_GetCallerInfo(caller_info *caller_info_data, uint32_t length); +TEE_Result tee_ext_get_caller_info(caller_info *caller_info_data, uint32_t length); /* * verify TA's caller's identify @@ -70,6 +75,32 @@ TEE_Result TEE_EXT_GetCallerInfo(caller_info *caller_info_data, uint32_t length) */ TEE_Result addcaller_ca_exec(const char *ca_name, const char *user_name); +/* + * verify TA's caller's identify + * TA can call this API to add caller's info, + * which is allowed to call this TA. + * this API is for CA in form of JAR or binary-excuteble file. + * + * @param ca_name [IN] CA caller's process name + * @param user_name [IN] CA caller's username + * + * return TEE_SUCCESS operation + * return others failed to add caller info for target CA + */ + +TEE_Result AddCaller_CA_user(const char *ca_name, const char *user_name); + +/* + * TA can call this API to add caller's info, + * which is allowed to call this CA. + * this API is for CA in form of native ca and APK. + * + * @param cainfo_hash [IN] CA callerinfo's sha256 value + * + * return TEE_SUCCESS operation + */ +TEE_Result AddCaller_CA(const uint8_t *cainfo_hash, uint32_t length); + /* * TA call this API allow others TA open session with itself * @@ -86,8 +117,32 @@ TEE_Result AddCaller_TA_all(void); * * @return session type of current session */ -uint32_t TEE_GetSessionType(void); +uint32_t tee_get_session_type(void); +/* + * Check CA params during CA Authentication + * + * @param param_types [IN] CA caller's param types + * @param params[TEE_PARAMS_NUM] [IN] CA caller's params + * + * return TEE_SUCCESS + */ +TEE_Result TEE_EXT_CheckClientPerm(uint32_t param_types, const TEE_Param params[TEE_PARAMS_NUM]); + +/* + * derive key from platform key + * + * @param object [IN/OUT] input data in ObjectInfo->keytype, output keys in Attributes. + * @param keySize [IN] key size in bits, it desides the ecc curve type too. + * @param params [IN] unused + * @param paramCount [IN] unused + * @param exinfo [IN] user info as derive slat. + * @param exinfo_size [IN] size of user info, Max is 64bytes, must bigger than 0. + * + * @return TEE_SUCCESS means success, others means failed. + */ +TEE_Result tee_ext_derive_ta_platfrom_keys(TEE_ObjectHandle object, uint32_t key_size, const TEE_Attribute *params, + uint32_t param_count, const uint8_t *exinfo, uint32_t exinfo_size); #ifdef __cplusplus #if __cplusplus } diff --git a/include/TA/huawei_ext/tee_hw_ext_api_legacy.h b/include/TA/huawei_ext/tee_hw_ext_api_legacy.h new file mode 100644 index 0000000..34e480a --- /dev/null +++ b/include/TA/huawei_ext/tee_hw_ext_api_legacy.h @@ -0,0 +1,293 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: Functions in this header file are deprecated. Do not use + */ + +#ifndef __TEE_HW_EXT_API_LEGACY_H__ +#define __TEE_HW_EXT_API_LEGACY_H__ + +#include "tee_defines.h" +#include "tee_crypto_api.h" + +/* + * ta version anti rollback api + * + * @param ta_version [IN] version to be checked + * + * @return TEE_SUCCESS check result is OK + * @return others check ta version failed + */ +TEE_Result TEE_EXT_TA_version_check(uint32_t ta_version); + +/* + * check wheather target TA(uuid) has permission to invoke target command + * this feature is only supported by TA with certificate + * + * @param [IN] uuid of caller TA + * @param [IN] cmd id of request + * + * @return TEE_SUCCESS target TA has the permission to invoke target command + * @return TEE_ERROR_ACCESS_DENIED target TA don't has permission to invoke target command + */ +TEE_Result TEE_EXT_CheckInvokePermission(const TEE_UUID *uuid, uint32_t cmd); + +/* + * get sharemem of verify boot information + * + * @param buffer [OUT] the address to save verify boot info + * @param size [IN] length of buffer + * + * @return 0 means success, others means failed + */ +TEE_Result TEE_EXT_GetVerifyBootInfo(char *buffer, uint32_t size); + +/* + * derive key from device rootkey and UUID of the current task + * + * @param salt [IN] data for salt + * @param size [IN] salt length + * @param key [OUT] pointer where key is saved + * @param key_size [IN] key_size must be integer times of 16 + * + * @return TEE_SUCCESS OK + * @return TEE_ERROR_BAD_PARAMETERS illegal parameters + * @return TEE_ERROR_GENERIC internal error + */ +TEE_Result TEE_EXT_DeriveTARootKey(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t key_size); + +/* + * get rot key for multiple platforms + * + * @param enc_key [IN] encrypted rot key or NULL + * @param en_key_size [IN] encrypted rot key buff len or zero + * @param key [OUT]rot key buff pointer + * @param key_size [IN/OUT] rot key buffer length + * + * @return 0 get rot key success + * @return -1 get rot key failed + */ +int32_t TEE_EXT_GetRoT(const uint8_t *enc_key, uint32_t en_key_size, uint8_t *key, uint32_t *key_size); + +/* + * get device unique id in TEE + * + * @param device_unique_id [OUT] buffer to store the result + * @param length [IN/OUT] buffer length of device ID + * + * return TEE_SUCCESS operation success + * return others operation failed + */ +TEE_Result TEE_EXT_GetDeviceUniqueId(uint8_t *device_unique_id, uint32_t *length); + +TEE_Result TEE_EXT_GetSeCapability(const TEE_UUID *uuid, uint64_t *result); + +/* + * @ingroup TEE_EXT_API + * @brief get shared memory infomation of SecFlash + * + * @param buffer [OUT] the address to save SecFlash shared memory info + * @param length [IN] length of buffer + * + * @retval NA + */ +TEE_Result TEE_EXT_GetSecFlashShareMem(char *buffer, uint32_t size); + +/* + * @ingroup share memory + * @brief get sharemem of verify boot information + * + * @par + * @param buffer [OUT] the address to save verify boot info + * @param size [IN] length of buffer + * + * @retval NA + * + * @par dependence: + * @li tee_ext_api.h + * @see + * @since V100R008C00 + */ +TEE_Result TEE_EXT_GetTrustBootImgInfo(char *buffer, uint32_t size); + +/* + * @ingroup derive key for keymaster + * @brief using root key to derive key for keymaster + * + * @par + * @param buffer [IN] input secret + * @param size [IN] input secret size + * @param buffer [OUT] derived key + * @param size [OUT] derived key size + * + * @retval NA + * + * @par dependence: + * @li tee_ext_api.h + * @see + * @since V100R007C00 + */ +TEE_Result TEE_EXT_ROOT_DeriveKey2(const uint8_t *secret, uint32_t secret_len, uint8_t *key, uint32_t key_len); + +/* + * @ingroup ROOT_UuidDeriveKey + * @brief derive key from device rootkey and UUID of the current task + * + * @attention + * @param salt [IN] data for salt + * @param size [IN] salt length + * @param key_size [OUT] size of generated key, fix-size 32 bytes + * @param key [OUT] pointer where key is saved + * + * @retval #TEE_SUCCESS OK + * @retval #TEE_ERROR_BAD_PARAMETERS illegal parameters + * @retval #TEE_ERROR_GENERIC internal error + * + * @par dependence: + * @li tee_ext_api.h + * @see + * @since V100R007C00 + */ +TEE_Result TEE_EXT_ROOT_UuidDeriveKey(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t *key_size); + +/* + * @ingroup crypto + * @brief AES encryption and decryption integration mode. + * + * @attention: Now this api only support algorithm: AES_CBC_NOPAD/ AES_ECB_PKCS5, + * and input key can derive by root key. + * @param db [IN] Whether to derive the key with the input key and root key. + * @param iv [IN] input iv + * @param mode [IN] 0:encrypt; 1:decrypt + * @param alg [IN] AES algorithm: TEE_CRYPTO_ALGORITHM_ID + * @param key [IN] input key + * @param key_len [IN] input key len + * @param cyp_src [IN] input data + * @param dst [OUT] ouput data + * @param src_len [IN] input data len + * @param dst_len [OUT] ouput data len + * + * @retval #TEE_SUCCESS success + * @retval #TEE_ERROR_BAD_PARAMETERS illegal parameters + * @retval #TEE_ERROR_OUT_OF_MEMORY alloc memory fail + * + * @par dependence: + * @li crypto + * @li tee_ext_api.h + * @see TEE_CipherInit | TEE_CipherUpdate | TEE_CipherDoFinal + * @since V100R005C00 + */ +TEE_Result TEE_EXT_AES_CRYPTO(bool db, const uint8_t *iv, bool mode, uint32_t alg, const uint8_t *key, uint32_t key_len, + const uint8_t *cyp_src, uint8_t *dst, uint32_t src_len, uint32_t *dst_len); + +/* + * @ingroup crypto + * @brief calculate hash. + * + * @attention + * @param algorithm [IN] hash algorithm: like SHA1, SHA256 + * @param ptr [IN] input data + * @param size [IN] input data length + * @param hash_result [OUT] hash result: SHA1 20bytes; SHA256 32bytes + * + * @retval #TEE_SUCCESS success + * @retval #TEE_ERROR_BAD_PARAMETERS illegal parameters + * @retval #TEE_ERROR_GENERIC error + * + * @par dependence: + * @li crypto + * @li tee_ext_api.h + * @since V100R005C00 + */ +TEE_Result TEE_EXT_HASH(tee_crypto_algorithm_id algorithm, const uint8_t *ptr, uint32_t size, uint8_t *hash_result); + +/* + * @ingroup TEE_HWI_IPC_MESSAGE + * @brief Wait for registered messages from IRQs + * + * @param hwi [IN] IRQ number to register + */ +TEE_Result TEE_EXT_HwiMsgRegister(uint32_t hwi); + +/* + * @ingroup TEE_HWI_IPC_MESSAGE + * @brief Unregister to receive message for HWI number + * + * @param hwi [IN] IRQ number to unregister for + */ +TEE_Result TEE_EXT_HwiMsgDeregister(uint32_t hwi); + +/* + * @ingroup TEE_HWI_IPC_MESSAGE + * @brief Wait for registered messages from IRQs + * + * @param NULL + * + * @retval received message id + */ +uint32_t TEE_EXT_HwiMsgWait(void); + +/* + * @ingroup TEE_HW_EXT_API + * @brief check wheather device rooted 1:rooted, 0:unrooted + * + * @param NULL + * + * @retval true means device is rooted + */ +bool TEE_EXT_IsDeviceRooted(void); + +#ifdef __cplusplus +#if __cplusplus +extern "C" { +#endif /* __cpluscplus */ +#endif /* __cpluscplus */ + +struct ta_caller_info; + +/* + * Get caller info of current session, refer caller_info struct for more details + * + * @param caller_info_data [OUT] caller info to be returned + * @param length [IN] sizeof struct caller_info + * + * return TEE_SUCCESS operation success + * return others failed to get caller info + */ +TEE_Result TEE_EXT_GetCallerInfo(struct ta_caller_info *caller_info_data, uint32_t length); + +/* + * get cruurent session type + * + * @return session type of current session + */ +uint32_t TEE_GetSessionType(void); + +/* + * derive key from platform key + * + * @param object [IN/OUT] input data in ObjectInfo->keytype, output keys in Attributes. + * @param keySize [IN] key size in bits, it desides the ecc curve type too. + * @param params [IN] unused + * @param paramCount [IN] unused + * @param exinfo [IN] user info as derive slat. + * @param exinfo_size [IN] size of user info, Max is 64bytes, must bigger than 0. + * + * @return TEE_SUCCESS means success, others means failed. + */ +TEE_Result TEE_EXT_DeriveTAPlatfromKeys(TEE_ObjectHandle object, uint32_t key_size, const TEE_Attribute *params, + uint32_t param_count, const uint8_t *exinfo, uint32_t exinfo_size); +#ifdef __cplusplus +#if __cplusplus +} +#endif /* __cpluscplus */ +#endif /* __cpluscplus */ + +#endif diff --git a/include/TA/huawei_ext/tee_log.h b/include/TA/huawei_ext/tee_log.h index dc213da..37317ca 100644 --- a/include/TA/huawei_ext/tee_log.h +++ b/include/TA/huawei_ext/tee_log.h @@ -1,6 +1,6 @@ /* * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,21 +8,26 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: Reference of TEE log api and internal definitions */ #ifndef __TEE_LOG_H #define __TEE_LOG_H #include "tee_defines.h" +#include "tee_log_legacy.h" -#define DEBUG_TAG "[debug]" -#define INFO_TAG "[info]" -#define WARNING_TAG "[warning]" -#define ERROR_TAG "[error]" +#define TA_LOG_LEVEL_ERROR 0 +#define TA_LOG_LEVEL_WARNING 1 +#define TA_LOG_LEVEL_INFO 2 +#define TA_LOG_LEVEL_DEBUG 3 +#define TA_LOG_LEVEL_VERBO 4 -#define LEVEL_DEBUG 2 -#define LEVEL_WARNING 1 -#define LEVEL_ERROR 0 +#define TA_LOG_LEVEL_DEFAULT TA_LOG_LEVEL_INFO +// TA_LOG_LEVEL can be redefined by TA developers +#ifndef TA_LOG_LEVEL +#define TA_LOG_LEVEL TA_LOG_LEVEL_DEFAULT +#endif #define TAG_VERB "[verb]" #define TAG_DEBUG "[debug]" @@ -30,6 +35,10 @@ #define TAG_WARN "[warn]" #define TAG_ERROR "[error]" +#define DEBUG_TAG "[debug]" +#define INFO_TAG "[info]" +#define WARNING_TAG "[warning]" +#define ERROR_TAG "[error]" typedef enum { LOG_LEVEL_ERROR = 0, LOG_LEVEL_WARN = 1, @@ -46,84 +55,138 @@ void tee_print(LOG_LEVEL log_level, const char *fmt, ...); void tee_print_driver(LOG_LEVEL log_level, const char *log_tag, const char *fmt, ...); extern const char *g_debug_prefix; -#define TEE_LogPrintf(fmt, args...) SLog(fmt, ##args) -#ifdef LOG_ON +/* tlogv */ +#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO) #ifdef DRIVER_LOG_TAG #define tlogv(fmt, args...) \ tee_print_driver(LOG_LEVEL_VERBO, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_VERB, __LINE__, ##args) -#define tlogd(fmt, args...) \ - tee_print_driver(LOG_LEVEL_DEBUG, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args) -#define tlogi(fmt, args...) \ - tee_print_driver(LOG_LEVEL_INFO, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args) -#define tlogw(fmt, args...) \ - tee_print_driver(LOG_LEVEL_WARN, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args) #else #define tlogv(fmt, args...) tee_print(LOG_LEVEL_VERBO, "%s %d:" fmt "", TAG_VERB, __LINE__, ##args) -#define tlogd(fmt, args...) tee_print(LOG_LEVEL_DEBUG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args) -#define tlogi(fmt, args...) tee_print(LOG_LEVEL_INFO, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args) -#define tlogw(fmt, args...) tee_print(LOG_LEVEL_WARN, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args) -#endif +#endif /* DRIVER_LOG_TAG */ #else #define tlogv(fmt, args...) \ do { \ } while (0) +#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO */ + +/* tlogd */ +#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG) +#ifdef DRIVER_LOG_TAG +#define tlogd(fmt, args...) \ + tee_print_driver(LOG_LEVEL_DEBUG, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args) +#else +#define tlogd(fmt, args...) tee_print(LOG_LEVEL_DEBUG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args) +#endif /* DRIVER_LOG_TAG */ +#else #define tlogd(fmt, args...) \ do { \ } while (0) +#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG */ + +/* tlogi */ +#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO) +#ifdef DRIVER_LOG_TAG +#define tlogi(fmt, args...) \ + tee_print_driver(LOG_LEVEL_INFO, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args) +#else +#define tlogi(fmt, args...) tee_print(LOG_LEVEL_INFO, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args) +#endif /* DRIVER_LOG_TAG */ +#else #define tlogi(fmt, args...) \ do { \ } while (0) +#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO */ + +/* tlogw */ +#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING) +#ifdef DRIVER_LOG_TAG +#define tlogw(fmt, args...) \ + tee_print_driver(LOG_LEVEL_WARN, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args) +#else +#define tlogw(fmt, args...) tee_print(LOG_LEVEL_WARN, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args) +#endif /* DRIVER_LOG_TAG */ +#else #define tlogw(fmt, args...) \ do { \ } while (0) -#endif /* ENG_VERSION */ +#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING */ +/* tloge */ +#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR) // Always meet this condition #ifndef TLOGE_NO_TIMESTAMP #ifdef DRIVER_LOG_TAG #define tloge(fmt, args...) \ tee_print_driver(LOG_LEVEL_ERROR, DRIVER_LOG_TAG, "%s %d:" fmt " ", TAG_ERROR, __LINE__, ##args) #else #define tloge(fmt, args...) tee_print(LOG_LEVEL_ERROR, "%s %d:" fmt " ", TAG_ERROR, __LINE__, ##args) -#endif +#endif /* DRIVER_LOG_TAG */ #else #define tloge(fmt, args...) printf("[%s] %s %d:" fmt " ", g_debug_prefix, TAG_ERROR, __LINE__, ##args) -#endif +#endif /* TLOGE_NO_TIMESTAMP */ +#else +#define tloge(fmt, args...) \ + do { \ + } while (0) +#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR */ void ta_print(LOG_LEVEL log_level, const char *fmt, ...); -#ifdef LOG_ON +/* ta_logv */ +#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO) #define ta_logv(fmt, args...) ta_print(LOG_LEVEL_VERBO, "%s %d: " fmt "\n", TAG_VERB, __LINE__, ##args) -#define ta_logd(fmt, args...) ta_print(LOG_LEVEL_DEBUG, "%s %d: " fmt "\n", TAG_DEBUG, __LINE__, ##args) -#define ta_logi(fmt, args...) ta_print(LOG_LEVEL_INFO, "%s %d: " fmt "\n", TAG_INFO, __LINE__, ##args) -#define ta_logw(fmt, args...) ta_print(LOG_LEVEL_WARN, "%s %d: " fmt "\n", TAG_WARN, __LINE__, ##args) #else #define ta_logv(fmt, args...) \ do { \ } while (0) +#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO */ + +/* ta_logd */ +#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG) +#define ta_logd(fmt, args...) ta_print(LOG_LEVEL_DEBUG, "%s %d: " fmt "\n", TAG_DEBUG, __LINE__, ##args) +#else #define ta_logd(fmt, args...) \ do { \ } while (0) +#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG */ + +/* ta_logi */ +#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO) +#define ta_logi(fmt, args...) ta_print(LOG_LEVEL_INFO, "%s %d: " fmt "\n", TAG_INFO, __LINE__, ##args) +#else #define ta_logi(fmt, args...) \ do { \ } while (0) +#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO */ + +/* ta_logw */ +#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING) +#define ta_logw(fmt, args...) ta_print(LOG_LEVEL_WARN, "%s %d: " fmt "\n", TAG_WARN, __LINE__, ##args) +#else #define ta_logw(fmt, args...) \ do { \ } while (0) -#endif +#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING */ + +/* ta_loge */ +#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR) // Always meet this condition #define ta_loge(fmt, args...) ta_print(LOG_LEVEL_ERROR, "%s %d: " fmt "\n", TAG_ERROR, __LINE__, ##args) +#else +#define ta_loge(fmt, args...) \ + do { \ + } while (0) +#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR */ -/* in debug version users can dynamically modify the loglevel ,in release version, users have to modify the level by - * compile */ +/* +in debug version, users can dynamically modify the loglevel, +in release version, users have to modify the level by compile +*/ #ifndef DEBUG_VERSION - #ifdef TA_DEBUG #define ta_debug(fmt, args...) uart_printf_func("%s %s: " fmt "", DEBUG_TAG, __FUNCTION__, ##args) #else #define ta_debug(fmt, args...) -#endif - +#endif /* TA_DEBUG */ #else - #define ta_debug(fmt, args...) \ do { \ uint32_t level; \ @@ -142,67 +205,61 @@ void ta_print(LOG_LEVEL log_level, const char *fmt, ...); } \ } while (0) -#endif +#endif /* DEBUG_VERSION */ #define ta_info(fmt, args...) uart_printf_func("%s: " fmt "", INFO_TAG, ##args) #define ta_error(fmt, args...) uart_printf_func("%s: " fmt " ", ERROR_TAG, ##args) -#define TA_LOG -#ifdef TA_LOG +/* Log level for SLogx */ #define TRACE_S "[Trace]" #define WARNING_S "[Warning]" #define ERROR_S "[Error]" -/* - * Print trace level's log. - * - * @param fmt [IN] assert condition. - * @param args [IN] params for format config. - * - * @return void - */ -#define SLogTrace(fmt, args...) SLog("%s: " fmt "\n", TRACE_S, ##args) +#define TA_SLOG_LEVEL_ERROR 0 +#define TA_SLOG_LEVEL_WARNING 1 +#define TA_SLOG_LEVEL_TRACE 2 -/* - * Print warning level's log. - * - * @param fmt [IN] assert condition. - * @param args [IN] params for format config. - * - * @return void - */ -#define SLogWarning(fmt, args...) SLog("%s: " fmt "\n", WARNING_S, ##args) +#define TA_SLOG_LEVEL_DEFAULT TA_SLOG_LEVEL_WARNING +// TA_SLOG_LEVEL can be redefined by TA developers +#ifndef TA_SLOG_LEVEL +#define TA_SLOG_LEVEL TA_SLOG_LEVEL_DEFAULT +#endif -/* - * Print error level's log. - * - * @param fmt [IN] assert condition. - * @param args [IN] params for format config. - * - * @return void - */ -#define SLogError(fmt, args...) SLog("%s: " fmt "\n", ERROR_S, ##args) +/* SLogTrace */ +#if (TA_SLOG_LEVEL >= TA_SLOG_LEVEL_TRACE) +#define SLogTrace(fmt, args...) tee_print(LOG_LEVEL_DEBUG, "%s: " fmt "\n", TRACE_S, ##args) +#else +#define SLogTrace(fmt, args...) \ + do { \ + } while (0) +#endif -/* - * Assert api for tee log, note: should call Panic to deal, here just return - * - * @param exp [IN] Printf log's format config style. - * - * @return void - */ +/* SLogWarning */ +#if (TA_SLOG_LEVEL >= TA_SLOG_LEVEL_WARNING) +#define SLogWarning(fmt, args...) tee_print(LOG_LEVEL_WARN, "%s: " fmt "\n", WARNING_S, ##args) +#else +#define SLogWarning(fmt, args...) \ + do { \ + } while (0) +#endif + +/* SLogError */ +#if (TA_SLOG_LEVEL >= TA_SLOG_LEVEL_ERROR) +#define SLogError(fmt, args...) tee_print(LOG_LEVEL_ERROR, "%s: " fmt "\n", ERROR_S, ##args) +#else +#define SLogError(fmt, args...) \ + do { \ + } while (0) +#endif + +/* SAssert, Assert api for tee log, note: should call Panic to deal, here just return */ #define SAssert(exp) \ do { \ if (!(exp)) { \ - SLog("Assertion [ %s ] Failed: File %s, Line %d\n", #exp, "__FILE__", __LINE__); \ + tee_print(LOG_LEVEL_ERROR, "Assertion [%s] Failed: File %s, Line %d\n", #exp, __FILE__, __LINE__); \ return 0xFFFF0001; \ } \ } while (0); -#else -#define SLogTrace(fmt, args...) ((void)0) -#define SLogWarning(fmt, args...) ((void)0) -#define SLogError(fmt, args...) ((void)0) -#define SAssert(exp) ((void)0) -#endif /* * Output log to tee log file. @@ -211,6 +268,7 @@ void ta_print(LOG_LEVEL log_level, const char *fmt, ...); * * @return void */ -void SLog(const char *fmt, ...); +void slog(const char *fmt, ...); uint32_t get_value(void); -#endif +#define TEE_LogPrintf(fmt, args...) slog(fmt, ##args) +#endif /* __TEE_LOG_H */ diff --git a/include/TA/huawei_ext/tee_log_legacy.h b/include/TA/huawei_ext/tee_log_legacy.h new file mode 100644 index 0000000..ffedcdc --- /dev/null +++ b/include/TA/huawei_ext/tee_log_legacy.h @@ -0,0 +1,18 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: Reference of TEE log api and internal definitions + */ + +#ifndef __TEE_LOG_LEGACY_H__ +#define __TEE_LOG_LEGACY_H__ + +void SLog(const char *fmt, ...); +#endif /* __TEE_LOG_LEGACY_H__ */ diff --git a/include/TA/huawei_ext/tee_openssl_err.h b/include/TA/huawei_ext/tee_openssl_err.h new file mode 100644 index 0000000..a9245a3 --- /dev/null +++ b/include/TA/huawei_ext/tee_openssl_err.h @@ -0,0 +1,500 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: tee crypto err definitions + */ + +#ifndef TEE_OPENSSL_ERR_H +#define TEE_OPENSSL_ERR_H + +/* + * define openssl lib reasons err code: + * Delete the prefix TEE_ERR_, which is the error code name in the open-source library. + */ +/* for common lib err */ +#define TEE_ERR_R_MALLOC_FAILURE 0x80022041 +#define TEE_ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED 0x80022042 +#define TEE_ERR_R_PASSED_NULL_PARAMETER 0x80022043 +#define TEE_ERR_R_INTERNAL_ERROR 0x80022044 +#define TEE_ERR_R_DISABLED 0x80022045 +#define TEE_ERR_R_INIT_FAIL 0x80022046 +#define TEE_ERR_R_PASSED_INVALID_ARGUMENT 0x80022007 +#define TEE_ERR_R_OPERATION_FAIL 0x80022048 + +/* for bn lib err */ +#define TEE_ERR_BN_R_ARG2_LT_ARG3 0x80023064 +#define TEE_ERR_BN_R_BAD_RECIPROCAL 0x80023065 +#define TEE_ERR_BN_R_BIGNUM_TOO_LONG 0x80023072 +#define TEE_ERR_BN_R_BITS_TOO_SMALL 0x80023076 +#define TEE_ERR_BN_R_CALLED_WITH_EVEN_MODULUS 0x80023066 +#define TEE_ERR_BN_R_DIV_BY_ZERO 0x80023067 +#define TEE_ERR_BN_R_ENCODING_ERROR 0x80023068 +#define TEE_ERR_BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 0x80023069 +#define TEE_ERR_BN_R_INPUT_NOT_REDUCED 0x8002306e +#define TEE_ERR_BN_R_INVALID_LENGTH 0x8002306a +#define TEE_ERR_BN_R_INVALID_RANGE 0x80023073 +#define TEE_ERR_BN_R_INVALID_SHIFT 0x80023077 +#define TEE_ERR_BN_R_NOT_A_SQUARE 0x8002306f +#define TEE_ERR_BN_R_NOT_INITIALIZED 0x8002306b +#define TEE_ERR_BN_R_NO_INVERSE 0x8002306c +#define TEE_ERR_BN_R_NO_SOLUTION 0x80023074 +#define TEE_ERR_BN_R_PRIVATE_KEY_TOO_LARGE 0x80023075 +#define TEE_ERR_BN_R_P_IS_NOT_PRIME 0x80023070 +#define TEE_ERR_BN_R_TOO_MANY_ITERATIONS 0x80023071 +#define TEE_ERR_BN_R_TOO_MANY_TEMPORARY_VARIABLES 0x8002306d + +/* for rsa lib err */ +#define TEE_ERR_RSA_R_ALGORITHM_MISMATCH 0x80024064 +#define TEE_ERR_RSA_R_BAD_E_VALUE 0x80024065 +#define TEE_ERR_RSA_R_BAD_FIXED_HEADER_DECRYPT 0x80024066 +#define TEE_ERR_RSA_R_BAD_PAD_BYTE_COUNT 0x80024067 +#define TEE_ERR_RSA_R_BAD_SIGNATURE 0x80024068 +#define TEE_ERR_RSA_R_BLOCK_TYPE_IS_NOT_01 0x8002406a +#define TEE_ERR_RSA_R_BLOCK_TYPE_IS_NOT_02 0x8002406b +#define TEE_ERR_RSA_R_DATA_GREATER_THAN_MOD_LEN 0x8002406c +#define TEE_ERR_RSA_R_DATA_TOO_LARGE 0x8002406d +#define TEE_ERR_RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 0x8002406e +#define TEE_ERR_RSA_R_DATA_TOO_LARGE_FOR_MODULUS 0x80024084 +#define TEE_ERR_RSA_R_DATA_TOO_SMALL 0x8002406f +#define TEE_ERR_RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 0x8002407a +#define TEE_ERR_RSA_R_DIGEST_DOES_NOT_MATCH 0x8002409e +#define TEE_ERR_RSA_R_DIGEST_NOT_ALLOWED 0x80024091 +#define TEE_ERR_RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 0x80024070 +#define TEE_ERR_RSA_R_DMP1_NOT_CONGRUENT_TO_D 0x8002407c +#define TEE_ERR_RSA_R_DMQ1_NOT_CONGRUENT_TO_D 0x8002407d +#define TEE_ERR_RSA_R_D_E_NOT_CONGRUENT_TO_1 0x8002407b +#define TEE_ERR_RSA_R_FIRST_OCTET_INVALID 0x80024085 +#define TEE_ERR_RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 0x80024090 +#define TEE_ERR_RSA_R_INVALID_DIGEST 0x8002409d +#define TEE_ERR_RSA_R_INVALID_DIGEST_LENGTH 0x8002408f +#define TEE_ERR_RSA_R_INVALID_HEADER 0x80024089 +#define TEE_ERR_RSA_R_INVALID_LABEL 0x800240a0 +#define TEE_ERR_RSA_R_INVALID_MESSAGE_LENGTH 0x80024083 +#define TEE_ERR_RSA_R_INVALID_MGF1_MD 0x8002409c +#define TEE_ERR_RSA_R_INVALID_MULTI_PRIME_KEY 0x800240a7 +#define TEE_ERR_RSA_R_INVALID_OAEP_PARAMETERS 0x800240a1 +#define TEE_ERR_RSA_R_INVALID_PADDING 0x8002408a +#define TEE_ERR_RSA_R_INVALID_PADDING_MODE 0x8002408d +#define TEE_ERR_RSA_R_INVALID_PSS_PARAMETERS 0x80024095 +#define TEE_ERR_RSA_R_INVALID_PSS_SALTLEN 0x80024092 +#define TEE_ERR_RSA_R_INVALID_SALT_LENGTH 0x80024096 +#define TEE_ERR_RSA_R_INVALID_TRAILER 0x8002408b +#define TEE_ERR_RSA_R_INVALID_X931_DIGEST 0x8002408e +#define TEE_ERR_RSA_R_IQMP_NOT_INVERSE_OF_Q 0x8002407e +#define TEE_ERR_RSA_R_KEY_PRIME_NUM_INVALID 0x800240a5 +#define TEE_ERR_RSA_R_KEY_SIZE_TOO_SMALL 0x80024078 +#define TEE_ERR_RSA_R_LAST_OCTET_INVALID 0x80024086 +#define TEE_ERR_RSA_R_MISSING_PRIVATE_KEY 0x800240b3 +#define TEE_ERR_RSA_R_MGF1_DIGEST_NOT_ALLOWED 0x80024098 +#define TEE_ERR_RSA_R_MODULUS_TOO_LARGE 0x80024069 +#define TEE_ERR_RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 0x800240a8 +#define TEE_ERR_RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 0x800240a9 +#define TEE_ERR_RSA_R_MP_R_NOT_PRIME 0x800240aa +#define TEE_ERR_RSA_R_NO_PUBLIC_EXPONENT 0x8002408c +#define TEE_ERR_RSA_R_NULL_BEFORE_BLOCK_MISSING 0x80024071 +#define TEE_ERR_RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 0x800240ac +#define TEE_ERR_RSA_R_N_DOES_NOT_EQUAL_P_Q 0x8002407f +#define TEE_ERR_RSA_R_OAEP_DECODING_ERROR 0x80024079 +#define TEE_ERR_RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 0x80024094 +#define TEE_ERR_RSA_R_PADDING_CHECK_FAILED 0x80024072 +#define TEE_ERR_RSA_R_PKCS_DECODING_ERROR 0x8002409f +#define TEE_ERR_RSA_R_PSS_SALTLEN_TOO_SMALL 0x800240a4 +#define TEE_ERR_RSA_R_P_NOT_PRIME 0x80024080 +#define TEE_ERR_RSA_R_Q_NOT_PRIME 0x80024081 +#define TEE_ERR_RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 0x80024082 +#define TEE_ERR_RSA_R_SLEN_CHECK_FAILED 0x80024088 +#define TEE_ERR_RSA_R_SLEN_RECOVERY_FAILED 0x80024087 +#define TEE_ERR_RSA_R_SSLV3_ROLLBACK_ATTACK 0x80024073 +#define TEE_ERR_RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 0x80024074 +#define TEE_ERR_RSA_R_UNKNOWN_ALGORITHM_TYPE 0x80024075 +#define TEE_ERR_RSA_R_UNKNOWN_DIGEST 0x800240a6 +#define TEE_ERR_RSA_R_UNKNOWN_MASK_DIGEST 0x80024097 +#define TEE_ERR_RSA_R_UNKNOWN_PADDING_TYPE 0x80024076 +#define TEE_ERR_RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 0x800240a2 +#define TEE_ERR_RSA_R_UNSUPPORTED_LABEL_SOURCE 0x800240a3 +#define TEE_ERR_RSA_R_UNSUPPORTED_MASK_ALGORITHM 0x80024099 +#define TEE_ERR_RSA_R_UNSUPPORTED_MASK_PARAMETER 0x8002409a +#define TEE_ERR_RSA_R_UNSUPPORTED_SIGNATURE_TYPE 0x8002409b +#define TEE_ERR_RSA_R_VALUE_MISSING 0x80024093 +#define TEE_ERR_RSA_R_WRONG_SIGNATURE_LENGTH 0x80024077 + +/* for evp lib err */ +#define TEE_ERR_EVP_R_AES_KEY_SETUP_FAILED 0x8002508f +#define TEE_ERR_EVP_R_ARIA_KEY_SETUP_FAILED 0x800250b0 +#define TEE_ERR_EVP_R_BAD_DECRYPT 0x80025064 +#define TEE_ERR_EVP_R_BAD_KEY_LENGTH 0x800250c3 +#define TEE_ERR_EVP_R_BUFFER_TOO_SMALL 0x8002509b +#define TEE_ERR_EVP_R_CAMELLIA_KEY_SETUP_FAILED 0x8002509d +#define TEE_ERR_EVP_R_CIPHER_PARAMETER_ERROR 0x8002507a +#define TEE_ERR_EVP_R_COMMAND_NOT_SUPPORTED 0x80025093 +#define TEE_ERR_EVP_R_COPY_ERROR 0x800250ad +#define TEE_ERR_EVP_R_CTRL_NOT_IMPLEMENTED 0x80025084 +#define TEE_ERR_EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 0x80025085 +#define TEE_ERR_EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 0x8002508a +#define TEE_ERR_EVP_R_DECODE_ERROR 0x80025072 +#define TEE_ERR_EVP_R_DIFFERENT_KEY_TYPES 0x80025065 +#define TEE_ERR_EVP_R_DIFFERENT_PARAMETERS 0x80025099 +#define TEE_ERR_EVP_R_ERROR_LOADING_SECTION 0x800250a5 +#define TEE_ERR_EVP_R_ERROR_SETTING_FIPS_MODE 0x800250a6 +#define TEE_ERR_EVP_R_EXPECTING_AN_HMAC_KEY 0x800250ae +#define TEE_ERR_EVP_R_EXPECTING_AN_RSA_KEY 0x8002507f +#define TEE_ERR_EVP_R_EXPECTING_A_DH_KEY 0x80025080 +#define TEE_ERR_EVP_R_EXPECTING_A_DSA_KEY 0x80025081 +#define TEE_ERR_EVP_R_EXPECTING_A_EC_KEY 0x8002508e +#define TEE_ERR_EVP_R_EXPECTING_A_POLY1305_KEY 0x800250a4 +#define TEE_ERR_EVP_R_EXPECTING_A_SIPHASH_KEY 0x800250af +#define TEE_ERR_EVP_R_FIPS_MODE_NOT_SUPPORTED 0x800250a7 +#define TEE_ERR_EVP_R_GET_RAW_KEY_FAILED 0x800250b6 +#define TEE_ERR_EVP_R_ILLEGAL_SCRYPT_PARAMETERS 0x800250ab +#define TEE_ERR_EVP_R_INITIALIZATION_ERROR 0x80025086 +#define TEE_ERR_EVP_R_INPUT_NOT_INITIALIZED 0x8002506f +#define TEE_ERR_EVP_R_INVALID_DIGEST 0x80025098 +#define TEE_ERR_EVP_R_INVALID_FIPS_MODE 0x800250a8 +#define TEE_ERR_EVP_R_INVALID_IV_LENGTH 0x800250c2 +#define TEE_ERR_EVP_R_INVALID_KEY 0x800250a3 +#define TEE_ERR_EVP_R_INVALID_KEY_LENGTH 0x80025082 +#define TEE_ERR_EVP_R_INVALID_OPERATION 0x80025094 +#define TEE_ERR_EVP_R_KEYGEN_FAILURE 0x80025078 +#define TEE_ERR_EVP_R_KEY_SETUP_FAILED 0x800250b4 +#define TEE_ERR_EVP_R_MEMORY_LIMIT_EXCEEDED 0x800250ac +#define TEE_ERR_EVP_R_MESSAGE_DIGEST_IS_NULL 0x8002509f +#define TEE_ERR_EVP_R_METHOD_NOT_SUPPORTED 0x80025090 +#define TEE_ERR_EVP_R_MISSING_PARAMETERS 0x80025067 +#define TEE_ERR_EVP_R_NOT_XOF_OR_INVALID_LENGTH 0x800250b2 +#define TEE_ERR_EVP_R_NO_CIPHER_SET 0x80025083 +#define TEE_ERR_EVP_R_NO_DEFAULT_DIGEST 0x8002509e +#define TEE_ERR_EVP_R_NO_DIGEST_SET 0x8002508b +#define TEE_ERR_EVP_R_NO_KEY_SET 0x8002509a +#define TEE_ERR_EVP_R_NO_OPERATION_SET 0x80025095 +#define TEE_ERR_EVP_R_ONLY_ONESHOT_SUPPORTED 0x800250b1 +#define TEE_ERR_EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 0x80025096 +#define TEE_ERR_EVP_R_OPERATON_NOT_INITIALIZED 0x80025097 +#define TEE_ERR_EVP_R_PARTIALLY_OVERLAPPING 0x800250a2 +#define TEE_ERR_EVP_R_PBKDF2_ERROR 0x800250b5 +#define TEE_ERR_EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 0x800250b3 +#define TEE_ERR_EVP_R_PRIVATE_KEY_DECODE_ERROR 0x80025091 +#define TEE_ERR_EVP_R_PRIVATE_KEY_ENCODE_ERROR 0x80025092 +#define TEE_ERR_EVP_R_PUBLIC_KEY_NOT_RSA 0x8002506a +#define TEE_ERR_EVP_R_UNKNOWN_CIPHER 0x800250a0 +#define TEE_ERR_EVP_R_UNKNOWN_DIGEST 0x800250a1 +#define TEE_ERR_EVP_R_UNKNOWN_OPTION 0x800250a9 +#define TEE_ERR_EVP_R_UNKNOWN_PBE_ALGORITHM 0x80025079 +#define TEE_ERR_EVP_R_UNSUPPORTED_ALGORITHM 0x8002509c +#define TEE_ERR_EVP_R_UNSUPPORTED_CIPHER 0x8002506b +#define TEE_ERR_EVP_R_UNSUPPORTED_KEYLENGTH 0x8002507b +#define TEE_ERR_EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 0x8002507c +#define TEE_ERR_EVP_R_UNSUPPORTED_KEY_SIZE 0x8002506c +#define TEE_ERR_EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 0x80025087 +#define TEE_ERR_EVP_R_UNSUPPORTED_PRF 0x8002507d +#define TEE_ERR_EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 0x80025076 +#define TEE_ERR_EVP_R_UNSUPPORTED_SALT_TYPE 0x8002507e +#define TEE_ERR_EVP_R_WRAP_MODE_NOT_ALLOWED 0x800250aa +#define TEE_ERR_EVP_R_WRONG_FINAL_BLOCK_LENGTH 0x8002506d +#define TEE_ERR_EVP_R_XTS_DUPLICATED_KEYS 0x800250b7 + +/* for pem lib err */ +#define TEE_ERR_PEM_R_BAD_BASE64_DECODE 0x80026064 +#define TEE_ERR_PEM_R_BAD_DECRYPT 0x80026065 +#define TEE_ERR_PEM_R_BAD_END_LINE 0x80026066 +#define TEE_ERR_PEM_R_BAD_IV_CHARS 0x80026067 +#define TEE_ERR_PEM_R_BAD_MAGIC_NUMBER 0x80026074 +#define TEE_ERR_PEM_R_BAD_PASSWORD_READ 0x80026068 +#define TEE_ERR_PEM_R_BAD_VERSION_NUMBER 0x80026075 +#define TEE_ERR_PEM_R_BIO_WRITE_FAILURE 0x80026076 +#define TEE_ERR_PEM_R_CIPHER_IS_NULL 0x8002607f +#define TEE_ERR_PEM_R_ERROR_CONVERTING_PRIVATE_KEY 0x80026073 +#define TEE_ERR_PEM_R_EXPECTING_PRIVATE_KEY_BLOB 0x80026077 +#define TEE_ERR_PEM_R_EXPECTING_PUBLIC_KEY_BLOB 0x80026078 +#define TEE_ERR_PEM_R_HEADER_TOO_LONG 0x80026080 +#define TEE_ERR_PEM_R_INCONSISTENT_HEADER 0x80026079 +#define TEE_ERR_PEM_R_KEYBLOB_HEADER_PARSE_ERROR 0x8002607a +#define TEE_ERR_PEM_R_KEYBLOB_TOO_SHORT 0x8002607b +#define TEE_ERR_PEM_R_MISSING_DEK_IV 0x80026081 +#define TEE_ERR_PEM_R_NOT_DEK_INFO 0x80026069 +#define TEE_ERR_PEM_R_NOT_ENCRYPTED 0x8002606a +#define TEE_ERR_PEM_R_NOT_PROC_TYPE 0x8002606b +#define TEE_ERR_PEM_R_NO_START_LINE 0x8002606c +#define TEE_ERR_PEM_R_PROBLEMS_GETTING_PASSWORD 0x8002606d +#define TEE_ERR_PEM_R_PVK_DATA_TOO_SHORT 0x8002607c +#define TEE_ERR_PEM_R_PVK_TOO_SHORT 0x8002607d +#define TEE_ERR_PEM_R_READ_KEY 0x8002606f +#define TEE_ERR_PEM_R_SHORT_HEADER 0x80026070 +#define TEE_ERR_PEM_R_UNEXPECTED_DEK_IV 0x80026082 +#define TEE_ERR_PEM_R_UNSUPPORTED_CIPHER 0x80026071 +#define TEE_ERR_PEM_R_UNSUPPORTED_ENCRYPTION 0x80026072 +#define TEE_ERR_PEM_R_UNSUPPORTED_KEY_COMPONENTS 0x8002607e + +/* for x509 lib err */ +#define TEE_ERR_X509_R_AKID_MISMATCH 0x8002706e +#define TEE_ERR_X509_R_BAD_SELECTOR 0x80027085 +#define TEE_ERR_X509_R_BAD_X509_FILETYPE 0x80027064 +#define TEE_ERR_X509_R_BASE64_DECODE_ERROR 0x80027076 +#define TEE_ERR_X509_R_CANT_CHECK_DH_KEY 0x80027072 +#define TEE_ERR_X509_R_CERT_ALREADY_IN_HASH_TABLE 0x80027065 +#define TEE_ERR_X509_R_CRL_ALREADY_DELTA 0x8002707f +#define TEE_ERR_X509_R_CRL_VERIFY_FAILURE 0x80027083 +#define TEE_ERR_X509_R_IDP_MISMATCH 0x80027080 +#define TEE_ERR_X509_R_INVALID_ATTRIBUTES 0x8002708a +#define TEE_ERR_X509_R_INVALID_DIRECTORY 0x80027071 +#define TEE_ERR_X509_R_INVALID_FIELD_NAME 0x80027077 +#define TEE_ERR_X509_R_INVALID_TRUST 0x8002707b +#define TEE_ERR_X509_R_ISSUER_MISMATCH 0x80027081 +#define TEE_ERR_X509_R_KEY_TYPE_MISMATCH 0x80027073 +#define TEE_ERR_X509_R_KEY_VALUES_MISMATCH 0x80027074 +#define TEE_ERR_X509_R_LOADING_CERT_DIR 0x80027067 +#define TEE_ERR_X509_R_LOADING_DEFAULTS 0x80027068 +#define TEE_ERR_X509_R_METHOD_NOT_SUPPORTED 0x8002707c +#define TEE_ERR_X509_R_NAME_TOO_LONG 0x80027086 +#define TEE_ERR_X509_R_NEWER_CRL_NOT_NEWER 0x80027084 +#define TEE_ERR_X509_R_NO_CERTIFICATE_FOUND 0x80027087 +#define TEE_ERR_X509_R_NO_CERTIFICATE_OR_CRL_FOUND 0x80027088 +#define TEE_ERR_X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 0x80027069 +#define TEE_ERR_X509_R_NO_CRL_FOUND 0x80027089 +#define TEE_ERR_X509_R_NO_CRL_NUMBER 0x80027082 +#define TEE_ERR_X509_R_PUBLIC_KEY_DECODE_ERROR 0x8002707d +#define TEE_ERR_X509_R_PUBLIC_KEY_ENCODE_ERROR 0x8002707e +#define TEE_ERR_X509_R_SHOULD_RETRY 0x8002706a +#define TEE_ERR_X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 0x8002706b +#define TEE_ERR_X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 0x8002706c +#define TEE_ERR_X509_R_UNKNOWN_KEY_TYPE 0x80027075 +#define TEE_ERR_X509_R_UNKNOWN_NID 0x8002706d +#define TEE_ERR_X509_R_UNKNOWN_PURPOSE_ID 0x80027079 +#define TEE_ERR_X509_R_UNKNOWN_TRUST_ID 0x80027078 +#define TEE_ERR_X509_R_UNSUPPORTED_ALGORITHM 0x8002706f +#define TEE_ERR_X509_R_WRONG_LOOKUP_TYPE 0x80027070 +#define TEE_ERR_X509_R_WRONG_TYPE 0x8002707a + +/* for asn1 lib err */ +#define TEE_ERR_ASN1_R_ADDING_OBJECT 0x800280ab +#define TEE_ERR_ASN1_R_ASN1_PARSE_ERROR 0x800280cb +#define TEE_ERR_ASN1_R_ASN1_SIG_PARSE_ERROR 0x800280cc +#define TEE_ERR_ASN1_R_AUX_ERROR 0x80028064 +#define TEE_ERR_ASN1_R_BAD_OBJECT_HEADER 0x80028066 +#define TEE_ERR_ASN1_R_BMPSTRING_IS_WRONG_LENGTH 0x800280d6 +#define TEE_ERR_ASN1_R_BN_LIB 0x80028069 +#define TEE_ERR_ASN1_R_BOOLEAN_IS_WRONG_LENGTH 0x8002806a +#define TEE_ERR_ASN1_R_BUFFER_TOO_SMALL 0x8002806b +#define TEE_ERR_ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 0x8002806c +#define TEE_ERR_ASN1_R_CONTEXT_NOT_INITIALISED 0x800280d9 +#define TEE_ERR_ASN1_R_DATA_IS_WRONG 0x8002806d +#define TEE_ERR_ASN1_R_DECODE_ERROR 0x8002806e +#define TEE_ERR_ASN1_R_DEPTH_EXCEEDED 0x800280ae +#define TEE_ERR_ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 0x800280c6 +#define TEE_ERR_ASN1_R_ENCODE_ERROR 0x80028070 +#define TEE_ERR_ASN1_R_ERROR_GETTING_TIME 0x800280ad +#define TEE_ERR_ASN1_R_ERROR_LOADING_SECTION 0x800280ac +#define TEE_ERR_ASN1_R_ERROR_SETTING_CIPHER_PARAMS 0x80028072 +#define TEE_ERR_ASN1_R_EXPECTING_AN_INTEGER 0x80028073 +#define TEE_ERR_ASN1_R_EXPECTING_AN_OBJECT 0x80028074 +#define TEE_ERR_ASN1_R_EXPLICIT_LENGTH_MISMATCH 0x80028077 +#define TEE_ERR_ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 0x80028078 +#define TEE_ERR_ASN1_R_FIELD_MISSING 0x80028079 +#define TEE_ERR_ASN1_R_FIRST_NUM_TOO_LARGE 0x8002807a +#define TEE_ERR_ASN1_R_HEADER_TOO_LONG 0x8002807b +#define TEE_ERR_ASN1_R_ILLEGAL_BITSTRING_FORMAT 0x800280af +#define TEE_ERR_ASN1_R_ILLEGAL_BOOLEAN 0x800280b0 +#define TEE_ERR_ASN1_R_ILLEGAL_CHARACTERS 0x8002807c +#define TEE_ERR_ASN1_R_ILLEGAL_FORMAT 0x800280b1 +#define TEE_ERR_ASN1_R_ILLEGAL_HEX 0x800280b2 +#define TEE_ERR_ASN1_R_ILLEGAL_IMPLICIT_TAG 0x800280b3 +#define TEE_ERR_ASN1_R_ILLEGAL_INTEGER 0x800280b4 +#define TEE_ERR_ASN1_R_ILLEGAL_NEGATIVE_VALUE 0x800280e2 +#define TEE_ERR_ASN1_R_ILLEGAL_NESTED_TAGGING 0x800280b5 +#define TEE_ERR_ASN1_R_ILLEGAL_NULL 0x8002807d +#define TEE_ERR_ASN1_R_ILLEGAL_NULL_VALUE 0x800280b6 +#define TEE_ERR_ASN1_R_ILLEGAL_OBJECT 0x800280b7 +#define TEE_ERR_ASN1_R_ILLEGAL_OPTIONAL_ANY 0x8002807e +#define TEE_ERR_ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 0x800280aa +#define TEE_ERR_ASN1_R_ILLEGAL_PADDING 0x800280dd +#define TEE_ERR_ASN1_R_ILLEGAL_TAGGED_ANY 0x8002807f +#define TEE_ERR_ASN1_R_ILLEGAL_TIME_VALUE 0x800280b8 +#define TEE_ERR_ASN1_R_ILLEGAL_ZERO_CONTENT 0x800280de +#define TEE_ERR_ASN1_R_INTEGER_NOT_ASCII_FORMAT 0x800280b9 +#define TEE_ERR_ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 0x80028080 +#define TEE_ERR_ASN1_R_INVALID_BIT_STRING_BITS_LEFT 0x800280dc +#define TEE_ERR_ASN1_R_INVALID_BMPSTRING_LENGTH 0x80028081 +#define TEE_ERR_ASN1_R_INVALID_DIGIT 0x80028082 +#define TEE_ERR_ASN1_R_INVALID_MIME_TYPE 0x800280cd +#define TEE_ERR_ASN1_R_INVALID_MODIFIER 0x800280ba +#define TEE_ERR_ASN1_R_INVALID_NUMBER 0x800280bb +#define TEE_ERR_ASN1_R_INVALID_OBJECT_ENCODING 0x800280d8 +#define TEE_ERR_ASN1_R_INVALID_SCRYPT_PARAMETERS 0x800280e3 +#define TEE_ERR_ASN1_R_INVALID_SEPARATOR 0x80028083 +#define TEE_ERR_ASN1_R_INVALID_STRING_TABLE_VALUE 0x800280da +#define TEE_ERR_ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 0x80028085 +#define TEE_ERR_ASN1_R_INVALID_UTF8STRING 0x80028086 +#define TEE_ERR_ASN1_R_INVALID_VALUE 0x800280db +#define TEE_ERR_ASN1_R_LIST_ERROR 0x800280bc +#define TEE_ERR_ASN1_R_MIME_NO_CONTENT_TYPE 0x800280ce +#define TEE_ERR_ASN1_R_MIME_PARSE_ERROR 0x800280cf +#define TEE_ERR_ASN1_R_MIME_SIG_PARSE_ERROR 0x800280d0 +#define TEE_ERR_ASN1_R_MISSING_EOC 0x80028089 +#define TEE_ERR_ASN1_R_MISSING_SECOND_NUMBER 0x8002808a +#define TEE_ERR_ASN1_R_MISSING_VALUE 0x800280bd +#define TEE_ERR_ASN1_R_MSTRING_NOT_UNIVERSAL 0x8002808b +#define TEE_ERR_ASN1_R_MSTRING_WRONG_TAG 0x8002808c +#define TEE_ERR_ASN1_R_NESTED_ASN1_STRING 0x800280c5 +#define TEE_ERR_ASN1_R_NESTED_TOO_DEEP 0x800280c9 +#define TEE_ERR_ASN1_R_NON_HEX_CHARACTERS 0x8002808d +#define TEE_ERR_ASN1_R_NOT_ASCII_FORMAT 0x800280be +#define TEE_ERR_ASN1_R_NOT_ENOUGH_DATA 0x8002808e +#define TEE_ERR_ASN1_R_NO_CONTENT_TYPE 0x800280d1 +#define TEE_ERR_ASN1_R_NO_MATCHING_CHOICE_TYPE 0x8002808f +#define TEE_ERR_ASN1_R_NO_MULTIPART_BODY_FAILURE 0x800280d2 +#define TEE_ERR_ASN1_R_NO_MULTIPART_BOUNDARY 0x800280d3 +#define TEE_ERR_ASN1_R_NO_SIG_CONTENT_TYPE 0x800280d4 +#define TEE_ERR_ASN1_R_NULL_IS_WRONG_LENGTH 0x80028090 +#define TEE_ERR_ASN1_R_OBJECT_NOT_ASCII_FORMAT 0x800280bf +#define TEE_ERR_ASN1_R_ODD_NUMBER_OF_CHARS 0x80028091 +#define TEE_ERR_ASN1_R_SECOND_NUMBER_TOO_LARGE 0x80028093 +#define TEE_ERR_ASN1_R_SEQUENCE_LENGTH_MISMATCH 0x80028094 +#define TEE_ERR_ASN1_R_SEQUENCE_NOT_CONSTRUCTED 0x80028095 +#define TEE_ERR_ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 0x800280c0 +#define TEE_ERR_ASN1_R_SHORT_LINE 0x80028096 +#define TEE_ERR_ASN1_R_SIG_INVALID_MIME_TYPE 0x800280d5 +#define TEE_ERR_ASN1_R_STREAMING_NOT_SUPPORTED 0x800280ca +#define TEE_ERR_ASN1_R_STRING_TOO_LONG 0x80028097 +#define TEE_ERR_ASN1_R_STRING_TOO_SHORT 0x80028098 +#define TEE_ERR_ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 0x8002809a +#define TEE_ERR_ASN1_R_TIME_NOT_ASCII_FORMAT 0x800280c1 +#define TEE_ERR_ASN1_R_TOO_LARGE 0x800280df +#define TEE_ERR_ASN1_R_TOO_LONG 0x8002809b +#define TEE_ERR_ASN1_R_TOO_SMALL 0x800280e0 +#define TEE_ERR_ASN1_R_TYPE_NOT_CONSTRUCTED 0x8002809c +#define TEE_ERR_ASN1_R_TYPE_NOT_PRIMITIVE 0x800280c3 +#define TEE_ERR_ASN1_R_UNEXPECTED_EOC 0x8002809f +#define TEE_ERR_ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 0x800280d7 +#define TEE_ERR_ASN1_R_UNKNOWN_FORMAT 0x800280a0 +#define TEE_ERR_ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 0x800280a1 +#define TEE_ERR_ASN1_R_UNKNOWN_OBJECT_TYPE 0x800280a2 +#define TEE_ERR_ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 0x800280a3 +#define TEE_ERR_ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 0x800280c7 +#define TEE_ERR_ASN1_R_UNKNOWN_TAG 0x800280c2 +#define TEE_ERR_ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 0x800280a4 +#define TEE_ERR_ASN1_R_UNSUPPORTED_CIPHER 0x800280e4 +#define TEE_ERR_ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 0x800280a7 +#define TEE_ERR_ASN1_R_UNSUPPORTED_TYPE 0x800280c4 +#define TEE_ERR_ASN1_R_WRONG_INTEGER_TYPE 0x800280e1 +#define TEE_ERR_ASN1_R_WRONG_PUBLIC_KEY_TYPE 0x800280c8 +#define TEE_ERR_ASN1_R_WRONG_TAG 0x800280a8 + +/* for crypto lib err */ +#define TEE_ERR_CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 0x80029065 +#define TEE_ERR_CRYPTO_R_ILLEGAL_HEX_DIGIT 0x80029066 +#define TEE_ERR_CRYPTO_R_ODD_NUMBER_OF_DIGITS 0x80029067 + +/* for ec lib err */ +#define TEE_ERR_EC_R_ASN1_ERROR 0x8002a073 +#define TEE_ERR_EC_R_BAD_SIGNATURE 0x8002a09c +#define TEE_ERR_EC_R_BIGNUM_OUT_OF_RANGE 0x8002a090 +#define TEE_ERR_EC_R_BUFFER_TOO_SMALL 0x8002a064 +#define TEE_ERR_EC_R_CANNOT_INVERT 0x8002a0a5 +#define TEE_ERR_EC_R_COORDINATES_OUT_OF_RANGE 0x8002a092 +#define TEE_ERR_EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 0x8002a0a0 +#define TEE_ERR_EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 0x8002a09f +#define TEE_ERR_EC_R_D2I_ECPKPARAMETERS_FAILURE 0x8002a075 +#define TEE_ERR_EC_R_DECODE_ERROR 0x8002a08e +#define TEE_ERR_EC_R_DISCRIMINANT_IS_ZERO 0x8002a076 +#define TEE_ERR_EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 0x8002a077 +#define TEE_ERR_EC_R_FIELD_TOO_LARGE 0x8002a08f +#define TEE_ERR_EC_R_GF2M_NOT_SUPPORTED 0x8002a093 +#define TEE_ERR_EC_R_GROUP2PKPARAMETERS_FAILURE 0x8002a078 +#define TEE_ERR_EC_R_I2D_ECPKPARAMETERS_FAILURE 0x8002a079 +#define TEE_ERR_EC_R_INCOMPATIBLE_OBJECTS 0x8002a065 +#define TEE_ERR_EC_R_INVALID_ARGUMENT 0x8002a070 +#define TEE_ERR_EC_R_INVALID_COMPRESSED_POINT 0x8002a06e +#define TEE_ERR_EC_R_INVALID_COMPRESSION_BIT 0x8002a06d +#define TEE_ERR_EC_R_INVALID_CURVE 0x8002a08d +#define TEE_ERR_EC_R_INVALID_DIGEST 0x8002a097 +#define TEE_ERR_EC_R_INVALID_DIGEST_TYPE 0x8002a08a +#define TEE_ERR_EC_R_INVALID_ENCODING 0x8002a066 +#define TEE_ERR_EC_R_INVALID_FIELD 0x8002a067 +#define TEE_ERR_EC_R_INVALID_FORM 0x8002a068 +#define TEE_ERR_EC_R_INVALID_GROUP_ORDER 0x8002a07a +#define TEE_ERR_EC_R_INVALID_KEY 0x8002a074 +#define TEE_ERR_EC_R_INVALID_OUTPUT_LENGTH 0x8002a0a1 +#define TEE_ERR_EC_R_INVALID_PEER_KEY 0x8002a085 +#define TEE_ERR_EC_R_INVALID_PENTANOMIAL_BASIS 0x8002a084 +#define TEE_ERR_EC_R_INVALID_PRIVATE_KEY 0x8002a07b +#define TEE_ERR_EC_R_INVALID_TRINOMIAL_BASIS 0x8002a089 +#define TEE_ERR_EC_R_KDF_PARAMETER_ERROR 0x8002a094 +#define TEE_ERR_EC_R_KEYS_NOT_SET 0x8002a08c +#define TEE_ERR_EC_R_LADDER_POST_FAILURE 0x8002a088 +#define TEE_ERR_EC_R_LADDER_PRE_FAILURE 0x8002a099 +#define TEE_ERR_EC_R_LADDER_STEP_FAILURE 0x8002a0a2 +#define TEE_ERR_EC_R_MISSING_PARAMETERS 0x8002a07c +#define TEE_ERR_EC_R_MISSING_PRIVATE_KEY 0x8002a07d +#define TEE_ERR_EC_R_NEED_NEW_SETUP_VALUES 0x8002a09d +#define TEE_ERR_EC_R_NOT_A_NIST_PRIME 0x8002a087 +#define TEE_ERR_EC_R_NOT_IMPLEMENTED 0x8002a07e +#define TEE_ERR_EC_R_NOT_INITIALIZED 0x8002a06f +#define TEE_ERR_EC_R_NO_PARAMETERS_SET 0x8002a08b +#define TEE_ERR_EC_R_NO_PRIVATE_VALUE 0x8002a09a +#define TEE_ERR_EC_R_OPERATION_NOT_SUPPORTED 0x8002a098 +#define TEE_ERR_EC_R_PASSED_NULL_PARAMETER 0x8002a086 +#define TEE_ERR_EC_R_PEER_KEY_ERROR 0x8002a095 +#define TEE_ERR_EC_R_PKPARAMETERS2GROUP_FAILURE 0x8002a07f +#define TEE_ERR_EC_R_POINT_ARITHMETIC_FAILURE 0x8002a09b +#define TEE_ERR_EC_R_POINT_AT_INFINITY 0x8002a06a +#define TEE_ERR_EC_R_POINT_COORDINATES_BLIND_FAILURE 0x8002a0a3 +#define TEE_ERR_EC_R_POINT_IS_NOT_ON_CURVE 0x8002a06b +#define TEE_ERR_EC_R_RANDOM_NUMBER_GENERATION_FAILED 0x8002a09e +#define TEE_ERR_EC_R_SHARED_INFO_ERROR 0x8002a096 +#define TEE_ERR_EC_R_SLOT_FULL 0x8002a06c +#define TEE_ERR_EC_R_UNDEFINED_GENERATOR 0x8002a071 +#define TEE_ERR_EC_R_UNDEFINED_ORDER 0x8002a080 +#define TEE_ERR_EC_R_UNKNOWN_COFACTOR 0x8002a0a4 +#define TEE_ERR_EC_R_UNKNOWN_GROUP 0x8002a081 +#define TEE_ERR_EC_R_UNKNOWN_ORDER 0x8002a072 +#define TEE_ERR_EC_R_UNSUPPORTED_FIELD 0x8002a083 +#define TEE_ERR_EC_R_WRONG_CURVE_PARAMETERS 0x8002a091 +#define TEE_ERR_EC_R_WRONG_ORDER 0x8002a082 + +/* for pkcs7 lib err */ +#define TEE_ERR_PKCS7_R_CERTIFICATE_VERIFY_ERROR 0x8002b075 +#define TEE_ERR_PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 0x8002b090 +#define TEE_ERR_PKCS7_R_CIPHER_NOT_INITIALIZED 0x8002b074 +#define TEE_ERR_PKCS7_R_CONTENT_AND_DATA_PRESENT 0x8002b076 +#define TEE_ERR_PKCS7_R_CTRL_ERROR 0x8002b098 +#define TEE_ERR_PKCS7_R_DECRYPT_ERROR 0x8002b077 +#define TEE_ERR_PKCS7_R_DIGEST_FAILURE 0x8002b065 +#define TEE_ERR_PKCS7_R_ENCRYPTION_CTRL_FAILURE 0x8002b095 +#define TEE_ERR_PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 0x8002b096 +#define TEE_ERR_PKCS7_R_ERROR_ADDING_RECIPIENT 0x8002b078 +#define TEE_ERR_PKCS7_R_ERROR_SETTING_CIPHER 0x8002b079 +#define TEE_ERR_PKCS7_R_INVALID_NULL_POINTER 0x8002b08f +#define TEE_ERR_PKCS7_R_INVALID_SIGNED_DATA_TYPE 