packages/itrustee_sdk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
itrustee_sdk/0005-support-remote-attestation.patch
houmingyong 43725dcb33 support remote attestation
2023-04-27 21:17:21 +08:00

19053 lines
720 KiB
Diff
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From f2cc71ac472a5131fc146939418d5d3842c23141 Mon Sep 17 00:00:00 2001
From: houmingyong <houmingyong@huawei.com>
Date: Wed, 26 Apr 2023 11:19:11 +0800
Subject: [PATCH] support remote attestation
---
CHANGELOG | 12 +-
README | 20 +
build/cmake/aarch64_toolchain.cmake | 14 +
build/cmake/common.cmake | 54 +
build/mk/common.mk | 39 +
build/pack-Config/Config_pre.py | 284 +++
build/pack-Config/ReadMe.txt | 18 +
build/pack-Config/config_cert/ReadMe.txt | 2 +
build/pack-Config/config_v2.py | 122 ++
build/pack-Config/input/configs.xml | 15 +
build/pack-Config/local_sign.sh | 61 +
build/pack-Config/output/ReadMe.txt | 1 +
build/pack-Config/ta_cert/ReadMe.txt | 1 +
build/pack-TA/Readme.txt | 12 +
build/pack-TA/build_ta.sh | 22 +
build/pack-TA/input/Readme.txt | 4 +
build/pack-TA/output/Readme.txt | 1 +
build/signtools/auth_conf_parser.py | 260 +++
build/signtools/config_cloud.ini | 60 +
build/signtools/config_tee_private_sample.ini | 35 +
build/signtools/dyn_conf_checker.py | 512 ++++++
build/signtools/dyn_conf_parser.py | 315 ++++
build/signtools/generate_hash.py | 51 +
build/signtools/generate_signature.py | 69 +-
build/signtools/get_ta_elf_hash.py | 246 +++
build/signtools/manifest.py | 273 ++-
build/signtools/manifest_tag_parse_dict.csv | 24 +
build/signtools/rsa_public_key_cloud.pem | 11 +
build/signtools/signtool_v3.py | 763 ++++++---
build/signtools/tag_parse_dict.csv | 120 ++
build/signtools/xml_trans_manifest.py | 109 ++
build/tools/srv_entry_check.sh | 13 +
build/tools/ta_entry_check.sh | 52 +
build/tools/ta_link_64.gcc_xom.ld | 226 +++
build/tools/ta_link_64.ld | 20 +-
build/tools/ta_link_64.smee.ld | 262 +++
include/CA/tee_client_api.h | 21 +-
include/CA/tee_client_constants.h | 68 +-
include/CA/tee_client_list.h | 39 +-
include/CA/tee_client_log.h | 9 +-
include/CA/tee_client_type.h | 56 +-
include/TA/huawei_ext/crypto_cert_wrapper.h | 87 +
.../TA/huawei_ext/crypto_device_key_wrapper.h | 31 +
include/TA/huawei_ext/crypto_ec_wrapper.h | 149 ++
.../TA/huawei_ext/crypto_ec_x509_wrapper.h | 53 +
include/TA/huawei_ext/crypto_inner_wrapper.h | 71 +
include/TA/huawei_ext/crypto_rsa_wrapper.h | 154 ++
include/TA/huawei_ext/crypto_wrapper.h | 583 +------
include/TA/huawei_ext/crypto_x509_wrapper.h | 169 ++
include/TA/huawei_ext/permsrv_api_cert.h | 22 +
include/TA/huawei_ext/permsrv_api_legacy.h | 21 +
include/TA/huawei_ext/qsi_data_structure.h | 27 +
include/TA/huawei_ext/tee_crypto_err.h | 42 +
include/TA/huawei_ext/tee_crypto_hal.h | 14 +-
include/TA/huawei_ext/tee_err.h | 31 +
include/TA/huawei_ext/tee_ext_api.h | 67 +-
include/TA/huawei_ext/tee_hw_ext_api_legacy.h | 293 ++++
include/TA/huawei_ext/tee_log.h | 218 ++-
include/TA/huawei_ext/tee_log_legacy.h | 18 +
include/TA/huawei_ext/tee_openssl_err.h | 500 ++++++
include/TA/huawei_ext/tee_ra_api.h | 23 +
include/TA/pthread_attr.h | 22 +
include/TA/tee_arith_api.h | 27 +-
include/TA/tee_core_api.h | 8 +-
include/TA/tee_crypto_api.h | 168 +-
include/TA/tee_defines.h | 284 +--
include/TA/tee_mem_mgmt_api.h | 5 +-
include/TA/tee_object_api.h | 5 +-
include/TA/tee_property_api.h | 7 +-
include/TA/tee_time_api.h | 81 +-
include/TA/tee_trusted_storage_api.h | 309 ++++
include/TA/tee_uuid.h | 27 +
src/CA/libteec_adaptor.c | 269 +++
test/CA/cert_manager/Makefile | 27 +
test/CA/cert_manager/cert_common.h | 21 +
test/CA/cert_manager/cert_file.c | 100 ++
test/CA/cert_manager/cert_file.h | 25 +
test/CA/cert_manager/cert_manager.c | 368 ++++
test/CA/helloworld/Makefile | 24 +
test/CA/helloworld/ca_demo.c | 17 +-
test/CA/libqca/Makefile | 42 +
test/CA/libqca/include/ra_client_api.h | 22 +
test/CA/libqca/src/ra_log.h | 27 +
test/CA/libqca/src/ra_operate_api.c | 147 ++
test/CA/libqca/src/ra_operate_api.h | 24 +
test/TA/cert_manager/CMakeLists.txt | 38 +
test/TA/cert_manager/Makefile | 34 +
test/TA/cert_manager/config.cmake | 11 +
test/TA/cert_manager/config.mk | 12 +
test/TA/cert_manager/config.sh | 34 +
test/TA/cert_manager/include/cert_config.h | 63 +
test/TA/cert_manager/manifest.txt | 7 +
test/TA/cert_manager/src/cert_logger.c | 165 ++
test/TA/cert_manager/src/cert_logger.h | 31 +
test/TA/cert_manager/src/cert_manager.c | 301 ++++
test/TA/helloworld/CMakeLists.txt | 30 +
test/TA/helloworld/Makefile | 28 +
test/TA/helloworld/ReadMe.txt | 7 +-
test/TA/helloworld/auth_config.xml | 7 +
test/TA/helloworld/config.cmake | 23 +
test/TA/helloworld/config.mk | 19 +-
test/TA/helloworld/config.sh | 34 +
test/TA/helloworld/ta_demo.c | 15 +-
test/TA/qta/CMakeLists.txt | 67 +
test/TA/qta/Makefile | 41 +
test/TA/qta/ReadMe.txt | 12 +
test/TA/qta/config.cmake | 23 +
test/TA/qta/config.mk | 23 +
test/TA/qta/config.sh | 34 +
test/TA/qta/manifest.txt | 7 +
test/TA/qta/src/daa/daa_structure.c | 185 ++
test/TA/qta/src/daa/daa_structure.h | 64 +
test/TA/qta/src/daa/validate_akcert.c | 191 +++
test/TA/qta/src/daa/validate_akcert.h | 20 +
test/TA/qta/src/tee_qta.c | 279 +++
test/TA/qta/src/tee_qta.h | 29 +
.../musl/libc/arch/aarch64/bits/alltypes.h | 251 ++-
.../musl/libc/arch/aarch64/bits/hwcap.h | 12 +
.../musl/libc/arch/aarch64/bits/mman.h | 2 +
.../musl/libc/arch/aarch64/bits/signal.h | 4 +-
.../musl/libc/arch/aarch64/bits/syscall.h | 1144 +++++++------
.../musl/libc/arch/aarch64/bits/syscall.h.in | 10 +
.../musl/libc/arch/aarch64/bits/user.h | 2 +-
.../musl/libc/arch/aarch64/pthread_arch.h | 9 +-
.../musl/libc/arch/arm/bits/alltypes.h | 252 ++-
.../musl/libc/arch/arm/bits/syscall.h | 1521 +++++++++--------
.../open_source/musl/libc/arch/arm/crt_arch.h | 27 +
.../musl/libc/arch/generic/bits/fcntl.h | 6 +
.../musl/libc/arch/generic/bits/shm.h | 2 +-
thirdparty/open_source/musl/libc/arpa/inet.h | 5 -
thirdparty/open_source/musl/libc/ctype.h | 7 +
thirdparty/open_source/musl/libc/elf.h | 4 +
thirdparty/open_source/musl/libc/float.h | 52 +
thirdparty/open_source/musl/libc/limits.h | 2 +
thirdparty/open_source/musl/libc/locale.h | 4 +-
thirdparty/open_source/musl/libc/netinet/in.h | 8 +-
.../open_source/musl/libc/netinet/tcp.h | 29 +-
thirdparty/open_source/musl/libc/nl_types.h | 22 +
thirdparty/open_source/musl/libc/pthread.h | 22 +
thirdparty/open_source/musl/libc/sched.h | 1 +
thirdparty/open_source/musl/libc/setjmp.h | 14 +-
thirdparty/open_source/musl/libc/signal.h | 24 +-
thirdparty/open_source/musl/libc/stddef.h | 6 +-
thirdparty/open_source/musl/libc/stdio.h | 4 +-
thirdparty/open_source/musl/libc/stdlib.h | 7 +-
thirdparty/open_source/musl/libc/string.h | 4 +-
thirdparty/open_source/musl/libc/sys/fcntl.h | 2 +
thirdparty/open_source/musl/libc/sys/ioctl.h | 9 +-
thirdparty/open_source/musl/libc/sys/mman.h | 5 +-
thirdparty/open_source/musl/libc/sys/socket.h | 2 +
thirdparty/open_source/musl/libc/time.h | 6 +-
thirdparty/open_source/musl/libc/unistd.h | 8 +-
thirdparty/open_source/musl/libc/wchar.h | 4 +-
.../open_source}/openssl/crypto/asn1.h | 3 -
.../open_source}/openssl/crypto/bn.h | 0
.../open_source}/openssl/crypto/ec.h | 6 -
.../open_source}/openssl/crypto/err.h | 0
.../open_source}/openssl/internal/bio.h | 6 -
.../open_source}/openssl/openssl/asn1.h | 7 +-
.../open_source}/openssl/openssl/asn1err.h | 0
.../open_source}/openssl/openssl/asn1t.h | 17 -
.../open_source}/openssl/openssl/bio.h | 14 +-
.../open_source}/openssl/openssl/bioerr.h | 0
.../open_source}/openssl/openssl/bn.h | 127 +-
.../open_source}/openssl/openssl/bnerr.h | 0
.../open_source}/openssl/openssl/buffer.h | 2 +
.../open_source}/openssl/openssl/buffererr.h | 0
.../open_source}/openssl/openssl/cmac.h | 0
.../open_source}/openssl/openssl/crypto.h | 60 +-
.../open_source}/openssl/openssl/cryptoerr.h | 0
.../open_source}/openssl/openssl/dh.h | 8 +-
.../open_source}/openssl/openssl/dsa.h | 6 +-
.../open_source}/openssl/openssl/e_os2.h | 14 +-
.../open_source}/openssl/openssl/ec.h | 3 +-
.../open_source}/openssl/openssl/ecdsa.h | 9 -
.../open_source}/openssl/openssl/ecerr.h | 6 -
.../open_source}/openssl/openssl/err.h | 12 -
.../open_source}/openssl/openssl/evp.h | 19 +-
.../open_source}/openssl/openssl/evperr.h | 2 -
.../open_source}/openssl/openssl/hmac.h | 0
.../open_source}/openssl/openssl/kdf.h | 1 +
.../open_source}/openssl/openssl/kdferr.h | 0
.../open_source}/openssl/openssl/lhash.h | 1 +
.../open_source}/openssl/openssl/obj_mac.h | 105 --
.../open_source}/openssl/openssl/objects.h | 2 +
.../open_source}/openssl/openssl/objectserr.h | 0
.../openssl/openssl/opensslconf.h | 0
.../open_source}/openssl/openssl/opensslv.h | 1 +
.../open_source}/openssl/openssl/ossl_typ.h | 3 -
.../open_source}/openssl/openssl/pem.h | 11 -
.../open_source}/openssl/openssl/pemerr.h | 0
.../open_source}/openssl/openssl/pkcs7.h | 138 --
.../open_source}/openssl/openssl/pkcs7err.h | 15 -
.../open_source}/openssl/openssl/rand.h | 10 -
.../open_source}/openssl/openssl/randerr.h | 0
.../open_source}/openssl/openssl/rsa.h | 7 +-
.../open_source}/openssl/openssl/rsaerr.h | 7 -
.../open_source}/openssl/openssl/safestack.h | 0
.../open_source}/openssl/openssl/sha.h | 3 +
.../open_source}/openssl/openssl/stack.h | 0
.../open_source}/openssl/openssl/symhacks.h | 0
.../open_source}/openssl/openssl/x509.h | 19 +-
.../open_source}/openssl/openssl/x509_vfy.h | 5 +-
.../open_source}/openssl/openssl/x509err.h | 5 -
204 files changed, 11281 insertions(+), 3625 deletions(-)
create mode 100644 README
create mode 100644 build/cmake/aarch64_toolchain.cmake
create mode 100644 build/cmake/common.cmake
create mode 100644 build/mk/common.mk
create mode 100644 build/pack-Config/Config_pre.py
create mode 100644 build/pack-Config/ReadMe.txt
create mode 100644 build/pack-Config/config_cert/ReadMe.txt
create mode 100644 build/pack-Config/config_v2.py
create mode 100644 build/pack-Config/input/configs.xml
create mode 100644 build/pack-Config/local_sign.sh
create mode 100644 build/pack-Config/output/ReadMe.txt
create mode 100644 build/pack-Config/ta_cert/ReadMe.txt
create mode 100644 build/pack-TA/Readme.txt
create mode 100644 build/pack-TA/build_ta.sh
create mode 100644 build/pack-TA/input/Readme.txt
create mode 100644 build/pack-TA/output/Readme.txt
create mode 100644 build/signtools/auth_conf_parser.py
create mode 100644 build/signtools/config_cloud.ini
create mode 100644 build/signtools/config_tee_private_sample.ini
create mode 100644 build/signtools/dyn_conf_checker.py
create mode 100644 build/signtools/dyn_conf_parser.py
create mode 100644 build/signtools/generate_hash.py
create mode 100644 build/signtools/get_ta_elf_hash.py
create mode 100644 build/signtools/manifest_tag_parse_dict.csv
create mode 100644 build/signtools/rsa_public_key_cloud.pem
create mode 100644 build/signtools/tag_parse_dict.csv
create mode 100644 build/signtools/xml_trans_manifest.py
create mode 100644 build/tools/srv_entry_check.sh
create mode 100644 build/tools/ta_entry_check.sh
create mode 100644 build/tools/ta_link_64.gcc_xom.ld
create mode 100644 build/tools/ta_link_64.smee.ld
create mode 100644 include/TA/huawei_ext/crypto_cert_wrapper.h
create mode 100644 include/TA/huawei_ext/crypto_device_key_wrapper.h
create mode 100644 include/TA/huawei_ext/crypto_ec_wrapper.h
create mode 100644 include/TA/huawei_ext/crypto_ec_x509_wrapper.h
create mode 100644 include/TA/huawei_ext/crypto_inner_wrapper.h
create mode 100644 include/TA/huawei_ext/crypto_rsa_wrapper.h
create mode 100644 include/TA/huawei_ext/crypto_x509_wrapper.h
create mode 100644 include/TA/huawei_ext/permsrv_api_cert.h
create mode 100644 include/TA/huawei_ext/permsrv_api_legacy.h
create mode 100644 include/TA/huawei_ext/qsi_data_structure.h
create mode 100644 include/TA/huawei_ext/tee_crypto_err.h
create mode 100644 include/TA/huawei_ext/tee_err.h
create mode 100644 include/TA/huawei_ext/tee_hw_ext_api_legacy.h
create mode 100644 include/TA/huawei_ext/tee_log_legacy.h
create mode 100644 include/TA/huawei_ext/tee_openssl_err.h
create mode 100644 include/TA/huawei_ext/tee_ra_api.h
create mode 100644 include/TA/pthread_attr.h
create mode 100644 include/TA/tee_trusted_storage_api.h
create mode 100644 include/TA/tee_uuid.h
create mode 100644 src/CA/libteec_adaptor.c
create mode 100644 test/CA/cert_manager/Makefile
create mode 100644 test/CA/cert_manager/cert_common.h
create mode 100644 test/CA/cert_manager/cert_file.c
create mode 100644 test/CA/cert_manager/cert_file.h
create mode 100644 test/CA/cert_manager/cert_manager.c
create mode 100644 test/CA/helloworld/Makefile
create mode 100644 test/CA/libqca/Makefile
create mode 100644 test/CA/libqca/include/ra_client_api.h
create mode 100644 test/CA/libqca/src/ra_log.h
create mode 100644 test/CA/libqca/src/ra_operate_api.c
create mode 100644 test/CA/libqca/src/ra_operate_api.h
create mode 100644 test/TA/cert_manager/CMakeLists.txt
create mode 100644 test/TA/cert_manager/Makefile
create mode 100644 test/TA/cert_manager/config.cmake
create mode 100644 test/TA/cert_manager/config.mk
create mode 100644 test/TA/cert_manager/config.sh
create mode 100644 test/TA/cert_manager/include/cert_config.h
create mode 100644 test/TA/cert_manager/manifest.txt
create mode 100644 test/TA/cert_manager/src/cert_logger.c
create mode 100644 test/TA/cert_manager/src/cert_logger.h
create mode 100644 test/TA/cert_manager/src/cert_manager.c
create mode 100644 test/TA/helloworld/CMakeLists.txt
create mode 100644 test/TA/helloworld/Makefile
create mode 100644 test/TA/helloworld/auth_config.xml
create mode 100644 test/TA/helloworld/config.cmake
create mode 100644 test/TA/helloworld/config.sh
create mode 100644 test/TA/qta/CMakeLists.txt
create mode 100644 test/TA/qta/Makefile
create mode 100644 test/TA/qta/ReadMe.txt
create mode 100644 test/TA/qta/config.cmake
create mode 100644 test/TA/qta/config.mk
create mode 100644 test/TA/qta/config.sh
create mode 100644 test/TA/qta/manifest.txt
create mode 100644 test/TA/qta/src/daa/daa_structure.c
create mode 100644 test/TA/qta/src/daa/daa_structure.h
create mode 100644 test/TA/qta/src/daa/validate_akcert.c
create mode 100644 test/TA/qta/src/daa/validate_akcert.h
create mode 100644 test/TA/qta/src/tee_qta.c
create mode 100644 test/TA/qta/src/tee_qta.h
create mode 100644 thirdparty/open_source/musl/libc/arch/aarch64/bits/mman.h
create mode 100644 thirdparty/open_source/musl/libc/arch/arm/crt_arch.h
create mode 100644 thirdparty/open_source/musl/libc/float.h
create mode 100644 thirdparty/open_source/musl/libc/nl_types.h
create mode 100644 thirdparty/open_source/musl/libc/sys/fcntl.h
rename {include/TA => thirdparty/open_source}/openssl/crypto/asn1.h (97%)
rename {include/TA => thirdparty/open_source}/openssl/crypto/bn.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/crypto/ec.h (91%)
rename {include/TA => thirdparty/open_source}/openssl/crypto/err.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/internal/bio.h (82%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/asn1.h (99%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/asn1err.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/asn1t.h (98%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/bio.h (98%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/bioerr.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/bn.h (83%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/bnerr.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/buffer.h (99%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/buffererr.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/cmac.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/crypto.h (90%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/cryptoerr.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/dh.h (98%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/dsa.h (98%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/e_os2.h (95%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/ec.h (99%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/ecdsa.h (68%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/ecerr.h (98%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/err.h (94%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/evp.h (99%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/evperr.h (98%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/hmac.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/kdf.h (99%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/kdferr.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/lhash.h (99%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/obj_mac.h (97%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/objects.h (99%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/objectserr.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/opensslconf.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/opensslv.h (99%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/ossl_typ.h (98%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/pem.h (97%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/pemerr.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/pkcs7.h (64%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/pkcs7err.h (84%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/rand.h (85%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/randerr.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/rsa.h (99%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/rsaerr.h (97%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/safestack.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/sha.h (97%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/stack.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/symhacks.h (100%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/x509.h (98%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/x509_vfy.h (99%)
rename {include/TA => thirdparty/open_source}/openssl/openssl/x509err.h (95%)
diff --git a/CHANGELOG b/CHANGELOG
index 7e22858..e90d34c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,4 +1,14 @@
-v0.1.0 (Apr 2, 2020)
+v5.1.2 (Jun 21, 2021)
+======
+Features:
+---------
+* add support for cmake
+v5.1.1 (May 21, 2021)
+======
+Fixes:
+------
+* The problem of storing the aeskey file is rectified, and the dependency on the pycryptodomex-3.10.1 plug-in package is introduced.
+v5.1.0 (Apr 2, 2020)
======
Features:
---------
diff --git a/README b/README
new file mode 100644
index 0000000..6811e56
--- /dev/null
+++ b/README
@@ -0,0 +1,20 @@
+iTrustee SDK
+============
+
+Getting Started
+---------------
+Before setup your own project, please download libboundscheck software for secure function library.
+Decompress the openeuler-libboundscheck-master.zip package, then put this software to thirdparty/open_source path.
+Ensure that the header file path is thirdparty/open_source/libboundscheck/include.
+This software download address is https://gitee.com/openeuler/libboundscheck.
+
+build demo project:
+$ cd test/CA/helloworld
+$ make
+$ cd test/TA/helloworld
+$ make
+copy build result CA executable file and TA binary(xxx.sec) to /vendor/bin/
+#the path "/vendor/bin/" may be changed as your opinion, make sure it consistent with the path defined in your TA's source code
+$ /vendor/bin/demo_hello
+
+for more details please refor "iTrustee SDK<44><4B><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֲ<EFBFBD>.chm"
diff --git a/build/cmake/aarch64_toolchain.cmake b/build/cmake/aarch64_toolchain.cmake
new file mode 100644
index 0000000..97dc45d
--- /dev/null
+++ b/build/cmake/aarch64_toolchain.cmake
@@ -0,0 +1,14 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved.
+# toolchain.cmake
+set(CMAKE_SYSTEM_NAME Linux)
+set(CMAKE_SYSTEM_PROCESSOR aarch64)
+
+#set(CMAKE_FIND_ROOT_PATH $ENV{TOOLCHAINS_ROOT})
+
+set(CMAKE_C_COMPILER cc CACHE PATH "GCC 64 compiler")
+set(CMAKE_LINKER ld CACHE PATH "GCC C64 LD")
+set(CMAKE_OBJCOPY objcopy CACHE PATH "GCC 64 objcopy")
+
+set(CMAKE_SKIP_BUILD_RPATH TRUE CACHE BOOL "" FORCE)
+set(CMAKE_C_CREATE_SHARED_LIBRARY "<CMAKE_LINKER> <LANGUAGE_COMPILE_FLAGS> <LINK_FLAGS> -o <TARGET> <OBJECTS> <LINK_LIBRARIES>")
+
diff --git a/build/cmake/common.cmake b/build/cmake/common.cmake
new file mode 100644
index 0000000..f18d3f4
--- /dev/null
+++ b/build/cmake/common.cmake
@@ -0,0 +1,54 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved.
+# compile flags
+set(ITRUSTEE_BUILD_PATH $ENV{ITRUSTEE_BUILD_PATH})
+set(LIBC ${ITRUSTEE_BUILD_PATH}/thirdparty/open_source/musl)
+set(LIBSECURE ${ITRUSTEE_BUILD_PATH}/thirdparty/open_source/libboundscheck)
+
+set(COMMON_INCLUDES
+ ${COMMON_INCLUDES}
+ ${LIBC}/libc
+ ${LIBC}/libc/arch/aarch64
+ ${LIBC}/libc/arch/aarch64/bits
+ ${LIBC}/libc/arch/generic
+ ${LIBSECURE}/include
+ ${ITRUSTEE_BUILD_PATH}/include/TA
+ ${ITRUSTEE_BUILD_PATH}/include/TA/huawei_ext
+)
+
+set(COMMON_CFLAGS
+ ${COMMON_CFLAGS}
+ -W
+ -Wall
+ -Werror
+ -fno-short-enums
+ -fno-omit-frame-pointer
+ -fstack-protector-strong
+ -Wextra
+ -nostdinc
+ -march=armv8-a -Os
+ -fPIC
+ -fno-common
+ -fsigned-char
+)
+
+set(COMMON_LDFLAGS
+ ${COMMON_LDFLAGS}
+ "-s"
+ "SHELL:-z text"
+ "SHELL:-z now"
+ "SHELL:-z relro"
+ "SHELL:-z noexecstack"
+ "SHELL:-z max-page-size=0x1000"
+ "SHELL:-z common-page-size=0x1000"
+ "-shared"
+)
+
+if ("${USE_SMEE}" STREQUAL "y")
+ list(APPEND COMMON_LDFLAGS
+ "-T${ITRUSTEE_BUILD_PATH}/build/tools/ta_link_64.smee.ld"
+ )
+else()
+ List(APPEND COMMON_LDFLAGS
+ "-T${ITRUSTEE_BUILD_PATH}/build/tools/ta_link_64.ld"
+ )
+endif()
diff --git a/build/mk/common.mk b/build/mk/common.mk
new file mode 100644
index 0000000..758e92d
--- /dev/null
+++ b/build/mk/common.mk
@@ -0,0 +1,39 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved.
+CUR_DIR=$(shell pwd)
+ifeq ($(ITRUSTEE_BUILD_PATH), )
+ ITRUSTEE_BUILD_PATH=${CUR_DIR}/../../..
+endif
+SIGNTOOL_DIR=${ITRUSTEE_BUILD_PATH}/build/signtools
+
+LIBC=$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/musl
+LIBSECURE=$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck
+
+# set compile parameters
+CFLAGS += -W -Wall
+CFLAGS += -Werror
+CFLAGS += -fno-short-enums
+CFLAGS += -fno-omit-frame-pointer
+CFLAGS += -fstack-protector-strong
+CFLAGS += -Wextra -nostdinc
+CFLAGS += -march=armv8-a -Os -fPIC
+CFLAGS += -fno-common -fsigned-char
+
+# set header directory
+INCLUDEDIR += -I$(LIBC)/libc \
+ -I$(LIBC)/libc/arch/aarch64 \
+ -I$(LIBC)/libc/arch/aarch64/bits \
+ -I$(LIBC)/libc/arch/generic
+
+INCLUDEDIR += -I$(LIBSECURE)/include
+
+INCLUDEDIR += -I$(ITRUSTEE_BUILD_PATH)/include/TA/ \
+ -I$(ITRUSTEE_BUILD_PATH)/include/TA/huawei_ext/ \
+
+# set LD flags
+LDFLAGS += -s -z text -z now -z relro -z noexecstack -z max-page-size=0x1000 -z common-page-size=0x1000 -shared
+
+ifeq ($(USE_SMEE),y)
+ LDFLAGS += -T$(ITRUSTEE_BUILD_PATH)/build/tools/ta_link_64.smee.ld
+else
+ LDFLAGS += -T$(ITRUSTEE_BUILD_PATH)/build/tools/ta_link_64.ld
+endif
diff --git a/build/pack-Config/Config_pre.py b/build/pack-Config/Config_pre.py
new file mode 100644
index 0000000..39f3309
--- /dev/null
+++ b/build/pack-Config/Config_pre.py
@@ -0,0 +1,284 @@
+#!/usr/bin/env python
+# coding=utf-8
+#----------------------------------------------------------------------------
+# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+# tools for generating data for signing
+#----------------------------------------------------------------------------
+
+import struct
+import os
+import stat
+import sys
+import hashlib
+import subprocess
+import re
+import logging
+import shutil
+import xml.etree.ElementTree as ET
+sys.path.append('../signtools')
+from dyn_conf_parser import parser_config_xml
+from dyn_conf_parser import parser_dyn_conf
+
+CONFIG_VERSION = 2
+BASE_POLICY_VERSION_TEE = 0b001
+
+XML2TLV_PARSE_TOOL_INDEX = 1
+XML2TLV_PY_VALUE = 1 << XML2TLV_PARSE_TOOL_INDEX
+
+
+def get_policy_version():
+ ''' get policy type '''
+ policy_ver = BASE_POLICY_VERSION_TEE | XML2TLV_PY_VALUE
+ return policy_ver
+
+
+def run_cmd(command):
+ ret = subprocess.run(command, shell=False, check=True)
+ if ret.returncode != 0:
+ logging.error("run command failed.")
+ sys.exit(1)
+
+
+def whitelist_check(intput_str):
+ if not re.match(r"^[A-Za-z0-9\/\-_.]+$", intput_str):
+ return 1
+ return 0
+
+
+class load_config_header:
+ str = struct.Struct('IHHIIIIIIIII')
+
+ def __init__(self, data):
+ unpacked_data = (load_config_header.str).unpack(data.encode())
+ self.unpacked_data = unpacked_data
+ self.magic_num = unpacked_data[0]
+ self.version = unpacked_data[1]
+ self.policy_versio = unpacked_data[2]
+ self.context_len = unpacked_data[3]
+ self.ta_cert_len = unpacked_data[4]
+ self.config_len = unpacked_data[5]
+ self.sign_verify_len = unpacked_data[6]
+ self.reserved1 = unpacked_data[7]
+ self.reserved2 = unpacked_data[8]
+ self.reserved3 = unpacked_data[9]
+ self.reserved4 = unpacked_data[10]
+ self.reserved5 = unpacked_data[11]
+
+ def get_packed_data(self):
+ values = [self.magic_num,
+ self.version,
+ self.policy_version,
+ self.context_len,
+ self.ta_cert_len,
+ self.config_len,
+ self.sign_verify_len,
+ self.reserved1,
+ self.reserved2,
+ self.reserved3,
+ self.reserved4,
+ self.reserved5,
+ ]
+ return (load_config_header.str).pack(*values)
+
+
+def pkg_config_header(hdr_len, magic_num, version, policy_version, \
+ context_len, ta_cert_len, config_len, sign_verify_len):
+ config_hd_len = hdr_len
+ config_hd = load_config_header('\0' * config_hd_len)
+ config_hd.magic_num = magic_num
+ config_hd.version = version
+ config_hd.policy_version = policy_version
+ config_hd.context_len = context_len
+ config_hd.ta_cert_len = ta_cert_len
+ config_hd.config_len = config_len
+ config_hd.sign_verify_len = sign_verify_len
+ return config_hd
+
+
+#----------------------------------------------------------------------------
+# generate hash use SHA256
+#----------------------------------------------------------------------------
+def generate_sha256_hash(in_buf):
+ # Initialize a SHA256 object from the Python hash library
+ obj = hashlib.sha256()
+ # Set the input buffer and return the output digest
+ obj.update(in_buf)
+ return obj.digest()
+
+
+def check_dyn_perm(xml_config_file, input_path):
+ ''' check_dyn_perm '''
+ xml_tree = ET.parse(xml_config_file)
+ xml_root = xml_tree.getroot()
+ drv_perm = None
+ for child in xml_root.findall('drv_perm'):
+ if child != '':
+ drv_perm = child
+ if os.path.exists(os.path.join(input_path, 'temp')):
+ out_save_file = os.path.join(input_path, \
+ 'temp/configs_bak.xml')
+ xml_tree.write(out_save_file, encoding="utf-8")
+ xml_root.remove(child)
+ if drv_perm is not None:
+ newtree = ET.ElementTree(drv_perm)
+ if os.path.exists(os.path.join(input_path, 'temp')):
+ out_file = os.path.join(input_path, 'temp/dyn_perm.xml')
+ newtree.write(out_file, encoding="utf-8")
+ xml_tree.write(xml_config_file)
+ return 1
+ return 0
+
+
+def creat_temp_folder(input_path_creat):
+ ''' creat temp '''
+ creat_temp = os.path.join(input_path_creat, 'temp')
+ if os.path.exists(creat_temp):
+ shutil.rmtree(creat_temp)
+ temp_path = os.path.join(input_path_creat, 'temp')
+ cmd = ["mkdir", temp_path]
+ run_cmd(cmd)
+
+
+def delete_temp_folder(input_path_delete):
+ ''' delete temp '''
+ delete_temp = os.path.join(input_path_delete, 'temp')
+ delete_config_tlv = os.path.join(input_path_delete, 'config_tlv')
+ if os.path.exists(delete_temp):
+ shutil.rmtree(delete_temp)
+ if os.path.exists(delete_config_tlv):
+ os.remove(delete_config_tlv)
+
+
+def convert_xml2tlv(xml_file, tlv_file, input_path):
+ ''' configs.xml exchange to tlv '''
+ if (get_policy_version() & (1 << XML2TLV_PARSE_TOOL_INDEX)) == XML2TLV_PY_VALUE:
+ csv_dir = os.path.realpath(os.path.join(os.getcwd(), 'xml2tlv_tools/csv'))
+ tag_parse_dict_file_path = \
+ os.path.join(csv_dir, 'tag_parse_dict.csv')
+ parser_config_xml(xml_file, tag_parse_dict_file_path, \
+ tlv_file, input_path)
+ if os.path.isfile(tlv_file):
+ logging.critical("convert xml to tlv success")
+ else:
+ logging.error("convert xml to tlv failed")
+ raise RuntimeError
+ else:
+ logging.error("invlid policy version")
+ raise RuntimeError
+
+
+def get_target_type_in_config(config_path, in_path):
+ ''' get target type '''
+ tree = ET.parse(config_path)
+ flags = os.O_WRONLY | os.O_CREAT | os.O_EXCL
+ modes = stat.S_IRUSR | stat.S_IWUSR
+ drv_target_type = tree.find('./TA_Manifest_Info/target_type')
+ if drv_target_type is not None:
+ if drv_target_type.text == "1":
+ ans = "gpd.ta.dynConf:00000\n"
+ out_tlv = os.path.join(in_path, 'config_tlv')
+ with os.fdopen(os.open(out_tlv, flags, modes), 'w+') as conf:
+ conf.write(ans)
+
+
+def gen_data_for_sign(input_path, ta_cert_path, config_cert_path):
+ ''' convert xml to tlv '''
+ logging.critical(os.getcwd())
+ creat_temp_folder(input_path)
+ tlv_dynconf_data = os.path.join(input_path, "config_tlv")
+ xml_config_file = os.path.join(input_path, "configs.xml")
+ tlv_config_file = os.path.join(input_path, "temp/configs_tlv")
+ if check_dyn_perm(xml_config_file, input_path) != 0:
+ sys.path.append('../signtools')
+ dyn_conf_xml_file_path = os.path.join(input_path, 'temp/dyn_perm.xml')
+ # may be use abspath
+ csv_dir = os.path.realpath(os.path.join(os.getcwd(), 'xml2tlv_tools/csv'))
+ tag_parse_dict_file_path = \
+ os.path.join(csv_dir, 'tag_parse_dict.csv')
+ parser_dyn_conf(dyn_conf_xml_file_path, "", tag_parse_dict_file_path, input_path)
+ convert_xml2tlv(xml_config_file, tlv_config_file, input_path)
+ src_file_path = os.path.join(input_path, 'temp/configs_bak.xml')
+ cmd = ["mv", src_file_path, xml_config_file]
+ run_cmd(cmd)
+ else:
+ convert_xml2tlv(xml_config_file, tlv_config_file, input_path)
+ get_target_type_in_config(xml_config_file, input_path)
+ config_cert_size = 0
+ if os.path.exists(config_cert_path):
+ config_cert_size = os.path.getsize(config_cert_path)
+
+ if os.path.exists(tlv_dynconf_data):
+ with open(tlv_config_file, 'rb') as tlv_config_fp:
+ tlv_config_buf = \
+ tlv_config_fp.read(os.path.getsize(tlv_config_file))
+ with open(tlv_dynconf_data, 'rb') as tlv_dynconf_fp:
+ tlv_config_buf = tlv_config_buf + \
+ tlv_dynconf_fp.read(os.path.getsize(tlv_dynconf_data)) + b"\n"
+ tlv_data_size = len(tlv_config_buf)
+ else:
+ tlv_data_size = os.path.getsize(tlv_config_file)
+ with open(tlv_config_file, 'rb') as tlv_config_fp:
+ tlv_config_buf = tlv_config_fp.read(tlv_data_size)
+
+ ta_cert_size = 4 + os.path.getsize(ta_cert_path)
+ with open(ta_cert_path, 'rb') as ta_cert_fp:
+ ta_cert_buf = struct.pack('I', 1) + ta_cert_fp.read(ta_cert_size)
+
+ sign_data_size = 4 + 4 + 4 + config_cert_size + 512
+
+ config_hd_len = 44
+ context_size = ta_cert_size + tlv_data_size + sign_data_size
+ config_header = pkg_config_header(config_hd_len, 0xABCDABCD, \
+ CONFIG_VERSION, get_policy_version(), \
+ context_size, ta_cert_size, tlv_data_size, sign_data_size)
+
+ logging.critical(os.getcwd())
+ data_for_sign = os.path.join(input_path, "data_for_sign")
+ fd_sign = os.open(data_for_sign, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ data_for_sign_fp = os.fdopen(fd_sign, "wb")
+ data_for_sign_fp.write(config_header.get_packed_data())
+ data_for_sign_fp.write(ta_cert_buf)
+ data_for_sign_fp.write(tlv_config_buf)
+ data_for_sign_fp.close()
+ delete_temp_folder(input_path)
+
+
+def main():
+ argvs = sys.argv
+ ta_input_path = argvs[1]
+ ta_cert_path = argvs[2]
+ config_cert_path = argvs[3]
+ if not os.path.exists(ta_input_path):
+ logging.error("ta_input_path does not exist.")
+ sys.exit(1)
+ if not os.path.exists(ta_cert_path):
+ logging.error("ta_cert_path does not exist.")
+ sys.exit(1)
+ if not os.path.exists(config_cert_path):
+ # cloud Product Signing Config May Not Have Certificates
+ logging.error("config_cert_path does not exist.")
+
+ if whitelist_check(ta_input_path):
+ logging.error("ta_input_path is incorrect.")
+ sys.exit(1)
+ if whitelist_check(ta_cert_path):
+ logging.error("ta_cert_path is incorrect.")
+ sys.exit(1)
+ if whitelist_check(config_cert_path):
+ logging.error("config_cert_path is incorrect.")
+ sys.exit(1)
+ gen_data_for_sign(ta_input_path, ta_cert_path, config_cert_path)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/build/pack-Config/ReadMe.txt b/build/pack-Config/ReadMe.txt
new file mode 100644
index 0000000..4eae5ad
--- /dev/null
+++ b/build/pack-Config/ReadMe.txt
@@ -0,0 +1,18 @@
+使用说明
+1.taconfig.der证书和config_cert_private.key私钥放入config_cert文件夹下
+ =>放置taconfig.der证书和config_cert_private.key私钥至换当前目录config_cert文件夹下注意保持文件名一致
+ =>taconfig.der证书为config证书该证书应由导入证书CA签发三方TA证书内保存的公钥对应私钥为taconfig_key.pem
+ =>config_cert_private.key为taconfig.der证书公钥对应私钥用来对signature段签名
+2.TA开发者的证书ta_cert.der放至在ta_cert目录
+ =>ta_cert.der证书应至在ta_cert目录该证书应由导入证书CA签发三方TA证书内保存的公钥用来验签TA
+3.configs.xml文件放至在input目录
+ =>configs.xml保存TA基础信息
+4.生成config二进制
+ =>所需文件input/configs.xml、config_cert/taconfig.der、config_cert/config_cert_private.key、ta_cert/ta_cert.der
+ =>生成待签名文件data_for_sign python3 Config_pre.py input/ ${ta_cert_dir}/ta_cert.der ${config_cert_dir}/taconfig.der
+ =>生成签名文件data_for_sign.rsa(仅举例) openssl dgst -sign ${config_cert_dir}/config_cert_private.key -sha256 -out data_for_sign.rsa data_for_sign
+ =>生成config使用公钥python3 config_v2.py input/ output/ TYPE_PUBKEY
+ =>生成config使用证书cp ${config_cert_dir}/taconfig.der input/ ; python3 config_v2.py input/ output/ TYPE_CERT
+5.config二进制生成在output目录
+ =>参考local_sign.sh包含步骤5中流程
+
diff --git a/build/pack-Config/config_cert/ReadMe.txt b/build/pack-Config/config_cert/ReadMe.txt
new file mode 100644
index 0000000..40fde8a
--- /dev/null
+++ b/build/pack-Config/config_cert/ReadMe.txt
@@ -0,0 +1,2 @@
+1.config cert signed by CA
+2.private key of config cert used for signing TA/DRV configuration
diff --git a/build/pack-Config/config_v2.py b/build/pack-Config/config_v2.py
new file mode 100644
index 0000000..7c801b4
--- /dev/null
+++ b/build/pack-Config/config_v2.py
@@ -0,0 +1,122 @@
+#!/usr/bin/env python
+# coding=utf-8
+#----------------------------------------------------------------------------
+# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+# tools for generating a signed config
+#----------------------------------------------------------------------------
+
+import struct
+import os
+import stat
+import sys
+import re
+import configparser
+import logging
+
+CONFIG_VERSION = 2
+
+
+class Configuration:
+ ''' Configuration '''
+ sign_alg = "RSA_PKCS1"
+
+ def __init__(self, file_name):
+ parser = configparser.ConfigParser()
+ parser.read(file_name)
+ self.sign_alg = parser.get("signConfigPrivateCfg", "configSignAlg")
+ if whitelist_check(self.sign_alg):
+ logging.error("configSignAlg is invalid.")
+ sys.exit(1)
+
+
+def whitelist_check(intput_str):
+ if not re.match(r"^[A-Za-z0-9\/\-_.]+$", intput_str):
+ return 1
+ return 0
+
+
+def gen_config_section(input_path, output_path, verify_type):
+ ''' generate config file section '''
+ data_for_sign = os.path.join(input_path, "data_for_sign")
+ signature = os.path.join(input_path, "data_for_sign.rsa")
+ signed_config = os.path.join(output_path, "config")
+ config_certpath = os.path.join(input_path, "taconfig.der")
+
+ config_path = input_path + '/../../signtools'
+ config_file = os.path.join(config_path, "config_tee_private_sample.ini")
+ if not os.path.exists(config_file):
+ logging.critical("config_tee_private_sample.ini is not exist.")
+ sign_conf_alg = 1
+ else:
+ cfg = Configuration(config_file)
+ if cfg.sign_alg == "RSA_PKCS1":
+ sign_conf_alg = 1
+ elif cfg.sign_alg == "RSA_PSS":
+ sign_conf_alg = 3
+ elif cfg.sign_alg == "ECDSA":
+ sign_conf_alg = 2
+
+ data_for_sign_size = os.path.getsize(data_for_sign)
+ with open(data_for_sign, 'rb') as data_for_sign_fp:
+ data_for_sign_buf = data_for_sign_fp.read(data_for_sign_size)
+
+ signature_size = os.path.getsize(signature)
+ with open(signature, 'rb') as signature_fp:
+ signature_buf = signature_fp.read(signature_size)
+
+ if(verify_type == "TYPE_PUBKEY"):
+ sign_verify_buf = struct.pack('III', 0, sign_conf_alg, 0) + signature_buf
+ elif(verify_type == "TYPE_CERT"):
+ config_cert_size = os.path.getsize(config_certpath)
+ with open(config_certpath, 'rb') as config_cert_fp:
+ config_cert_buf = config_cert_fp.read(config_cert_size)
+ sign_verify_buf = struct.pack('III', 1, sign_conf_alg, config_cert_size) + \
+ config_cert_buf + signature_buf
+
+ fd_sign = os.open(signed_config, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ signed_config_fp = os.fdopen(fd_sign, "wb")
+ # write data (header + ta cert + tlv config)
+ signed_config_fp.write(data_for_sign_buf)
+ # write config cert
+ signed_config_fp.write(sign_verify_buf)
+ signed_config_fp.close()
+
+
+def main():
+ argvs = sys.argv
+ input_file = argvs[1]
+ output_file = argvs[2]
+ verify_type = argvs[3]
+ if not os.path.exists(input_file):
+ logging.error("input does not exist.")
+ exit()
+ if not os.path.exists(output_file):
+ logging.error("ta_cert_path does not exist.")
+ exit()
+
+ if whitelist_check(input_file):
+ logging.error("input is incorrect.")
+ exit()
+ if whitelist_check(output_file):
+ logging.error("output is incorrect.")
+ exit()
+ if whitelist_check(verify_type):
+ logging.error("output is incorrect.")
+ exit()
+
+ gen_config_section(input_file, output_file, verify_type)
+
+
+if __name__ == '__main__':
+ main()
+
diff --git a/build/pack-Config/input/configs.xml b/build/pack-Config/input/configs.xml
new file mode 100644
index 0000000..631a708
--- /dev/null
+++ b/build/pack-Config/input/configs.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<ConfigInfo>
+ <TA_Basic_Info>
+ <service_name>demo</service_name>
+ <uuid>00000000-0000-0000-0000-000000000000</uuid>
+ </TA_Basic_Info>
+ <TA_Manifest_Info>
+ <instance_keep_alive>false</instance_keep_alive>
+ <stack_size>2048</stack_size>
+ <heap_size>20480</heap_size>
+ <multi_command>false</multi_command>
+ <multi_session>true</multi_session>
+ <single_instance>true</single_instance>
+ </TA_Manifest_Info>
+</ConfigInfo>
diff --git a/build/pack-Config/local_sign.sh b/build/pack-Config/local_sign.sh
new file mode 100644
index 0000000..a3657e0
--- /dev/null
+++ b/build/pack-Config/local_sign.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+# make config binary
+# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+set -e
+# generate and sign the config binary with local private key.
+
+work_dir=$(pwd)
+input_dir=${work_dir}/"input"
+config_cert_dir=${work_dir}/"config_cert"
+ta_cert_dir=${work_dir}/"ta_cert"
+
+# prepare data for been signed.
+python3 Config_pre.py input/ ${ta_cert_dir}/ta_cert.der ${config_cert_dir}/taconfig.der
+
+# begin sign.
+cd ${input_dir}
+if [ ! -f "data_for_sign" ]; then
+ echo "can't find data for sign"
+ echo "sign fail!"
+ exit -1
+fi
+
+# config_cert_private.key is the private key of the config certificate.
+openssl dgst -sign ${config_cert_dir}/config_cert_private.key -sha256 -sigopt rsa_padding_mode:pss \
+ -sigopt rsa_pss_saltlen:-1 -out data_for_sign.rsa data_for_sign
+
+# generate config binary
+cd ${work_dir}
+
+if [ -f "${config_cert_dir}/taconfig.der" ]; then
+ echo "make config with config cert"
+ cp ${config_cert_dir}/taconfig.der ${input_dir}/
+ python3 config_v2.py input/ output/ TYPE_CERT
+else
+ python3 config_v2.py input/ output/ TYPE_PUBKEY
+fi
+
+# clean
+cd $input_dir
+[ -f "$input_dir"/data_for_sign ] && rm data_for_sign
+[ -f "$input_dir"/data_for_sign.rsa ] && rm data_for_sign.rsa
+[ -f "$input_dir"/configs_tlv ] && rm configs_tlv
+[ -f "$input_dir"/*.der ] && rm *.der
+
+if [ "$?" == 0 ]; then
+ echo "generate config binary success"
+ exit 0
+else
+ echo "generate config binary failed"
+ exit 1
+fi
diff --git a/build/pack-Config/output/ReadMe.txt b/build/pack-Config/output/ReadMe.txt
new file mode 100644
index 0000000..cbf7ad2
--- /dev/null
+++ b/build/pack-Config/output/ReadMe.txt
@@ -0,0 +1 @@
+output the signed perm_config
diff --git a/build/pack-Config/ta_cert/ReadMe.txt b/build/pack-Config/ta_cert/ReadMe.txt
new file mode 100644
index 0000000..cabddd4
--- /dev/null
+++ b/build/pack-Config/ta_cert/ReadMe.txt
@@ -0,0 +1 @@
+TA cert signed by CA to verify the identify of TA
diff --git a/build/pack-TA/Readme.txt b/build/pack-TA/Readme.txt
new file mode 100644
index 0000000..05a2a56
--- /dev/null
+++ b/build/pack-TA/Readme.txt
@@ -0,0 +1,12 @@
+1.TA Signature Packing Preparation Materials, and put these files to build/pack-TA/input folder:
+1).libcombine.so TA compilation product
+2).manifest.txt Basic TA configuration information
+3).config.mk file
+
+2.Generate rsa key pair by cmd:openssl genrsa -out private_key.pem 4096,
+then put this file to build/signtools/TA_cert/, file name must be private_key.pem.
+
+3.Apply for the TA config certificate from the Huawei contact person, then put this file to
+build/signtools/signed_config/, file name must be config.
+
+4.Run build_TA_Linux_release.sh script. Obtain the signed TA product sec file from build/pack-TA/output folder.
\ No newline at end of file
diff --git a/build/pack-TA/build_ta.sh b/build/pack-TA/build_ta.sh
new file mode 100644
index 0000000..97a6e0a
--- /dev/null
+++ b/build/pack-TA/build_ta.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+# Description: preare toolchains and env for build ta.
+# Copyright @ Huawei Technologies Co., Ltd. 2021-2022. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+set -e
+
+LOCAL_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+ITRUSTEE_SDK_PATH=$LOCAL_PATH/../signtools/
+
+INPUT_PATH=$LOCAL_PATH/input
+OUTPUT_PATH=$LOCAL_PATH/output
+
+python3 -B ${ITRUSTEE_SDK_PATH}/signtool_v3.py ${INPUT_PATH} ${OUTPUT_PATH} --privateCfg ${ITRUSTEE_SDK_PATH}/config_cloud.ini
diff --git a/build/pack-TA/input/Readme.txt b/build/pack-TA/input/Readme.txt
new file mode 100644
index 0000000..28ae7f5
--- /dev/null
+++ b/build/pack-TA/input/Readme.txt
@@ -0,0 +1,4 @@
+TA Signature Packing Preparation Materials, and put these files in this folder:
+1).libcombine.so TA compilation product
+2).manifest.txt Basic TA configuration information
+3).config.mk file
\ No newline at end of file
diff --git a/build/pack-TA/output/Readme.txt b/build/pack-TA/output/Readme.txt
new file mode 100644
index 0000000..da8f565
--- /dev/null
+++ b/build/pack-TA/output/Readme.txt
@@ -0,0 +1 @@
+The final TA sec file is generated in this path.