0x8002b09b +#define TEE_ERR_PKCS7_R_NO_CONTENT 0x8002b07a +#define TEE_ERR_PKCS7_R_NO_DEFAULT_DIGEST 0x8002b097 +#define TEE_ERR_PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 0x8002b09a +#define TEE_ERR_PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 0x8002b073 +#define TEE_ERR_PKCS7_R_NO_SIGNATURES_ON_DATA 0x8002b07b +#define TEE_ERR_PKCS7_R_NO_SIGNERS 0x8002b08e +#define TEE_ERR_PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 0x8002b068 +#define TEE_ERR_PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 0x8002b07c +#define TEE_ERR_PKCS7_R_PKCS7_ADD_SIGNER_ERROR 0x8002b099 +#define TEE_ERR_PKCS7_R_PKCS7_DATASIGN 0x8002b091 +#define TEE_ERR_PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 0x8002b07f +#define TEE_ERR_PKCS7_R_SIGNATURE_FAILURE 0x8002b069 +#define TEE_ERR_PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 0x8002b080 +#define TEE_ERR_PKCS7_R_SIGNING_CTRL_FAILURE 0x8002b093 +#define TEE_ERR_PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 0x8002b094 +#define TEE_ERR_PKCS7_R_SMIME_TEXT_ERROR 0x8002b081 +#define TEE_ERR_PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 0x8002b06a +#define TEE_ERR_PKCS7_R_UNABLE_TO_FIND_MEM_BIO 0x8002b06b +#define TEE_ERR_PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 0x8002b06c +#define TEE_ERR_PKCS7_R_UNKNOWN_DIGEST_TYPE 0x8002b06d +#define TEE_ERR_PKCS7_R_UNKNOWN_OPERATION 0x8002b06e +#define TEE_ERR_PKCS7_R_UNSUPPORTED_CIPHER_TYPE 0x8002b06f +#define TEE_ERR_PKCS7_R_UNSUPPORTED_CONTENT_TYPE 0x8002b070 +#define TEE_ERR_PKCS7_R_WRONG_CONTENT_TYPE 0x8002b071 +#define TEE_ERR_PKCS7_R_WRONG_PKCS7_TYPE 0x8002b072 + +#endif diff --git a/include/TA/huawei_ext/tee_ra_api.h b/include/TA/huawei_ext/tee_ra_api.h new file mode 100644 index 0000000..85c56dc --- /dev/null +++ b/include/TA/huawei_ext/tee_ra_api.h @@ -0,0 +1,23 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: API of TCMGR service. + */ +#ifndef TCMGR_SERVICE_TEE_RA_API_H +#define TCMGR_SERVICE_TEE_RA_API_H +#include +#include "qsi_data_structure.h" + +TEE_Result ra_seal(uint8_t *data, size_t in_size, uint8_t *cipher_data, size_t *cipher_size, uint32_t alg); +TEE_Result ra_unseal(uint8_t *cipher_data, size_t cipher_size, uint8_t *data, size_t *out_size, uint32_t alg); +TEE_Result ra_local_report(struct ra_buffer_data *in, struct ra_buffer_data *out); +TEE_Result ra_qsi_invoke(struct ra_buffer_data *in, struct ra_buffer_data *out); + +#endif diff --git a/include/TA/pthread_attr.h b/include/TA/pthread_attr.h new file mode 100644 index 0000000..90ac946 --- /dev/null +++ b/include/TA/pthread_attr.h @@ -0,0 +1,22 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: phtread attribution declared + */ +#ifndef PTHREAD_ATTR_H +#define PTHREAD_ATTR_H + +#define TEESMP_THREAD_ATTR_CA_WILDCARD 0 +#define TEESMP_THREAD_ATTR_CA_INHERIT (-1U) +#define TEESMP_THREAD_ATTR_TASK_ID_INHERIT (-1U) +#define TEESMP_THREAD_ATTR_HAS_SHADOW 0x1 +#define TEESMP_THREAD_ATTR_NO_SHADOW 0x0 + +#endif diff --git a/include/TA/tee_arith_api.h b/include/TA/tee_arith_api.h index 76ca0b0..313359a 100755 --- a/include/TA/tee_arith_api.h +++ b/include/TA/tee_arith_api.h @@ -1,6 +1,6 @@ /* * Copyright (c) Huawei Technologies Co., Ltd. 2012-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,16 +8,13 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: tee crypto definitions */ #ifndef TEE_ARITH_API_H #define TEE_ARITH_API_H -#include "tee_defines.h" - -#ifndef API_LEVEL -#define API_LEVEL API_LEVEL1_0 -#endif +#include /* * below definitions are defined by Global Platform @@ -69,7 +66,7 @@ void TEE_BigIntInit(TEE_BigInt *bigInt, size_t len); */ void TEE_BigIntInitFMMContext(TEE_BigIntFMMContext *context, size_t len, const TEE_BigInt *modulus); -#if (API_LEVEL >= API_LEVEL1_1_1) +#if defined(API_LEVEL) && defined(API_LEVEL1_1_1) && (API_LEVEL >= API_LEVEL1_1_1) /* * calculates the necessary prerequisites for the fast modular multiplication and stores them in a context. @@ -82,7 +79,7 @@ void TEE_BigIntInitFMMContext(TEE_BigIntFMMContext *context, size_t len, const T * @return other failed */ TEE_Result TEE_BigIntInitFMMContext1(TEE_BigIntFMMContext *context, size_t len, const TEE_BigInt *modulus); -#endif // API_LEVEL +#endif /* API_LEVEL */ /* * initializes bigIntFMM and sets its represented value to zero. @@ -194,7 +191,7 @@ bool TEE_BigIntGetBit(const TEE_BigInt *src, uint32_t bitIndex); */ uint32_t TEE_BigIntGetBitCount(const TEE_BigInt *src); -#if (API_LEVEL >= API_LEVEL1_2) +#if defined(API_LEVEL) && defined(API_LEVEL1_2) && (API_LEVEL >= API_LEVEL1_2) /* * sets the bitIndexth bit of the natural binary representation of |op| to 1 or 0 * @@ -228,7 +225,7 @@ TEE_Result TEE_BigIntAssign(TEE_BigInt *dest, const TEE_BigInt *src); * @return #TEE_ERROR_OVERFLOW In case the dest operand cannot hold the value of |src| */ TEE_Result TEE_BigIntAbs(TEE_BigInt *dest, const TEE_BigInt *src); -#endif // API_LEVEL +#endif /* API_LEVEL */ /* * computes dest = op1 + op2 @@ -253,14 +250,14 @@ void TEE_BigIntAdd(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op void TEE_BigIntSub(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2); /* - * negates an operand: dest = -op + * negates an operand: dest = -src * - * @param dest [OUT] PPointer to TEE_BigInt to store the result -op + * @param dest [OUT] PPointer to TEE_BigInt to store the result -src * @param op [IN] Pointer to the operand to be negated * * @return void */ -void TEE_BigIntNeg(TEE_BigInt *dest, const TEE_BigInt *op); +void TEE_BigIntNeg(TEE_BigInt *dest, const TEE_BigInt *src); /* * computes dest = op1 * op2 @@ -441,7 +438,7 @@ void TEE_BigIntConvertFromFMM(TEE_BigInt *dest, const TEE_BigIntFMM *src, const void TEE_BigIntComputeFMM(TEE_BigIntFMM *dest, const TEE_BigIntFMM *op1, const TEE_BigIntFMM *op2, const TEE_BigInt *n, const TEE_BigIntFMMContext *context); -#if (API_LEVEL >= API_LEVEL1_1_1) +#if defined(API_LEVEL) && defined(API_LEVEL1_1_1) && (API_LEVEL >= API_LEVEL1_1_1) /* * computes dest = (op1 ^ op2) (mod n). * @@ -456,7 +453,7 @@ void TEE_BigIntComputeFMM(TEE_BigIntFMM *dest, const TEE_BigIntFMM *op1, const T */ TEE_Result TEE_BigIntExpMod(TEE_BigInt *des, TEE_BigInt *op1, const TEE_BigInt *op2, const TEE_BigInt *n, TEE_BigIntFMMContext *context); -#endif // API_LEVEL +#endif /* API_LEVEL */ /* * check whether n exists to make dest = (op1 ^ op2) (mod n). diff --git a/include/TA/tee_core_api.h b/include/TA/tee_core_api.h index c07be0b..eabf2ec 100644 --- a/include/TA/tee_core_api.h +++ b/include/TA/tee_core_api.h @@ -1,6 +1,6 @@ /* * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,13 +8,14 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: tee core api definitions */ #ifndef __TEE_CORE_API_H #define __TEE_CORE_API_H #include "tee_defines.h" -#ifndef _TEE_TA_SESSION_HANDLE -#define _TEE_TA_SESSION_HANDLE +#ifndef TEE_TA_SESSION_HANDLE +#define TEE_TA_SESSION_HANDLE typedef uint32_t TEE_TASessionHandle; #endif @@ -79,4 +80,5 @@ bool TEE_UnmaskCancellation(void); /* not supported */ bool TEE_MaskCancellation(void); + #endif diff --git a/include/TA/tee_crypto_api.h b/include/TA/tee_crypto_api.h index c711d30..5abedf2 100644 --- a/include/TA/tee_crypto_api.h +++ b/include/TA/tee_crypto_api.h @@ -1,6 +1,6 @@ /* * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,23 +8,24 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: tee crypto definitions */ #ifndef TEE_CRYPTO_API_H #define TEE_CRYPTO_API_H -#include "pthread.h" // pthread_mutex_t -#include "tee_defines.h" -#include "tee_mem_mgmt_api.h" +#include /* pthread_mutex_t */ +#include +#include #ifndef NULL #define NULL ((void *)0) #endif -#define TEE_MAX_KEY_SIZE_IN_BITS (1024 * 8) - -#define SW_RSA_KEYLEN 1024 +#define TEE_MAX_KEY_SIZE_IN_BITS (1024 * 8) +#define SW_RSA_KEYLEN 1024 #define TEE_DH_MAX_SIZE_OF_OTHER_INFO 64 /* bytes */ +#define TEE_PARAM_COUNT_MAX 9 enum __TEE_Operation_Constants { TEE_OPERATION_CIPHER = 0x1, @@ -82,54 +83,59 @@ enum __tee_crypto_algorithm_id { TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384 = 0x60213230, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512 = 0x60214230, #endif - TEE_ALG_RSA_NOPAD = 0x60000030, - TEE_ALG_DSA_SHA1 = 0x70002131, - TEE_ALG_DSA_SHA224 = 0x70003131, - TEE_ALG_DSA_SHA256 = 0x70004131, - TEE_ALG_DH_DERIVE_SHARED_SECRET = 0x80000032, - TEE_ALG_MD5 = 0x50000001, - TEE_ALG_SHA1 = 0x50000002, - TEE_ALG_SHA224 = 0x50000003, - TEE_ALG_SHA256 = 0x50000004, - TEE_ALG_SHA384 = 0x50000005, - TEE_ALG_SHA512 = 0x50000006, - TEE_ALG_HMAC_MD5 = 0x30000001, - TEE_ALG_HMAC_SHA1 = 0x30000002, - TEE_ALG_HMAC_SHA224 = 0x30000003, - TEE_ALG_HMAC_SHA256 = 0x30000004, - TEE_ALG_HMAC_SHA384 = 0x30000005, - TEE_ALG_HMAC_SHA512 = 0x30000006, - TEE_ALG_HMAC_SM3 = 0x30000007, - TEE_ALG_AES_ECB_PKCS5 = 0x10000020, - TEE_ALG_AES_CBC_PKCS5 = 0x10000220, - TEE_ALG_ECDSA_SHA1 = 0x70001042, - TEE_ALG_ECDSA_SHA224 = 0x70002042, - TEE_ALG_ECDSA_SHA256 = 0x70003042, - TEE_ALG_ECDSA_SHA384 = 0x70004042, - TEE_ALG_ECDSA_SHA512 = 0x70005042, - TEE_ALG_ED25519 = 0x70005043, - TEE_ALG_ECDH_DERIVE_SHARED_SECRET = 0x80000042, - TEE_ALG_X25519 = 0x80000044, - TEE_ALG_ECC = 0x80000001, - TEE_ALG_ECDSA_P192 = 0x70001042, - TEE_ALG_ECDSA_P224 = 0x70002042, - TEE_ALG_ECDSA_P256 = 0x70003042, - TEE_ALG_ECDSA_P384 = 0x70004042, - TEE_ALG_ECDSA_P521 = 0x70005042, - TEE_ALG_ECDH_P192 = 0x80001042, - TEE_ALG_ECDH_P224 = 0x80002042, - TEE_ALG_ECDH_P256 = 0x80003042, - TEE_ALG_ECDH_P384 = 0x80004042, - TEE_ALG_ECDH_P521 = 0x80005042, - TEE_ALG_SM2_DSA_SM3 = 0x70006045, - TEE_ALG_SM2_PKE = 0x80000045, - TEE_ALG_SM3 = 0x50000007, - TEE_ALG_SM4_ECB_NOPAD = 0x10000014, - TEE_ALG_SM4_CBC_NOPAD = 0x10000114, - TEE_ALG_SM4_CTR = 0x10000214, - TEE_ALG_SM4_XTS = 0x10000414, - TEE_ALG_SM4_OFB = 0x10000514, - TEE_ALG_AES_OFB = 0x10000510, + TEE_ALG_RSA_NOPAD = 0x60000030, + TEE_ALG_DSA_SHA1 = 0x70002131, + TEE_ALG_DSA_SHA224 = 0x70003131, + TEE_ALG_DSA_SHA256 = 0x70004131, + TEE_ALG_DH_DERIVE_SHARED_SECRET = 0x80000032, + TEE_ALG_MD5 = 0x50000001, + TEE_ALG_SHA1 = 0x50000002, + TEE_ALG_SHA224 = 0x50000003, + TEE_ALG_SHA256 = 0x50000004, + TEE_ALG_SHA384 = 0x50000005, + TEE_ALG_SHA512 = 0x50000006, + TEE_ALG_HMAC_MD5 = 0x30000001, + TEE_ALG_HMAC_SHA1 = 0x30000002, + TEE_ALG_HMAC_SHA224 = 0x30000003, + TEE_ALG_HMAC_SHA256 = 0x30000004, + TEE_ALG_HMAC_SHA384 = 0x30000005, + TEE_ALG_HMAC_SHA512 = 0x30000006, + TEE_ALG_HMAC_SM3 = 0x30000007, + TEE_ALG_AES_ECB_PKCS5 = 0x10000020, + TEE_ALG_AES_CBC_PKCS5 = 0x10000220, + TEE_ALG_ECDSA_SHA1 = 0x70001042, + TEE_ALG_ECDSA_SHA224 = 0x70002042, + TEE_ALG_ECDSA_SHA256 = 0x70003042, + TEE_ALG_ECDSA_SHA384 = 0x70004042, + TEE_ALG_ECDSA_SHA512 = 0x70005042, + TEE_ALG_ED25519 = 0x70005043, + TEE_ALG_ECDH_DERIVE_SHARED_SECRET = 0x80000042, + TEE_ALG_X25519 = 0x80000044, + TEE_ALG_ECC = 0x80000001, + TEE_ALG_ECDSA_P192 = 0x70001042, + TEE_ALG_ECDSA_P224 = 0x70002042, + TEE_ALG_ECDSA_P256 = 0x70003042, + TEE_ALG_ECDSA_P384 = 0x70004042, + TEE_ALG_ECDSA_P521 = 0x70005042, + TEE_ALG_ECDH_P192 = 0x80001042, + TEE_ALG_ECDH_P224 = 0x80002042, + TEE_ALG_ECDH_P256 = 0x80003042, + TEE_ALG_ECDH_P384 = 0x80004042, + TEE_ALG_ECDH_P521 = 0x80005042, + TEE_ALG_SIP_HASH = 0xF0000002, + TEE_ALG_SM2_DSA_SM3 = 0x70006045, + TEE_ALG_SM2_PKE = 0x80000045, + TEE_ALG_SM3 = 0x50000007, + TEE_ALG_SM4_ECB_NOPAD = 0x10000014, + TEE_ALG_SM4_ECB_PKCS7 = 0x10000024, + TEE_ALG_SM4_CBC_NOPAD = 0x10000114, + TEE_ALG_SM4_CBC_PKCS7 = 0xF0000003, + TEE_ALG_SM4_CTR = 0x10000214, + TEE_ALG_SM4_CFB128 = 0xF0000000, + TEE_ALG_SM4_XTS = 0x10000414, + TEE_ALG_SM4_OFB = 0x10000514, + TEE_ALG_AES_OFB = 0x10000510, + TEE_ALG_SM4_GCM = 0xF0000005, }; typedef enum __tee_crypto_algorithm_id tee_crypto_algorithm_id; @@ -162,13 +168,13 @@ typedef enum { } TEE_DH_OpMode_t; typedef enum { - TEE_DH_ASN1_DerivMode = 0, /* *< ASN1_DerivMode */ - TEE_DH_ConcatDerivMode = 1, /* *< ConcatDerivMode */ - TEE_DH_X963_DerivMode = TEE_DH_ConcatDerivMode, /* *< X963_DerivMode */ - TEE_DH_OMADRM_DerivMode = 2, /* *< OMADRM_DerivMode */ - TEE_DH_ISO18033_KDF1_DerivMode = 3, /* *< ISO18033_KDF1_DerivMode */ - TEE_DH_ISO18033_KDF2_DerivMode = 4, /* *< ISO18033_KDF2_DerivMode */ - TEE_DH_DerivFunc_NumOfModes, /* *< num of modes */ + TEE_DH_ASN1_DerivMode = 0, /* ASN1_DerivMode */ + TEE_DH_ConcatDerivMode = 1, /* ConcatDerivMode */ + TEE_DH_X963_DerivMode = TEE_DH_ConcatDerivMode, /* X963_DerivMode */ + TEE_DH_OMADRM_DerivMode = 2, /* OMADRM_DerivMode */ + TEE_DH_ISO18033_KDF1_DerivMode = 3, /* ISO18033_KDF1_DerivMode */ + TEE_DH_ISO18033_KDF2_DerivMode = 4, /* ISO18033_KDF2_DerivMode */ + TEE_DH_DerivFunc_NumOfModes, /* num of modes */ } TEE_DH_DerivFuncMode; enum __TEE_DK_ObjectAttribute { @@ -242,9 +248,9 @@ typedef struct { } TEE_OperationInfoMultiple; struct __TEE_OperationHandle { - uint32_t algorithm; /* *< #__TEE_CRYPTO_ALGORITHM_ID */ - uint32_t operationClass; /* *< #__TEE_Operation_Constants */ - uint32_t mode; /* *< #__TEE_OperationMode */ + uint32_t algorithm; /* #__TEE_CRYPTO_ALGORITHM_ID */ + uint32_t operationClass; /* #__TEE_Operation_Constants */ + uint32_t mode; /* #__TEE_OperationMode */ uint32_t digestLength; uint32_t maxKeySize; uint32_t keySize; @@ -261,12 +267,12 @@ struct __TEE_OperationHandle { void *privateKey; uint32_t privateKeyLen; uint32_t IVLen; - // start of DH + /* start of DH */ TEE_DH_OtherInfo *dh_otherinfo; /* #TEE_DH_OtherInfo */ uint32_t dh_hash_mode; /* #TEE_DH_HASH_Mode */ uint32_t dh_derive_func; /* #TEE_DH_DerivFuncMode */ uint32_t dh_op_mode; /* #TEE_DH_OpMode_t */ - // end of DH + /* end of DH */ pthread_mutex_t operation_lock; void *hal_info; }; @@ -306,7 +312,7 @@ typedef struct __TEE_ObjectHandle TEE_ObjectHandleVar; * @param operation [IN/OUT] #TEE_OperationHandle * @param algorithm [IN] #TEE_CRYPTO_ALGORITHM_ID * @param mode [IN] #TEE_OperationMode - * @param maxKeySize [IN] The max key size + * @param max_key_size [IN] The max key size * * @return TEE_SUCCESS succss * @return TEE_ERROR_OUT_OF_MEMORY #TEE_OperationHandle malloc failed @@ -314,7 +320,7 @@ typedef struct __TEE_ObjectHandle TEE_ObjectHandleVar; * @return TEE_ERROR_GENERIC other failed */ TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, uint32_t algorithm, uint32_t mode, - uint32_t maxKeySize); + uint32_t max_key_size); /* * free Operation handle * @@ -370,12 +376,12 @@ TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, const TEE_ObjectH /* * copy src operation to dest operation * - * @param dstOperation [IN/OUT] #TEE_OperationHandle - * @param srcOperation [IN/OUT] #TEE_OperationHandle + * @param dst_operation [IN/OUT] #TEE_OperationHandle + * @param src_operation [IN/OUT] #TEE_OperationHandle * * @return void */ -void TEE_CopyOperation(TEE_OperationHandle dstOperation, const TEE_OperationHandle srcOperation); +void TEE_CopyOperation(TEE_OperationHandle dst_operation, const TEE_OperationHandle src_operation); /* * init cipher context @@ -430,11 +436,11 @@ TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, const void *srcData, */ #ifndef GP_SUPPORT -#if (API_LEVEL >= 2) +#if defined(API_LEVEL) && (API_LEVEL >= 2) void TEE_DigestUpdate(TEE_OperationHandle operation, const void *chunk, size_t chunkSize); #else TEE_Result TEE_DigestUpdate(TEE_OperationHandle operation, const void *chunk, size_t chunkSize); -#endif // API_LEVEL +#endif /* API_LEVEL */ #else void TEE_DigestUpdate(TEE_OperationHandle operation, const void *chunk, size_t chunkSize); @@ -506,13 +512,13 @@ TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, const void *messag */ #ifndef GP_SUPPORT -#if (API_LEVEL >= 2) +#if defined(API_LEVEL) && (API_LEVEL >= 2) TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, const void *message, size_t messageLen, const void *mac, const size_t macLen); #else TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, const void *message, size_t messageLen, const void *mac, const size_t *macLen); -#endif // API_LEVEL +#endif /* API_LEVEL */ #else TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, const void *message, size_t messageLen, const void *mac, @@ -687,7 +693,7 @@ TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, const TEE_Att TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, const TEE_Attribute *params, uint32_t paramCount, void *digest, size_t digestLen, void *signature, size_t signatureLen); -#if (API_LEVEL >= 2) +#if defined(API_LEVEL) && (API_LEVEL >= 2) /* * Get Operation Info multiple @@ -702,9 +708,9 @@ TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, const TEE_A */ TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, TEE_OperationInfoMultiple *operationInfoMultiple, const size_t *operationSize); -#endif // API_LEVEL +#endif /* API_LEVEL */ -#if (API_LEVEL >= 3) +#if defined(API_LEVEL) && (API_LEVEL >= 2) /* * check whether the algorithm is sopported @@ -716,6 +722,8 @@ TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, TEE_Opera * @return TEE_ERROR_NOT_SUPPORTED not support */ TEE_Result TEE_IsAlgorithmSupported(uint32_t algId, uint32_t element); -#endif // API_LEVEL + +TEE_Result TEE_IsHardWareSupportAlgorithm(uint32_t alg_type); +#endif /* API_LEVEL */ #endif diff --git a/include/TA/tee_defines.h b/include/TA/tee_defines.h index 8fa7ada..6b24ff2 100755 --- a/include/TA/tee_defines.h +++ b/include/TA/tee_defines.h @@ -1,6 +1,6 @@ /* * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,6 +8,7 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: Reference of TEE internal api and internal definitions */ #ifndef __TEE_DEFINES_H @@ -16,6 +17,7 @@ #include #include #include +#include #ifndef TA_EXPORT #define TA_EXPORT @@ -28,17 +30,8 @@ typedef int *tee_mutex_handle; #define API_LEVEL1_2 3 #define TEE_PARAMS_NUM 4 -#undef true -#define true 1 -#undef false -#define false 0 - -#ifndef NULL -#define NULL ((void *)0) -#endif - -#define PARAM_NOT_USED(val) ((void)val) +#define PARAM_NOT_USED(val) ((void)(val)) typedef union { struct { @@ -85,6 +78,9 @@ enum TEE_ParamType { TEE_PARAM_TYPE_ION_INPUT = 0x8, TEE_PARAM_TYPE_ION_SGLIST_INPUT = 0x9, TEE_PARAM_TYPE_MEMREF_SHARED_INOUT = 0xa, + TEE_PARAM_TYPE_RESMEM_INPUT = 0xc, + TEE_PARAM_TYPE_RESMEM_OUTPUT = 0xd, + TEE_PARAM_TYPE_RESMEM_INOUT = 0xe, }; #define S_VAR_NOT_USED(variable) \ @@ -150,6 +146,9 @@ enum TEE_ObjectAttribute { TEE_ATTR_ED25519_PH = 0xF0000543, TEE_ATTR_X25519_PUBLIC_VALUE = 0xD0000944, TEE_ATTR_X25519_PRIVATE_VALUE = 0xC0000A44, + TEE_ATTR_PBKDF2_HMAC_PASSWORD = 0xD0000133, + TEE_ATTR_PBKDF2_HMAC_SALT = 0xD0000134, + TEE_ATTR_PBKDF2_HMAC_DIGEST = 0xF0000135, }; enum TEE_ObjectType { @@ -186,6 +185,8 @@ enum TEE_ObjectType { TEE_TYPE_SM2_PKE_KEYPAIR = 0xA1000047, TEE_TYPE_HMAC_SM3 = 0xA0000007, TEE_TYPE_SM4 = 0xA0000014, + TEE_TYPE_SIP_HASH = 0xF0000002, + TEE_TYPE_PBKDF2_HMAC = 0xF0000004, TEE_TYPE_CORRUPTED_OBJECT = 0xA00000BE, }; @@ -206,130 +207,116 @@ struct __TEE_ObjectHandle { }; typedef struct __TEE_ObjectHandle *TEE_ObjectHandle; -#define NODE_LEN 8 -typedef struct tee_uuid { - uint32_t timeLow; - uint16_t timeMid; - uint16_t timeHiAndVersion; - uint8_t clockSeqAndNode[NODE_LEN]; -} TEE_UUID; - -typedef struct spawn_uuid { - uint64_t uuid_valid; - TEE_UUID uuid; -} spawn_uuid_t; - enum TEE_Result_Value { - TEE_SUCCESS = 0x0, /* success */ - TEE_ERROR_INVALID_CMD, /* command is invalid */ - TEE_ERROR_SERVICE_NOT_EXIST, /* service is not exist */ - TEE_ERROR_SESSION_NOT_EXIST, /* session is not exist */ - TEE_ERROR_SESSION_MAXIMUM, /* exceeds max session count */ - TEE_ERROR_REGISTER_EXIST_SERVICE, /* service already registered */ - TEE_ERROR_TARGET_DEAD_FATAL, /* internal error occurs */ - TEE_ERROR_READ_DATA, /* read data failed */ - TEE_ERROR_WRITE_DATA, /* write data failed */ - TEE_ERROR_TRUNCATE_OBJECT, /* truncate data failed */ - TEE_ERROR_SEEK_DATA, /* seek data failed */ - TEE_ERROR_SYNC_DATA, /* sync data failed */ - TEE_ERROR_RENAME_OBJECT, /* rename file failed */ - TEE_ERROR_TRUSTED_APP_LOAD_ERROR, /* error occurs when loading TA */ - TEE_ERROR_OTRP_LOAD_NOT_MATCHED = 0x80000100, /* TA type is inconsistent with the loading mode. */ - TEE_ERROR_OTRP_LOAD_EXCEED = 0x80000101, /* the not open session's otrp service num exceeds */ - TEE_ERROR_OTRP_ACCESS_DENIED = 0x80000102, /* uuid of load cmd is not inconsistent with the sec file */ - TEE_ERROR_OTRP_SERVICE_AGED = 0x80000103, /* otrp service is aged */ - TEE_ERROR_STORAGE_EIO = 0x80001001, /* I/O error occurs in storage operation */ - TEE_ERROR_STORAGE_EAGAIN = 0x80001002, /* storage section is unavailable */ - TEE_ERROR_STORAGE_ENOTDIR = 0x80001003, /* operation target is not directory */ - TEE_ERROR_STORAGE_EISDIR = 0x80001004, /* cannot do this operation on directory */ - TEE_ERROR_STORAGE_ENFILE = 0x80001005, /* opened files exceed max count in system */ - TEE_ERROR_STORAGE_EMFILE = 0x80001006, /* opened files exceed max count for this process */ - TEE_ERROR_STORAGE_EROFS = 0x80001007, /* stroage section is read only */ - TEE_ERROR_STORAGE_INSE_NOTSUPPORT = 0x80001008, /* SFS inse mode is not supported */ - TEE_ERROR_STORAGE_INSE_ERROR = 0x80001009, /* SFS inse encrypto/decrypto error occurs */ - TEE_ERROR_STORAGE_PATH_WRONG = 0x8000100A, /* File path error */ - TEE_ERROR_MSG_QUEUE_OVERFLOW = 0x8000100B, /* sevice msg queue overflow */ - TEE_ERROR_CORRUPT_OBJECT = 0xF0100001, /* file object has been damaged */ - TEE_ERROR_STORAGE_NOT_AVAILABLE = 0xF0100003, /* storage section is unavailable */ - TEE_ERROR_CIPHERTEXT_INVALID = 0xF0100006, /* cipher text is incorrect */ - TEE_ISOCKET_ERROR_PROTOCOL = 0xF1007001, /* protocol error in socket connection */ - TEE_ISOCKET_ERROR_REMOTE_CLOSED = 0xF1007002, /* socket is closed by remote */ - TEE_ISOCKET_ERROR_TIMEOUT = 0xF1007003, /* socket connection is timeout */ - TEE_ISOCKET_ERROR_OUT_OF_RESOURCES = 0xF1007004, /* no resource avaliable for socket connection */ - TEE_ISOCKET_ERROR_LARGE_BUFFER = 0xF1007005, /* buffer is too large in socket connection */ - TEE_ISOCKET_WARNING_PROTOCOL = 0xF1007006, /* warnning occurs in socket connection */ - TEE_ERROR_GENERIC = 0xFFFF0000, /* generic error */ - TEE_ERROR_ACCESS_DENIED = 0xFFFF0001, /* access is denied */ - TEE_ERROR_CANCEL = 0xFFFF0002, /* operation has been canceled */ - TEE_ERROR_ACCESS_CONFLICT = 0xFFFF0003, /* conflict access error occurs */ - TEE_ERROR_EXCESS_DATA = 0xFFFF0004, /* exceeds max data size */ - TEE_ERROR_BAD_FORMAT = 0xFFFF0005, /* incorrect data format */ - TEE_ERROR_BAD_PARAMETERS = 0xFFFF0006, /* incorrect parameters */ - TEE_ERROR_BAD_STATE = 0xFFFF0007, /* operation is not allowed in current state */ - TEE_ERROR_ITEM_NOT_FOUND = 0xFFFF0008, /* cannot find target item */ - TEE_ERROR_NOT_IMPLEMENTED = 0xFFFF0009, /* api is not implemented */ - TEE_ERROR_NOT_SUPPORTED = 0xFFFF000A, /* api is not supported */ - TEE_ERROR_NO_DATA = 0xFFFF000B, /* no data avaliable for this operation */ - TEE_ERROR_OUT_OF_MEMORY = 0xFFFF000C, /* not memory avaliable for this operation */ - TEE_ERROR_BUSY = 0xFFFF000D, /* system busy to handle this operation */ - TEE_ERROR_COMMUNICATION = 0xFFFF000E, /* communication error with target */ - TEE_ERROR_SECURITY = 0xFFFF000F, /* security error occurs */ - TEE_ERROR_SHORT_BUFFER = 0xFFFF0010, /* buffer is too short for this operation */ - TEE_ERROR_EXTERNAL_CANCEL = 0xFFFF0011, /* operation is canceled */ - TEE_PENDING = 0xFFFF2000, /* service is in pending state(in asynchronous state) */ - TEE_PENDING2 = 0xFFFF2001, /* service is in pending state() */ - TEE_PENDING3 = 0xFFFF2002, /* reserved error definition */ - TEE_ERROR_TIMEOUT = 0xFFFF3001, /* operation is timeout */ - TEE_ERROR_OVERFLOW = 0xFFFF300f, /* operation overflow */ - TEE_ERROR_TARGET_DEAD = 0xFFFF3024, /* TA is crashed */ - TEE_ERROR_STORAGE_NO_SPACE = 0xFFFF3041, /* no enough space to store data */ - TEE_ERROR_MAC_INVALID = 0xFFFF3071, /* MAC operation failed */ - TEE_ERROR_SIGNATURE_INVALID = 0xFFFF3072, /* signature check failed */ - TEE_CLIENT_INTR = 0xFFFF4000, /* Interrupted by CFC. Broken control flow is detected. */ - TEE_ERROR_TIME_NOT_SET = 0xFFFF5000, /* time is not set */ - TEE_ERROR_TIME_NEEDS_RESET = 0xFFFF5001, /* time need to be reset */ - TEE_FAIL = 0xFFFF5002, /* system error */ - TEE_ERROR_TIMER = 0xFFFF6000, /* base value of timer error codes */ - TEE_ERROR_TIMER_CREATE_FAILED, /* failed to create timer */ - TEE_ERROR_TIMER_DESTORY_FAILED, /* failed to destory timer */ - TEE_ERROR_TIMER_NOT_FOUND, /* timer not found */ - TEE_ERROR_RPMB_BASE = 0xFFFF7000, /* base value of RPMB error codes */ - TEE_ERROR_RPMB_GENERIC = 0xFFFF7001, /* generic error of RPMB operations */ - TEE_ERROR_RPMB_MAC_FAIL, /* verify MAC failed in RPMB operations */ - TEE_ERROR_RPMB_COUNTER_FAIL, /* invalid counter in RPMB operations */ - TEE_ERROR_RPMB_ADDR_FAIL, /* addresss check failed in RPMB operations */ - TEE_ERROR_RPMB_WRITE_FAIL, /* failed to write data to RPMB */ - TEE_ERROR_RPMB_READ_FAIL, /* failed to read data in RPMB */ - TEE_ERROR_RPMB_KEY_NOT_PROGRAM, /* key is not provisioned in RPMB */ - TEE_ERROR_RPMB_RESP_UNEXPECT_MSGTYPE = 0xFFFF7100, /* incorrect message type in RPMB response */ - TEE_ERROR_RPMB_RESP_UNEXPECT_BLKCNT, /* incorrect message data block count in RPMB response */ - TEE_ERROR_RPMB_RESP_UNEXPECT_BLKIDX, /* incorrect message data block index in RPMB response */ - TEE_ERROR_RPMB_RESP_UNEXPECT_WRCNT, /* incorrect message data counter in RPMB response */ - TEE_ERROR_RPMB_RESP_UNEXPECT_NONCE, /* incorrect message data nonce in RPMB response */ - TEE_ERROR_RPMB_RESP_UNEXPECT_MAC, /* incorrect message data MAC in RPMB response */ - TEE_ERROR_RPMB_FILE_NOT_FOUND, /* file not found in RPMB */ - TEE_ERROR_RPMB_NOSPC, /* not space left for RPMB operations */ - TEE_ERROR_RPMB_SPC_CONFLICT, /* exceeds max space of RPMB for this TA */ - TEE_ERROR_RPMB_NOT_AVAILABLE, /* RPMB service not ready */ - TEE_ERROR_RPMB_DAMAGED, /* RPMB partition is damaged */ - TEE_ERROR_TUI_IN_USE = 0xFFFF7110, - TEE_ERROR_TUI_SWITCH_CHANNAL, - TEE_ERROR_TUI_CFG_DRIVER, - TEE_ERROR_TUI_INVALID_EVENT, - TEE_ERROR_TUI_POLL_EVENT, - TEE_ERROR_TUI_CANCELED, - TEE_ERROR_TUI_EXIT, - TEE_ERROR_TUI_NOT_AVAILABLE, - TEE_ERROR_SEC_FLASH_NOT_AVAILABLE, - TEE_ERROR_SESRV_NOT_AVAILABLE, - TEE_ERROR_BIOSRV_NOT_AVAILABLE, - TEE_ERROR_ROTSRV_NOT_AVAILABLE, - TEE_ERROR_ARTSRV_NOT_AVAILABLE, - TEE_ERROR_HSMSRV_NOT_AVAILABLE, - TEE_ERROR_ANTIROOT_RSP_FAIL = 0xFFFF9110, - TEE_ERROR_ANTIROOT_INVOKE_ERROR = 0xFFFF9111, - TEE_ERROR_AUDIT_FAIL = 0xFFFF9112, - TEE_FAIL2 + TEE_SUCCESS = 0x00000000, /* success */ + TEE_ERROR_INVALID_CMD = 0x00000001, /* command is invalid */ + TEE_ERROR_SERVICE_NOT_EXIST = 0x00000002, /* service is not exist */ + TEE_ERROR_SESSION_NOT_EXIST = 0x00000003, /* session is not exist */ + TEE_ERROR_SESSION_MAXIMUM = 0x00000004, /* exceeds max session count */ + TEE_ERROR_REGISTER_EXIST_SERVICE = 0x00000005, /* service already registered */ + TEE_ERROR_TARGET_DEAD_FATAL = 0x00000006, /* internal error occurs */ + TEE_ERROR_READ_DATA = 0x00000007, /* read data failed */ + TEE_ERROR_WRITE_DATA = 0x00000008, /* write data failed */ + TEE_ERROR_TRUNCATE_OBJECT = 0x00000009, /* truncate data failed */ + TEE_ERROR_SEEK_DATA = 0x0000000A, /* seek data failed */ + TEE_ERROR_SYNC_DATA = 0x0000000B, /* sync data failed */ + TEE_ERROR_RENAME_OBJECT = 0x0000000C, /* rename file failed */ + TEE_ERROR_TRUSTED_APP_LOAD_ERROR = 0x0000000D, /* error occurs when loading TA */ + TEE_ERROR_OTRP_LOAD_NOT_MATCHED = 0x80000100, /* TA type is inconsistent with the loading mode. */ + TEE_ERROR_OTRP_LOAD_EXCEED = 0x80000101, /* the not open session's otrp service num exceeds */ + TEE_ERROR_OTRP_ACCESS_DENIED = 0x80000102, /* uuid of load cmd is not inconsistent with the sec file */ + TEE_ERROR_OTRP_SERVICE_AGED = 0x80000103, /* otrp service is aged */ + TEE_ERROR_STORAGE_EIO = 0x80001001, /* I/O error occurs in storage operation */ + TEE_ERROR_STORAGE_EAGAIN = 0x80001002, /* storage section is unavailable */ + TEE_ERROR_STORAGE_ENOTDIR = 0x80001003, /* operation target is not directory */ + TEE_ERROR_STORAGE_EISDIR = 0x80001004, /* cannot do this operation on directory */ + TEE_ERROR_STORAGE_ENFILE = 0x80001005, /* opened files exceed max count in system */ + TEE_ERROR_STORAGE_EMFILE = 0x80001006, /* opened files exceed max count for this process */ + TEE_ERROR_STORAGE_EROFS = 0x80001007, /* stroage section is read only */ + TEE_ERROR_STORAGE_PATH_WRONG = 0x8000100A, /* File path error */ + TEE_ERROR_MSG_QUEUE_OVERFLOW = 0x8000100B, /* sevice msg queue overflow */ + TEE_ERROR_CORRUPT_OBJECT = 0xF0100001, /* file object has been damaged */ + TEE_ERROR_STORAGE_NOT_AVAILABLE = 0xF0100003, /* storage section is unavailable */ + TEE_ERROR_CIPHERTEXT_INVALID = 0xF0100006, /* cipher text is incorrect */ + TEE_ISOCKET_ERROR_PROTOCOL = 0xF1007001, /* protocol error in socket connection */ + TEE_ISOCKET_ERROR_REMOTE_CLOSED = 0xF1007002, /* socket is closed by remote */ + TEE_ISOCKET_ERROR_TIMEOUT = 0xF1007003, /* socket connection is timeout */ + TEE_ISOCKET_ERROR_OUT_OF_RESOURCES = 0xF1007004, /* no resource avaliable for socket connection */ + TEE_ISOCKET_ERROR_LARGE_BUFFER = 0xF1007005, /* buffer is too large in socket connection */ + TEE_ISOCKET_WARNING_PROTOCOL = 0xF1007006, /* warnning occurs in socket connection */ + TEE_ERROR_GENERIC = 0xFFFF0000, /* generic error */ + TEE_ERROR_ACCESS_DENIED = 0xFFFF0001, /* access is denied */ + TEE_ERROR_CANCEL = 0xFFFF0002, /* operation has been canceled */ + TEE_ERROR_ACCESS_CONFLICT = 0xFFFF0003, /* conflict access error occurs */ + TEE_ERROR_EXCESS_DATA = 0xFFFF0004, /* exceeds max data size */ + TEE_ERROR_BAD_FORMAT = 0xFFFF0005, /* incorrect data format */ + TEE_ERROR_BAD_PARAMETERS = 0xFFFF0006, /* incorrect parameters */ + TEE_ERROR_BAD_STATE = 0xFFFF0007, /* operation is not allowed in current state */ + TEE_ERROR_ITEM_NOT_FOUND = 0xFFFF0008, /* cannot find target item */ + TEE_ERROR_NOT_IMPLEMENTED = 0xFFFF0009, /* api is not implemented */ + TEE_ERROR_NOT_SUPPORTED = 0xFFFF000A, /* api is not supported */ + TEE_ERROR_NO_DATA = 0xFFFF000B, /* no data avaliable for this operation */ + TEE_ERROR_OUT_OF_MEMORY = 0xFFFF000C, /* not memory avaliable for this operation */ + TEE_ERROR_BUSY = 0xFFFF000D, /* system busy to handle this operation */ + TEE_ERROR_COMMUNICATION = 0xFFFF000E, /* communication error with target */ + TEE_ERROR_SECURITY = 0xFFFF000F, /* security error occurs */ + TEE_ERROR_SHORT_BUFFER = 0xFFFF0010, /* buffer is too short for this operation */ + TEE_ERROR_EXTERNAL_CANCEL = 0xFFFF0011, /* operation is canceled */ + TEE_PENDING = 0xFFFF2000, /* service is in pending state(in asynchronous state) */ + TEE_PENDING2 = 0xFFFF2001, /* service is in pending state() */ + TEE_PENDING3 = 0xFFFF2002, /* reserved error definition */ + TEE_ERROR_TIMEOUT = 0xFFFF3001, /* operation is timeout */ + TEE_ERROR_OVERFLOW = 0xFFFF300f, /* operation overflow */ + TEE_ERROR_TARGET_DEAD = 0xFFFF3024, /* TA is crashed */ + TEE_ERROR_STORAGE_NO_SPACE = 0xFFFF3041, /* no enough space to store data */ + TEE_ERROR_MAC_INVALID = 0xFFFF3071, /* MAC operation failed */ + TEE_ERROR_SIGNATURE_INVALID = 0xFFFF3072, /* signature check failed */ + TEE_CLIENT_INTR = 0xFFFF4000, /* Interrupted by CFC. Broken control flow is detected. */ + TEE_ERROR_TIME_NOT_SET = 0xFFFF5000, /* time is not set */ + TEE_ERROR_TIME_NEEDS_RESET = 0xFFFF5001, /* time need to be reset */ + TEE_FAIL = 0xFFFF5002, /* system error */ + TEE_ERROR_TIMER = 0xFFFF6000, /* base value of timer error codes */ + TEE_ERROR_TIMER_CREATE_FAILED = 0xFFFF6001, /* failed to create timer */ + TEE_ERROR_TIMER_DESTROY_FAILED = 0xFFFF6002, /* failed to destroy timer */ + TEE_ERROR_TIMER_NOT_FOUND = 0xFFFF6003, /* timer not found */ + TEE_ERROR_RPMB_BASE = 0xFFFF7000, /* base value of RPMB error codes */ + TEE_ERROR_RPMB_GENERIC = 0xFFFF7001, /* generic error of RPMB operations */ + TEE_ERROR_RPMB_MAC_FAIL = 0xFFFF7002, /* verify MAC failed in RPMB operations */ + TEE_ERROR_RPMB_COUNTER_FAIL = 0xFFFF7003, /* invalid counter in RPMB operations */ + TEE_ERROR_RPMB_ADDR_FAIL = 0xFFFF7004, /* addresss check failed in RPMB operations */ + TEE_ERROR_RPMB_WRITE_FAIL = 0xFFFF7005, /* failed to write data to RPMB */ + TEE_ERROR_RPMB_READ_FAIL = 0xFFFF7006, /* failed to read data in RPMB */ + TEE_ERROR_RPMB_KEY_NOT_PROGRAM = 0xFFFF7007, /* key is not provisioned in RPMB */ + TEE_ERROR_RPMB_RESP_UNEXPECT_MSGTYPE = 0xFFFF7100, /* incorrect message type in RPMB response */ + TEE_ERROR_RPMB_RESP_UNEXPECT_BLKCNT = 0xFFFF7101, /* incorrect message data block count in RPMB response */ + TEE_ERROR_RPMB_RESP_UNEXPECT_BLKIDX = 0xFFFF7102, /* incorrect message data block index in RPMB response */ + TEE_ERROR_RPMB_RESP_UNEXPECT_WRCNT = 0xFFFF7103, /* incorrect message data counter in RPMB response */ + TEE_ERROR_RPMB_RESP_UNEXPECT_NONCE = 0xFFFF7104, /* incorrect message data nonce in RPMB response */ + TEE_ERROR_RPMB_RESP_UNEXPECT_MAC = 0xFFFF7105, /* incorrect message data MAC in RPMB response */ + TEE_ERROR_RPMB_FILE_NOT_FOUND = 0xFFFF7106, /* file not found in RPMB */ + TEE_ERROR_RPMB_NOSPC = 0xFFFF7107, /* not space left for RPMB operations */ + TEE_ERROR_RPMB_SPC_CONFLICT = 0xFFFF7108, /* exceeds max space of RPMB for this TA */ + TEE_ERROR_RPMB_NOT_AVAILABLE = 0xFFFF7109, /* RPMB service not ready */ + TEE_ERROR_RPMB_DAMAGED = 0xFFFF710A, /* RPMB partition is damaged */ + TEE_ERROR_TUI_IN_USE = 0xFFFF7110, /* TUI is being used */ + TEE_ERROR_TUI_SWITCH_CHANNAL = 0xFFFF7111, /* incorrect message switch channal in TUI response */ + TEE_ERROR_TUI_CFG_DRIVER = 0xFFFF7112, /* incorrect message configurator driver in TUI response */ + TEE_ERROR_TUI_INVALID_EVENT = 0xFFFF7113, /* invalid TUI event */ + TEE_ERROR_TUI_POLL_EVENT = 0xFFFF7114, /* incorrect message polling events in TUI response */ + TEE_ERROR_TUI_CANCELED = 0xFFFF7115, /* TUI is cancelled */ + TEE_ERROR_TUI_EXIT = 0xFFFF7116, /* TUI is exited */ + TEE_ERROR_TUI_NOT_AVAILABLE = 0xFFFF7117, /* TUI unavailable */ + TEE_ERROR_SEC_FLASH_NOT_AVAILABLE = 0xFFFF7118, /* sec flash is not available */ + TEE_ERROR_SESRV_NOT_AVAILABLE = 0xFFFF7119, /* SE service has crashed or not enabled */ + TEE_ERROR_BIOSRV_NOT_AVAILABLE = 0xFFFF711A, /* BIO service is not available */ + TEE_ERROR_ROTSRV_NOT_AVAILABLE = 0xFFFF711B, /* ROT service is not available */ + TEE_ERROR_ARTSRV_NOT_AVAILABLE = 0xFFFF711C, /* ART service is not available */ + TEE_ERROR_HSMSRV_NOT_AVAILABLE = 0xFFFF711D, /* HSM service is not available */ + TEE_ERROR_ANTIROOT_RSP_FAIL = 0xFFFF9110, /* AntiRoot Response verify failed */ + TEE_ERROR_ANTIROOT_INVOKE_ERROR = 0xFFFF9111, /* AntiRoot ERROR during invokecmd */ + TEE_ERROR_AUDIT_FAIL = 0xFFFF9112, /* audit failed */ + TEE_FAIL2 = 0xFFFF9113, /* unused */ + TEE_ERROR_IPC_OVERFLOW = 0xFFFF9114 /* IPC Channel overflow error */ }; /* @@ -343,6 +330,7 @@ enum TEE_LoginMethod { TEE_LOGIN_USER_APPLICATION = 0x5, TEE_LOGIN_GROUP_APPLICATION = 0x6, TEE_LOGIN_IDENTIFY = 0x7, /* iTrustee defined Lognin type */ + TEEK_LOGIN_IDENTIFY = 0x80000001, /* iTrustee defined lognin type from linux kernel */ }; typedef struct { @@ -356,8 +344,8 @@ typedef TEE_Result TEEC_Result; #define TEE_ORIGIN_TEE 0x00000003 #define TEE_ORIGIN_TRUSTED_APP 0x00000004 -#ifndef _TEE_TA_SESSION_HANDLE -#define _TEE_TA_SESSION_HANDLE +#ifndef TEE_TA_SESSION_HANDLE +#define TEE_TA_SESSION_HANDLE typedef uint32_t TEE_TASessionHandle; #endif @@ -365,4 +353,28 @@ typedef struct __TEE_ObjectHandle *TEE_ObjectHandle; typedef struct __TEE_ObjectEnumHandle *TEE_ObjectEnumHandle; typedef struct __TEE_OperationHandle *TEE_OperationHandle; +#define TEE_TIMEOUT_INFINITE (0xFFFFFFFF) + +typedef struct { + uint32_t seconds; + uint32_t millis; +} TEE_Time; + +typedef struct { + int32_t seconds; + int32_t millis; + int32_t min; + int32_t hour; + int32_t day; + int32_t month; + int32_t year; +} TEE_Date_Time; + +typedef struct { + uint32_t type; + uint32_t timer_id; + uint32_t timer_class; + uint32_t reserved2; +} TEE_timer_property; + #endif diff --git a/include/TA/tee_mem_mgmt_api.h b/include/TA/tee_mem_mgmt_api.h index 5b91566..48f9888 100644 --- a/include/TA/tee_mem_mgmt_api.h +++ b/include/TA/tee_mem_mgmt_api.h @@ -1,6 +1,6 @@ /* * Copyright (c) Huawei Technologies Co., Ltd. 2012-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,6 +8,7 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: Header file of memory management api */ #ifndef TEE_MEM_MGMT_API_H @@ -61,7 +62,7 @@ enum MALLOC_HINT { * * @return void */ -#if (API_LEVEL >= API_LEVEL1_2) +#if defined(API_LEVEL) && defined(API_LEVEL1_2) && (API_LEVEL >= API_LEVEL1_2) void TEE_MemFill(void *buffer, uint8_t x, size_t size); #else void TEE_MemFill(void *buffer, uint32_t x, size_t size); diff --git a/include/TA/tee_object_api.h b/include/TA/tee_object_api.h index c8200e5..a62f68f 100644 --- a/include/TA/tee_object_api.h +++ b/include/TA/tee_object_api.h @@ -1,6 +1,6 @@ /* * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,6 +8,7 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: Reference of TEE object api definitions */ #ifndef __TEE_OBJECT_API_H @@ -237,7 +238,7 @@ TEE_Result TEE_GenerateKey(TEE_ObjectHandle object, uint32_t keySize, TEE_Attrib */ TEE_Result TEE_InfoObjectData(TEE_ObjectHandle object, uint32_t *pos, uint32_t *len); -#if (API_LEVEL >= 2) +#if defined(API_LEVEL) && (API_LEVEL >= 2) /* * Obtain the TEE_ObjectInfo of the object and copy it to the space pointed diff --git a/include/TA/tee_property_api.h b/include/TA/tee_property_api.h index fb00a96..2d8b567 100644 --- a/include/TA/tee_property_api.h +++ b/include/TA/tee_property_api.h @@ -1,6 +1,6 @@ /* * Copyright (c) Huawei Technologies Co., Ltd. 2012-2019. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,6 +8,7 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: TEE property implementation header file */ #ifndef TEE_PROPERTY_API_H @@ -69,7 +70,7 @@ TEE_Result TEE_GetPropertyAsBool(TEE_PropSetHandle propsetOrEnumerator, const ch */ TEE_Result TEE_GetPropertyAsU32(TEE_PropSetHandle propsetOrEnumerator, const char *name, uint32_t *value); -#if (API_LEVEL >= API_LEVEL1_2) +#if defined(API_LEVEL) && defined(API_LEVEL1_2) && (API_LEVEL >= API_LEVEL1_2) /* * retrieves a single property in a property set and converts its value to a 64-bit unsigned integer * @@ -120,7 +121,7 @@ TEE_Result TEE_GetPropertyAsUUID(TEE_PropSetHandle propsetOrEnumerator, const ch * @return TEE_SUCCESS operation success * @return TEE_ERROR_ITEM_NOT_FOUND cannot find target property */ -TEE_Result TEE_GetPropertyAsIdentity(TEE_PropSetHandle propsetOrEnumerator, const char *name, TEE_Identity *value); +TEE_Result TEE_GetPropertyAsIdentity(TEE_PropSetHandle propsetOrEnumerator, const char *name, TEE_Identity *identity); /* * allocates a property enumerator object diff --git a/include/TA/tee_time_api.h b/include/TA/tee_time_api.h index 31cc5f8..fa97c31 100644 --- a/include/TA/tee_time_api.h +++ b/include/TA/tee_time_api.h @@ -1,6 +1,6 @@ /* * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,6 +8,7 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: Reference of TEE time api definitions */ #ifndef __TEE_TIME_API_H @@ -15,34 +16,6 @@ #include "tee_defines.h" -#define TEE_TIMEOUT_INFINITE (0xFFFFFFFF) - -typedef struct { - uint32_t seconds; - uint32_t millis; -} TEE_Time; - -typedef struct { - int32_t seconds; - int32_t millis; - int32_t min; - int32_t hour; - int32_t day; - int32_t month; - int32_t year; -} TEE_Date_Time; - -typedef struct { - uint32_t type; - uint32_t timer_id; - uint32_t timer_class; - uint32_t reserved2; -} TEE_timer_property; - -typedef enum { - ANTI_ROOT_TIMER = 1, -} TEE_Anti_Root_Timer_Type; - /* * Get current TEE system rtc time * @@ -111,54 +84,4 @@ void TEE_GetREETime(TEE_Time *time); * @return void */ void TEE_GetREETimeStr(char *time_str, uint32_t time_str_len); - -/* - * Create rtc timer event - * - * @param time_seconds [IN] specified number of seconds - * @param timer_property [IN] specified property of timer - * - * @return TEE_SUCCESS success - * @return TEE_ERROR_GENERIC create timer fail - */ -TEE_Result TEE_EXT_CreateTimer(uint32_t time_seconds, TEE_timer_property *timer_property); - -/* - * Destory rtc timer event - * - * @param timer_property [IN] specified property of timer - * - * @return TEE_SUCCESS success - * @return TEE_ERROR_GENERIC destroy timer fail - */ -TEE_Result TEE_EXT_DestoryTimer(TEE_timer_property *timer_property); - -/* - * Get expire time of rtc timer event - * - * @param timer_property [IN] specified property of timer - * @param time_seconds [OUT] expire time of rtc timer event - * - * @return TEE_SUCCESS success - * @return TEE_ERROR_GENERIC get expire time fail - */ -TEE_Result TEE_EXT_GetTimerExpire(TEE_timer_property *timer_property, uint32_t *time_seconds); - -/* - * Get remain time of rtc timer event - * - * @param timer_property [IN] specified property of timer - * @param time_seconds [OUT] remain time of rtc timer event - * - * @return TEE_SUCCESS success - * @return TEE_ERROR_GENERIC get remain time fail - */ -TEE_Result TEE_EXT_GetTimerRemain(TEE_timer_property *timer_property, uint32_t *time_seconds); - -/* - * Get secure rtc time - * - * @return current rtc seconds - */ -unsigned int __get_secure_rtc_time(void); #endif diff --git a/include/TA/tee_trusted_storage_api.h b/include/TA/tee_trusted_storage_api.h new file mode 100644 index 0000000..cfe7554 --- /dev/null +++ b/include/TA/tee_trusted_storage_api.h @@ -0,0 +1,309 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: Reference of TEE trusted storage definitions + */ + +#ifndef __TEE_TRUSTED_STORAGE_API_H +#define __TEE_TRUSTED_STORAGE_API_H + +#include "tee_defines.h" +#include "tee_object_api.h" + +/* + * Data stream positioning start position option, used in TEE_SeekObjectData function + */ +enum __TEE_Whence { + TEE_DATA_SEEK_SET = 0, /* Position the starting position as the beginning of the data stream */ + TEE_DATA_SEEK_CUR, /* Position the starting position as the current data stream position */ + TEE_DATA_SEEK_END /* Position the starting position at the end of the data stream */ +}; + +struct __TEE_ObjectEnumHandle; +typedef struct __TEE_ObjectEnumHandle *TEE_ObjectEnumHandle; + +typedef uint32_t TEE_Whence; + +/* + * Storage ID, which defines the storage space of the corresponding application + */ +enum Object_Storage_Constants { + TEE_OBJECT_STORAGE_PRIVATE = 0x00000001, /* Separate private storage space for each application */ +}; + +/* + * System resource constraints, such as the maximum value that the data stream position indicator can take + */ +enum Miscellaneous_Constants { + TEE_DATA_MAX_POSITION = 0xFFFFFFFF, /* The maximum length that the position indicator of the data stream can take */ + TEE_OBJECT_ID_MAX_LEN = 64, /* The maximum length of objectID, which actually extends to 128 bytes */ +}; + +/* + * The maximum number of bytes of data that the data stream can store + */ +enum TEE_DATA_Size { + TEE_DATA_OBJECT_MAX_SIZE = 0xFFFFFFFF /* The maximum bytes of data that the object data stream can store */ +}; + +/* + * The handleFlags of TEE_ObjectHandle determines the access authority of + * the TEE_ObjectHandle to the object data stream + */ +enum Data_Flag_Constants { + /* Have read permission to the data stream, and can read */ + TEE_DATA_FLAG_ACCESS_READ = 0x00000001, + /* Have write permission to the data stream, and can write and truncate */ + TEE_DATA_FLAG_ACCESS_WRITE = 0x00000002, + /* Have WRITE_META permission for data stream, and can delete and rename operation */ + TEE_DATA_FLAG_ACCESS_WRITE_META = 0x00000004, + /* + * Have shared read permissions on the data stream, you can open multiple + * TEE_ObjectHandles for concurrent reading + */ + TEE_DATA_FLAG_SHARE_READ = 0x00000010, + /* + * Have shared write permissions for the data stream, and multiple TEE_ObjectHandles + * can be opened for concurrent writing + */ + TEE_DATA_FLAG_SHARE_WRITE = 0x00000020, + /* Unused */ + TEE_DATA_FLAG_CREATE = 0x00000200, + /* + * Protect an existing file with the same name. If the file with the same name does not exist, + * create a new data file; if the file with the same name exists, an error will be reported + */ + TEE_DATA_FLAG_EXCLUSIVE = 0x00000400, + /* + * Protect an existing file with the same name. If the file with the same name does not exist, + * create a new data file; if the file with the same name exists, an error will be reported + */ + TEE_DATA_FLAG_OVERWRITE = 0x00000400, + /* + * If the bit27 is set to 1, it means deriving the 32-bytes TA root key at one time, + * if it is 0, it means deriving two 16-bytes TA root keys and combined them together + */ + TEE_DATA_FLAG_DERIVE_32BYTES_KEY_ONCE = 0x08000000, + /* If bit28 is set to 1, it means AES256, if it is 0, it means AES128 */ + TEE_DATA_FLAG_AES256 = 0x10000000, + /* If bit29 is set to 1, it means that the lower version will be opened first */ + TEE_DATA_FLAG_OPEN_AESC = 0x20000000, +}; + +/* + * Create a new persistent object, you can directly initialize the data stream and TEE_Attribute, + * the user can use the returned handle to access the object's TEE_Attribute and data stream + * + * @param storageID [IN] Corresponding to a separate storage space for each application, + * the value is Object_Storage_Constants + * @param objectID [IN] Object identifier, the name of the object to be created + * @param objectIDLen [IN] The length of the object identifier by byte, no more than 128 bytes + * @param flags [IN] Flags after object creation, the value can be one or more of Data_Flag_Constants + * or Handle_Flag_Constants + * @param attributes [IN] The TEE_ObjectHandle of the transient object, used to initialize the + * TEE_Attribute of the object, can be TEE_HANDLE_NULL + * @param initialData [IN] Initial data, used to initialize data stream data + * @param initialDataLen [IN] InitialData length in byte + * @param object [OUT] TEE_ObjectHandle returned after the function is successfully executed + * + * @return TEE_SUCCESS Indicates that the function was executed successfully + * @return TEE_ERROR_ITEM_NOT_FOUND: The storageID does not exist + * @return TEE_ERROR_ACCESS_CONFLICT Access conflict + * @return TEE_ERROR_OUT_OF_MEMORY Insufficient memory to complete the operation + * @return TEE_ERROR_STORAGE_NO_SPACE There is not enough space to create the object + */ +TEE_Result TEE_CreatePersistentObject(uint32_t storageID, const void *ojbectID, size_t objectIDLen, uint32_t flags, + TEE_ObjectHandle attributes, const void *initialData, size_t initialDataLen, + TEE_ObjectHandle *object); + +/* + * Open an existing permanent object, the returned handle can be used by the user to access + * the object's TEE_Attribute and data stream + * + * @param storageID [IN] orresponding to a separate storage space for each application, + * the value is Object_Storage_Constants + * @param objectID [IN] object identifier, the name of the object to be opened + * @param objectIDLen [IN] The length