\ No newline at end of file
diff --git a/build/signtools/auth_conf_parser.py b/build/signtools/auth_conf_parser.py
new file mode 100644
index 0000000..cf525b1
--- /dev/null
+++ b/build/signtools/auth_conf_parser.py
@@ -0,0 +1,260 @@
+#!/usr/bin/env python3
+# coding=utf-8
+#----------------------------------------------------------------------------
+# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+# tools for parsering the dynamic ca caller infomation
+#----------------------------------------------------------------------------
+from __future__ import absolute_import
+import os
+import stat
+import logging
+import hashlib
+import struct
+from ctypes import create_string_buffer
+from ctypes import c_uint32
+from ctypes import sizeof
+from ctypes import memmove
+from ctypes import byref
+from defusedxml import ElementTree as ET
+
+logging.basicConfig(level=logging.INFO,
+ format='%(asctime)s line:%(lineno)d %(levelname)s:%(name)s:%(message)s',
+ datefmt='%H:%M:%S'
+ )
+
+
+# caller base config
+MAX_CALLER_NUM = 16
+MAX_CMDLINE_LEN = 256
+MAX_USERNAME_LEN = 256
+AUTH_CONFIG_KEY = "gpd.ta.auth:"
+DEFAULT_AUTH_TYPE_UID = True
+
+
+# init caller info
+g_caller_num = 0
+g_caller_enable = 1
+g_hash_byte_list = bytes("", 'utf-8')
+g_auth_type = True # default auth type: cmdline + uid
+g_big_endian = False
+
+
+def print_hash(byte_buf):
+ """ print caller hash """
+ buf = [hex(int(i)) for i in byte_buf]
+ logging.info(" ".join(buf))
+
+
+def calc_sha256(buf):
+ """ calcuate sha256 """
+ md = hashlib.sha256()
+ md.update(buf)
+ return md.digest()
+
+
+def calc_cmdline_uid_hash(cmdline, uid):
+ """ calcuate cmdline||uid hash """
+ c_uid = c_uint32(uid)
+ c_str = create_string_buffer(cmdline.encode('utf-8'), len(cmdline) + sizeof(c_uid))
+ memmove(byref(c_str, len(c_str.value)), byref(c_uid), sizeof(c_uid))
+ return calc_sha256(c_str)
+
+
+def calc_cmdline_username_hash(cmdline, username):
+ """ calcuate cmdline||username hash """
+ c_str = create_string_buffer((cmdline + username).encode('utf-8'), len(cmdline) + MAX_USERNAME_LEN)
+ return calc_sha256(c_str)
+
+
+def check_auth_enable_type(value):
+ """ check auth_enable type """
+ if len(value) == 0:
+ raise RuntimeError("auth_enable value must be configured")
+ if value != "true" and value != 'false':
+ raise RuntimeError("auth_enable value must be true or false", value)
+
+
+def get_auth_enable_value(value):
+ """ check auth_enable value """
+ global g_caller_enable
+ if value == "false":
+ g_caller_enable = 0
+ else:
+ g_caller_enable = 1
+
+
+def check_auth_type(value):
+ """ check auth type """
+ if len(value) == 0:
+ raise RuntimeError("auth_uid_type value must be configured")
+ if value != "true" and value != 'false':
+ raise RuntimeError("auth_uid_type value must be true or false", value)
+
+
+def get_auth_type_value(value):
+ """ check auth type value """
+ global g_auth_type
+ if value == "false":
+ g_auth_type = False
+ else:
+ g_auth_type = True
+
+
+def check_item_type(item):
+ """ check item value """
+ if item.tag != "item" or len(item.attrib) != 2:
+ raise RuntimeError("invaild item attrib", item.tag, item.attrib, len(item.attrib))
+
+
+def check_cmdline_type(value):
+ """ check cmdline type """
+ if len(value) == 0 or len(value) > MAX_CMDLINE_LEN:
+ raise RuntimeError("invaild cmdline, the cmdline length must be in range (0, {}]".format(MAX_CMDLINE_LEN), \
+ value, len(value))
+
+
+def check_uid_type(value):
+ """ check uid type """
+ if int(value, 10) > 0xffffffff or int(value, 10) < 0:
+ raise RuntimeError("invaild uid, the uid value must be in [0, 0xffffffff]", value)
+
+
+def check_username_type(value):
+ """ check username type """
+ if len(value) == 0 or len(value) > MAX_USERNAME_LEN:
+ raise RuntimeError("invaild username, the username length must be in range (0, {}]".format(MAX_USERNAME_LEN), \
+ value, len(value))
+
+
+def get_item_value(item, auth_type):
+ """ get item value """
+ cmdline = ""
+ uid = 0
+ username = ""
+ caller_hash = ""
+ global g_caller_num
+ global g_hash_byte_list
+
+ if auth_type == DEFAULT_AUTH_TYPE_UID:
+ attr_key = "uid"
+ else:
+ attr_key = "username"
+
+ for attr in item.attrib:
+ value = item.attrib[attr]
+ if attr == "cmdline":
+ check_cmdline_type(value)
+ cmdline = value
+ elif attr == attr_key:
+ if auth_type == DEFAULT_AUTH_TYPE_UID:
+ check_uid_type(value)
+ uid = int(value, 10)
+ else:
+ check_username_type(value)
+ username = value
+ else:
+ raise RuntimeError("invaild item attr", attr)
+
+ if auth_type == DEFAULT_AUTH_TYPE_UID:
+ caller_hash = calc_cmdline_uid_hash(cmdline, uid)
+ logging.info("cmdline %s, uid %s", cmdline, uid)
+ else:
+ caller_hash = calc_cmdline_username_hash(cmdline, username)
+ logging.info("cmdline %s, username %s", cmdline, username)
+ print_hash(caller_hash)
+ if g_big_endian is True:
+ pack_format = ">32s"
+ else:
+ pack_format = "32s"
+ g_hash_byte_list = g_hash_byte_list + struct.pack(pack_format, caller_hash)
+ g_caller_num = g_caller_num + 1
+ if g_caller_num > MAX_CALLER_NUM:
+ raise RuntimeError("Exceed max caller num", MAX_CALLER_NUM)
+
+
+def handle_auth_base_info(child):
+ """ handle auth_base_info """
+ for attr in child.attrib:
+ if attr == "auth_enable":
+ check_auth_enable_type(child.attrib.get(attr))
+ get_auth_enable_value(child.attrib.get(attr))
+ elif attr == "auth_type_uid":
+ check_auth_type(child.attrib.get(attr))
+ get_auth_type_value(child.attrib.get(attr))
+ else:
+ raise RuntimeError("invaild auth_base_info attrib", attr)
+
+
+def handle_auth_item(child, auth_type):
+ """ handle auth item """
+ for item in child:
+ check_item_type(item)
+ get_item_value(item, auth_type)
+
+
+def do_parser_auth_conf(root):
+ """ do parser auth config """
+ auth_tag = "auth_cmdline_uid"
+ xml_line_num = 0
+ for child in root:
+ if child.tag == "auth_base_info":
+ if xml_line_num != 0:
+ raise RuntimeError("the auth_base_info must be configured first")
+ handle_auth_base_info(child)
+ if g_auth_type != DEFAULT_AUTH_TYPE_UID:
+ auth_tag = "auth_cmdline_username"
+ elif child.tag == auth_tag:
+ handle_auth_item(child, g_auth_type)
+ else:
+ raise RuntimeError("not support xml tag", child.tag)
+ xml_line_num = xml_line_num + 1
+
+
+def parser_auth_xml(auth_xml_file_path, manifest_ext_path, big_endian=False):
+ """ parser auth xml """
+ global g_caller_num
+ global g_hash_byte_list
+ global g_big_endian
+
+ g_big_endian = big_endian
+
+ if not os.path.exists(auth_xml_file_path):
+ raise RuntimeError("auth_config.xml file doesn't exist")
+
+ tree = ET.parse(auth_xml_file_path)
+ root = tree.getroot()
+
+ # parser auth config
+ do_parser_auth_conf(root)
+
+ # gen auth header
+ if g_caller_enable == 0:
+ g_caller_num = 0
+ g_hash_byte_list = bytes("", 'utf-8')
+
+ if g_big_endian is True:
+ pack_format = ">II"
+ else:
+ pack_format = "II"
+ auth_header = struct.pack(pack_format, g_caller_enable, g_caller_num)
+
+ #write auth to mani_ext
+ if not os.path.exists(manifest_ext_path):
+ fd_ext = os.open(manifest_ext_path, os.O_WRONLY | os.O_CREAT, stat.S_IWUSR | stat.S_IRUSR)
+ else:
+ fd_ext = os.open(manifest_ext_path, os.O_RDWR, 0o600)
+ with os.fdopen(fd_ext, 'ba+') as fp_mani_ext:
+ fp_mani_ext.write(bytes(AUTH_CONFIG_KEY, "utf-8"))
+ fp_mani_ext.write(auth_header)
+ fp_mani_ext.write(g_hash_byte_list)
+ fp_mani_ext.write(bytes("\n", "utf-8"))
+ fp_mani_ext.close()
diff --git a/build/signtools/config_cloud.ini b/build/signtools/config_cloud.ini
new file mode 100644
index 0000000..b366ad8
--- /dev/null
+++ b/build/signtools/config_cloud.ini
@@ -0,0 +1,60 @@
+[signSecPrivateCfg]
+;;;
+;private key length for signing TA:
+;[fixed value]
+;256 ECDSA Alg
+;2048/4096 RSA Alg
+secSignKeyLen = 4096
+;;;
+;[fixed value]
+;0 means SHA256 hash type
+;1 means SHA512 hash type
+secHashType = 0
+;;;
+; [fixed value]
+;0 means padding type is pkcs1v15
+;1 means padding type is PSS
+;[fixed value]
+secPaddingType = 1
+;;;
+;[fixed value]
+;RSA alg
+;ECDSA alg
+;SM2 alg
+secSignAlg = RSA
+;;;
+;public key for encrypt TA
+secEncryptKey = rsa_public_key_cloud.pem
+;;;
+;public key length
+secEncryptKeyLen = 3072
+
+[signSecPublicCfg]
+;;;
+;[fixed value]
+; sec sign key type
+;0 means debug
+;1 means release
+secReleaseType = 1
+;;;
+;0 means TA not installed by OTRP
+;1 means TA installed by OTRP
+secOtrpFlag = 0
+;;;
+;0 means not sign
+;1 means signed by local private
+;2 means signed using native sign tool;
+;3 means signed by CI
+;[fixed value]
+secSignType = 1
+;;;
+;server address for signing TA
+secSignServerIp =
+;;;
+;private key for signing TA
+;[private key owned by yourself]
+secSignKey = TA_cert/private_key.pem
+;;;
+;config file
+;[signed config file by Huawei]
+configPath = signed_config/config
diff --git a/build/signtools/config_tee_private_sample.ini b/build/signtools/config_tee_private_sample.ini
new file mode 100644
index 0000000..5b2bb9c
--- /dev/null
+++ b/build/signtools/config_tee_private_sample.ini
@@ -0,0 +1,35 @@
+[signSecPrivateCfg]
+;;;
+;private key length for signing TA
+secSignKeyLen = 4096
+;;;
+;0 means SHA256 hash type
+;1 means SHA512 hash type
+secHashType = 0
+;;;
+; Fixed value
+;1 means padding type is PSS
+secPaddingType = 1
+;;;
+;RSA alg
+;ECDSA alg
+secSignAlg = RSA
+[signConfigPrivateCfg]
+;;;
+; Fixed value
+;0 config证书
+configVersion = 0
+;;;
+; Fixed value 1
+configPolicy = 1
+;;;
+;RSA_PKCS1 alg
+;RSA_PSS alg
+;ECDSA alg
+configSignAlg = RSA_PSS
+;;;
+;1 means signed by local private
+configSignType = 1
+;;;
+;private key for signing TA
+configSignKey = taconfig_key.pem
diff --git a/build/signtools/dyn_conf_checker.py b/build/signtools/dyn_conf_checker.py
new file mode 100644
index 0000000..64eeaf2
--- /dev/null
+++ b/build/signtools/dyn_conf_checker.py
@@ -0,0 +1,512 @@
+#!/usr/bin/env python3
+# coding=utf-8
+#----------------------------------------------------------------------------
+# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+# tools for generating a trusted application dyn perm checker
+#----------------------------------------------------------------------------
+
+
+import re
+import uuid
+
+uuid_split_sym_list = ['-']
+spilt_sym_list = [';', '|', ',']
+unused_sym_list = ['_']
+unique_list = []
+permission_unique_dict = {}
+cmd_unique_dict = {}
+
+
+def check_csv_sym(value):
+
+ for sym in value:
+ if sym in unused_sym_list:
+ continue
+ elif sym >= 'A' and sym <= 'Z':
+ continue
+ elif sym >= 'a' and sym <= 'z':
+ continue
+ elif sym >= '0' and sym <= '9':
+ continue
+ else:
+ raise RuntimeError("has invalid sym in csv", value)
+
+
+def classify_uuid_list(value):
+
+ ans = ""
+ uuid_list = value.split(',')
+ for uuid_item in uuid_list:
+ ans = "%s%s," % (ans, str(uuid.UUID(uuid_item)))
+
+ return ans[:len(ans) - 1].strip()
+
+
+def check_context_sym(old_item, attr, value):
+
+ if len(value) == 0:
+ return -1
+
+ for sym in value:
+ if sym in uuid_split_sym_list:
+ continue
+ elif sym in spilt_sym_list:
+ continue
+ elif sym in unused_sym_list:
+ continue
+ elif sym >= 'A' and sym <= 'Z':
+ continue
+ elif sym >= 'a' and sym <= 'z':
+ continue
+ elif sym >= '0' and sym <= '9':
+ continue
+ else:
+ raise RuntimeError("has invalid sym in xml", \
+ old_item + attr, value)
+ return 0
+
+
+def do_split_and_classify(old_item, attr, split_sym_index, value):
+
+ ans = ""
+ value_list = value.split(spilt_sym_list[split_sym_index])
+ for val in value_list:
+ val = val.strip()
+ if len(val) == 0:
+ raise RuntimeError("cannot split empty region", value)
+ if split_sym_index == len(spilt_sym_list) - 1:
+ if check_context_sym(old_item, attr, val) != 0:
+ raise RuntimeError("xml attrib cannot be NULL", \
+ old_item + attr, value)
+ ans += val + spilt_sym_list[split_sym_index]
+ else:
+ ans += do_split_and_classify(old_item, attr, split_sym_index + 1,\
+ val) + spilt_sym_list[split_sym_index]
+
+ return ans[: len(ans) - 1]
+
+
+def check_and_classify_attr(old_item, attr, value):
+
+ if len(value) == 0:
+ raise RuntimeError("tag %s%s is NULL in xml" % (old_item, attr))
+
+ value = do_split_and_classify(old_item, attr, 0, value)
+
+ if attr == "uuid":
+ value = classify_uuid_list(value)
+
+ return value
+
+
+def check_iomap_range(iomap_range):
+
+ if len(iomap_range) == 0:
+ raise RuntimeError("you must define iomap_range")
+
+ iomap_range.replace(" ", "")
+ iomap_ranges = iomap_range.split(";")
+ for iomap in iomap_ranges:
+ addrs = iomap.split(",")
+ # check if range is start,end format
+ if len(addrs) == 0:
+ continue
+
+ if len(addrs) != 2:
+ raise RuntimeError("iomap must be start1,end1;\
+start2,end2....", addrs)
+
+ if '0x' not in addrs[0] or '0x' not in addrs[1]:
+ raise RuntimeError("addr must be hex like \
+0xF8555000", addrs[0], addrs[1])
+
+ # check if addr is 4K aligned
+ start = int(addrs[0], 16)
+ end = int(addrs[1], 16)
+ if start > 0xffffffffffffffff or end > 0xffffffffffffffff:
+ raise RuntimeError("addr is so large", addrs[0], addrs[1])
+ if start % 0x1000 != 0 or end % 0x1000 != 0:
+ raise RuntimeError("addr must be 4K aligned", addrs[0], addrs[1])
+ if end <= start:
+ raise RuntimeError("iomap range start must \
+smaller than end ", addrs[0], addrs[1])
+
+ return 0
+
+
+def check_thread_limit(value):
+
+ if len(value) > 0:
+ thread_limit = int(value)
+ if thread_limit > 0xffffffff or thread_limit <= 0:
+ raise RuntimeError("thread_limit is invalid", thread_limit)
+
+
+def check_upgrade(value):
+
+ if len(value) > 0:
+ if value.lower() != 'true' and value.lower() != 'false':
+ raise RuntimeError("upgrade must be true or false", value)
+
+
+def check_virt2phys(value):
+
+ if len(value) > 0:
+ if value.lower() != 'true' and value.lower() != 'false':
+ raise RuntimeError("virt2phys must be true or false", value)
+
+
+def check_exception_mode(value):
+
+ if value != "restart" and value != "syscrash" and value != "ddos":
+ raise RuntimeError("unknown exception mode", value)
+
+
+def check_chip_type(attrib, value):
+
+ if len(value) == 0:
+ raise RuntimeError("chip_type cannot be NULL")
+
+ if not re.match(r"[A-Za-z0-9_,]*$", value):
+ raise RuntimeError("there has invalid sym in chip type", value)
+
+ chips = value.split(",")
+ for chip in chips:
+ chip_item = chip.lower().strip()
+ if len(chip_item) > 31:
+ raise RuntimeError("{} length is larger than 31".format(chip_item), chip_item)
+
+ flag = 0
+ for attr in attrib:
+ if attr != "chip_type":
+ flag = 1
+ break
+ if flag == 0:
+ raise RuntimeError("you cannot only set chip_type in item")
+
+
+def check_drv_name(value):
+
+ if len(value) > 31 or len(value) == 0:
+ raise RuntimeError("drv name should not be NULL or \
+length larger than 31", value)
+
+
+def check_irq(value):
+
+ if len(value) == 0:
+ raise RuntimeError("irq cannot be NULL")
+
+ if ';' in value or '|' in value:
+ raise RuntimeError("irq can only split by ,", value)
+
+ irq_list = value.split(',')
+ for irq in irq_list:
+ num = int(irq, 10)
+ if num < 32:
+ raise RuntimeError("irq shoule not smaller than 32", value)
+
+
+def check_map_secure_uuid(attrib, value):
+
+ if len(value) != 36:
+ raise RuntimeError("uuid len is invalid", value)
+
+ flag = 0
+ for attr in attrib:
+ if attr == "region":
+ flag = 1
+
+ if flag == 0:
+ raise RuntimeError("please set region in map secure item", attrib)
+
+
+def check_map_secure_region(attrib, value):
+
+ if len(value) == 0:
+ raise RuntimeError("region cannot be NULL")
+
+ flag = 0
+ for attr in attrib:
+ if attr == "uuid":
+ flag = 1
+
+ if flag == 0:
+ raise RuntimeError("please set uuid in map secure item", attrib)
+
+ check_iomap_range(value)
+
+
+def check_drv_cmd_perm_info_item_permission(attrs, perm):
+
+ if len(perm) == 0:
+ raise RuntimeError("permssion len should not be NULL")
+
+ if not re.match(r"^[0-9]*$", perm):
+ raise RuntimeError("there has invalid sym in perm", perm)
+
+ if int(perm, 10) > 64 or int(perm, 10) < 1:
+ raise RuntimeError("perm can only in range 1-64", perm)
+
+ flag = 0
+
+ for attr in attrs:
+ if attr == "cmd" and len(attrs[attr]) != 0:
+ flag = 1
+ break
+
+ if flag == 0:
+ raise RuntimeError("you should set cmd while you set cmd permission")
+
+
+def check_drv_cmd_perm_info_item_cmd(attrs, dyn_key):
+
+ if len(dyn_key) == 0:
+ raise RuntimeError("dyn_key len should not be 0")
+
+ flag = 0
+
+ cmd = ""
+ for attr in attrs:
+ if attr == "permission" and len(attrs[attr]) != 0:
+ flag = 1
+ if attr == "cmd" and len(attrs[attr]) != 0:
+ cmd = attrs[attr]
+ if (dyn_key, attrs[attr]) in unique_list:
+ raise RuntimeError("one cmd can only set \
+permission once", attrs[attr])
+
+ unique_list.append((dyn_key, cmd))
+
+ if flag == 0:
+ raise RuntimeError("you should set permission while \
+you set cmd permission")
+
+
+def check_mac_info_item_permission(attrs, perm):
+
+ if len(perm) == 0:
+ raise RuntimeError("permssion len should not be 0")
+
+ if ',' in perm or ';' in perm:
+ raise RuntimeError("multi permssion can only split by | ", perm)
+
+ flag = 0
+
+ for attr in attrs:
+ if attr == "uuid" and len(attrs[attr]) != 0:
+ flag = 1
+ break
+
+ if flag == 0:
+ raise RuntimeError("you should set uuid while \
+you set drvcall's permission")
+
+ for perm_num in perm.split("|"):
+ if int(perm_num, 10) > 64 or int(perm_num, 10) < 1:
+ raise RuntimeError("perm can only in range 1-64", perm)
+
+
+def check_mac_info_item_uuid(attrs, dyn_key):
+
+ if len(dyn_key) == 0:
+ raise RuntimeError("dyn_key len should not be 0")
+
+ uuid_str = ""
+ for attr in attrs:
+ if attr == "uuid" and len(attrs[attr]) != 0:
+ uuid_str = attrs[attr]
+ if ',' in uuid_str:
+ raise RuntimeError("uuid in mac can only set one", uuid_str)
+ if (dyn_key, uuid_str) in unique_list:
+ raise RuntimeError("uuid can only set once in mac", uuid_str)
+
+ unique_list.append((dyn_key, uuid_str))
+
+
+def check_permssion_unique(value, origin_value):
+
+ value_list = value.split("|")
+ origin_value_list = origin_value.split("|")
+ if len(value) == 0 or len(value_list) != len(origin_value_list):
+ RuntimeError("permssion trans by csv failed", value, origin_value)
+
+ for (i, _) in enumerate(value_list):
+ if value_list[i] in permission_unique_dict.keys() and \
+ permission_unique_dict.get(value_list[i]) != origin_value_list[i]:
+ raise RuntimeError("different permission set same num in csv",\
+ value, origin_value)
+ permission_unique_dict[value_list[i]] = origin_value_list[i]
+
+
+def check_cmd_unique(value, origin_value):
+
+ value_list = value.split("|")
+ origin_value_list = origin_value.split("|")
+ if len(value) == 0 or len(value_list) != len(origin_value_list):
+ RuntimeError("cmd trans by csv failed", value, origin_value)
+
+ for (i, _) in enumerate(value_list):
+ if value_list[i] in cmd_unique_dict.keys() and \
+ cmd_unique_dict.get(value_list[i]) != origin_value_list[i]:
+ raise RuntimeError("different cmd set same num in csv", \
+ value, origin_value)
+ cmd_unique_dict[value_list[i]] = origin_value_list[i]
+
+
+def check_perm_apply_item(attrs, perm):
+
+ if len(perm) == 0:
+ raise RuntimeError("permssion len should not be 0")
+
+ flag = 0
+
+ for attr in attrs:
+ if attr == "name" and len(attrs[attr]) != 0:
+ flag = 1
+ break
+
+ if flag == 0:
+ raise RuntimeError("you should set drv's name while \
+you set drv's permission")
+
+
+def check_ta_config_service_name(service_name):
+
+ if len(service_name) == 0 or len(service_name) >= 40:
+ raise Exception("service name is invalid", service_name)
+
+
+def check_ta_config_stack_size(stack_size):
+
+ if int(stack_size, 10) > 0xffffffff or int(stack_size, 10) <= 0:
+ raise Exception("stack size is invalid", stack_size)
+
+
+def check_ta_config_heap_size(heap_size):
+
+ if int(heap_size, 10) > 0xffffffff or int(heap_size, 10) <= 0:
+ raise Exception("heap size is invalid", heap_size)
+
+
+def check_ta_config_rpmb_size(rpmb_size):
+
+ if int(rpmb_size, 10) > 0xffffffff or int(rpmb_size, 10) <= 0:
+ raise Exception("rpmb size is invalid", rpmb_size)
+
+
+def check_ta_config_device_id(device_id):
+
+ if len(device_id) != 64:
+ raise Exception("device_id len is invalid", device_id)
+
+ for sym in device_id:
+ if sym >= 'A' and sym <= 'Z':
+ continue
+ elif sym >= '0' and sym <= '9':
+ continue
+ else:
+ raise RuntimeError("has invalid sym in device_id", sym, device_id)
+
+
+def dyn_perm_check(dyn_key, attrib, value, origin_value):
+
+ if dyn_key == 'drv_perm/drv_basic_info/thread_limit':
+ check_thread_limit(value)
+ elif dyn_key == 'drv_perm/drv_basic_info/upgrade':
+ check_upgrade(value)
+ elif dyn_key == 'drv_perm/drv_basic_info/virt2phys':
+ check_virt2phys(value)
+ elif dyn_key == 'drv_perm/drv_basic_info/exception_mode':
+ check_exception_mode(value)
+ elif dyn_key == 'drv_perm/drv_io_map/item/chip_type':
+ check_chip_type(attrib, value)
+ elif dyn_key == 'drv_perm/drv_io_map/item/iomap':
+ check_iomap_range(value)
+ elif dyn_key == 'drv_perm/irq/item/irq':
+ check_irq(value)
+ elif dyn_key == 'drv_perm/map_secure/item/chip_type':
+ check_chip_type(attrib, value)
+ elif dyn_key == 'drv_perm/map_secure/item/uuid':
+ check_map_secure_uuid(attrib, value)
+ return
+ elif dyn_key == 'drv_perm/map_secure/item/region':
+ check_map_secure_region(attrib, value)
+ elif dyn_key == 'drv_perm/map_nosecure/item/chip_type':
+ check_chip_type(attrib, value)
+ elif dyn_key == 'drv_perm/map_nosecure/item/uuid':
+ # uuid has been checked in classify_uuid()
+ return
+ elif dyn_key == 'drv_perm/drv_cmd_perm_info/item/cmd':
+ # cmd has been trans by csv, so it must be valied
+ check_drv_cmd_perm_info_item_cmd(attrib, dyn_key)
+ check_cmd_unique(value, origin_value)
+ return
+ elif dyn_key == 'drv_perm/drv_cmd_perm_info/item/permission':
+ check_drv_cmd_perm_info_item_permission(attrib, value)
+ check_permssion_unique(value, origin_value)
+ elif dyn_key == 'drv_perm/drv_mac_info/item/uuid':
+ # uuid has been checked in classify_uuid()
+ check_mac_info_item_uuid(attrib, dyn_key)
+ return
+ elif dyn_key == 'drv_perm/drv_mac_info/item/permission':
+ check_mac_info_item_permission(attrib, value)
+ check_permssion_unique(value, origin_value)
+ elif dyn_key == 'drvcall_conf/drvcall_perm_apply/item/permission':
+ check_perm_apply_item(attrib, value)
+ check_permssion_unique(value, origin_value)
+ elif dyn_key == 'ConfigInfo/TA_Basic_Info/service_name/service_name':
+ check_ta_config_service_name(value)
+ elif dyn_key == 'ConfigInfo/TA_Basic_Info/uuid/uuid':
+ classify_uuid_list(value)
+ elif dyn_key == 'ConfigInfo/TA_Manifest_Info/stack_size/stack_size':
+ check_ta_config_stack_size(value)
+ elif dyn_key == 'ConfigInfo/TA_Manifest_Info/heap_size/heap_size':
+ check_ta_config_heap_size(value)
+ elif dyn_key == 'ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/RPMB_size':
+ check_ta_config_rpmb_size(value)
+ elif dyn_key == \
+ 'ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/DEBUG_device_id':
+ check_ta_config_device_id(value)
+ else:
+ return
+
+
+def check_text_ava(old_item, text):
+
+ if text is None or len(text.strip()) == 0:
+ raise Exception("text is invalied", old_item)
+
+
+ta_config_item_list = [
+ 'ConfigInfo/TA_Basic_Info/service_name/',
+ 'ConfigInfo/TA_Basic_Info/uuid/',
+ 'ConfigInfo/TA_Manifest_Info/instance_keep_alive/',
+ 'ConfigInfo/TA_Manifest_Info/stack_size/',
+ 'ConfigInfo/TA_Manifest_Info/heap_size/',
+ 'ConfigInfo/TA_Manifest_Info/multi_command/',
+ 'ConfigInfo/TA_Manifest_Info/multi_session/',
+ 'ConfigInfo/TA_Manifest_Info/single_instance/',
+ 'ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/',
+ 'ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/RPMB_general/',
+ 'ConfigInfo/TA_Control_Info/SE_Info/SE_open_session/',
+ 'ConfigInfo/TA_Control_Info/TUI_Info/TUI_general/',
+ 'ConfigInfo/TA_Control_Info/DEBUG_Info/debug_status/',
+ 'ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/']
+
+
+def check_ta_config(old_item, text):
+
+ if old_item in ta_config_item_list:
+ check_text_ava(old_item, text)
+
+ return True
diff --git a/build/signtools/dyn_conf_parser.py b/build/signtools/dyn_conf_parser.py
new file mode 100644
index 0000000..7ecb7f6
--- /dev/null
+++ b/build/signtools/dyn_conf_parser.py
@@ -0,0 +1,315 @@
+#!/usr/bin/env python3
+# coding=utf-8
+#----------------------------------------------------------------------------
+# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+# tools for generating a trusted application dyn perm parser
+#----------------------------------------------------------------------------
+
+import string
+import os
+import stat
+import logging
+from defusedxml import ElementTree as ET
+from dyn_conf_checker import dyn_perm_check
+from dyn_conf_checker import check_and_classify_attr
+from dyn_conf_checker import check_csv_sym
+from dyn_conf_checker import check_ta_config
+
+
+type_trans = {"TYPE_NONE": "-1",
+ "TYPE_CLASS": "0",
+ "TYPE_BOOL": "1",
+ "TYPE_INT": "2",
+ "TYPE_CHAR": "3"}
+
+# the length len in tlv
+DYN_CONF_LEN_LEN = 4
+
+tag_dict = {}
+type_dict = {}
+trans_dict = {}
+
+
+def get_csv_size(path):
+
+ with open(path, "r", encoding="utf-8") as csvfile:
+ lines = csvfile.readlines()
+ return len(lines)
+ return 0
+
+
+def get_csv_data(path, lnum, rnum):
+
+ with open(path, "r", encoding="utf-8") as csvfile:
+ count = 0
+ lines = csvfile.readlines()
+ for line in lines:
+ if count == lnum:
+ return str(line.split(",")[rnum]).strip()
+ count = count + 1
+ return ""
+
+
+def classify_tag(tag):
+
+ while len(tag) < 3:
+ tag = "0%s" % (tag)
+
+ return tag
+
+
+# save tag type and trans dict
+def handle_tag_dict(path):
+
+ for i in range(0, get_csv_size(path)):
+ dyn_sym = get_csv_data(path, i, 0)
+ tag_dict[dyn_sym] = classify_tag(get_csv_data(path, i, 1))
+ type_dict[dyn_sym] = type_trans.get(get_csv_data(path, i, 2))
+ trans_dict[dyn_sym] = get_csv_data(path, i, 3)
+
+
+def check_target_data_been_found(sym, find_out, path):
+
+ if find_out == 1:
+ raise RuntimeError(sym + " can only set one time in " + path)
+
+
+# trans value sym by trans dict
+def handle_trans(value, path):
+
+ datas = value.split("|")
+
+ for i, data in enumerate(datas):
+ find_out = 0
+ target_data = data
+ for j in range(0, get_csv_size(path)):
+ sym = get_csv_data(path, j, 0)
+ tag = get_csv_data(path, j, 1)
+ check_csv_sym(sym)
+ check_csv_sym(tag)
+ if sym == target_data:
+ # if one sym has been set more than one time in csv
+ check_target_data_been_found(sym, find_out, path)
+ datas[i] = tag
+ find_out = 1 # means we find sym in dict
+
+ if find_out == 0:
+ raise RuntimeError("cannot find {} in {}".format(datas[i], path))
+
+ ans = datas[0]
+ for i in range(1, len(datas)):
+ ans = "%s|%s" % (ans, datas[i])
+
+ return ans
+
+
+def get_value_by_name_in_config(config_name, in_path):
+
+ config_file = os.path.join(in_path, config_name)
+ if not os.path.exists(config_file):
+ logging.error("configs.xml file doesn't exist")
+ return ""
+ xml_tree = ET.parse(config_file)
+ drv_perm = xml_tree.find('./TA_Basic_Info/service_name')
+ return drv_perm.text
+
+
+def get_value_by_name_in_manifest(manifest_name, in_path):
+
+ manifest = os.path.join(in_path, "manifest.txt")
+ if not os.path.exists(manifest):
+ name = get_value_by_name_in_config("configs.xml", in_path)
+ if name != "":
+ return name
+ else:
+ with open(manifest, 'r') as mani_fp:
+ for each_line in mani_fp:
+ if each_line.startswith("#") or not each_line.strip():
+ continue
+ name = each_line.split(":")[0].strip()
+ if "{" + name + "}" == manifest_name:
+ return str(each_line.split(":")[1].strip())
+
+ raise RuntimeError("{" + manifest_name + "}" + \
+ "cannot find in " + manifest)
+
+
+def get_value_trans(old_item, value, attrib, key, in_path):
+
+ # if name contains '.csv' means
+ # we can transform value by {manifest_name}.csv
+ # manifest_name must in manifest.txt
+ if ".csv" in trans_dict.get(key):
+ manifest_name = trans_dict.get(key).split(".csv")[0]
+ manifest_value = get_value_by_name_in_manifest(manifest_name, in_path)
+ trans_file_path = os.path.join(in_path, "{}.csv".format(manifest_value))
+ return handle_trans(value, trans_file_path)
+ # if name not contains '.csv' means
+ # we can transform value by {attrib[attri]}.csv
+ # attrib[attri] must in xml file
+ for attri in attrib:
+ if old_item + attri == trans_dict.get(key):
+ if len(attrib[attri]) == 0:
+ raise RuntimeError("you should set drv name while \
+ you set drv permission")
+ trans_file_path = os.path.join(in_path, "{}.csv".format(attrib[attri]))
+ return handle_trans(value, trans_file_path)
+
+ raise RuntimeError("cannot find second trans file",\
+ key, trans_dict.get(key))
+
+
+def item_zip(old_item, attr, value, attrib, in_path):
+
+ dyn_key = old_item + attr
+ dyn_type = type_dict.get(dyn_key)
+ origin_value = value
+
+ if len(trans_dict.get(dyn_key)) > 0:
+ value = get_value_trans(old_item, value, attrib, dyn_key, in_path)
+
+ # check the xml is invalid for dyn perm
+ dyn_perm_check(dyn_key, attrib, value, origin_value)
+
+ if dyn_type == type_trans.get("TYPE_BOOL"):
+ if value.lower() == "true":
+ return "1"
+ elif value.lower() == "false":
+ return "0"
+ else:
+ raise Exception("bool can only be true or false")
+ elif dyn_type == type_trans.get("TYPE_INT"):
+ if '0x' in value:
+ return str(int(value, base=16))
+ elif '0b' in value:
+ return str(int(value, base=2))
+ else:
+ return str(int(value, base=10))
+ elif dyn_type == type_trans.get("TYPE_CHAR"):
+ return value
+ else:
+ raise RuntimeError("unknown type")
+
+
+def get_length(value):
+
+ length = len(value)
+ off = int((DYN_CONF_LEN_LEN / 2 - 1) * 8)
+ ans = ""
+
+ for _ in range(int(DYN_CONF_LEN_LEN / 2)):
+ tmp = ""
+ dyn_len = (length >> off) & 0xFF;
+ if dyn_len >= 0 and dyn_len <= 0xF:
+ tmp = "0"
+ tmp += str(hex(dyn_len)).split("x")[1]
+ ans += tmp
+ off -= 8
+
+ return ans
+
+
+def do_parser_dyn_conf(old_item, ele, in_path):
+
+ attrs = ""
+ if len(ele.attrib) > 0:
+ for attr in ele.attrib:
+ ele.attrib[attr] = check_and_classify_attr(old_item,\
+ attr, ele.attrib.get(attr))
+ tag = tag_dict.get(old_item + attr)
+ dyn_type = type_dict.get(old_item + attr)
+ if dyn_type == type_trans.get("TYPE_NONE"):
+ continue
+
+ value = item_zip(old_item, attr, ele.attrib[attr],
+ ele.attrib, in_path)
+ length = get_length(value)
+ attrs = attrs + tag + dyn_type + length + value
+ else:
+ for child in ele:
+ tmp_attrs = do_parser_dyn_conf(old_item + child.tag + "/",
+ child, in_path)
+ if tmp_attrs == "":
+ continue
+ attrs = attrs + tmp_attrs
+
+ # handle inner context
+ if check_ta_config(old_item, ele.text) is True and \
+ ele.text is not None and len(ele.text.strip()) > 0:
+ inner_text = item_zip(old_item + ele.tag, "", ele.text, {}, in_path)
+ attrs = attrs + tag_dict.get(old_item + ele.tag) + \
+ type_dict.get(old_item + ele.tag) + \
+ get_length(inner_text) + inner_text
+
+ if len(tag_dict.get(old_item)) == 0 or attrs == "":
+ return ""
+
+ return tag_dict.get(old_item) + type_dict.get(old_item) + \
+ get_length(attrs) + attrs
+
+
+def parser_dyn_conf(dyn_conf_xml_file_path, manifest_ext_path,
+ tag_parse_dict_path, in_path):
+
+ if not os.path.exists(dyn_conf_xml_file_path):
+ logging.error("dyn perm xml file doesn't exist")
+ return
+
+ if not os.path.exists(tag_parse_dict_path):
+ logging.error("tag_parse_dict.csv file doesn't exist")
+ return
+
+ handle_tag_dict(tag_parse_dict_path)
+ tree = ET.parse(dyn_conf_xml_file_path)
+ root = tree.getroot()
+
+ ans = do_parser_dyn_conf(root.tag + "/", root, in_path)
+ if ans == "":
+ ans = "00000"
+
+ ans = "gpd.ta.dynConf:" + ans + "\n"
+
+ if not os.path.exists(manifest_ext_path):
+ out_tlv = os.path.join(in_path, "config_tlv")
+ with os.fdopen(os.open(out_tlv, \
+ os.O_RDWR | os.O_TRUNC | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR), 'w+') as conf:
+ conf.write(ans)
+ else:
+ #write items to mani_ext
+ manifest_ext_path_fd = os.open(manifest_ext_path, os.O_RDWR, 0o600)
+ with os.fdopen(manifest_ext_path_fd, 'a+') as mani_ext_fp:
+ mani_ext_fp.write(ans)
+
+
+def parser_config_xml(config_xml_file_path, tag_parse_dict_path, \
+ out_path, in_path):
+
+ if not os.path.exists(config_xml_file_path):
+ logging.error("config xml file doesn't exist")
+ return
+ if not os.path.exists(tag_parse_dict_path):
+ logging.error("tag_parse_dict.csv file doesn't exist")
+ return
+
+ handle_tag_dict(tag_parse_dict_path)
+ tree = ET.parse(config_xml_file_path)
+ root = tree.getroot()
+
+ ans = do_parser_dyn_conf(root.tag + "/", root, in_path)
+ if ans == "":
+ ans = "00000"
+
+ # write items to mani_ext
+ config_path_fd = os.open(out_path, os.O_CREAT | os.O_RDWR, 0o600)
+ with os.fdopen(config_path_fd, 'a+') as config_fp:
+ config_fp.write(ans)
diff --git a/build/signtools/generate_hash.py b/build/signtools/generate_hash.py
new file mode 100644
index 0000000..fd90a01
--- /dev/null
+++ b/build/signtools/generate_hash.py
@@ -0,0 +1,51 @@
+#!/usr/bin/env python
+# coding=utf-8
+#----------------------------------------------------------------------------
+# Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+# Description: cal hash for generating a trusted application load image
+#----------------------------------------------------------------------------
+
+import struct
+import os
+import hashlib
+import stat
+
+HASH256 = 0
+HASH512 = 1
+
+
+def gen_hash(hash_type, in_data, out_file_path):
+ # Initialize a SHA256 object from the Python hash library
+ if int(hash_type) == HASH256:
+ hash_op = hashlib.sha256()
+ elif int(hash_type) == HASH512:
+ hash_op = hashlib.sha512()
+ hash_op.update(in_data)
+
+ #-----hash file used for ras sign---
+ fd_hash = os.open(out_file_path, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ hash_fp = os.fdopen(fd_hash, "wb")
+ # fixed hash prefix value
+ if int(hash_type) == HASH256:
+ hash_fp.write(struct.pack('B' * 19, 0x30, 0x31, 0x30, 0x0d, 0x06, \
+ 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, \
+ 0x05, 0x00, 0x04, 0x20))
+ elif int(hash_type) == HASH512:
+ hash_fp.write(struct.pack('B' * 19, 0x30, 0x51, 0x30, 0x0d, 0x06, \
+ 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, \
+ 0x05, 0x00, 0x04, 0x40))
+ hash_fp.write(hash_op.digest())
+ hash_fp.close()
+ return
+
+
diff --git a/build/signtools/generate_signature.py b/build/signtools/generate_signature.py
index 382aa91..95657e8 100644
--- a/build/signtools/generate_signature.py
+++ b/build/signtools/generate_signature.py
@@ -1,8 +1,8 @@
#!/usr/bin/env python
-# coding:utf-8
+# coding=utf-8
#----------------------------------------------------------------------------
# Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
-# iTrustee licensed under the Mulan PSL v2.
+# Licensed under the Mulan PSL v2.
# You can use this software according to the terms and conditions of the Mulan
# PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
@@ -11,44 +11,47 @@
# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
# See the Mulan PSL v2 for more details.
+# Description: tools for generating a trusted application load image
#----------------------------------------------------------------------------
-import struct
import os
-import hashlib
+import stat
import subprocess
+import logging
-HASH256 = 0
-HASH512 = 1
+from generate_hash import gen_hash
-def gen_hash(hash_type, in_file_path, out_file_path):
- in_file_size = os.path.getsize(in_file_path)
- # Initialize a SHA256 object from the Python hash library
- if int(hash_type) == HASH256:
- hash_op = hashlib.sha256()
- elif int(hash_type) == HASH512:
- hash_op = hashlib.sha512()
- # Set the input buffer and return the output digest
- with open(in_file_path, 'rb') as in_file:
- hash_op.update(in_file.read(in_file_size))
- #-----hash file used for ras sign---
- with open(out_file_path, 'wb') as hash_fp:
- # fixed hash prefix value
- hash_fp.write(struct.pack('B'*19, 0x30, 0x31, 0x30, 0x0d, 0x06, \
- 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, \
- 0x05, 0x00, 0x04, 0x20))
- hash_fp.write(hash_op.digest())
- return
+def gen_ta_signature(cfg, uuid_str, raw_data, raw_data_path, hash_file_path, \
+ out_file_path, out_path, key_info_data, is_big_ending):
+ msg_file = os.path.join(out_path, "temp", "config_msg")
+ fd_msg = os.open(msg_file, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ msg_file_fp = os.fdopen(fd_msg, "wb")
+ msg_file_fp.write(raw_data)
+ msg_file_fp.close()
+ if cfg.sign_type == '1': # signed with local key
+ if cfg.padding_type == '0':
+ gen_hash(cfg.hash_type, raw_data, hash_file_path)
+ cmd = "openssl pkeyutl -sign -inkey {} -in {} -out {}".\
+ format(cfg.sign_key, hash_file_path, out_file_path)
+ elif cfg.padding_type == '1':
+ if cfg.hash_type == '0':
+ cmd = "openssl dgst -sign {} -sha256 -sigopt \
+ rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 \
+ -out {} {}".format(cfg.sign_key, out_file_path, msg_file)
+ else:
+ cmd = "openssl dgst -sign {} -sha512 -sigopt \
+ rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 \
+ -out {} {}".format(cfg.sign_key, out_file_path, msg_file)
+ try:
+ subprocess.check_output(cmd.split(), shell=False)
+ except Exception:
+ logging.error("sign operation failed")
+ raise RuntimeError
+ else:
+ logging.error("unhandled signtype %s", cfg.sign_type)
-def gen_ta_signature(cfg, uuid_str, raw_data_path, hash_file_path, out_file_path):
- gen_hash(cfg.hash_type, raw_data_path, hash_file_path)
- cmd = "openssl rsautl -sign -inkey {} -in {} -out {}".\
- format(cfg.sign_key, hash_file_path, out_file_path)
- try:
- subprocess.check_output(cmd.split(), shell=False)
- except Exception:
- print("sign operation failed")
- raise RuntimeError
return
+
diff --git a/build/signtools/get_ta_elf_hash.py b/build/signtools/get_ta_elf_hash.py
new file mode 100644
index 0000000..89443e0
--- /dev/null
+++ b/build/signtools/get_ta_elf_hash.py
@@ -0,0 +1,246 @@
+#!/usr/bin/env python3
+# coding=utf-8
+#----------------------------------------------------------------------------
+# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+# Calculate the elfhash values of TAs by segment and combine the values.
+#----------------------------------------------------------------------------
+
+"""
+calculate the elfhash values of TA
+"""
+
+from __future__ import print_function
+import os
+import sys
+import hashlib
+import struct
+import logging
+
+
+def elf_header_verify_check(elf_header):
+ """ check is elf file """
+ elfinfo_mag0_index = 0
+ elfinfo_mag1_index = 1
+ elfinfo_mag2_index = 2
+ elfinfo_mag3_index = 3
+ elfinfo_mag0 = '\x7f'
+ elfinfo_mag1 = 'E'
+ elfinfo_mag2 = 'L'
+ elfinfo_mag3 = 'F'
+
+ if (elf_header.e_ident[elfinfo_mag0_index] != ord(elfinfo_mag0)) or \
+ (elf_header.e_ident[elfinfo_mag1_index] != ord(elfinfo_mag1)) or \
+ (elf_header.e_ident[elfinfo_mag2_index] != ord(elfinfo_mag2)) or \
+ (elf_header.e_ident[elfinfo_mag3_index] != ord(elfinfo_mag3)):
+ return False
+ return True
+
+
+class ElfIdent:
+ """ define elf ident """
+ s = struct.Struct('4sBBB9s')
+
+ def __init__(self, data):
+ unpacked_data = (ElfIdent.s).unpack(data)
+ self.unpacked_data = unpacked_data
+ self.ei_magic = unpacked_data[0]
+ self.ei_class = unpacked_data[1]
+ self.ei_data = unpacked_data[2]
+ self.ei_ver = unpacked_data[3]
+ self.ei_pad = unpacked_data[4]
+
+
+#----------------------------------------------------------------------------
+# ELF Header Class
+#----------------------------------------------------------------------------
+class Elf32Ehdr:
+ """ 32bit elf file header """
+ s = struct.Struct('16sHHIIIIIHHHHHH')
+
+ def __init__(self, data):
+ unpacked_data = (Elf32Ehdr.s).unpack(data)
+ self.unpacked_data = unpacked_data
+ self.e_ident = unpacked_data[0]
+ self.e_type = unpacked_data[1]
+ self.e_machine = unpacked_data[2]
+ self.e_version = unpacked_data[3]
+ self.e_entry = unpacked_data[4]
+ self.e_phoff = unpacked_data[5]
+ self.e_shoff = unpacked_data[6]
+ self.e_flags = unpacked_data[7]
+ self.e_ehsize = unpacked_data[8]
+ self.e_phentsize = unpacked_data[9]
+ self.e_phnum = unpacked_data[10]
+ self.e_shentsize = unpacked_data[11]
+ self.e_shnum = unpacked_data[12]
+ self.e_shstrndx = unpacked_data[13]
+
+
+class Elf64Ehdr:
+ """ 64bit elf file header """
+ s = struct.Struct('16sHHIQQQIHHHHHH')
+
+ def __init__(self, data):
+ unpacked_data = (Elf64Ehdr.s).unpack(data)
+ self.unpacked_data = unpacked_data
+ self.e_ident = unpacked_data[0]
+ self.e_type = unpacked_data[1]
+ self.e_machine = unpacked_data[2]
+ self.e_version = unpacked_data[3]
+ self.e_entry = unpacked_data[4]
+ self.e_phoff = unpacked_data[5]
+ self.e_shoff = unpacked_data[6]
+ self.e_flags = unpacked_data[7]
+ self.e_ehsize = unpacked_data[8]
+ self.e_phentsize = unpacked_data[9]
+ self.e_phnum = unpacked_data[10]
+ self.e_shentsize = unpacked_data[11]
+ self.e_shnum = unpacked_data[12]
+ self.e_shstrndx = unpacked_data[13]
+
+
+#----------------------------------------------------------------------------
+# ELF Header Class
+#----------------------------------------------------------------------------
+class Elf32Phdr:
+ """ 32bit elf file Phdr """
+ s = struct.Struct('IIIIIIII')
+
+ def __init__(self, data):
+ unpacked_data = (Elf32Phdr.s).unpack(data)
+ self.unpacked_data = unpacked_data
+ self.p_type = unpacked_data[0]
+ self.p_offset = unpacked_data[1]
+ self.p_vaddr = unpacked_data[2]
+ self.p_paddr = unpacked_data[3]
+ self.p_filesz = unpacked_data[4]
+ self.p_memsz = unpacked_data[5]
+ self.p_flags = unpacked_data[6]
+ self.p_align = unpacked_data[7]
+
+
+class Elf64Phdr:
+ """ 64bit elf file Phdr """
+ s = struct.Struct('IIQQQQQQ')
+
+ def __init__(self, data):
+ unpacked_data = (Elf64Phdr.s).unpack(data)
+ self.unpacked_data = unpacked_data
+ self.p_type = unpacked_data[0]
+ self.p_flags = unpacked_data[1]
+ self.p_offset = unpacked_data[2]
+ self.p_vaddr = unpacked_data[3]
+ self.p_paddr = unpacked_data[4]
+ self.p_filesz = unpacked_data[5]
+ self.p_memsz = unpacked_data[6]
+ self.p_align = unpacked_data[7]
+
+
+#----------------------------------------------------------------------------
+# generate hash use SHA256
+#----------------------------------------------------------------------------
+def generate_sha256_hash_hex(in_buf):
+ """ initialize a SHA256 object from the Python hash library """
+ m = hashlib.sha256()
+ # Set the input buffer and return the output digest
+ m.update(in_buf)
+ return m.hexdigest()
+
+
+def get_elf_file_hash(file_name):
+ """ get elf file hash """
+ with open(file_name, 'rb') as elf_file_fp:
+ elf_buf = elf_file_fp.read()
+ return generate_sha256_hash_hex(elf_buf)
+
+
+class ElfInfo:
+ """ elf info message """
+
+ def __init__(self):
+ self.elf32_phdr_size = 32
+ self.elf64_phdr_size = 56
+ self.elf_ident_size = 16
+ self.elf64_hdr_size = 64
+ self.elf32_hdr_size = 52
+ self.elfinfo_class_32 = 1
+ self.elfinfo_class_64 = 2
+ self.load_type = 0x1
+ self.write_flag = 0x2
+ self.exec_flag = 0x1
+
+
+def get_code_segment_from_elf(elf_file_name, out_hash_file_name, sign_data):
+ """ verify ELF header information """
+ hash_value_summary = ""
+ elf_info = ElfInfo()
+
+ with open(elf_file_name, 'rb') as elf_fp:
+ elf_ident_buf = elf_fp.read(elf_info.elf_ident_size)
+ elf_ident = ElfIdent(elf_ident_buf)
+ elf_fp.seek(0)
+ if elf_ident.ei_class == elf_info.elfinfo_class_64:
+ elf_hd_buf = elf_fp.read(elf_info.elf64_hdr_size)
+ elf_header = Elf64Ehdr(elf_hd_buf)
+ elif elf_ident.ei_class == elf_info.elfinfo_class_32:
+ elf_hd_buf = elf_fp.read(elf_info.elf32_hdr_size)
+ elf_header = Elf32Ehdr(elf_hd_buf)
+ else:
+ logging.error("No Support ELFINFO_CLASS")
+
+ if elf_header_verify_check(elf_header) is False:
+ logging.error("ELF file failed verification: %s", elf_file_name)
+
+ for i_phd in range(0, elf_header.e_phnum):
+ if elf_ident.ei_class == elf_info.elfinfo_class_64:
+ elf_phd_header = Elf64Phdr(elf_fp.read(elf_info.elf64_phdr_size))
+ elif elf_ident.ei_class == elf_info.elfinfo_class_32:
+ elf_phd_header = Elf32Phdr(elf_fp.read(elf_info.elf32_phdr_size))
+ else:
+ logging.error("No Support ELFINFO_CLASS")
+
+ if (elf_phd_header.p_type != elf_info.load_type) or \
+ (elf_phd_header.p_flags & elf_info.exec_flag != elf_info.exec_flag) or \
+ (elf_phd_header.p_flags & elf_info.write_flag == elf_info.write_flag):
+ continue
+
+ # get segment buf form elf file
+ elf_fp.seek(elf_phd_header.p_offset)
+ elf_segment_buf = elf_fp.read(elf_phd_header.p_memsz)
+
+ # buf 4k alignment
+ if len(elf_segment_buf) % 4096 != 0:
+ alignment_len = (len(elf_segment_buf) // 4096 + 1) * 4096
+ elf_segment_buf = elf_segment_buf.ljust(alignment_len, b'\0')
+ # get hash from segment buf
+ hash_value_summary = hash_value_summary + generate_sha256_hash_hex(elf_segment_buf)
+
+ # move the read pointer of the file to the original position.
+ if elf_ident.ei_class == elf_info.elfinfo_class_64:
+ elf_fp.seek((i_phd + 1) * elf_info.elf64_phdr_size + elf_info.elf64_hdr_size)
+ elif elf_ident.ei_class == elf_info.elfinfo_class_32:
+ elf_fp.seek((i_phd + 1) * elf_info.elf32_phdr_size + elf_info.elf32_hdr_size)
+
+ elf_fp.seek(0)
+ with os.fdopen(os.open('hash_{}.txt'.format(out_hash_file_name), os.O_RDWR | os.O_CREAT, 0o755), \
+ "w+", 0o755) as file_ob:
+ file_ob.write("mem_hash : {}\n".format(generate_sha256_hash_hex(bytes.fromhex(hash_value_summary))))
+ file_ob.write("img_hash : {}".format(generate_sha256_hash_hex(sign_data)))
+
+
+def main():
+ """ main function """
+ get_code_segment_from_elf(sys.argv[1], "test", sys.argv[3])
+
+
+if __name__ == '__main__':
+ main()
diff --git a/build/signtools/manifest.py b/build/signtools/manifest.py
index 6468190..bd6bf90 100755
--- a/build/signtools/manifest.py
+++ b/build/signtools/manifest.py
@@ -1,8 +1,8 @@
#!/usr/bin/env python
-# coding:utf-8
+# coding=utf-8
#----------------------------------------------------------------------------
# Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
-# iTrustee licensed under the Mulan PSL v2.
+# Licensed under the Mulan PSL v2.