of the object identifier by byte, no more than 128 bytes + * @param flags [IN] Flags after object opened, the value can be one or more of + * Data_Flag_Constants or Handle_Flag_Constants + * @param object [OUT] TEE_ObjectHandle returned after the function is successfully executed + * + * @return TEE_SUCCESS Indicates that the function was executed successfully + * @return TEE_ERROR_ITEM_NOT_FOUND: The storageID does not exist or cannot find object identifier + * @return TEE_ERROR_ACCESS_CONFLICT Access conflict + * @return TEE_ERROR_OUT_OF_MEMORY Insufficient memory to complete the operation + */ +TEE_Result TEE_OpenPersistentObject(uint32_t storageID, const void *ojbectID, size_t objectIDLen, uint32_t flags, + TEE_ObjectHandle *object); + +/* + * Read size bytes of data from the object's data stream to the buffer, + * the TEE_ObjectHandle must have been opened with TEE_DATA_FLAG_ACCESS_READ permission + * + * @param objbect [IN] The TEE_ObjectHandle to be read + * @param buffer [OUT] Buffer for storing read data + * @param size [IN] Size of data to be read by byte + * @param count [OUT] Size of data actually read by byte + * + * @return TEE_SUCCESS Indicates that the function was executed successfully + * @return TEE_ERROR_OUT_OF_MEMORY Insufficient memory to complete the operation + */ +TEE_Result TEE_ReadObjectData(TEE_ObjectHandle ojbect, void *buffer, size_t size, uint32_t *count); + +/* + * Write size bytes of data from the buffer to the data stream of the object. + * TEE_ObjectHandle must have been opened with TEE_DATA_FLAG_ACCESS_WRITE permission + * + * @param ojbect [IN] The TEE_ObjectHandle to be write + * @param buffer [IN] Store the data to be written + * @param size [IN] The length of the data to be written, the size does not exceed 4096 bytes + * + * @return TEE_SUCCESS Indicates that the function was executed successfully + * @return TEE_ERROR_OUT_OF_MEMORY Insufficient memory to complete the operation + * @return TEE_ERROR_STORAGE_NO_SPACE There is not enough space to perform the operation + */ +TEE_Result TEE_WriteObjectData(TEE_ObjectHandle ojbect, const void *buffer, size_t size); + +/* + * This function changes the size of the data stream. If the size is smaller than the size of + * the current data stream, delete all excess bytes. If size is greater than the size of the + * current data stream, use '0' to expand + * TEE_ObjectHandle must be opened with TEE_DATA_FLAG_ACCESS_WRITE permission + * + * @param object [IN] TEE_ObjectHandle to be truncated + * @param size [IN] The new length of the data stream, the size does not exceed 4096 bytes + * + * @return TEE_SUCCESS Indicates that the function was executed successfully + * @return TEE_ERROR_STORAGE_NO_SPACE There is not enough space to perform the operation + */ +TEE_Result TEE_TruncateObjectData(TEE_ObjectHandle object, size_t size); + +/* + * Set the data stream position pointed to by TEE_ObjectHandle, and set the data stream position to: + * start position + offset + * The parameter whence controls the starting position of the offset, the value can choose in TEE_Whence, + * and the meaning is as follows: + * TEE_DATA_SEEK_SET, the starting position of the data stream offset is the file header, which is 0 + * TEE_DATA_SEEK_CUR, the starting position of the data stream offset is the current position + * TEE_DATA_SEEK_END, the starting position of the data stream offset is the end of the file + * When the parameter offset is a positive number, it is offset backward, and when it is negative, it is offset forward. + * + * @param object [IN] TEE_ObjectHandle to be set + * @param offset [IN] The size of the data stream position movement, the size does not exceed 4096 bytes + * @param whence [IN] The initial position of the data stream offset + * + * @return TEE_SUCCESS Indicates that the function was executed successfully + * @return TEE_ERROR_OVERFLOW The operation causes the value of the position indicator to exceed its + * system limit TEE_DATA_MAX_POSITION + */ +TEE_Result TEE_SeekObjectData(TEE_ObjectHandle object, int32_t offset, TEE_Whence whence); + +/* + * Close the opened TEE_ObjectHandle and delete the object. The object must be a persistent object + * and must have been opened with TEE_DATA_FLAG_ACCESS_WRITE_META permission + * + * @param object [IN] TEE_ObjectHandle to be closed and deleted + * + * @return void + */ +void TEE_CloseAndDeletePersistentObject(TEE_ObjectHandle object); + +/* + * Synchronize the opened TEE_ObjectHandle, and synchronize the corresponding security attribute files to the disk + * + * @param object [IN] TEE_ObjectHandle to be synchronized + * + * @return TEE_SUCCESS Indicates that the function was executed successfully + */ +TEE_Result TEE_SyncPersistentObject(TEE_ObjectHandle object); + +/* + * Change the object identifier, the TEE_ObjectHandle must be opened with TEE_DATA_FLAG_ACCESS_WRITE_META permission + * + * @param ojbect [IN/OUT] The object handle to be modified + * @param newObjectID [IN] New object identifier + * @param newObjectIDLen [IN] New object identifier length + * + * @return TEE_SUCCESS Indicates that the function was executed successfully + */ +TEE_Result TEE_RenamePersistentObject(TEE_ObjectHandle object, void *newObjectID, size_t newObjectIDLen); + +/* + * Allocate the handle of an uninitialized object enumerator + * + * @param object [OUT] Pointer to the handle of the newly created object enumerator + * + * @return TEE_SUCCESS Indicates that the function was executed successfully + * @return TEE_ERROR_OUT_OF_MEMORY No enough memory to allocate + */ +TEE_Result TEE_AllocatePersistentObjectEnumerator(TEE_ObjectEnumHandle *obj_enumerator); + +/* + * Release a object enumerator handle that has allocated. The handle becomes invalid after the function is called, + * and all allocated are released. Use it in pair with TEE_AllocatePersistentObjectEnumerator + * + * @param object [IN] TEE_ObjectEnumHandle to be released + * + * @return void + */ +void TEE_FreePersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator); + +/* + * Reset the temporary object enumerator to its initial state, that is, the state just after the allocate + * + * @param object [IN] TEE_ObjectEnumHandle of the object enumerator to be reset + * + * @return void + */ +void TEE_ResetPersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator); + +/* + * Start enumerating all objects in a given storage space, the information of the object can be obtained + * through the TEE_GetNextPersistentObject function + * + * @param object [IN] TEE_ObjectEnumHandle of the allocated object enumerator + * @param storageID [IN] Correspond to a separate storage space for each application, the value is + * Object_Storage_Constants, currently only supports TEE_STORAGE_PRIVATE + * + * @return TEE_SUCCESS Indicates that the function was executed successfully + * @return TEE_ITEM_NOT_FOUND storageID is not TEE_STORAGE_PRIVATE or there is no object in the storage space + */ +TEE_Result TEE_StartPersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator, uint32_t storage_id); + +/* + * Get the next object in the object enumerator, and return the object's TEE_ObjectInfo, objectID, + * objectIDLen information + * + * @param object [IN] TEE_ObjectEnumHandle of the initialized object enumerator + * @param objectInfo [OUT] Pointer to the structure used to store the obtained TEE_ObjectInfo + * @param objectInfo [OUT] Pointer to a buffer, used to store the obtained objectID + * @param objectInfo [OUT] Used to store the obtained objectIDLen + * + * @return TEE_SUCCESS Indicates that the function was executed successfully + * @return TEE_ITEM_NOT_FOUND The enumerator has no object or the enumerator has not been initialized + */ +TEE_Result TEE_GetNextPersistentObject(TEE_ObjectEnumHandle obj_enumerator, + TEE_ObjectInfo *object_info, void *object_id, size_t *object_id_len); + +#if defined(API_LEVEL) && (API_LEVEL >= 2) + +/* + * Close the opened TEE_ObjectHandle and delete the object. The object must be a persistent object + * and must have been opened with TEE_DATA_FLAG_ACCESS_WRITE_META permission + * + * @param object [IN] TEE_ObjectHandle to be closed and deleted + * + * @return TEE_SUCCESS Indicates that the function was executed successfully + * @return TEE_ERROR_STORAGE_NOT_AVAILABLE Cannot access the storage area where the file is located + */ +TEE_Result TEE_CloseAndDeletePersistentObject1(TEE_ObjectHandle object); + +#endif // API_LEVEL +#endif diff --git a/include/TA/tee_uuid.h b/include/TA/tee_uuid.h new file mode 100644 index 0000000..51fb298 --- /dev/null +++ b/include/TA/tee_uuid.h @@ -0,0 +1,27 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: Defines of GP TEE_UUID + */ + +#ifndef TEE_UUID_H +#define TEE_UUID_H + +#include + +#define NODE_LEN 8 +typedef struct tee_uuid { + uint32_t timeLow; + uint16_t timeMid; + uint16_t timeHiAndVersion; + uint8_t clockSeqAndNode[NODE_LEN]; +} TEE_UUID; + +#endif diff --git a/src/CA/libteec_adaptor.c b/src/CA/libteec_adaptor.c new file mode 100644 index 0000000..9fd2042 --- /dev/null +++ b/src/CA/libteec_adaptor.c @@ -0,0 +1,269 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: this file is used for adapting interfaces in libteec.so + */ + +#include +#include + +#include "tee_client_api.h" + +#ifdef LOG_TAG +#undef LOG_TAG +#endif +#define LOG_TAG "libteec_adaptor" + +#define LIBTEEC_PATH "/usr/lib64/libteec.so" + +/* + * these Function pointers are consistent with those defined in "tee_client_api.h" + * if you want to call the new interface in "tee_client_api.h", + * you should add a new definition here + */ +typedef TEEC_Result (*initializeContext_f)(const char *name, TEEC_Context *context); +typedef void (*finalizeContext_f)(TEEC_Context *context); +typedef TEEC_Result (*openSession_f)(TEEC_Context *context, TEEC_Session *session, + const TEEC_UUID *destination, uint32_t connectionMethod, const void *connectionData, + TEEC_Operation *operation, uint32_t *returnOrigin); +typedef void (*closeSession_f)(TEEC_Session *session); +typedef TEEC_Result (*invokeCommand_f)(TEEC_Session *session, uint32_t commandID, + TEEC_Operation *operation, uint32_t *returnOrigin); +typedef TEEC_Result (*registerSharedMemory_f)(TEEC_Context *context, + TEEC_SharedMemory *sharedMem); +typedef TEEC_Result (*allocateSharedMemory_f)(TEEC_Context *context, + TEEC_SharedMemory *sharedMem); +typedef void (*releaseSharedMemory_f)(TEEC_SharedMemory *sharedMem); +typedef void (*requestCancellation_f)(TEEC_Operation *operation); + +typedef struct { + initializeContext_f initializeContextFn; + finalizeContext_f finalizeContextFn; + openSession_f openSessionFn; + closeSession_f closeSessionFn; + invokeCommand_f invokeCommandFn; + registerSharedMemory_f registerSharedMemoryFn; + allocateSharedMemory_f allocateSharedMemoryFn; + releaseSharedMemory_f releaseSharedMemoryFn; + requestCancellation_f requestCancellationFn; +} TeecApiTable; + +static TeecApiTable g_teecApiTable; +static void *g_libTeecHandle = NULL; +static pthread_mutex_t g_libTeecHandleLock = PTHREAD_MUTEX_INITIALIZER; + +static TEEC_Result GetBasicApiSymbol(TeecApiTable *teecApiTable) +{ + teecApiTable->initializeContextFn = + (initializeContext_f)(dlsym(g_libTeecHandle, "TEEC_InitializeContext")); + if (teecApiTable->initializeContextFn == NULL) { + TEEC_Error("get symbol TEEC_InitializeContext failed\n"); + return TEEC_ERROR_GENERIC; + } + + teecApiTable->finalizeContextFn = + (finalizeContext_f)(dlsym(g_libTeecHandle, "TEEC_FinalizeContext")); + if (teecApiTable->finalizeContextFn == NULL) { + TEEC_Error("get symbol TEEC_FinalizeContext failed\n"); + return TEEC_ERROR_GENERIC; + } + + teecApiTable->openSessionFn = + (openSession_f)(dlsym(g_libTeecHandle, "TEEC_OpenSession")); + if (teecApiTable->openSessionFn == NULL) { + TEEC_Error("get symbol TEEC_OpenSession failed\n"); + return TEEC_ERROR_GENERIC; + } + + teecApiTable->closeSessionFn = + (closeSession_f)(dlsym(g_libTeecHandle, "TEEC_CloseSession")); + if (teecApiTable->closeSessionFn == NULL) { + TEEC_Error("get symbol TEEC_CloseSession failed\n"); + return TEEC_ERROR_GENERIC; + } + + teecApiTable->invokeCommandFn = + (invokeCommand_f)(dlsym(g_libTeecHandle, "TEEC_InvokeCommand")); + if (teecApiTable->invokeCommandFn == NULL) { + TEEC_Error("get symbol TEEC_InvokeCommand failed\n"); + return TEEC_ERROR_GENERIC; + } + + return TEEC_SUCCESS; +} + +static TEEC_Result GetMemApiSymbol(TeecApiTable *teecApiTable) +{ + teecApiTable->registerSharedMemoryFn = + (registerSharedMemory_f)(dlsym(g_libTeecHandle, "TEEC_RegisterSharedMemory")); + if (teecApiTable->registerSharedMemoryFn == NULL) { + TEEC_Error("get symbol TEEC_RegisterSharedMemory failed\n"); + return TEEC_ERROR_GENERIC; + } + + teecApiTable->allocateSharedMemoryFn = + (allocateSharedMemory_f)(dlsym(g_libTeecHandle, "TEEC_AllocateSharedMemory")); + if (teecApiTable->allocateSharedMemoryFn == NULL) { + TEEC_Error("get symbol TEEC_AllocateSharedMemory failed\n"); + return TEEC_ERROR_GENERIC; + } + + teecApiTable->releaseSharedMemoryFn = + (releaseSharedMemory_f)(dlsym(g_libTeecHandle, "TEEC_ReleaseSharedMemory")); + if (teecApiTable->releaseSharedMemoryFn == NULL) { + TEEC_Error("get symbol TEEC_ReleaseSharedMemory failed\n"); + return TEEC_ERROR_GENERIC; + } + + teecApiTable->requestCancellationFn = + (requestCancellation_f)(dlsym(g_libTeecHandle, "TEEC_RequestCancellation")); + if (teecApiTable->requestCancellationFn == NULL) { + TEEC_Error("get symbol TEEC_RequestCancellation failed\n"); + return TEEC_ERROR_GENERIC; + } + + return TEEC_SUCCESS; +} + +static TEEC_Result GetTeecApiSymbol() +{ + TeecApiTable teecApiTable = {0}; + (void)pthread_mutex_lock(&g_libTeecHandleLock); + + if (g_libTeecHandle != NULL) { + (void)pthread_mutex_unlock(&g_libTeecHandleLock); + return TEEC_SUCCESS; + } + + g_libTeecHandle = dlopen(LIBTEEC_PATH, RTLD_LAZY); + if (g_libTeecHandle == NULL) { + TEEC_Error("dlopen libteec failed\n"); + (void)pthread_mutex_unlock(&g_libTeecHandleLock); + return TEEC_ERROR_GENERIC; + } + + if (GetBasicApiSymbol(&teecApiTable) != TEEC_SUCCESS || + GetMemApiSymbol(&teecApiTable) != TEEC_SUCCESS) { + TEEC_Error("get symbol failed\n"); + goto ERROR; + } + + g_teecApiTable = teecApiTable; + (void)pthread_mutex_unlock(&g_libTeecHandleLock); + return TEEC_SUCCESS; + +ERROR: + dlclose(g_libTeecHandle); + g_libTeecHandle = NULL; + (void)pthread_mutex_unlock(&g_libTeecHandleLock); + return TEEC_ERROR_GENERIC; +} + +/* + * The following are Interfaces for CA application, + * In these interfaces, you should make sure the function pointer in g_teecApiTable is not NULL + */ +TEEC_Result TEEC_InitializeContext(const char *name, TEEC_Context *context) +{ + TEEC_Result ret = GetTeecApiSymbol(); + if (ret != TEEC_SUCCESS) { + TEEC_Error("get teec api symbol failed!\n"); + return TEEC_ERROR_GENERIC; + } + + return g_teecApiTable.initializeContextFn(name, context); +} + +void TEEC_FinalizeContext(TEEC_Context *context) +{ + if (g_teecApiTable.finalizeContextFn == NULL) { + TEEC_Error("finalizeContextFn is null!\n"); + return; + } + + g_teecApiTable.finalizeContextFn(context); +} + +TEEC_Result TEEC_OpenSession(TEEC_Context *context, TEEC_Session *session, + const TEEC_UUID *destination, uint32_t connectionMethod, + const void *connectionData, TEEC_Operation *operation, + uint32_t *returnOrigin) +{ + if (g_teecApiTable.openSessionFn == NULL) { + TEEC_Error("openSessionFn is null!\n"); + return TEEC_ERROR_GENERIC; + } + + return g_teecApiTable.openSessionFn(context, session, destination, + connectionMethod, connectionData, operation, returnOrigin); +} + +void TEEC_CloseSession(TEEC_Session *session) +{ + if (g_teecApiTable.closeSessionFn == NULL) { + TEEC_Error("closeSessionFn is null!\n"); + return; + } + + g_teecApiTable.closeSessionFn(session); +} + +TEEC_Result TEEC_InvokeCommand(TEEC_Session *session, uint32_t commandID, + TEEC_Operation *operation, uint32_t *returnOrigin) +{ + if (g_teecApiTable.invokeCommandFn == NULL) { + TEEC_Error("invokeCommandFn is null!\n"); + return TEEC_ERROR_GENERIC; + } + + return g_teecApiTable.invokeCommandFn(session, commandID, operation, returnOrigin); +} + +TEEC_Result TEEC_RegisterSharedMemory(TEEC_Context *context, + TEEC_SharedMemory *sharedMem) +{ + if (g_teecApiTable.registerSharedMemoryFn == NULL) { + TEEC_Error("registerSharedMemoryFn is null!\n"); + return TEEC_ERROR_GENERIC; + } + + return g_teecApiTable.registerSharedMemoryFn(context, sharedMem); +} + +TEEC_Result TEEC_AllocateSharedMemory(TEEC_Context *context, + TEEC_SharedMemory *sharedMem) +{ + if (g_teecApiTable.allocateSharedMemoryFn == NULL) { + TEEC_Error("allocateSharedMemoryFn is null!\n"); + return TEEC_ERROR_GENERIC; + } + + return g_teecApiTable.allocateSharedMemoryFn(context, sharedMem); +} + +void TEEC_ReleaseSharedMemory(TEEC_SharedMemory *sharedMem) +{ + if (g_teecApiTable.releaseSharedMemoryFn == NULL) { + TEEC_Error("releaseSharedMemoryFn is null!\n"); + return; + } + + g_teecApiTable.releaseSharedMemoryFn(sharedMem); +} + +void TEEC_RequestCancellation(TEEC_Operation *operation) +{ + if (g_teecApiTable.requestCancellationFn == NULL) { + TEEC_Error("requestCancellationFn is null!\n"); + return; + } + + g_teecApiTable.requestCancellationFn(operation); +} diff --git a/test/CA/cert_manager/Makefile b/test/CA/cert_manager/Makefile new file mode 100644 index 0000000..589ac63 --- /dev/null +++ b/test/CA/cert_manager/Makefile @@ -0,0 +1,27 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2021-2022. All rights reserved. + +CUR_DIR=$(shell pwd) +ITRUSTEE_BUILD_PATH=${CUR_DIR}/../../../ + +TARGET_APP := certmanager + +APP_SOURCES := ./cert_file.c +APP_SOURCES += ./cert_manager.c + +APP_SOURCES += $(ITRUSTEE_BUILD_PATH)/src/CA/libteec_adaptor.c + +APP_CFLAGS += -fstack-protector-strong -fPIC + +APP_CFLAGS += -I$(ITRUSTEE_BUILD_PATH)/include/CA \ + -I$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck/include + +APP_LDFLAGS += -ldl -lpthread -lboundscheck + +APP_LDFLAGS += -z text -z now -z relro -z noexecstack -pie -s + +APP_OBJECTS := $(APP_SOURCES:.c=.o) +$(TARGET_APP): $(APP_SOURCES) + $(CC) $(APP_CFLAGS) -o $@ $(APP_SOURCES) $(APP_LDFLAGS) + +clean: + @rm -f *.o $(TARGET_APP) diff --git a/test/CA/cert_manager/cert_common.h b/test/CA/cert_manager/cert_common.h new file mode 100644 index 0000000..c485e0f --- /dev/null +++ b/test/CA/cert_manager/cert_common.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: CA for certification management. + */ +#ifndef CERT_COMMON_H +#define CERT_COMMON_H + +#define printf_err(msg, ...) fprintf(stderr, msg, ##__VA_ARGS__) +#define MAX_BUFFER_LEN 8192 +#define MAX_LOG_BUFFER_LEN 10000 + +#endif + diff --git a/test/CA/cert_manager/cert_file.c b/test/CA/cert_manager/cert_file.c new file mode 100644 index 0000000..87b62e1 --- /dev/null +++ b/test/CA/cert_manager/cert_file.c @@ -0,0 +1,100 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: CA for certification management. + */ +#include "cert_file.h" + +#include +#include +#include +#include +#include + +#include "cert_common.h" + +bool IsFileExist(const char *path) +{ + return access(path, F_OK) == 0; +} + +static int32_t GetFileSize(const char *path, long *size) +{ + int32_t ret; + struct stat buf; + ret = stat(path, &buf); + if (ret != 0) + printf_err("file stat failed: %s\n", path); + else + *size = buf.st_size; + return ret; +} + +int32_t LoadFromFs(void *buffer, size_t size, const char *filePath, size_t *fileSize) +{ + int32_t ret; + /* check file name */ + if (strstr(filePath, ".der") == NULL && strstr(filePath, ".crl") == NULL) { + ret = errno; + printf_err("only support der or crl file\n"); + goto end; + } + /* get file length */ + ret = GetFileSize(filePath, fileSize); + if (ret != 0) { + printf_err("get file length failed: %s\n", filePath); + goto end; + } + /* check file content overflow */ + if (*fileSize > size) { + printf_err("file is too long: %s\n", filePath); + ret = errno; + goto end; + } + /* read contents from file into buffer */ + FILE *fp = fopen(filePath, "r"); + if (fp == NULL) { + ret = errno; + printf_err("open file failed: %s\n", filePath); + goto end; + } + size_t readLen = fread(buffer, 1, size, fp); + if (readLen != *fileSize) { + ret = errno; + printf_err("read file failed: %s\n", filePath); + } + (void)fclose(fp); +end: + return ret; +} + +int32_t StoreToFs(const void *buffer, uint32_t size, const char *filePath) +{ + int32_t ret = 0; + if (buffer == NULL || size == 0 || filePath == NULL) { + printf_err("store to fs bad parameters\n"); + return errno; + } + /* write size of buffer into file */ + FILE *fp = fopen(filePath, "w"); + if (fp == NULL) { + ret = errno; + printf_err("open file failed: %s\n", filePath); + goto end; + } + size_t writeLen = fwrite(buffer, 1, size, fp); + if (writeLen != size) { + ret = errno; + printf_err("write file failed: %s\n", filePath); + } + (void)fclose(fp); +end: + return ret; +} diff --git a/test/CA/cert_manager/cert_file.h b/test/CA/cert_manager/cert_file.h new file mode 100644 index 0000000..7d68f40 --- /dev/null +++ b/test/CA/cert_manager/cert_file.h @@ -0,0 +1,25 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: CA for certification management. + */ +#ifndef CERT_FILE_H +#define CERT_FILE_H + +#include +#include +#include +#include + +bool IsFileExist(const char *path); +int32_t LoadFromFs(void *buffer, size_t size, const char *filePath, size_t* fileSize); +int32_t StoreToFs(const void *buffer, uint32_t size, const char *filePath); + +#endif diff --git a/test/CA/cert_manager/cert_manager.c b/test/CA/cert_manager/cert_manager.c new file mode 100644 index 0000000..da24c8f --- /dev/null +++ b/test/CA/cert_manager/cert_manager.c @@ -0,0 +1,368 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: CA for certification management. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert_file.h" +#include "cert_common.h" + +#define TA_PATH "/usr/bin/4acaf7c8-c652-4643-9b7a-cc07e7a3187a.sec" + +/* commands */ +#define CMD_DESTROY "destroy" +#define CMD_IMPORT "import" +#define CMD_IMPORT_CRL "import_crl" +#define CMD_EXPORT "export" +/* sub commands of export */ +#define CMD_EXPORT_CERT "cert" +#define CMD_EXPORT_LOG "log" + +/* number of command arguments */ +#define CMD_IMPORT_ARGC 3 +#define CMD_EXPORT_CERT_ARGC 4 +#define CMD_EXPORT_LOG_ARGC 3 +#define CMD_DESTROY_ARGC 2 +#define CMD_IMPORT_CRL_ARGC 3 + +/* index of command parameters */ +#define CMD_NAME 1 +#define CMD_IMPORT_ARG_PATH 2 +#define CMD_EXPORT_SUBCMD 2 +#define CMD_EXPORT_ARG_PATH 3 + +enum { + IPC_IMPORT_CERT = 1, + IPC_EXPORT_CERT = 2, + IPC_DESTROY_CERT = 3, + IPC_EXPORT_LOG = 4, + IPC_IMPORT_CRL = 5 +}; + +enum { + CERTMANGER_CMD_IMPORT_CERT = 1, + CERTMANGER_CMD_EXPORT = 2, + CERTMANGER_CMD_DESTROY = 3, + CERTMANGER_CMD_IMPORT_CRL = 4 +}; + +static TEEC_Result Destroy(TEEC_Session *session) +{ + TEEC_Result result; + /* invoke ipc command */ + TEEC_Operation operation = { 0 }; + operation.started = 1; + operation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE); + result = TEEC_InvokeCommand(session, IPC_DESTROY_CERT, &operation, NULL); + if (result != TEEC_SUCCESS) + printf_err("ipc failed\n"); + return result; +} + +static TEEC_Result ProcessExportResult(TEEC_SharedMemory *sharedMem, uint32_t len, const char *certPath) +{ + TEEC_Result result = TEEC_SUCCESS; + uint8_t *outbuf = (uint8_t *)malloc(sharedMem->size); + if (outbuf == NULL) { + printf_err("memory allocate failed\n"); + result = TEEC_ERROR_OUT_OF_MEMORY; + goto end; + } + if (len == 0) + printf_err("warning: empty content\n"); + /* replaced with memcpy(outbuf, sharedMem->buffer, len) when memcpy_s is not supported */ + if (memcpy_s(outbuf, sharedMem->size, sharedMem->buffer, len) != EOK) { + result = TEEC_ERROR_OUT_OF_MEMORY; + printf_err("memcpy_s failed\n"); + goto end; + } + if (certPath != NULL) { + if (StoreToFs(outbuf, len, certPath) != 0) { + result = TEEC_ERROR_WRITE_DATA; + printf_err("write to file failed: %s\n", certPath); + } + } else { + printf("%s\n", outbuf); + } +end: + if (outbuf != NULL) { + free(outbuf); + outbuf = NULL; + } + return result; +} + +static TEEC_Result Export(TEEC_Context *context, TEEC_Session *session, const char *cmdLine, const char *certPath) +{ + TEEC_Result result; + char realPath[PATH_MAX]; + /* 1. parse sub-command */ + uint32_t cmd; + if (memcmp(cmdLine, CMD_EXPORT_CERT, sizeof(CMD_EXPORT_CERT)) == 0) { + /* check Legality of certPath */ + if (realpath(certPath, realPath) == NULL) { + result = errno; + printf_err("illegal certification path: %s\n", certPath); + goto end; + } + cmd = IPC_EXPORT_CERT; + } else if (memcmp(cmdLine, CMD_EXPORT_LOG, sizeof(CMD_EXPORT_LOG)) == 0) { + cmd = IPC_EXPORT_LOG; + } else { + result = TEEC_ERROR_INVALID_CMD; + printf_err("unknown sub-command: %s\n", cmdLine); + goto end; + } + /* 2. allocate shared memory */ + TEEC_SharedMemory sharedMem; + sharedMem.size = (cmd == IPC_EXPORT_LOG) ? MAX_LOG_BUFFER_LEN : MAX_BUFFER_LEN; + sharedMem.flags = TEEC_MEM_OUTPUT | TEEC_MEM_INPUT; + result = TEEC_AllocateSharedMemory(context, &sharedMem); + if (result != TEEC_SUCCESS) { + printf_err("allocate shared memory failed\n"); + goto end; + } + /* 3. invoke ipc command */ + TEEC_Operation operation = { 0 }; + operation.started = 1; + operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INOUT, TEEC_NONE, TEEC_NONE, TEEC_NONE); + operation.params[0].memref.parent = &sharedMem; + operation.params[0].memref.offset = 0; + operation.params[0].memref.size = sharedMem.size; + result = TEEC_InvokeCommand(session, cmd, &operation, NULL); + if (result != TEEC_SUCCESS) { + printf_err("ipc failed\n"); + goto free_sharedMem; + } + /* 4. process ipc result */ + const char *path = cmd == IPC_EXPORT_CERT ? realPath : NULL; + result = ProcessExportResult(&sharedMem, operation.params[0].memref.size, path); +free_sharedMem: + TEEC_ReleaseSharedMemory(&sharedMem); +end: + return result; +} + +static TEEC_Result Import(TEEC_Context *context, TEEC_Session *session, const char *certPath) +{ + TEEC_Result result; + char realPath[PATH_MAX]; + /* 1. allocate shared memory */ + TEEC_SharedMemory sharedMem; + sharedMem.size = MAX_BUFFER_LEN; + sharedMem.flags = TEEC_MEM_OUTPUT | TEEC_MEM_INPUT; + result = TEEC_AllocateSharedMemory(context, &sharedMem); + if (result != TEEC_SUCCESS) { + printf_err("allocate shared memory failed\n"); + goto end; + } + /* 2. check certPath legality */ + if (realpath(certPath, realPath) == NULL) { + printf_err("illegal certification path:%s\n", certPath); + result = errno; + goto free_sharedMem; + } + if (!IsFileExist(realPath)) { + printf_err("certification not exist:%s\n", certPath); + result = TEEC_ERROR_BAD_PARAMETERS; + goto free_sharedMem; + } + /* 3. read cert from filesystem to shared memory */ + size_t fileSize = 0; + if (LoadFromFs(sharedMem.buffer, sharedMem.size, certPath, &fileSize) != 0) { + result = TEEC_ERROR_READ_DATA; + printf_err("load certification failed\n"); + goto free_sharedMem; + } + /* 4. invoke ipc command */ + TEEC_Operation operation = { 0 }; + operation.started = 1; + operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INPUT, TEEC_NONE, TEEC_NONE, TEEC_NONE); + operation.params[0].memref.parent = &sharedMem; + operation.params[0].memref.offset = 0; + operation.params[0].memref.size = fileSize; + result = TEEC_InvokeCommand(session, IPC_IMPORT_CERT, &operation, NULL); + if (result != TEEC_SUCCESS) + printf_err("ipc failed\n"); +free_sharedMem: + TEEC_ReleaseSharedMemory(&sharedMem); +end: + return result; +} + +static TEEC_Result ImportCrl(TEEC_Context *context, TEEC_Session *session, const char *certPath) +{ + TEEC_Result result; + char realPath[PATH_MAX]; + /* 1. allocate shared memory */ + TEEC_SharedMemory sharedMem; + sharedMem.size = MAX_BUFFER_LEN; + sharedMem.flags = TEEC_MEM_OUTPUT | TEEC_MEM_INPUT; + result = TEEC_AllocateSharedMemory(context, &sharedMem); + if (result != TEEC_SUCCESS) { + printf_err("allocate crl shared memory failed\n"); + goto end; + } + /* 2. check certPath legality */ + if (realpath(certPath, realPath) == NULL) { + printf_err("illegal certification path:%s\n", certPath); + result = errno; + goto free_sharedMem; + } + if (!IsFileExist(realPath)) { + printf_err("certification not exist:%s\n", certPath); + result = TEEC_ERROR_BAD_PARAMETERS; + goto free_sharedMem; + } + /* 3. read cert from filesystem to shared memory */ + size_t fileSize = 0; + if (LoadFromFs(sharedMem.buffer, sharedMem.size, certPath, &fileSize) != 0) { + result = TEEC_ERROR_READ_DATA; + printf_err("load crl failed\n"); + goto free_sharedMem; + } + /* 4. invoke ipc command */ + TEEC_Operation operation = { 0 }; + operation.started = 1; + operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INPUT, TEEC_NONE, TEEC_NONE, TEEC_NONE); + operation.params[0].memref.parent = &sharedMem; + operation.params[0].memref.offset = 0; + operation.params[0].memref.size = fileSize; + result = TEEC_InvokeCommand(session, IPC_IMPORT_CRL, &operation, NULL); + if (result != TEEC_SUCCESS) + printf_err("ipc failed\n"); +free_sharedMem: + TEEC_ReleaseSharedMemory(&sharedMem); +end: + return result; +} + +static TEEC_UUID g_taId = { + 0x4acaf7c8, 0xc652, 0x4643, + { 0x9b, 0x7a, 0xcc, 0x07, 0xe7, 0xa3, 0x18, 0x7a } +}; + +static TEEC_Result OpenSessionTa(TEEC_Context *context, TEEC_Session *session) +{ + TEEC_UUID *uuidp = &g_taId; + TEEC_Operation operation = { 0 }; + context->ta_path = (uint8_t *)TA_PATH; + operation.started = 1; + operation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE); + TEEC_Result result = TEEC_OpenSession(context, session, uuidp, TEEC_LOGIN_IDENTIFY, NULL, &operation, NULL); + if (result != TEEC_SUCCESS) { + printf_err("teec open session failed,result is 0x%x\n", result); + return result; + } + return TEEC_SUCCESS; +} + +static int32_t GetInputCmd(int argc, char *argv[]) +{ + if (argc < CMD_DESTROY_ARGC || argc > CMD_EXPORT_CERT_ARGC) { + printf_err("wrong parameters num \n"); + return -1; + } + /* 1. process command line */ + if (memcmp(argv[CMD_NAME], CMD_IMPORT, sizeof(CMD_IMPORT)) == 0 && argc == CMD_IMPORT_ARGC) { + /* import */ + return CERTMANGER_CMD_IMPORT_CERT; + } else if (memcmp(argv[CMD_NAME], CMD_IMPORT_CRL, sizeof(CMD_IMPORT_CRL)) == 0 && argc == CMD_IMPORT_CRL_ARGC) { + /* import crl */ + return CERTMANGER_CMD_IMPORT_CRL; + } else if (memcmp(argv[CMD_NAME], CMD_EXPORT, sizeof(CMD_EXPORT)) == 0 && + (argc == CMD_EXPORT_CERT_ARGC || argc == CMD_EXPORT_LOG_ARGC)) { + /* export */ + return CERTMANGER_CMD_EXPORT; + } else if (memcmp(argv[CMD_NAME], CMD_DESTROY, sizeof(CMD_DESTROY)) == 0 && argc == CMD_DESTROY_ARGC) { + /* destroy */ + return CERTMANGER_CMD_DESTROY; + } else { + /* undefined */ + printf("invalid command \n"); + return -1; + } +} + +static TEEC_Result SelectCmd(char *argv[], TEEC_Context *context, TEEC_Session *session, int32_t cmd) +{ + switch (cmd) { + case CERTMANGER_CMD_IMPORT_CERT: + return Import(context, session, argv[CMD_IMPORT_ARG_PATH]); + case CERTMANGER_CMD_IMPORT_CRL: + return ImportCrl(context, session, argv[CMD_IMPORT_ARG_PATH]); + case CERTMANGER_CMD_EXPORT: + return Export(context, session, argv[CMD_EXPORT_SUBCMD], argv[CMD_EXPORT_ARG_PATH]); + case CERTMANGER_CMD_DESTROY: + return Destroy(session); + default: + printf_err("failed, errno input:%d\n", cmd); + return TEEC_ERROR_INVALID_CMD; + } +} + +int main(int argc, char *argv[]) +{ + int32_t ret = 0; + TEEC_Result result; + TEEC_Context context; + TEEC_Session session; + + /* 1. check input cmd */ + int32_t cmd = GetInputCmd(argc, argv); + if (cmd <= 0) { + printf_err("input parameter errno\n"); + return -1; + } + + /* 2. init context */ + result = TEEC_InitializeContext(NULL, &context); + if (result != TEEC_SUCCESS) { + printf_err("teec initialize failed\n"); + return -1; + } + + /* 3. open session */ + result = OpenSessionTa(&context, &session); + if (result != TEEC_SUCCESS) { + printf_err("teec open session failed\n"); + goto final; + } + + /* 4. select cmd */ + result = SelectCmd(argv, &context, &session, cmd); + switch (result) { + case TEEC_SUCCESS: + printf("success\n"); + break; + case TEEC_ERROR_ITEM_NOT_FOUND: + printf_err("ssa log is not exist\n"); + ret = -1; + goto close; + default: + printf_err("certmanger error: %d\n", result); + ret = -1; + goto close; + } +close: + TEEC_CloseSession(&session); +final: + TEEC_FinalizeContext(&context); + return ret; +} diff --git a/test/CA/helloworld/Makefile b/test/CA/helloworld/Makefile new file mode 100644 index 0000000..d4392da --- /dev/null +++ b/test/CA/helloworld/Makefile @@ -0,0 +1,24 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved. +CUR_DIR=$(shell pwd) +ITRUSTEE_BUILD_PATH=${CUR_DIR}/../../../ + +TARGET_APP := demo_hello + +APP_SOURCES := ./ca_demo.c + +APP_SOURCES += $(ITRUSTEE_BUILD_PATH)/src/CA/libteec_adaptor.c + +APP_CFLAGS += -fstack-protector-strong -fPIC + +APP_CFLAGS += -I$(ITRUSTEE_BUILD_PATH)/include/CA \ + +APP_LDFLAGS += -ldl -lpthread + +APP_LDFLAGS += -z text -z now -z relro -z noexecstack -pie -s + +APP_OBJECTS := $(APP_SOURCES:.c=.o) +$(TARGET_APP): $(APP_SOURCES) + @$(CC) $(APP_CFLAGS) -o $@ $(APP_SOURCES) $(APP_LDFLAGS) + +clean: + rm -f *.o $(TARGET_APP) diff --git a/test/CA/helloworld/ca_demo.c b/test/CA/helloworld/ca_demo.c index 57c0e35..630ce84 100755 --- a/test/CA/helloworld/ca_demo.c +++ b/test/CA/helloworld/ca_demo.c @@ -1,6 +1,6 @@ /* * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,6 +8,7 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: C file template for CA */ #include @@ -25,10 +26,8 @@ #define OPERATION_START_FLAG 1 #define OUT_BUFF_INDEX 3 -static const TEEC_UUID DEMO_TEMPLATE_UUID = -{ - 0xe3d37f4a, 0xf24c, 0x48d0, - { 0x88, 0x84, 0x3b, 0xdd, 0x6c, 0x44, 0xe9, 0x88 } +static const TEEC_UUID g_demoTemplateUuid = { + 0xe3d37f4a, 0xf24c, 0x48d0, { 0x88, 0x84, 0x3b, 0xdd, 0x6c, 0x44, 0xe9, 0x88 } }; enum { @@ -57,16 +56,14 @@ int main(void) operation.paramTypes = TEEC_PARAM_TYPES( TEEC_NONE, TEEC_NONE, - TEEC_MEMREF_TEMP_INPUT, - TEEC_MEMREF_TEMP_INPUT); + TEEC_NONE, + TEEC_NONE); result = TEEC_OpenSession( - &context, &session, &DEMO_TEMPLATE_UUID, TEEC_LOGIN_IDENTIFY, NULL, &operation, &origin); + &context, &session, &g_demoTemplateUuid, TEEC_LOGIN_IDENTIFY, NULL, &operation, &origin); if (result != TEEC_SUCCESS) { printf("teec open session failed"); goto cleanup_2; - } else { - TEEC_Debug("teec open session successed"); } operation.started = OPERATION_START_FLAG; diff --git a/test/CA/libqca/Makefile b/test/CA/libqca/Makefile new file mode 100644 index 0000000..51d5112 --- /dev/null +++ b/test/CA/libqca/Makefile @@ -0,0 +1,42 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved. +CUR_DIR=$(shell pwd) +ITRUSTEE_BUILD_PATH=${CUR_DIR}/../../../ + +TARGET_LIB := libqca.so +TARGET_DIR := output +TARGET_LIB_BOUNDSCHECK := libboundscheck.so + +LIB_SOURCES := src/ra_operate_api.c + +LIB_SOURCES += $(ITRUSTEE_BUILD_PATH)/src/CA/libteec_adaptor.c + +LIB_CFLAGS += -Werror -Wall -Wextra -fstack-protector-strong -Wl,-z,relro,-z,now,-z,noexecstack -s -fPIC -D_FORTIFY_SOURCE=2 -O2 + +LIB_CFLAGS += -I$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck/include +LIB_CFLAGS += -I$(ITRUSTEE_BUILD_PATH)/include/CA +LIB_CFLAGS += -I./include + +LIB_LDFLAGS += -ldl -lpthread +LIB_LDFLAGS += -lboundscheck -L$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck/lib/ + +LIB_OBJECTS := $(LIB_SOURCES:.c=.o) + +all: $(TARGET_LIB_BOUNDSCHECK) $(TARGET_LIB) + +LIB_BOUNDSCHECK_DIR := $(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck/ +$(TARGET_LIB_BOUNDSCHECK): + @echo "compile libboundscheck start" + @$(MAKE) -C $(LIB_BOUNDSCHECK_DIR) + @echo "compile libboundscheck finish" + +$(TARGET_LIB): $(TARGET_LIB_BOUNDSCHECK) $(LIB_SOURCES) + @echo "start compile libqca.so ......" + @$(CC) -shared $(LIB_CFLAGS) -o $@ $(LIB_SOURCES) $(LIB_LDFLAGS) + @mkdir -p $(TARGET_DIR) + @mv $(TARGET_LIB) $(TARGET_DIR) + @echo "compile libqca.so done!" + +clean: + $(MAKE) -C $(LIB_BOUNDSCHECK_DIR) clean + rm -rf $(LIB_OBJECTS) + rm -rf $(TARGET_DIR) diff --git a/test/CA/libqca/include/ra_client_api.h b/test/CA/libqca/include/ra_client_api.h new file mode 100644 index 0000000..dd793a3 --- /dev/null +++ b/test/CA/libqca/include/ra_client_api.h @@ -0,0 +1,22 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ +#ifndef LIBQCA_H +#define LIBQCA_H +#include + +struct ra_buffer_data { + uint32_t size; + uint8_t *buf; +}; + +TEEC_Result RemoteAttest(struct ra_buffer_data *in, struct ra_buffer_data *out); +#endif diff --git a/test/CA/libqca/src/ra_log.h b/test/CA/libqca/src/ra_log.h new file mode 100644 index 0000000..1cb9d38 --- /dev/null +++ b/test/CA/libqca/src/ra_log.h @@ -0,0 +1,27 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ +#ifndef LIBQCA_RA_LOG_H +#define LIBQCA_RA_LOG_H + +#define TAG_WARN "[warn]" +#define TAG_INFO "[info]" +#define TAG_ERROR "[error]" +#define TAG_DEBUG "[debug]" + +#define LIBQCA_PREFIX "libqca" + +#define tloge(fmt, args...) printf("[%s] %s %d:" fmt " ", LIBQCA_PREFIX, TAG_ERROR, __LINE__, ##args) +#define tlogd(fmt, args...) printf("[%s] %s %d:" fmt " ", LIBQCA_PREFIX, TAG_DEBUG, __LINE__, ##args) +#define tlogi(fmt, args...) printf("[%s] %s %d:" fmt " ", LIBQCA_PREFIX, TAG_INFO, __LINE__, ##args) +#define tlogw(fmt, args...) printf("[%s] %s %d:" fmt " ", LIBQCA_PREFIX, TAG_WARN, __LINE__, ##args) + +#endif diff --git a/test/CA/libqca/src/ra_operate_api.c b/test/CA/libqca/src/ra_operate_api.c new file mode 100644 index 0000000..810f11f --- /dev/null +++ b/test/CA/libqca/src/ra_operate_api.c @@ -0,0 +1,147 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ +#include "ra_operate_api.h" +#include +#include +#include "tee_client_api.h" +#include "securec.h" +#include "ra_log.h" +#include "ra_client_api.h" + +static const TEEC_UUID g_tee_qta_uuid = { + 0xe08f7eca, 0xe875, 0x440e, { + 0x9a, 0xb0, 0x5f, 0x38, 0x11, 0x36, 0xc6, 0x00 + } +}; + +static TEEC_Result set_remote_attest_out_data(TEEC_SharedMemory *shared_out, uint32_t out_size, + struct ra_buffer_data *out) +{ + if (out == NULL || out->buf == NULL) { + return TEEC_SUCCESS; + } + if (out_size == 0) { + out->size = out_size; + return TEEC_SUCCESS; + } else if (out_size > out->size) { + tloge("out size is too short\n"); + return TEEC_ERROR_SHORT_BUFFER; + } + if (memcpy_s(out->buf, out->size, shared_out->buffer, out_size) != EOK) { + tloge("memcpy shared out buffer failed\n"); + return TEEC_ERROR_GENERIC; + } + out->size = out_size; + return TEEC_SUCCESS; +} + +static TEEC_Result handle_remote_attest(TEEC_Context *context, TEEC_Session *session, struct ra_buffer_data *in, + struct ra_buffer_data *out) +{ + uint32_t origin; + TEEC_Operation operation = {0}; + operation.started = 1; + operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INPUT, TEEC_MEMREF_PARTIAL_OUTPUT, + TEEC_VALUE_OUTPUT, TEEC_NONE); + + TEEC_SharedMemory shared_in; + (void)memset_s(&shared_in, sizeof(shared_in), 0, sizeof(shared_in)); + shared_in.size = in->size; + shared_in.flags = TEEC_MEM_INPUT; + TEEC_Result result = TEEC_AllocateSharedMemory(context, &shared_in); + if (result != TEEC_SUCCESS) { + tloge("allocate shared input failed, result = 0x%x.\n", result); + return result; + } + operation.params[0].memref.parent = &shared_in; + operation.params[0].memref.size = shared_in.size; + operation.params[0].memref.offset = 0; + (void)memcpy_s(shared_in.buffer, in->size, in->buf, in->size); + + TEEC_SharedMemory shared_out; + (void)memset_s(&shared_out, sizeof(shared_out), 0, sizeof(shared_out)); + shared_out.flags = TEEC_MEM_OUTPUT; + if (out != NULL && out->buf != NULL) { + shared_out.size = out->size; + result = TEEC_AllocateSharedMemory(context, &shared_out); + if (result != TEEC_SUCCESS) { + tloge("allocate shared output failed, result = 0x%x.\n", result); + goto clear1; + } + (void)memset_s(out->buf, out->size, 0, out->size); + (void)memset_s(shared_out.buffer, shared_out.size, 0, shared_out.size); + } + operation.params[1].memref.parent = &shared_out; + operation.params[1].memref.size = shared_out.size; + operation.params[1].memref.offset = 0; + + result = TEEC_InvokeCommand(session, REMOTE_ATTEST_CMD, &operation, &origin); + if (result != TEEC_SUCCESS) { + tloge("invoke command failed, result = 0x%x\n", result); + goto clear2; + } + + result = set_remote_attest_out_data(&shared_out, operation.params[2].value.a, out); +clear2: + if (out != NULL && out->buf != NULL) + TEEC_ReleaseSharedMemory(&shared_out); +clear1: + TEEC_ReleaseSharedMemory(&shared_in); + return result; +} + +TEEC_Result RemoteAttest(struct ra_buffer_data *in, struct ra_buffer_data *out) +{ + if (in == NULL || in->buf == NULL || in->size == 0 || in->size > PARAMS_RESERVED_SIZE) { + tloge("check input failed\n"); + return TEEC_ERROR_BAD_PARAMETERS; + } + + if (out != NULL) { + if (out->size > SHAREMEM_LIMIT || (out->buf == NULL && out->size > 0) || + (out->buf != NULL && out->size < OUT_DATA_RESERVED_SIZE)) { + tloge("check output failed\n"); + return TEEC_ERROR_BAD_PARAMETERS; + } + } + + TEEC_Context context = {0}; + TEEC_Session session = {0}; + TEEC_Operation operation = {0}; + TEEC_UUID uuid = g_tee_qta_uuid; + + TEEC_Result result = TEEC_InitializeContext(NULL, &context); + if (result != TEEC_SUCCESS) { + tloge("init context is failed, result is 0x%x\n", result); + return result; + } + + operation.started = 1; + operation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE); + result = TEEC_OpenSession(&context, &session, &uuid, TEEC_LOGIN_IDENTIFY, NULL, &operation, NULL); + if (result != TEEC_SUCCESS) { + tloge("open session is failed, result is 0x%x\n", result); + goto cleanup_1; + } + + result = handle_remote_attest(&context, &session, in, out); + if (result != TEEC_SUCCESS) { + tloge("handle remote attest failed, result is 0x%x\n", result); + goto cleanup_2; + } + +cleanup_2: + TEEC_CloseSession(&session); +cleanup_1: + TEEC_FinalizeContext(&context); + return result; +} diff --git a/test/CA/libqca/src/ra_operate_api.h b/test/CA/libqca/src/ra_operate_api.h new file mode 100644 index 0000000..0269712 --- /dev/null +++ b/test/CA/libqca/src/ra_operate_api.h @@ -0,0 +1,24 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ +#ifndef LIBQCA_RA_OPERATE_H +#define LIBQCA_RA_OPERATE_H + +#include +#include "tee_client_api.h" +#include "ra_client_api.h" + +#define SHAREMEM_LIMIT (0x100000) /* 1 MB */ +#define PARAMS_RESERVED_SIZE (0x2000) +#define OUT_DATA_RESERVED_SIZE (0x3000) +#define REMOTE_ATTEST_CMD (0x1001) + +#endif diff --git a/test/TA/cert_manager/CMakeLists.txt b/test/TA/cert_manager/CMakeLists.txt new file mode 100644 index 0000000..47a92b9 --- /dev/null +++ b/test/TA/cert_manager/CMakeLists.txt @@ -0,0 +1,38 @@ +# sdk cmake. +# Copyright (c) Huawei Technologies Co., Ltd. 2021-2022. All rights reserved. +cmake_minimum_required(VERSION 3.16 FATAL_ERROR) +project(tee_sdk C) + +if (PROJECT_SOURCE_DIR STREQUAL PROJECT_BINARY_DIR) + message(FATAL_ERROR "Forbid compiling in the source tree") +endif() + +include(${CMAKE_CURRENT_SOURCE_DIR}/config.cmake) +include($ENV{ITRUSTEE_BUILD_PATH}/build/cmake/common.cmake) + +set(LIBRARY_OUTPUT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) +set(CURRENT_TARGET_SO "combine") + +set(SDK_C_SOURCES + ${SDK_C_SOURCES} + src/cert_logger.c + src/cert_manager.c +) + +set(COMMON_INCLUDES + ${COMMON_INCLUDES} + ${CMAKE_CURRENT_SOURCE_DIR}/include + ${CMAKE_CURRENT_SOURCE_DIR}/src + ${CMAKE_CURRENT_SOURCE_DIR}/../../../include/TA +) + +add_library(${CURRENT_TARGET_SO} SHARED ${SDK_C_SOURCES}) +target_include_directories(${CURRENT_TARGET_SO} PUBLIC ${COMMON_INCLUDES}) +target_compile_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_CFLAGS}) +target_link_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_LDFLAGS}) + +add_custom_command( + TARGET ${CURRENT_TARGET_SO} POST_BUILD + COMMAND sh $ENV{ITRUSTEE_BUILD_PATH}/build/tools/ta_entry_check.sh ${CMAKE_READELF} ${CMAKE_CURRENT_SOURCE_DIR}/libcombine.so n y ${TARGET_IS_ARM64} + COMMAND python3 -B $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/signtool_v3.py ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR} --privateCfg $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/config_cloud.ini +) diff --git a/test/TA/cert_manager/Makefile b/test/TA/cert_manager/Makefile new file mode 100644 index 0000000..19ef02c --- /dev/null +++ b/test/TA/cert_manager/Makefile @@ -0,0 +1,34 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2021-2022. All rights reserved. +include ./config.mk +include ../../../build/mk/common.mk + +# set the compilation tool chain example : export CC=path_to_gcc ; export LD=path_to_ld + +SRC += $(wildcard src/*.c) + +# set header directory +INCLUDEDIR += -I${CUR_DIR}/include +INCLUDEDIR += -I${CUR_DIR}/src +INCLUDEDIR += -I${CUR_DIR}/../../../include/TA + +#set libhwsecurec path example : INCLUDEDIR += -Ipath_to_libhwsecurec + +# set target +COBJS := $(SRC:%.c=%.o) +TARGET = $(COBJS) + +sec_binary:combine + python3 -B ${SIGNTOOL_DIR}/signtool_v3.py ${CUR_DIR} ${CUR_DIR} --privateCfg ${SIGNTOOL_DIR}/config_cloud.ini + +combine: $(TARGET) + $(LD) $(LDFLAGS) $(TARGET) $(EXTRAO) -o libcombine.so + bash $(ITRUSTEE_BUILD_PATH)/build/tools/ta_entry_check.sh $(READELF) $(shell pwd)/libcombine.so n y $(TARGET_IS_ARM64) + +src/%.o: ./src/%.c + $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@ + +%.o: %.c + $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@ + +clean: + rm -f $(COBJS) *.so *.sec diff --git a/test/TA/cert_manager/config.cmake b/test/TA/cert_manager/config.cmake new file mode 100644 index 0000000..933d051 --- /dev/null +++ b/test/TA/cert_manager/config.cmake @@ -0,0 +1,11 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. +# +# API_LEVEL which indicates the GP API version of TA +# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee +# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner +# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support +# If no API_LEVEL is specified, API of GP 1.0 will be taken +set(COMMON_CFLAGS -DAPI_LEVEL=1) +if ("${TARGET_IS_ARM64}" STREQUAL "") + set(TARGET_IS_ARM64 y) +endif() \ No newline at end of file diff --git a/test/TA/cert_manager/config.mk b/test/TA/cert_manager/config.mk new file mode 100644 index 0000000..5e4ccfa --- /dev/null +++ b/test/TA/cert_manager/config.mk @@ -0,0 +1,12 @@ +# +# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. +# +# API_LEVEL which indicates the GP API version of TA +# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee +# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner +# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support +# If no API_LEVEL is specified, API of GP 1.0 will be taken +CFLAGS += -DAPI_LEVEL=1 +ifeq ($(TARGET_IS_ARM64),) + TARGET_IS_ARM64 = y +endif \ No newline at end of file diff --git a/test/TA/cert_manager/config.sh b/test/TA/cert_manager/config.sh new file mode 100644 index 0000000..ad3c822 --- /dev/null +++ b/test/TA/cert_manager/config.