# You can use this software according to the terms and conditions of the Mulan
# PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
@@ -11,33 +11,42 @@
# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
# See the Mulan PSL v2 for more details.
+# Description: tools for generating a trusted application load image
#----------------------------------------------------------------------------
import string
import struct
import uuid
import os
+import re
+import stat
+import logging
-PRODUCT_TA_IMAGE = 1
-PRODUCT_DYN_LIB = 2
-PRODUCT_SERVICE_IMAGE = 3
+
+PRODUCT_TA_IMAGE = 1
+PRODUCT_DYN_LIB = 2
+PRODUCT_SERVICE_IMAGE = 3
+PRODUCT_CLIENT_IMAGE = 4
+PRODUCT_DRIVER_IMAGE = 5
class PackUuid:
# Structure object to align and package the TEE_UUID
data = struct.Struct('IHH8b')
- def __init__(self, data):
- unpacked_data = (PackUuid.data).unpack(str.encode(data))
- self.unpacked_data = unpacked_data
- self.time_low = unpacked_data[0]
- self.time_mid = unpacked_data[1]
+ def __init__(self, data, big_endian=False):
+ unpacked_data = (PackUuid.data).unpack(str.encode(data))
+ self.unpacked_data = unpacked_data
+ self.time_low = unpacked_data[0]
+ self.time_mid = unpacked_data[1]
self.time_hi_version = unpacked_data[2]
- self.clock_seq_node = unpacked_data[3]
+ self.clock_seq_node = unpacked_data[3]
+ if big_endian:
+ PackUuid.data = struct.Struct('>IHH8b')
def print_values(self):
- print("ATTRIBUTE / VALUE")
+ logging.critical("ATTRIBUTE / VALUE")
for attr, value in self.__dict__.items():
- print(attr, value)
+ logging.critical(attr, value)
def get_pack_data(self):
values = [self.time_low,
@@ -57,20 +66,22 @@ class Manifest:
# Structure object to align and package the Manifest
data = struct.Struct('I' * 6)
- def __init__(self, data):
- unpacked_data = (Manifest.data).unpack(str.encode(data))
- self.unpacked_data = unpacked_data
+ def __init__(self, data, big_endian=False):
+ unpacked_data = (Manifest.data).unpack(str.encode(data))
+ self.unpacked_data = unpacked_data
self.single_instance = unpacked_data[0]
- self.multi_session = unpacked_data[1]
- self.multi_command = unpacked_data[2]
- self.heap_size = unpacked_data[3]
- self.stack_size = unpacked_data[4]
+ self.multi_session = unpacked_data[1]
+ self.multi_command = unpacked_data[2]
+ self.heap_size = unpacked_data[3]
+ self.stack_size = unpacked_data[4]
self.instancekeepalive = unpacked_data[5]
+ if big_endian:
+ Manifest.data = struct.Struct('>' + 'I' * 6)
def print_values(self):
- print("ATTRIBUTE / VALUE")
+ logging.critical("ATTRIBUTE / VALUE")
for attr, value in self.__dict__.items():
- print(attr, value)
+ logging.critical(attr, value)
def get_pack_data(self):
values = [self.single_instance,
@@ -88,20 +99,20 @@ class Manifest:
# verify property name in manifest file
#----------------------------------------------------------------------------
def verify_property_name(str_line):
- print('verify property name')
+ logging.critical("verify property name")
alphas = string.ascii_letters + string.digits
cont = "".join([alphas, '-', '_', '.'])
if len(str_line) > 1:
if str_line[0] not in alphas:
- print('invalid first letter in property name')
+ logging.error("invalid first letter in property name")
return False
else:
for otherchar in str_line[1:]:
if otherchar not in cont:
- print('invalid char in property name')
+ logging.error("invalid char in property name")
return False
else:
- print('invalid property name')
+ logging.error("invalid property name")
return False
return True
@@ -111,11 +122,11 @@ def verify_property_name(str_line):
# verify property value in manifest file
#----------------------------------------------------------------------------
def verify_property_value(str_line):
- print('verify property value')
+ logging.critical("verify property value")
filt_letter = chr(0) + chr(10) + chr(13)
for thechar in str_line:
if thechar in filt_letter:
- print('invalid letter in prop value')
+ logging.error("invalid letter in prop value")
return False
return True
@@ -124,12 +135,11 @@ def verify_property_value(str_line):
# remove tabs and space in property value
#----------------------------------------------------------------------------
def trailing_space_tabs(str_line):
- print('trailing space tabs in value head and trail')
+ logging.critical("trailing space tabs in value head and trail")
space_tabs = chr(9) + chr(32) + chr(160)
space_tabs_newlines = space_tabs + chr(10) + chr(13)
- print('tab: {}'.format(space_tabs))
- print('str in: {}'.format(str_line))
+ logging.critical("str in: %s", str_line)
index = 0
for thechar in str_line:
if thechar in space_tabs:
@@ -148,8 +158,8 @@ def trailing_space_tabs(str_line):
else:
break
- str_ret = headvalue[0:strlen+1] + chr(10)
- print('str ret: {}'.format(str_ret))
+ str_ret = headvalue[0:strlen + 1] + chr(10)
+ logging.critical("str ret: %s", str_ret)
return str_ret
@@ -157,14 +167,14 @@ def trailing_space_tabs(str_line):
#----------------------------------------------------------------------------
# verify manifest file, parse manifest file, generate a new manfiest file
#----------------------------------------------------------------------------
-def parser_manifest(manifest, manifest_data_path, mani_ext):
- print('verify manifest')
+def parser_manifest(manifest, manifest_data_path, mani_ext, big_endian=False):
+ logging.critical("verify manifest")
target_type = PRODUCT_TA_IMAGE
- uuid_val = PackUuid('\0' * 16)
+ uuid_val = PackUuid('\0' * 16, big_endian)
#manifest default
- manifest_val = Manifest('\0'*24)
+ manifest_val = Manifest('\0' * 24, big_endian)
manifest_val.single_instance = 1
manifest_val.multi_session = 0
@@ -174,40 +184,46 @@ def parser_manifest(manifest, manifest_data_path, mani_ext):
manifest_val.stack_size = 2048
service_name = 'external_service'
+ dyn_conf_target_type = 0
- with open(manifest, 'r') as mani_fp, open(mani_ext, 'wb') as mani_ext_fp:
+ with open(manifest, 'r') as mani_fp:
+ fd_ext = os.open(mani_ext, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ mani_ext_fp = os.fdopen(fd_ext, "wb")
for each_line in mani_fp:
- print(each_line)
- if each_line.startswith("#") or not len(each_line.strip()):
+ logging.critical(each_line)
+ if each_line.startswith("#") or not each_line.strip():
continue
index = each_line.find(':', 1, len(each_line))
prop_name = each_line[0:index]
- prop_name_t = each_line[0:index+1]
- prop_value_t = each_line[index+1:]
- print('name is: {}; value is: {}'.format(prop_name, prop_value_t))
+ prop_name_t = each_line[0:index + 1]
+ prop_value_t = each_line[index + 1:]
+ logging.critical("name is: %s; value is: %s", prop_name, prop_value_t)
prop_value = trailing_space_tabs(prop_value_t)
prop_len = len(prop_value)
- prop_value_v = prop_value[0:prop_len-1]
- print('prop value_v: {}'.format(prop_value_v))
+ prop_value_v = prop_value[0:prop_len - 1]
+ logging.critical("prop value_v: %s", prop_value_v)
if verify_property_name(prop_name) is False:
- print('manifest format invalid, please check it')
- return (False, 0)
+ logging.error("manifest format invalid, please check it")
+ mani_ext_fp.close()
+ return (False, 0, 0)
if verify_property_value(prop_value_v) is False:
- print('manifest format invalid, please check it')
- return (False, 0)
+ logging.error("manifest format invalid, please check it")
+ mani_ext_fp.close()
+ return (False, 0, 0)
# name:value to lowcase, and parse manifest
prop_name_low = prop_name.lower()
- print("name lower: {}".format(prop_name_low))
+ logging.critical("name lower: %s", prop_name_low)
if 'gpd.ta.appid' == prop_name_low:
- print("compare name is srv id")
+ logging.critical("compare name is srv id")
uuid_val = uuid.UUID(prop_value_v)
- print('uuid str {}'.format(uuid_val))
- print('val fields {}'.format(uuid_val.fields))
+ logging.critical("uuid str %s", uuid_val)
+ logging.critical("val fields %s", uuid_val.fields)
elif 'gpd.ta.singleinstance' == prop_name_low:
prop_value_low = prop_value_v.lower()
@@ -216,7 +232,7 @@ def parser_manifest(manifest, manifest_data_path, mani_ext):
elif 'false' == prop_value_low:
manifest_val.single_instance = 0
else:
- print('single_instance value error!')
+ logging.error("single_instance value error!")
elif 'gpd.ta.multisession' == prop_name_low:
prop_value_low = prop_value_v.lower()
@@ -225,7 +241,7 @@ def parser_manifest(manifest, manifest_data_path, mani_ext):
elif 'false' == prop_value_low:
manifest_val.multi_session = 0
else:
- print('multi_session value error!')
+ logging.error("multi_session value error!")
elif 'gpd.ta.multicommand' == prop_name_low:
prop_value_low = prop_value_v.lower()
@@ -234,7 +250,7 @@ def parser_manifest(manifest, manifest_data_path, mani_ext):
elif 'false' == prop_value_low:
manifest_val.multi_command = 0
else:
- print('multi_command value error!')
+ logging.error("multi_command value error!")
elif 'gpd.ta.instancekeepalive' == prop_name_low:
prop_value_low = prop_value_v.lower()
@@ -243,77 +259,152 @@ def parser_manifest(manifest, manifest_data_path, mani_ext):
elif 'false' == prop_value_low:
manifest_val.instancekeepalive = 0
else:
- print('instancekeepalive value error!')
+ logging.error("instancekeepalive value error!")
elif 'gpd.ta.datasize' == prop_name_low:
manifest_val.heap_size = int(prop_value_v)
- print('b')
+ logging.critical('b')
elif 'gpd.ta.stacksize' == prop_name_low:
manifest_val.stack_size = int(prop_value_v)
- print('b')
+ logging.critical('b')
elif 'gpd.ta.service_name' == prop_name_low:
service_name = prop_value_v
- print('b')
+ logging.critical('b')
+
+ elif 'gpd.ta.dynconf' == prop_name_low:
+ mani_ext_fp.close()
+ logging.error("gpd.ta.dynConf is reserved, cannot set")
+ return (False, 0, 0)
else:
- print('b')
+ logging.critical('b')
#write have not paresed manifest into sample.manifest file
mani_ext_fp.write(str.encode(prop_name_t))
mani_ext_fp.write(str.encode(prop_value))
- if 'gpd.ta.is_tee_service' == prop_name_low:
- prop_value_low = prop_value_v.lower()
- if 'true' == prop_value_low:
- target_type = PRODUCT_SERVICE_IMAGE
- elif 'gpd.ta.is_lib' == prop_name_low:
+ if 'gpd.ta.is_lib' == prop_name_low:
prop_value_low = prop_value_v.lower()
if 'true' == prop_value_low:
target_type = PRODUCT_DYN_LIB
-
+ elif 'gpd.ta.target_type' == prop_name_low:
+ dyn_conf_target_type = int(prop_value_v)
+ if dyn_conf_target_type > 0xFFFF or \
+ dyn_conf_target_type < 0:
+ mani_ext_fp.close()
+ logging.error("gpd.ta.target_type must \
+ in range [0, 0xFFFF]")
+ return (False, 0, 0)
+
+ mani_ext_fp.close()
#write the whole parsed manifest into sample.manifest file
service_name_len = len(service_name)
- print('service name: {}'.format(service_name))
- print('service name len: {}'.format(service_name_len))
- if service_name_len > 64:
- print("service name len exceed MAX value 27")
- raise RuntimeError
+ logging.critical("service name: %s", service_name)
+ logging.critical("service name len: %s", service_name_len)
+
+ max_service_len = 64
+
+ # dyn_conf_target_type is 1 means that is drv
+ if dyn_conf_target_type == 1:
+ max_service_len = 32
+ target_type = PRODUCT_DRIVER_IMAGE
+ if not re.match(r"^[A-Za-z0-9_]*$", service_name):
+ logging.error("drv's name only can use [A-Z] [a-z] [0-9] and '_'")
+ return (False, 0, 0)
+
+ if dyn_conf_target_type == 3:
+ max_service_len = 32
+ target_type = PRODUCT_SERVICE_IMAGE
+ if not re.match(r"^[A-Za-z0-9_]*$", service_name):
+ logging.error("drv's name only can use \
+ [A-Z] [a-z] [0-9] and '_'")
+ return (False, 0, 0)
+ if dyn_conf_target_type == 4:
+ max_service_len = 32
+ target_type = PRODUCT_CLIENT_IMAGE
+ if not re.match(r"^[A-Za-z0-9_]*$", service_name):
+ logging.error("drv's name only can use \
+ [A-Z] [a-z] [0-9] and '_'")
+ return (False, 0, 0)
+
+ if service_name_len > max_service_len:
+ logging.error("service name len cannot larger than %s", str(max_service_len))
+ return (False, 0, 0)
# get manifest string file len
manifest_str_size = os.path.getsize(mani_ext)
- print('manifest str size {}'.format(manifest_str_size))
-
+ logging.critical('manifest str size %s', manifest_str_size)
# 2> manifest + service_name
- print("bytes len {}".format(len(uuid_val.bytes_le)))
- print("bytes len {}".format(len(manifest_val.get_pack_data())))
- print("bytes len {}".format(len(service_name)))
+ if big_endian:
+ logging.critical("bytes len %s", len(uuid_val.bytes))
+ else:
+ logging.critical("bytes len %s", len(uuid_val.bytes_le))
+ logging.critical("bytes len %s", len(manifest_val.get_pack_data()))
+ logging.critical("bytes len %s", len(service_name))
# 3> unparsed manifest, string manifest
with open(mani_ext, 'rb') as string_mani_fp:
- print("read manifest string size {}".format(manifest_str_size))
+ logging.critical("read manifest string size %s", manifest_str_size)
manifest_string_buf = string_mani_fp.read(manifest_str_size)
- print("manifest strint: {}".format(manifest_string_buf))
+ logging.critical("manifest strint: %s", manifest_string_buf)
#---- write manifest parse context to manifest file
- with open(manifest_data_path, 'wb') as out_manifest_fp:
+ fd_out = os.open(manifest_data_path, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ out_manifest_fp = os.fdopen(fd_out, "wb")
+ if big_endian:
+ out_manifest_fp.write(uuid_val.bytes)
+ else:
out_manifest_fp.write(uuid_val.bytes_le)
- out_manifest_fp.write(str.encode(service_name))
- out_manifest_fp.write(manifest_val.get_pack_data())
+ out_manifest_fp.write(str.encode(service_name))
+ out_manifest_fp.write(manifest_val.get_pack_data())
+ out_manifest_fp.close()
+ uuid_str = str(uuid_val)
product_name = str(uuid_val)
if target_type == PRODUCT_TA_IMAGE:
- print("product type is ta image")
- product_name = "".join([product_name, ".sec"])
+ logging.critical("product type is ta image")
+ product_name = "".join([uuid_str, ".sec"])
+ elif target_type == PRODUCT_DRIVER_IMAGE:
+ logging.critical("product type is driver")
+ product_name = "".join([service_name, ".sec"])
elif target_type == PRODUCT_SERVICE_IMAGE:
- print("product type is service")
- product_name = "".join([product_name, service_name, "_svr.sec"])
+ logging.critical("product type is service")
+ product_name = "".join([service_name, ".sec"])
+ elif target_type == PRODUCT_CLIENT_IMAGE:
+ logging.critical("product type is client")
+ product_name = "".join([service_name, ".so.sec"])
elif target_type == PRODUCT_DYN_LIB:
- print("product type is dyn lib")
- product_name = "".join([product_name, service_name, ".so.sec"])
+ logging.critical("product type is dyn lib")
+ product_name = "".join([uuid_str, service_name, ".so.sec"])
else:
- print("invalid product type!")
- raise RuntimeError
+ logging.error("invalid product type!")
+ return (False, 0, 0)
+
+ return (True, product_name, uuid_str)
+
+
+class ManifestInfo:
+ ''' get manifest info '''
+ def __init__(self, ret, product_name, uuid_str, manifest_txt_exist):
+ self.ret = ret
+ self.product_name = product_name
+ self.uuid_str = uuid_str
+ self.manifest_txt_exist = manifest_txt_exist
+
+
+def process_manifest_file(xml_config_path, manifest_path, \
+ manifest_data_path, mani_ext, big_endian=False):
- return (True, product_name)
+ manifest_txt_exist = True
+ if not os.path.exists(manifest_path):
+ logging.critical("xml trans manifest cfg")
+ manifest_txt_exist = False
+ from xml_trans_manifest import trans_xml_to_manifest
+ trans_xml_to_manifest(xml_config_path, manifest_path)
+ ret, product_name, uuid_str = parser_manifest(manifest_path, \
+ manifest_data_path, mani_ext, big_endian)
+ manifest_info = ManifestInfo(ret, product_name, uuid_str, manifest_txt_exist)
+ return manifest_info
diff --git a/build/signtools/manifest_tag_parse_dict.csv b/build/signtools/manifest_tag_parse_dict.csv
new file mode 100644
index 0000000..e56a82d
--- /dev/null
+++ b/build/signtools/manifest_tag_parse_dict.csv
@@ -0,0 +1,24 @@
+ConfigInfo/,0,TYPE_CLASS,
+ConfigInfo/TA_Basic_Info/,1,TYPE_CLASS,
+ConfigInfo/TA_Basic_Info/service_name,2,TYPE_CHAR,gpd.ta.service_name
+ConfigInfo/TA_Basic_Info/uuid,4,TYPE_CHAR,gpd.ta.appID
+ConfigInfo/TA_Manifest_Info/,6,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/instance_keep_alive,7,TYPE_CHAR,gpd.ta.instanceKeepAlive
+ConfigInfo/TA_Manifest_Info/stack_size,9,TYPE_CHAR,gpd.ta.stackSize
+ConfigInfo/TA_Manifest_Info/heap_size,11,TYPE_CHAR,gpd.ta.dataSize
+ConfigInfo/TA_Manifest_Info/target_type,13,TYPE_CHAR,gpd.ta.target_type
+ConfigInfo/TA_Manifest_Info/multi_command,15,TYPE_CHAR,gpd.ta.multicommand
+ConfigInfo/TA_Manifest_Info/multi_session,17,TYPE_CHAR,gpd.ta.multiSession
+ConfigInfo/TA_Manifest_Info/single_instance,19,TYPE_CHAR,gpd.ta.singleInstance
+ConfigInfo/TA_Manifest_Info/sdk_version,21,TYPE_CHAR,gpd.sdk.version
+ConfigInfo/TA_Manifest_Info/is_tee_service,23,TYPE_CHAR,gpd.ta.is_tee_service
+ConfigInfo/TA_Manifest_Info/is_lib,25,TYPE_CHAR,gpd.ta.is_lib
+ConfigInfo/TA_Manifest_Info/objectEnumEnable,27,TYPE_CHAR,gpd.ta.objectEnumEnable
+ConfigInfo/TA_Manifest_Info/distribution,29,TYPE_CHAR,gpd.ta.distribution
+ConfigInfo/TA_Manifest_Info/target_version,31,TYPE_CHAR,gpd.elf.target_version
+ConfigInfo/TA_Manifest_Info/mem_page_align,33,TYPE_CHAR,gpd.ta.mem_page_align
+ConfigInfo/TA_Manifest_Info/hardWareType,35,TYPE_CHAR,gpd.ta.hardWareType
+ConfigInfo/TA_Manifest_Info/is_need_release_ta_res,37,TYPE_CHAR,gpd.srv.is_need_release_ta_res
+ConfigInfo/TA_Manifest_Info/srv_crash_callback,39,TYPE_CHAR,gpd.srv.crash_callback
+ConfigInfo/TA_Manifest_Info/srv_is_need_create_msg,41,TYPE_CHAR,gpd.srv.is_need_create_msg
+ConfigInfo/TA_Manifest_Info/srv_is_need_release_msg,43,TYPE_CHAR,gpd.srv.is_need_release_msg
diff --git a/build/signtools/rsa_public_key_cloud.pem b/build/signtools/rsa_public_key_cloud.pem
new file mode 100644
index 0000000..a321f63
--- /dev/null
+++ b/build/signtools/rsa_public_key_cloud.pem
@@ -0,0 +1,11 @@
+-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzAPwbnbgBg7JgXERA9Bx
+p7GLI1S3e1zL83RMd2+GXb6kO4yMKUL3NUCE2HhA2BtQYmLyGovx59UUcKnU58is
+Xux++kH+A2shmOPjYvEFuX0Kt8tc19b8M9b/iHsY8ZmKykqia2a5U+IrECRFJo5p
+DWUnl7jrHVtq78BSR1c7iXG1frrEC0AYCuqKJo/fxfmOKL0Y9mENCB3nAwjn9unD
+BsO/OhkqvvB3nkeuMfNKPh4wCqtQPve13eTojbuxjX/3ePijplTI5X2Gr+n6Ximn
+fYRlytQmMgMl/db0ARSKNApq9bmwzVNrnGWWZWJksdRvf6iL7t17Gs4L9AApOuC9
+WkzxPvwp5ZUqjsGd4oJGWeC6ZE6BTw2vxE+xMFI9uAKHxq9pBKkcGMa0g4fANNNV
++W+8JZGanxEXKB3y/M7BCyQAPCWOHC/RNjmRA1gczLYCPzC4pWu935UZdF1RR6zY
+CD3t+FoOGGET/g4CwWgyhb5qkp65Hs6ayYt/DUAqo+yBAgMBAAE=
+-----END PUBLIC KEY-----
diff --git a/build/signtools/signtool_v3.py b/build/signtools/signtool_v3.py
index 39a719d..b588707 100755
--- a/build/signtools/signtool_v3.py
+++ b/build/signtools/signtool_v3.py
@@ -1,8 +1,8 @@
#!/usr/bin/env python
-# coding:utf-8
+# coding=utf-8
#----------------------------------------------------------------------------
# Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
-# iTrustee licensed under the Mulan PSL v2.
+# Licensed under the Mulan PSL v2.
# You can use this software according to the terms and conditions of the Mulan
# PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
@@ -11,31 +11,32 @@
# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
# See the Mulan PSL v2 for more details.
+# Description: tools for generating a trusted application load image
#----------------------------------------------------------------------------
import struct
import os
import stat
-import hashlib
import binascii
-import subprocess
import shutil
-import getpass
import argparse
+import configparser
+import re
+import logging
-try:
- from configparser import SafeConfigParser
-except ImportError:
- from ConfigParser import SafeConfigParser
-from manifest import parser_manifest
+from manifest import process_manifest_file
from generate_signature import gen_ta_signature
+from Crypto.Hash import SHA256
+from Crypto.Cipher import PKCS1_OAEP
+from Crypto.PublicKey import RSA
+from Crypto.Cipher import AES
+from Crypto.Random import get_random_bytes
-# fixed value, {1, 2} version are abandoned.
-VERSION = 3
-TA_VERSION = 3
-MAX_EXT_PROP_LEN = 152
+TYPE_PUBKEY = 0
+TYPE_CERT = 1
+TYPE_CERT_CHAIN = 2
MAGIC1 = 0xA5A55A5A
MAGIC2 = 0x55AA
@@ -63,6 +64,21 @@ ELF_INFO_VERSION_INDEX = 6
ELF_INFO_VERSION_CURRENT = 1
ELF_BLOCK_ALIGN = 0x1000
+SEC_HEADER_BYTES = 16
+SING_BIG_ENDIAN = False
+
+
+def whitelist_check(intput_str):
+ if not re.match(r"^[A-Za-z0-9\/\-_.]+$", intput_str):
+ return 1
+ return 0
+
+
+def integer_check(intput_str):
+ if not str(intput_str).isdigit():
+ return 1
+ return 0
+
#----------------------------------------------------------------------------
# Verify ELF header contents from an input ELF file
@@ -70,7 +86,7 @@ ELF_BLOCK_ALIGN = 0x1000
def verify_elf_header(elf_path):
elf_type = 0
with open(elf_path, 'rb') as elf:
- elf_data = struct.unpack('B'*16, elf.read(16))
+ elf_data = struct.unpack('B' * 16, elf.read(16))
elf_type = elf_data[4]
if ((elf_data[ELF_INFO_MAGIC0_INDEX] != ELF_INFO_MAGIC0) or \
(elf_data[ELF_INFO_MAGIC1_INDEX] != ELF_INFO_MAGIC1) or \
@@ -78,7 +94,7 @@ def verify_elf_header(elf_path):
(elf_data[ELF_INFO_MAGIC3_INDEX] != ELF_INFO_MAGIC3) or \
(elf_data[ELF_INFO_VERSION_INDEX] != \
ELF_INFO_VERSION_CURRENT)):
- print("invalid elf header info")
+ logging.error("invalid elf header info")
raise RuntimeError
if ((elf_type == 1 and elf_data[ELF_INFO_CLASS_INDEX] != \
@@ -86,229 +102,410 @@ def verify_elf_header(elf_path):
(elf_type == 2 and elf_data[ELF_INFO_CLASS_INDEX] != \
ELF_INFO_CLASS_64) or \
(elf_type != 1 and elf_type != 2)):
- print("invliad elf format")
+ logging.error("invliad elf format")
raise RuntimeError
return
-class Configuration:
- release_type = 0
- otrp_flag = 0
- sign_type = 0
+class AllCfg:
+ release_type = "1"
+ otrp_flag = "0"
+ sign_type = "0"
public_key = ""
- pub_key_len = 0
+ pub_key_len = ""
+ re_sign_flag = "0"
server_ip = ""
config_path = ""
sign_key = ""
- sign_key_len = 2048
- hash_type = 0
- padding_type = 0
+ sign_key_type = "0"
+ sign_alg = "RSA"
+ ta_cert_chain = ""
+ ta_version = 3
+
- def __init__(self, file_name):
- parser = SafeConfigParser()
+class PublicCfg:
+ def __init__(self, file_name, all_cfg):
+ cfg_section = "signSecPublicCfg"
+ parser = configparser.ConfigParser()
parser.read(file_name)
- self.release_type = parser.get("config", "releaseType")
- self.otrp_flag = parser.get("config", "otrpFlag")
- self.sign_type = parser.get("config", "signType")
- self.public_key = parser.get("config", "encryptKey")
- self.pub_key_len = parser.get("config", "encryptKeyLen")
- self.server_ip = parser.get("config", "serverIp")
- self.config_path = parser.get("config", "configPath")
- self.sign_key = parser.get("config", "signKey")
- self.sign_key_len = parser.get("config", "signKeyLen")
- self.hash_type = parser.get("config", "hashType")
- self.padding_type = parser.get("config", "paddingType")
-
-
-def gen_header(content_len, key_version):
- return struct.pack('IHHII', MAGIC1, MAGIC2, VERSION, content_len, \
- key_version)
-
-
-def gen_aes_key_info(cfg, iv_file_path, key_file_path, out_file_path):
- rand_iv_cmd = "openssl rand -out {} 16".format(iv_file_path)
- rand_key_cmd = "openssl rand -out {} 32".format(key_file_path)
- try:
- subprocess.check_output(rand_iv_cmd.split(), shell=False)
- subprocess.check_output(rand_key_cmd.split(), shell=False)
- except Exception:
- print("rand operation failed")
- raise RuntimeError
- os.chmod(iv_file_path, stat.S_IWUSR | stat.S_IRUSR)
- os.chmod(key_file_path, stat.S_IWUSR | stat.S_IRUSR)
+ if parser.has_option(cfg_section, "secReleaseType"):
+ all_cfg.release_type = parser.get(cfg_section, "secReleaseType")
+ if parser.has_option(cfg_section, "secOtrpFlag"):
+ all_cfg.otrp_flag = parser.get(cfg_section, "secOtrpFlag")
+
+ all_cfg.sign_type = parser.get(cfg_section, "secSignType")
+ if parser.has_option(cfg_section, "secSignServerIp"):
+ all_cfg.server_ip = parser.get(cfg_section, "secSignServerIp")
+
+ all_cfg.config_path = parser.get(cfg_section, "configPath")
+ all_cfg.sign_key = parser.get(cfg_section, "secSignKey")
+ if parser.has_option(cfg_section, "secTaVersion"):
+ all_cfg.ta_version = int(parser.get(cfg_section, "secTaVersion"))
+ else:
+ all_cfg.ta_version = 3
+ if parser.has_option(cfg_section, "secSignKeyType"):
+ all_cfg.sign_key_type = parser.get(cfg_section, "secSignKeyType")
+ if parser.has_option(cfg_section, "secTaCertChain"):
+ all_cfg.ta_cert_chain = parser.get(cfg_section, "secTaCertChain")
+
+
+class PrivateCfg:
+ def __init__(self, file_name, all_cfg):
+ cfg_section = 'signSecPrivateCfg'
+ parser = configparser.ConfigParser()
+ parser.read(file_name)
+ if parser.has_option(cfg_section, "secEncryptKey"):
+ all_cfg.public_key = parser.get(cfg_section, "secEncryptKey")
+
+ if parser.has_option(cfg_section, "secEncryptKeyLen"):
+ all_cfg.pub_key_len = parser.get(cfg_section, "secEncryptKeyLen")
+
+ if parser.has_option(cfg_section, "secReSignFlag"):
+ all_cfg.re_sign_flag = parser.get(cfg_section, "secReSignFlag")
+
+ all_cfg.hash_type = parser.get(cfg_section, "secHashType")
+ all_cfg.sign_key_len = parser.get(cfg_section, "secSignKeyLen")
+ all_cfg.padding_type = parser.get(cfg_section, "secPaddingType")
+
+ if parser.has_option(cfg_section, "secSignAlg"):
+ all_cfg.sign_alg = parser.get(cfg_section, "secSignAlg")
+
+
+def check_cfg(cfg):
+ ret = 0
+ if cfg.release_type != "":
+ if integer_check(cfg.release_type):
+ logging.error("secReleaseType is invalid.")
+ ret = 1
+ if cfg.otrp_flag != "":
+ if integer_check(cfg.otrp_flag):
+ logging.error("secOtrpFlag is invalid.")
+ ret = 1
+ if cfg.sign_type != "":
+ if integer_check(cfg.sign_type):
+ logging.error("secSignType is invalid.")
+ ret = 1
+ if cfg.server_ip != "":
+ if whitelist_check(cfg.server_ip):
+ logging.error("secSignServerIp is invalid.")
+ ret = 1
+ if cfg.config_path != "":
+ if whitelist_check(cfg.config_path):
+ logging.error("configPath is invalid.")
+ ret = 1
+ if cfg.sign_key != "":
+ if whitelist_check(cfg.sign_key):
+ logging.error("secSignKey is invalid.")
+ ret = 1
+ if cfg.public_key != "":
+ if whitelist_check(cfg.public_key):
+ logging.error("secEncryptKey is invalid.")
+ ret = 1
+ if cfg.pub_key_len != "":
+ if integer_check(cfg.pub_key_len):
+ logging.error("secEncryptKeyLen is invalid.")
+ ret = 1
+ if cfg.re_sign_flag != "":
+ if integer_check(cfg.re_sign_flag):
+ logging.error("secReSignFlag is invalid.")
+ ret = 1
+ if cfg.hash_type != "":
+ if integer_check(cfg.hash_type):
+ logging.error("secHashType is invalid.")
+ ret = 1
+ if cfg.sign_key_len != "":
+ if integer_check(cfg.sign_key_len):
+ logging.error("secSignKeyLen is invalid.")
+ ret = 1
+ if cfg.padding_type != "":
+ if integer_check(cfg.padding_type):
+ logging.error("secPaddingType is invalid.")
+ ret = 1
+ if cfg.sign_alg != "":
+ if whitelist_check(cfg.sign_alg):
+ logging.error("secSignAlg is invalid.")
+ ret = 1
+ return ret
+
+
+def gen_header(content_len, key_version, cfg):
+ ''' gen header by endian '''
+ if SING_BIG_ENDIAN:
+ head_tag = '>IHHII'
+ else:
+ head_tag = 'IHHII'
+ return struct.pack(head_tag, MAGIC1, MAGIC2, cfg.ta_version, content_len, key_version)
+
+
+def get_sign_alg(cfg):
sign_alg = 0
sign_alg = sign_alg | (int(cfg.release_type) << 28)
sign_alg = sign_alg | (int(cfg.padding_type) << 27)
sign_alg = sign_alg | (int(cfg.hash_type) << 26)
- if cfg.sign_key_len == "2048":
- sign_alg = sign_alg | 0x00002048
- elif cfg.sign_key_len == "4096":
- sign_alg = sign_alg | 0x00004096
+ if cfg.sign_alg == "RSA":
+ sign_alg = sign_alg | (2 << 20)
+ elif cfg.sign_alg == "ECDSA":
+ sign_alg = sign_alg | (1 << 20)
+ if cfg.sign_type == '4' or cfg.sign_type == '5' or cfg.sign_type == '6' :
+ sign_alg = sign_alg | 0x0000C000
+ else:
+ if cfg.sign_key_len == "2048":
+ sign_alg = sign_alg | 0x00002048
+ elif cfg.sign_key_len == "4096":
+ sign_alg = sign_alg | 0x00004096
+ elif cfg.sign_key_len == "256":
+ sign_alg = sign_alg | 0x00000256
+ return sign_alg
+
+
+def gen_aes_key_info(cfg):
+ iv_data = get_random_bytes(16)
+ key_data = get_random_bytes(32)
+ if SING_BIG_ENDIAN:
+ aes_tag = '>3I'
+ else:
+ aes_tag = '<3I'
+ sign_alg = get_sign_alg(cfg)
+ key_info = struct.pack(aes_tag, 32, 16, sign_alg)
+ key_info += key_data
+ key_info += iv_data
+ return key_data, iv_data, key_info
+
+
+def gen_sign_alg_info(cfg, out_file_path):
+ sign_alg = get_sign_alg(cfg)
+ logging.critical("sign_alg value is 0x%x", sign_alg)
+ if SING_BIG_ENDIAN:
+ info_tag = '>I'
+ else:
+ info_tag = 'I'
+ fd_out = os.open(out_file_path, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ out_file = os.fdopen(fd_out, "wb")
+ out_file.write(struct.pack(info_tag, 0))
+ out_file.write(struct.pack(info_tag, 0))
+ out_file.write(struct.pack(info_tag, sign_alg))
+ out_file.close()
- print("sign_alg value is 0x%x" % sign_alg)
- with open(out_file_path, 'wb') as out_file:
- out_file.write(struct.pack('I', 32))
- out_file.write(struct.pack('I', 16))
- out_file.write(struct.pack('I', sign_alg))
+ return
- with open(key_file_path, 'rb') as key_file:
- out_file.write(key_file.read(32))
- with open(iv_file_path, 'rb') as iv_file:
- out_file.write(iv_file.read(16))
+def encrypt_aes_key(pubkey_path, in_data, out_path):
+ with open(pubkey_path, 'rb') as pubkey_file_fd:
+ pubkey_file = pubkey_file_fd.read(os.path.getsize(pubkey_path))
+ pubkey = RSA.importKey(pubkey_file)
+ cipher = PKCS1_OAEP.new(pubkey)
+ ciphertext = cipher.encrypt(in_data)
- os.chmod(out_file_path, stat.S_IWUSR | stat.S_IRUSR)
+ fd_out = os.open(out_path, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ out_file = os.fdopen(fd_out, "wb")
+ out_file.write(ciphertext)
+ out_file.close()
return
-def encrypt_aes_key(pubkey_path, in_path, out_path):
- cmd = "openssl rsautl -encrypt -pubin -oaep -inkey {} -in {} -out {}". \
- format(pubkey_path, in_path, out_path)
- try:
- subprocess.check_output(cmd.split(), shell=False)
- except Exception:
- print("RSA encrypt operation failed")
- raise RuntimeError
- os.chmod(out_path, stat.S_IWUSR | stat.S_IRUSR)
- return
-
-def gen_signature(cfg, uuid_str, raw_data_path, hash_file_path, out_file_path):
- gen_ta_signature(cfg, uuid_str, raw_data_path, hash_file_path, out_file_path)
+def gen_signature(cfg, uuid_str, raw_data, raw_data_path, hash_file_path, \
+ out_file_path, out_path, key_info_data):
+ gen_ta_signature(cfg, uuid_str, raw_data, raw_data_path, \
+ hash_file_path, out_file_path, out_path, key_info_data, SING_BIG_ENDIAN)
os.chmod(out_file_path, stat.S_IWUSR | stat.S_IRUSR)
return
+
def gen_raw_data(manifest_data_path, manifest_ext_path, elf_file_path, \
- config_path, raw_file_path):
+ config_path, raw_file_path, ta_version):
manifest_size = os.path.getsize(manifest_data_path)
manifest_ext_size = os.path.getsize(manifest_ext_path)
elf_size = os.path.getsize(elf_file_path)
config_size = 0
- if manifest_ext_size > MAX_EXT_PROP_LEN:
- print("too much data in \"manifest.txt\" to be handled. \
- extra string len %d" \
- % manifest_ext_size)
- raise RuntimeError
-
verify_elf_header(elf_file_path)
- with open(raw_file_path, 'wb') as file_op:
- header = ""
- if os.path.isfile(config_path):
- config_size = os.path.getsize(config_path)
- header = struct.pack('IIIII', TA_VERSION, manifest_size, \
- manifest_ext_size, \
- elf_size, config_size)
- file_op.write(header)
-
- with open(manifest_data_path, 'rb') as manifest_data:
- file_op.write(manifest_data.read(manifest_size))
-
- with open(manifest_ext_path, 'rb') as manifest_ext:
- file_op.write(manifest_ext.read(manifest_ext_size))
-
- with open(elf_file_path, 'rb') as elf:
- file_op.write(elf.read(elf_size))
- if config_size != 0:
- with open(config_path, 'rb') as config:
- file_op.write(config.read(config_size))
+ fd_op = os.open(raw_file_path, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ file_op = os.fdopen(fd_op, "wb")
+ header = ""
+ if os.path.isfile(config_path):
+ config_size = os.path.getsize(config_path)
+ if SING_BIG_ENDIAN:
+ raw_tag = '>IIIII'
+ else:
+ raw_tag = 'IIIII'
+ header = struct.pack(raw_tag, ta_version, manifest_size, \
+ manifest_ext_size, \
+ elf_size, config_size)
+ file_op.write(header)
+
+ with open(manifest_data_path, 'rb') as manifest_data:
+ file_op.write(manifest_data.read(manifest_size))
+
+ with open(manifest_ext_path, 'rb') as manifest_ext:
+ file_op.write(manifest_ext.read(manifest_ext_size))
+
+ with open(elf_file_path, 'rb') as elf:
+ file_op.write(elf.read(elf_size))
+ if config_size != 0:
+ with open(config_path, 'rb') as config:
+ file_op.write(config.read(config_size))
+ file_op.close()
return
-def aes_encrypt(key_path, iv_path, in_file_path, out_file_path):
- key_size = os.path.getsize(key_path)
- with open(key_path, 'rb') as key_file:
- key_data = key_file.read(key_size)
- hex_key_str = binascii.b2a_hex(key_data)
-
- iv_size = os.path.getsize(iv_path)
- with open(iv_path, 'rb') as iv_file:
- iv_data = iv_file.read(iv_size)
- hex_iv_str = binascii.b2a_hex(iv_data)
-
- cmd = "openssl enc -aes-256-cbc -in {} -out {} -K {} -iv {}".\
- format(in_file_path, out_file_path, \
- bytes.decode(hex_key_str), bytes.decode(hex_iv_str))
- try:
- subprocess.check_output(cmd.split(), shell=False)
- except Exception:
- print("AES encrypt operation failed")
- raise RuntimeError
+def aes_encrypt(key_data, iv_data, in_file_path, out_file_path):
+ in_size = os.path.getsize(in_file_path)
+ with open(in_file_path, 'rb') as in_file:
+ in_data = in_file.read(in_size)
+ padding = 16 - in_size % 16
+ in_data += bytes([padding]) * padding
+
+ cipher = AES.new(key_data, AES.MODE_CBC, iv_data)
+ ciphertext = cipher.encrypt(in_data)
+
+ fd_out = os.open(out_file_path, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ out_file = os.fdopen(fd_out, "wb")
+ out_file.write(ciphertext)
+ out_file.close()
- os.chmod(out_file_path, stat.S_IWUSR | stat.S_IRUSR)
return
-def parser_api_level(compile_config):
+def parser_api_level(mk_compile_cfg, cmake_compile_cfg):
default_api_level = 1
- if not os.path.exists(compile_config):
- print("TA Make Config doesn't exist, ignore it")
+ compile_cfg_file = ''
+
+ # The config.mk file is first searched.
+ # The config.cmake file is searched only when the config.mk file does
+ # not exist. If the API_LEVEL macro is not defined in either of the
+ # two files, the default value LEVEL 1 is used.
+ if os.path.exists(mk_compile_cfg):
+ compile_cfg_file = mk_compile_cfg
+ elif os.path.exists(cmake_compile_cfg):
+ compile_cfg_file = cmake_compile_cfg
+ else:
+ logging.error("Build config file doesn't exist, ignore it")
return default_api_level
- with open(compile_config) as file_op:
+
+ with open(compile_cfg_file) as file_op:
for line in file_op:
- if line.startswith("#") or not "-DAPI_LEVEL" in line:
+ if line.startswith("#") or "-DAPI_LEVEL" not in line:
continue
key, value = line.strip().split("-DAPI_LEVEL=")
- print("key info {}".format(key))
- print(("ta_api_level = {}".format(value)))
- return value
+ logging.critical("key info %s", key)
+ logging.critical("ta_api_level = %s", value[0])
+ return value[0]
+
+ logging.error("Build Config file doesn't define API_LEVEL")
return default_api_level
-def update_api_level(compile_config, manifest):
+def update_api_level(mk_compile_cfg, cmake_compile_cfg, manifest):
data = ''
with open(manifest, 'r') as file_op:
for line in file_op:
- if line.startswith("#") or not "gpd.ta.api_level" in line:
+ if line.startswith("#") or "gpd.ta.api_level" not in line:
data += line
- line = "\ngpd.ta.api_level:{}\n".format(parser_api_level(compile_config))
+
+ api_level = parser_api_level(mk_compile_cfg, cmake_compile_cfg)
+ line = "\ngpd.ta.api_level:{}\n".format(api_level)
data += line
- with open(manifest, "w") as file_op:
- file_op.writelines(data)
+ fd_op = os.open(manifest, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ file_op = os.fdopen(fd_op, "w")
+ file_op.writelines(data)
+ file_op.close()
def update_otrp_flag(manifest):
data = ''
with open(manifest, 'r') as file_op:
for line in file_op:
- if line.startswith("#") or not "gpd.ta.otrp_flag" in line:
+ if line.startswith("#") or "gpd.ta.otrp_flag" not in line:
data += line
line = "\ngpd.ta.otrp_flag:{}\n".format('true')
data += line
- with open(manifest, "w") as file_op:
- file_op.writelines(data)
+ fd_op = os.open(manifest, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ file_op = os.fdopen(fd_op, "w")
+ file_op.writelines(data)
+ file_op.close()
-def gen_data_for_sign(header, key_info, raw_file, data_sign):
- key_info_len = os.path.getsize(key_info)
+def gen_data_for_sign(header, key_data, raw_file):
raw_file_len = os.path.getsize(raw_file)
+ with open(raw_file, 'rb') as raw_fp:
+ raw_data = raw_fp.read(raw_file_len)
- with open(data_sign, 'wb') as data_fp, \
- open(key_info, 'rb') as key_fp, open(raw_file, 'rb') as raw_fp:
- data_fp.write(header)
- data_fp.write(key_fp.read(key_info_len))
- data_fp.write(raw_fp.read(raw_file_len))
+ data_sign = header
+ data_sign += key_data
+ data_sign += raw_data
+ return data_sign
def gen_key_version(cfg):
- if cfg.pub_key_len == '3072':
+ if cfg.pub_key_len == '4096':
+ return int(0x0302)
+ elif cfg.pub_key_len == '3072':
return int(0x0202)
- if cfg.pub_key_len == '2048':
+ elif cfg.pub_key_len == '2048':
return int(0x0002)
- print("unhandled pulic key len %s" % cfg.pub_key_len)
+ elif cfg.pub_key_len == '':
+ return int(0x0000)
+
+ logging.error("unhandled pulic key len %s", cfg.pub_key_len)
raise RuntimeError
+def pack_signature(signature_path, signature_size):
+ add_size = 72 - signature_size
+ with open(signature_path, 'rb+') as signature_file:
+ signature_buf = signature_file.read(signature_size)
+ signature_file.seek(0)
+ for _ in range(0, add_size):
+ signature_file.write(b'\x00')
+ signature_file.write(signature_buf)
+
+
+def check_if_is_drv(manifest_path):
+ with open(manifest_path, 'r') as mani_fp:
+ for each_line in mani_fp:
+ if each_line.startswith("#") or not each_line.strip():
+ continue
+ name = each_line.split(":")[0].strip()
+ if name == "gpd.ta.target_type" and \
+ str(each_line.split(":")[1].strip()) == "1":
+ return 1
+ return 0
+
+
+def get_sign_cert_block_buffer(cfg, signature_path, signature_size):
+ ''' get sign and cert buffer '''
+ with open(signature_path, 'rb') as signature_file:
+ signature_buf = signature_file.read(signature_size)
+ ta_cert_len = 0
+ if cfg.sign_key_type == TYPE_PUBKEY:
+ sign_verify_buf = struct.pack('II', TYPE_PUBKEY, 0) + signature_buf
+ else:
+ ta_cert_path = cfg.ta_cert_chain
+ ta_cert_len = os.path.getsize(ta_cert_path)
+ with open(ta_cert_path, 'rb') as ta_cert_file:
+ ta_cert_buf = ta_cert_file.read(ta_cert_len)
+ if cfg.sign_key_type == TYPE_CERT:
+ sign_verify_buf = struct.pack('II', TYPE_CERT, ta_cert_len) + ta_cert_buf + signature_buf
+ else:
+ sign_verify_buf = struct.pack('II', TYPE_CERT_CHAIN, ta_cert_len) + ta_cert_buf + signature_buf
+ return sign_verify_buf
+
+
def gen_sec_image(in_path, out_path, cfg):
# temporary files
- temp_path = os.path.join(in_path, "temp")
+ temp_path = os.path.join(out_path, "temp")
shutil.rmtree(temp_path, ignore_errors=True)
os.mkdir(temp_path)
os.chmod(temp_path, stat.S_IRWXU)
- iv_file_path = os.path.join(temp_path, "iv.bin")
- key_file_path = os.path.join(temp_path, "aeskey.bin")
key_info_path = os.path.join(temp_path, "KeyInfo")
enc_key_path = os.path.join(temp_path, "KeyInfo.enc")
raw_file_path = os.path.join(temp_path, "rawData")
@@ -322,63 +519,185 @@ def gen_sec_image(in_path, out_path, cfg):
# mandentory input files
manifest_path = os.path.join(in_path, "manifest.txt")
elf_file_path = os.path.join(in_path, "libcombine.so")
- compile_config_path = os.path.join(in_path, "config.mk")
-
- ret, product_name = parser_manifest(manifest_path, \
- manifest_data_path, manifest_ext_path)
- if ret is False:
+ mk_cfg_path = os.path.join(in_path, "config.mk")
+ cmake_cfg_path = os.path.join(in_path, "config.cmake")
+ dyn_conf_xml_file_path = os.path.join(in_path, "dyn_perm.xml")
+ tag_parse_dict_file_path = os.path.join(os.getcwd(), "tag_parse_dict.csv")
+ xml_config_path = os.path.join(in_path, "configs.xml")
+ auth_xml_file_path = os.path.join(in_path, "auth_config.xml")
+
+ ta_cert_path = cfg.ta_cert_chain
+ if cfg.ta_version == 5:
+ if cfg.sign_key_type == TYPE_PUBKEY:
+ ta_cert_len = 0
+ else:
+ ta_cert_len = os.path.getsize(ta_cert_path)
+
+ is_encrypt_sec = True
+ if cfg.public_key == "" or cfg.pub_key_len == "":
+ is_encrypt_sec = False
+
+ # 1. parser_manifest
+ manifest_info = process_manifest_file(xml_config_path, \
+ manifest_path, manifest_data_path, manifest_ext_path, SING_BIG_ENDIAN)
+ uuid_str = manifest_info.uuid_str
+ if manifest_info.ret is False:
raise RuntimeError
- update_api_level(compile_config_path, manifest_ext_path)
+ # 2. update_api_level
+ update_api_level(mk_cfg_path, cmake_cfg_path, manifest_ext_path)
- if cfg.otrp_flag == 1:
- print("package otrp sec file\n")
+ # 3. update_otrp_flag
+ if cfg.otrp_flag == "1":
+ logging.critical("package otrp sec file\n")
update_otrp_flag(manifest_ext_path)
+ # 4. parser_dyn_conf
+ if os.path.exists(dyn_conf_xml_file_path):
+ # V3.1 ta/drv do not need manifest_ext
+ if not os.path.exists(cfg.config_path):
+ from dyn_conf_parser import parser_dyn_conf
+ parser_dyn_conf(dyn_conf_xml_file_path, manifest_ext_path, \
+ tag_parse_dict_file_path, in_path)
+ else:
+ if check_if_is_drv(manifest_path) == 1:
+ if not os.path.exists(cfg.config_path):
+ ans = "gpd.ta.dynConf:00000\n"
+ manifest_ext_path_fd = os.open(manifest_ext_path, \
+ os.O_RDWR, 0o600)
+ with os.fdopen(manifest_ext_path_fd, 'a+') as mani_ext_fp:
+ mani_ext_fp.write(ans)
+
+ # parser auth config xml: the auth info must be packed in the end of manifest_ext.
+ if os.path.exists(auth_xml_file_path):
+ from auth_conf_parser import parser_auth_xml
+ parser_auth_xml(auth_xml_file_path, manifest_ext_path, SING_BIG_ENDIAN)
+
+ # 5. gen_raw_data
gen_raw_data(manifest_data_path, manifest_ext_path, elf_file_path, \
- cfg.config_path, raw_file_path)
-
- # generate AES key info to encrypt raw data
- gen_aes_key_info(cfg, iv_file_path, key_file_path, key_info_path)
- encrypt_aes_key(cfg.public_key, key_info_path, enc_key_path)
-
- aes_encrypt(key_file_path, iv_file_path, raw_file_path, enc_raw_path)
+ cfg.config_path, raw_file_path, cfg.ta_version)
+
+ if cfg.sign_type == '4':
+ sign_len = 9219
+ elif cfg.sign_type == '5':
+ sign_len = 0
+ elif cfg.sign_type == '6':
+ sign_len = 9227
+ else:
+ if int(cfg.sign_key_len) == 256:
+ sign_len = 72
+ else:
+ sign_len = int(cfg.sign_key_len) / 8
+
+ # 6. gen aes key, and encrypt aes key with RSA key,
+ # and encrypt raw data with aes key
+ if is_encrypt_sec is True:
+ # generate AES key info to encrypt raw data
+ key_data, iv_data, key_info_data = gen_aes_key_info(cfg)
+ encrypt_aes_key(cfg.public_key, key_info_data, enc_key_path)
+ aes_encrypt(key_data, iv_data, raw_file_path, enc_raw_path)
+
+ # generate Main Header
+ if cfg.ta_version == 5:
+ content_len = os.path.getsize(enc_key_path) \
+ + 4 + 4 + ta_cert_len + sign_len \
+ + os.path.getsize(enc_raw_path)
+ else:
+ content_len = os.path.getsize(enc_key_path) \
+ + sign_len \
+ + os.path.getsize(enc_raw_path)
+ else:
+ gen_sign_alg_info(cfg, key_info_path)
+ # generate Main Header
+ if cfg.ta_version == 5:
+ content_len = os.path.getsize(key_info_path) \
+ + 4 + 4 + ta_cert_len + sign_len \
+ + os.path.getsize(raw_file_path)
+ else:
+ content_len = os.path.getsize(key_info_path) \
+ + sign_len \
+ + os.path.getsize(raw_file_path)
+ with open(key_info_path, 'rb') as key_info_fp:
+ key_info_data = key_info_fp.read(os.path.getsize(key_info_path))
- # generate Main Header
- content_len = os.path.getsize(enc_key_path) + \
- (int(cfg.sign_key_len) / 8) + \
- os.path.getsize(enc_raw_path)
key_version = gen_key_version(cfg)
- header = gen_header(int(content_len), key_version)
-
- gen_data_for_sign(header, key_info_path, raw_file_path, data_for_sign_path)
-
- uuid_str = product_name[0:36]
- print('uuid str {}'.format(uuid_str))
-
- gen_signature(cfg, uuid_str, data_for_sign_path, hash_path, signature_path)
-
- sec_img_path = os.path.join(out_path, product_name)
- with open(sec_img_path, 'wb') as sec_image:
- # write to sec file [1.header info]
- sec_image.write(header)
+ header = gen_header(int(content_len), key_version, cfg)
+ data_for_sign = gen_data_for_sign(header, key_info_data, raw_file_path)
+
+ uuid_str = uuid_str[0:36]
+ logging.critical("uuid str %s", uuid_str)
+
+ # 7. gen signature
+ gen_signature(cfg, uuid_str, data_for_sign, data_for_sign_path, \
+ hash_path, signature_path, out_path, key_info_data)
+
+ if os.path.exists("get_ta_elf_hash.py"):
+ if os.path.exists(elf_file_path):
+ from get_ta_elf_hash import get_code_segment_from_elf
+ get_code_segment_from_elf(elf_file_path, uuid_str, data_for_sign)
+
+ # 8. pack sec img: header || key || signature || raw_data
+ signature_size = os.path.getsize(signature_path)
+ if sign_len == 72:
+ if signature_size != 72:
+ pack_signature(signature_path, signature_size)
+ elif sign_len == 0:
+ sign_len = signature_size
+ # generate Main Header
+ if is_encrypt_sec is True:
+ key_data_path = enc_key_path
+ raw_data_path = enc_raw_path
+ else:
+ key_data_path = key_info_path
+ raw_data_path = raw_file_path
+ content_len = os.path.getsize(key_data_path) \
+ + sign_len \
+ + os.path.getsize(raw_data_path)
+ header = gen_header(int(content_len), key_version, cfg)
+
+ sec_img_path = os.path.join(out_path, manifest_info.product_name)
+ fd_image = os.open(sec_img_path, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ sec_image = os.fdopen(fd_image, "wb")
+ # write to sec file [1.header info]
+ sec_image.write(header)
+ if is_encrypt_sec is True:
# write to sec file [2.AES key info]
enc_key_size = os.path.getsize(enc_key_path)
with open(enc_key_path, 'rb') as enc_key_info:
sec_image.write(enc_key_info.read(enc_key_size))
- # write to sec file [3.signature]
+ else:
+ key_info_size = os.path.getsize(key_info_path)
+ with open(key_info_path, 'rb') as key_info_fp:
+ sec_image.write(key_info_fp.read(key_info_size))
+ # write to sec file [3.signature]
+ if cfg.ta_version == 5:
+ signature_size = os.path.getsize(signature_path)
+ sign_cert_buf = get_sign_cert_block_buffer(cfg, signature_path, signature_size)
+ sec_image.write(sign_cert_buf)
+ else:
signature_size = os.path.getsize(signature_path)
with open(signature_path, 'rb') as signature_file:
sec_image.write(signature_file.read(signature_size))
+ if is_encrypt_sec is True:
# write to sec file [4.encrypted raw data]
enc_raw_size = os.path.getsize(enc_raw_path)
with open(enc_raw_path, 'rb') as enc_raw_data:
sec_image.write(enc_raw_data.read(enc_raw_size))
+ else:
+ raw_file_size = os.path.getsize(raw_file_path)
+ with open(raw_file_path, 'rb') as raw_file_data:
+ sec_image.write(raw_file_data.read(raw_file_size))
+ sec_image.truncate(int(SEC_HEADER_BYTES) + int(content_len))
+ sec_image.close()
- print("=========================SUCCESS============================")
- print("generate TA(V3 format) load image success: ")
- print(sec_img_path)
- print("============================================================")
+ logging.critical("=========================SUCCESS============================")
+ logging.critical("generate sec(common format) load image success: ")
+ logging.critical(sec_img_path)
+ logging.critical("============================================================")
+
+ if manifest_info.manifest_txt_exist is False and os.path.exists(manifest_path):
+ os.remove(manifest_path)
#remove temp files
shutil.rmtree(temp_path)
@@ -386,23 +705,59 @@ def gen_sec_image(in_path, out_path, cfg):
def main():
- sign_tool_dir = os.path.dirname(os.path.abspath(__file__))
+ global SING_BIG_ENDIAN
+ sign_tool_dir = os.path.dirname(os.path.realpath(__file__))
parser = argparse.ArgumentParser()
parser.add_argument("in_path", help="input path of data to be signed. \
(libcombine.so; manifest.txt; ...", type=str)
parser.add_argument("out_path", help="input path of signed file. \
(xxx.sec)", type=str)
- parser.add_argument("--config", help="sign configuation file", type=str)
+ parser.add_argument("--publicCfg", \
+ help="sign cfg for ta developer", type=str)
+ parser.add_argument("--privateCfg", \
+ help="sign cfg for product developer", type=str)
+ parser.add_argument("--sign_endian", \
+ help="sign endian (little/big default little)", type=str)
args = parser.parse_args()
- if args.config:
- cfg = Configuration(args.config)
+ cfg = AllCfg()
+ if args.privateCfg:
+ PrivateCfg(args.privateCfg, cfg)
else:
- cfg = Configuration(os.path.join(sign_tool_dir, "config.ini"))
+ logging.error("please config private cfg file")
+ raise RuntimeError
- in_path = os.path.abspath(args.in_path)
- out_path = os.path.abspath(args.out_path)
+ if args.publicCfg:
+ PublicCfg(args.publicCfg, cfg)
+ else:
+ PublicCfg(args.privateCfg, cfg)
+
+ if args.sign_endian and args.sign_endian == "big":
+ SING_BIG_ENDIAN = True
+
+ if check_cfg(cfg):
+ logging.error("the configuration file field is incorrect.")