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. +# This script is used to compile the demo sdk. +set -e + +export SOURCE_PATH=$(dirname $0) +export ABS_SOURCE_PATH=$(cd ${SOURCE_PATH};pwd) +export ITRUSTEE_BUILD_PATH=${ABS_SOURCE_PATH}/../../.. + +#clean +if [ "$#" -eq 1 ] && [ "$1"x = "clean"x ]; then + rm -f *.o *.so *.sec + if [ -d "cmake_build" ]; then + rm -rf cmake_build + echo "rm -rf cmake_build" + fi + exit 0 +fi + +echo "Cmake compile TA begin" +if [ -d "cmake_build" ]; then + rm -rf cmake_build + echo "rm -rf cmake_build" +fi +mkdir -p cmake_build +echo "mkdir cmake_build" +cd cmake_build/ + +cmake -DCMAKE_TOOLCHAIN_FILE=${ITRUSTEE_BUILD_PATH}/build/cmake/aarch64_toolchain.cmake .. + +make VERBOSE=1 + +cd .. +rm -rf cmake_build \ No newline at end of file diff --git a/test/TA/cert_manager/include/cert_config.h b/test/TA/cert_manager/include/cert_config.h new file mode 100644 index 0000000..dee55d0 --- /dev/null +++ b/test/TA/cert_manager/include/cert_config.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: declaration of logger tool interfaces. + */ +#ifndef CERT_CONFIG_H +#define CERT_CONFIG_H + +#define CERT_MANAGER_DEPLOY_PATH "/usr/bin/certmanager" +#define CERT_MANAGER_DEPLOY_USER "root" + +/* + * defines the public key for verifying the imported certification. + */ +const char g_root_public_key[] = { +/* add public_key len 550*/ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +}; + +#endif diff --git a/test/TA/cert_manager/manifest.txt b/test/TA/cert_manager/manifest.txt new file mode 100644 index 0000000..c3f9b41 --- /dev/null +++ b/test/TA/cert_manager/manifest.txt @@ -0,0 +1,7 @@ +gpd.ta.appID: 4acaf7c8-c652-4643-9b7a-cc07e7a3187a +gpd.ta.service_name: certmanager +gpd.ta.singleInstance: true +gpd.ta.multiSession: true +gpd.ta.instanceKeepAlive: false +gpd.ta.dataSize: 2097152 +gpd.ta.stackSize: 32768 \ No newline at end of file diff --git a/test/TA/cert_manager/src/cert_logger.c b/test/TA/cert_manager/src/cert_logger.c new file mode 100644 index 0000000..99b1dfb --- /dev/null +++ b/test/TA/cert_manager/src/cert_logger.c @@ -0,0 +1,165 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: logger tool implementations. + */ +#include "cert_logger.h" + +#include +#include +#include +#include +#include + +static const char *g_log_path = "dyn_crt_op.log"; + +static TEE_Result log_open(TEE_ObjectHandle *obj, uint32_t flag) +{ + uint32_t storage_id = TEE_OBJECT_STORAGE_PRIVATE; + uint32_t create_flag = TEE_DATA_FLAG_ACCESS_WRITE | + TEE_DATA_FLAG_ACCESS_WRITE_META | + TEE_DATA_FLAG_ACCESS_READ; + /* open log file */ + TEE_Result ret = TEE_OpenPersistentObject(storage_id, g_log_path, strlen(g_log_path), flag, obj); + if (ret == TEE_ERROR_ITEM_NOT_FOUND && + (((flag & TEE_DATA_FLAG_ACCESS_WRITE) != 0) || ((flag & TEE_DATA_FLAG_ACCESS_WRITE_META) != 0) || + ((flag & TEE_DATA_FLAG_SHARE_WRITE) != 0))) { + /* create it if file is not exist when writing or changing metadata */ + tlogi("file not exist, creating: %s\n", g_log_path); + ret = TEE_CreatePersistentObject(storage_id, g_log_path, strlen(g_log_path), + create_flag, TEE_HANDLE_NULL, + NULL, 0, obj); + if (ret != TEE_SUCCESS) + tloge("create file failed: %s\n", g_log_path); + } + return ret; +} + +/* truncate if the file beyonds MAX_LOG_LINE_NUM */ +static TEE_Result log_truncate(TEE_ObjectHandle obj) +{ + TEE_Result ret; + char buf[MAX_LOG_SIZE] = { 0 }; + uint32_t len = 0; + /* 1. read all content in the log file into memory buf */ + ret = TEE_SeekObjectData(obj, 0, TEE_DATA_SEEK_SET); + if (ret != TEE_SUCCESS) { + tloge("seek file failed: %s\n", g_log_path); + goto end; + } + ret = TEE_ReadObjectData(obj, buf, sizeof(buf), &len); + if (ret != TEE_SUCCESS) { + tloge("read file failed: %s\n", g_log_path); + goto end; + } + /* 2. statistic line-breaks for counting lines */ + int line_cnt = 0; + for (uint32_t i = 0; i < len; ++i) { + if (buf[i] == '\n') + line_cnt += 1; + } + /* 3. if the line number is overflow, remove the first (line_cnt - MAX_LOG_LINE_NUM) lines */ + if (line_cnt > MAX_LOG_LINE_NUM) { + /* line break */ + uint32_t line_break_idx = 0; + uint32_t remain = line_cnt - MAX_LOG_LINE_NUM; + for (uint32_t i = 0; remain > 0; ++i) { + if (buf[i] == '\n') { + line_break_idx = i; + remain--; + } + } + /* 3.1 override the first (line_cnt - MAX_LOG_LINE_NUM) lines */ + uint32_t resize_to = len - line_break_idx - 1; + if (memmove_s(buf, sizeof(buf), buf + line_break_idx + 1, resize_to) != EOK) { + tloge("memory movement failed\n"); + ret = TEE_ERROR_OUT_OF_MEMORY; + goto end; + } + /* 3.2 write back to the start of file */ + ret = TEE_SeekObjectData(obj, 0, TEE_DATA_SEEK_SET); + if (ret != TEE_SUCCESS) { + tloge("seek file failed: %s\n", g_log_path); + goto end; + } + ret = TEE_WriteObjectData(obj, buf, resize_to); + if (ret != TEE_SUCCESS) + tloge("write file failed: %s\n", g_log_path); + /* 3.3 truncate to correct size */ + ret = TEE_TruncateObjectData(obj, resize_to); + if (ret != TEE_SUCCESS) + tloge("truncate file failed: %s\n", g_log_path); + } +end: + return ret; +} + +/* write a NULL-terminated string into log */ +TEE_Result cert_log_write(char *log_info) +{ + TEE_Result ret; + TEE_ObjectHandle obj; + if (log_info == NULL) + return TEE_ERROR_BAD_PARAMETERS; + /* 1. open log file */ + uint32_t open_flag = TEE_DATA_FLAG_ACCESS_WRITE | + TEE_DATA_FLAG_SHARE_WRITE | + TEE_DATA_FLAG_SHARE_READ | + TEE_DATA_FLAG_ACCESS_READ; + ret = log_open(&obj, open_flag); + if (ret != TEE_SUCCESS) { + tloge("open file failed: %s\n", g_log_path); + goto end; + } + /* 2. append log to the end */ + ret = TEE_SeekObjectData(obj, 0, TEE_DATA_SEEK_END); + if (ret != TEE_SUCCESS) { + tloge("seek file failed: %s\n", g_log_path); + goto close; + } + ret = TEE_WriteObjectData(obj, log_info, strlen(log_info)); + if (ret != TEE_SUCCESS) { + tloge("write file failed: %s\n", g_log_path); + goto close; + } + /* 3. truncate the file for keeping the number of lines MAX_LOG_LINE_NUM */ + ret = log_truncate(obj); + if (ret != TEE_SUCCESS) { + tloge("roll back file failed: %s\n", g_log_path); + goto close; + } +close: + (void)TEE_SyncPersistentObject(obj); + TEE_CloseObject(obj); +end: + return ret; +} + +TEE_Result cert_log_read(char *dst, uint64_t dst_len, uint32_t *read_len) +{ + TEE_Result ret; + TEE_ObjectHandle obj; + if (dst == NULL || read_len == NULL) + return TEE_ERROR_BAD_PARAMETERS; + /* 1. open log file */ + uint32_t open_flag = TEE_DATA_FLAG_ACCESS_READ | TEE_DATA_FLAG_SHARE_READ; + ret = log_open(&obj, open_flag); + if (ret != TEE_SUCCESS) { + tloge("open file failed: %s\n", g_log_path); + goto end; + } + /* 2. read log file */ + ret = TEE_ReadObjectData(obj, dst, dst_len, read_len); + if (ret != TEE_SUCCESS) + tloge("read file failed: %s\n", g_log_path); + TEE_CloseObject(obj); +end: + return ret; +} diff --git a/test/TA/cert_manager/src/cert_logger.h b/test/TA/cert_manager/src/cert_logger.h new file mode 100644 index 0000000..ec8ebeb --- /dev/null +++ b/test/TA/cert_manager/src/cert_logger.h @@ -0,0 +1,31 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: declaration of logger tool interfaces. + */ +#ifndef CERT_LOGGER_H +#define CERT_LOGGER_H + +#include + +/* + * MAX_LOG_LINE_NUM: defines the max line numbers of which the operation log records. + * MAX_LOG_LINE_LEN: defines the max length of each operation log entry. + * MAX_LOG_SIZE: defines the max size of the operation log file. + * Notice: MAX_LOG_LINE_NUM * MAX_LOG_LINE_LEN <= MAX_LOG_SIZE + */ +#define MAX_LOG_LINE_NUM 60 +#define MAX_LOG_LINE_LEN 150 +#define MAX_LOG_SIZE 10000 + +TEE_Result cert_log_write(char *log_info); +TEE_Result cert_log_read(char *dst, uint64_t dst_len, uint32_t *read_len); + +#endif diff --git a/test/TA/cert_manager/src/cert_manager.c b/test/TA/cert_manager/src/cert_manager.c new file mode 100644 index 0000000..7764af8 --- /dev/null +++ b/test/TA/cert_manager/src/cert_manager.c @@ -0,0 +1,301 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + * Description: do cert management on kunpeng. + */ +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert_logger.h" + +enum { + SAVE_CERT_CMD = 1, + SEARCH_CERT_CMD = 2, + DEL_CERT_CMD = 3, + SEARCH_LOG_CMD = 4, + SEND_CRL_CMD = 5 +}; + +#define ACTION_CRT_EXPORT "export" +#define ACTION_CRT_IMPORT "cert_import" +#define ACTION_CRL_IMPORT "crl_import" +#define ACTION_CRT_REMOVE "remove" +#define ACTION_CRT_UNDEFINED "undefined" +#define MAX_BUFFER_LEN 8192 +#define MAX_LOG_BUFFER_LEN 10000 +#define BASE_YEAR 1900 +#define BASE_MON 1 + +static void log_action(const char *action, TEE_Result result) +{ + /* format result */ + char *suc = result == TEE_SUCCESS ? "true" : "false"; + /* get system time */ + struct timespec time; + clock_gettime(CLOCK_REALTIME, &time); + struct tm *lt = localtime(&time.tv_sec); + if (lt == NULL) { + tloge("get UTC time failed\n"); + return; + } + /* format log entry: "[yyyy/mm/dd HH:MM:SS] ACTION: xxx, SUCCESS: true/false " */ + char buf[MAX_LOG_LINE_LEN]; + if (snprintf_s(buf, sizeof(buf), sizeof(buf) - 1, + "[UTC:%04d/%02d/%02d %02d:%02d:%02d] ACTION: %s, SUCCESS: %s.\n", + lt->tm_year + BASE_YEAR, lt->tm_mon + BASE_MON, lt->tm_mday, lt->tm_hour, lt->tm_min, lt->tm_sec, + action, suc) < 0) { + tloge("format log entry failed\n"); + return; + } + /* write into log file on ssa */ + if (cert_log_write(buf) != TEE_SUCCESS) + tloge("write to log failed\n"); +} + +/* ---------------------------------------------------------------------------- + * Trusted Application Entry Points + * ---------------------------------------------------------------------------- + */ + +static TEE_Result cert_verify_and_send(uint32_t param_types, TEE_Param params[4]) +{ + TEE_Result ret; + const char *pubkey = g_root_public_key; + uint32_t pubkey_len = sizeof(g_root_public_key) / sizeof(char); + if (!check_param_type(param_types, + TEE_PARAM_TYPE_MEMREF_INPUT, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE)) { + tloge("Bad expected parameter types, 0x%x.\n", param_types); + return TEE_ERROR_BAD_PARAMETERS; + } + + if (params[0].memref.size == 0 || params[0].memref.size > MAX_BUFFER_LEN || params[0].memref.buffer == NULL) { + tloge("Bad expected parameter.\n"); + return TEE_ERROR_BAD_PARAMETERS; + } + + ret = ta_signing_cert_import(params[0].memref.buffer, params[0].memref.size, pubkey, pubkey_len); + if (ret != TEE_SUCCESS) + tloge("cert store failed\n"); + return ret; +} + +static TEE_Result crl_send_service(uint32_t param_types, TEE_Param params[4]) +{ + TEE_Result ret; + if (!check_param_type(param_types, + TEE_PARAM_TYPE_MEMREF_INPUT, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE)) { + tloge("Bad expected parameter types, 0x%x.\n", param_types); + return TEE_ERROR_BAD_PARAMETERS; + } + + if (params[0].memref.size == 0 || params[0].memref.size > MAX_BUFFER_LEN || params[0].memref.buffer == NULL) { + tloge("Bad expected parameter.\n"); + return TEE_ERROR_BAD_PARAMETERS; + } + + ret = TEE_EXT_crl_cert_process(params[0].memref.buffer, params[0].memref.size); + if (ret != TEE_SUCCESS) + tloge("crl send failed\n"); + return ret; +} + +static TEE_Result cert_search_service(uint32_t param_types, uint32_t cmd_id, TEE_Param params[4]) +{ + TEE_Result ret = TEE_SUCCESS; + uint32_t limit = params[0].memref.size; + uint32_t len = 0; + uint8_t *dst = NULL; + if (!check_param_type(param_types, + TEE_PARAM_TYPE_MEMREF_INOUT, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE)) { + tloge("Bad expected parameter types, 0x%x.\n", param_types); + return TEE_ERROR_BAD_PARAMETERS; + } + + if (params[0].memref.size == 0 || params[0].memref.size > MAX_LOG_BUFFER_LEN || params[0].memref.buffer == NULL) { + tloge("Bad expected parameter.\n"); + return TEE_ERROR_BAD_PARAMETERS; + } + + dst = (uint8_t *)malloc(params[0].memref.size); + if (dst == NULL) { + tloge("malloc failed"); + return TEE_ERROR_OUT_OF_MEMORY; + } + + switch (cmd_id) { + case SEARCH_CERT_CMD: + ret = ta_signing_cert_export((uint8_t *)dst, &len, limit); + break; + case SEARCH_LOG_CMD: + ret = cert_log_read((char *)dst, limit, &len); + if (len < limit) { + dst[len++] = '\0'; + } else { + dst[limit - 1] = '\0'; + len = limit; + } + break; + default: + break; + } + if (memcpy_s(params[0].memref.buffer, limit, dst, len) != EOK) { + free(dst); + dst = NULL; + return TEE_ERROR_SECURITY; + } + + params[0].memref.size = len; + if (ret != TEE_SUCCESS) + tloge("cert search failed\n"); + free(dst); + dst = NULL; + return ret; +} + +static TEE_Result cert_delete_service(uint32_t param_types) +{ + TEE_Result ret; + if (!check_param_type(param_types, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE, + TEE_PARAM_TYPE_NONE)) { + tloge("Bad expected parameter types, 0x%x.\n", param_types); + return TEE_ERROR_BAD_PARAMETERS; + } + ret = ta_signing_cert_destroy(); + if (ret != TEE_SUCCESS) + tloge("cert delete failed\n"); + return ret; +} + +/** + * Function TA_CreateEntryPoint + * Description: + * The function TA_CreateEntryPoint is the Trusted Application's constructor, + * which the Framework calls when it creates a new instance of the Trusted Application. + */ +TEE_Result TA_CreateEntryPoint(void) +{ + TEE_Result ret = addcaller_ca_exec(CERT_MANAGER_DEPLOY_PATH, CERT_MANAGER_DEPLOY_USER); + if (ret != TEE_SUCCESS) + tloge("TA_CreateEntryPoint: AddCaller_CA_exec failed.\n"); + return ret; +} + +/** + * Function TA_OpenSessionEntryPoint + * Description: + * The Framework calls the function TA_OpenSessionEntryPoint + * when a client requests to open a session with the Trusted Application. + * The open session request may result in a new Trusted Application instance + * being created. + */ +TEE_Result TA_OpenSessionEntryPoint(uint32_t paramTypes, + TEE_Param params[4], void** sessionContext) +{ + /* -Wunused-parameter */ + (void)paramTypes; + /* -Wunused-parameter */ + (void)params; + /* -Wunused-parameter */ + (void)sessionContext; + SLogTrace("---- TA_OpenSessionEntryPoint -------- "); + return TEE_SUCCESS; +} + +/** + * Function TA_InvokeCommandEntryPoint + * Description: + * The Framework calls this function when the client invokes a command + * within the given session. + */ +TEE_Result TA_InvokeCommandEntryPoint(void* sessionContext, uint32_t cmd_id, + uint32_t paramTypes, TEE_Param params[4]) +{ + /* -Wunused-parameter */ + (void)sessionContext; + TEE_Result ret; + char *action = NULL; + switch (cmd_id) { + case SAVE_CERT_CMD: + action = ACTION_CRT_IMPORT; + ret = cert_verify_and_send(paramTypes, params); + if (ret != TEE_SUCCESS) + tloge("certificate restoring failed\n"); + break; + case SEND_CRL_CMD: + action = ACTION_CRL_IMPORT; + ret = crl_send_service(paramTypes, params); + if (ret != TEE_SUCCESS) + tloge("crl restoring failed\n"); + break; + case SEARCH_CERT_CMD: + /* fall through: to be handled with the same function as SEARCH_LOG_CMD case */ + case SEARCH_LOG_CMD: + action = ACTION_CRT_EXPORT; + ret = cert_search_service(paramTypes, cmd_id, params); + if (ret != TEE_SUCCESS) + tloge("certificate searching failed\n"); + break; + case DEL_CERT_CMD: + action = ACTION_CRT_REMOVE; + ret = cert_delete_service(paramTypes); + if (ret != TEE_SUCCESS) + tloge("certificate delete failed\n"); + break; + default: + action = ACTION_CRT_UNDEFINED; + ret = TEE_ERROR_BAD_PARAMETERS; + break; + } + log_action(action, ret); + return ret; +} + +/** + * Function TA_CloseSessionEntryPoint + * Description: + * The Framework calls this function to close a client session. + * During the call to this function the implementation can use + * any session functions. + */ +void TA_CloseSessionEntryPoint(void* sessionContext) +{ + /* -Wunused-parameter */ + (void)sessionContext; + SLogTrace("---- TA_CloseSessionEntryPoint ----- "); +} + +/** + * Function TA_DestroyEntryPoint + * Description: + * The function TA_DestroyEntryPoint is the Trusted Application's destructor, + * which the Framework calls when the instance is being destroyed. + */ +void TA_DestroyEntryPoint(void) +{ + SLogTrace("---- TA_DestroyEntryPoint ---- "); +} diff --git a/test/TA/helloworld/CMakeLists.txt b/test/TA/helloworld/CMakeLists.txt new file mode 100644 index 0000000..45334da --- /dev/null +++ b/test/TA/helloworld/CMakeLists.txt @@ -0,0 +1,30 @@ +# sdk cmake. +# Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved. +cmake_minimum_required(VERSION 3.16 FATAL_ERROR) +project(tee_sdk C) + +if (PROJECT_SOURCE_DIR STREQUAL PROJECT_BINARY_DIR) + message(FATAL_ERROR "Forbid compiling in the source tree") +endif() + +include(${CMAKE_CURRENT_SOURCE_DIR}/config.cmake) +include($ENV{ITRUSTEE_BUILD_PATH}/build/cmake/common.cmake) + +set(LIBRARY_OUTPUT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) +set(CURRENT_TARGET_SO "combine") + +set(SDK_C_SOURCES + ${SDK_C_SOURCES} + ta_demo.c +) + +add_library(${CURRENT_TARGET_SO} SHARED ${SDK_C_SOURCES}) +target_include_directories(${CURRENT_TARGET_SO} PUBLIC ${COMMON_INCLUDES}) +target_compile_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_CFLAGS}) +target_link_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_LDFLAGS}) + +add_custom_command( + TARGET ${CURRENT_TARGET_SO} POST_BUILD + COMMAND ${CMAKE_OBJCOPY} ${CMAKE_CURRENT_SOURCE_DIR}/libcombine.so + COMMAND python3 -B $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/signtool_v3.py ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR} --privateCfg $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/config_cloud.ini +) diff --git a/test/TA/helloworld/Makefile b/test/TA/helloworld/Makefile new file mode 100644 index 0000000..1a659b2 --- /dev/null +++ b/test/TA/helloworld/Makefile @@ -0,0 +1,28 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved. +include ./config.mk +include ../../../build/mk/common.mk + +SRC += $(wildcard ./*.c) + +# set header directory +INCLUDEDIR += -I./include + +# set target +COBJS := $(SRC:%.c=%.o) +TARGET = $(COBJS) + +sec_binary:combine + python3 -B ${SIGNTOOL_DIR}/signtool_v3.py ${CUR_DIR} ${CUR_DIR} --privateCfg ${SIGNTOOL_DIR}/config_cloud.ini + +combine: $(TARGET) + $(LD) $(LDFLAGS) $(TARGET) $(EXTRAO) -o libcombine.so + objcopy libcombine.so + +src/%.o: ./src/%.c + $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@ + +%.o: %.c + $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@ + +clean: + rm -f $(COBJS) *.so *.sec diff --git a/test/TA/helloworld/ReadMe.txt b/test/TA/helloworld/ReadMe.txt index e10f8b8..0802d8b 100755 --- a/test/TA/helloworld/ReadMe.txt +++ b/test/TA/helloworld/ReadMe.txt @@ -1,2 +1,5 @@ -Makefile is located in different folder for different product -please switch to target folder and execute "make" command to build TA binary for target product +You need to install the pycryptodome library of python and run the make command to compile the binary of ta. + +If TA wants to regist driver's permission, you must have dynamic permission file and driver's excel +The name of the dynamic permission file must be 'dyn_perm.xml', the driver's excel's name can be 'driver name'.xlsx, and you can get it from driver's developer. +You must install the xlrd-1.2.0 and defusedxml-0.7.1 library of python and run the make command to sign the binary of ta. \ No newline at end of file diff --git a/test/TA/helloworld/auth_config.xml b/test/TA/helloworld/auth_config.xml new file mode 100644 index 0000000..d71581d --- /dev/null +++ b/test/TA/helloworld/auth_config.xml @@ -0,0 +1,7 @@ + + + + + + + diff --git a/test/TA/helloworld/config.cmake b/test/TA/helloworld/config.cmake new file mode 100644 index 0000000..929328b --- /dev/null +++ b/test/TA/helloworld/config.cmake @@ -0,0 +1,23 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. +# +# API_LEVEL which indicates the GP API version of TA +# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee +# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner +# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support +# If no API_LEVEL is specified, API of GP 1.0 will be taken + +# TEE flags +set(COMMON_CFLAGS -DAPI_LEVEL=1) +if ("${TARGET_IS_ARM64}" STREQUAL "") + set(TARGET_IS_ARM64 y) +endif() + +# USE_SMEE which indicates the feature of sram memory encryption +# set(USE_SMEE y) indicates the feature of sram memory encryption will be enabled +# If no USE_SMEE is specified, smee feature will be disabled +# If USE_SMEE is specified and a section is custimized, +# explicitly specify the segment to which the section belongs in the link script(ta_link_64.smee.ld) +set(USE_SMEE n) +if ("${USE_SMEE}" STREQUAL "") + set(USE_SMEE n) +endif() diff --git a/test/TA/helloworld/config.mk b/test/TA/helloworld/config.mk index ebdbd8c..7a405a3 100644 --- a/test/TA/helloworld/config.mk +++ b/test/TA/helloworld/config.mk @@ -1,10 +1,23 @@ # -# Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. +# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. # # API_LEVEL which indicates the GP API version of TA # API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee # API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner # API_LEVEL=3 indicates GP 1.2 which is the version we both going to support -# If no API_LEVEL is specified, API of GP 1.0 will be taked +# If no API_LEVEL is specified, API of GP 1.0 will be taken +# +# USE_SMEE which indicates the feature of sram memory encryption +# USE_SMEE=y indicates the feature of sram memory encryption will be enabled +# If no USE_SMEE is specified, smee feature will not be disabled +# If USE_SMEE is specified and a section is custimized, +# explicitly specify the segment to which the section belongs in the link script(ta_link_64.smee.ld) + CFLAGS += -DAPI_LEVEL=1 -TARGET_IS_ARM64 = y +USE_SMEE = n +ifeq ($(TARGET_IS_ARM64),) + TARGET_IS_ARM64 = y +endif +ifeq ($(USE_SMEE),) + USE_SMEE = n +endif diff --git a/test/TA/helloworld/config.sh b/test/TA/helloworld/config.sh new file mode 100644 index 0000000..f1170b9 --- /dev/null +++ b/test/TA/helloworld/config.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. +# This script is used to compile the demo sdk. +set -e + +export SOURCE_PATH=$(dirname $0) +export ABS_SOURCE_PATH=$(cd ${SOURCE_PATH};pwd) +export ITRUSTEE_BUILD_PATH=${ABS_SOURCE_PATH}/../../.. + +#clean +if [ "$#" -eq 1 ] && [ "$1"x = "clean"x ]; then + rm -f *.o *.so *.sec + if [ -d "cmake_build" ]; then + rm -rf cmake_build + echo "rm -rf cmake_build" + fi + exit 0 +fi + +echo "Cmake compile TA begin" +if [ -d "cmake_build" ]; then + rm -rf cmake_build + echo "rm -rf cmake_build" +fi +mkdir -p cmake_build +echo "mkdir cmake_build" +cd cmake_build/ + +cmake -DCMAKE_TOOLCHAIN_FILE=${ITRUSTEE_BUILD_PATH}/build/cmake/aarch64_toolchain.cmake .. + +make VERBOSE=1 + +cd .. +rm -rf cmake_build diff --git a/test/TA/helloworld/ta_demo.c b/test/TA/helloworld/ta_demo.c index ec17d6d..5c1f6b6 100755 --- a/test/TA/helloworld/ta_demo.c +++ b/test/TA/helloworld/ta_demo.c @@ -1,6 +1,6 @@ /* - * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved. - * iTrustee licensed under the Mulan PSL v2. + * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved. + * Licensed under the Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * http://license.coscl.org.cn/MulanPSL2 @@ -8,6 +8,7 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. + * Description: TA template code for reference */ #include @@ -24,7 +25,7 @@ enum { static TEE_Result get_ta_version(char* buffer, size_t *buf_len) { - char *version = TA_TEMPLATE_VERSION; + const char *version = TA_TEMPLATE_VERSION; if (*buf_len < strlen(version) + 1) { tloge("buffer is too short for storing result"); @@ -49,14 +50,12 @@ static TEE_Result get_ta_version(char* buffer, size_t *buf_len) */ TEE_Result TA_CreateEntryPoint(void) { - TEE_Result ret = TEE_ERROR_GENERIC; + TEE_Result ret; tlogd("----- TA entry point ----- "); tlogd("TA version: %s", TA_TEMPLATE_VERSION); -#ifdef CONFIG_AUTH_CLOUD - ret = addcaller_ca_exec("/vendor/bin/teec_hello", "root"); -#endif + ret = addcaller_ca_exec("/vendor/bin/demo_hello", "root"); if (ret == TEE_SUCCESS) { tlogd("TA entry point: add ca whitelist success"); } else { @@ -149,5 +148,5 @@ void TA_CloseSessionEntryPoint(void* session_context) */ void TA_DestroyEntryPoint(void) { - tlogd("---- destory TA ---- "); + tlogd("---- destroy TA ---- "); } diff --git a/test/TA/qta/CMakeLists.txt b/test/TA/qta/CMakeLists.txt new file mode 100644 index 0000000..e39ca5e --- /dev/null +++ b/test/TA/qta/CMakeLists.txt @@ -0,0 +1,67 @@ +# sdk cmake. +# Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved. +cmake_minimum_required(VERSION 3.16 FATAL_ERROR) +project(tee_sdk C) + +if (PROJECT_SOURCE_DIR STREQUAL PROJECT_BINARY_DIR) + message(FATAL_ERROR "Forbid compiling in the source tree") +endif() + +include(${CMAKE_CURRENT_SOURCE_DIR}/config.cmake) +include($ENV{ITRUSTEE_BUILD_PATH}/build/cmake/common.cmake) + +set(LIBRARY_OUTPUT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) +set(CURRENT_TARGET_SO "combine") + +# enable check daa pairing using MIRACAL library +# you should download the opensource library: miracl/core, copy its dir c/ into src/, and compile core.a +# for instance: +# cd src; ln -s $MIRACL_DIR/c miracl-c +# cd miracl-c; export CC=xxx CFLAGS=-fPIC; python3 config64.py -o 33; unset CC CFLAGS +set(ENABLE_DAA_PAIR_MIRACL n) +if ("${ENABLE_DAA_PAIR_MIRACL}" STREQUAL "y") + set(DAA_PAIR_MIRACL_C_DIR ${CMAKE_CURRENT_SOURCE_DIR}/src/miracl-c) + set(DAA_PAIR_MIRACL_C_INC ${DAA_PAIR_MIRACL_C_DIR}/) + set(DAA_PAIR_MIRACL_C_LIB ${DAA_PAIR_MIRACL_C_DIR}/core.a) + set(DAA_PAIR_MIRACL_C_SRC + src/daa/validate_akcert.c + src/daa/daa_structure.c + ) +else() + set(DAA_PAIR_MIRACL_C_INC "") + set(DAA_PAIR_MIRACL_C_SRC "") +endif() + +# qta need cjson, so you can download cjson and rename cJSON to put it src directory +set(CJSON_INC ${CMAKE_CURRENT_SOURCE_DIR}/src/cJSON) +set(CJSON_SRC ${CMAKE_CURRENT_SOURCE_DIR}/src/cJSON/cJSON.c) + +set(SDK_C_SOURCES + ${SDK_C_SOURCES} + src/tee_qta.c + ${CJSON_SRC} + ${DAA_PAIR_MIRACL_C_SRC} +) + +set(COMMON_INCLUDES + ${COMMON_INCLUDES} + ${CMAKE_CURRENT_SOURCE_DIR}/src/. + ${CJSON_INC} + ${DAA_PAIR_MIRACL_C_INC} +) + +add_library(${CURRENT_TARGET_SO} SHARED ${SDK_C_SOURCES}) +target_include_directories(${CURRENT_TARGET_SO} PUBLIC ${COMMON_INCLUDES}) +target_compile_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_CFLAGS}) +target_link_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_LDFLAGS}) + +if ("${ENABLE_DAA_PAIR_MIRACL}" STREQUAL "y") + add_definitions(-DENABLE_DAA_PAIR_MIRACL) + target_link_libraries(${CURRENT_TARGET_SO} PUBLIC ${DAA_PAIR_MIRACL_C_LIB}) +endif() + +add_custom_command( + TARGET ${CURRENT_TARGET_SO} POST_BUILD + COMMAND ${CMAKE_OBJCOPY} ${CMAKE_CURRENT_SOURCE_DIR}/libcombine.so + COMMAND python3 -B $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/signtool_v3.py ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR} --privateCfg $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/config_cloud.ini +) diff --git a/test/TA/qta/Makefile b/test/TA/qta/Makefile new file mode 100644 index 0000000..cefce06 --- /dev/null +++ b/test/TA/qta/Makefile @@ -0,0 +1,41 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved. +include ./config.mk +include ../../../build/mk/common.mk + +SRC += $(wildcard ./src/*.c) + +# set header directory +INCLUDEDIR += -I./src + +# qta need cJSON code, so download it and put it into src +SRC += ./src/cJSON/cJSON.c +INCLUDEDIR += -I./src/cJSON/ + +# if enable daa, so need to download pair_miracl lib +ifeq ($(ENABLE_DAA_PAIR_MIRACL), true) +INCLUDEDIR += -I./src/miracl-c +CFLAGS += -DENABLE_DAA_PAIR_MIRACL +LDFLFAGS += -lcore -L./src/miracl-c +SRC += ./src/daa/validate_akcert.c \ + ./src/daa/daa_structure.c +endif + +# set target +COBJS := $(SRC:%.c=%.o) +TARGET = $(COBJS) + +sec_binary:combine + python3 -B ${SIGNTOOL_DIR}/signtool_v3.py ${CUR_DIR} ${CUR_DIR} --privateCfg ${SIGNTOOL_DIR}/config_cloud.ini + +combine: $(TARGET) + $(LD) $(LDFLAGS) $(TARGET) $(EXTRAO) -o libcombine.so + objcopy libcombine.so + +src/%.o: ./src/%.c + $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@ + +%.o: %.c + $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@ + +clean: + rm -f $(COBJS) *.so *.sec diff --git a/test/TA/qta/ReadMe.txt b/test/TA/qta/ReadMe.txt new file mode 100644 index 0000000..7cc8b88 --- /dev/null +++ b/test/TA/qta/ReadMe.txt @@ -0,0 +1,12 @@ +You need to install the pycryptodome library of python and run the make command to compile the binary of ta. + +qta is trusted application for remote attestion, when compile it, some libraries and tools are depended on. + +1. cjson: download it, put it to "src" directory, rename it into cJSON +2. miracl core: when you enable DAA feture in makefile or cmakelist, download it and execute follow cmd: + 2.1 copy c directory in miracl into src, example copy miracl/c ./src/miracl-c + 2.2 cd ./src/miracl-c; + 2.3 export CC=gcc CFLAGS=-fPIC; python3 config64.py -o 33;unset CC CFLAGS + 2.4 cp core.a libcore.a +3. make for make cmd; or sh config.sh for cmake cmd + diff --git a/test/TA/qta/config.cmake b/test/TA/qta/config.cmake new file mode 100644 index 0000000..b7323b6 --- /dev/null +++ b/test/TA/qta/config.cmake @@ -0,0 +1,23 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. +# +# API_LEVEL which indicates the GP API version of TA +# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee +# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner +# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support +# If no API_LEVEL is specified, API of GP 1.0 will be taken +# +# USE_SMEE which indicates the feature of sram memory encryption +# set(USE_SMEE y) indicates the feature of sram memory encryption will be enabled +# If no USE_SMEE is specified, smee feature will be disabled +# If USE_SMEE is specified and a section is custimized, +# explicitly specify the segment to which the section belongs in the link script(ta_link_64.smee.ld) + +# TEE flags +set(COMMON_CFLAGS -DAPI_LEVEL=1) +set(USE_SMEE n) +if ("${TARGET_IS_ARM64}" STREQUAL "") + set(TARGET_IS_ARM64 y) +endif() +if ("${USE_SMEE}" STREQUAL "") + set(USE_SMEE n) +endif() diff --git a/test/TA/qta/config.mk b/test/TA/qta/config.mk new file mode 100644 index 0000000..7a405a3 --- /dev/null +++ b/test/TA/qta/config.mk @@ -0,0 +1,23 @@ +# +# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. +# +# API_LEVEL which indicates the GP API version of TA +# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee +# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner +# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support +# If no API_LEVEL is specified, API of GP 1.0 will be taken +# +# USE_SMEE which indicates the feature of sram memory encryption +# USE_SMEE=y indicates the feature of sram memory encryption will be enabled +# If no USE_SMEE is specified, smee feature will not be disabled +# If USE_SMEE is specified and a section is custimized, +# explicitly specify the segment to which the section belongs in the link script(ta_link_64.smee.ld) + +CFLAGS += -DAPI_LEVEL=1 +USE_SMEE = n +ifeq ($(TARGET_IS_ARM64),) + TARGET_IS_ARM64 = y +endif +ifeq ($(USE_SMEE),) + USE_SMEE = n +endif diff --git a/test/TA/qta/config.sh b/test/TA/qta/config.sh new file mode 100644 index 0000000..f1170b9 --- /dev/null +++ b/test/TA/qta/config.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. +# This script is used to compile the demo sdk. +set -e + +export SOURCE_PATH=$(dirname $0) +export ABS_SOURCE_PATH=$(cd ${SOURCE_PATH};pwd) +export ITRUSTEE_BUILD_PATH=${ABS_SOURCE_PATH}/../../.. + +#clean +if [ "$#" -eq 1 ] && [ "$1"x = "clean"x ]; then + rm -f *.o *.so *.sec + if [ -d "cmake_build" ]; then + rm -rf cmake_build + echo "rm -rf cmake_build" + fi + exit 0 +fi + +echo "Cmake compile TA begin" +if [ -d "cmake_build" ]; then + rm -rf cmake_build + echo "rm -rf cmake_build" +fi +mkdir -p cmake_build +echo "mkdir cmake_build" +cd cmake_build/ + +cmake -DCMAKE_TOOLCHAIN_FILE=${ITRUSTEE_BUILD_PATH}/build/cmake/aarch64_toolchain.cmake .. + +make VERBOSE=1 + +cd .. +rm -rf cmake_build diff --git a/test/TA/qta/manifest.txt b/test/TA/qta/manifest.txt new file mode 100644 index 0000000..72c7d8c --- /dev/null +++ b/test/TA/qta/manifest.txt @@ -0,0 +1,7 @@ +gpd.ta.appID: e08f7eca-e875-440e-9ab0-5f381136c600 +gpd.ta.service_name: tee_qta +gpd.ta.singleInstance: true +gpd.ta.multiSession: true +gpd.ta.instanceKeepAlive: false +gpd.ta.dataSize: 304857 +gpd.ta.stackSize: 64768 diff --git a/test/TA/qta/src/daa/daa_structure.c b/test/TA/qta/src/daa/daa_structure.c new file mode 100644 index 0000000..cde248a --- /dev/null +++ b/test/TA/qta/src/daa/daa_structure.c @@ -0,0 +1,185 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ +#include "daa_structure.h" + +#include +#include +#include +#include +#include +#include + +#define HEX_STR_SIZE_PER_CHAR 2 +#define BIT_4 4 +#define BYTE_HIGH_BIT_4 0xF0 +#define BYTE_LOW_BIT_4 0xF +#define BYTE_CONVERT_ERROR 0xFF +#define is_between_value(value, min, max) (((value) >= (min)) && ((value) <= (max))) +#define cal_char_value(value, min, inc) ((value) - (min) + (inc)) +static uint8_t hex2ch(uint8_t c) +{ + if (is_between_value(c, '0', '9')) { + return cal_char_value(c, '0', 0); + } else if (is_between_value(c, 'a', 'f')) { + return cal_char_value(c, 'a', 10); + } else if (is_between_value(c, 'A', 'F')) { + return cal_char_value(c, 'A', 10); + } else { + tloge("hex2ch: Error! Input is not a hex value!"); + return BYTE_CONVERT_ERROR; + } +} + +void free_daa_grp_pubkey(struct daa_grp_pubkey *pubkey) +{ + if (pubkey == NULL || pubkey->pt_size == 0 || pubkey->pt_size > DAA_ECC_PT_MAX_SIZE) + return; + for (uint32_t i = 0; i < DAA_GRP_PUBKEY_DIMS; i++) { + if (pubkey->pt_buf[i]) { + free(pubkey->pt_buf[i]); + pubkey->pt_buf[i] = NULL; + } + } + pubkey->pt_size = 0; +} + +static TEE_Result hex_array2ch_array(uint8_t *hex_cert, uint8_t *cert, uint32_t cert_size) +{ + uint8_t ch_high, ch_low; + for (uint32_t j = 0; j < cert_size; j++) { + ch_high = hex2ch(hex_cert[HEX_STR_SIZE_PER_CHAR * j]); + ch_low = hex2ch(hex_cert[HEX_STR_SIZE_PER_CHAR * j + 1]); + if (ch_high == BYTE_CONVERT_ERROR || ch_low == BYTE_CONVERT_ERROR) { + tloge("bad hex string, j %u\n", j); + return TEE_ERROR_BAD_PARAMETERS; + } + cert[j] = ((ch_high << BIT_4) & BYTE_HIGH_BIT_4) + ch_low; + } + return TEE_SUCCESS; +} + +TEE_Result alloc_daa_grp_pubkey(uint8_t *hex_array[DAA_GRP_PUBKEY_DIMS], uint32_t hex_pt_size, + struct daa_grp_pubkey *pubkey) +{ + tlogi("TA request to convert daa group key\n"); + if (hex_array == NULL || hex_pt_size == 0 || hex_pt_size > DAA_ECC_PT_MAX_SIZE || pubkey == NULL) { + tloge("bad params to convert daa grp pubkeys\n"); + return TEE_ERROR_BAD_PARAMETERS; + } + + TEE_Result ret; + pubkey->pt_size = hex_pt_size / HEX_STR_SIZE_PER_CHAR; + for (uint32_t i = 0; i < DAA_GRP_PUBKEY_DIMS; i++) { + pubkey->pt_buf[i] = (uint8_t*)malloc(pubkey->pt_size); + if (pubkey->pt_buf[i] == NULL) { + tloge("alloc pubkey failed\n"); + ret = TEE_ERROR_OUT_OF_MEMORY; + goto err; + } + } + + /* copy data */ + for (uint32_t i = 0; i < DAA_GRP_PUBKEY_DIMS; i++) { + ret = hex_array2ch_array(hex_array[i], pubkey->pt_buf[i], pubkey->pt_size); + if (ret != TEE_SUCCESS) { + tloge("bad hex string, i %u\n", i); + goto err; + } + } + + tlogi("convert daa group key succeed!\n"); + return TEE_SUCCESS; +err: + free_daa_grp_pubkey(pubkey); + pubkey = NULL; + return ret; +} + +static TEE_Result get_akcert_one_field(struct daa_ak_cert *cert, uint32_t idx, uint8_t *field_buf, uint32_t field_size) +{ + uint32_t pos = 0; + uint32_t x_size = 0; + uint32_t y_size = 0; + + /* get x field */ + if (memcpy_s(&x_size, sizeof(uint32_t), field_buf + pos, sizeof(uint32_t)) != 0) + return TEE_ERROR_GENERIC; + pos += (uint32_t)sizeof(uint32_t); + if (x_size > field_size || pos > field_size - x_size) + return TEE_ERROR_BAD_PARAMETERS; + cert->pt_buf[(idx << 1)] = field_buf + pos; + + if (cert->pt_size != 0 && cert->pt_size != x_size) { + tloge("the pt_size for all extract data do not match! %u vs. %u\n", x_size, cert->pt_size); + return TEE_ERROR_BAD_PARAMETERS; + } + cert->pt_size = x_size; + pos += x_size; + + /* get y field */ + if (pos > field_size - sizeof(uint32_t)) + return TEE_ERROR_BAD_PARAMETERS; + if (memcpy_s(&y_size, sizeof(uint32_t), field_buf + pos, sizeof(uint32_t)) != 0) + return TEE_ERROR_GENERIC; + pos += (uint32_t)sizeof(uint32_t); + if (y_size > field_size || pos > field_size - y_size) + return TEE_ERROR_BAD_PARAMETERS; + cert->pt_buf[(idx << 1) + 1] = field_buf + pos; + if (cert->pt_size != y_size) { + tloge("the pt_size for all extract data do not match! %u vs. %u\n", y_size, cert->pt_size); + return TEE_ERROR_BAD_PARAMETERS; + } + + return TEE_SUCCESS; +} + +TEE_Result convert_daa_ak_cert(struct daa_ak_cert *cert, uint8_t *akcert, uint32_t akcert_size) +{ + if (cert == NULL || akcert == NULL || akcert_size < (uint32_t)sizeof(uint32_t) || + akcert_size > DAA_SAVE_AKCERT_MAX_SIZE) + return TEE_ERROR_BAD_PARAMETERS; + + uint32_t pos = 0; + TEE_Result ret; + uint32_t field_size = 0; + uint8_t *field_buf = NULL; + for (uint32_t i = 0; i < (DAA_AK_CERT_DIMS >> 1); i++) { + if (pos > akcert_size - (uint32_t)sizeof(uint32_t)) + return TEE_ERROR_BAD_PARAMETERS; + + if (memcpy_s(&field_size, sizeof(uint32_t), akcert + pos, sizeof(uint32_t)) != 0) + return TEE_ERROR_GENERIC; + + pos += (uint32_t)sizeof(uint32_t); + field_buf = akcert + pos; + + ret = get_akcert_one_field(cert, i, field_buf, field_size); + if (ret != TEE_SUCCESS) { + tloge("get one field[%u] from akcert failed\n", i); + return ret; + } + + pos += field_size; + } + tlogi("convert daa_ak_cert succeed!\n"); + return TEE_SUCCESS; +} + +TEE_Result load_daa_hex_akcert(uint8_t *hex_cert, uint32_t hex_cert_size, uint8_t *cert, uint32_t cert_size) +{ + if (hex_cert == NULL || cert == NULL || hex_cert_size == 0 || + hex_cert_size / HEX_STR_SIZE_PER_CHAR != cert_size) { + tloge("cannot convert hex to raw, bad params\n"); + return TEE_ERROR_BAD_PARAMETERS; + } + return hex_array2ch_array(hex_cert, cert, cert_size); +} diff --git a/test/TA/qta/src/daa/daa_structure.h b/test/TA/qta/src/daa/daa_structure.h new file mode 100644 index 0000000..3e07b3b --- /dev/null +++ b/test/TA/qta/src/daa/daa_structure.h @@ -0,0 +1,64 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ +#ifndef TEE_QTA_DAA_STRUCTURE_H +#define TEE_QTA_DAA_STRUCTURE_H +#include + +#define DAA_ECC_PT_MAX_SIZE 256 +#define DAA_SAVE_AKCERT_MAX_SIZE 0x1000 + +enum { + DAA_GRP_PK_X_X0 = 0, + DAA_GRP_PK_X_Y0, + DAA_GRP_PK_X_X1, + DAA_GRP_PK_X_Y1, + DAA_GRP_PK_Y_X0, + DAA_GRP_PK_Y_Y0, + DAA_GRP_PK_Y_X1, + DAA_GRP_PK_Y_Y1, + DAA_GRP_PUBKEY_DIMS +}; +struct daa_grp_pubkey { + uint8_t *pt_buf[DAA_GRP_PUBKEY_DIMS]; + uint32_t pt_size; /* size of all uint8_t* is pt_size */ +}; + +enum { + DAA_AK_CERT_A_X = 0, + DAA_AK_CERT_A_Y, + DAA_AK_CERT_B_X, + DAA_AK_CERT_B_Y, + DAA_AK_CERT_C_X, + DAA_AK_CERT_C_Y, + DAA_AK_CERT_D_X, + DAA_AK_CERT_D_Y, + DAA_AK_CERT_DIMS +}; +struct daa_ak_cert { + uint8_t *pt_buf[DAA_AK_CERT_DIMS]; + uint32_t pt_size; /* size of all uint8_t* is pt_size */ +}; + +/* + * utils for validate_akcert before invoking ECC's pairing functions. + * These functions does not invoke tcmgr service. They runs in libtcmgr only. + */ + +/* + * convert @hex_array to @pubkey + */ +TEE_Result alloc_daa_grp_pubkey(uint8_t *hex_array[DAA_GRP_PUBKEY_DIMS], uint32_t hex_pt_size, + struct daa_grp_pubkey *pubkey); +void free_daa_grp_pubkey(struct daa_grp_pubkey *pubkey); +TEE_Result convert_daa_ak_cert(struct daa_ak_cert *cert, uint8_t *akcert, uint32_t akcert_size); +TEE_Result load_daa_hex_akcert(uint8_t *hex_cert, uint32_t hex_cert_size, uint8_t *cert, uint32_t cert_size); +#endif diff --git a/test/TA/qta/src/daa/validate_akcert.c b/test/TA/qta/src/daa/validate_akcert.c new file mode 100644 index 0000000..2c55320 --- /dev/null +++ b/test/TA/qta/src/daa/validate_akcert.c @@ -0,0 +1,191 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ +#include "validate_akcert.h" +#include +#include +#include + +#include +#include "daa_structure.h" + +#define DAA_GRP_KEY_PK_X_X0 "0cb2c846b963556d3651f89a490a0257039637dfee774caedb32513eccec6789" \ + "e29269aa054814000227a6d34bb29c67fe399ebe1dd6c9f6b33604d5b990912c" +#define DAA_GRP_KEY_PK_X_X1 "7be073749d20ff1a57131f66c0271f219b8b767f924b8ab187fc480bfbf84ff2" \ + "6ce81aa42549fb100b851d9867c5e12baa5362417c4d2b5f3726ad1f5bf9b98b" +#define DAA_GRP_KEY_PK_X_Y0 "a4523e489bd2245a5ee92255b3e54dd0a90fd1f0f4712514dce6ab85397bba3a" \ + "7a2921956f14fc2207495ecb7a2442df36092254fbb29bbab2fed41ff198d0ae" +#define DAA_GRP_KEY_PK_X_Y1 "7daf3d8855ed007da8d41d143ae8a086c5a63ae665856ecff09af7fe9eecf066" \ + "5f8527de27a0cd606ffe7ca18a6988c4830a28d0f9ece0f1f08dbc4ea526c36f" + +#define DAA_GRP_KEY_PK_Y_X0 "d2c6994dee1b5dc071d5d547f26471bcd6aef7c2dc2ce112b9475bdecc0e85a7" \ + "2015841f85a8de39506396cec11c520975f6d985b262c6f97413d2632f899896" +#define DAA_GRP_KEY_PK_Y_X1 "e391d2d0cf2703b327ffb88615bfe6d7a9c5715007c9bfa91ff6b01210000a8e" \ + "ddff2a310a2af6e042135b399989b7f54833ea96d5cbc93ae5da61ee63669941" +#define DAA_GRP_KEY_PK_Y_Y0 "ffbde64729b2f8a212bfe2eef22c7b62edd77a78bc5e7f3c6782bcd839d26e0c" \ + "7cea338240874edc3654bd3293974a7581ec168bfaee35bb093a8302bce9ac90" +#define DAA_GRP_KEY_PK_Y_Y1 "03836c48550cf1c9dc5c455201e248acccf7a5395f9d4cc477734fdbaf8330d9" \ + "7386aa451893824994cbedfdde7f9a8b8b7baad4b0b4dca8201135392b4910d4" + +#define DAA_GRP_KEY_PK_LEN (sizeof(DAA_GRP_KEY_PK_X_X0)) + +#define DAA_GRP_PK_ELE_NUM 2 +#define DAA_GRP_AK_CERT_ELE_NUM 4 + +#define GRP_PK_EACH_ELE_DIM 4 /* ((uint32_t)DAA_GRP_PUBKEY_DIMS / (uint32_t)DAA_GRP_PK_ELE_NUM) */ +#define GRP_PK_EACH_ELE_IDX2 2 +#define GRP_PK_EACH_ELE_IDX3 3 +static TEE_Result daa_grp_pk_to_ecp(struct daa_grp_pubkey *grp_pk, ECP2_FP512BN *ecp2[DAA_GRP_PK_ELE_NUM]) +{ + for (uint32_t i = 0; i < DAA_GRP_PK_ELE_NUM; i++) { + FP2_FP512BN fp2_bn_x, fp2_bn_y; + BIG_512_60 bn_x0, bn_y0, bn_x1, bn_y1; + BIG_512_60_fromBytes(bn_x0, (char*)(uintptr_t)(grp_pk->pt_buf[GRP_PK_EACH_ELE_DIM * i + 0])); + BIG_512_60_fromBytes(bn_y0, (char*)(uintptr_t)(grp_pk->pt_buf[GRP_PK_EACH_ELE_DIM * i + 1])); + BIG_512_60_fromBytes(bn_x1, + (char*)(uintptr_t)(grp_pk->pt_buf[GRP_PK_EACH_ELE_DIM * i + GRP_PK_EACH_ELE_IDX2])); + BIG_512_60_fromBytes(bn_y1, + (char*)(uintptr_t)(grp_pk->pt_buf[GRP_PK_EACH_ELE_DIM * i + GRP_PK_EACH_ELE_IDX3])); + FP2_FP512BN_from_BIGs(&fp2_bn_x, bn_x0, bn_y0); + FP2_FP512BN_from_BIGs(&fp2_bn_y, bn_x1, bn_y1); + if (ECP2_FP512BN_set(ecp2[i], &fp2_bn_x, &fp2_bn_y) == 0) { + tloge("bad point[%u] when converting DAA pubkey to ECP2\n", i); + return TEE_ERROR_GENERIC; + } + } + return TEE_SUCCESS; +} + +#define AK_CERT_EACH_ELE_DIM 2 /* ((uint32_t)DAA_AK_CERT_DIMS / (uint32_t)DAA_GRP_AK_CERT_ELE_NUM) */ +static TEE_Result daa_ak_cert_to_ecp(struct daa_ak_cert *ak_cert, ECP_FP512BN *ecp[DAA_GRP_AK_CERT_ELE_NUM]) +{ + for (uint32_t i = 0; i < DAA_GRP_AK_CERT_ELE_NUM; i++) { + BIG_512_60 big_x, big_y; + BIG_512_60_fromBytes(big_x, (char*)(uintptr_t)(ak_cert->pt_buf[AK_CERT_EACH_ELE_DIM * i])); + BIG_512_60_fromBytes(big_y, (char*)(uintptr_t)(ak_cert->pt_buf[AK_CERT_EACH_ELE_DIM * i + 1])); + if (ECP_FP512BN_set(ecp[i], big_x, big_y) == 0) { + tloge("bad point[%u] when converting DAA ak cert to ECP\n", i); + return TEE_ERROR_GENERIC; + } + } + return TEE_SUCCESS; +} + +struct validate_daa_pair_context { + ECP_FP512BN a, b, c, d; + ECP2_FP512BN ecp2_x, ecp2_y; + FP12_FP512BN pair_lhs, pair_rhs; + ECP2_FP512BN p2; +}; + +static TEE_Result validate_daa_pairs(struct daa_grp_pubkey *grp_pk, struct daa_ak_cert *ak_cert) +{ + TEE_Result pairings_ok; + tlogi("qta begins to validate daa pairs\n"); + struct validate_daa_pair_context context; + (void)memset_s(&context, sizeof(context), 0, sizeof(context)); + + if (ECP2_FP512BN_generator(&context.p2) == 0) { + tloge("bad point when getting P2\n"); + return TEE_ERROR_GENERIC; + } + + ECP2_FP512BN *ecp2[DAA_GRP_PK_ELE_NUM] = { &context.ecp2_x, &context.ecp2_y }; + pairings_ok = daa_grp_pk_to_ecp(grp_pk, ecp2); + if (pairings_ok != TEE_SUCCESS) { + tloge("convert group pubkey to ECP2_FP512BN failed\n"); + return pairings_ok; + } + + ECP_FP512BN *ecp[DAA_GRP_AK_CERT_ELE_NUM] = { &context.a, &context.b, &context.c, &context.d }; + pairings_ok = daa_ak_cert_to_ecp(ak_cert, ecp); + if (pairings_ok != TEE_SUCCESS) { + tloge("convert DAA ak cert to ECP_FP512BN failed\n"); + return pairings_ok; + } + + PAIR_FP512BN_ate(&context.pair_lhs, &context.ecp2_y, &context.a); + PAIR_FP512BN_fexp(&context.pair_lhs); + + PAIR_FP512BN_ate(&context.pair_rhs, &context.p2, &context.b); + PAIR_FP512BN_fexp(&context.pair_rhs); + if (FP12_FP512BN_equals(&context.pair_lhs, &context.pair_rhs) == 0) { + tloge("validate DAA pair[0] failed\n"); + return TEE_ERROR_GENERIC; + } + ECP_FP512BN_add(&context.d, &context.a); + + PAIR_FP512BN_ate(&context.pair_lhs, &context.ecp2_x, &context.d); + PAIR_FP512BN_fexp(&context.pair_lhs); + + PAIR_FP512BN_ate(&context.pair_rhs, &context.p2, &context.c); + PAIR_FP512BN_fexp(&context.pair_rhs); + + if (FP12_FP512BN_equals(&context.pair_lhs, &context.pair_rhs) == 0) { + tloge("validate DAA pair[1] failed\n"); + return TEE_ERROR_GENERIC; + } + tlogi("qta finishes check daa pair: pairings_ok = %u, expect value = %u\n", pairings_ok, TEE_SUCCESS); + return pairings_ok; +} + +TEE_Result validate_akcert(char *hex_input, uint32_t hex_input_size) +{ + if (hex_input == NULL || hex_input_size == 0 || hex_input_size > DAA_SAVE_AKCERT_MAX_SIZE) + return TEE_ERROR_BAD_PARAMETERS; + + TEE_Result ret; + + tlogi("prepare to init daa group pubkeys\n"); + struct daa_grp_pubkey grp_pk; + (void)memset_s(&grp_pk, sizeof(grp_pk), 0, sizeof(grp_pk)); + uint8_t* array[] = { (uint8_t*)DAA_GRP_KEY_PK_X_X0, (uint8_t*)DAA_GRP_KEY_PK_X_X1, (uint8_t*)DAA_GRP_KEY_PK_X_Y0, + (uint8_t*)DAA_GRP_KEY_PK_X_Y1, (uint8_t*)DAA_GRP_KEY_PK_Y_X0, (uint8_t*)DAA_GRP_KEY_PK_Y_X1, + (uint8_t*)DAA_GRP_KEY_PK_Y_Y0, (uint8_t*)DAA_GRP_KEY_PK_Y_Y1 }; + ret = alloc_daa_grp_pubkey(array, DAA_GRP_KEY_PK_LEN, &grp_pk); + if (ret != TEE_SUCCESS) { + tloge("validate akcert: alloc daa group keys failed, ret 0x%x\n", ret); + return ret; + } + + tlogi("prepare to load daa ak_cert\n"); + uint32_t input_size = hex_input_size >> 1; + uint8_t *input = TEE_Malloc(input_size, 0); + if (input == NULL) { + tloge("validate akcert: alloc input buffer failed, ret 0x%x\n", ret); + ret = TEE_ERROR_OUT_OF_MEMORY; + goto clear; + } + ret = load_daa_hex_akcert((uint8_t*)(uintptr_t)hex_input, hex_input_size, input, input_size); + if (ret != TEE_SUCCESS) { + tloge("validate akcert: convert hex str to raw failed, ret 0x%x\n", ret); + goto clear; + } + + struct daa_ak_cert ak_cert; + (void)memset_s(&ak_cert, sizeof(ak_cert), 0, sizeof(ak_cert)); + ret = convert_daa_ak_cert(&ak_cert, input, input_size); + if (ret != TEE_SUCCESS) { + tloge("validate akcert: validate daa pairs failed, ret 0x%x\n", ret); + goto clear; + } + + ret = validate_daa_pairs(&grp_pk, &ak_cert); + if (ret != TEE_SUCCESS) { + tloge("validate akcert: validate daa pairs failed, ret 0x%x\n", ret); + goto clear; + } +clear: + if (input) + TEE_Free(input); + free_daa_grp_pubkey(&grp_pk); + return ret; +} diff --git a/test/TA/qta/src/daa/validate_akcert.h b/test/TA/qta/src/daa/validate_akcert.h new file mode 100644 index 0000000..bce08d3 --- /dev/null +++ b/test/TA/qta/src/daa/validate_akcert.h @@ -0,0 +1,20 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ +#ifndef TEE_QTA_VALIDATE_AKCERT_H +#define TEE_QTA_VALIDATE_AKCERT_H +#include +#include + +TEE_Result validate_akcert(char *akcert, uint32_t akcert_size); + +#endif + diff --git a/test/TA/qta/src/tee_qta.c b/test/TA/qta/src/tee_qta.c new file mode 100644 index 0000000..8dff8a6 --- /dev/null +++ b/test/TA/qta/src/tee_qta.c @@ -0,0 +1,279 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ +#include "tee_qta.h" +#include +#include +#include "tee_ra_api.h" +#include "securec.h" +#include + +#ifdef ENABLE_DAA_PAIR_MIRACL +#include "daa/validate_akcert.h" +#endif + +TEE_Result TA_CreateEntryPoint(void) +{ + TEE_Result ret; + /* TA auth CA */ + + /* TA auth TA */ + ret = AddCaller_TA_all(); + if (ret != TEE_SUCCESS) + return ret; + + tlogi("tee_qta: CreateEntryPoint success.