+ exit()
+ in_path = os.path.realpath(args.in_path)
+ out_path = os.path.realpath(args.out_path)
+ if not os.path.exists(in_path):
+ logging.error("input_path does not exist.")
+ exit()
+ if not os.path.exists(out_path):
+ logging.error("out_path does not exist.")
+ exit()
+ if whitelist_check(in_path):
+ logging.error("input_path is incorrect.")
+ exit()
+ if whitelist_check(out_path):
+ logging.error("out_path is incorrect.")
+ exit()
os.chdir(sign_tool_dir)
- gen_sec_image(in_path, out_path, cfg)
+
+ if cfg.re_sign_flag == "1":
+ from re_generate_signature import re_sign_sec_img
+ re_sign_sec_img(in_path, out_path, cfg)
+ else:
+ gen_sec_image(in_path, out_path, cfg)
if __name__ == '__main__':
diff --git a/build/signtools/tag_parse_dict.csv b/build/signtools/tag_parse_dict.csv
new file mode 100644
index 0000000..22040ea
--- /dev/null
+++ b/build/signtools/tag_parse_dict.csv
@@ -0,0 +1,120 @@
+drv_perm/,0,TYPE_CLASS,
+drv_perm/drvcall_perm_apply/,1,TYPE_CLASS,
+drv_perm/drvcall_perm_apply/item/,2,TYPE_CLASS,
+drv_perm/drvcall_perm_apply/item/name,3,TYPE_CHAR,
+drv_perm/drvcall_perm_apply/item/permission,4,TYPE_CHAR,drv_perm/drvcall_perm_apply/item/name
+drv_perm/drv_basic_info/,5,TYPE_CLASS,
+drv_perm/drv_basic_info/thread_limit,6,TYPE_INT,
+drv_perm/drv_basic_info/upgrade,7,TYPE_BOOL,
+drv_perm/drv_basic_info/virt2phys,8,TYPE_BOOL,
+drv_perm/drv_basic_info/exception_mode,9,TYPE_CHAR,
+drv_perm/drv_io_map/,10,TYPE_CLASS,
+drv_perm/drv_io_map/item/,11,TYPE_CLASS,
+drv_perm/drv_io_map/item/chip_type,12,TYPE_CHAR,
+drv_perm/drv_io_map/item/iomap,13,TYPE_CHAR,
+drv_perm/irq/,14,TYPE_CLASS,
+drv_perm/irq/item/,15,TYPE_CLASS,
+drv_perm/irq/item/chip_type,16,TYPE_CHAR,
+drv_perm/irq/item/irq,17,TYPE_CHAR,
+drv_perm/map_secure/,18,TYPE_CLASS,
+drv_perm/map_secure/item/,19,TYPE_CLASS,
+drv_perm/map_secure/item/chip_type,20,TYPE_CHAR,
+drv_perm/map_secure/item/uuid,21,TYPE_CHAR,
+drv_perm/map_secure/item/region,22,TYPE_CHAR,
+drv_perm/map_nosecure/,23,TYPE_CLASS,
+drv_perm/map_nosecure/item/,24,TYPE_CLASS,
+drv_perm/map_nosecure/item/chip_type,25,TYPE_CHAR,
+drv_perm/map_nosecure/item/uuid,26,TYPE_CHAR,
+drv_perm/drv_cmd_perm_info/,27,TYPE_CLASS,
+drv_perm/drv_cmd_perm_info/item/,28,TYPE_CLASS,
+drv_perm/drv_cmd_perm_info/item/cmd,29,TYPE_CHAR,{gpd.ta.service_name}.csv
+drv_perm/drv_cmd_perm_info/item/permission,30,TYPE_CHAR,{gpd.ta.service_name}.csv
+drv_perm/drv_mac_info/,31,TYPE_CLASS,
+drv_perm/drv_mac_info/item/,32,TYPE_CLASS,
+drv_perm/drv_mac_info/item/uuid,33,TYPE_CHAR,
+drv_perm/drv_mac_info/item/permission,34,TYPE_CHAR,{gpd.ta.service_name}.csv
+ConfigInfo/drv_perm/,0,TYPE_CLASS,
+ConfigInfo/drv_perm/drvcall_perm_apply/,1,TYPE_CLASS,
+ConfigInfo/drv_perm/drvcall_perm_apply/item/,2,TYPE_CLASS,
+ConfigInfo/drv_perm/drvcall_perm_apply/item/name,3,TYPE_CHAR,
+ConfigInfo/drv_perm/drvcall_perm_apply/item/permission,4,TYPE_CHAR,ConfigInfo/drv_perm/drvcall_perm_apply/item/name
+ConfigInfo/drv_perm/drv_basic_info/,5,TYPE_CLASS,
+ConfigInfo/drv_perm/drv_basic_info/thread_limit,6,TYPE_INT,
+ConfigInfo/drv_perm/drv_basic_info/upgrade,7,TYPE_BOOL,
+ConfigInfo/drv_perm/drv_basic_info/virt2phys,8,TYPE_BOOL,
+ConfigInfo/drv_perm/drv_basic_info/exception_mode,9,TYPE_CHAR,
+ConfigInfo/drv_perm/drv_io_map/,10,TYPE_CLASS,
+ConfigInfo/drv_perm/drv_io_map/item/,11,TYPE_CLASS,
+ConfigInfo/drv_perm/drv_io_map/item/chip_type,12,TYPE_CHAR,
+ConfigInfo/drv_perm/drv_io_map/item/iomap,13,TYPE_CHAR,
+ConfigInfo/drv_perm/irq/,14,TYPE_CLASS,
+ConfigInfo/drv_perm/irq/item/,15,TYPE_CLASS,
+ConfigInfo/drv_perm/irq/item/chip_type,16,TYPE_CHAR,
+ConfigInfo/drv_perm/irq/item/irq,17,TYPE_CHAR,
+ConfigInfo/drv_perm/map_secure/,18,TYPE_CLASS,
+ConfigInfo/drv_perm/map_secure/item/,19,TYPE_CLASS,
+ConfigInfo/drv_perm/map_secure/item/chip_type,20,TYPE_CHAR,
+ConfigInfo/drv_perm/map_secure/item/uuid,21,TYPE_CHAR,
+ConfigInfo/drv_perm/map_secure/item/region,22,TYPE_CHAR,
+ConfigInfo/drv_perm/map_nosecure/,23,TYPE_CLASS,
+ConfigInfo/drv_perm/map_nosecure/item/,24,TYPE_CLASS,
+ConfigInfo/drv_perm/map_nosecure/item/chip_type,25,TYPE_CHAR,
+ConfigInfo/drv_perm/map_nosecure/item/uuid,26,TYPE_CHAR,
+ConfigInfo/drv_perm/drv_cmd_perm_info/,27,TYPE_CLASS,
+ConfigInfo/drv_perm/drv_cmd_perm_info/item/,28,TYPE_CLASS,
+ConfigInfo/drv_perm/drv_cmd_perm_info/item/cmd,29,TYPE_CHAR,{gpd.ta.service_name}.csv
+ConfigInfo/drv_perm/drv_cmd_perm_info/item/permission,30,TYPE_CHAR,{gpd.ta.service_name}.csv
+ConfigInfo/drv_perm/drv_mac_info/,31,TYPE_CLASS,
+ConfigInfo/drv_perm/drv_mac_info/item/,32,TYPE_CLASS,
+ConfigInfo/drv_perm/drv_mac_info/item/uuid,33,TYPE_CHAR,
+ConfigInfo/drv_perm/drv_mac_info/item/permission,34,TYPE_CHAR,{gpd.ta.service_name}.csv
+ConfigInfo/,0,TYPE_CLASS,
+ConfigInfo/TA_Basic_Info/,1,TYPE_CLASS,
+ConfigInfo/TA_Basic_Info/service_name/,2,TYPE_CLASS,
+ConfigInfo/TA_Basic_Info/service_name/service_name,3,TYPE_CHAR,
+ConfigInfo/TA_Basic_Info/uuid/,4,TYPE_CLASS,
+ConfigInfo/TA_Basic_Info/uuid/uuid,5,TYPE_CHAR,
+ConfigInfo/TA_Manifest_Info/,6,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/instance_keep_alive/,7,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/instance_keep_alive/instance_keep_alive,8,TYPE_BOOL,
+ConfigInfo/TA_Manifest_Info/stack_size/,9,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/stack_size/stack_size,10,TYPE_INT,
+ConfigInfo/TA_Manifest_Info/heap_size/,11,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/heap_size/heap_size,12,TYPE_INT,
+ConfigInfo/TA_Manifest_Info/target_type/,13,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/target_type/target_type,14,TYPE_INT,
+ConfigInfo/TA_Manifest_Info/multi_command/,15,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/multi_command/multi_command,16,TYPE_BOOL,
+ConfigInfo/TA_Manifest_Info/multi_session/,17,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/multi_session/multi_session,18,TYPE_BOOL,
+ConfigInfo/TA_Manifest_Info/single_instance/,19,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/single_instance/single_instance,20,TYPE_BOOL,
+ConfigInfo/TA_Control_Info/,21,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/RPMB_Info/,22,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/,23,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/RPMB_size,24,TYPE_INT,
+ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/,25,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/RPMB_general/,26,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/RPMB_general/RPMB_general,27,TYPE_BOOL,
+ConfigInfo/TA_Control_Info/SE_Info/,28,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/SE_Info/SE_open_session/,29,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/SE_Info/SE_open_session/SE_open_session,30,TYPE_BOOL,
+ConfigInfo/TA_Control_Info/TUI_Info/,31,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/TUI_Info/TUI_general/,32,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/TUI_Info/TUI_general/TUI_general,33,TYPE_BOOL,
+ConfigInfo/TA_Control_Info/DEBUG_Info/,34,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/DEBUG_Info/debug_status/,35,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/DEBUG_Info/debug_status/debug_status,36,TYPE_BOOL,
+ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_status/,35,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_status/DEBUG_status,36,TYPE_BOOL,
+ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/,37,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/DEBUG_device_id,38,TYPE_CHAR,
+ConfigInfo/TA_Manifest_Info/mem_page_align/,39,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/mem_page_align/mem_page_align,40,TYPE_BOOL,
+ConfigInfo/TA_Manifest_Info/sys_verify_ta/,41,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/sys_verify_ta/sys_verify_ta,42,TYPE_BOOL,
+ConfigInfo/TA_Control_Info/TA_Manager/,43,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/TA_Manager/TA_Manager,44,TYPE_CHAR,
+ConfigInfo/TA_Control_Info/CERT_Info/,45,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/CERT_Info/CERT_Permission/,46,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/CERT_Info/CERT_Permission/CERT_Permission,47,TYPE_BOOL,
diff --git a/build/signtools/xml_trans_manifest.py b/build/signtools/xml_trans_manifest.py
new file mode 100644
index 0000000..f9eb36a
--- /dev/null
+++ b/build/signtools/xml_trans_manifest.py
@@ -0,0 +1,109 @@
+#!/usr/bin/env python
+# coding=utf-8
+#----------------------------------------------------------------------------
+# Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+# Description: tools for xml trans
+#----------------------------------------------------------------------------
+
+import os
+import logging
+from defusedxml import ElementTree as ET
+
+
+type_trans = {"TYPE_NONE": "-1",
+ "TYPE_CLASS": "0",
+ "TYPE_BOOL": "1",
+ "TYPE_INT": "2",
+ "TYPE_CHAR": "3"}
+
+type_dict = {}
+manifest_dict = {}
+
+
+def get_csv_size(path):
+
+ with open(path, "r", encoding="utf-8") as csvfile:
+ lines = csvfile.readlines()
+ return len(lines)
+ return 0
+
+
+def get_csv_data(path, lnum, rnum):
+ with open(path, "r", encoding="utf-8") as csvfile:
+ count = 0
+ lines = csvfile.readlines()
+ for line in lines:
+ if count == lnum:
+ return str(line.split(",")[rnum]).strip()
+ count = count + 1
+ return ""
+
+
+def classify_tag(tag):
+
+ while len(tag) < 3:
+ tag = "0%s" % (tag)
+
+ return tag
+
+
+# save tag type and manifest item dict
+def handle_manifest_tag_dict(path):
+ for index in range(0, get_csv_size(path)):
+ dyn_sym = get_csv_data(path, index, 0)
+ type_dict[dyn_sym] = type_trans.get(get_csv_data(path, index, 2))
+ manifest_dict[dyn_sym] = get_csv_data(path, index, 3)
+
+
+def process_xml_to_manifest(config_xml_file_path, manifest_path):
+ tree = ET.parse(config_xml_file_path)
+ root = tree.getroot()
+ #Layer 1 node name
+ old_item = root.tag
+ attrs = ""
+ write_data = False
+
+ #write items to manifest.txt
+ manifest_fd = os.open(manifest_path, os.O_CREAT | os.O_RDWR, 0o600)
+ manifest_fp = os.fdopen(manifest_fd, "wb")
+
+ #Traversing the second layer of the xml file
+ for child in root:
+ child_item = "{}/{}".format(old_item, child.tag)
+ #Traversing the third layer of the xml file
+ for children in child:
+ children_item = "{}/{}".format(child_item, children.tag)
+ dyn_type = type_dict.get(children_item + attrs)
+ manifest_item_name = manifest_dict.get(children_item + attrs)
+ if dyn_type == type_trans.get("TYPE_CHAR"):
+ value = "{}: {}\n".format(manifest_item_name, children.text)
+ manifest_fp.write(value.encode())
+ write_data = True
+
+ #close manifest.txt file
+ manifest_fp.close()
+ if write_data is False:
+ os.remove(manifest_path)
+
+
+def trans_xml_to_manifest(config_xml_file_path, manifest_path):
+ if not os.path.exists(config_xml_file_path):
+ logging.error("config xml file doesn't exist")
+ return
+ if not os.path.exists("./manifest_tag_parse_dict.csv"):
+ logging.error("config manifest_tag_parse_dict.csv file doesn't exist")
+ return
+ if os.path.exists(manifest_path):
+ return
+
+ handle_manifest_tag_dict("./manifest_tag_parse_dict.csv")
+ process_xml_to_manifest(config_xml_file_path, manifest_path)
diff --git a/build/tools/srv_entry_check.sh b/build/tools/srv_entry_check.sh
new file mode 100644
index 0000000..870076c
--- /dev/null
+++ b/build/tools/srv_entry_check.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+# Copyright Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+set -e
+
+echo "------------- check SRV tee_task_entry begin --------------"
+task_entry=$($1 -s $2 | grep -w tee_task_entry) || true
+if [[ "$task_entry" != "" ]]; then
+ exit 0
+else
+ echo "----- SRV should define tee_task_entry symbol ---"
+ exit 1
+fi
+echo "------------- check SRV tee_task_entry succ --------------"
diff --git a/build/tools/ta_entry_check.sh b/build/tools/ta_entry_check.sh
new file mode 100644
index 0000000..eab72a3
--- /dev/null
+++ b/build/tools/ta_entry_check.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+# Copyright Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+# iTrustee licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+set -e
+
+#params: $1-readelf cmd; $2-libcombine.so; $3-USE_ENTRY_BINARY; $4-DYN_LINK; $5-TARGET_IS_ARM64
+
+# if USE_ENTRY_BINARY is y, means link elf_main_entry.o
+# no need to check
+if [ "$3" == "y" ]; then
+ echo "------ no need to check task_entry ----"
+ exit 0
+fi
+
+# for ta not link elf_main_entry.o
+# should not define tee_task_entry symbol
+echo "------------- check TA tee_task_entry begin --------------"
+task_entry=$($1 -s $2 | grep -w tee_task_entry) || true
+if [[ "$task_entry" != "" ]]; then
+ echo "----- ERROR TA should not define tee_task_entry symbol ---"
+ echo " $task_entry"
+ exit 1
+fi
+echo "------------- check TA tee_task_entry succ --------------"
+
+# if TARGET_IS_ARM64 is y, means is aarch64 TA
+# for aarch64 ta no need to compile ta_magic.c
+if [ "$5" == "y" ]; then
+ echo "------- aarch64 TA no need check magic ----"
+ exit 0
+fi
+
+# if DYN_LINK is y, means is DYN TA
+# for 32bit dyn ta should compile ta_magic.c
+# since it not link elf_main_entry.o
+task_magic=$($1 -S $2 | grep -w ".magic") || true
+if [ "$4" == "y" ]; then
+ echo "------- check TA magic begin ------"
+ if [[ "$task_magic" == "" ]]; then
+ echo "------ ERROR DYN TA should compile ta_magic.c -----"
+ exit 1
+ fi;
+ echo "------- check TA magic succ ------"
+fi
diff --git a/build/tools/ta_link_64.gcc_xom.ld b/build/tools/ta_link_64.gcc_xom.ld
new file mode 100644
index 0000000..3023ed9
--- /dev/null
+++ b/build/tools/ta_link_64.gcc_xom.ld
@@ -0,0 +1,226 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: Define the link rule of dyn service 64 bits for xom
+ */
+
+OUTPUT_FORMAT("elf64-littleaarch64", "elf64-bigaarch64",
+ "elf64-littleaarch64")
+OUTPUT_ARCH(aarch64)
+ENTRY(_start)
+PHDRS
+{
+ phdr PT_PHDR PHDRS FLAGS (4);
+ rodata PT_LOAD FILEHDR PHDRS FLAGS (4);
+ xtext PT_LOAD FLAGS (1);
+ data PT_LOAD FLAGS (6);
+ dynamic PT_DYNAMIC FLAGS (6);
+ stack PT_GNU_STACK FLAGS (6);
+ relro 0x6474e552 FLAGS (4);
+}
+SEARCH_DIR("=/home/tcwg-buildslave/workspace/tcwg-make-release/builder_arch/amd64/label/tcwg-x86_64-build/target/aarch64-linux-gnu/_build/builds/destdir/x86_64-unknown-linux-gnu/aarch64-linux-gnu/lib64"); SEARCH_DIR("=/usr/local/lib64"); SEARCH_DIR("=/lib64"); SEARCH_DIR("=/usr/lib64"); SEARCH_DIR("=/home/tcwg-buildslave/workspace/tcwg-make-release/builder_arch/amd64/label/tcwg-x86_64-build/target/aarch64-linux-gnu/_build/builds/destdir/x86_64-unknown-linux-gnu/aarch64-linux-gnu/lib"); SEARCH_DIR("=/usr/local/lib"); SEARCH_DIR("=/lib"); SEARCH_DIR("=/usr/lib");
+SECTIONS
+{
+ /* Read-only sections, merged into text segment: */
+ . = SEGMENT_START("text-segment", 0) + SIZEOF_HEADERS;
+ /* This should be the first section after program headers */
+ .magic : { *(.magic) } : rodata
+ .note.gnu.build-id : { *(.note.gnu.build-id) }
+ .hash : { *(.hash) }
+ .gnu.hash : { *(.gnu.hash) }
+ .dynsym : { *(.dynsym) }
+ .dynstr : { *(.dynstr) }
+ .gnu.version : { *(.gnu.version) }
+ .gnu.version_d : { *(.gnu.version_d) }
+ .gnu.version_r : { *(.gnu.version_r) }
+ .rela.dyn :
+ {
+ *(.rela.init)
+ *(.rela.text .rela.text.* .rela.gnu.linkonce.t.*)
+ *(.rela.fini)
+ *(.rela.rodata .rela.rodata.* .rela.gnu.linkonce.r.*)
+ *(.rela.data .rela.data.* .rela.gnu.linkonce.d.*)
+ *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*)
+ *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*)
+ *(.rela.ctors)
+ *(.rela.dtors)
+ *(.rela.got)
+ *(.rela.bss .rela.bss.* .rela.gnu.linkonce.b.*)
+ *(.rela.ifunc)
+ }
+ .rela.plt :
+ {
+ *(.rela.plt)
+ *(.rela.iplt)
+ }
+ .rodata : { *(.rodata .rodata.* .gnu.linkonce.r.*) }
+ .rodata1 : { *(.rodata1) }
+ .eh_frame_hdr : { *(.eh_frame_hdr) *(.eh_frame_entry .eh_frame_entry.*) }
+ .eh_frame : ONLY_IF_RO { KEEP (*(.eh_frame)) *(.eh_frame.*) }
+ .gcc_except_table : ONLY_IF_RO { *(.gcc_except_table
+ .gcc_except_table.*) }
+ .gnu_extab : ONLY_IF_RO { *(.gnu_extab*) }
+ /* These sections are generated by the Sun/Oracle C++ compiler. */
+ .exception_ranges : ONLY_IF_RO { *(.exception_ranges
+ .exception_ranges*) }
+ /* Make sure the address of text segment is aligned in 4k for xom */
+ .init :
+ {
+ KEEP (*(SORT_NONE(.init)))
+ }:text
+ .fini :
+ {
+ KEEP (*(SORT_NONE(.fini)))
+ }
+ . = ALIGN(0x1000);
+ .plt : { *(.plt) } :xtext
+ .iplt : { *(.iplt) }
+ .xtext :
+ {
+ *(.text.unlikely .text.*_unlikely .text.unlikely.*)
+ *(.text.exit .text.exit.*)
+ *(.text.startup .text.startup.*)
+ *(.text.hot .text.hot.*)
+ *(.text .stub .text.* .gnu.linkonce.t.*)
+ /* .gnu.warning sections are handled specially by elf32.em. */
+ *(.gnu.warning)
+ }:xtext
+ PROVIDE (__etext = .);
+ PROVIDE (_etext = .);
+ PROVIDE (etext = .);
+ /* Adjust the address for the data segment. We want to adjust up to
+ the same address within the page on the next page up. */
+ . = DATA_SEGMENT_ALIGN (CONSTANT (MAXPAGESIZE), CONSTANT (COMMONPAGESIZE));
+ /* Exception handling */
+ /* Thread Local Storage sections */
+ .tdata : { *(.tdata .tdata.* .gnu.linkonce.td.*) }:data
+ .tbss : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) }
+ .preinit_array :
+ {
+ KEEP (*(.preinit_array))
+ }
+ .init_array :
+ {
+ PROVIDE_HIDDEN (__init_array_start = .);
+ KEEP (*(SORT_BY_INIT_PRIORITY(.init_array.*) SORT_BY_INIT_PRIORITY(.ctors.*)))
+ KEEP (*(.init_array EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .ctors))
+ PROVIDE_HIDDEN (__init_array_end = .);
+ }
+ .fini_array :
+ {
+ PROVIDE_HIDDEN (__fini_array_start = .);
+ KEEP (*(SORT_BY_INIT_PRIORITY(.fini_array.*) SORT_BY_INIT_PRIORITY(.dtors.*)))
+ KEEP (*(.fini_array EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .dtors))
+ PROVIDE_HIDDEN (__fini_array_end = .);
+ }
+ .ctors :
+ {
+ /* gcc uses crtbegin.o to find the start of
+ the constructors, so we make sure it is
+ first. Because this is a wildcard, it
+ doesn't matter if the user does not
+ actually link against crtbegin.o; the
+ linker won't look for a file to match a
+ wildcard. The wildcard also means that it
+ doesn't matter which directory crtbegin.o
+ is in. */
+ KEEP (*crtbegin.o(.ctors))
+ KEEP (*crtbegin?.o(.ctors))
+ /* We don't want to include the .ctor section from
+ the crtend.o file until after the sorted ctors.
+ The .ctor section from the crtend file contains the
+ end of ctors marker and it must be last */
+ KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .ctors))
+ KEEP (*(SORT(.ctors.*)))
+ KEEP (*(.ctors))
+ }
+ .dtors :
+ {
+ KEEP (*crtbegin.o(.dtors))
+ KEEP (*crtbegin?.o(.dtors))
+ KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .dtors))
+ KEEP (*(SORT(.dtors.*)))
+ KEEP (*(.dtors))
+ }
+ .jcr : { KEEP (*(.jcr)) }
+ .data.rel.ro : { *(.data.rel.ro.local* .gnu.linkonce.d.rel.ro.local.*) *(.data.rel.ro .data.rel.ro.* .gnu.linkonce.d.rel.ro.*) } : data : relro
+ .dynamic : { *(.dynamic) } : data : dynamic : relro
+ .got : { *(.got.plt) *(.igot.plt) *(.got) *(.igot) } : data : relro
+ . = DATA_SEGMENT_RELRO_END (0, .);
+ .data :
+ {
+ PROVIDE (__data_start = .);
+ *(.data .data.* .gnu.linkonce.d.*)
+ SORT(CONSTRUCTORS)
+ }:data
+ .data1 : { *(.data1) }
+ _edata = .; PROVIDE (edata = .);
+ . = .;
+ __bss_start = .;
+ __bss_start__ = .;
+ TA_BSS_START = .;
+ .bss :
+ {
+ *(.dynbss)
+ *(.bss .bss.* .gnu.linkonce.b.*)
+ *(COMMON)
+ . = ALIGN(. != 0 ? 64 / 8 : 1);
+ }
+ TA_BSS_END = .;
+ _bss_end__ = . ; __bss_end__ = . ;
+ . = ALIGN(64 / 8);
+ . = SEGMENT_START("ldata-segment", .);
+ . = ALIGN(64 / 8);
+ __end__ = . ;
+ _end = .; PROVIDE (end = .);
+ . = DATA_SEGMENT_END (.);
+ /* Stabs debugging sections. */
+ .stab 0 : { *(.stab) }
+ .stabstr 0 : { *(.stabstr) }
+ .stab.excl 0 : { *(.stab.excl) }
+ .stab.exclstr 0 : { *(.stab.exclstr) }
+ .stab.index 0 : { *(.stab.index) }
+ .stab.indexstr 0 : { *(.stab.indexstr) }
+ .comment 0 : { *(.comment) }
+ /* DWARF debug sections.