\n"); + return ret; +} + +TEE_Result TA_OpenSessionEntryPoint(uint32_t param_types, TEE_Param params[PARAM_NUM], void **session_context) +{ + (void)param_types; + (void)params; + (void)session_context; + tlogi("tee_qta: OpenSessionEntryPoint success.\n"); + return TEE_SUCCESS; +} + +static bool check_akcert_params_valid(struct ra_buffer_data *akcert) +{ + bool result = false; + if (akcert == NULL || akcert->buffer == NULL || akcert->length == 0 || akcert->length > SHAREMEM_LIMIT) { + tloge("akcert params is invalid\n"); + return result; + } + + char *akcert_buf = REINTERPRET_CAST(char *, uint8_t *, akcert->buffer); + cJSON *json = cJSON_Parse(akcert_buf); + if (json == NULL) { + tloge("check akcert json failed\n"); + return result; + } + + char *handler = cJSON_GetStringValue(cJSON_GetObjectItem(json, "handler")); + if (handler == NULL || strcmp(handler, "saveakcert-output") != 0) { + tloge("check akcert handler failed\n"); + goto clear; + } + + cJSON *payload = cJSON_GetObjectItem(json, "payload"); + if (payload == NULL) { + tloge("check akcert payload failed\n"); + goto clear; + } + + char *version = cJSON_GetStringValue(cJSON_GetObjectItem(payload, "version")); + if (version == NULL || strcmp(version, "TEE.RA.1.0") != 0) { + tloge("check akcert version failed\n"); + goto clear; + } + + char *scenario = cJSON_GetStringValue(cJSON_GetObjectItem(payload, "scenario")); + if (scenario == NULL || strcmp(scenario, "sce_as_with_daa") != 0) { + tloge("check akcert scenario failed\n"); + goto clear; + } +#ifdef ENABLE_DAA_PAIR_MIRACL + char *hex_akcert = cJSON_GetStringValue(cJSON_GetObjectItem(payload, "hex_akcert")); + if (validate_akcert(hex_akcert, strlen(hex_akcert)) != TEE_SUCCESS) { + tloge("check akcert using pairing failed\n"); + goto clear; + } +#endif + result = true; +clear: + cJSON_Delete(json); + return result; +} + +static TEE_Result qta_validate_akcert(struct ra_buffer_data *akcert) +{ + TEE_Result result = TEE_ERROR_GENERIC; + if (!check_akcert_params_valid(akcert)) { + tloge("qta validate akcert: check params invalid\n"); + return TEE_ERROR_BAD_PARAMETERS; + } + + char *akcert_buf = REINTERPRET_CAST(char *, uint8_t *, akcert->buffer); + cJSON *json = cJSON_Parse(akcert_buf); + cJSON *handler = cJSON_CreateString("validateakcert-input"); + if (handler == NULL) { + tloge("qta validate akcert: handler is null\n"); + goto clear1; + } + if (!cJSON_ReplaceItemInObject(json, "handler", handler)) { + tloge("qta validate akcert: replace handler in json failed\n"); + cJSON_Delete(handler); + goto clear1; + } + + char *json_buf = cJSON_Print(json); + if (json_buf == NULL) { + tloge("json buf is null"); + goto clear1; + } + + if (strlen(json_buf) > IN_RESERVED_SIZE) { + tloge("qta validate akcert: json size is invalid\n"); + result = TEE_ERROR_BAD_PARAMETERS; + goto clear2; + } + + uint32_t in_size = strlen(json_buf); + uint8_t *in_buf = REINTERPRET_CAST(uint8_t *, char *, json_buf); + struct ra_buffer_data in = {in_size, in_buf}; + result = ra_qsi_invoke(&in, NULL); + if (result != TEE_SUCCESS) + tloge("qta validate akcert failed\n"); +clear2: + cJSON_free(json_buf); +clear1: + cJSON_Delete(json); + return result; +} + +static TEE_Result local_attest(struct ra_buffer_data *in, struct ra_buffer_data *out) +{ + TEE_Result result; + char *buf = REINTERPRET_CAST(char *, uint8_t *, in->buffer); + cJSON *json = cJSON_Parse(buf); + if (json == NULL) { + tloge("check local attest json failed\n"); + return TEE_ERROR_BAD_PARAMETERS; + } + + char *handler = cJSON_GetStringValue(cJSON_GetObjectItem(json, "handler")); + if (handler == NULL) { + tloge("handler is null\n"); + result = TEE_ERROR_BAD_PARAMETERS; + goto clear; + } + if (strcmp(handler, "report-input") != 0) { + tloge("check local attest handler failed\n"); + result = TEE_ERROR_BAD_PARAMETERS; + goto clear; + } + result = ra_qsi_invoke(in, out); +clear: + cJSON_Delete(json); + return result; +} + +static TEE_Result qta_local_attest(uint32_t param_types, TEE_Param *params) +{ + bool ret = check_param_type(param_types, TEE_PARAM_TYPE_MEMREF_INPUT, TEE_PARAM_TYPE_MEMREF_OUTPUT, + TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_NONE); + if (!ret || params == NULL) { + tloge("qta local attest: bad params\n"); + return TEE_ERROR_BAD_PARAMETERS; + } + + if (params[0].memref.buffer == NULL || params[0].memref.size == 0 || + params[0].memref.size > IN_RESERVED_SIZE || params[1].memref.buffer == NULL || + params[1].memref.size < OUT_RESERVED_SIZE || params[1].memref.size > SHAREMEM_LIMIT) { + tloge("qta local attest: invalid memref info\n"); + return TEE_ERROR_BAD_PARAMETERS; + } + + struct ra_buffer_data in; + struct ra_buffer_data out; + in.buffer = params[0].memref.buffer; + in.length = params[0].memref.size; + out.buffer = params[1].memref.buffer; + out.length = params[1].memref.size; + + TEE_Result result = local_attest(&in, &out); + if (result != TEE_SUCCESS) { + tloge("local attest failed\n"); + return result; + } + params[PARAM_TWO].value.a = out.length; + return result; +} + +static TEE_Result qta_remote_attest(uint32_t param_types, TEE_Param *params) +{ + bool ret = check_param_type(param_types, TEE_PARAM_TYPE_MEMREF_INPUT, TEE_PARAM_TYPE_MEMREF_OUTPUT, + TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_NONE); + if (!ret || params == NULL) { + tloge("qta remote attest: bad params\n"); + return TEE_ERROR_BAD_PARAMETERS; + } + + if (params[0].memref.buffer == NULL || params[0].memref.size == 0 || + params[0].memref.size > IN_RESERVED_SIZE || params[1].memref.size > SHAREMEM_LIMIT || + (params[1].memref.buffer != NULL && params[1].memref.size < OUT_RESERVED_SIZE) || + (params[1].memref.buffer == NULL && params[1].memref.size > 0)) { + tloge("qta remote attest: invalid memref info\n"); + return TEE_ERROR_BAD_PARAMETERS; + } + + struct ra_buffer_data in; + struct ra_buffer_data out; + in.buffer = params[0].memref.buffer; + in.length = params[0].memref.size; + out.buffer = params[1].memref.buffer; + out.length = params[1].memref.size; + TEE_Result result = ra_qsi_invoke(&in, &out); + if (result == TEE_PENDING) { + return qta_validate_akcert(&out); + } else if (result == TEE_SUCCESS) { + params[PARAM_TWO].value.a = out.length; + return result; + } + tloge("ra qsi invoke failed\n"); + return result; +} + +TEE_Result TA_InvokeCommandEntryPoint(void *session_context, uint32_t cmd_id, + uint32_t param_types, TEE_Param params[PARAM_NUM]) +{ + tlogi("tee_qta: Enter TA_InvokeCommandEntryPoint.\n"); + (void)session_context; + if (cmd_id != REMOTE_ATTEST_CMD) { + tloge("tee_qta: InvokeCommandEntryPoint failed, cmd: 0x%x.\n", cmd_id); + return TEE_ERROR_INVALID_CMD; + } + + caller_info cinfo; + (void)memset_s(&cinfo, sizeof(cinfo), 0, sizeof(cinfo)); + TEE_Result ret = TEE_EXT_GetCallerInfo(&cinfo, sizeof(cinfo)); + if (ret != TEE_SUCCESS) { + tloge("tee_qta: Get call info failed.\n"); + return ret; + } + if (cinfo.session_type == SESSION_FROM_TA) { + ret = qta_local_attest(param_types, params); + if (ret != TEE_SUCCESS) + tloge("tee_qta: local attest failed, cmd: 0x%x, ret: 0x%x.\n", cmd_id, ret); + else + tlogi("tee_qta: InvokeCommandEntryPoint success.\n"); + return ret; + } + + ret = qta_remote_attest(param_types, params); + if (ret != TEE_SUCCESS) + tloge("tee_qta: remote attest failed, cmd: 0x%x, ret: 0x%x.\n", cmd_id, ret); + else + tlogi("tee_qta: InvokeCommandEntryPoint success.\n"); + return ret; +} + +void TA_CloseSessionEntryPoint(void *session_context) +{ + (void)session_context; + tlogi("tee_qta: CloseSessionEntryPoint success.\n"); +} + +void TA_DestroyEntryPoint(void) +{ + tlogi("tee_qta: DestroyEntryPoint success.\n"); +} diff --git a/test/TA/qta/src/tee_qta.h b/test/TA/qta/src/tee_qta.h new file mode 100644 index 0000000..0dfb1d5 --- /dev/null +++ b/test/TA/qta/src/tee_qta.h @@ -0,0 +1,29 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ +#ifndef TEE_QTA_H +#define TEE_QTA_H +#include +#include + +#define PARAM_TWO 2 +#define PARAM_THREE 3 +#define PARAM_NUM 4 +#define SHAREMEM_LIMIT 0x100000 +#define IN_RESERVED_SIZE 0x2000 +#define OUT_RESERVED_SIZE 0x3000 +#define REMOTE_ATTEST_CMD 0x1001 + +#define REINTERPRET_CAST(dest_type, source_type, temp) \ + ((__extension__(union { source_type source; dest_type dest; })(temp)).dest) + +#endif + diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/alltypes.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/alltypes.h index a0309c0..04d8c0b 100644 --- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/alltypes.h +++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/alltypes.h @@ -1,35 +1,15 @@ #define _Addr long -#ifdef __LP64__ #define _Int64 long -#else -#define _Int64 long long -#endif #define _Reg long -#define __LITTLE_ENDIAN 1234 -#define __BIG_ENDIAN 4321 -#define __USE_TIME_BITS64 1 - -#ifndef __BYTE_ORDER #if __AARCH64EB__ #define __BYTE_ORDER 4321 #else #define __BYTE_ORDER 1234 #endif -#endif #define __LONG_MAX 0x7fffffffffffffffL -#if defined(__NEED_va_list) && !defined(__DEFINED_va_list) -typedef __builtin_va_list va_list; -#define __DEFINED_va_list -#endif - -#if defined(__NEED___isoc_va_list) && !defined(__DEFINED___isoc_va_list) -typedef __builtin_va_list __isoc_va_list; -#define __DEFINED___isoc_va_list -#endif - #ifndef __cplusplus #if defined(__NEED_wchar_t) && !defined(__DEFINED_wchar_t) typedef unsigned wchar_t; @@ -42,6 +22,7 @@ typedef unsigned wint_t; #define __DEFINED_wint_t #endif + #if defined(__NEED_blksize_t) && !defined(__DEFINED_blksize_t) typedef int blksize_t; #define __DEFINED_blksize_t @@ -52,6 +33,7 @@ typedef unsigned int nlink_t; #define __DEFINED_nlink_t #endif + #if defined(__NEED_float_t) && !defined(__DEFINED_float_t) typedef float float_t; #define __DEFINED_float_t @@ -62,100 +44,15 @@ typedef double double_t; #define __DEFINED_double_t #endif + #if defined(__NEED_max_align_t) && !defined(__DEFINED_max_align_t) -typedef struct { - long long __ll; - long double __ld; -} max_align_t; +typedef struct { long long __ll; long double __ld; } max_align_t; #define __DEFINED_max_align_t #endif -#if defined(__NEED_time_t) && !defined(__DEFINED_time_t) -typedef long time_t; -#define __DEFINED_time_t -#endif - -#if defined(__NEED_suseconds_t) && !defined(__DEFINED_suseconds_t) -typedef long suseconds_t; -#define __DEFINED_suseconds_t -#endif - -#if defined(__NEED_pthread_attr_t) && !defined(__DEFINED_pthread_attr_t) -typedef struct { - union { - int __i[14]; - volatile int __vi[14]; - unsigned long __s[7]; - } __u; -} pthread_attr_t; -#define __DEFINED_pthread_attr_t -#endif - -#if defined(__NEED_pthread_mutex_t) && !defined(__DEFINED_pthread_mutex_t) -typedef struct { - union { - int __i[10]; - volatile int __vi[10]; - volatile void *volatile __p[5]; - } __u; -} pthread_mutex_t; -#define __DEFINED_pthread_mutex_t -#endif - -#if defined(__NEED_mtx_t) && !defined(__DEFINED_mtx_t) -typedef struct { - union { - int __i[10]; - volatile int __vi[10]; - volatile void *volatile __p[5]; - } __u; -} mtx_t; -#define __DEFINED_mtx_t -#endif - -#if defined(__NEED_pthread_cond_t) && !defined(__DEFINED_pthread_cond_t) -typedef struct { - union { - int __i[12]; - volatile int __vi[12]; - void *__p[6]; - } __u; -} pthread_cond_t; -#define __DEFINED_pthread_cond_t -#endif - -#if defined(__NEED_cnd_t) && !defined(__DEFINED_cnd_t) -typedef struct { - union { - int __i[12]; - volatile int __vi[12]; - void *__p[6]; - } __u; -} cnd_t; -#define __DEFINED_cnd_t -#endif - -#if defined(__NEED_pthread_rwlock_t) && !defined(__DEFINED_pthread_rwlock_t) -typedef struct { - union { - int __i[14]; - volatile int __vi[14]; - void *__p[7]; - } __u; -} pthread_rwlock_t; -#define __DEFINED_pthread_rwlock_t -#endif - -#if defined(__NEED_pthread_barrier_t) && !defined(__DEFINED_pthread_barrier_t) -typedef struct { - union { - int __i[8]; - volatile int __vi[8]; - void *__p[4]; - } __u; -} pthread_barrier_t; -#define __DEFINED_pthread_barrier_t -#endif +#define __LITTLE_ENDIAN 1234 +#define __BIG_ENDIAN 4321 +#define __USE_TIME_BITS64 1 #if defined(__NEED_size_t) && !defined(__DEFINED_size_t) typedef unsigned _Addr size_t; @@ -192,28 +89,39 @@ typedef _Reg register_t; #define __DEFINED_register_t #endif +#if defined(__NEED_time_t) && !defined(__DEFINED_time_t) +typedef _Int64 time_t; +#define __DEFINED_time_t +#endif + +#if defined(__NEED_suseconds_t) && !defined(__DEFINED_suseconds_t) +typedef _Int64 suseconds_t; +#define __DEFINED_suseconds_t +#endif + + #if defined(__NEED_int8_t) && !defined(__DEFINED_int8_t) typedef signed char int8_t; #define __DEFINED_int8_t #endif #if defined(__NEED_int16_t) && !defined(__DEFINED_int16_t) -typedef short int16_t; +typedef signed short int16_t; #define __DEFINED_int16_t #endif #if defined(__NEED_int32_t) && !defined(__DEFINED_int32_t) -typedef int int32_t; +typedef signed int int32_t; #define __DEFINED_int32_t #endif #if defined(__NEED_int64_t) && !defined(__DEFINED_int64_t) -typedef _Int64 int64_t; +typedef signed _Int64 int64_t; #define __DEFINED_int64_t #endif #if defined(__NEED_intmax_t) && !defined(__DEFINED_intmax_t) -typedef _Int64 intmax_t; +typedef signed _Int64 intmax_t; #define __DEFINED_intmax_t #endif @@ -247,6 +155,7 @@ typedef unsigned _Int64 uintmax_t; #define __DEFINED_uintmax_t #endif + #if defined(__NEED_mode_t) && !defined(__DEFINED_mode_t) typedef unsigned mode_t; #define __DEFINED_mode_t @@ -292,6 +201,7 @@ typedef unsigned _Int64 fsfilcnt_t; #define __DEFINED_fsfilcnt_t #endif + #if defined(__NEED_wint_t) && !defined(__DEFINED_wint_t) typedef unsigned wint_t; #define __DEFINED_wint_t @@ -302,8 +212,9 @@ typedef unsigned long wctype_t; #define __DEFINED_wctype_t #endif + #if defined(__NEED_timer_t) && !defined(__DEFINED_timer_t) -typedef void *timer_t; +typedef void * timer_t; #define __DEFINED_timer_t #endif @@ -318,21 +229,16 @@ typedef long clock_t; #endif #if defined(__NEED_struct_timeval) && !defined(__DEFINED_struct_timeval) -struct timeval { - time_t tv_sec; - suseconds_t tv_usec; -}; +struct timeval { time_t tv_sec; suseconds_t tv_usec; }; #define __DEFINED_struct_timeval #endif #if defined(__NEED_struct_timespec) && !defined(__DEFINED_struct_timespec) -struct timespec { - time_t tv_sec; - long tv_nsec; -}; +struct timespec { time_t tv_sec; int :8*(sizeof(time_t)-sizeof(long))*(__BYTE_ORDER==4321); long tv_nsec; int :8*(sizeof(time_t)-sizeof(long))*(__BYTE_ORDER!=4321); }; #define __DEFINED_struct_timespec #endif + #if defined(__NEED_pid_t) && !defined(__DEFINED_pid_t) typedef int pid_t; #define __DEFINED_pid_t @@ -363,6 +269,7 @@ typedef unsigned useconds_t; #define __DEFINED_useconds_t #endif + #ifdef __cplusplus #if defined(__NEED_pthread_t) && !defined(__DEFINED_pthread_t) typedef unsigned long pthread_t; @@ -371,7 +278,7 @@ typedef unsigned long pthread_t; #else #if defined(__NEED_pthread_t) && !defined(__DEFINED_pthread_t) -typedef struct __pthread *pthread_t; +typedef struct __pthread * pthread_t; #define __DEFINED_pthread_t #endif @@ -392,65 +299,78 @@ typedef int pthread_spinlock_t; #endif #if defined(__NEED_pthread_mutexattr_t) && !defined(__DEFINED_pthread_mutexattr_t) -typedef struct { - unsigned __attr; -} pthread_mutexattr_t; +typedef struct { unsigned __attr; } pthread_mutexattr_t; #define __DEFINED_pthread_mutexattr_t #endif #if defined(__NEED_pthread_condattr_t) && !defined(__DEFINED_pthread_condattr_t) -typedef struct { - unsigned __attr; -} pthread_condattr_t; +typedef struct { unsigned __attr; } pthread_condattr_t; #define __DEFINED_pthread_condattr_t #endif #if defined(__NEED_pthread_barrierattr_t) && !defined(__DEFINED_pthread_barrierattr_t) -typedef struct { - unsigned __attr; -} pthread_barrierattr_t; +typedef struct { unsigned __attr; } pthread_barrierattr_t; #define __DEFINED_pthread_barrierattr_t #endif #if defined(__NEED_pthread_rwlockattr_t) && !defined(__DEFINED_pthread_rwlockattr_t) -typedef struct { - unsigned __attr[2]; -} pthread_rwlockattr_t; +typedef struct { unsigned __attr[2]; } pthread_rwlockattr_t; #define __DEFINED_pthread_rwlockattr_t #endif + +#if defined(__NEED_struct__IO_FILE) && !defined(__DEFINED_struct__IO_FILE) +struct _IO_FILE { char __x; }; +#define __DEFINED_struct__IO_FILE +#endif + #if defined(__NEED_FILE) && !defined(__DEFINED_FILE) typedef struct _IO_FILE FILE; #define __DEFINED_FILE #endif + +#if defined(__NEED_va_list) && !defined(__DEFINED_va_list) +typedef __builtin_va_list va_list; +#define __DEFINED_va_list +#endif + +#if defined(__NEED___isoc_va_list) && !defined(__DEFINED___isoc_va_list) +typedef __builtin_va_list __isoc_va_list; +#define __DEFINED___isoc_va_list +#endif + + #if defined(__NEED_mbstate_t) && !defined(__DEFINED_mbstate_t) -typedef struct __mbstate_t { - unsigned __opaque1, __opaque2; -} mbstate_t; +typedef struct __mbstate_t { unsigned __opaque1, __opaque2; } mbstate_t; #define __DEFINED_mbstate_t #endif + #if defined(__NEED_locale_t) && !defined(__DEFINED_locale_t) -typedef struct __locale_struct *locale_t; +typedef struct __locale_struct * locale_t; #define __DEFINED_locale_t #endif + #if defined(__NEED_sigset_t) && !defined(__DEFINED_sigset_t) -typedef struct __sigset_t { - unsigned long __bits[128 / sizeof(long)]; -} sigset_t; +typedef struct __sigset_t { unsigned long __bits[128/sizeof(long)]; } sigset_t; #define __DEFINED_sigset_t #endif + #if defined(__NEED_struct_iovec) && !defined(__DEFINED_struct_iovec) -struct iovec { - void *iov_base; - size_t iov_len; -}; +struct iovec { void *iov_base; size_t iov_len; }; #define __DEFINED_struct_iovec #endif + +#if defined(__NEED_struct_winsize) && !defined(__DEFINED_struct_winsize) +struct winsize { unsigned short ws_row, ws_col, ws_xpixel, ws_ypixel; }; +#define __DEFINED_struct_winsize +#endif + + #if defined(__NEED_socklen_t) && !defined(__DEFINED_socklen_t) typedef unsigned socklen_t; #define __DEFINED_socklen_t @@ -461,6 +381,43 @@ typedef unsigned short sa_family_t; #define __DEFINED_sa_family_t #endif + +#if defined(__NEED_pthread_attr_t) && !defined(__DEFINED_pthread_attr_t) +typedef struct { union { int __i[sizeof(long)==8?14:9]; volatile int __vi[sizeof(long)==8?14:9]; unsigned long __s[sizeof(long)==8?7:9]; } __u; } pthread_attr_t; +#define __DEFINED_pthread_attr_t +#endif + +#if defined(__NEED_pthread_mutex_t) && !defined(__DEFINED_pthread_mutex_t) +typedef struct { union { int __i[sizeof(long)==8?10:6]; volatile int __vi[sizeof(long)==8?10:6]; volatile void *volatile __p[sizeof(long)==8?5:6]; } __u; } pthread_mutex_t; +#define __DEFINED_pthread_mutex_t +#endif + +#if defined(__NEED_mtx_t) && !defined(__DEFINED_mtx_t) +typedef struct { union { int __i[sizeof(long)==8?10:6]; volatile int __vi[sizeof(long)==8?10:6]; volatile void *volatile __p[sizeof(long)==8?5:6]; } __u; } mtx_t; +#define __DEFINED_mtx_t +#endif + +#if defined(__NEED_pthread_cond_t) && !defined(__DEFINED_pthread_cond_t) +typedef struct { union { int __i[12]; volatile int __vi[12]; void *__p[12*sizeof(int)/sizeof(void*)]; } __u; } pthread_cond_t; +#define __DEFINED_pthread_cond_t +#endif + +#if defined(__NEED_cnd_t) && !defined(__DEFINED_cnd_t) +typedef struct { union { int __i[12]; volatile int __vi[12]; void *__p[12*sizeof(int)/sizeof(void*)]; } __u; } cnd_t; +#define __DEFINED_cnd_t +#endif + +#if defined(__NEED_pthread_rwlock_t) && !defined(__DEFINED_pthread_rwlock_t) +typedef struct { union { int __i[sizeof(long)==8?14:8]; volatile int __vi[sizeof(long)==8?14:8]; void *__p[sizeof(long)==8?7:8]; } __u; } pthread_rwlock_t; +#define __DEFINED_pthread_rwlock_t +#endif + +#if defined(__NEED_pthread_barrier_t) && !defined(__DEFINED_pthread_barrier_t) +typedef struct { union { int __i[sizeof(long)==8?8:5]; volatile int __vi[sizeof(long)==8?8:5]; void *__p[sizeof(long)==8?4:5]; } __u; } pthread_barrier_t; +#define __DEFINED_pthread_barrier_t +#endif + + #undef _Addr #undef _Int64 #undef _Reg diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/hwcap.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/hwcap.h index a748402..424cc4d 100644 --- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/hwcap.h +++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/hwcap.h @@ -38,3 +38,15 @@ #define HWCAP2_SVEBITPERM (1 << 4) #define HWCAP2_SVESHA3 (1 << 5) #define HWCAP2_SVESM4 (1 << 6) +#define HWCAP2_FLAGM2 (1 << 7) +#define HWCAP2_FRINT (1 << 8) +#define HWCAP2_SVEI8MM (1 << 9) +#define HWCAP2_SVEF32MM (1 << 10) +#define HWCAP2_SVEF64MM (1 << 11) +#define HWCAP2_SVEBF16 (1 << 12) +#define HWCAP2_I8MM (1 << 13) +#define HWCAP2_BF16 (1 << 14) +#define HWCAP2_DGH (1 << 15) +#define HWCAP2_RNG (1 << 16) +#define HWCAP2_BTI (1 << 17) +#define HWCAP2_MTE (1 << 18) diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/mman.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/mman.h new file mode 100644 index 0000000..8fad5ce --- /dev/null +++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/mman.h @@ -0,0 +1,2 @@ +#define PROT_BTI 0x10 +#define PROT_MTE 0x20 diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/signal.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/signal.h index b71261f..5098c73 100644 --- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/signal.h +++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/signal.h @@ -11,7 +11,7 @@ typedef unsigned long greg_t; typedef unsigned long gregset_t[34]; typedef struct { - long double vregs[32]; + __uint128_t vregs[32]; unsigned int fpsr; unsigned int fpcr; } fpregset_t; @@ -34,7 +34,7 @@ struct fpsimd_context { struct _aarch64_ctx head; unsigned int fpsr; unsigned int fpcr; - long double vregs[32]; + __uint128_t vregs[32]; }; struct esr_context { struct _aarch64_ctx head; diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h index d57a091..24b5438 100644 --- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h +++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h @@ -1,551 +1,603 @@ -#define __NR_io_setup 0 -#define __NR_io_destroy 1 -#define __NR_io_submit 2 -#define __NR_io_cancel 3 -#define __NR_io_getevents 4 -#define __NR_setxattr 5 -#define __NR_lsetxattr 6 -#define __NR_fsetxattr 7 -#define __NR_getxattr 8 -#define __NR_lgetxattr 9 -#define __NR_fgetxattr 10 -#define __NR_listxattr 11 -#define __NR_llistxattr 12 -#define __NR_flistxattr 13 -#define __NR_removexattr 14 -#define __NR_lremovexattr 15 -#define __NR_fremovexattr 16 -#define __NR_getcwd 17 -#define __NR_lookup_dcookie 18 -#define __NR_eventfd2 19 -#define __NR_epoll_create1 20 -#define __NR_epoll_ctl 21 -#define __NR_epoll_pwait 22 -#define __NR_dup 23 -#define __NR_dup3 24 -#define __NR_fcntl 25 -#define __NR_inotify_init1 26 -#define __NR_inotify_add_watch 27 -#define __NR_inotify_rm_watch 28 -#define __NR_ioctl 29 -#define __NR_ioprio_set 30 -#define __NR_ioprio_get 31 -#define __NR_flock 32 -#define __NR_mknodat 33 -#define __NR_mkdirat 34 -#define __NR_unlinkat 35 -#define __NR_symlinkat 36 -#define __NR_linkat 37 -#define __NR_renameat 38 -#define __NR_umount2 39 -#define __NR_mount 40 -#define __NR_pivot_root 41 -#define __NR_nfsservctl 42 -#define __NR_statfs 43 -#define __NR_fstatfs 44 -#define __NR_truncate 45 -#define __NR_ftruncate 46 -#define __NR_fallocate 47 -#define __NR_faccessat 48 -#define __NR_chdir 49 -#define __NR_fchdir 50 -#define __NR_chroot 51 -#define __NR_fchmod 52 -#define __NR_fchmodat 53 -#define __NR_fchownat 54 -#define __NR_fchown 55 -#define __NR_openat 56 -#define __NR_close 57 -#define __NR_vhangup 58 -#define __NR_pipe2 59 -#define __NR_quotactl 60 -#define __NR_getdents64 61 -#define __NR_lseek 62 -#define __NR_read 63 -#define __NR_write 64 -#define __NR_readv 65 -#define __NR_writev 66 -#define __NR_pread64 67 -#define __NR_pwrite64 68 -#define __NR_preadv 69 -#define __NR_pwritev 70 -#define __NR_sendfile 71 -#define __NR_pselect6 72 -#define __NR_ppoll 73 -#define __NR_signalfd4 74 -#define __NR_vmsplice 75 -#define __NR_splice 76 -#define __NR_tee 77 -#define __NR_readlinkat 78 -#define __NR_newfstatat 79 -#define __NR_fstat 80 -#define __NR_sync 81 -#define __NR_fsync 82 -#define __NR_fdatasync 83 -#define __NR_sync_file_range 84 -#define __NR_timerfd_create 85 -#define __NR_timerfd_settime 86 -#define __NR_timerfd_gettime 87 -#define __NR_utimensat 88 -#define __NR_acct 89 -#define __NR_capget 90 -#define __NR_capset 91 -#define __NR_personality 92 -#define __NR_exit 93 -#define __NR_exit_group 94 -#define __NR_waitid 95 -#define __NR_set_tid_address 96 -#define __NR_unshare 97 -#define __NR_futex 98 -#define __NR_set_robust_list 99 -#define __NR_get_robust_list 100 -#define __NR_nanosleep 101 -#define __NR_getitimer 102 -#define __NR_setitimer 103 -#define __NR_kexec_load 104 -#define __NR_init_module 105 -#define __NR_delete_module 106 -#define __NR_timer_create 107 -#define __NR_timer_gettime 108 -#define __NR_timer_getoverrun 109 -#define __NR_timer_settime 110 -#define __NR_timer_delete 111 -#define __NR_clock_settime 112 -#define __NR_clock_gettime 113 -#define __NR_clock_getres 114 -#define __NR_clock_nanosleep 115 -#define __NR_syslog 116 -#define __NR_ptrace 117 -#define __NR_sched_setparam 118 -#define __NR_sched_setscheduler 119 -#define __NR_sched_getscheduler 120 -#define __NR_sched_getparam 121 -#define __NR_sched_setaffinity 122 -#define __NR_sched_getaffinity 123 -#define __NR_sched_yield 124 +#define __NR_io_setup 0 +#define __NR_io_destroy 1 +#define __NR_io_submit 2 +#define __NR_io_cancel 3 +#define __NR_io_getevents 4 +#define __NR_setxattr 5 +#define __NR_lsetxattr 6 +#define __NR_fsetxattr 7 +#define __NR_getxattr 8 +#define __NR_lgetxattr 9 +#define __NR_fgetxattr 10 +#define __NR_listxattr 11 +#define __NR_llistxattr 12 +#define __NR_flistxattr 13 +#define __NR_removexattr 14 +#define __NR_lremovexattr 15 +#define __NR_fremovexattr 16 +#define __NR_getcwd 17 +#define __NR_lookup_dcookie 18 +#define __NR_eventfd2 19 +#define __NR_epoll_create1 20 +#define __NR_epoll_ctl 21 +#define __NR_epoll_pwait 22 +#define __NR_dup 23 +#define __NR_dup3 24 +#define __NR_fcntl 25 +#define __NR_inotify_init1 26 +#define __NR_inotify_add_watch 27 +#define __NR_inotify_rm_watch 28 +#define __NR_ioctl 29 +#define __NR_ioprio_set 30 +#define __NR_ioprio_get 31 +#define __NR_flock 32 +#define __NR_mknodat 33 +#define __NR_mkdirat 34 +#define __NR_unlinkat 35 +#define __NR_symlinkat 36 +#define __NR_linkat 37 +#define __NR_renameat 38 +#define __NR_umount2 39 +#define __NR_mount 40 +#define __NR_pivot_root 41 +#define __NR_nfsservctl 42 +#define __NR_statfs 43 +#define __NR_fstatfs 44 +#define __NR_truncate 45 +#define __NR_ftruncate 46 +#define __NR_fallocate 47 +#define __NR_faccessat 48 +#define __NR_chdir 49 +#define __NR_fchdir 50 +#define __NR_chroot 51 +#define __NR_fchmod 52 +#define __NR_fchmodat 53 +#define __NR_fchownat 54 +#define __NR_fchown 55 +#define __NR_openat 56 +#define __NR_close 57 +#define __NR_vhangup 58 +#define __NR_pipe2 59 +#define __NR_quotactl 60 +#define __NR_getdents64 61 +#define __NR_lseek 62 +#define __NR_read 63 +#define __NR_write 64 +#define __NR_readv 65 +#define __NR_writev 66 +#define __NR_pread64 67 +#define __NR_pwrite64 68 +#define __NR_preadv 69 +#define __NR_pwritev 70 +#define __NR_sendfile 71 +#define __NR_pselect6 72 +#define __NR_ppoll 73 +#define __NR_signalfd4 74 +#define __NR_vmsplice 75 +#define __NR_splice 76 +#define __NR_tee 77 +#define __NR_readlinkat 78 +#define __NR_newfstatat 79 +#define __NR_fstat 80 +#define __NR_sync 81 +#define __NR_fsync 82 +#define __NR_fdatasync 83 +#define __NR_sync_file_range 84 +#define __NR_timerfd_create 85 +#define __NR_timerfd_settime 86 +#define __NR_timerfd_gettime 87 +#define __NR_utimensat 88 +#define __NR_acct 89 +#define __NR_capget 90 +#define __NR_capset 91 +#define __NR_personality 92 +#define __NR_exit 93 +#define __NR_exit_group 94 +#define __NR_waitid 95 +#define __NR_set_tid_address 96 +#define __NR_unshare 97 +#define __NR_futex 98 +#define __NR_set_robust_list 99 +#define __NR_get_robust_list 100 +#define __NR_nanosleep 101 +#define __NR_getitimer 102 +#define __NR_setitimer 103 +#define __NR_kexec_load 104 +#define __NR_init_module 105 +#define __NR_delete_module 106 +#define __NR_timer_create 107 +#define __NR_timer_gettime 108 +#define __NR_timer_getoverrun 109 +#define __NR_timer_settime 110 +#define __NR_timer_delete 111 +#define __NR_clock_settime 112 +#define __NR_clock_gettime 113 +#define __NR_clock_getres 114 +#define __NR_clock_nanosleep 115 +#define __NR_syslog 116 +#define __NR_ptrace 117 +#define __NR_sched_setparam 118 +#define __NR_sched_setscheduler 119 +#define __NR_sched_getscheduler 120 +#define __NR_sched_getparam 121 +#define __NR_sched_setaffinity 122 +#define __NR_sched_getaffinity 123 +#define __NR_sched_yield 124 #define __NR_sched_get_priority_max 125 #define __NR_sched_get_priority_min 126 -#define __NR_sched_rr_get_interval 127 -#define __NR_restart_syscall 128 -#define __NR_kill 129 -#define __NR_tkill 130 -#define __NR_tgkill 131 -#define __NR_sigaltstack 132 -#define __NR_rt_sigsuspend 133 -#define __NR_rt_sigaction 134 -#define __NR_rt_sigprocmask 135 -#define __NR_rt_sigpending 136 -#define __NR_rt_sigtimedwait 137 -#define __NR_rt_sigqueueinfo 138 -#define __NR_rt_sigreturn 139 -#define __NR_setpriority 140 -#define __NR_getpriority 141 -#define __NR_reboot 142 -#define __NR_setregid 143 -#define __NR_setgid 144 -#define __NR_setreuid 145 -#define __NR_setuid 146 -#define __NR_setresuid 147 -#define __NR_getresuid 148 -#define __NR_setresgid 149 -#define __NR_getresgid 150 -#define __NR_setfsuid 151 -#define __NR_setfsgid 152 -#define __NR_times 153 -#define __NR_setpgid 154 -#define __NR_getpgid 155 -#define __NR_getsid 156 -#define __NR_setsid 157 -#define __NR_getgroups 158 -#define __NR_setgroups 159 -#define __NR_uname 160 -#define __NR_sethostname 161 -#define __NR_setdomainname 162 -#define __NR_getrlimit 163 -#define __NR_setrlimit 164 -#define __NR_getrusage 165 -#define __NR_umask 166 -#define __NR_prctl 167 -#define __NR_getcpu 168 -#define __NR_gettimeofday 169 -#define __NR_settimeofday 170 -#define __NR_adjtimex 171 -#define __NR_getpid 172 -#define __NR_getppid 173 -#define __NR_getuid 174 -#define __NR_geteuid 175 -#define __NR_getgid 176 -#define __NR_getegid 177 -#define __NR_gettid 178 -#define __NR_sysinfo 179 -#define __NR_mq_open 180 -#define __NR_mq_unlink 181 -#define __NR_mq_timedsend 182 -#define __NR_mq_timedreceive 183 -#define __NR_mq_notify 184 -#define __NR_mq_getsetattr 185 -#define __NR_msgget 186 -#define __NR_msgctl 187 -#define __NR_msgrcv 188 -#define __NR_msgsnd 189 -#define __NR_semget 190 -#define __NR_semctl 191 -#define __NR_semtimedop 192 -#define __NR_semop 193 -#define __NR_shmget 194 -#define __NR_shmctl 195 -#define __NR_shmat 196 -#define __NR_shmdt 197 -#define __NR_socket 198 -#define __NR_socketpair 199 -#define __NR_bind 200 -#define __NR_listen 201 -#define __NR_accept 202 -#define __NR_connect 203 -#define __NR_getsockname 204 -#define __NR_getpeername 205 -#define __NR_sendto 206 -#define __NR_recvfrom 207 -#define __NR_setsockopt 208 -#define __NR_getsockopt 209 -#define __NR_shutdown 210 -#define __NR_sendmsg 211 -#define __NR_recvmsg 212 -#define __NR_readahead 213 -#define __NR_brk 214 -#define __NR_munmap 215 -#define __NR_mremap 216 -#define __NR_add_key 217 -#define __NR_request_key 218 -#define __NR_keyctl 219 -#define __NR_clone 220 -#define __NR_execve 221 -#define __NR_mmap 222 -#define __NR_fadvise64 223 -#define __NR_swapon 224 -#define __NR_swapoff 225 -#define __NR_mprotect 226 -#define __NR_msync 227 -#define __NR_mlock 228 -#define __NR_munlock 229 -#define __NR_mlockall 230 -#define __NR_munlockall 231 -#define __NR_mincore 232 -#define __NR_madvise 233 -#define __NR_remap_file_pages 234 -#define __NR_mbind 235 -#define __NR_get_mempolicy 236 -#define __NR_set_mempolicy 237 -#define __NR_migrate_pages 238 -#define __NR_move_pages 239 -#define __NR_rt_tgsigqueueinfo 240 -#define __NR_perf_event_open 241 -#define __NR_accept4 242 -#define __NR_recvmmsg 243 -#define __NR_wait4 260 -#define __NR_prlimit64 261 -#define __NR_fanotify_init 262 -#define __NR_fanotify_mark 263 -#define __NR_name_to_handle_at 264 -#define __NR_open_by_handle_at 265 -#define __NR_clock_adjtime 266 -#define __NR_syncfs 267 -#define __NR_setns 268 -#define __NR_sendmmsg 269 -#define __NR_process_vm_readv 270 -#define __NR_process_vm_writev 271 -#define __NR_kcmp 272 -#define __NR_finit_module 273 -#define __NR_sched_setattr 274 -#define __NR_sched_getattr 275 -#define __NR_renameat2 276 -#define __NR_seccomp 277 -#define __NR_getrandom 278 -#define __NR_memfd_create 279 -#define __NR_bpf 280 -#define __NR_execveat 281 -#define __NR_userfaultfd 282 -#define __NR_membarrier 283 -#define __NR_mlock2 284 -#define __NR_copy_file_range 285 -#define __NR_preadv2 286 -#define __NR_pwritev2 287 -#define __NR_pkey_mprotect 288 -#define __NR_pkey_alloc 289 -#define __NR_pkey_free 290 +#define __NR_sched_rr_get_interval 127 +#define __NR_restart_syscall 128 +#define __NR_kill 129 +#define __NR_tkill 130 +#define __NR_tgkill 131 +#define __NR_sigaltstack 132 +#define __NR_rt_sigsuspend 133 +#define __NR_rt_sigaction 134 +#define __NR_rt_sigprocmask 135 +#define __NR_rt_sigpending 136 +#define __NR_rt_sigtimedwait 137 +#define __NR_rt_sigqueueinfo 138 +#define __NR_rt_sigreturn 139 +#define __NR_setpriority 140 +#define __NR_getpriority 141 +#define __NR_reboot 142 +#define __NR_setregid 143 +#define __NR_setgid 144 +#define __NR_setreuid 145 +#define __NR_setuid 146 +#define __NR_setresuid 147 +#define __NR_getresuid 148 +#define __NR_setresgid 149 +#define __NR_getresgid 150 +#define __NR_setfsuid 151 +#define __NR_setfsgid 152 +#define __NR_times 153 +#define __NR_setpgid 154 +#define __NR_getpgid 155 +#define __NR_getsid 156 +#define __NR_setsid 157 +#define __NR_getgroups 158 +#define __NR_setgroups 159 +#define __NR_uname 160 +#define __NR_sethostname 161 +#define __NR_setdomainname 162 +#define __NR_getrlimit 163 +#define __NR_setrlimit 164 +#define __NR_getrusage 165 +#define __NR_umask 166 +#define __NR_prctl 167 +#define __NR_getcpu 168 +#define __NR_gettimeofday 169 +#define __NR_settimeofday 170 +#define __NR_adjtimex 171 +#define __NR_getpid 172 +#define __NR_getppid 173 +#define __NR_getuid 174 +#define __NR_geteuid 175 +#define __NR_getgid 176 +#define __NR_getegid 177 +#define __NR_gettid 178 +#define __NR_sysinfo 179 +#define __NR_mq_open 180 +#define __NR_mq_unlink 181 +#define __NR_mq_timedsend 182 +#define __NR_mq_timedreceive 183 +#define __NR_mq_notify 184 +#define __NR_mq_getsetattr 185 +#define __NR_msgget 186 +#define __NR_msgctl 187 +#define __NR_msgrcv 188 +#define __NR_msgsnd 189 +#define __NR_semget 190 +#define __NR_semctl 191 +#define __NR_semtimedop 192 +#define __NR_semop 193 +#define __NR_shmget 194 +#define __NR_shmctl 195 +#define __NR_shmat 196 +#define __NR_shmdt 197 +#define __NR_socket 198 +#define __NR_socketpair 199 +#define __NR_bind 200 +#define __NR_listen 201 +#define __NR_accept 202 +#define __NR_connect 203 +#define __NR_getsockname 204 +#define __NR_getpeername 205 +#define __NR_sendto 206 +#define __NR_recvfrom 207 +#define __NR_setsockopt 208 +#define __NR_getsockopt 209 +#define __NR_shutdown 210 +#define __NR_sendmsg 211 +#define __NR_recvmsg 212 +#define __NR_readahead 213 +#define __NR_brk 214 +#define __NR_munmap 215 +#define __NR_mremap 216 +#define __NR_add_key 217 +#define __NR_request_key 218 +#define __NR_keyctl 219 +#define __NR_clone 220 +#define __NR_execve 221 +#define __NR_mmap 222 +#define __NR_fadvise64 223 +#define __NR_swapon 224 +#define __NR_swapoff 225 +#define __NR_mprotect 226 +#define __NR_msync 227 +#define __NR_mlock 228 +#define __NR_munlock 229 +#define __NR_mlockall 230 +#define __NR_munlockall 231 +#define __NR_mincore 232 +#define __NR_madvise 233 +#define __NR_remap_file_pages 234 +#define __NR_mbind 235 +#define __NR_get_mempolicy 236 +#define __NR_set_mempolicy 237 +#define __NR_migrate_pages 238 +#define __NR_move_pages 239 +#define __NR_rt_tgsigqueueinfo 240 +#define __NR_perf_event_open 241 +#define __NR_accept4 242 +#define __NR_recvmmsg 243 +#define __NR_wait4 260 +#define __NR_prlimit64 261 +#define __NR_fanotify_init 262 +#define __NR_fanotify_mark 263 +#define __NR_name_to_handle_at 264 +#define __NR_open_by_handle_at 265 +#define __NR_clock_adjtime 266 +#define __NR_syncfs 267 +#define __NR_setns 268 +#define __NR_sendmmsg 269 +#define __NR_process_vm_readv 270 +#define __NR_process_vm_writev 271 +#define __NR_kcmp 272 +#define __NR_finit_module 273 +#define __NR_sched_setattr 274 +#define __NR_sched_getattr 275 +#define __NR_renameat2 276 +#define __NR_seccomp 277 +#define __NR_getrandom 278 +#define __NR_memfd_create 279 +#define __NR_bpf 280 +#define __NR_execveat 281 +#define __NR_userfaultfd 282 +#define __NR_membarrier 283 +#define __NR_mlock2 284 +#define __NR_copy_file_range 285 +#define __NR_preadv2 286 +#define __NR_pwritev2 287 +#define __NR_pkey_mprotect 288 +#define __NR_pkey_alloc 289 +#define __NR_pkey_free 290 +#define __NR_statx 291 +#define __NR_io_pgetevents 292 +#define __NR_rseq 293 +#define __NR_kexec_file_load 294 +#define __NR_pidfd_send_signal 424 +#define __NR_io_uring_setup 425 +#define __NR_io_uring_enter 426 +#define __NR_io_uring_register 427 +#define __NR_open_tree 428 +#define __NR_move_mount 429 +#define __NR_fsopen 430 +#define __NR_fsconfig 431 +#define __NR_fsmount 432 +#define __NR_fspick 433 +#define __NR_pidfd_open 434 +#define __NR_clone3 435 +#define __NR_close_range 436 +#define __NR_openat2 437 +#define __NR_pidfd_getfd 438 +#define __NR_faccessat2 439 +#define __NR_process_madvise 440 +#define __NR_epoll_pwait2 441 +#define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 -#define SYS_io_setup 0 -#define SYS_io_destroy 1 -#define SYS_io_submit 2 -#define SYS_io_cancel 3 -#define SYS_io_getevents 4 -#define SYS_setxattr 5 -#define SYS_lsetxattr 6 -#define SYS_fsetxattr 7 -#define SYS_getxattr 8 -#define SYS_lgetxattr 9 -#define SYS_fgetxattr 10 -#define SYS_listxattr 11 -#define SYS_llistxattr 12 -#define SYS_flistxattr 13 -#define SYS_removexattr 14 -#define SYS_lremovexattr 15 -#define SYS_fremovexattr 16 -#define SYS_getcwd 17 -#define SYS_lookup_dcookie 18 -#define SYS_eventfd2 19 -#define SYS_epoll_create1 20 -#define SYS_epoll_ctl 21 -#define SYS_epoll_pwait 22 -#define SYS_dup 23 -#define SYS_dup3 24 -#define SYS_fcntl 25 -#define SYS_inotify_init1 26 -#define SYS_inotify_add_watch 27 -#define SYS_inotify_rm_watch 28 -#define SYS_ioctl 29 -#define SYS_ioprio_set 30 -#define SYS_ioprio_get 31 -#define SYS_flock 32 -#define SYS_mknodat 33 -#define SYS_mkdirat 34 -#define SYS_unlinkat 35 -#define SYS_symlinkat 36 -#define SYS_linkat 37 -#define SYS_renameat 38 -#define SYS_umount2 39 -#define SYS_mount 40 -#define SYS_pivot_root 41 -#define SYS_nfsservctl 42 -#define SYS_statfs 43 -#define SYS_fstatfs 44 -#define SYS_truncate 45 -#define SYS_ftruncate 46 -#define SYS_fallocate 47 -#define SYS_faccessat 48 -#define SYS_chdir 49 -#define SYS_fchdir 50 -#define SYS_chroot 51 -#define SYS_fchmod 52 -#define SYS_fchmodat 53 -#define SYS_fchownat 54 -#define SYS_fchown 55 -#define SYS_openat 56 -#define SYS_close 57 -#define SYS_vhangup 58 -#define SYS_pipe2 59 -#define SYS_quotactl 60 -#define SYS_getdents64 61 -#define SYS_lseek 62 -#define SYS_read 63 -#define SYS_write 64 -#define SYS_readv 65 -#define SYS_writev 66 -#define SYS_pread64 67 -#define SYS_pwrite64 68 -#define SYS_preadv 69 -#define SYS_pwritev 70 -#define SYS_sendfile 71 -#define SYS_pselect6 72 -#define SYS_ppoll 73 -#define SYS_signalfd4 74 -#define SYS_vmsplice 75 -#define SYS_splice 76 -#define SYS_tee 77 -#define SYS_readlinkat 78 -#define SYS_newfstatat 79 -#define SYS_fstat 80 -#define SYS_sync 81 -#define SYS_fsync 82 -#define SYS_fdatasync 83 -#define SYS_sync_file_range 84 -#define SYS_timerfd_create 85 -#define SYS_timerfd_settime 86 -#define SYS_timerfd_gettime 87 -#define SYS_utimensat 88 -#define SYS_acct 89 -#define SYS_capget 90 -#define SYS_capset 91 -#define SYS_personality 92 -#define SYS_exit 93 -#define SYS_exit_group 94 -#define SYS_waitid 95 -#define SYS_set_tid_address 96 -#define SYS_unshare 97 -#define SYS_futex 98 -#define SYS_set_robust_list 99 -#define SYS_get_robust_list 100 -#define SYS_nanosleep 101 -#define SYS_getitimer 102 -#define SYS_setitimer 103 -#define SYS_kexec_load 104 -#define SYS_init_module 105 -#define SYS_delete_module 106 -#define SYS_timer_create 107 -#define SYS_timer_gettime 108 -#define SYS_timer_getoverrun 109 -#define SYS_timer_settime 110 -#define SYS_timer_delete 111 -#define SYS_clock_settime 112 -#define SYS_clock_gettime 113 -#define SYS_clock_getres 114 -#define SYS_clock_nanosleep 115 -#define SYS_syslog 116 -#define SYS_ptrace 117 -#define SYS_sched_setparam 118 -#define SYS_sched_setscheduler 119 -#define SYS_sched_getscheduler 120 -#define SYS_sched_getparam 121 -#define SYS_sched_setaffinity 122 -#define SYS_sched_getaffinity 123 -#define SYS_sched_yield 124 +#define SYS_io_setup 0 +#define SYS_io_destroy 1 +#define SYS_io_submit 2 +#define SYS_io_cancel 3 +#define SYS_io_getevents 4 +#define SYS_setxattr 5 +#define SYS_lsetxattr 6 +#define SYS_fsetxattr 7 +#define SYS_getxattr 8 +#define SYS_lgetxattr 9 +#define SYS_fgetxattr 10 +#define SYS_listxattr 11 +#define SYS_llistxattr 12 +#define SYS_flistxattr 13 +#define SYS_removexattr 14 +#define SYS_lremovexattr 15 +#define SYS_fremovexattr 16 +#define SYS_getcwd 17 +#define SYS_lookup_dcookie 18 +#define SYS_eventfd2 19 +#define SYS_epoll_create1 20 +#define SYS_epoll_ctl 21 +#define SYS_epoll_pwait 22 +#define SYS_dup 23 +#define SYS_dup3 24 +#define SYS_fcntl 25 +#define SYS_inotify_init1 26 +#define SYS_inotify_add_watch 27 +#define SYS_inotify_rm_watch 28 +#define SYS_ioctl 29 +#define SYS_ioprio_set 30 +#define SYS_ioprio_get 31 +#define SYS_flock 32 +#define SYS_mknodat 33 +#define SYS_mkdirat 34 +#define SYS_unlinkat 35 +#define SYS_symlinkat 36 +#define SYS_linkat 37 +#define SYS_renameat 38 +#define SYS_umount2 39 +#define SYS_mount 40 +#define SYS_pivot_root 41 +#define SYS_nfsservctl 42 +#define SYS_statfs 43 +#define SYS_fstatfs 44 +#define SYS_truncate 45 +#define SYS_ftruncate 46 +#define SYS_fallocate 47 +#define SYS_faccessat 48 +#define SYS_chdir 49 +#define SYS_fchdir 50 +#define SYS_chroot 51 +#define SYS_fchmod 52 +#define SYS_fchmodat 53 +#define SYS_fchownat 54 +#define SYS_fchown 55 +#define SYS_openat 56 +#define SYS_close 57 +#define SYS_vhangup 58 +#define SYS_pipe2 59 +#define SYS_quotactl 60 +#define SYS_getdents64 61 +#define SYS_lseek 62 +#define SYS_read 63 +#define SYS_write 64 +#define SYS_readv 65 +#define SYS_writev 66 +#define SYS_pread64 67 +#define SYS_pwrite64 68 +#define SYS_preadv 69 +#define SYS_pwritev 70 +#define SYS_sendfile 71 +#define SYS_pselect6 72 +#define SYS_ppoll 73 +#define SYS_signalfd4 74 +#define SYS_vmsplice 75 +#define SYS_splice 76 +#define SYS_tee 77 +#define SYS_readlinkat 78 +#define SYS_newfstatat 79 +#define SYS_fstat 80 +#define SYS_sync 81 +#define SYS_fsync 82 +#define SYS_fdatasync 83 +#define SYS_sync_file_range 84 +#define SYS_timerfd_create 85 +#define SYS_timerfd_settime 86 +#define SYS_timerfd_gettime 87 +#define SYS_utimensat 88 +#define SYS_acct 89 +#define SYS_capget 90 +#define SYS_capset 91 +#define SYS_personality 92 +#define SYS_exit 93 +#define SYS_exit_group 94 +#define SYS_waitid 95 +#define SYS_set_tid_address 96 +#define SYS_unshare 97 +#define SYS_futex 98 +#define SYS_set_robust_list 99 +#define SYS_get_robust_list 100 +#define SYS_nanosleep 101 +#define SYS_getitimer 102 +#define SYS_setitimer 103 +#define SYS_kexec_load 104 +#define SYS_init_module 105 +#define SYS_delete_module 106 +#define SYS_timer_create 107 +#define SYS_timer_gettime 108 +#define SYS_timer_getoverrun 109 +#define SYS_timer_settime 110 +#define SYS_timer_delete 111 +#define SYS_clock_settime 112 +#define SYS_clock_gettime 113 +#define SYS_clock_getres 114 +#define SYS_clock_nanosleep 115 +#define SYS_syslog 116 +#define SYS_ptrace 117 +#define SYS_sched_setparam 118 +#define SYS_sched_setscheduler 119 +#define SYS_sched_getscheduler 120 +#define SYS_sched_getparam 121 +#define SYS_sched_setaffinity 122 +#define SYS_sched_getaffinity 123 +#define SYS_sched_yield 124 #define SYS_sched_get_priority_max 125 #define SYS_sched_get_priority_min 126 -#define SYS_sched_rr_get_interval 127 -#define SYS_restart_syscall 128 -#define SYS_kill 129 -#define SYS_tkill 130 -#define SYS_tgkill 131 -#define SYS_sigaltstack 132 -#define SYS_rt_sigsuspend 133 -#define SYS_rt_sigaction 134 -#define SYS_rt_sigprocmask 135 -#define SYS_rt_sigpending 136 -#define SYS_rt_sigtimedwait 137 -#define SYS_rt_sigqueueinfo 138 -#define SYS_rt_sigreturn 139 -#define SYS_setpriority 140 -#define SYS_getpriority 141 -#define SYS_reboot 142 -#define SYS_setregid 143 -#define SYS_setgid 144 -#define SYS_setreuid 145 -#define SYS_setuid 146 -#define SYS_setresuid 147 -#define SYS_getresuid 148 -#define SYS_setresgid 149 -#define SYS_getresgid 150 -#define SYS_setfsuid 151 -#define SYS_setfsgid 152 -#define SYS_times 153 -#define SYS_setpgid 154 -#define SYS_getpgid 155 -#define SYS_getsid 156 -#define SYS_setsid 157 -#define SYS_getgroups 158 -#define SYS_setgroups 159 -#define SYS_uname 160 -#define SYS_sethostname 161 -#define SYS_setdomainname 162 -#define SYS_getrlimit 163 -#define SYS_setrlimit 164 -#define SYS_getrusage 165 -#define SYS_umask 166 -#define SYS_prctl 167 -#define SYS_getcpu 168 -#define SYS_gettimeofday 169 -#define SYS_settimeofday 170 -#define SYS_adjtimex 171 -#define SYS_getpid 172 -#define SYS_getppid 173 -#define SYS_getuid 174 -#define SYS_geteuid 175 -#define SYS_getgid 176 -#define SYS_getegid 177 -#define SYS_gettid 178 -#define SYS_sysinfo 179 -#define SYS_mq_open 180 -#define SYS_mq_unlink 181 -#define SYS_mq_timedsend 182 -#define SYS_mq_timedreceive 183 -#define SYS_mq_notify 184 -#define SYS_mq_getsetattr 185 -#define SYS_msgget 186 -#define SYS_msgctl 187 -#define SYS_msgrcv 188 -#define SYS_msgsnd 189 -#define SYS_semget 190 -#define SYS_semctl 191 -#define SYS_semtimedop 192 -#define SYS_semop 193 -#define SYS_shmget 194 -#define SYS_shmctl 195 -#define SYS_shmat 196 -#define SYS_shmdt 197 -#define SYS_socket 198 -#define SYS_socketpair 199 -#define SYS_bind 200 -#define SYS_listen 201 -#define SYS_accept 202 -#define SYS_connect 203 -#define SYS_getsockname 204 -#define SYS_getpeername 205 -#define SYS_sendto 206 -#define SYS_recvfrom 207 -#define SYS_setsockopt 208 -#define SYS_getsockopt 209 -#define SYS_shutdown 210 -#define SYS_sendmsg 211 -#define SYS_recvmsg 212 -#define SYS_readahead 213 -#define SYS_brk 214 -#define SYS_munmap 215 -#define SYS_mremap 216 -#define SYS_add_key 217 -#define SYS_request_key 218 -#define SYS_keyctl 219 -#define SYS_clone 220 -#define SYS_execve 221 -#define SYS_mmap 222 -#define SYS_fadvise64 223 -#define SYS_swapon 224 -#define SYS_swapoff 225 -#define SYS_mprotect 226 -#define SYS_msync 227 -#define SYS_mlock 228 -#define SYS_munlock 229 -#define SYS_mlockall 230 -#define SYS_munlockall 231 -#define SYS_mincore 232 -#define SYS_madvise 233 -#define SYS_remap_file_pages 234 -#define SYS_mbind 235 -#define SYS_get_mempolicy 236 -#define SYS_set_mempolicy 237 -#define SYS_migrate_pages 238 -#define SYS_move_pages 239 -#define SYS_rt_tgsigqueueinfo 240 -#define SYS_perf_event_open 241 -#define SYS_accept4 242 -#define SYS_recvmmsg 243 -#define SYS_wait4 260 -#define SYS_prlimit64 261 -#define SYS_fanotify_init 262 -#define SYS_fanotify_mark 263 -#define SYS_name_to_handle_at 264 -#define SYS_open_by_handle_at 265 -#define SYS_clock_adjtime 266 -#define SYS_syncfs 267 -#define SYS_setns 268 -#define SYS_sendmmsg 269 -#define SYS_process_vm_readv 270 -#define SYS_process_vm_writev 271 -#define SYS_kcmp 272 -#define SYS_finit_module 273 -#define SYS_sched_setattr 274 -#define SYS_sched_getattr 275 -#define SYS_renameat2 276 -#define SYS_seccomp 277 -#define SYS_getrandom 278 -#define SYS_memfd_create 279 -#define SYS_bpf 280 -#define SYS_execveat 281 -#define SYS_userfaultfd 282 -#define SYS_membarrier 283 -#define SYS_mlock2 284 -#define SYS_copy_file_range 285 -#define SYS_preadv2 286 -#define SYS_pwritev2 287 -#define SYS_pkey_mprotect 288 -#define SYS_pkey_alloc 289 -#define SYS_pkey_free 290 +#define SYS_sched_rr_get_interval 127 +#define SYS_restart_syscall 128 +#define SYS_kill 129 +#define SYS_tkill 130 +#define SYS_tgkill 131 +#define SYS_sigaltstack 132 +#define SYS_rt_sigsuspend 133 +#define SYS_rt_sigaction 134 +#define SYS_rt_sigprocmask 135 +#define SYS_rt_sigpending 136 +#define SYS_rt_sigtimedwait 137 +#define SYS_rt_sigqueueinfo 138 +#define SYS_rt_sigreturn 139 +#define SYS_setpriority 140 +#define SYS_getpriority 141 +#define SYS_reboot 142 +#define SYS_setregid 143 +#define SYS_setgid 144 +#define SYS_setreuid 145 +#define SYS_setuid 146 +#define SYS_setresuid 147 +#define SYS_getresuid 148 +#define SYS_setresgid 149 +#define SYS_getresgid 150 +#define SYS_setfsuid 151 +#define SYS_setfsgid 152 +#define SYS_times 153 +#define SYS_setpgid 154 +#define SYS_getpgid 155 +#define SYS_getsid 156 +#define SYS_setsid 157 +#define SYS_getgroups 158 +#define SYS_setgroups 159 +#define SYS_uname 160 +#define SYS_sethostname 161 +#define SYS_setdomainname 162 +#define SYS_getrlimit 163 +#define SYS_setrlimit 164 +#define SYS_getrusage 165 +#define SYS_umask 166 +#define SYS_prctl 167 +#define SYS_getcpu 168 +#define SYS_gettimeofday 169 +#define SYS_settimeofday 170 +#define SYS_adjtimex 171 +#define SYS_getpid 172 +#define SYS_getppid 173 +#define SYS_getuid 174 +#define SYS_geteuid 175 +#define SYS_getgid 176 +#define SYS_getegid 177 +#define SYS_gettid 178 +#define SYS_sysinfo 179 +#define SYS_mq_open 180 +#define SYS_mq_unlink 181 +#define SYS_mq_timedsend 182 +#define SYS_mq_timedreceive 183 +#define SYS_mq_notify 184 +#define SYS_mq_getsetattr 185 +#define SYS_msgget 186 +#define SYS_msgctl 187 +#define SYS_msgrcv 188 +#define SYS_msgsnd 189 +#define SYS_semget 190 +#define SYS_semctl 191 +#define SYS_semtimedop 192 +#define SYS_semop 193 +#define SYS_shmget 194 +#define SYS_shmctl 195 +#define SYS_shmat 196 +#define SYS_shmdt 197 +#define SYS_socket 198 +#define SYS_socketpair 199 +#define SYS_bind 200 +#define SYS_listen 201 +#define SYS_accept 202 +#define SYS_connect 203 +#define SYS_getsockname 204 +#define SYS_getpeername 205 +#define SYS_sendto 206 +#define SYS_recvfrom 207 +#define SYS_setsockopt 208 +#define SYS_getsockopt 209 +#define SYS_shutdown 210 +#define SYS_sendmsg 211 +#define SYS_recvmsg 212 +#define SYS_readahead 213 +#define SYS_brk 214 +#define SYS_munmap 215 +#define SYS_mremap 216 +#define SYS_add_key 217 +#define SYS_request_key 218 +#define SYS_keyctl 219 +#define SYS_clone 220 +#define SYS_execve 221 +#define SYS_mmap 222 +#define SYS_fadvise64 223 +#define SYS_swapon 224 +#define SYS_swapoff 225 +#define SYS_mprotect 226 +#define SYS_msync 227 +#define SYS_mlock 228 +#define SYS_munlock 229 +#define SYS_mlockall 230 +#define SYS_munlockall 231 +#define SYS_mincore 232 +#define SYS_madvise 233 +#define SYS_remap_file_pages 234 +#define SYS_mbind 235 +#define SYS_get_mempolicy 236 +#define SYS_set_mempolicy 237 +#define SYS_migrate_pages 238 +#define SYS_move_pages 239 +#define SYS_rt_tgsigqueueinfo 240 +#define SYS_perf_event_open 241 +#define SYS_accept4 242 +#define SYS_recvmmsg 243 +#define SYS_wait4 260 +#define SYS_prlimit64 261 +#define SYS_fanotify_init 262 +#define SYS_fanotify_mark 263 +#define SYS_name_to_handle_at 264 +#define SYS_open_by_handle_at 265 +#define SYS_clock_adjtime 266 +#define SYS_syncfs 267 +#define SYS_setns 268 +#define SYS_sendmmsg 269 +#define SYS_process_vm_readv 270 +#define SYS_process_vm_writev 271 +#define SYS_kcmp 272 +#define SYS_finit_module 273 +#define SYS_sched_setattr 274 +#define SYS_sched_getattr 275 +#define SYS_renameat2 276 +#define SYS_seccomp 277 +#define SYS_getrandom 278 +#define SYS_memfd_create 279 +#define SYS_bpf 280 +#define SYS_execveat 281 +#define SYS_userfaultfd 282 +#define SYS_membarrier 283 +#define SYS_mlock2 284 +#define SYS_copy_file_range 285 +#define SYS_preadv2 286 +#define SYS_pwritev2 287 +#define SYS_pkey_mprotect 288 +#define SYS_pkey_alloc 289 +#define SYS_pkey_free 290 +#define SYS_statx 291 +#define SYS_io_pgetevents 292 +#define SYS_rseq 293 +#define SYS_kexec_file_load 294 +#define SYS_pidfd_send_signal 424 +#define SYS_io_uring_setup 425 +#define SYS_io_uring_enter 426 +#define SYS_io_uring_register 427 +#define SYS_open_tree 428 +#define SYS_move_mount 429 +#define SYS_fsopen 430 +#define SYS_fsconfig 431 +#define SYS_fsmount 432 +#define SYS_fspick 433 +#define SYS_pidfd_open 434 +#define SYS_clone3 435 +#define SYS_close_range 436 +#define SYS_openat2 437 +#define SYS_pidfd_getfd 438 +#define SYS_faccessat2 439 +#define SYS_process_madvise 440 +#define SYS_epoll_pwait2 441 +#define SYS_mount_setattr 442 +#define SYS_landlock_create_ruleset 444 +#define SYS_landlock_add_rule 445 +#define SYS_landlock_restrict_self 446 diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h.in b/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h.in index 93648af..5f420e6 100644 --- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h.in +++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h.in @@ -289,4 +289,14 @@ #define __NR_fspick 433 #define __NR_pidfd_open 434 #define __NR_clone3 435 +#define __NR_close_range 436 +#define __NR_openat2 437 +#define __NR_pidfd_getfd 438 +#define __NR_faccessat2 439 +#define __NR_process_madvise 440 +#define __NR_epoll_pwait2 441 +#define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/user.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/user.h index d12cdf7..8a1002a 100644 --- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/user.h +++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/user.h @@ -6,7 +6,7 @@ struct user_regs_struct { }; struct user_fpsimd_struct { - long double vregs[32]; + __uint128_t vregs[32]; unsigned int fpsr; unsigned int fpcr; }; diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/pthread_arch.h b/thirdparty/open_source/musl/libc/arch/aarch64/pthread_arch.h index e64b126..3909616 100644 --- a/thirdparty/open_source/musl/libc/arch/aarch64/pthread_arch.h +++ b/thirdparty/open_source/musl/libc/arch/aarch64/pthread_arch.h @@ -1,12 +1,11 @@ -static inline struct pthread *__pthread_self() +static inline uintptr_t __get_tp() { - char *self; - __asm__ ("mrs %0,tpidr_el0" : "=r"(self)); - return (void*)(self - sizeof(struct pthread)); + uintptr_t tp; + __asm__ ("mrs %0,tpidr_el0" : "=r"(tp)); + return tp; } #define TLS_ABOVE_TP #define GAP_ABOVE_TP 16 -#define TP_ADJ(p) ((char *)(p) + sizeof(struct pthread)) #define MC_PC pc diff --git a/thirdparty/open_source/musl/libc/arch/arm/bits/alltypes.h b/thirdparty/open_source/musl/libc/arch/arm/bits/alltypes.h index 41b4204..8121b75 100644 --- a/thirdparty/open_source/musl/libc/arch/arm/bits/alltypes.h +++ b/thirdparty/open_source/musl/libc/arch/arm/bits/alltypes.h @@ -1,31 +1,16 @@ -#define _Addr int +#define _REDIR_TIME64 0 +#define _Addr int #define _Int64 long long -#define _Reg int +#define _Reg int -#define __LITTLE_ENDIAN 1234 -#define __BIG_ENDIAN 4321 -#define __USE_TIME_BITS64 1 - -#ifndef __BYTE_ORDER -#if __AARCH64EB__ +#if __ARMEB__ #define __BYTE_ORDER 4321 #else #define __BYTE_ORDER 1234 #endif -#endif #define __LONG_MAX 0x7fffffffL -#if defined(__NEED_va_list) && !defined(__DEFINED_va_list) -typedef __builtin_va_list va_list; -#define __DEFINED_va_list -#endif - -#if defined(__NEED___isoc_va_list) && !defined(__DEFINED___isoc_va_list) -typedef __builtin_va_list __isoc_va_list; -#define __DEFINED___isoc_va_list -#endif - #ifndef __cplusplus #if defined(__NEED_wchar_t) && !defined(__DEFINED_wchar_t) typedef unsigned wchar_t; @@ -44,100 +29,15 @@ typedef double double_t; #define __DEFINED_double_t #endif + #if defined(__NEED_max_align_t) && !defined(__DEFINED_max_align_t) -typedef struct { - long long __ll; - long double __ld; -} max_align_t; +typedef struct { long long __ll; long double __ld; } max_align_t; #define __DEFINED_max_align_t #endif -#if defined(__NEED_time_t) && !defined(__DEFINED_time_t) -typedef long time_t; -#define __DEFINED_time_t -#endif - -#if defined(__NEED_suseconds_t) && !defined(__DEFINED_suseconds_t) -typedef long suseconds_t; -#define __DEFINED_suseconds_t -#endif - -#if defined(__NEED_pthread_attr_t) && !defined(__DEFINED_pthread_attr_t) -typedef struct { - union { - int __i[9]; - volatile int __vi[9]; - unsigned __s[9]; - } __u; -} pthread_attr_t; -#define __DEFINED_pthread_attr_t -#endif - -#if defined(__NEED_pthread_mutex_t) && !defined(__DEFINED_pthread_mutex_t) -typedef struct { - union { - int __i[6]; - volatile int __vi[6]; - volatile void *volatile __p[6]; - } __u; -} pthread_mutex_t; -#define __DEFINED_pthread_mutex_t -#endif - -#if defined(__NEED_mtx_t) && !defined(__DEFINED_mtx_t) -typedef struct { - union { - int __i[6]; - volatile int __vi[6]; - volatile void *volatile __p[6]; - } __u; -} mtx_t; -#define __DEFINED_mtx_t -#endif - -#if defined(__NEED_pthread_cond_t) && !defined(__DEFINED_pthread_cond_t) -typedef struct { - union { - int __i[12]; - volatile int __vi[12]; - void *__p[12]; - } __u; -} pthread_cond_t; -#define __DEFINED_pthread_cond_t -#endif - -#if defined(__NEED_cnd_t) && !defined(__DEFINED_cnd_t) -typedef struct { - union { - int __i[12]; - volatile int __vi[12]; - void *__p[12]; - } __u; -} cnd_t; -#define __DEFINED_cnd_t -#endif - -#if defined(__NEED_pthread_rwlock_t) && !defined(__DEFINED_pthread_rwlock_t) -typedef struct { - union { - int __i[8]; - volatile int __vi[8]; - void *__p[8]; - } __u; -} pthread_rwlock_t; -#define __DEFINED_pthread_rwlock_t -#endif - -#if defined(__NEED_pthread_barrier_t) && !defined(__DEFINED_pthread_barrier_t) -typedef struct { - union { - int __i[5]; - volatile int __vi[5]; - void *__p[5]; - } __u; -} pthread_barrier_t; -#define __DEFINED_pthread_barrier_t -#endif +#define __LITTLE_ENDIAN 1234 +#define __BIG_ENDIAN 4321 +#define __USE_TIME_BITS64 1 #if defined(__NEED_size_t) && !defined(__DEFINED_size_t) typedef unsigned _Addr size_t; @@ -174,28 +74,39 @@ typedef _Reg register_t; #define __DEFINED_register_t #endif +#if defined(__NEED_time_t) && !defined(__DEFINED_time_t) +typedef long time_t; +#define __DEFINED_time_t +#endif + +#if defined(__NEED_suseconds_t) && !defined(__DEFINED_suseconds_t) +typedef long suseconds_t; +#define __DEFINED_suseconds_t +#endif + + #if defined(__NEED_int8_t) && !defined(__DEFINED_int8_t) typedef signed char int8_t; #define __DEFINED_int8_t #endif #if defined(__NEED_int16_t) && !defined(__DEFINED_int16_t) -typedef short int16_t; +typedef signed short int16_t; #define __DEFINED_int16_t #endif #if defined(__NEED_int32_t) && !defined(__DEFINED_int32_t) -typedef int int32_t; +typedef signed int int32_t; #define __DEFINED_int32_t #endif #if defined(__NEED_int64_t) && !defined(__DEFINED_int64_t) -typedef _Int64 int64_t; +typedef signed _Int64 int64_t; #define __DEFINED_int64_t #endif #if defined(__NEED_intmax_t) && !defined(__DEFINED_intmax_t) -typedef _Int64 intmax_t; +typedef signed _Int64 intmax_t; #define __DEFINED_intmax_t #endif @@ -229,6 +140,7 @@ typedef unsigned _Int64 uintmax_t; #define __DEFINED_uintmax_t #endif + #if defined(__NEED_mode_t) && !defined(__DEFINED_mode_t) typedef unsigned mode_t; #define __DEFINED_mode_t @@ -274,6 +186,7 @@ typedef unsigned _Int64 fsfilcnt_t; #define __DEFINED_fsfilcnt_t #endif + #if defined(__NEED_wint_t) && !defined(__DEFINED_wint_t) typedef unsigned wint_t; #define __DEFINED_wint_t @@ -284,8 +197,9 @@ typedef unsigned long wctype_t; #define __DEFINED_wctype_t #endif + #if defined(__NEED_timer_t) && !defined(__DEFINED_timer_t) -typedef void *timer_t; +typedef void * timer_t; #define __DEFINED_timer_t #endif @@ -300,21 +214,16 @@ typedef long clock_t; #endif #if defined(__NEED_struct_timeval) && !defined(__DEFINED_struct_timeval) -struct timeval { - time_t tv_sec; - suseconds_t tv_usec; -}; +struct timeval { time_t tv_sec; suseconds_t tv_usec; }; #define __DEFINED_struct_timeval #endif #if defined(__NEED_struct_timespec) && !defined(__DEFINED_struct_timespec) -struct timespec { - time_t tv_sec; - long tv_nsec; -}; +struct timespec { time_t tv_sec; long tv_nsec; }; #define __DEFINED_struct_timespec #endif + #if defined(__NEED_pid_t) && !defined(__DEFINED_pid_t) typedef int pid_t; #define __DEFINED_pid_t @@ -345,6 +254,7 @@ typedef unsigned useconds_t; #define __DEFINED_useconds_t #endif + #ifdef __cplusplus #if defined(__NEED_pthread_t) && !defined(__DEFINED_pthread_t) typedef unsigned long pthread_t; @@ -353,7 +263,7 @@ typedef unsigned long pthread_t; #else #if defined(__NEED_pthread_t) && !defined(__DEFINED_pthread_t) -typedef struct __pthread *pthread_t; +typedef struct __pthread * pthread_t; #define __DEFINED_pthread_t #endif @@ -374,65 +284,78 @@ typedef int pthread_spinlock_t; #endif #if defined(__NEED_pthread_mutexattr_t) && !defined(__DEFINED_pthread_mutexattr_t) -typedef struct { - unsigned __attr; -} pthread_mutexattr_t; +typedef struct { unsigned __attr; } pthread_mutexattr_t; #define __DEFINED_pthread_mutexattr_t #endif #if defined(__NEED_pthread_condattr_t) && !defined(__DEFINED_pthread_condattr_t) -typedef struct { - unsigned __attr; -} pthread_condattr_t; +typedef struct { unsigned __attr; } pthread_condattr_t; #define __DEFINED_pthread_condattr_t #endif #if defined(__NEED_pthread_barrierattr_t) && !defined(__DEFINED_pthread_barrierattr_t) -typedef struct { - unsigned __attr; -} pthread_barrierattr_t; +typedef struct { unsigned __attr; } pthread_barrierattr_t; #define __DEFINED_pthread_barrierattr_t #endif #if defined(__NEED_pthread_rwlockattr_t) && !defined(__DEFINED_pthread_rwlockattr_t) -typedef struct { - unsigned __attr[2]; -} pthread_rwlockattr_t; +typedef struct { unsigned __attr[2]; } pthread_rwlockattr_t; #define __DEFINED_pthread_rwlockattr_t #endif + +#if defined(__NEED_struct__IO_FILE) && !defined(__DEFINED_struct__IO_FILE) +struct _IO_FILE { char __x; }; +#define __DEFINED_struct__IO_FILE +#endif + #if defined(__NEED_FILE) && !defined(__DEFINED_FILE) typedef struct _IO_FILE FILE; #define __DEFINED_FILE #endif + +#if defined(__NEED_va_list) && !defined(__DEFINED_va_list) +typedef __builtin_va_list va_list; +#define __DEFINED_va_list +#endif + +#if defined(__NEED___isoc_va_list) && !defined(__DEFINED___isoc_va_list) +typedef __builtin_va_list __isoc_va_list; +#define __DEFINED___isoc_va_list +#endif + + #if defined(__NEED_mbstate_t) && !defined(__DEFINED_mbstate_t) -typedef struct __mbstate_t { - unsigned __opaque1, __opaque2; -} mbstate_t; +typedef struct __mbstate_t { unsigned __opaque1, __opaque2; } mbstate_t; #define __DEFINED_mbstate_t #endif + #if defined(__NEED_locale_t) && !defined(__DEFINED_locale_t) -typedef struct __locale_struct *locale_t; +typedef struct __locale_struct * locale_t; #define __DEFINED_locale_t #endif + #if defined(__NEED_sigset_t) && !defined(__DEFINED_sigset_t) -typedef struct __sigset_t { - unsigned long __bits[128 / sizeof(long)]; -} sigset_t; +typedef struct __sigset_t { unsigned long __bits[128/sizeof(long)]; } sigset_t; #define __DEFINED_sigset_t #endif + #if defined(__NEED_struct_iovec) && !defined(__DEFINED_struct_iovec) -struct iovec { - void *iov_base; - size_t iov_len; -}; +struct iovec { void *iov_base; size_t iov_len; }; #define __DEFINED_struct_iovec #endif + +#if defined(__NEED_struct_winsize) && !defined(__DEFINED_struct_winsize) +struct winsize { unsigned short ws_row, ws_col, ws_xpixel, ws_ypixel; }; +#define __DEFINED_struct_winsize +#endif + + #if defined(__NEED_socklen_t) && !defined(__DEFINED_socklen_t) typedef unsigned socklen_t; #define __DEFINED_socklen_t @@ -443,6 +366,43 @@ typedef unsigned short sa_family_t; #define __DEFINED_sa_family_t #endif + +#if defined(__NEED_pthread_attr_t) && !defined(__DEFINED_pthread_attr_t) +typedef struct { union { int __i[sizeof(long)==8?14:9]; volatile int __vi[sizeof(long)==8?14:9]; unsigned long __s[sizeof(long)==8?7:9]; } __u; } pthread_attr_t; +#define __DEFINED_pthread_attr_t +#endif + +#if defined(__NEED_pthread_mutex_t) && !defined(__DEFINED_pthread_mutex_t) +typedef struct { union { int __i[sizeof(long)==8?10:6]; volatile int __vi[sizeof(long)==8?10:6]; volatile void *volatile __p[sizeof(long)==8?5:6]; } __u; } pthread_mutex_t; +#define __DEFINED_pthread_mutex_t +#endif + +#if defined(__NEED_mtx_t) && !defined(__DEFINED_mtx_t) +typedef struct { union { int __i[sizeof(long)==8?10:6]; volatile int __vi[sizeof(long)==8?10:6]; volatile void *volatile __p[sizeof(long)==8?5:6]; } __u; } mtx_t; +#define __DEFINED_mtx_t +#endif + +#if defined(__NEED_pthread_cond_t) && !defined(__DEFINED_pthread_cond_t) +typedef struct { union { int __i[12]; volatile int __vi[12]; void *__p[12*sizeof(int)/sizeof(void*)]; } __u; } pthread_cond_t; +#define __DEFINED_pthread_cond_t +#endif + +#if defined(__NEED_cnd_t) && !defined(__DEFINED_cnd_t) +typedef struct { union { int __i[12]; volatile int __vi[12]; void *__p[12*sizeof(int)/sizeof(void*)]; } __u; } cnd_t; +#define __DEFINED_cnd_t +#endif + +#if defined(__NEED_pthread_rwlock_t) && !defined(__DEFINED_pthread_rwlock_t) +typedef struct { union { int __i[sizeof(long)==8?14:8]; volatile int __vi[sizeof(long)==8?14:8]; void *__p[sizeof(long)==8?7:8]; } __u; } pthread_rwlock_t; +#define __DEFINED_pthread_rwlock_t +#endif + +#if defined(__NEED_pthread_barrier_t) && !defined(__DEFINED_pthread_barrier_t) +typedef struct { union { int __i[sizeof(long)==8?8:5]; volatile int __vi[sizeof(long)==8?8:5]; void *__p[sizeof(long)==8?4:5]; } __u; } pthread_barrier_t; +#define __DEFINED_pthread_barrier_t +#endif + + #undef _Addr #undef _Int64 #undef _Reg diff --git a/thirdparty/open_source/musl/libc/arch/arm/bits/syscall.h b/thirdparty/open_source/musl/libc/arch/arm/bits/syscall.h index 6b128e5..2131e1e 100644 --- a/thirdparty/open_source/musl/libc/arch/arm/bits/syscall.h +++ b/thirdparty/open_source/musl/libc/arch/arm/bits/syscall.h @@ -1,715 +1,810 @@ -#define __NR_restart_syscall 0 -#define __NR_exit 1 -#define __NR_fork 2 -#define __NR_read 3 -#define __NR_write 4 -#define __NR_open 5 -#define __NR_close 6 -#define __NR_creat 8 -#define __NR_link 9 -#define __NR_unlink 10 -#define __NR_execve 11 -#define __NR_chdir 12 -#define __NR_mknod 14 -#define __NR_chmod 15 -#define __NR_lchown 16 -#define __NR_lseek 19 -#define __NR_getpid 20 -#define __NR_mount 21 -#define __NR_setuid 23 -#define __NR_getuid 24 -#define __NR_ptrace 26 -#define __NR_pause 29 -#define __NR_access 33 -#define __NR_nice 34 -#define __NR_sync 36 -#define __NR_kill 37 -#define __NR_rename 38 -#define __NR_mkdir 39 -#define __NR_rmdir 40 -#define __NR_dup 41 -#define __NR_pipe 42 -#define __NR_times 43 -#define __NR_brk 45 -#define __NR_setgid 46 -#define __NR_getgid 47 -#define __NR_geteuid 49 -#define __NR_getegid 50 -#define __NR_acct 51 -#define __NR_umount2 52 -#define __NR_ioctl 54 -#define __NR_fcntl 55 -#define __NR_setpgid 57 -#define __NR_umask 60 -#define __NR_chroot 61 -#define __NR_ustat 62 -#define __NR_dup2 63 -#define __NR_getppid 64 -#define __NR_getpgrp 65 -#define __NR_setsid 66 -#define __NR_sigaction 67 -#define __NR_setreuid 70 -#define __NR_setregid 71 -#define __NR_sigsuspend 72 -#define __NR_sigpending 73 -#define __NR_sethostname 74 -#define __NR_setrlimit 75 -#define __NR_getrusage 77 -#define __NR_gettimeofday 78 -#define __NR_settimeofday 79 -#define __NR_getgroups 80 -#define __NR_setgroups 81 -#define __NR_symlink 83 -#define __NR_readlink 85 -#define __NR_uselib 86 -#define __NR_swapon 87 -#define __NR_reboot 88 -#define __NR_munmap 91 -#define __NR_truncate 92 -#define __NR_ftruncate 93 -#define __NR_fchmod 94 -#define __NR_fchown 95 -#define __NR_getpriority 96 -#define __NR_setpriority 97 -#define __NR_statfs 99 -#define __NR_fstatfs 100 -#define __NR_syslog 103 -#define __NR_setitimer 104 -#define __NR_getitimer 105 -#define __NR_stat 106 -#define __NR_lstat 107 -#define __NR_fstat 108 -#define __NR_vhangup 111 -#define __NR_wait4 114 -#define __NR_swapoff 115 -#define __NR_sysinfo 116 -#define __NR_fsync 118 -#define __NR_sigreturn 119 -#define __NR_clone 120 -#define __NR_setdomainname 121 -#define __NR_uname 122 -#define __NR_adjtimex 124 -#define __NR_mprotect 125 -#define __NR_sigprocmask 126 -#define __NR_init_module 128 -#define __NR_delete_module 129 -#define __NR_quotactl 131 -#define __NR_getpgid 132 -#define __NR_fchdir 133 -#define __NR_bdflush 134 -#define __NR_sysfs 135 -#define __NR_personality 136 -#define __NR_setfsuid 138 -#define __NR_setfsgid 139 -#define __NR__llseek 140 -#define __NR_getdents 141 -#define __NR__newselect 142 -#define __NR_flock 143 -#define __NR_msync 144 -#define __NR_readv 145 -#define __NR_writev 146 -#define __NR_getsid 147 -#define __NR_fdatasync 148 -#define __NR__sysctl 149 -#define __NR_mlock 150 -#define __NR_munlock 151 -#define __NR_mlockall 152 -#define __NR_munlockall 153 -#define __NR_sched_setparam 154 -#define __NR_sched_getparam 155 -#define __NR_sched_setscheduler 156 -#define __NR_sched_getscheduler 157 -#define __NR_sched_yield 158 -#define __NR_sched_get_priority_max 159 -#define __NR_sched_get_priority_min 160 -#define __NR_sched_rr_get_interval 161 -#define __NR_nanosleep 162 -#define __NR_mremap 163 -#define __NR_setresuid 164 -#define __NR_getresuid 165 -#define __NR_poll 168 -#define __NR_nfsservctl 169 -#define __NR_setresgid 170 -#define __NR_getresgid 171 -#define __NR_prctl 172 -#define __NR_rt_sigreturn 173 -#define __NR_rt_sigaction 174 -#define __NR_rt_sigprocmask 175 -#define __NR_rt_sigpending 176 -#define __NR_rt_sigtimedwait 177 -#define __NR_rt_sigqueueinfo 178 -#define __NR_rt_sigsuspend 179 -#define __NR_pread64 180 -#define __NR_pwrite64 181 -#define __NR_chown 182 -#define __NR_getcwd 183 -#define __NR_capget 184 -#define __NR_capset 185 -#define __NR_sigaltstack 186 -#define __NR_sendfile 187 -#define __NR_vfork 190 -#define __NR_ugetrlimit 191 -#define __NR_mmap2 192 -#define __NR_truncate64 193 -#define __NR_ftruncate64 194 -#define __NR_stat64 195 -#define __NR_lstat64 196 -#define __NR_fstat64 197 -#define __NR_lchown32 198 -#define __NR_getuid32 199 -#define __NR_getgid32 200 -#define __NR_geteuid32 201 -#define __NR_getegid32 202 -#define __NR_setreuid32 203 -#define __NR_setregid32 204 -#define __NR_getgroups32 205 -#define __NR_setgroups32 206 -#define __NR_fchown32 207 -#define __NR_setresuid32 208 -#define __NR_getresuid32 209 -#define __NR_setresgid32 210 -#define __NR_getresgid32 211 -#define __NR_chown32 212 -#define __NR_setuid32 213 -#define __NR_setgid32 214 -#define __NR_setfsuid32 215 -#define __NR_setfsgid32 216 -#define __NR_getdents64 217 -#define __NR_pivot_root 218 -#define __NR_mincore 219 -#define __NR_madvise 220 -#define __NR_fcntl64 221 -#define __NR_gettid 224 -#define __NR_readahead 225 -#define __NR_setxattr 226 -#define __NR_lsetxattr 227 -#define __NR_fsetxattr 228 -#define __NR_getxattr 229 -#define __NR_lgetxattr 230 -#define __NR_fgetxattr 231 -#define __NR_listxattr 232 -#define __NR_llistxattr 233 -#define __NR_flistxattr 234 -#define __NR_removexattr 235 -#define __NR_lremovexattr 236 -#define __NR_fremovexattr 237 -#define __NR_tkill 238 -#define __NR_sendfile64 239 -#define __NR_futex 240 -#define __NR_sched_setaffinity 241 -#define __NR_sched_getaffinity 242 -#define __NR_io_setup 243 -#define __NR_io_destroy 244 -#define __NR_io_getevents 245 -#define __NR_io_submit 246 -#define __NR_io_cancel 247 -#define __NR_exit_group 248 -#define __NR_lookup_dcookie 249 -#define __NR_epoll_create 250 -#define __NR_epoll_ctl 251 -#define __NR_epoll_wait 252 -#define __NR_remap_file_pages 253 -#define __NR_set_tid_address 256 -#define __NR_timer_create 257 -#define __NR_timer_settime 258 -#define __NR_timer_gettime 259 -#define __NR_timer_getoverrun 260 -#define __NR_timer_delete 261 -#define __NR_clock_settime 262 -#define __NR_clock_gettime 263 -#define __NR_clock_getres 264 -#define __NR_clock_nanosleep 265 -#define __NR_statfs64 266 -#define __NR_fstatfs64 267 -#define __NR_tgkill 268 -#define __NR_utimes 269 -#define __NR_fadvise64_64 270 -#define __NR_arm_fadvise64_64 270 -#define __NR_pciconfig_iobase 271 -#define __NR_pciconfig_read 272 -#define __NR_pciconfig_write 273 -#define __NR_mq_open 274 -#define __NR_mq_unlink 275 -#define __NR_mq_timedsend 276 -#define __NR_mq_timedreceive 277 -#define __NR_mq_notify 278 -#define __NR_mq_getsetattr 279 -#define __NR_waitid 280 -#define __NR_socket 281 -#define __NR_bind 282 -#define __NR_connect 283 -#define __NR_listen 284 -#define __NR_accept 285 -#define __NR_getsockname 286 -#define __NR_getpeername 287 -#define __NR_socketpair 288 -#define __NR_send 289 -#define __NR_sendto 290 -#define __NR_recv 291 -#define __NR_recvfrom 292 -#define __NR_shutdown 293 -#define __NR_setsockopt 294 -#define __NR_getsockopt 295 -#define __NR_sendmsg 296 -#define __NR_recvmsg 297 -#define __NR_semop 298 -#define __NR_semget 299 -#define __NR_semctl 300 -#define __NR_msgsnd 301 -#define __NR_msgrcv 302 -#define __NR_msgget 303 -#define __NR_msgctl 304 -#define __NR_shmat 305 -#define __NR_shmdt 306 -#define __NR_shmget 307 -#define __NR_shmctl 308 -#define __NR_add_key 309 -#define __NR_request_key 310 -#define __NR_keyctl 311 -#define __NR_semtimedop 312 -#define __NR_vserver 313 -#define __NR_ioprio_set 314 -#define __NR_ioprio_get 315 -#define __NR_inotify_init 316 -#define __NR_inotify_add_watch 317 -#define __NR_inotify_rm_watch 318 -#define __NR_mbind 319 -#define __NR_get_mempolicy 320 -#define __NR_set_mempolicy 321 -#define __NR_openat 322 -#define __NR_mkdirat 323 -#define __NR_mknodat 324 -#define __NR_fchownat 325 -#define __NR_futimesat 326 -#define __NR_fstatat64 327 -#define __NR_unlinkat 328 -#define __NR_renameat 329 -#define __NR_linkat 330 -#define __NR_symlinkat 331 -#define __NR_readlinkat 332 -#define __NR_fchmodat 333 -#define __NR_faccessat 334 -#define __NR_pselect6 335 -#define __NR_ppoll 336 -#define __NR_unshare 337 -#define __NR_set_robust_list 338 -#define __NR_get_robust_list 339 -#define __NR_splice 340 -#define __NR_sync_file_range2 341 -#define __NR_arm_sync_file_range 341 -#define __NR_tee 342 -#define __NR_vmsplice 343 -#define __NR_move_pages 344 -#define __NR_getcpu 345 -#define __NR_epoll_pwait 346 -#define __NR_kexec_load 347 -#define __NR_utimensat 348 -#define __NR_signalfd 349 -#define __NR_timerfd_create 350 -#define __NR_eventfd 351 -#define __NR_fallocate 352 -#define __NR_timerfd_settime 353 -#define __NR_timerfd_gettime 354 -#define __NR_signalfd4 355 -#define __NR_eventfd2 356 -#define __NR_epoll_create1 357 -#define __NR_dup3 358 -#define __NR_pipe2 359 -#define __NR_inotify_init1 360 -#define __NR_preadv 361 -#define __NR_pwritev 362 -#define __NR_rt_tgsigqueueinfo 363 -#define __NR_perf_event_open 364 -#define __NR_recvmmsg 365 -#define __NR_accept4 366 -#define __NR_fanotify_init 367 -#define __NR_fanotify_mark 368 -#define __NR_prlimit64 369 -#define __NR_name_to_handle_at 370 -#define __NR_open_by_handle_at 371 -#define __NR_clock_adjtime 372 -#define __NR_syncfs 373 -#define __NR_sendmmsg 374 -#define __NR_setns 375 -#define __NR_process_vm_readv 376 -#define __NR_process_vm_writev 377 -#define __NR_kcmp 378 -#define __NR_finit_module 379 -#define __NR_sched_setattr 380 -#define __NR_sched_getattr 381 -#define __NR_renameat2 382 -#define __NR_seccomp 383 -#define __NR_getrandom 384 -#define __NR_memfd_create 385 -#define __NR_bpf 386 -#define __NR_execveat 387 -#define __NR_userfaultfd 388 -#define __NR_membarrier 389 -#define __NR_mlock2 390 -#define __NR_copy_file_range 391 -#define __NR_preadv2 392 -#define __NR_pwritev2 393 -#define __NR_pkey_mprotect 394 -#define __NR_pkey_alloc 395 -#define __NR_pkey_free 396 +#define __NR_restart_syscall 0 +#define __NR_exit 1 +#define __NR_fork 2 +#define __NR_read 3 +#define __NR_write 4 +#define __NR_open 5 +#define __NR_close 6 +#define __NR_creat 8 +#define __NR_link 9 +#define __NR_unlink 10 +#define __NR_execve 11 +#define __NR_chdir 12 +#define __NR_mknod 14 +#define __NR_chmod 15 +#define __NR_lchown 16 +#define __NR_lseek 19 +#define __NR_getpid 20 +#define __NR_mount 21 +#define __NR_setuid 23 +#define __NR_getuid 24 +#define __NR_ptrace 26 +#define __NR_pause 29 +#define __NR_access 33 +#define __NR_nice 34 +#define __NR_sync 36 +#define __NR_kill 37 +#define __NR_rename 38 +#define __NR_mkdir 39 +#define __NR_rmdir 40 +#define __NR_dup 41 +#define __NR_pipe 42 +#define __NR_times 43 +#define __NR_brk 45 +#define __NR_setgid 46 +#define __NR_getgid 47 +#define __NR_geteuid 49 +#define __NR_getegid 50 +#define __NR_acct 51 +#define __NR_umount2 52 +#define __NR_ioctl 54 +#define __NR_fcntl 55 +#define __NR_setpgid 57 +#define __NR_umask 60 +#define __NR_chroot 61 +#define __NR_ustat 62 +#define __NR_dup2 63 +#define __NR_getppid 64 +#define __NR_getpgrp 65 +#define __NR_setsid 66 +#define __NR_sigaction 67 +#define __NR_setreuid 70 +#define __NR_setregid 71 +#define __NR_sigsuspend 72 +#define __NR_sigpending 73 +#define __NR_sethostname 74 +#define __NR_setrlimit 75 +#define __NR_getrusage 77 +#define __NR_gettimeofday_time32 78 +#define __NR_settimeofday_time32 79 +#define __NR_getgroups 80 +#define __NR_setgroups 81 +#define __NR_symlink 83 +#define __NR_readlink 85 +#define __NR_uselib 86 +#define __NR_swapon 87 +#define __NR_reboot 88 +#define __NR_munmap 91 +#define __NR_truncate 92 +#define __NR_ftruncate 93 +#define __NR_fchmod 94 +#define __NR_fchown 95 +#define __NR_getpriority 96 +#define __NR_setpriority 97 +#define __NR_statfs 99 +#define __NR_fstatfs 100 +#define __NR_syslog 103 +#define __NR_setitimer 104 +#define __NR_getitimer 105 +#define __NR_stat 106 +#define __NR_lstat 107 +#define __NR_fstat 108 +#define __NR_vhangup 111 +#define __NR_wait4 114 +#define __NR_swapoff 115 +#define __NR_sysinfo 116 +#define __NR_fsync 118 +#define __NR_sigreturn 119 +#define __NR_clone 120 +#define __NR_setdomainname 121 +#define __NR_uname 122 +#define __NR_adjtimex 124 +#define __NR_mprotect 125 +#define __NR_sigprocmask 126 +#define __NR_init_module 128 +#define __NR_delete_module 129 +#define __NR_quotactl 131 +#define __NR_getpgid 132 +#define __NR_fchdir 133 +#define __NR_bdflush 134 +#define __NR_sysfs 135 +#define __NR_personality 136 +#define __NR_setfsuid 138 +#define __NR_setfsgid 139 +#define __NR__llseek 140 +#define __NR_getdents 141 +#define __NR__newselect 142 +#define __NR_flock 143 +#define __NR_msync 144 +#define __NR_readv 145 +#define __NR_writev 146 +#define __NR_getsid 147 +#define __NR_fdatasync 148 +#define __NR__sysctl 149 +#define __NR_mlock 150 +#define __NR_munlock 151 +#define __NR_mlockall 152 +#define __NR_munlockall 153 +#define __NR_sched_setparam 154 +#define __NR_sched_getparam 155 +#define __NR_sched_setscheduler 156 +#define __NR_sched_getscheduler 157 +#define __NR_sched_yield 158 +#define __NR_sched_get_priority_max 159 +#define __NR_sched_get_priority_min 160 +#define __NR_sched_rr_get_interval 161 +#define __NR_nanosleep 162 +#define __NR_mremap 163 +#define __NR_setresuid 164 +#define __NR_getresuid 165 +#define __NR_poll 168 +#define __NR_nfsservctl 169 +#define __NR_setresgid 170 +#define __NR_getresgid 171 +#define __NR_prctl 172 +#define __NR_rt_sigreturn 173 +#define __NR_rt_sigaction 174 +#define __NR_rt_sigprocmask 175 +#define __NR_rt_sigpending 176 +#define __NR_rt_sigtimedwait 177 +#define __NR_rt_sigqueueinfo 178 +#define __NR_rt_sigsuspend 179 +#define __NR_pread64 180 +#define __NR_pwrite64 181 +#define __NR_chown 182 +#define __NR_getcwd 183 +#define __NR_capget 184 +#define __NR_capset 185 +#define __NR_sigaltstack 186 +#define __NR_sendfile 187 +#define __NR_vfork 190 +#define __NR_ugetrlimit 191 +#define __NR_mmap2 192 +#define __NR_truncate64 193 +#define __NR_ftruncate64 194 +#define __NR_stat64 195 +#define __NR_lstat64 196 +#define __NR_fstat64 197 +#define __NR_lchown32 198 +#define __NR_getuid32 199 +#define __NR_getgid32 200 +#define __NR_geteuid32 201 +#define __NR_getegid32 202 +#define __NR_setreuid32 203 +#define __NR_setregid32 204 +#define __NR_getgroups32 205 +#define __NR_setgroups32 206 +#define __NR_fchown32 207 +#define __NR_setresuid32 208 +#define __NR_getresuid32 209 +#define __NR_setresgid32 210 +#define __NR_getresgid32 211 +#define __NR_chown32 212 +#define __NR_setuid32 213 +#define __NR_setgid32 214 +#define __NR_setfsuid32 215 +#define __NR_setfsgid32 216 +#define __NR_getdents64 217 +#define __NR_pivot_root 218 +#define __NR_mincore 219 +#define __NR_madvise 220 +#define __NR_fcntl64 221 +#define __NR_gettid 224 +#define __NR_readahead 225 +#define __NR_setxattr 226 +#define __NR_lsetxattr 227 +#define __NR_fsetxattr 228 +#define __NR_getxattr 229 +#define __NR_lgetxattr 230 +#define __NR_fgetxattr 231 +#define __NR_listxattr 232 +#define __NR_llistxattr 233 +#define __NR_flistxattr 234 +#define __NR_removexattr 235 +#define __NR_lremovexattr 236 +#define __NR_fremovexattr 237 +#define __NR_tkill 238 +#define __NR_sendfile64 239 +#define __NR_futex 240 +#define __NR_sched_setaffinity 241 +#define __NR_sched_getaffinity 242 +#define __NR_io_setup 243 +#define __NR_io_destroy 244 +#define __NR_io_getevents 245 +#define __NR_io_submit 246 +#define __NR_io_cancel 247 +#define __NR_exit_group 248 +#define __NR_lookup_dcookie 249 +#define __NR_epoll_create 250 +#define __NR_epoll_ctl 251 +#define __NR_epoll_wait 252 +#define __NR_remap_file_pages 253 +#define __NR_set_tid_address 256 +#define __NR_timer_create 257 +#define __NR_timer_settime32 258 +#define __NR_timer_gettime32 259 +#define __NR_timer_getoverrun 260 +#define __NR_timer_delete 261 +#define __NR_clock_settime32 262 +#define __NR_clock_gettime32 263 +#define __NR_clock_getres_time32 264 +#define __NR_clock_nanosleep_time32 265 +#define __NR_statfs64 266 +#define __NR_fstatfs64 267 +#define __NR_tgkill 268 +#define __NR_utimes 269 +#define __NR_fadvise64_64 270 +#define __NR_arm_fadvise64_64 270 +#define __NR_pciconfig_iobase 271 +#define __NR_pciconfig_read 272 +#define __NR_pciconfig_write 273 +#define __NR_mq_open 274 +#define __NR_mq_unlink 275 +#define __NR_mq_timedsend 276 +#define __NR_mq_timedreceive 277 +#define __NR_mq_notify 278 +#define __NR_mq_getsetattr 279 +#define __NR_waitid 280 +#define __NR_socket 281 +#define __NR_bind 282 +#define __NR_connect 283 +#define __NR_listen 284 +#define __NR_accept 285 +#define __NR_getsockname 286 +#define __NR_getpeername 287 +#define __NR_socketpair 288 +#define __NR_send 289 +#define __NR_sendto 290 +#define __NR_recv 291 +#define __NR_recvfrom 292 +#define __NR_shutdown 293 +#define __NR_setsockopt 294 +#define __NR_getsockopt 295 +#define __NR_sendmsg 296 +#define __NR_recvmsg 297 +#define __NR_semop 298 +#define __NR_semget 299 +#define __NR_semctl 300 +#define __NR_msgsnd 301 +#define __NR_msgrcv 302 +#define __NR_msgget 303 +#define __NR_msgctl 304 +#define __NR_shmat 305 +#define __NR_shmdt 306 +#define __NR_shmget 307 +#define __NR_shmctl 308 +#define __NR_add_key 309 +#define __NR_request_key 310 +#define __NR_keyctl 311 +#define __NR_semtimedop 312 +#define __NR_vserver 313 +#define __NR_ioprio_set 314 +#define __NR_ioprio_get 315 +#define __NR_inotify_init 316 +#define __NR_inotify_add_watch 317 +#define __NR_inotify_rm_watch 318 +#define __NR_mbind 319 +#define __NR_get_mempolicy 320 +#define __NR_set_mempolicy 321 +#define __NR_openat 322 +#define __NR_mkdirat 323 +#define __NR_mknodat 324 +#define __NR_fchownat 325 +#define __NR_futimesat 326 +#define __NR_fstatat64 327 +#define __NR_unlinkat 328 +#define __NR_renameat 329 +#define __NR_linkat 330 +#define __NR_symlinkat 331 +#define __NR_readlinkat 332 +#define __NR_fchmodat 333 +#define __NR_faccessat 334 +#define __NR_pselect6 335 +#define __NR_ppoll 336 +#define __NR_unshare 337 +#define __NR_set_robust_list 338 +#define __NR_get_robust_list 339 +#define __NR_splice 340 +#define __NR_sync_file_range2 341 +#define __NR_arm_sync_file_range 341 +#define __NR_tee 342 +#define __NR_vmsplice 343 +#define __NR_move_pages 344 +#define __NR_getcpu 345 +#define __NR_epoll_pwait 346 +#define __NR_kexec_load 347 +#define __NR_utimensat 348 +#define __NR_signalfd 349 +#define __NR_timerfd_create 350 +#define __NR_eventfd 351 +#define __NR_fallocate 352 +#define __NR_timerfd_settime32 353 +#define __NR_timerfd_gettime32 354 +#define __NR_signalfd4 355 +#define __NR_eventfd2 356 +#define __NR_epoll_create1 357 +#define __NR_dup3 358 +#define __NR_pipe2 359 +#define __NR_inotify_init1 360 +#define __NR_preadv 361 +#define __NR_pwritev 362 +#define __NR_rt_tgsigqueueinfo 363 +#define __NR_perf_event_open 364 +#define __NR_recvmmsg 365 +#define __NR_accept4 366 +#define __NR_fanotify_init 367 +#define __NR_fanotify_mark 368 +#define __NR_prlimit64 369 +#define __NR_name_to_handle_at 370 +#define __NR_open_by_handle_at 371 +#define __NR_clock_adjtime 372 +#define __NR_syncfs 373 +#define __NR_sendmmsg 374 +#define __NR_setns 375 +#define __NR_process_vm_readv 376 +#define __NR_process_vm_writev 377 +#define __NR_kcmp 378 +#define __NR_finit_module 379 +#define __NR_sched_setattr 380 +#define __NR_sched_getattr 381 +#define __NR_renameat2 382 +#define __NR_seccomp 383 +#define __NR_getrandom 384 +#define __NR_memfd_create 385 +#define __NR_bpf 386 +#define __NR_execveat 387 +#define __NR_userfaultfd 388 +#define __NR_membarrier 389 +#define __NR_mlock2 390 +#define __NR_copy_file_range 391 +#define __NR_preadv2 392 +#define __NR_pwritev2 393 +#define __NR_pkey_mprotect 394 +#define __NR_pkey_alloc 395 +#define __NR_pkey_free 396 +#define __NR_statx 397 +#define __NR_rseq 398 +#define __NR_io_pgetevents 399 +#define __NR_migrate_pages 400 +#define __NR_kexec_file_load 401 +#define __NR_clock_gettime64 403 +#define __NR_clock_settime64 404 +#define __NR_clock_adjtime64 405 +#define __NR_clock_getres_time64 406 +#define __NR_clock_nanosleep_time64 407 +#define __NR_timer_gettime64 408 +#define __NR_timer_settime64 409 +#define __NR_timerfd_gettime64 410 +#define __NR_timerfd_settime64 411 +#define __NR_utimensat_time64 412 +#define __NR_pselect6_time64 413 +#define __NR_ppoll_time64 414 +#define __NR_io_pgetevents_time64 416 +#define __NR_recvmmsg_time64 417 +#define __NR_mq_timedsend_time64 418 +#define __NR_mq_timedreceive_time64 419 +#define __NR_semtimedop_time64 420 +#define __NR_rt_sigtimedwait_time64 421 +#define __NR_futex_time64 422 +#define __NR_sched_rr_get_interval_time64 423 +#define __NR_pidfd_send_signal 424 +#define __NR_io_uring_setup 425 +#define __NR_io_uring_enter 426 +#define __NR_io_uring_register 427 +#define __NR_open_tree 428 +#define __NR_move_mount 429 +#define __NR_fsopen 430 +#define __NR_fsconfig 431 +#define __NR_fsmount 432 +#define __NR_fspick 433 +#define __NR_pidfd_open 434 +#define __NR_clone3 435 +#define __NR_close_range 436 +#define __NR_openat2 437 +#define __NR_pidfd_getfd 438 +#define __NR_faccessat2 439 +#define __NR_process_madvise 440 +#define __NR_epoll_pwait2 441 +#define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 -#define __ARM_NR_breakpoint 0x0f0001 -#define __ARM_NR_cacheflush 0x0f0002 -#define __ARM_NR_usr26 0x0f0003 -#define __ARM_NR_usr32 0x0f0004 -#define __ARM_NR_set_tls 0x0f0005 +#define __ARM_NR_breakpoint 0x0f0001 +#define __ARM_NR_cacheflush 0x0f0002 +#define __ARM_NR_usr26 0x0f0003 +#define __ARM_NR_usr32 0x0f0004 +#define __ARM_NR_set_tls 0x0f0005 +#define __ARM_NR_get_tls 0x0f0006 -#define SYS_restart_syscall 0 -#define SYS_exit 1 -#define SYS_fork 2 -#define SYS_read 3 -#define SYS_write 4 -#define SYS_open 5 -#define SYS_close 6 -#define SYS_creat 8 -#define SYS_link 9 -#define SYS_unlink 10 -#define SYS_execve 11 -#define SYS_chdir 12 -#define SYS_mknod 14 -#define SYS_chmod 15 -#define SYS_lchown 16 -#define SYS_lseek 19 -#define SYS_getpid 20 -#define SYS_mount 21 -#define SYS_setuid 23 -#define SYS_getuid 24 -#define SYS_ptrace 26 -#define SYS_pause 29 -#define SYS_access 33 -#define SYS_nice 34 -#define SYS_sync 36 -#define SYS_kill 37 -#define SYS_rename 38 -#define SYS_mkdir 39 -#define SYS_rmdir 40 -#define SYS_dup 41 -#define SYS_pipe 42 -#define SYS_times 43 -#define SYS_brk 45 -#define SYS_setgid 46 -#define SYS_getgid 47 -#define SYS_geteuid 49 -#define SYS_getegid 50 -#define SYS_acct 51 -#define SYS_umount2 52 -#define SYS_ioctl 54 -#define SYS_fcntl 55 -#define SYS_setpgid 57 -#define SYS_umask 60 -#define SYS_chroot 61 -#define SYS_ustat 62 -#define SYS_dup2 63 -#define SYS_getppid 64 -#define SYS_getpgrp 65 -#define SYS_setsid 66 -#define SYS_sigaction 67 -#define SYS_setreuid 70 -#define SYS_setregid 71 -#define SYS_sigsuspend 72 -#define SYS_sigpending 73 -#define SYS_sethostname 74 -#define SYS_setrlimit 75 -#define SYS_getrusage 77 -#define SYS_gettimeofday 78 -#define SYS_settimeofday 79 -#define SYS_getgroups 80 -#define SYS_setgroups 81 -#define SYS_symlink 83 -#define SYS_readlink 85 -#define SYS_uselib 86 -#define SYS_swapon 87 -#define SYS_reboot 88 -#define SYS_munmap 91 -#define SYS_truncate 92 -#define SYS_ftruncate 93 -#define SYS_fchmod 94 -#define SYS_fchown 95 -#define SYS_getpriority 96 -#define SYS_setpriority 97 -#define SYS_statfs 99 -#define SYS_fstatfs 100 -#define SYS_syslog 103 -#define SYS_setitimer 104 -#define SYS_getitimer 105 -#define SYS_stat 106 -#define SYS_lstat 107 -#define SYS_fstat 108 -#define SYS_vhangup 111 -#define SYS_wait4 114 -#define SYS_swapoff 115 -#define SYS_sysinfo 116 -#define SYS_fsync 118 -#define SYS_sigreturn 119 -#define SYS_clone 120 -#define SYS_setdomainname 121 -#define SYS_uname 122 -#define SYS_adjtimex 124 -#define SYS_mprotect 125 -#define SYS_sigprocmask 126 -#define SYS_init_module 128 -#define SYS_delete_module 129 -#define SYS_quotactl 131 -#define SYS_getpgid 132 -#define SYS_fchdir 133 -#define SYS_bdflush 134 -#define SYS_sysfs 135 -#define SYS_personality 136 -#define SYS_setfsuid 138 -#define SYS_setfsgid 139 -#define SYS__llseek 140 -#define SYS_getdents 141 -#define SYS__newselect 142 -#define SYS_flock 143 -#define SYS_msync 144 -#define SYS_readv 145 -#define SYS_writev 146 -#define SYS_getsid 147 -#define SYS_fdatasync 148 -#define SYS__sysctl 149 -#define SYS_mlock 150 -#define SYS_munlock 151 -#define SYS_mlockall 152 -#define SYS_munlockall 153 -#define SYS_sched_setparam 154 -#define SYS_sched_getparam 155 -#define SYS_sched_setscheduler 156 -#define SYS_sched_getscheduler 157 -#define SYS_sched_yield 158 -#define SYS_sched_get_priority_max 159 -#define SYS_sched_get_priority_min 160 -#define SYS_sched_rr_get_interval 161 -#define SYS_nanosleep 162 -#define SYS_mremap 163 -#define SYS_setresuid 164 -#define SYS_getresuid 165 -#define SYS_poll 168 -#define SYS_nfsservctl 169 -#define SYS_setresgid 170 -#define SYS_getresgid 171 -#define SYS_prctl 172 -#define SYS_rt_sigreturn 173 -#define SYS_rt_sigaction 174 -#define SYS_rt_sigprocmask 175 -#define SYS_rt_sigpending 176 -#define SYS_rt_sigtimedwait 177 -#define SYS_rt_sigqueueinfo 178 -#define SYS_rt_sigsuspend 179 -#define SYS_pread64 180 -#define SYS_pwrite64 181 -#define SYS_chown 182 -#define SYS_getcwd 183 -#define SYS_capget 184 -#define SYS_capset 185 -#define SYS_sigaltstack 186 -#define SYS_sendfile 187 -#define SYS_vfork 190 -#define SYS_ugetrlimit 191 -#define SYS_mmap2 192 -#define SYS_truncate64 193 -#define SYS_ftruncate64 194 -#define SYS_stat64 195 -#define SYS_lstat64 196 -#define SYS_fstat64 197 -#define SYS_lchown32 198 -#define SYS_getuid32 199 -#define SYS_getgid32 200 -#define SYS_geteuid32 201 -#define SYS_getegid32 202 -#define SYS_setreuid32 203 -#define SYS_setregid32 204 -#define SYS_getgroups32 205 -#define SYS_setgroups32 206 -#define SYS_fchown32 207 -#define SYS_setresuid32 208 -#define SYS_getresuid32 209 -#define SYS_setresgid32 210 -#define SYS_getresgid32 211 -#define SYS_chown32 212 -#define SYS_setuid32 213 -#define SYS_setgid32 214 -#define SYS_setfsuid32 215 -#define SYS_setfsgid32 216 -#define SYS_getdents64 217 -#define SYS_pivot_root 218 -#define SYS_mincore 219 -#define SYS_madvise 220 -#define SYS_fcntl64 221 -#define SYS_gettid 224 -#define SYS_readahead 225 -#define SYS_setxattr 226 -#define SYS_lsetxattr 227 -#define SYS_fsetxattr 228 -#define SYS_getxattr 229 -#define SYS_lgetxattr 230 -#define SYS_fgetxattr 231 -#define SYS_listxattr 232 -#define SYS_llistxattr 233 -#define SYS_flistxattr 234 -#define SYS_removexattr 235 -#define SYS_lremovexattr 236 -#define SYS_fremovexattr 237 -#define SYS_tkill 238 -#define SYS_sendfile64 239 -#define SYS_futex 240 -#define SYS_sched_setaffinity 241 -#define SYS_sched_getaffinity 242 -#define SYS_io_setup 243 -#define SYS_io_destroy 244 -#define SYS_io_getevents 245 -#define SYS_io_submit 246 -#define SYS_io_cancel 247 -#define SYS_exit_group 248 -#define SYS_lookup_dcookie 249 -#define SYS_epoll_create 250 -#define SYS_epoll_ctl 251 -#define SYS_epoll_wait 252 -#define SYS_remap_file_pages 253 -#define SYS_set_tid_address 256 -#define SYS_timer_create 257 -#define SYS_timer_settime 258 -#define SYS_timer_gettime 259 -#define SYS_timer_getoverrun 260 -#define SYS_timer_delete 261 -#define SYS_clock_settime 262 -#define SYS_clock_gettime 263 -#define SYS_clock_getres 264 -#define SYS_clock_nanosleep 265 -#define SYS_statfs64 266 -#define SYS_fstatfs64 267 -#define SYS_tgkill 268 -#define SYS_utimes 269 -#define SYS_fadvise64_64 270 -#define SYS_arm_fadvise64_64 270 -#define SYS_pciconfig_iobase 271 -#define SYS_pciconfig_read 272 -#define SYS_pciconfig_write 273 -#define SYS_mq_open 274 -#define SYS_mq_unlink 275 -#define SYS_mq_timedsend 276 -#define SYS_mq_timedreceive 277 -#define SYS_mq_notify 278 -#define SYS_mq_getsetattr 279 -#define SYS_waitid 280 -#define SYS_socket 281 -#define SYS_bind 282 -#define SYS_connect 283 -#define SYS_listen 284 -#define SYS_accept 285 -#define SYS_getsockname 286 -#define SYS_getpeername 287 -#define SYS_socketpair 288 -#define SYS_send 289 -#define SYS_sendto 290 -#define SYS_recv 291 -#define SYS_recvfrom 292 -#define SYS_shutdown 293 -#define SYS_setsockopt 294 -#define SYS_getsockopt 295 -#define SYS_sendmsg 296 -#define SYS_recvmsg 297 -#define SYS_semop 298 -#define SYS_semget 299 -#define SYS_semctl 300 -#define SYS_msgsnd 301 -#define SYS_msgrcv 302 -#define SYS_msgget 303 -#define SYS_msgctl 304 -#define SYS_shmat 305 -#define SYS_shmdt 306 -#define SYS_shmget 307 -#define SYS_shmctl 308 -#define SYS_add_key 309 -#define SYS_request_key 310 -#define SYS_keyctl 311 -#define SYS_semtimedop 312 -#define SYS_vserver 313 -#define SYS_ioprio_set 314 -#define SYS_ioprio_get 315 -#define SYS_inotify_init 316 -#define SYS_inotify_add_watch 317 -#define SYS_inotify_rm_watch 318 -#define SYS_mbind 319 -#define SYS_get_mempolicy 320 -#define SYS_set_mempolicy 321 -#define SYS_openat 322 -#define SYS_mkdirat 323 -#define SYS_mknodat 324 -#define SYS_fchownat 325 -#define SYS_futimesat 326 -#define SYS_fstatat64 327 -#define SYS_unlinkat 328 -#define SYS_renameat 329 -#define SYS_linkat 330 -#define SYS_symlinkat 331 -#define SYS_readlinkat 332 -#define SYS_fchmodat 333 -#define SYS_faccessat 334 -#define SYS_pselect6 335 -#define SYS_ppoll 336 -#define SYS_unshare 337 -#define SYS_set_robust_list 338 -#define SYS_get_robust_list 339 -#define SYS_splice 340 -#define SYS_sync_file_range2 341 -#define SYS_arm_sync_file_range 341 -#define SYS_tee 342 -#define SYS_vmsplice 343 -#define SYS_move_pages 344 -#define SYS_getcpu 345 -#define SYS_epoll_pwait 346 -#define SYS_kexec_load 347 -#define SYS_utimensat 348 -#define SYS_signalfd 349 -#define SYS_timerfd_create 350 -#define SYS_eventfd 351 -#define SYS_fallocate 352 -#define SYS_timerfd_settime 353 -#define SYS_timerfd_gettime 354 -#define SYS_signalfd4 355 -#define SYS_eventfd2 356 -#define SYS_epoll_create1 357 -#define SYS_dup3 358 -#define SYS_pipe2 359 -#define SYS_inotify_init1 360 -#define SYS_preadv 361 -#define SYS_pwritev 362 -#define SYS_rt_tgsigqueueinfo 363 -#define SYS_perf_event_open 364 -#define SYS_recvmmsg 365 -#define SYS_accept4 366 -#define SYS_fanotify_init 367 -#define SYS_fanotify_mark 368 -#define SYS_prlimit64 369 -#define SYS_name_to_handle_at 370 -#define SYS_open_by_handle_at 371 -#define SYS_clock_adjtime 372 -#define SYS_syncfs 373 -#define SYS_sendmmsg 374 -#define SYS_setns 375 -#define SYS_process_vm_readv 376 -#define SYS_process_vm_writev 377 -#define SYS_kcmp 378 -#define SYS_finit_module 379 -#define SYS_sched_setattr 380 -#define SYS_sched_getattr 381 -#define SYS_renameat2 382 -#define SYS_seccomp 383 -#define SYS_getrandom 384 -#define SYS_memfd_create 385 -#define SYS_bpf 386 -#define SYS_execveat 387 -#define SYS_userfaultfd 388 -#define SYS_membarrier 389 -#define SYS_mlock2 390 -#define SYS_copy_file_range 391 -#define SYS_preadv2 392 -#define SYS_pwritev2 393 -#define SYS_pkey_mprotect 394 -#define SYS_pkey_alloc 395 -#define SYS_pkey_free 396 +#define SYS_restart_syscall 0 +#define SYS_exit 1 +#define SYS_fork 2 +#define SYS_read 3 +#define SYS_write 4 +#define SYS_open 5 +#define SYS_close 6 +#define SYS_creat 8 +#define SYS_link 9 +#define SYS_unlink 10 +#define SYS_execve 11 +#define SYS_chdir 12 +#define SYS_mknod 14 +#define SYS_chmod 15 +#define SYS_lchown 16 +#define SYS_lseek 19 +#define SYS_getpid 20 +#define SYS_mount 21 +#define SYS_setuid 23 +#define SYS_getuid 24 +#define SYS_ptrace 26 +#define SYS_pause 29 +#define SYS_access 33 +#define SYS_nice 34 +#define SYS_sync 36 +#define SYS_kill 37 +#define SYS_rename 38 +#define SYS_mkdir 39 +#define SYS_rmdir 40 +#define SYS_dup 41 +#define SYS_pipe 42 +#define SYS_times 43 +#define SYS_brk 45 +#define SYS_setgid 46 +#define SYS_getgid 47 +#define SYS_geteuid 49 +#define SYS_getegid 50 +#define SYS_acct 51 +#define SYS_umount2 52 +#define SYS_ioctl 54 +#define SYS_fcntl 55 +#define SYS_setpgid 57 +#define SYS_umask 60 +#define SYS_chroot 61 +#define SYS_ustat 62 +#define SYS_dup2 63 +#define SYS_getppid 64 +#define SYS_getpgrp 65 +#define SYS_setsid 66 +#define SYS_sigaction 67 +#define SYS_setreuid 70 +#define SYS_setregid 71 +#define SYS_sigsuspend 72 +#define SYS_sigpending 73 +#define SYS_sethostname 74 +#define SYS_setrlimit 75 +#define SYS_getrusage 77 +#define SYS_gettimeofday_time32 78 +#define SYS_settimeofday_time32 79 +#define SYS_getgroups 80 +#define SYS_setgroups 81 +#define SYS_symlink 83 +#define SYS_readlink 85 +#define SYS_uselib 86 +#define SYS_swapon 87 +#define SYS_reboot 88 +#define SYS_munmap 91 +#define SYS_truncate 92 +#define SYS_ftruncate 93 +#define SYS_fchmod 94 +#define SYS_fchown 95 +#define SYS_getpriority 96 +#define SYS_setpriority 97 +#define SYS_statfs 99 +#define SYS_fstatfs 100 +#define SYS_syslog 103 +#define SYS_setitimer 104 +#define SYS_getitimer 105 +#define SYS_stat 106 +#define SYS_lstat 107 +#define SYS_fstat 108 +#define SYS_vhangup 111 +#define SYS_wait4 114 +#define SYS_swapoff 115 +#define SYS_sysinfo 116 +#define SYS_fsync 118 +#define SYS_sigreturn 119 +#define SYS_clone 120 +#define SYS_setdomainname 121 +#define SYS_uname 122 +#define SYS_adjtimex 124 +#define SYS_mprotect 125 +#define SYS_sigprocmask 126 +#define SYS_init_module 128 +#define SYS_delete_module 129 +#define SYS_quotactl 131 +#define SYS_getpgid 132 +#define SYS_fchdir 133 +#define SYS_bdflush 134 +#define SYS_sysfs 135 +#define SYS_personality 136 +#define SYS_setfsuid 138 +#define SYS_setfsgid 139 +#define SYS__llseek 140 +#define SYS_getdents 141 +#define SYS__newselect 142 +#define SYS_flock 143 +#define SYS_msync 144 +#define SYS_readv 145 +#define SYS_writev 146 +#define SYS_getsid 147 +#define SYS_fdatasync 148 +#define SYS__sysctl 149 +#define SYS_mlock 150 +#define SYS_munlock 151 +#define SYS_mlockall 152 +#define SYS_munlockall 153 +#define SYS_sched_setparam 154 +#define SYS_sched_getparam 155 +#define SYS_sched_setscheduler 156 +#define SYS_sched_getscheduler 157 +#define SYS_sched_yield 158 +#define SYS_sched_get_priority_max 159 +#define SYS_sched_get_priority_min 160 +#define SYS_sched_rr_get_interval 161 +#define SYS_nanosleep 162 +#define SYS_mremap 163 +#define SYS_setresuid 164 +#define SYS_getresuid 165 +#define SYS_poll 168 +#define SYS_nfsservctl 169 +#define SYS_setresgid 170 +#define SYS_getresgid 171 +#define SYS_prctl 172 +#define SYS_rt_sigreturn 173 +#define SYS_rt_sigaction 174 +#define SYS_rt_sigprocmask 175 +#define SYS_rt_sigpending 176 +#define SYS_rt_sigtimedwait 177 +#define SYS_rt_sigqueueinfo 178 +#define SYS_rt_sigsuspend 179 +#define SYS_pread64 180 +#define SYS_pwrite64 181 +#define SYS_chown 182 +#define SYS_getcwd 183 +#define SYS_capget 184 +#define SYS_capset 185 +#define SYS_sigaltstack 186 +#define SYS_sendfile 187 +#define SYS_vfork 190 +#define SYS_ugetrlimit 191 +#define SYS_mmap2 192 +#define SYS_truncate64 193 +#define SYS_ftruncate64 194 +#define SYS_stat64 195 +#define SYS_lstat64 196 +#define SYS_fstat64 197 +#define SYS_lchown32 198 +#define SYS_getuid32 199 +#define SYS_getgid32 200 +#define SYS_geteuid32 201 +#define SYS_getegid32 202 +#define SYS_setreuid32 203 +#define SYS_setregid32 204 +#define SYS_getgroups32 205 +#define SYS_setgroups32 206 +#define SYS_fchown32 207 +#define SYS_setresuid32 208 +#define SYS_getresuid32 209 +#define SYS_setresgid32 210 +#define SYS_getresgid32 211 +#define SYS_chown32 212 +#define SYS_setuid32 213 +#define SYS_setgid32 214 +#define SYS_setfsuid32 215 +#define SYS_setfsgid32 216 +#define SYS_getdents64 217 +#define SYS_pivot_root 218 +#define SYS_mincore 219 +#define SYS_madvise 220 +#define SYS_fcntl64 221 +#define SYS_gettid 224 +#define SYS_readahead 225 +#define SYS_setxattr 226 +#define SYS_lsetxattr 227 +#define SYS_fsetxattr 228 +#define SYS_getxattr 229 +#define SYS_lgetxattr 230 +#define SYS_fgetxattr 231 +#define SYS_listxattr 232 +#define SYS_llistxattr 233 +#define SYS_flistxattr 234 +#define SYS_removexattr 235 +#define SYS_lremovexattr 236 +#define SYS_fremovexattr 237 +#define SYS_tkill 238 +#define SYS_sendfile64 239 +#define SYS_futex 240 +#define SYS_sched_setaffinity 241 +#define SYS_sched_getaffinity 242 +#define SYS_io_setup 243 +#define SYS_io_destroy 244 +#define SYS_io_getevents 245 +#define SYS_io_submit 246 +#define SYS_io_cancel 247 +#define SYS_exit_group 248 +#define SYS_lookup_dcookie 249 +#define SYS_epoll_create 250 +#define SYS_epoll_ctl 251 +#define SYS_epoll_wait 252 +#define SYS_remap_file_pages 253 +#define SYS_set_tid_address 256 +#define SYS_timer_create 257 +#define SYS_timer_settime32 258 +#define SYS_timer_gettime32 259 +#define SYS_timer_getoverrun 260 +#define SYS_timer_delete 261 +#define SYS_clock_settime32 262 +#define SYS_clock_gettime32 263 +#define SYS_clock_getres_time32 264 +#define SYS_clock_nanosleep_time32 265 +#define SYS_statfs64 266 +#define SYS_fstatfs64 267 +#define SYS_tgkill 268 +#define SYS_utimes 269 +#define SYS_fadvise64_64 270 +#define SYS_arm_fadvise64_64 270 +#define SYS_pciconfig_iobase 271 +#define SYS_pciconfig_read 272 +#define SYS_pciconfig_write 273 +#define SYS_mq_open 274 +#define SYS_mq_unlink 275 +#define SYS_mq_timedsend 276 +#define SYS_mq_timedreceive 277 +#define SYS_mq_notify 278 +#define SYS_mq_getsetattr 279 +#define SYS_waitid 280 +#define SYS_socket 281 +#define SYS_bind 282 +#define SYS_connect 283 +#define SYS_listen 284 +#define SYS_accept 285 +#define SYS_getsockname 286 +#define SYS_getpeername 287 +#define SYS_socketpair 288 +#define SYS_send 289 +#define SYS_sendto 290 +#define SYS_recv 291 +#define SYS_recvfrom 292 +#define SYS_shutdown 293 +#define SYS_setsockopt 294 +#define SYS_getsockopt 295 +#define SYS_sendmsg 296 +#define SYS_recvmsg 297 +#define SYS_semop 298 +#define SYS_semget 299 +#define SYS_semctl 300 +#define SYS_msgsnd 301 +#define SYS_msgrcv 302 +#define SYS_msgget 303 +#define SYS_msgctl 304 +#define SYS_shmat 305 +#define SYS_shmdt 306 +#define SYS_shmget 307 +#define SYS_shmctl 308 +#define SYS_add_key 309 +#define SYS_request_key 310 +#define SYS_keyctl 311 +#define SYS_semtimedop 312 +#define SYS_vserver 313 +#define SYS_ioprio_set 314 +#define SYS_ioprio_get 315 +#define SYS_inotify_init 316 +#define SYS_inotify_add_watch 317 +#define SYS_inotify_rm_watch 318 +#define SYS_mbind 319 +#define SYS_get_mempolicy 320 +#define SYS_set_mempolicy 321 +#define SYS_openat 322 +#define SYS_mkdirat 323 +#define SYS_mknodat 324 +#define SYS_fchownat 325 +#define SYS_futimesat 326 +#define SYS_fstatat64 327 +#define SYS_unlinkat 328 +#define SYS_renameat 329 +#define SYS_linkat 330 +#define SYS_symlinkat 331 +#define SYS_readlinkat 332 +#define SYS_fchmodat 333 +#define SYS_faccessat 334 +#define SYS_pselect6 335 +#define SYS_ppoll 336 +#define SYS_unshare 337 +#define SYS_set_robust_list 338 +#define SYS_get_robust_list 339 +#define SYS_splice 340 +#define SYS_sync_file_range2 341 +#define SYS_arm_sync_file_range 341 +#define SYS_tee 342 +#define SYS_vmsplice 343 +#define SYS_move_pages 344 +#define SYS_getcpu 345 +#define SYS_epoll_pwait 346 +#define SYS_kexec_load 347 +#define SYS_utimensat 348 +#define SYS_signalfd 349 +#define SYS_timerfd_create 350 +#define SYS_eventfd 351 +#define SYS_fallocate 352 +#define SYS_timerfd_settime32 353 +#define SYS_timerfd_gettime32 354 +#define SYS_signalfd4 355 +#define SYS_eventfd2 356 +#define SYS_epoll_create1 357 +#define SYS_dup3 358 +#define SYS_pipe2 359 +#define SYS_inotify_init1 360 +#define SYS_preadv 361 +#define SYS_pwritev 362 +#define SYS_rt_tgsigqueueinfo 363 +#define SYS_perf_event_open 364 +#define SYS_recvmmsg 365 +#define SYS_accept4 366 +#define SYS_fanotify_init 367 +#define SYS_fanotify_mark 368 +#define SYS_prlimit64 369 +#define SYS_name_to_handle_at 370 +#define SYS_open_by_handle_at 371 +#define SYS_clock_adjtime 372 +#define SYS_syncfs 373 +#define SYS_sendmmsg 374 +#define SYS_setns 375 +#define SYS_process_vm_readv 376 +#define SYS_process_vm_writev 377 +#define SYS_kcmp 378 +#define SYS_finit_module 379 +#define SYS_sched_setattr 380 +#define SYS_sched_getattr 381 +#define SYS_renameat2 382 +#define SYS_seccomp 383 +#define SYS_getrandom 384 +#define SYS_memfd_create 385 +#define SYS_bpf 386 +#define SYS_execveat 387 +#define SYS_userfaultfd 388 +#define SYS_membarrier 389 +#define SYS_mlock2 390 +#define SYS_copy_file_range 391 +#define SYS_preadv2 392 +#define SYS_pwritev2 393 +#define SYS_pkey_mprotect 394 +#define SYS_pkey_alloc 395 +#define SYS_pkey_free 396 +#define SYS_statx 397 +#define SYS_rseq 398 +#define SYS_io_pgetevents 399 +#define SYS_migrate_pages 400 +#define SYS_kexec_file_load 401 +#define SYS_clock_gettime64 403 +#define SYS_clock_settime64 404 +#define SYS_clock_adjtime64 405 +#define SYS_clock_getres_time64 406 +#define SYS_clock_nanosleep_time64 407 +#define SYS_timer_gettime64 408 +#define SYS_timer_settime64 409 +#define SYS_timerfd_gettime64 410 +#define SYS_timerfd_settime64 411 +#define SYS_utimensat_time64 412 +#define SYS_pselect6_time64 413 +#define SYS_ppoll_time64 414 +#define SYS_io_pgetevents_time64 416 +#define SYS_recvmmsg_time64 417 +#define SYS_mq_timedsend_time64 418 +#define SYS_mq_timedreceive_time64 419 +#define SYS_semtimedop_time64 420 +#define SYS_rt_sigtimedwait_time64 421 +#define SYS_futex_time64 422 +#define SYS_sched_rr_get_interval_time64 423 +#define SYS_pidfd_send_signal 424 +#define SYS_io_uring_setup 425 +#define SYS_io_uring_enter 426 +#define SYS_io_uring_register 427 +#define SYS_open_tree 428 +#define SYS_move_mount 429 +#define SYS_fsopen 430 +#define SYS_fsconfig 431 +#define SYS_fsmount 432 +#define SYS_fspick 433 +#define SYS_pidfd_open 434 +#define SYS_clone3 435 +#define SYS_close_range 436 +#define SYS_openat2 437 +#define SYS_pidfd_getfd 438 +#define SYS_faccessat2 439 +#define SYS_process_madvise 440 +#define SYS_epoll_pwait2 441 +#define SYS_mount_setattr 442 +#define SYS_landlock_create_ruleset 444 +#define SYS_landlock_add_rule 445 +#define SYS_landlock_restrict_self 446 diff --git a/thirdparty/open_source/musl/libc/arch/arm/crt_arch.h b/thirdparty/open_source/musl/libc/arch/arm/crt_arch.h new file mode 100644 index 0000000..42e9a26 --- /dev/null +++ b/thirdparty/open_source/musl/libc/arch/arm/crt_arch.h @@ -0,0 +1,27 @@ +#ifndef ARM_CRT_ARCH_H +#define ARM_CRT_ARCH_H + +__asm__( +".text\n" +".global " START "\n" +".type " START ",%function\n" +START ": \n" +" mov fp, #0\n" +" mov lr, #0\n" +" ldr r5, [r0, #8]\n" /* paratbl */ +/* Little-endian */ +" str r1, [r5, #20]\n" /* PT_ZERO1 */ +" str r2, [r5, #24]\n" /* PT_ZERO2 */ +" ldr r1, 1f\n" +" add r1, pc, r1\n" +" mov r5, sp\n" +"2: and r5, r5, #-16\n" +" mov sp, r5\n" +" bl " START "_c\n" +".weak _DYNAMIC\n" +".hidden _DYNAMIC\n" +".align 2\n" +"1: .word _DYNAMIC-2b\n" +); + +#endif \ No newline at end of file diff --git a/thirdparty/open_source/musl/libc/arch/generic/bits/fcntl.h b/thirdparty/open_source/musl/libc/arch/generic/bits/fcntl.h index ae233cc..730a98c 100644 --- a/thirdparty/open_source/musl/libc/arch/generic/bits/fcntl.h +++ b/thirdparty/open_source/musl/libc/arch/generic/bits/fcntl.h @@ -30,9 +30,15 @@ #define F_SETSIG 10 #define F_GETSIG 11 +#if __LONG_MAX == 0x7fffffffL #define F_GETLK 12 #define F_SETLK 13 #define F_SETLKW 14 +#else +#define F_GETLK 5 +#define F_SETLK 6 +#define F_SETLKW 7 +#endif #define F_SETOWN_EX 15 #define F_GETOWN_EX 16 diff --git a/thirdparty/open_source/musl/libc/arch/generic/bits/shm.h b/thirdparty/open_source/musl/libc/arch/generic/bits/shm.h index 8d19378..da07a2a 100644 --- a/thirdparty/open_source/musl/libc/arch/generic/bits/shm.h +++ b/thirdparty/open_source/musl/libc/arch/generic/bits/shm.h @@ -1,4 +1,4 @@ -#define SHMLBA 4096 +#define SHMLBA (4*4096) struct shmid_ds { struct ipc_perm shm_perm; diff --git a/thirdparty/open_source/musl/libc/arpa/inet.h b/thirdparty/open_source/musl/libc/arpa/inet.h index 37f8c11..9d20a15 100644 --- a/thirdparty/open_source/musl/libc/arpa/inet.h +++ b/thirdparty/open_source/musl/libc/arpa/inet.h @@ -24,11 +24,6 @@ struct in_addr inet_makeaddr(in_addr_t, in_addr_t); in_addr_t inet_lnaof(struct in_addr); in_addr_t inet_netof(struct in_addr); -#undef INET_ADDRSTRLEN -#undef INET6_ADDRSTRLEN -#define INET_ADDRSTRLEN 16 -#define INET6_ADDRSTRLEN 46 - #ifdef __cplusplus } #endif diff --git a/thirdparty/open_source/musl/libc/ctype.h b/thirdparty/open_source/musl/libc/ctype.h index 7936536..fe72b3f 100644 --- a/thirdparty/open_source/musl/libc/ctype.h +++ b/thirdparty/open_source/musl/libc/ctype.h @@ -64,7 +64,14 @@ int isascii(int); int toascii(int); #define _tolower(a) ((a)|0x20) #define _toupper(a) ((a)&0x5f) +#ifndef __cplusplus #define isascii(a) (0 ? isascii(a) : (unsigned)(a) < 128) +#endif + +#include + +const int32_t **__ctype_tolower_loc(void); +const int32_t **__ctype_toupper_loc(void); #endif diff --git a/thirdparty/open_source/musl/libc/elf.h b/thirdparty/open_source/musl/libc/elf.h index 549f92c..86e2f0b 100644 --- a/thirdparty/open_source/musl/libc/elf.h +++ b/thirdparty/open_source/musl/libc/elf.h @@ -603,6 +603,7 @@ typedef struct { #define PT_GNU_EH_FRAME 0x6474e550 #define PT_GNU_STACK 0x6474e551 #define PT_GNU_RELRO 0x6474e552 +#define PT_GNU_PROPERTY 0x6474e553 #define PT_LOSUNW 0x6ffffffa #define PT_SUNWBSS 0x6ffffffa #define PT_SUNWSTACK 0x6ffffffb @@ -685,6 +686,8 @@ typedef struct { #define NT_ARM_PAC_MASK 0x406 #define NT_ARM_PACA_KEYS 0x407 #define NT_ARM_PACG_KEYS 0x408 +#define NT_ARM_TAGGED_ADDR_CTRL 0x409 +#define NT_ARM_PAC_ENABLED_KEYS 0x40a #define NT_METAG_CBUF 0x500 #define NT_METAG_RPIPE 0x501 #define NT_METAG_TLS 0x502 @@ -1085,6 +1088,7 @@ typedef struct { #define NT_GNU_BUILD_ID 3 #define NT_GNU_GOLD_VERSION 4 +#define NT_GNU_PROPERTY_TYPE_0 5 diff --git a/thirdparty/open_source/musl/libc/float.h b/thirdparty/open_source/musl/libc/float.h new file mode 100644 index 0000000..713aadb --- /dev/null +++ b/thirdparty/open_source/musl/libc/float.h @@ -0,0 +1,52 @@ +#ifndef _FLOAT_H +#define _FLOAT_H + +#ifdef __cplusplus +extern "C" { +#endif + +int __flt_rounds(void); +#define FLT_ROUNDS (__flt_rounds()) + +#define FLT_RADIX 2 + +#define FLT_TRUE_MIN 1.40129846432481707092e-45F +#define FLT_MIN 1.17549435082228750797e-38F +#define FLT_MAX 3.40282346638528859812e+38F +#define FLT_EPSILON 1.1920928955078125e-07F + +#define FLT_MANT_DIG 24 +#define FLT_MIN_EXP (-125) +#define FLT_MAX_EXP 128 +#define FLT_HAS_SUBNORM 1 + +#define FLT_DIG 6 +#define FLT_DECIMAL_DIG 9 +#define FLT_MIN_10_EXP (-37) +#define FLT_MAX_10_EXP 38 + +#define DBL_TRUE_MIN 4.94065645841246544177e-324 +#define DBL_MIN 2.22507385850720138309e-308 +#define DBL_MAX 1.79769313486231570815e+308 +#define DBL_EPSILON 2.22044604925031308085e-16 + +#define DBL_MANT_DIG 53 +#define DBL_MIN_EXP (-1021) +#define DBL_MAX_EXP 1024 +#define DBL_HAS_SUBNORM 1 + +#define DBL_DIG 15 +#define DBL_DECIMAL_DIG 17 +#define DBL_MIN_10_EXP (-307) +#define DBL_MAX_10_EXP 308 + +#define LDBL_HAS_SUBNORM 1 +#define LDBL_DECIMAL_DIG DECIMAL_DIG + +#include + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/thirdparty/open_source/musl/libc/limits.h b/thirdparty/open_source/musl/libc/limits.h index c9794bb..53a27b9 100644 --- a/thirdparty/open_source/musl/libc/limits.h +++ b/thirdparty/open_source/musl/libc/limits.h @@ -37,6 +37,8 @@ #if defined(_POSIX_SOURCE) || defined(_POSIX_C_SOURCE) \ || defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) || defined(_BSD_SOURCE) +#include + #define PIPE_BUF 4096 #define FILESIZEBITS 64 #ifndef NAME_MAX diff --git a/thirdparty/open_source/musl/libc/locale.h b/thirdparty/open_source/musl/libc/locale.h index ce38438..11106fe 100644 --- a/thirdparty/open_source/musl/libc/locale.h +++ b/thirdparty/open_source/musl/libc/locale.h @@ -7,7 +7,9 @@ extern "C" { #include -#ifdef __cplusplus +#if __cplusplus >= 201103L +#define NULL nullptr +#elif defined(__cplusplus) #define NULL 0L #else #define NULL ((void*)0) diff --git a/thirdparty/open_source/musl/libc/netinet/in.h b/thirdparty/open_source/musl/libc/netinet/in.h index 5b8b21e..fb628b6 100644 --- a/thirdparty/open_source/musl/libc/netinet/in.h +++ b/thirdparty/open_source/musl/libc/netinet/in.h @@ -48,6 +48,7 @@ struct ipv6_mreq { #define INADDR_BROADCAST ((in_addr_t) 0xffffffff) #define INADDR_NONE ((in_addr_t) 0xffffffff) #define INADDR_LOOPBACK ((in_addr_t) 0x7f000001) +#define INADDR_DUMMY ((in_addr_t) 0xc0000008) #define INADDR_UNSPEC_GROUP ((in_addr_t) 0xe0000000) #define INADDR_ALLHOSTS_GROUP ((in_addr_t) 0xe0000001) @@ -60,8 +61,6 @@ struct ipv6_mreq { extern const struct in6_addr in6addr_any, in6addr_loopback; -#undef INET_ADDRSTRLEN -#undef INET6_ADDRSTRLEN #define INET_ADDRSTRLEN 16 #define INET6_ADDRSTRLEN 46 @@ -103,8 +102,10 @@ uint16_t ntohs(uint16_t); #define IPPROTO_MH 135 #define IPPROTO_UDPLITE 136 #define IPPROTO_MPLS 137 +#define IPPROTO_ETHERNET 143 #define IPPROTO_RAW 255 -#define IPPROTO_MAX 256 +#define IPPROTO_MPTCP 262 +#define IPPROTO_MAX 263 #define IN6_IS_ADDR_UNSPECIFIED(a) \ (((uint32_t *) (a))[0] == 0 && ((uint32_t *) (a))[1] == 0 && \ @@ -202,6 +203,7 @@ uint16_t ntohs(uint16_t); #define IP_CHECKSUM 23 #define IP_BIND_ADDRESS_NO_PORT 24 #define IP_RECVFRAGSIZE 25 +#define IP_RECVERR_RFC4884 26 #define IP_MULTICAST_IF 32 #define IP_MULTICAST_TTL 33 #define IP_MULTICAST_LOOP 34 diff --git a/thirdparty/open_source/musl/libc/netinet/tcp.h b/thirdparty/open_source/musl/libc/netinet/tcp.h index 44a007a..fad1d84 100644 --- a/thirdparty/open_source/musl/libc/netinet/tcp.h +++ b/thirdparty/open_source/musl/libc/netinet/tcp.h @@ -78,6 +78,10 @@ enum { TCP_NLA_DSACK_DUPS, TCP_NLA_REORD_SEEN, TCP_NLA_SRTT, + TCP_NLA_TIMEOUT_REHASH, + TCP_NLA_BYTES_NOTSENT, + TCP_NLA_EDT, + TCP_NLA_TTL, }; #if defined(_GNU_SOURCE) || defined(_BSD_SOURCE) @@ -181,6 +185,13 @@ struct tcphdr { #define TCP_CA_Recovery 3 #define TCP_CA_Loss 4 +enum tcp_fastopen_client_fail { + TFO_STATUS_UNSPEC, + TFO_COOKIE_UNAVAILABLE, + TFO_DATA_NOT_ACKED, + TFO_SYN_RETRANSMITTED, +}; + struct tcp_info { uint8_t tcpi_state; uint8_t tcpi_ca_state; @@ -189,7 +200,7 @@ struct tcp_info { uint8_t tcpi_backoff; uint8_t tcpi_options; uint8_t tcpi_snd_wscale : 4, tcpi_rcv_wscale : 4; - uint8_t tcpi_delivery_rate_app_limited : 1; + uint8_t tcpi_delivery_rate_app_limited : 1, tcpi_fastopen_client_fail : 2; uint32_t tcpi_rto; uint32_t tcpi_ato; uint32_t tcpi_snd_mss; @@ -240,14 +251,15 @@ struct tcp_info { #define TCP_MD5SIG_MAXKEYLEN 80 -#define TCP_MD5SIG_FLAG_PREFIX 1 +#define TCP_MD5SIG_FLAG_PREFIX 0x1 +#define TCP_MD5SIG_FLAG_IFINDEX 0x2 struct tcp_md5sig { struct sockaddr_storage tcpm_addr; uint8_t tcpm_flags; uint8_t tcpm_prefixlen; uint16_t tcpm_keylen; - uint32_t __tcpm_pad; + int tcpm_ifindex; uint8_t tcpm_key[TCP_MD5SIG_MAXKEYLEN]; }; @@ -271,10 +283,21 @@ struct tcp_repair_window { uint32_t rcv_wup; }; +#define TCP_RECEIVE_ZEROCOPY_FLAG_TLB_CLEAN_HINT 0x1 + struct tcp_zerocopy_receive { uint64_t address; uint32_t length; uint32_t recv_skip_hint; + uint32_t inq; + int32_t err; + uint64_t copybuf_address; + int32_t copybuf_len; + uint32_t flags; + uint64_t msg_control; + uint64_t msg_controllen; + uint32_t msg_flags; + uint32_t reserved; }; #endif diff --git a/thirdparty/open_source/musl/libc/nl_types.h b/thirdparty/open_source/musl/libc/nl_types.h new file mode 100644 index 0000000..7c2d48e --- /dev/null +++ b/thirdparty/open_source/musl/libc/nl_types.h @@ -0,0 +1,22 @@ +#ifndef _NL_TYPES_H +#define _NL_TYPES_H + +#ifdef __cplusplus +extern "C" { +#endif + +#define NL_SETD 1 +#define NL_CAT_LOCALE 1 + +typedef int nl_item; +typedef void *nl_catd; + +nl_catd catopen (const char *, int); +char *catgets (nl_catd, int, int, const char *); +int catclose (nl_catd); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/thirdparty/open_source/musl/libc/pthread.h b/thirdparty/open_source/musl/libc/pthread.h index 22120b0..77f0017 100644 --- a/thirdparty/open_source/musl/libc/pthread.h +++ b/thirdparty/open_source/musl/libc/pthread.h @@ -6,6 +6,24 @@ extern "C" { #include +/* Musl did not provide the "owner" marco directly, + * so users can not access the mutex-owner-ID. + * Thus we added this macro for getting the owner-ID + * of the mutex. */ +#define MUTEX_OWNER (__u.__vi[1] & 0x7fffffff) + +/* These macros provides macros for accessing inner + * attributes of the pthread_mutex_t struct. + * It is intened for solving the compiling failure + * of Dopra codes which claims that .__data.* realm + * can not be found in pthread_mutex_t. */ +#define MUTEX_TYPE __u.__i[0] +#define MUTEX_LOCK __u.__vi[1] +#define MUTEX_WAITERS __u.__vi[2] +#define MUTEX_PREV __u.__p[3] +#define MUTEX_NEXT __u.__p[4] +#define MUTEX_COUNT __u.__i[5] + #define __NEED_time_t #define __NEED_clockid_t #define __NEED_struct_timespec @@ -76,6 +94,9 @@ extern "C" { #define PTHREAD_BARRIER_SERIAL_THREAD (-1) +#define PTHREAD_NULL ((pthread_t)0) + + int pthread_create(pthread_t *__restrict, const pthread_attr_t *__restrict, void *(*)(void *), void *__restrict); int pthread_detach(pthread_t); _Noreturn void pthread_exit(void *); @@ -221,6 +242,7 @@ int pthread_getaffinity_np(pthread_t, size_t, struct cpu_set_t *); int pthread_setaffinity_np(pthread_t, size_t, const struct cpu_set_t *); int pthread_getattr_np(pthread_t, pthread_attr_t *); int pthread_setname_np(pthread_t, const char *); +int pthread_getname_np(pthread_t, char *, size_t); int pthread_getattr_default_np(pthread_attr_t *); int pthread_setattr_default_np(const pthread_attr_t *); int pthread_tryjoin_np(pthread_t, void **); diff --git a/thirdparty/open_source/musl/libc/sched.h b/thirdparty/open_source/musl/libc/sched.h index 822f464..fda4b48 100644 --- a/thirdparty/open_source/musl/libc/sched.h +++ b/thirdparty/open_source/musl/libc/sched.h @@ -49,6 +49,7 @@ int sched_yield(void); #ifdef _GNU_SOURCE #define CSIGNAL 0x000000ff +#define CLONE_NEWTIME 0x00000080 #define CLONE_VM 0x00000100 #define CLONE_FS 0x00000200 #define CLONE_FILES 0x00000400 diff --git a/thirdparty/open_source/musl/libc/setjmp.h b/thirdparty/open_source/musl/libc/setjmp.h index 2d43abf..1976af2 100644 --- a/thirdparty/open_source/musl/libc/setjmp.h +++ b/thirdparty/open_source/musl/libc/setjmp.h @@ -15,25 +15,33 @@ typedef struct __jmp_buf_tag { unsigned long __ss[128/sizeof(long)]; } jmp_buf[1]; +#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 1) +#define __setjmp_attr __attribute__((__returns_twice__)) +#else +#define __setjmp_attr +#endif + #if defined(_POSIX_SOURCE) || defined(_POSIX_C_SOURCE) \ || defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) \ || defined(_BSD_SOURCE) typedef jmp_buf sigjmp_buf; -int sigsetjmp (sigjmp_buf, int); +int sigsetjmp (sigjmp_buf, int) __setjmp_attr; _Noreturn void siglongjmp (sigjmp_buf, int); #endif #if defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) \ || defined(_BSD_SOURCE) -int _setjmp (jmp_buf); +int _setjmp (jmp_buf) __setjmp_attr; _Noreturn void _longjmp (jmp_buf, int); #endif -int setjmp (jmp_buf); +int setjmp (jmp_buf) __setjmp_attr; _Noreturn void longjmp (jmp_buf, int); #define setjmp setjmp +#undef __setjmp_attr + #ifdef __cplusplus } #endif diff --git a/thirdparty/open_source/musl/libc/signal.h b/thirdparty/open_source/musl/libc/signal.h index fbdf667..c347f86 100644 --- a/thirdparty/open_source/musl/libc/signal.h +++ b/thirdparty/open_source/musl/libc/signal.h @@ -75,6 +75,8 @@ typedef struct sigaltstack stack_t; #define SEGV_ACCERR 2 #define SEGV_BNDERR 3 #define SEGV_PKUERR 4 +#define SEGV_MTEAERR 8 +#define SEGV_MTESERR 9 #define BUS_ADRALN 1 #define BUS_ADRERR 2 @@ -176,18 +178,31 @@ struct sigaction { #define sa_handler __sa_handler.sa_handler #define sa_sigaction __sa_handler.sa_sigaction +#define SA_UNSUPPORTED 0x00000400 +#define SA_EXPOSE_TAGBITS 0x00000800 + struct sigevent { union sigval sigev_value; int sigev_signo; int sigev_notify; - void (*sigev_notify_function)(union sigval); - pthread_attr_t *sigev_notify_attributes; - char __pad[56-3*sizeof(long)]; + union { + char __pad[64 - 2*sizeof(int) - sizeof(union sigval)]; + pid_t sigev_notify_thread_id; + struct { + void (*sigev_notify_function)(union sigval); + pthread_attr_t *sigev_notify_attributes; + } __sev_thread; + } __sev_fields; }; +#define sigev_notify_thread_id __sev_fields.sigev_notify_thread_id +#define sigev_notify_function __sev_fields.__sev_thread.sigev_notify_function +#define sigev_notify_attributes __sev_fields.__sev_thread.sigev_notify_attributes + #define SIGEV_SIGNAL 0 #define SIGEV_NONE 1 #define SIGEV_THREAD 2 +#define SIGEV_THREAD_ID 4 int __libc_current_sigrtmin(void); int __libc_current_sigrtmax(void); @@ -249,6 +264,9 @@ void (*sigset(int, void (*)(int)))(int); #if defined(_BSD_SOURCE) || defined(_GNU_SOURCE) #define NSIG _NSIG typedef void (*sig_t)(int); + +#define SYS_SECCOMP 1 +#define SYS_USER_DISPATCH 2 #endif #ifdef _GNU_SOURCE diff --git a/thirdparty/open_source/musl/libc/stddef.h b/thirdparty/open_source/musl/libc/stddef.h index 4a914ee..f25b863 100644 --- a/thirdparty/open_source/musl/libc/stddef.h +++ b/thirdparty/open_source/musl/libc/stddef.h @@ -1,13 +1,13 @@ #ifndef _STDDEF_H #define _STDDEF_H -#ifndef NULL -#ifdef __cplusplus +#if __cplusplus >= 201103L +#define NULL nullptr +#elif defined(__cplusplus) #define NULL 0L #else #define NULL ((void*)0) #endif -#endif #define __NEED_ptrdiff_t #define __NEED_size_t diff --git a/thirdparty/open_source/musl/libc/stdio.h b/thirdparty/open_source/musl/libc/stdio.h index 3604198..d1ed01f 100644 --- a/thirdparty/open_source/musl/libc/stdio.h +++ b/thirdparty/open_source/musl/libc/stdio.h @@ -25,7 +25,9 @@ extern "C" { #include -#ifdef __cplusplus +#if __cplusplus >= 201103L +#define NULL nullptr +#elif defined(__cplusplus) #define NULL 0L #else #define NULL ((void*)0) diff --git a/thirdparty/open_source/musl/libc/stdlib.h b/thirdparty/open_source/musl/libc/stdlib.h index 194c203..622002d 100644 --- a/thirdparty/open_source/musl/libc/stdlib.h +++ b/thirdparty/open_source/musl/libc/stdlib.h @@ -7,7 +7,9 @@ extern "C" { #include -#ifdef __cplusplus +#if __cplusplus >= 201103L +#define NULL nullptr +#elif defined(__cplusplus) #define NULL 0L #else #define NULL ((void*)0) @@ -36,6 +38,7 @@ int rand (void); void srand (unsigned); void *malloc (size_t); +void *malloc_coherent(size_t n); void *calloc (size_t, size_t); void *realloc (void *, size_t); void free (void *); @@ -145,6 +148,8 @@ int getloadavg(double *, int); int clearenv(void); #define WCOREDUMP(s) ((s) & 0x80) #define WIFCONTINUED(s) ((s) == 0xffff) +void *reallocarray (void *, size_t, size_t); +void qsort_r (void *, size_t, size_t, int (*)(const void *, const void *, void *), void *); #endif #ifdef _GNU_SOURCE diff --git a/thirdparty/open_source/musl/libc/string.h b/thirdparty/open_source/musl/libc/string.h index 795a2ab..43ad094 100644 --- a/thirdparty/open_source/musl/libc/string.h +++ b/thirdparty/open_source/musl/libc/string.h @@ -7,7 +7,9 @@ extern "C" { #include -#ifdef __cplusplus +#if __cplusplus >= 201103L +#define NULL nullptr +#elif defined(__cplusplus) #define NULL 0L #else #define NULL ((void*)0) diff --git a/thirdparty/open_source/musl/libc/sys/fcntl.h b/thirdparty/open_source/musl/libc/sys/fcntl.h new file mode 100644 index 0000000..3dd928e --- /dev/null +++ b/thirdparty/open_source/musl/libc/sys/fcntl.h @@ -0,0 +1,2 @@ +#warning redirecting incorrect #include to +#include diff --git a/thirdparty/open_source/musl/libc/sys/ioctl.h b/thirdparty/open_source/musl/libc/sys/ioctl.h index c2ce3b4..a9a2346 100644 --- a/thirdparty/open_source/musl/libc/sys/ioctl.h +++ b/thirdparty/open_source/musl/libc/sys/ioctl.h @@ -4,6 +4,8 @@ extern "C" { #endif +#define __NEED_struct_winsize + #include #include @@ -47,13 +49,6 @@ extern "C" { #define TIOCSER_TEMT 1 -struct winsize { - unsigned short ws_row; - unsigned short ws_col; - unsigned short ws_xpixel; - unsigned short ws_ypixel; -}; - #define SIOCADDRT 0x890B #define SIOCDELRT 0x890C #define SIOCRTMSG 0x890D diff --git a/thirdparty/open_source/musl/libc/sys/mman.h b/thirdparty/open_source/musl/libc/sys/mman.h index 105af9d..80a3baa 100644 --- a/thirdparty/open_source/musl/libc/sys/mman.h +++ b/thirdparty/open_source/musl/libc/sys/mman.h @@ -20,7 +20,6 @@ extern "C" { #define MAP_SHARED 0x01 #define MAP_PRIVATE 0x02 -#define MAP_RESERVE 0x04 #define MAP_SHARED_VALIDATE 0x03 #define MAP_TYPE 0x0f #define MAP_FIXED 0x10 @@ -41,6 +40,7 @@ extern "C" { #define MAP_HUGE_SHIFT 26 #define MAP_HUGE_MASK 0x3f +#define MAP_HUGE_16KB (14 << 26) #define MAP_HUGE_64KB (16 << 26) #define MAP_HUGE_512KB (19 << 26) #define MAP_HUGE_1MB (20 << 26) @@ -102,6 +102,7 @@ extern "C" { #ifdef _GNU_SOURCE #define MREMAP_MAYMOVE 1 #define MREMAP_FIXED 2 +#define MREMAP_DONTUNMAP 4 #define MLOCK_ONFAULT 0x01 @@ -113,7 +114,7 @@ extern "C" { #include void *mmap (void *, size_t, int, int, int, off_t); -int munmap (const void *, size_t); +int munmap (void *, size_t); int mprotect (void *, size_t, int); int msync (void *, size_t, int); diff --git a/thirdparty/open_source/musl/libc/sys/socket.h b/thirdparty/open_source/musl/libc/sys/socket.h index 38f5bb1..6dc1e40 100644 --- a/thirdparty/open_source/musl/libc/sys/socket.h +++ b/thirdparty/open_source/musl/libc/sys/socket.h @@ -289,6 +289,8 @@ struct linger { #define SCM_TXTIME SO_TXTIME #define SO_BINDTOIFINDEX 62 #define SO_DETACH_REUSEPORT_BPF 68 +#define SO_PREFER_BUSY_POLL 69 +#define SO_BUSY_POLL_BUDGET 70 #ifndef SOL_SOCKET #define SOL_SOCKET 1 diff --git a/thirdparty/open_source/musl/libc/time.h b/thirdparty/open_source/musl/libc/time.h index 1b18024..3d94837 100644 --- a/thirdparty/open_source/musl/libc/time.h +++ b/thirdparty/open_source/musl/libc/time.h @@ -7,13 +7,13 @@ extern "C" { #include -#ifndef NULL -#ifdef __cplusplus +#if __cplusplus >= 201103L +#define NULL nullptr +#elif defined(__cplusplus) #define NULL 0L #else #define NULL ((void*)0) #endif -#endif #define __NEED_size_t diff --git a/thirdparty/open_source/musl/libc/unistd.h b/thirdparty/open_source/musl/libc/unistd.h index 7bcbff9..212263a 100644 --- a/thirdparty/open_source/musl/libc/unistd.h +++ b/thirdparty/open_source/musl/libc/unistd.h @@ -14,8 +14,12 @@ extern "C" { #define SEEK_SET 0 #define SEEK_CUR 1 #define SEEK_END 2 +#define SEEK_DATA 3 +#define SEEK_HOLE 4 -#ifdef __cplusplus +#if __cplusplus >= 201103L +#define NULL nullptr +#elif defined(__cplusplus) #define NULL 0L #else #define NULL ((void*)0) @@ -82,6 +86,7 @@ unsigned sleep(unsigned); int pause(void); pid_t fork(void); +pid_t _Fork(void); int execve(const char *, char *const [], char *const []); int execv(const char *, char *const []); int execle(const char *, const char *, ...); @@ -190,6 +195,7 @@ int syncfs(int); int euidaccess(const char *, int); int eaccess(const char *, int); ssize_t copy_file_range(int, off_t *, int, off_t *, size_t, unsigned); +pid_t gettid(void); #endif #if defined(_LARGEFILE64_SOURCE) || defined(_GNU_SOURCE) diff --git a/thirdparty/open_source/musl/libc/wchar.h b/thirdparty/open_source/musl/libc/wchar.h index 88eb55b..ed5d774 100644 --- a/thirdparty/open_source/musl/libc/wchar.h +++ b/thirdparty/open_source/musl/libc/wchar.h @@ -38,7 +38,9 @@ extern "C" { #define WCHAR_MIN (-1-0x7fffffff+L'\0') #endif -#ifdef __cplusplus +#if __cplusplus >= 201103L +#define NULL nullptr +#elif defined(__cplusplus) #define NULL 0L #else #define NULL ((void*)0) diff --git a/include/TA/openssl/crypto/asn1.h b/thirdparty/open_source/openssl/crypto/asn1.h similarity index 97% rename from include/TA/openssl/crypto/asn1.h rename to thirdparty/open_source/openssl/crypto/asn1.h index 9c28a7d..9c9b4d8 100644 --- a/include/TA/openssl/crypto/asn1.h +++ b/thirdparty/open_source/openssl/crypto/asn1.h @@ -92,9 +92,6 @@ extern const EVP_PKEY_ASN1_METHOD siphash_asn1_meth; # define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ # define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ # define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ -#ifndef OPENSSL_NO_CRL_MEMPOOL -# define ASN1_OBJECT_FLAG_MEMPOOL 0x1000/* internal use*/ -#endif struct asn1_object_st { const char *sn, *ln; int nid; diff --git a/include/TA/openssl/crypto/bn.h b/thirdparty/open_source/openssl/crypto/bn.h similarity index 100% rename from include/TA/openssl/crypto/bn.h rename to thirdparty/open_source/openssl/crypto/bn.h diff --git a/include/TA/openssl/crypto/ec.h b/thirdparty/open_source/openssl/crypto/ec.h similarity index 91% rename from include/TA/openssl/crypto/ec.h rename to thirdparty/open_source/openssl/crypto/ec.h index 184c5c1..fe52ae7 100644 --- a/include/TA/openssl/crypto/ec.h +++ b/thirdparty/open_source/openssl/crypto/ec.h @@ -49,11 +49,5 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md); -/*- - * Checking for Elliptic Curve types that do not support signatures for fips 140-3 - */ -#ifndef OPENSSL_NO_FIPS -int fips_check_ecdsa_curve_type(int nid); -#endif # endif /* OPENSSL_NO_EC */ #endif diff --git a/include/TA/openssl/crypto/err.h b/thirdparty/open_source/openssl/crypto/err.h similarity index 100% rename from include/TA/openssl/crypto/err.h rename to thirdparty/open_source/openssl/crypto/err.h diff --git a/include/TA/openssl/internal/bio.h b/thirdparty/open_source/openssl/internal/bio.h similarity index 82% rename from include/TA/openssl/internal/bio.h rename to thirdparty/open_source/openssl/internal/bio.h index 51b991d..c343b27 100644 --- a/include/TA/openssl/internal/bio.h +++ b/thirdparty/open_source/openssl/internal/bio.h @@ -27,13 +27,7 @@ struct bio_method_st { void bio_free_ex_data(BIO *bio); void bio_cleanup(void); -#ifndef OPENSSL_NO_DTO -#define BIO_set_dto_key(b, keyblob, type) \ - BIO_ctrl(b, BIO_CTRL_SET_DTO_KEY, type, keyblob) -#define BIO_set_dto_epoch_sequence(b, keyblob) \ - BIO_ctrl(b, BIO_CTRL_SET_DTO_EPOCH_SEQUENCE, 0, keyblob) -#endif /* Old style to new style BIO_METHOD conversion functions */ int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written); int bread_conv(BIO *bio, char *data, size_t datal, size_t *read); diff --git a/include/TA/openssl/openssl/asn1.h b/thirdparty/open_source/openssl/openssl/asn1.h similarity index 99% rename from include/TA/openssl/openssl/asn1.h rename to thirdparty/open_source/openssl/openssl/asn1.h index fbf8373..9522eec 100644 --- a/include/TA/openssl/openssl/asn1.h +++ b/thirdparty/open_source/openssl/openssl/asn1.h @@ -248,12 +248,6 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; type *name##_new(void); \ void name##_free(type *a); -# define DECLARE_ASN1_DUP_FUNCTION(type) \ - DECLARE_ASN1_DUP_FUNCTION_name(type, type) - -# define DECLARE_ASN1_DUP_FUNCTION_name(type, name) \ - type *name##_dup(type *a); - # define DECLARE_ASN1_PRINT_FUNCTION(stname) \ DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) @@ -668,6 +662,7 @@ BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); + int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); diff --git a/include/TA/openssl/openssl/asn1err.h b/thirdparty/open_source/openssl/openssl/asn1err.h similarity index 100% rename from include/TA/openssl/openssl/asn1err.h rename to thirdparty/open_source/openssl/openssl/asn1err.h diff --git a/include/TA/openssl/openssl/asn1t.h b/thirdparty/open_source/openssl/openssl/asn1t.h similarity index 98% rename from include/TA/openssl/openssl/asn1t.h rename to thirdparty/open_source/openssl/openssl/asn1t.h index 4c326ea..a450ba0 100644 --- a/include/TA/openssl/openssl/asn1t.h +++ b/thirdparty/open_source/openssl/openssl/asn1t.h @@ -860,23 +860,6 @@ typedef struct ASN1_STREAM_ARG_st { ASN1_ITEM_rptr(stname)); \ } -#ifndef OPENSSL_NO_TTO -# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS(stname) \ - static int i2d_##stname(stname *a, unsigned char **out) \ - { \ - return ASN1_item_i2d((ASN1_VALUE *)a, out, \ - ASN1_ITEM_rptr(stname)); \ - } - -# define IMPLEMENT_ASN1_DECODE_FUNCTIONS(stname) \ - static stname *d2i_##stname(stname **a, \ - const unsigned char **in, long len) \ - { \ - return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ - ASN1_ITEM_rptr(stname)); \ - } -#endif - /* * This includes evil casts to remove const: they will go away when full ASN1 * constification is done. diff --git a/include/TA/openssl/openssl/bio.h b/thirdparty/open_source/openssl/openssl/bio.h similarity index 98% rename from include/TA/openssl/openssl/bio.h rename to thirdparty/open_source/openssl/openssl/bio.h index 3f68687..ae559a5 100644 --- a/include/TA/openssl/openssl/bio.h +++ b/thirdparty/open_source/openssl/openssl/bio.h @@ -140,17 +140,6 @@ extern "C" { # endif # define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 -# define BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY 77 -# define BIO_CTRL_DGRAM_SCTP_MSG_WAITING 78 - -/* Negotiate with the SE (Chen Shengqi) to reserve the value before 1000 for the open-source community, - * and use the value after 1000 for Huawei-developed features. */ -#ifndef OPENSSL_NO_DTO -/* Export DTLS1.2 key information and epoch commands used by the BIO_set_dto macro */ -#define BIO_CTRL_SET_DTO_KEY 1001 -#define BIO_CTRL_SET_DTO_EPOCH_SEQUENCE 1002 - -#endif /* modifiers */ # define BIO_FP_READ 0x02 @@ -563,8 +552,6 @@ void BIO_set_data(BIO *a, void *ptr); void *BIO_get_data(BIO *a); void BIO_set_init(BIO *a, int init); int BIO_get_init(BIO *a); -void BIO_set_num(BIO *a, int num); -int BIO_get_num(BIO *a); void BIO_set_shutdown(BIO *a, int shut); int BIO_get_shutdown(BIO *a); void BIO_vfree(BIO *a); @@ -773,6 +760,7 @@ ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); # undef ossl_bio__attr__ # undef ossl_bio__printf__ + BIO_METHOD *BIO_meth_new(int type, const char *name); void BIO_meth_free(BIO_METHOD *biom); int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); diff --git a/include/TA/openssl/openssl/bioerr.h b/thirdparty/open_source/openssl/openssl/bioerr.h similarity index 100% rename from include/TA/openssl/openssl/bioerr.h rename to thirdparty/open_source/openssl/openssl/bioerr.h diff --git a/include/TA/openssl/openssl/bn.h b/thirdparty/open_source/openssl/openssl/bn.h similarity index 83% rename from include/TA/openssl/openssl/bn.h rename to thirdparty/open_source/openssl/openssl/bn.h index 51fff4a..d877660 100644 --- a/include/TA/openssl/openssl/bn.h +++ b/thirdparty/open_source/openssl/openssl/bn.h @@ -11,7 +11,6 @@ #ifndef HEADER_BN_H # define HEADER_BN_H -#ifndef VPP_HICRYPTO_COMPILE # include # ifndef OPENSSL_NO_STDIO # include @@ -20,35 +19,11 @@ # include # include # include -#else -#include -#include -#include - -#ifndef OPENSSL_API_COMPAT -#define OPENSSL_API_COMPAT 0x10100000L -#endif - -/* Only one for the following should be defined */ -#cmakedefine SIXTY_FOUR_BIT_LONG -#cmakedefine SIXTY_FOUR_BIT -#cmakedefine THIRTY_TWO_BIT - -typedef struct bignum_st BIGNUM; -typedef struct bignum_ctx BN_CTX; -typedef struct bn_blinding_st BN_BLINDING; -typedef struct bn_mont_ctx_st BN_MONT_CTX; -typedef struct bn_recp_ctx_st BN_RECP_CTX; -typedef struct bn_gencb_st BN_GENCB; -#endif #ifdef __cplusplus extern "C" { #endif -#ifdef VPP_HICRYPTO_COMPILE -# pragma GCC visibility push(default) -#endif /* * 64-bit processor with LP64 ABI */ @@ -319,12 +294,10 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); int BN_mask_bits(BIGNUM *a, int n); -#ifndef VPP_HICRYPTO_COMPILE # ifndef OPENSSL_NO_STDIO int BN_print_fp(FILE *fp, const BIGNUM *a); # endif int BN_print(BIO *bio, const BIGNUM *a); -#endif int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); int BN_rshift1(BIGNUM *r, const BIGNUM *a); @@ -349,7 +322,6 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret, void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); -#ifndef VPP_HICRYPTO_COMPILE /* Deprecated versions */ DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, const BIGNUM *add, @@ -366,7 +338,7 @@ DEPRECATEDIN_0_9_8(int void (*callback) (int, int, void *), BN_CTX *ctx, void *cb_arg, int do_trial_division)) -#endif + /* Newer versions */ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb); @@ -394,13 +366,9 @@ int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, void BN_MONT_CTX_free(BN_MONT_CTX *mont); int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); -#ifndef VPP_HICRYPTO_COMPILE BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, const BIGNUM *mod, BN_CTX *ctx); -#else -BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRPT_THREAD_MUTEX *lock, - const BIGNUM *mod, BN_CTX *ctx); -#endif + /* BN_BLINDING flags */ # define BN_BLINDING_NO_UPDATE 0x00000001 # define BN_BLINDING_NO_RECREATE 0x00000002 @@ -430,11 +398,11 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, BN_CTX *ctx, BN_MONT_CTX *m_ctx), BN_MONT_CTX *m_ctx); -#ifndef VPP_HICRYPTO_COMPILE + DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont)) DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3 * mont */ -#endif + BN_RECP_CTX *BN_RECP_CTX_new(void); void BN_RECP_CTX_free(BN_RECP_CTX *recp); int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); @@ -564,93 +532,6 @@ BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); -#ifdef VPP_HICRYPTO_COMPILE -/** Internal APIs */ -BIGNUM *bn_wexpand(BIGNUM *a, int words); -BIGNUM *bn_expand2(BIGNUM *a, int words); - -void bn_correct_top(BIGNUM *a); - -int bn_get_top(const BIGNUM *a); - -int bn_get_dmax(const BIGNUM *a); - -/* Set all words to zero */ -void bn_set_all_zero(BIGNUM *a); - -/* - * Copy the internal BIGNUM words into out which holds size elements (and size - * must be bigger than top) - */ -int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size); - -BN_ULONG *bn_get_words(const BIGNUM *a); - -/* - * Set the internal data words in a to point to words which contains size - * elements. The BN_FLG_STATIC_DATA flag is set - */ -void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size); - -/* - * Copy words into the BIGNUM |a|, reallocating space as necessary. - * The negative flag of |a| is not modified. - * Returns 1 on success and 0 on failure. - */ -/* - * |num_words| is int because bn_expand2 takes an int. This is an internal - * function so we simply trust callers not to pass negative values. - */ -int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); - -/* - * Some BIGNUM functions assume most significant limb to be non-zero, which - * is customarily arranged by bn_correct_top. Output from below functions - * is not processed with bn_correct_top, and for this reason it may not be - * returned out of public API. It may only be passed internally into other - * functions known to support non-minimal or zero-padded BIGNUMs. Even - * though the goal is to facilitate constant-time-ness, not each subroutine - * is constant-time by itself. They all have pre-conditions, consult source - * code... - */ -int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx); -int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx); -int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx); -int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); -int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); -int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); -int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); -int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); -int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); - -/* - * BN reason codes. - */ -#define BN_R_ARG2_LT_ARG3 100 -#define BN_R_BAD_RECIPROCAL 101 -#define BN_R_BIGNUM_TOO_LONG 114 -#define BN_R_BITS_TOO_SMALL 118 -#define BN_R_CALLED_WITH_EVEN_MODULUS 102 -#define BN_R_DIV_BY_ZERO 103 -#define BN_R_ENCODING_ERROR 104 -#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 -#define BN_R_INPUT_NOT_REDUCED 110 -#define BN_R_INVALID_LENGTH 106 -#define BN_R_INVALID_RANGE 115 -#define BN_R_INVALID_SHIFT 119 -#define BN_R_NOT_A_SQUARE 111 -#define BN_R_NOT_INITIALIZED 107 -#define BN_R_NO_INVERSE 108 -#define BN_R_NO_SOLUTION 116 -#define BN_R_NO_SUITABLE_DIGEST 120 -#define BN_R_PRIVATE_KEY_TOO_LARGE 117 -#define BN_R_P_IS_NOT_PRIME 112 -#define BN_R_TOO_MANY_ITERATIONS 113 -#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 - -#pragma GCC visibility pop -#endif # ifdef __cplusplus } diff --git a/include/TA/openssl/openssl/bnerr.h b/thirdparty/open_source/openssl/openssl/bnerr.h similarity index 100% rename from include/TA/openssl/openssl/bnerr.h rename to thirdparty/open_source/openssl/openssl/bnerr.h diff --git a/include/TA/openssl/openssl/buffer.h b/thirdparty/open_source/openssl/openssl/buffer.h similarity index 99% rename from include/TA/openssl/openssl/buffer.h rename to thirdparty/open_source/openssl/openssl/buffer.h index 35a8503..d276576 100644 --- a/include/TA/openssl/openssl/buffer.h +++ b/thirdparty/open_source/openssl/openssl/buffer.h @@ -16,6 +16,7 @@ # endif # include + #ifdef __cplusplus extern "C" { #endif @@ -50,6 +51,7 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len); size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); + # ifdef __cplusplus } # endif diff --git a/include/TA/openssl/openssl/buffererr.h b/thirdparty/open_source/openssl/openssl/buffererr.h similarity index 100% rename from include/TA/openssl/openssl/buffererr.h rename to thirdparty/open_source/openssl/openssl/buffererr.h diff --git a/include/TA/openssl/openssl/cmac.h b/thirdparty/open_source/openssl/openssl/cmac.h similarity index 100% rename from include/TA/openssl/openssl/cmac.h rename to thirdparty/open_source/openssl/openssl/cmac.h diff --git a/include/TA/openssl/openssl/crypto.h b/thirdparty/open_source/openssl/openssl/crypto.h similarity index 90% rename from include/TA/openssl/openssl/crypto.h rename to thirdparty/open_source/openssl/openssl/crypto.h index 2b5c52a..7d0b526 100644 --- a/include/TA/openssl/openssl/crypto.h +++ b/thirdparty/open_source/openssl/openssl/crypto.h @@ -107,8 +107,7 @@ DEFINE_STACK_OF(void) # define CRYPTO_EX_INDEX_APP 13 # define CRYPTO_EX_INDEX_UI_METHOD 14 # define CRYPTO_EX_INDEX_DRBG 15 -# define CRYPTO_EX_INDEX_SM9_KEY 16 -# define CRYPTO_EX_INDEX__COUNT 17 +# define CRYPTO_EX_INDEX__COUNT 16 /* No longer needed, so this is a no-op */ #define OPENSSL_malloc_init() while(0) continue @@ -319,10 +318,6 @@ int CRYPTO_mem_leaks_fp(FILE *); int CRYPTO_mem_leaks(BIO *bio); # endif -#ifndef OPENSSL_NO_CRL_MEMPOOL -int CRYPT_init_memory_pool(int pool_size, int max_no_pool); -#endif - /* die if we have to */ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); # if OPENSSL_API_COMPAT < 0x10100000L @@ -331,31 +326,11 @@ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line # define OPENSSL_assert(e) \ (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1)) -#if defined(OPENSSL_SYS_VXWORKS) && defined(OPENSSL_SYS_VXWORKS55) -int CRYPTO_strncasecmp(unsigned char *a, unsigned char *b, size_t len); -int CRYPTO_strcasecmp(unsigned char *a, unsigned char *b); - -#define strncasecmp(a,b,len) CRYPTO_strncasecmp((a), (b), (len)) -#define strcasecmp(a,b) CRYPTO_strcasecmp((a), (b)) -#endif - -#if !defined(OPENSSL_NO_NDCPP) -#define NDCPP_MODE_OFF 0 -#define NDCPP_MODE_ON 1 - -int NDCPP_mode(void); -int NDCPP_mode_set(int r); -#endif - int OPENSSL_isservice(void); int FIPS_mode(void); int FIPS_mode_set(int r); -#ifndef OPENSSL_NO_FIPS -int FIPS_selftest_result(int result); -#endif - void OPENSSL_init(void); # ifdef OPENSSL_SYS_UNIX void OPENSSL_fork_prepare(void); @@ -407,6 +382,7 @@ int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ OPENSSL_INIT_ENGINE_PADLOCK) + /* Library initialisation functions */ void OPENSSL_cleanup(void); int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); @@ -462,38 +438,6 @@ int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key); CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void); int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b); -#ifndef OPENSSL_NO_ALT_MEMORY -int CRYPTO_set_mem_functions_alt( - void *(*m) (size_t, const char *, int), - void *(*r) (void *, size_t, const char *, int), - void (*f) (void *, const char *, int)); - -void *CRYPTO_malloc_alt(size_t num, const char *file, int line); -void *CRYPTO_zalloc_alt(size_t num, const char *file, int line); -void *CRYPTO_realloc_alt(void *addr, size_t num, const char *file, int line); -void CRYPTO_free_alt(void *ptr, const char *file, int line); - -#define OPENSSL_malloc_alt(num) \ - CRYPTO_malloc_alt((num), OPENSSL_FILE, OPENSSL_LINE) - -#define OPENSSL_realloc_alt(num) \ - CRYPTO_realloc_alt((num), OPENSSL_FILE, OPENSSL_LINE) - -#define OPENSSL_free_alt(num) \ - CRYPTO_free_alt((num), OPENSSL_FILE, OPENSSL_LINE) - -#define OPENSSL_zalloc_alt(num) \ - CRYPTO_zalloc_alt(num, OPENSSL_FILE, OPENSSL_LINE) - -#define SSLBUF_malloc(num) OPENSSL_malloc_alt(num) -#define SSLBUF_free(num) OPENSSL_free_alt(num) - -#else - -#define SSLBUF_malloc(num) OPENSSL_malloc(num) -#define SSLBUF_free(num) OPENSSL_free(num) - -#endif # ifdef __cplusplus } diff --git a/include/TA/openssl/openssl/cryptoerr.h b/thirdparty/open_source/openssl/openssl/cryptoerr.h similarity index 100% rename from include/TA/openssl/openssl/cryptoerr.h rename to thirdparty/open_source/openssl/openssl/cryptoerr.h diff --git a/include/TA/openssl/openssl/dh.h b/thirdparty/open_source/openssl/openssl/dh.h similarity index 98% rename from include/TA/openssl/openssl/dh.h rename to thirdparty/open_source/openssl/openssl/dh.h index 352b37a..3527540 100644 --- a/include/TA/openssl/openssl/dh.h +++ b/thirdparty/open_source/openssl/openssl/dh.h @@ -30,11 +30,7 @@ extern "C" { # define OPENSSL_DH_MAX_MODULUS_BITS 10000 # endif -# ifndef OPENSSL_NO_FIPS - # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 2048 -#else - # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 -#endif +# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 # define DH_FLAG_CACHE_MONT_P 0x01 @@ -229,6 +225,7 @@ int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) int DH_meth_set_generate_params(DH_METHOD *dhm, int (*generate_params) (DH *, int, int, BN_GENCB *)); + # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) @@ -335,6 +332,7 @@ int DH_meth_set_generate_params(DH_METHOD *dhm, # define EVP_PKEY_DH_KDF_X9_42 2 # endif + # ifdef __cplusplus } # endif diff --git a/include/TA/openssl/openssl/dsa.h b/thirdparty/open_source/openssl/openssl/dsa.h similarity index 98% rename from include/TA/openssl/openssl/dsa.h rename to thirdparty/open_source/openssl/openssl/dsa.h index 741fd4f..6d8a18a 100644 --- a/include/TA/openssl/openssl/dsa.h +++ b/thirdparty/open_source/openssl/openssl/dsa.h @@ -30,12 +30,7 @@ extern "C" { # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 # endif -#ifndef OPENSSL_NO_FIPS -# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 2048 -# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_verify 512 -#else # define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 -#endif # define DSA_FLAG_CACHE_MONT_P 0x01 # if OPENSSL_API_COMPAT < 0x10100000L @@ -241,6 +236,7 @@ int DSA_meth_set_paramgen(DSA_METHOD *dsam, int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *); int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)); + # ifdef __cplusplus } # endif diff --git a/include/TA/openssl/openssl/e_os2.h b/thirdparty/open_source/openssl/openssl/e_os2.h similarity index 95% rename from include/TA/openssl/openssl/e_os2.h rename to thirdparty/open_source/openssl/openssl/e_os2.h index 86c201e..5c88e51 100644 --- a/include/TA/openssl/openssl/e_os2.h +++ b/thirdparty/open_source/openssl/openssl/e_os2.h @@ -42,7 +42,7 @@ extern "C" { * UEFI lives here because it might be built with a Microsoft toolchain and * we need to avoid the false positive match on Windows. */ -# if defined(OPENSSL_SYS_UEFI) || defined(__UBOOT__) +# if defined(OPENSSL_SYS_UEFI) # undef OPENSSL_SYS_UNIX # elif defined(OPENSSL_SYS_UWIN) # undef OPENSSL_SYS_UNIX @@ -212,7 +212,7 @@ extern "C" { # ifndef ossl_ssize_t # define ossl_ssize_t ssize_t -# if defined(SSIZE_MAX) && !defined(OPENSSL_SYS_VXWORKS) +# if defined(SSIZE_MAX) # define OSSL_SSIZE_MAX SSIZE_MAX # elif defined(_POSIX_SSIZE_MAX) # define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX @@ -237,9 +237,9 @@ typedef INT32 int32_t; typedef UINT32 uint32_t; typedef INT64 int64_t; typedef UINT64 uint64_t; -# elif !defined(OPENSSL_SYS_VXWORKS) && ((defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ +# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ defined(__osf__) || defined(__sgi) || defined(__hpux) || \ - defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)) + defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) # include # elif defined(_MSC_VER) && _MSC_VER<1600 /* @@ -254,15 +254,9 @@ typedef int int32_t; typedef unsigned int uint32_t; typedef __int64 int64_t; typedef unsigned __int64 uint64_t; -# elif defined(OPENSSL_SYS_VXWORKS) && !defined(VPP_CRYPTO_COMPILE) -# define UINT16_MAX 0xffff -# define INT16_MAX 0x7fff -# include # else -# ifndef __NO_STDINTH__ # include # endif -# endif /* ossl_inline: portable inline definition usable in public headers */ # if !defined(inline) && !defined(__cplusplus) diff --git a/include/TA/openssl/openssl/ec.h b/thirdparty/open_source/openssl/openssl/ec.h similarity index 99% rename from include/TA/openssl/openssl/ec.h rename to thirdparty/open_source/openssl/openssl/ec.h index 0c830ab..24baf53 100644 --- a/include/TA/openssl/openssl/ec.h +++ b/thirdparty/open_source/openssl/openssl/ec.h @@ -1104,7 +1104,7 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *key); int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); # endif -const EC_KEY_METHOD *EC_KEY_get_iso_15946_2_method(void); + const EC_KEY_METHOD *EC_KEY_OpenSSL(void); const EC_KEY_METHOD *EC_KEY_get_default_method(void); void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); @@ -1476,6 +1476,7 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, */ # define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 + # ifdef __cplusplus } # endif diff --git a/include/TA/openssl/openssl/ecdsa.h b/thirdparty/open_source/openssl/openssl/ecdsa.h similarity index 68% rename from include/TA/openssl/openssl/ecdsa.h rename to thirdparty/open_source/openssl/openssl/ecdsa.h index a9aeb7c..681f3d5 100644 --- a/include/TA/openssl/openssl/ecdsa.h +++ b/thirdparty/open_source/openssl/openssl/ecdsa.h @@ -7,13 +7,4 @@ * https://www.openssl.org/source/license.html */ -#ifndef ECDSA_H -# define ECDSA_H #include - -#ifndef OPENSSL_NO_FIPS -#define ECDSA_VERIFY_SIG_MIN_KEY_SIZE 160 -#define ECDSA_SIGN_SIG_MIN_KEY_SIZE 224 -#endif - -#endif // ECDSA_H diff --git a/include/TA/openssl/openssl/ecerr.h b/thirdparty/open_source/openssl/openssl/ecerr.h similarity index 98% rename from include/TA/openssl/openssl/ecerr.h rename to thirdparty/open_source/openssl/openssl/ecerr.h index a796d22..5173811 100644 --- a/include/TA/openssl/openssl/ecerr.h +++ b/thirdparty/open_source/openssl/openssl/ecerr.h @@ -187,8 +187,6 @@ int ERR_load_EC_strings(void); # define EC_F_OSSL_ECDH_COMPUTE_KEY 247 # define EC_F_OSSL_ECDSA_SIGN_SIG 249 # define EC_F_OSSL_ECDSA_VERIFY_SIG 250 -# define EC_F_OSSL_ECDSA_SIGN_SIG_ISO_15946_2 300 -# define EC_F_OSSL_ECDSA_VERIFY_SIG_ISO_15946_2 301 # define EC_F_PKEY_ECD_CTRL 271 # define EC_F_PKEY_ECD_DIGESTSIGN 272 # define EC_F_PKEY_ECD_DIGESTSIGN25519 276 @@ -202,7 +200,6 @@ int ERR_load_EC_strings(void); # define EC_F_PKEY_EC_KEYGEN 199 # define EC_F_PKEY_EC_PARAMGEN 219 # define EC_F_PKEY_EC_SIGN 218 -# define EC_F_PKEY_EC_SM2DH_DERIVE 299 # define EC_F_VALIDATE_ECX_DERIVE 278 /* @@ -274,9 +271,6 @@ int ERR_load_EC_strings(void); # define EC_R_UNSUPPORTED_FIELD 131 # define EC_R_WRONG_CURVE_PARAMETERS 145 # define EC_R_WRONG_ORDER 130 -#ifndef OPENSSL_NO_FIPS -# define EC_R_KEY_SIZE_INVALID 166 -#endif # endif #endif diff --git a/include/TA/openssl/openssl/err.h b/thirdparty/open_source/openssl/openssl/err.h similarity index 94% rename from include/TA/openssl/openssl/err.h rename to thirdparty/open_source/openssl/openssl/err.h index cd219c7..b49f881 100644 --- a/include/TA/openssl/openssl/err.h +++ b/thirdparty/open_source/openssl/openssl/err.h @@ -95,11 +95,6 @@ typedef struct err_state_st { # define ERR_LIB_ASYNC 51 # define ERR_LIB_KDF 52 # define ERR_LIB_SM2 53 -# define ERR_LIB_CRMF 56 -# define ERR_LIB_CMP 57 -# define ERR_LIB_SM9 58 -# define ERR_LIB_PQC 59 -# define ERR_LIB_PQC_HYBRID 60 # define ERR_LIB_USER 128 @@ -133,17 +128,12 @@ typedef struct err_state_st { # define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define CRMFerr(f,r) ERR_PUT_error(ERR_LIB_CRMF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define CMPerr(f,r) ERR_PUT_error(ERR_LIB_CMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define SM9err(f,r) ERR_PUT_error(ERR_LIB_SM9,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define PQCerr(f,r) ERR_PUT_error(ERR_LIB_SM9,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define PQC_HYBRIDerr(f,r) ERR_PUT_error(ERR_LIB_SM9,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define ERR_PACK(l,f,r) ( \ (((unsigned int)(l) & 0x0FF) << 24L) | \ @@ -200,8 +190,6 @@ typedef struct err_state_st { # define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ # define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ # define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */ -# define ERR_R_SM9_LIB ERR_LIB_SM9/* 58 */ -# define ERR_R_PQC_HYBRID_LIB ERR_LIB_PQC_HYBRID/* 60 */ # define ERR_R_NESTED_ASN1_ERROR 58 # define ERR_R_MISSING_ASN1_EOS 63 diff --git a/include/TA/openssl/openssl/evp.h b/thirdparty/open_source/openssl/openssl/evp.h similarity index 99% rename from include/TA/openssl/openssl/evp.h rename to thirdparty/open_source/openssl/openssl/evp.h index d6c7292..a411f3f 100644 --- a/include/TA/openssl/openssl/evp.h +++ b/thirdparty/open_source/openssl/openssl/evp.h @@ -352,10 +352,6 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, # define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 # define EVP_CTRL_GET_IVLEN 0x25 -#ifndef OPENSSL_NO_TTO -/* Set the input buffer lengths to use for a pipelined operation in case of TTO */ -# define EVP_CTRL_GCM_SET_IV_INV_TTO 0x99 -#endif /* Padding modes */ #define EVP_PADDING_PKCS7 1 @@ -402,6 +398,7 @@ typedef struct evp_cipher_info_st { unsigned char iv[EVP_MAX_IV_LENGTH]; } EVP_CIPHER_INFO; + /* Password based encryption function */ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, @@ -940,10 +937,6 @@ const EVP_CIPHER *EVP_sm4_cfb128(void); # define EVP_sm4_cfb EVP_sm4_cfb128 const EVP_CIPHER *EVP_sm4_ofb(void); const EVP_CIPHER *EVP_sm4_ctr(void); -const EVP_CIPHER *EVP_sm4_gcm(void); -#ifndef OPENSSL_NO_SM4_XTS -const EVP_CIPHER *EVP_sm4_xts(void); -# endif # endif # if OPENSSL_API_COMPAT < 0x10100000L @@ -1344,13 +1337,6 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); -#ifndef OPENSSL_NO_GMTLS -EVP_PKEY_CTX *EVP_PKEY_CTX_new_pkey_id(EVP_PKEY *pkey, int id, ENGINE *e); -int EVP_PKEY_CTX_set_sm2_param(EVP_PKEY_CTX *pctx, EVP_MD *md, int server, - unsigned char *peer_id, int peerid_len, - unsigned char *self_id, int selfid_len, - EC_KEY *peer_ecdhe_key, EC_KEY *self_ecdhe_key); -#endif EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); @@ -1673,9 +1659,6 @@ void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, EVP_MD_CTX *mctx)); void EVP_add_alg_module(void); -#ifndef OPENSSL_NO_SM2 -int EVP_PKEY_is_sm2(EVP_PKEY *pkey); -#endif # ifdef __cplusplus } diff --git a/include/TA/openssl/openssl/evperr.h b/thirdparty/open_source/openssl/openssl/evperr.h similarity index 98% rename from include/TA/openssl/openssl/evperr.h rename to thirdparty/open_source/openssl/openssl/evperr.h index daabe9b..b4ea90a 100644 --- a/include/TA/openssl/openssl/evperr.h +++ b/thirdparty/open_source/openssl/openssl/evperr.h @@ -123,8 +123,6 @@ int ERR_load_EVP_strings(void); # define EVP_F_R_32_12_16_INIT_KEY 242 # define EVP_F_S390X_AES_GCM_CTRL 201 # define EVP_F_UPDATE 173 -# define EVP_F_SM4_GCM_CTRL 231 -# define EVP_F_SM4_XTS_INIT_KEY 232 /* * EVP reason codes. diff --git a/include/TA/openssl/openssl/hmac.h b/thirdparty/open_source/openssl/openssl/hmac.h similarity index 100% rename from include/TA/openssl/openssl/hmac.h rename to thirdparty/open_source/openssl/openssl/hmac.h diff --git a/include/TA/openssl/openssl/kdf.h b/thirdparty/open_source/openssl/openssl/kdf.h similarity index 99% rename from include/TA/openssl/openssl/kdf.h rename to thirdparty/open_source/openssl/openssl/kdf.h index 01e5448..5abd4c3 100644 --- a/include/TA/openssl/openssl/kdf.h +++ b/thirdparty/open_source/openssl/openssl/kdf.h @@ -90,6 +90,7 @@ extern "C" { EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes) + # ifdef __cplusplus } # endif diff --git a/include/TA/openssl/openssl/kdferr.h b/thirdparty/open_source/openssl/openssl/kdferr.h similarity index 100% rename from include/TA/openssl/openssl/kdferr.h rename to thirdparty/open_source/openssl/openssl/kdferr.h diff --git a/include/TA/openssl/openssl/lhash.h b/thirdparty/open_source/openssl/openssl/lhash.h similarity index 99% rename from include/TA/openssl/openssl/lhash.h rename to thirdparty/open_source/openssl/openssl/lhash.h index 84cfab0..2e42d72 100644 --- a/include/TA/openssl/openssl/lhash.h +++ b/thirdparty/open_source/openssl/openssl/lhash.h @@ -66,6 +66,7 @@ typedef struct lhash_st OPENSSL_LHASH; name##_doall_arg(a, b); } # define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + # define LH_LOAD_MULT 256 int OPENSSL_LH_error(OPENSSL_LHASH *lh); diff --git a/include/TA/openssl/openssl/obj_mac.h b/thirdparty/open_source/openssl/openssl/obj_mac.h similarity index 97% rename from include/TA/openssl/openssl/obj_mac.h rename to thirdparty/open_source/openssl/openssl/obj_mac.h index 66ec330..53516a0 100644 --- a/include/TA/openssl/openssl/obj_mac.h +++ b/thirdparty/open_source/openssl/openssl/obj_mac.h @@ -77,11 +77,6 @@ #define NID_international_organizations 647 #define OBJ_international_organizations OBJ_joint_iso_itu_t,23L -#define SN_subject_key_attestation_evidence "subject-key-attestation-evidence" -#define LN_subject_key_attestation_evidence "Subject Key Attestation Evidence" -#define NID_subject_key_attestation_evidence 1195 -#define OBJ_subject_key_attestation_evidence OBJ_international_organizations,133L,6L,1L,1L - #define SN_wap "wap" #define NID_wap 678 #define OBJ_wap OBJ_international_organizations,43L @@ -318,14 +313,6 @@ #define NID_ecdsa_with_SHA512 796 #define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L -#define SN_ec192wapi "ec192wapi" -#define NID_ec192wapi 1214 -#define OBJ_ec192wapi OBJ_ISO_CN,11235L,1L,1L,2L,1L - -#define SN_ec192wapi_with_SHA256 "ec192wapi-with-SHA256" -#define NID_ec192wapi_with_SHA256 1215 -#define OBJ_ec192wapi_with_SHA256 OBJ_ISO_CN,11235L,1L,1L,1L - #define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L #define SN_secp112r1 "secp112r1" @@ -1187,80 +1174,11 @@ #define NID_sm3 1143 #define OBJ_sm3 OBJ_sm_scheme,401L -#define SN_SM2_with_SM3 "SM2-SM3" -#define LN_SM2_with_SM3 "SM2-with-SM3" -#define NID_SM2_with_SM3 1196 -#define OBJ_SM2_with_SM3 OBJ_sm_scheme,501L - #define SN_sm3WithRSAEncryption "RSA-SM3" #define LN_sm3WithRSAEncryption "sm3WithRSAEncryption" #define NID_sm3WithRSAEncryption 1144 #define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L -#define SN_sm9 "SM9" -#define LN_sm9 "sm9" -#define NID_sm9 1197 -#define OBJ_sm9 OBJ_sm_scheme,302L - -#define SN_sm2_sign "SM2-1" -#define LN_sm2_sign "sm2-sign" -#define NID_sm2_sign 1198 -#define OBJ_sm2_sign OBJ_sm2,1L - -#define SN_sm2_encrypt "SM2-3" -#define LN_sm2_encrypt "sm2-encrypt" -#define NID_sm2_encrypt 1211 -#define OBJ_sm2_encrypt OBJ_sm2,3L - -#define SN_sm2_cryptography_message_syntax_specification "sm2-cryptography-message-syntax-specification" -#define LN_sm2_cryptography_message_syntax_specification "SM2 Cryptography Message Syntax Specification" -#define NID_sm2_cryptography_message_syntax_specification 1199 -#define OBJ_sm2_cryptography_message_syntax_specification OBJ_oscca,6L,1L,4L,2L - -#define LN_pkcs7_sm2data "pkcs7-sm2data" -#define NID_pkcs7_sm2data 1200 -#define OBJ_pkcs7_sm2data OBJ_sm2_cryptography_message_syntax_specification,1L - -#define LN_pkcs7_sm2signedData "pkcs7-sm2signedData" -#define NID_pkcs7_sm2signedData 1201 -#define OBJ_pkcs7_sm2signedData OBJ_sm2_cryptography_message_syntax_specification,2L - -#define LN_pkcs7_sm2envelopedData "pkcs7-sm2envelopedData" -#define NID_pkcs7_sm2envelopedData 1212 -#define OBJ_pkcs7_sm2envelopedData OBJ_sm2_cryptography_message_syntax_specification,3L - -#define LN_pkcs7_sm2signedAndEnvelopedData "pkcs7-sm2signedAndEnvelopedData" -#define NID_pkcs7_sm2signedAndEnvelopedData 1213 -#define OBJ_pkcs7_sm2signedAndEnvelopedData OBJ_sm2_cryptography_message_syntax_specification,4L - -#define SN_sm2_cryptography_algorithm_application_specification "sm2-cryptography-algorithm-application-specification" -#define LN_sm2_cryptography_algorithm_application_specification "SM2 Cryptography Algorithm Application Specification" -#define NID_sm2_cryptography_algorithm_application_specification 1204 -#define OBJ_sm2_cryptography_algorithm_application_specification OBJ_oscca,6L,1L,4L,1L - -#define SN_q5 "q5" -#define LN_q5 "Password-based Key Derivation Specification" -#define NID_q5 1205 -#define OBJ_q5 OBJ_sm2_cryptography_algorithm_application_specification,5L - -#define LN_id_gm_pbkdf "GM-PBKDF" -#define NID_id_gm_pbkdf 1206 -#define OBJ_id_gm_pbkdf OBJ_q5,1L - -#define LN_id_gm_pbes "GM-PBES" -#define NID_id_gm_pbes 1207 -#define OBJ_id_gm_pbes OBJ_q5,2L - -#define SN_pbeWithSM3AndSM4_CBC "PBE-SM3-SM4" -#define LN_pbeWithSM3AndSM4_CBC "pbeWithSM3AndSM4-CBC" -#define NID_pbeWithSM3AndSM4_CBC 1208 -#define OBJ_pbeWithSM3AndSM4_CBC OBJ_sm2_cryptography_algorithm_application_specification,12L,1L,1L - -#define SN_hmacWithSM3 "sm3WithKey" -#define LN_hmacWithSM3 "hmacWithSM3" -#define NID_hmacWithSM3 1209 -#define OBJ_hmacWithSM3 OBJ_sm3,2L - #define LN_hmacWithSHA224 "hmacWithSHA224" #define NID_hmacWithSHA224 798 #define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L @@ -4814,11 +4732,6 @@ #define NID_seed_ofb128 778 #define OBJ_seed_ofb128 OBJ_kisa,1L,6L -#define SN_sm4Cipher "SM4-CIPHER" -#define LN_sm4Cipher "sm4Cipher" -#define NID_sm4Cipher 1210 -#define OBJ_sm4Cipher OBJ_sm_scheme,104L - #define SN_sm4_ecb "SM4-ECB" #define LN_sm4_ecb "sm4-ecb" #define NID_sm4_ecb 1133 @@ -4854,16 +4767,6 @@ #define NID_sm4_ctr 1139 #define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L -#define SN_sm4_gcm "SM4-GCM" -#define LN_sm4_gcm "sm4-gcm" -#define NID_sm4_gcm 1203 -#define OBJ_sm4_gcm OBJ_sm_scheme,104L,8L - -#define SN_sm4_xts "SM4-XTS" -#define LN_sm4_xts "sm4-xts" -#define NID_sm4_xts 1202 -#define OBJ_sm4_xts OBJ_sm_scheme,104L,10L - #define SN_hmac "HMAC" #define LN_hmac "hmac" #define NID_hmac 855 @@ -5196,14 +5099,6 @@ #define SN_ffdhe8192 "ffdhe8192" #define NID_ffdhe8192 1130 -#define SN_kyber512 "kyber512" -#define LN_kyber512 "kyber512" -#define NID_kyber512 1216 - -#define SN_x25519_kyber512 "x25519_kyber512" -#define LN_x25519_kyber512 "x25519_kyber512" -#define NID_x25519_kyber512 1217 - #define SN_ISO_UA "ISO-UA" #define NID_ISO_UA 1150 #define OBJ_ISO_UA OBJ_member_body,804L diff --git a/include/TA/openssl/openssl/objects.h b/thirdparty/open_source/openssl/openssl/objects.h similarity index 99% rename from include/TA/openssl/openssl/objects.h rename to thirdparty/open_source/openssl/openssl/objects.h index 611895f..5e8b576 100644 --- a/include/TA/openssl/openssl/objects.h +++ b/thirdparty/open_source/openssl/openssl/objects.h @@ -27,6 +27,7 @@ # define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 # define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 + #ifdef __cplusplus extern "C" { #endif @@ -167,6 +168,7 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); int OBJ_add_sigid(int signid, int dig_id, int pkey_id); void OBJ_sigid_free(void); + # ifdef __cplusplus } # endif diff --git a/include/TA/openssl/openssl/objectserr.h b/thirdparty/open_source/openssl/openssl/objectserr.h similarity index 100% rename from include/TA/openssl/openssl/objectserr.h rename to thirdparty/open_source/openssl/openssl/objectserr.h diff --git a/include/TA/openssl/openssl/opensslconf.h b/thirdparty/open_source/openssl/openssl/opensslconf.h similarity index 100% rename from include/TA/openssl/openssl/opensslconf.h rename to thirdparty/open_source/openssl/openssl/opensslconf.h diff --git a/include/TA/openssl/openssl/opensslv.h b/thirdparty/open_source/openssl/openssl/opensslv.h similarity index 99% rename from include/TA/openssl/openssl/opensslv.h rename to thirdparty/open_source/openssl/openssl/opensslv.h index 2b107a8..c486264 100644 --- a/include/TA/openssl/openssl/opensslv.h +++ b/thirdparty/open_source/openssl/openssl/opensslv.h @@ -94,6 +94,7 @@ extern "C" { # define SHLIB_VERSION_HISTORY "" # define SHLIB_VERSION_NUMBER "1.1" + #ifdef __cplusplus } #endif diff --git a/include/TA/openssl/openssl/ossl_typ.h b/thirdparty/open_source/openssl/openssl/ossl_typ.h similarity index 98% rename from include/TA/openssl/openssl/ossl_typ.h rename to thirdparty/open_source/openssl/openssl/ossl_typ.h index fa54d67..e0edfaa 100644 --- a/include/TA/openssl/openssl/ossl_typ.h +++ b/thirdparty/open_source/openssl/openssl/ossl_typ.h @@ -96,9 +96,6 @@ typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; typedef struct evp_pkey_method_st EVP_PKEY_METHOD; typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; -#ifndef OPENSSL_NO_GMSM -typedef struct sm2_derive_param_st SM2_DERIVE_PARAM; -#endif typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; diff --git a/include/TA/openssl/openssl/pem.h b/thirdparty/open_source/openssl/openssl/pem.h similarity index 97% rename from include/TA/openssl/openssl/pem.h rename to thirdparty/open_source/openssl/openssl/pem.h index a187bea..2ef5b5d 100644 --- a/include/TA/openssl/openssl/pem.h +++ b/thirdparty/open_source/openssl/openssl/pem.h @@ -16,9 +16,6 @@ # include # include # include -# ifndef OPENSSL_NO_SM2_ENVELOP -# include -# endif #ifdef __cplusplus extern "C" { @@ -51,9 +48,6 @@ extern "C" { # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" # define PEM_STRING_PARAMETERS "PARAMETERS" # define PEM_STRING_CMS "CMS" -# ifndef OPENSSL_NO_SM2_ENVELOP -# define PEM_STRING_SM2_ENVELOPED_KEY "SM2 ENVELOPED KEY" -# endif # define PEM_TYPE_ENCRYPTED 10 # define PEM_TYPE_MIC_ONLY 20 @@ -377,11 +371,6 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb, void *u); # endif # endif -# ifndef OPENSSL_NO_SM2_ENVELOP -DECLARE_PEM_rw(SM2_ENVELOPED_KEY, SM2_ENVELOPED_KEY) -SM2_ENVELOPED_KEY *d2i_SM2_ENVELOPED_KEY_bio(BIO *bp, SM2_ENVELOPED_KEY **sm2evpkey); -int i2d_SM2_ENVELOPED_KEY_bio(BIO *bp, SM2_ENVELOPED_KEY *sm2evpkey); -# endif # ifdef __cplusplus } diff --git a/include/TA/openssl/openssl/pemerr.h b/thirdparty/open_source/openssl/openssl/pemerr.h similarity index 100% rename from include/TA/openssl/openssl/pemerr.h rename to thirdparty/open_source/openssl/openssl/pemerr.h diff --git a/include/TA/openssl/openssl/pkcs7.h b/thirdparty/open_source/openssl/openssl/pkcs7.h similarity index 64% rename from include/TA/openssl/openssl/pkcs7.h rename to thirdparty/open_source/openssl/openssl/pkcs7.h index 0ea05c5..9b66e00 100644 --- a/include/TA/openssl/openssl/pkcs7.h +++ b/thirdparty/open_source/openssl/openssl/pkcs7.h @@ -151,28 +151,6 @@ DEFINE_STACK_OF(PKCS7) # define PKCS7_get_signed_attributes(si) ((si)->auth_attr) # define PKCS7_get_attributes(si) ((si)->unauth_attr) -#ifndef OPENSSL_NO_PKCS7_SM2 -# define PKCS7_type_is_sm2(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_sm2data \ - || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2signedData \ - || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2envelopedData \ - || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2signedAndEnvelopedData \ - ) -# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed \ - || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2signedData \ - ) -# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) -# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped \ - || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2envelopedData \ - ) -# define PKCS7_type_is_signedAndEnveloped(a) \ - (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped \ - || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2signedAndEnvelopedData \ - ) -# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data \ - || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2data \ - ) -# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) -#else # define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) # define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) # define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) @@ -180,7 +158,6 @@ DEFINE_STACK_OF(PKCS7) (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) # define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) # define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) -#endif # define PKCS7_set_detached(p,v) \ PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) @@ -208,7 +185,6 @@ DEFINE_STACK_OF(PKCS7) # define PKCS7_PARTIAL 0x4000 # define PKCS7_REUSE_DIGEST 0x8000 # define PKCS7_NO_DUAL_CONTENT 0x10000 -# define PKCS7_NOPADDING 0x20000 /* Flags: for compatibility with older code */ @@ -337,120 +313,6 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); -#ifndef OPENSSL_NO_PKCS7_SM2 -/** - * @API: - * PKCS7 *PKCS7_sm2_sign_envelop(X509 *signer, EVP_PKEY *pkey, STACK_OF(X509) *certs, - STACK_OF(X509) *recips, const EVP_CIPHER *cipher, - BIO *indata, int flags); - * @function: Build a complete PKCS#7 sm2 signedAndEnveloped data - * @param[in] - * X509 *signer -- the certificate to sign with - * EVP_PKEY *pkey -- the corresponding private key - * STACK_OF(X509) *certs -- an optional additional set of certificates - * STACK_OF(X509) *recips -- a list of recipient certificates - * const EVP_CIPHER *cipher -- the symmetric cipher to use - * BIO *indata -- the content to be enveloped and signed - * int flags -- an optional set of flags - * @return PKCS7* PKCS7 struct pointer - * @see GM/T 0010-2012 SM2 cryptography message syntax specification. Sec. 10 - * @reused API: - * PKCS7_set_type - * PKCS7_set_cipher - * PKCS7_sign_add_signer - * PKCS7_add_recipient - * PKCS7_add_certificate - * PKCS7_final - */ -PKCS7 *PKCS7_sm2_sign_envelop(X509 *signer, EVP_PKEY *pkey, STACK_OF(X509) *certs, - STACK_OF(X509) *recips, const EVP_CIPHER *cipher, - BIO *indata, int flags); -/** - * @API: - * int PKCS7_sm2_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); - * @function: PKCS#7 sm2 enveloped or signedAndEnveloped data decryption - * @param[in] - * PKCS7 *p7 -- PKCS7 struct pointer - * EVP_PKEY *pkey -- the private key for decryption - * X509 *cert -- the corresponding recipient certificate - * int flags -- an optional set of flags - * @param[out] - * BIO *data -- output data BIO struct pointer - * @return int: 1 for success; 0 for failure - * @see GM/T 0010-2012 SM2 cryptography message syntax specification. Sec. 9 and 10 - * @reused API: - * PKCS7_decrypt - */ -int PKCS7_sm2_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); -/** - * @API: - * int PKCS7_sm2_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - BIO *indata, BIO *out, int flags); - * @function: PKCS#7 sm2 signed or signedAndEnveloped data signature verification - * @param[in] - * PKCS7 *p7 -- PKCS7 struct pointer - * STACK_OF(X509) *certs -- a set of signer certificates - * EVP_PKEY *pkey -- the private key for decryption - * X509 *cert -- the corresponding recipient certificate - * int flags -- an optional set of flags - * @param[out] - * BIO *data -- output data BIO struct pointer - * @return int: 1 for success; 0 for failure - * @see GM/T 0010-2012 SM2 cryptography message syntax specification. Sec. 8 and 10 - * @reused API: - * PKCS7_get0_signers - * PKCS7_get_signer_info - * PKCS7_signatureVerify - */ -int PKCS7_sm2_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - BIO *indata, BIO *out, int flags); -/** - * @API: - * int PKCS7_sm2_decrypt_verify(PKCS7 *p7, X509 *recip, EVP_PKEY *recipkey, STACK_OF(X509) *certs, - X509_STORE *store, BIO *out, int flags); - * @function: PKCS#7 sm2 signedAndEnveloped data decryption and signature verification - * @param[in] - * PKCS7 *p7 -- PKCS7 struct pointer - * X509 *recip -- the recipient certificate - * EVP_PKEY *recipkey -- the corresponding private key for decryption - * STACK_OF(X509) *certs -- a set of signer certificates - * X509_STORE *store -- the trusted certificate store to use for chain verification - * int flags -- an optional set of flags - * @param[out] - * BIO *out -- output data BIO struct pointer - * @return int: 1 for success; 0 for failure - * @see GM/T 0010-2012 SM2 cryptography message syntax specification. Sec. 8 and 10 - * @reused API: - * PKCS7_sm2_decrypt - * PKCS7_sm2_verify - */ -int PKCS7_sm2_decrypt_verify(PKCS7 *p7, X509 *recip, EVP_PKEY *recipkey, STACK_OF(X509) *certs, - X509_STORE *store, BIO *out, int flags); -/** - * @API: - * int PKCS7_sm2_dataFinal(PKCS7 *p7, BIO *bio, BIO *data); - * @function: PKCS#7 sm2 signed, enveloped and signedAndEnveloped data signing and encrypting - * @param[in] - * PKCS7 *p7 -- PKCS7 struct pointer - * BIO *bio -- BIO chain - * BIO *data -- input data BIO struct pointer - * @param[out] - * BIO *out -- output data BIO struct pointer - * @return int: 1 for success; 0 for failure - * @see GM/T 0010-2012 SM2 cryptography message syntax specification. Sec. 8, 9 and 10 - * @note: - * Why do we create a new sm2 data final API? - * - * The process in the native OpenSSL API PKCS7_final calls PKCS7_dataInit and PKCS7_dataFinal - * in sequence. PKCS7_dataInit constructs a digest BIO. Each digest algorithm corresponds to only - * one digest BIO. PKCS7_dataFinal obtains the digest value in plaintext. Because the z value of - * SM2 Signature needs to be calculated and it is different for each signer. - * - * The interface is added to adapt to the multi-sm2-signer scenario. - */ -int PKCS7_sm2_dataFinal(PKCS7 *p7, BIO *bio, BIO *data); -#endif - # ifdef __cplusplus } # endif diff --git a/include/TA/openssl/openssl/pkcs7err.h b/thirdparty/open_source/openssl/openssl/pkcs7err.h similarity index 84% rename from include/TA/openssl/openssl/pkcs7err.h rename to thirdparty/open_source/openssl/openssl/pkcs7err.h index 22f8d52..02e0299 100644 --- a/include/TA/openssl/openssl/pkcs7err.h +++ b/thirdparty/open_source/openssl/openssl/pkcs7err.h @@ -57,15 +57,6 @@ int ERR_load_PKCS7_strings(void); # define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 # define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 # define PKCS7_F_PKCS7_VERIFY 117 -# define PKCS7_F_PKCS7_ADD_RECIPIENT 140 -# define PKCS7_F_PKCS7_SM2_SIGN_ENVELOP 141 -# define PKCS7_F_PKCS7_SM2_VERIFY 142 -# define PKCS7_F_PKCS7_SM2_VERIFY_CERT 143 -# define PKCS7_F_PKCS7_SM2_VERIFY_SIGNATURE 144 -# define PKCS7_F_PKCS7_SM2_VERIFY_DATA 145 -# define PKCS7_F_PKCS7_SM2_DECRYPT_VERIFY 146 -# define PKCS7_F_PKCS7_SM2_SIGN_DATA 147 -# define PKCS7_F_PKCS7_SM2_DATAFINAL 148 /* * PKCS7 reason codes. @@ -108,11 +99,5 @@ int ERR_load_PKCS7_strings(void); # define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 # define PKCS7_R_WRONG_CONTENT_TYPE 113 # define PKCS7_R_WRONG_PKCS7_TYPE 114 -# define PKCS7_R_UNSUPPORTED_SIGNERS 146 -# define PKCS7_R_UNSUPPORTED_RECIPIENTS 147 -# define PKCS7_R_SM2_SIGN_DATA_FAILURE 148 -# define PKCS7_R_SM2_VERIFY_DATA_FAILURE 149 -# define PKCS7_R_SM2_SIGNATURE_FAILURE 150 -# define PKCS7_R_SM2_VERIFY_ERROR 151 #endif diff --git a/include/TA/openssl/openssl/rand.h b/thirdparty/open_source/openssl/openssl/rand.h similarity index 85% rename from include/TA/openssl/openssl/rand.h rename to thirdparty/open_source/openssl/openssl/rand.h index ec3b31f..38a2a27 100644 --- a/include/TA/openssl/openssl/rand.h +++ b/thirdparty/open_source/openssl/openssl/rand.h @@ -69,16 +69,6 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void)) DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) # endif -#if !defined(OPENSSL_NO_FIPS) || !defined(OPENSSL_NO_CMVP) -int FIPS_rand_set_method(const RAND_METHOD *meth); -const RAND_METHOD *FIPS_rand_get_method(void); -int FIPS_rand_strength(void); -/* 1.0.0 compat functions */ -int FIPS_rand_seed(const void *buf, int num); -int FIPS_rand_bytes(unsigned char *out, int outlen); -void FIPS_rand_reset(void); -int FIPS_rand_status(void); -#endif #ifdef __cplusplus } diff --git a/include/TA/openssl/openssl/randerr.h b/thirdparty/open_source/openssl/openssl/randerr.h similarity index 100% rename from include/TA/openssl/openssl/randerr.h rename to thirdparty/open_source/openssl/openssl/randerr.h diff --git a/include/TA/openssl/openssl/rsa.h b/thirdparty/open_source/openssl/openssl/rsa.h similarity index 99% rename from include/TA/openssl/openssl/rsa.h rename to thirdparty/open_source/openssl/openssl/rsa.h index 459f0d2..5e76365 100644 --- a/include/TA/openssl/openssl/rsa.h +++ b/thirdparty/open_source/openssl/openssl/rsa.h @@ -31,12 +31,7 @@ extern "C" { # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 # endif -# ifndef OPENSSL_NO_FIPS - # define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 2048 - # define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS_LEGACY 1024 -#else - # define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 -# endif +# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 # ifndef OPENSSL_RSA_SMALL_MODULUS_BITS # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 diff --git a/include/TA/openssl/openssl/rsaerr.h b/thirdparty/open_source/openssl/openssl/rsaerr.h similarity index 97% rename from include/TA/openssl/openssl/rsaerr.h rename to thirdparty/open_source/openssl/openssl/rsaerr.h index 30a39de..59b15e1 100644 --- a/include/TA/openssl/openssl/rsaerr.h +++ b/thirdparty/open_source/openssl/openssl/rsaerr.h @@ -86,10 +86,6 @@ int ERR_load_RSA_strings(void); # define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 # define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 126 # define RSA_F_SETUP_TBUF 167 -#ifndef OPENSSL_NO_FIPS -# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 207 -# define RSA_F_FIPS_NDCPP_RSA_BUILTIN_KEYGEN 206 -#endif /* * RSA reason codes. @@ -167,8 +163,5 @@ int ERR_load_RSA_strings(void); # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 # define RSA_R_VALUE_MISSING 147 # define RSA_R_WRONG_SIGNATURE_LENGTH 119 -#ifndef OPENSSL_NO_FIPS -# define RSA_R_UNSUPPORTED_PARAMETERS 202 -#endif #endif diff --git a/include/TA/openssl/openssl/safestack.h b/thirdparty/open_source/openssl/openssl/safestack.h similarity index 100% rename from include/TA/openssl/openssl/safestack.h rename to thirdparty/open_source/openssl/openssl/safestack.h diff --git a/include/TA/openssl/openssl/sha.h b/thirdparty/open_source/openssl/openssl/sha.h similarity index 97% rename from include/TA/openssl/openssl/sha.h rename to thirdparty/open_source/openssl/openssl/sha.h index 4a47e6e..6a1eb0d 100644 --- a/include/TA/openssl/openssl/sha.h +++ b/thirdparty/open_source/openssl/openssl/sha.h @@ -83,10 +83,13 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); # define SHA512_CBLOCK (SHA_LBLOCK*8) # if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) # define SHA_LONG64 unsigned __int64 +# define U64(C) C##UI64 # elif defined(__arch64__) # define SHA_LONG64 unsigned long +# define U64(C) C##UL # else # define SHA_LONG64 unsigned long long +# define U64(C) C##ULL # endif typedef struct SHA512state_st { diff --git a/include/TA/openssl/openssl/stack.h b/thirdparty/open_source/openssl/openssl/stack.h similarity index 100% rename from include/TA/openssl/openssl/stack.h rename to thirdparty/open_source/openssl/openssl/stack.h diff --git a/include/TA/openssl/openssl/symhacks.h b/thirdparty/open_source/openssl/openssl/symhacks.h similarity index 100% rename from include/TA/openssl/openssl/symhacks.h rename to thirdparty/open_source/openssl/openssl/symhacks.h diff --git a/include/TA/openssl/openssl/x509.h b/thirdparty/open_source/openssl/openssl/x509.h similarity index 98% rename from include/TA/openssl/openssl/x509.h rename to thirdparty/open_source/openssl/openssl/x509.h index efdde0e..3ff86ec 100644 --- a/include/TA/openssl/openssl/x509.h +++ b/thirdparty/open_source/openssl/openssl/x509.h @@ -34,6 +34,7 @@ extern "C" { #endif + /* Flags for X509_get_signature_info() */ /* Signature info is valid */ # define X509_SIG_INFO_VALID 0x1 @@ -54,9 +55,6 @@ extern "C" { # define X509v3_KU_ENCIPHER_ONLY 0x0001 # define X509v3_KU_DECIPHER_ONLY 0x8000 # define X509v3_KU_UNDEF 0xffff -#define X509v3_KU_SM2_SIGN (X509v3_KU_DIGITAL_SIGNATURE | X509v3_KU_NON_REPUDIATION) -#define X509v3_KU_SM2_ENC_ENCIPHERMENT (X509v3_KU_KEY_ENCIPHERMENT | X509v3_KU_DATA_ENCIPHERMENT) -#define X509v3_KU_SM2_ENC_CIPHER_ONLY (X509v3_KU_ENCIPHER_ONLY | X509v3_KU_DECIPHER_ONLY) struct X509_algor_st { ASN1_OBJECT *algorithm; @@ -575,13 +573,6 @@ void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); int X509_get_signature_nid(const X509 *x); -# ifndef OPENSSL_NO_SM2 -void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); -ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); -void X509_REQ_set0_sm2_id(X509_REQ *x, ASN1_OCTET_STRING *sm2_id); -ASN1_OCTET_STRING *X509_REQ_get0_sm2_id(X509_REQ *x); -# endif - int X509_trusted(const X509 *x); int X509_alias_set1(X509 *x, const unsigned char *name, int len); int X509_keyid_set1(X509 *x, const unsigned char *id, int len); @@ -660,12 +651,6 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); int X509_up_ref(X509 *x); int X509_get_signature_type(const X509 *x); -#ifndef OPENSSL_NO_X509_REQ_EXP_ATTR -int X509_REQ_add1_exp_attr_by_NID(X509_REQ *req, - int nid, int type, - const unsigned char *bytes, int len); -#endif - # if OPENSSL_API_COMPAT < 0x10100000L # define X509_get_notBefore X509_getm_notBefore # define X509_get_notAfter X509_getm_notAfter @@ -673,6 +658,7 @@ int X509_REQ_add1_exp_attr_by_NID(X509_REQ *req, # define X509_set_notAfter X509_set1_notAfter #endif + /* * This one is only used so that a binary form can output, as in * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) @@ -743,7 +729,6 @@ const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)) DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)) -const unsigned char *X509_CRL_get_hash(const X509_CRL *crl); X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); diff --git a/include/TA/openssl/openssl/x509_vfy.h b/thirdparty/open_source/openssl/openssl/x509_vfy.h similarity index 99% rename from include/TA/openssl/openssl/x509_vfy.h rename to thirdparty/open_source/openssl/openssl/x509_vfy.h index fa6027f..25c79f1 100644 --- a/include/TA/openssl/openssl/x509_vfy.h +++ b/thirdparty/open_source/openssl/openssl/x509_vfy.h @@ -79,6 +79,7 @@ typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx X509_NAME *nm); typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_STORE_CTX_set_app_data(ctx,data) \ @@ -188,9 +189,6 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 78 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 79 -/*huawei_0032_check_x509v3_pathlen_extension.patch*/ -# define X509_V_ERR_INVALID_PATHLEN_EXTENSION 101 /* Returned by the verify callback to indicate that the pathlen is invalid */ - /* Certificate verify flags */ # if OPENSSL_API_COMPAT < 0x10100000L @@ -449,6 +447,7 @@ int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( const X509_LOOKUP_METHOD *method); + int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); diff --git a/include/TA/openssl/openssl/x509err.h b/thirdparty/open_source/openssl/openssl/x509err.h similarity index 95% rename from include/TA/openssl/openssl/x509err.h rename to thirdparty/open_source/openssl/openssl/x509err.h index 0a84ef0..cd08673 100644 --- a/include/TA/openssl/openssl/x509err.h +++ b/thirdparty/open_source/openssl/openssl/x509err.h @@ -26,7 +26,6 @@ int ERR_load_X509_strings(void); # define X509_F_BY_FILE_CTRL 101 # define X509_F_CHECK_NAME_CONSTRAINTS 149 # define X509_F_CHECK_POLICY 145 -# define X509_F_COMMON_VERIFY_SM2 165 # define X509_F_DANE_I2D 107 # define X509_F_DIR_CTRL 102 # define X509_F_GET_CERT_BY_SUBJECT 103 @@ -71,8 +70,6 @@ int ERR_load_X509_strings(void); # define X509_F_X509_REQ_PRINT_EX 121 # define X509_F_X509_REQ_PRINT_FP 122 # define X509_F_X509_REQ_TO_X509 123 -# define X509_F_X509_REQ_VERIFY 163 -# define X509_F_X509_REQ_VERIFY_SM2 164 # define X509_F_X509_STORE_ADD_CERT 124 # define X509_F_X509_STORE_ADD_CRL 125 # define X509_F_X509_STORE_ADD_LOOKUP 157 @@ -84,10 +81,8 @@ int ERR_load_X509_strings(void); # define X509_F_X509_TO_X509_REQ 126 # define X509_F_X509_TRUST_ADD 133 # define X509_F_X509_TRUST_SET 141 -# define X509_F_X509_VERIFY 161 # define X509_F_X509_VERIFY_CERT 127 # define X509_F_X509_VERIFY_PARAM_NEW 159 -# define X509_F_X509_VERIFY_SM2 162 /* * X509 reason codes. -- 2.33.0