+ Symbols in the DWARF debugging sections are relative to the beginning
+ of the section so we begin them at 0. */
+ /* DWARF 1 */
+ .debug 0 : { *(.debug) }
+ .line 0 : { *(.line) }
+ /* GNU DWARF 1 extensions */
+ .debug_srcinfo 0 : { *(.debug_srcinfo) }
+ .debug_sfnames 0 : { *(.debug_sfnames) }
+ /* DWARF 1.1 and DWARF 2 */
+ .debug_aranges 0 : { *(.debug_aranges) }
+ .debug_pubnames 0 : { *(.debug_pubnames) }
+ /* DWARF 2 */
+ .debug_info 0 : { *(.debug_info .gnu.linkonce.wi.*) }
+ .debug_abbrev 0 : { *(.debug_abbrev) }
+ .debug_line 0 : { *(.debug_line .debug_line.* .debug_line_end ) }
+ .debug_frame 0 : { *(.debug_frame) }
+ .debug_str 0 : { *(.debug_str) }
+ .debug_loc 0 : { *(.debug_loc) }
+ .debug_macinfo 0 : { *(.debug_macinfo) }
+ /* SGI/MIPS DWARF 2 extensions */
+ .debug_weaknames 0 : { *(.debug_weaknames) }
+ .debug_funcnames 0 : { *(.debug_funcnames) }
+ .debug_typenames 0 : { *(.debug_typenames) }
+ .debug_varnames 0 : { *(.debug_varnames) }
+ /* DWARF 3 */
+ .debug_pubtypes 0 : { *(.debug_pubtypes) }
+ .debug_ranges 0 : { *(.debug_ranges) }
+ /* DWARF Extension. */
+ .debug_macro 0 : { *(.debug_macro) }
+ .debug_addr 0 : { *(.debug_addr) }
+ .ARM.attributes 0 : { KEEP (*(.ARM.attributes)) KEEP (*(.gnu.attributes)) }
+ .note.gnu.arm.ident 0 : { KEEP (*(.note.gnu.arm.ident)) }
+ /DISCARD/ : { *(.note.GNU-stack) *(.gnu_debuglink) *(.gnu.lto_*) }
+}
diff --git a/build/tools/ta_link_64.ld b/build/tools/ta_link_64.ld
index 61388e0..a3eb30a 100644
--- a/build/tools/ta_link_64.ld
+++ b/build/tools/ta_link_64.ld
@@ -8,6 +8,7 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: Describe the link file for 64bits TA
*/
OUTPUT_FORMAT("elf64-littleaarch64", "elf64-bigaarch64",
@@ -19,6 +20,7 @@ SECTIONS
{
/* Read-only sections, merged into text segment: */
. = SEGMENT_START("text-segment", 0) + SIZEOF_HEADERS;
+ _start = .;
/* This should be the first section after program headers */
.magic : { *(.magic) }
.note.gnu.build-id : { *(.note.gnu.build-id) }
@@ -49,7 +51,14 @@ SECTIONS
*(.rela.plt)
*(.rela.iplt)
}
- .rodata : { *(.rodata .rodata.* .gnu.linkonce.r.*) }
+ .rodata :
+ {
+ *(.rodata .rodata.* .gnu.linkonce.r.*)
+ . = ALIGN(16);
+ PROVIDE (__start___llvm_prf_names = .);
+ *(__llvm_prf_names)
+ PROVIDE (__stop___llvm_prf_names = .);
+ }
.rodata1 : { *(.rodata1) }
.eh_frame_hdr : { *(.eh_frame_hdr) *(.eh_frame_entry .eh_frame_entry.*) }
.eh_frame : ONLY_IF_RO { KEEP (*(.eh_frame)) *(.eh_frame.*) }
@@ -150,6 +159,15 @@ SECTIONS
{
PROVIDE (__data_start = .);
*(.data .data.* .gnu.linkonce.d.*)
+ PROVIDE (__start___llvm_prf_cnts = .);
+ *(__llvm_prf_cnts)
+ PROVIDE (__stop___llvm_prf_cnts = .);
+ PROVIDE (__start___llvm_prf_data = .);
+ *(__llvm_prf_data)
+ PROVIDE (__stop___llvm_prf_data = .);
+ PROVIDE (__start___llvm_prf_vnds = .);
+ *(__llvm_prf_vnds);
+ PROVIDE (__stop___llvm_prf_vnds = .);
SORT(CONSTRUCTORS)
}
.data1 : { *(.data1) }
diff --git a/build/tools/ta_link_64.smee.ld b/build/tools/ta_link_64.smee.ld
new file mode 100644
index 0000000..db72a53
--- /dev/null
+++ b/build/tools/ta_link_64.smee.ld
@@ -0,0 +1,262 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
+ * iTrustee licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: Describe the link file for 64bits TA
+ */
+
+OUTPUT_FORMAT("elf64-littleaarch64", "elf64-bigaarch64",
+ "elf64-littleaarch64")
+OUTPUT_ARCH(aarch64)
+ENTRY(_start)
+SEARCH_DIR("=/home/tcwg-buildslave/workspace/tcwg-make-release/builder_arch/amd64/label/tcwg-x86_64-build/target/aarch64-linux-gnu/_build/builds/destdir/x86_64-unknown-linux-gnu/aarch64-linux-gnu/lib64"); SEARCH_DIR("=/usr/local/lib64"); SEARCH_DIR("=/lib64"); SEARCH_DIR("=/usr/lib64"); SEARCH_DIR("=/home/tcwg-buildslave/workspace/tcwg-make-release/builder_arch/amd64/label/tcwg-x86_64-build/target/aarch64-linux-gnu/_build/builds/destdir/x86_64-unknown-linux-gnu/aarch64-linux-gnu/lib"); SEARCH_DIR("=/usr/local/lib"); SEARCH_DIR("=/lib"); SEARCH_DIR("=/usr/lib");
+
+PHDRS
+{
+ phdr PT_PHDR PHDRS FLAGS (4);
+ text PT_LOAD FILEHDR PHDRS FLAGS (5);
+ xtext PT_LOAD FLAGS (1);
+ smee 0x65656d73 AT(smee_start) FLAGS (6);
+ data PT_LOAD FLAGS (6);
+ dynamic PT_DYNAMIC FLAGS (6);
+ relro 0x6474e552 FLAGS (4);
+ stack PT_GNU_STACK FLAGS (6);
+}
+
+SECTIONS
+{
+ /* Read-only sections, merged into text segment: */
+ . = SEGMENT_START("text-segment", 0) + SIZEOF_HEADERS;
+ _start = .;
+ /* This should be the first section after program headers */
+ .magic : { *(.magic) } : text
+ .note.gnu.build-id : { *(.note.gnu.build-id) }
+ .hash : { *(.hash) }
+ .gnu.hash : { *(.gnu.hash) }
+ .dynsym : { *(.dynsym) }
+ .dynstr : { *(.dynstr) }
+ .gnu.version : { *(.gnu.version) }
+ .gnu.version_d : { *(.gnu.version_d) }
+ .gnu.version_r : { *(.gnu.version_r) }
+ .rela.dyn :
+ {
+ *(.rela.init)
+ *(.rela.text .rela.text.* .rela.gnu.linkonce.t.*)
+ *(.rela.fini)
+ *(.rela.rodata .rela.rodata.* .rela.gnu.linkonce.r.*)
+ *(.rela.data .rela.data.* .rela.gnu.linkonce.d.*)
+ *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*)
+ *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*)
+ *(.rela.ctors)
+ *(.rela.dtors)
+ *(.rela.got)
+ *(.rela.bss .rela.bss.* .rela.gnu.linkonce.b.*)
+ *(.rela.ifunc)
+ }
+ .rela.plt :
+ {
+ *(.rela.plt)
+ *(.rela.iplt)
+ }
+ .rodata :
+ {
+ *(.rodata .rodata.* .gnu.linkonce.r.*)
+ . = ALIGN(16);
+ PROVIDE (__start___llvm_prf_names = .);
+ *(__llvm_prf_names)
+ PROVIDE (__stop___llvm_prf_names = .);
+ }
+ .rodata1 : { *(.rodata1) }
+ .eh_frame_hdr : { *(.eh_frame_hdr) *(.eh_frame_entry .eh_frame_entry.*) }
+ .eh_frame : ONLY_IF_RO { KEEP (*(.eh_frame)) *(.eh_frame.*) }
+ .gcc_except_table : ONLY_IF_RO { *(.gcc_except_table
+ .gcc_except_table.*) }
+ .gnu_extab : ONLY_IF_RO { *(.gnu_extab*) }
+ /* These sections are generated by the Sun/Oracle C++ compiler. */
+ .exception_ranges : ONLY_IF_RO { *(.exception_ranges
+ .exception_ranges*) }
+ /* Make sure the address of text segment is aligned in 4k for xom */
+ . = ALIGN(0x1000);
+ .init :
+ {
+ KEEP (*(SORT_NONE(.init)))
+ } : xtext =0
+ .plt : ALIGN(16) { *(.plt) *(.iplt) }
+ .text :
+ {
+ *(.text.unlikely .text.*_unlikely .text.unlikely.*)
+ *(.text.exit .text.exit.*)
+ *(.text.startup .text.startup.*)
+ *(.text.hot .text.hot.*)
+ *(.text .stub .text.* .gnu.linkonce.t.*)
+ /* .gnu.warning sections are handled specially by elf32.em. */
+ *(.gnu.warning)
+ } =0
+ .fini :
+ {
+ KEEP (*(SORT_NONE(.fini)))
+ } =0
+ PROVIDE (__etext = .);
+ PROVIDE (_etext = .);
+ PROVIDE (etext = .);
+
+ . = ALIGN(0x1000);
+ PROVIDE_HIDDEN (smee_start = .);
+ .smee : ALIGN(0x1000)
+ {
+ *(sram_protection_section)
+ *(smee* .smee* .*smee)
+ } : smee
+
+ /* Adjust the address for the data segment. We want to adjust up to
+ the same address within the page on the next page up. */
+ . = DATA_SEGMENT_ALIGN (CONSTANT (MAXPAGESIZE), CONSTANT (COMMONPAGESIZE));
+ /* Exception handling */
+ .eh_frame : ONLY_IF_RW { KEEP (*(.eh_frame)) *(.eh_frame.*) }
+ .gnu_extab : ONLY_IF_RW { *(.gnu_extab) }
+ .gcc_except_table : ONLY_IF_RW { *(.gcc_except_table .gcc_except_table.*) }
+ .exception_ranges : ONLY_IF_RW { *(.exception_ranges .exception_ranges*) }
+ /* Thread Local Storage sections */
+ .tdata : { *(.tdata .tdata.* .gnu.linkonce.td.*) }
+ .tbss : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) }
+ .preinit_array :
+ {
+ KEEP (*(.preinit_array))
+ }
+ .init_array :
+ {
+ PROVIDE_HIDDEN (__init_array_start = .);
+ KEEP (*(SORT_BY_INIT_PRIORITY(.init_array.*) SORT_BY_INIT_PRIORITY(.ctors.*)))
+ KEEP (*(.init_array EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .ctors))
+ PROVIDE_HIDDEN (__init_array_end = .);
+ }
+ .fini_array :
+ {
+ PROVIDE_HIDDEN (__fini_array_start = .);
+ KEEP (*(SORT_BY_INIT_PRIORITY(.fini_array.*) SORT_BY_INIT_PRIORITY(.dtors.*)))
+ KEEP (*(.fini_array EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .dtors))
+ PROVIDE_HIDDEN (__fini_array_end = .);
+ }
+ .ctors :
+ {
+ /* gcc uses crtbegin.o to find the start of
+ the constructors, so we make sure it is
+ first. Because this is a wildcard, it
+ doesn't matter if the user does not
+ actually link against crtbegin.o; the
+ linker won't look for a file to match a
+ wildcard. The wildcard also means that it
+ doesn't matter which directory crtbegin.o
+ is in. */
+ KEEP (*crtbegin.o(.ctors))
+ KEEP (*crtbegin?.o(.ctors))
+ /* We don't want to include the .ctor section from
+ the crtend.o file until after the sorted ctors.
+ The .ctor section from the crtend file contains the
+ end of ctors marker and it must be last */
+ KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .ctors))
+ KEEP (*(SORT(.ctors.*)))
+ KEEP (*(.ctors))
+ }
+ .dtors :
+ {
+ KEEP (*crtbegin.o(.dtors))
+ KEEP (*crtbegin?.o(.dtors))
+ KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .dtors))
+ KEEP (*(SORT(.dtors.*)))
+ KEEP (*(.dtors))
+ }
+ .jcr : { KEEP (*(.jcr)) }
+ .data.rel.ro :
+ {
+ *(.data.rel.ro.local* .gnu.linkonce.d.rel.ro.local.*)
+ *(.data.rel.ro .data.rel.ro.* .gnu.linkonce.d.rel.ro.*)
+ } : data : relro
+ .dynamic : { *(.dynamic) } : data : dynamic : relro
+ .got : { *(.got.plt) *(.igot.plt) *(.got) *(.igot) } : data : relro
+ . = DATA_SEGMENT_RELRO_END (0, .);
+ .data :
+ {
+ PROVIDE (__data_start = .);
+ *(.data .data.* .gnu.linkonce.d.*)
+ PROVIDE (__start___llvm_prf_cnts = .);
+ *(__llvm_prf_cnts)
+ PROVIDE (__stop___llvm_prf_cnts = .);
+ PROVIDE (__start___llvm_prf_data = .);
+ *(__llvm_prf_data)
+ PROVIDE (__stop___llvm_prf_data = .);
+ PROVIDE (__start___llvm_prf_vnds = .);
+ *(__llvm_prf_vnds);
+ PROVIDE (__stop___llvm_prf_vnds = .);
+ SORT(CONSTRUCTORS)
+ } : data
+ .data1 : { *(.data1) }
+ _edata = .; PROVIDE (edata = .);
+ . = .;
+ __bss_start = .;
+ __bss_start__ = .;
+ TA_BSS_START = .;
+ .bss :
+ {
+ *(.dynbss)
+ *(.bss .bss.* .gnu.linkonce.b.*)
+ *(COMMON)
+ . = ALIGN(. != 0 ? 64 / 8 : 1);
+ } : data
+ TA_BSS_END = .;
+ _bss_end__ = . ; __bss_end__ = . ;
+ . = ALIGN(64 / 8);
+ . = SEGMENT_START("ldata-segment", .);
+ . = ALIGN(64 / 8);
+ __end__ = . ;
+ _end = .; PROVIDE (end = .);
+ . = DATA_SEGMENT_END (.);
+ /* Stabs debugging sections. */
+ .stab 0 : { *(.stab) }
+ .stabstr 0 : { *(.stabstr) }
+ .stab.excl 0 : { *(.stab.excl) }
+ .stab.exclstr 0 : { *(.stab.exclstr) }
+ .stab.index 0 : { *(.stab.index) }
+ .stab.indexstr 0 : { *(.stab.indexstr) }
+ .comment 0 : { *(.comment) }
+ /* DWARF debug sections.
+ Symbols in the DWARF debugging sections are relative to the beginning
+ of the section so we begin them at 0. */
+ /* DWARF 1 */
+ .debug 0 : { *(.debug) }
+ .line 0 : { *(.line) }
+ /* GNU DWARF 1 extensions */
+ .debug_srcinfo 0 : { *(.debug_srcinfo) }
+ .debug_sfnames 0 : { *(.debug_sfnames) }
+ /* DWARF 1.1 and DWARF 2 */
+ .debug_aranges 0 : { *(.debug_aranges) }
+ .debug_pubnames 0 : { *(.debug_pubnames) }
+ /* DWARF 2 */
+ .debug_info 0 : { *(.debug_info .gnu.linkonce.wi.*) }
+ .debug_abbrev 0 : { *(.debug_abbrev) }
+ .debug_line 0 : { *(.debug_line .debug_line.* .debug_line_end ) }
+ .debug_frame 0 : { *(.debug_frame) }
+ .debug_str 0 : { *(.debug_str) }
+ .debug_loc 0 : { *(.debug_loc) }
+ .debug_macinfo 0 : { *(.debug_macinfo) }
+ /* SGI/MIPS DWARF 2 extensions */
+ .debug_weaknames 0 : { *(.debug_weaknames) }
+ .debug_funcnames 0 : { *(.debug_funcnames) }
+ .debug_typenames 0 : { *(.debug_typenames) }
+ .debug_varnames 0 : { *(.debug_varnames) }
+ /* DWARF 3 */
+ .debug_pubtypes 0 : { *(.debug_pubtypes) }
+ .debug_ranges 0 : { *(.debug_ranges) }
+ /* DWARF Extension. */
+ .debug_macro 0 : { *(.debug_macro) }
+ .debug_addr 0 : { *(.debug_addr) }
+ .ARM.attributes 0 : { KEEP (*(.ARM.attributes)) KEEP (*(.gnu.attributes)) }
+ .note.gnu.arm.ident 0 : { KEEP (*(.note.gnu.arm.ident)) }
+ /DISCARD/ : { *(.note.GNU-stack) *(.gnu_debuglink) *(.gnu.lto_*) }
+}
diff --git a/include/CA/tee_client_api.h b/include/CA/tee_client_api.h
index c139d4d..f9ce68e 100644
--- a/include/CA/tee_client_api.h
+++ b/include/CA/tee_client_api.h
@@ -1,6 +1,6 @@
/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2013-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,6 +8,7 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: TEE client API definitions
*/
#ifndef _TEE_CLIENT_API_H_
@@ -24,7 +25,7 @@
#include <string.h>
#include "tee_client_type.h"
-#include <tee_client_log.h>
+#include "tee_client_log.h"
#ifdef __cplusplus
extern "C" {
@@ -44,7 +45,7 @@ extern "C" {
* initializes a new TEE Context, forming a connection between this Client Application and the TEE
*
* @param name [IN] TEE name (unused)
- * @param context [IN/OUT] pointer to TEEC_Context to be initialized
+ * @param context [OUT] pointer to TEEC_Context to be initialized
*
* @return TEEC_SUCCESS operation success
* @return TEEC_ERROR_BAD_PARAMETERS invalid parameter
@@ -74,11 +75,11 @@ void TEEC_FinalizeContext(
* @param connectionData [IN] any necessary data required to support the connection method
* @param operation [IN/OUT] a pointer to an Operation containing a set of Parameters to exchange with the
* Trusted Application
- * @param returnOrigin [IN/OUT] a pointer to a variable which will contain the return origin, This field may be NULL
+ * @param returnOrigin [OUT] a pointer to a variable which will contain the return origin, This field may be NULL
* if the return origin is not needed
*
* @return TEEC_SUCCESS operation success
- * @return TEEC_ERROR_BAD_PARAMETERS invalid parameter<65><72>context or session or destination is NULL
+ * @return TEEC_ERROR_BAD_PARAMETERS invalid parameter, context or session or destination is NULL
* @return TEEC_ERROR_ACCESS_DENIED client Application's connection request is denied
* @return TEEC_ERROR_OUT_OF_MEMORY system resource is out of use
* @return TEEC_ERROR_TRUSTED_APP_LOAD_ERROR load Trusted Application failed
@@ -109,10 +110,10 @@ void TEEC_CloseSession(
* @param session [IN/OUT] the open Session in which the command will be invoked
* @param commandID [IN] the identifier of the Command within the Trusted Application to invoke
* @param operation [IN/OUT] a pointer to a Client Application initialized TEEC_Operation structure
- * @param returnOrigin [IN/OUT] a pointer to a variable which will contain the return origin
+ * @param returnOrigin [OUT] a pointer to a variable which will contain the return origin
*
* @return TEEC_SUCCESS operation success
- * @return TEEC_ERROR_BAD_PARAMETERS invalid parameter<65><72>session is NULL or operation data invalid
+ * @return TEEC_ERROR_BAD_PARAMETERS invalid parameter, session is NULL or operation data invalid
* @return TEEC_ERROR_ACCESS_DENIED invoke command operation is denied
* @return TEEC_ERROR_OUT_OF_MEMORY system resource is out of use
* @return others refer TEEC_ReturnCode
@@ -155,8 +156,8 @@ TEEC_Result TEEC_AllocateSharedMemory(
/*
* deregisters or deallocates a previously initialized block of Shared Memory
- * if memory is allocated by <20><>TEEC_AllocateSharedMemory, system will free this memory
- * if memory is registered by <20><>TEEC_RegisterSharedMemory, system will not free this memory
+ * if memory is allocated by TEEC_AllocateSharedMemory, system will free this memory
+ * if memory is registered by TEEC_RegisterSharedMemory, system will not free this memory
*
* @param sharedMem [IN/OUT] a pointer to a valid Shared Memory structure
*
diff --git a/include/CA/tee_client_constants.h b/include/CA/tee_client_constants.h
index 3b86dcb..896222d 100644
--- a/include/CA/tee_client_constants.h
+++ b/include/CA/tee_client_constants.h
@@ -1,6 +1,6 @@
/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2013-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,38 +8,39 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: static definitions of client API
*/
#ifndef _TEE_CLIENT_CONSTANTS_H_
#define _TEE_CLIENT_CONSTANTS_H_
enum TEEC_ReturnCode {
- TEEC_SUCCESS = 0x0, /* success */
- TEEC_ERROR_INVALID_CMD, /* invalid command */
- TEEC_ERROR_SERVICE_NOT_EXIST, /* target service is not exist */
- TEEC_ERROR_SESSION_NOT_EXIST, /* session between client and service is not exist */
- TEEC_ERROR_SESSION_MAXIMUM, /* exceed max num of sessions */
- TEEC_ERROR_REGISTER_EXIST_SERVICE, /* cannot register the service which already exist */
- TEEC_ERROR_TAGET_DEAD_FATAL, /* system error occurs in TEE */
- TEEC_ERROR_READ_DATA, /* failed to read data in file */
- TEEC_ERROR_WRITE_DATA, /* failed to write data to file */
- TEEC_ERROR_TRUNCATE_OBJECT, /* data is truncated */
- TEEC_ERROR_SEEK_DATA, /* failed to seek data in file */
- TEEC_ERROR_FSYNC_DATA, /* failed to sync data in file */
- TEEC_ERROR_RENAME_OBJECT, /* failed to rename file */
- TEEC_ERROR_TRUSTED_APP_LOAD_ERROR, /* failed to load Trusted Application */
- TEEC_ERROR_GENERIC = 0xFFFF0000, /* generic error occurs */
- TEEC_ERROR_ACCESS_DENIED = 0xFFFF0001, /* permission check failed, in initilize context or
- open session or invoke commnad */
- TEEC_ERROR_CANCEL = 0xFFFF0002, /* operation is already canceled */
+ TEEC_SUCCESS = 0x0, /* success */
+ TEEC_ERROR_INVALID_CMD, /* invalid command */
+ TEEC_ERROR_SERVICE_NOT_EXIST, /* target service is not exist */
+ TEEC_ERROR_SESSION_NOT_EXIST, /* session between client and service is not exist */
+ TEEC_ERROR_SESSION_MAXIMUM, /* exceed max num of sessions */
+ TEEC_ERROR_REGISTER_EXIST_SERVICE, /* cannot register the service which already exist */
+ TEEC_ERROR_TAGET_DEAD_FATAL, /* system error occurs in TEE */
+ TEEC_ERROR_READ_DATA, /* failed to read data in file */
+ TEEC_ERROR_WRITE_DATA, /* failed to write data to file */
+ TEEC_ERROR_TRUNCATE_OBJECT, /* data is truncated */
+ TEEC_ERROR_SEEK_DATA, /* failed to seek data in file */
+ TEEC_ERROR_FSYNC_DATA, /* failed to sync data in file */
+ TEEC_ERROR_RENAME_OBJECT, /* failed to rename file */
+ TEEC_ERROR_TRUSTED_APP_LOAD_ERROR, /* failed to load Trusted Application */
+ TEEC_ERROR_GENERIC = 0xFFFF0000, /* generic error occurs */
+ TEEC_ERROR_ACCESS_DENIED = 0xFFFF0001, /* permission check failed, in initilize context or
+ open session or invoke commnad */
+ TEEC_ERROR_CANCEL = 0xFFFF0002, /* operation is already canceled */
TEEC_ERROR_ACCESS_CONFLICT = 0xFFFF0003, /* confilct occurs in concurrent access to data,
error occurs in file operaions generally */
- TEEC_ERROR_EXCESS_DATA = 0xFFFF0004, /* exceed max data to be handled by system */
- TEEC_ERROR_BAD_FORMAT = 0xFFFF0005, /* data format is invalid, Trusted Application cannot
- handle it */
- TEEC_ERROR_BAD_PARAMETERS = 0xFFFF0006, /* invalid parameters */
- TEEC_ERROR_BAD_STATE = 0xFFFF0007, /* operation failed in current state, when try to access
- storage without initilize storage service */
+ TEEC_ERROR_EXCESS_DATA = 0xFFFF0004, /* exceed max data to be handled by system */
+ TEEC_ERROR_BAD_FORMAT = 0xFFFF0005, /* data format is invalid, Trusted Application cannot
+ handle it */
+ TEEC_ERROR_BAD_PARAMETERS = 0xFFFF0006, /* invalid parameters */
+ TEEC_ERROR_BAD_STATE = 0xFFFF0007, /* operation failed in current state, when try to access
+ storage without initilize storage service */
TEEC_ERROR_ITEM_NOT_FOUND = 0xFFFF0008, /* cannot find target item */
TEEC_ERROR_NOT_IMPLEMENTED = 0xFFFF0009, /* request operation is not implemented */
TEEC_ERROR_NOT_SUPPORTED = 0xFFFF000A, /* request operation is not supported */
@@ -52,7 +53,14 @@ enum TEEC_ReturnCode {
TEEC_ERROR_SHORT_BUFFER = 0xFFFF0010, /* out buffer is not enough for current request */
TEEC_ERROR_MAC_INVALID = 0xFFFF3071, /* MAC value check failed */
TEEC_ERROR_TARGET_DEAD = 0xFFFF3024, /* Trusted Application is crashed */
- TEEC_FAIL = 0xFFFF5002 /* reserved error code */
+ TEEC_FAIL = 0xFFFF5002, /* common error */
+ TEEC_ERROR_EXTERNAL_CANCEL = 0xFFFF0011, /* used by adapt only, event caused User Interface operation aborted */
+ TEEC_ERROR_OVERFLOW = 0xFFFF300F, /* used by adapt only */
+ TEEC_ERROR_STORAGE_NO_SPACE = 0xFFFF3041, /* used by adapt only */
+ TEEC_ERROR_SIGNATURE_INVALID = 0xFFFF3072, /* used by adapt only */
+ TEEC_ERROR_TIME_NOT_SET = 0xFFFF5000, /* used by adapt only */
+ TEEC_ERROR_TIME_NEEDS_RESET = 0xFFFF5001, /* used by adapt only */
+ TEEC_ERROR_IPC_OVERFLOW = 0xFFFF9114 /* ipc overflow */
};
enum TEEC_ReturnCodeOrigin {
@@ -66,7 +74,7 @@ enum TEEC_SharedMemCtl {
TEEC_MEM_INPUT = 0x1, /* input type of memroy */
TEEC_MEM_OUTPUT = 0x2, /* output type of memory */
TEEC_MEM_INOUT = 0x3, /* memory is used as both input and output */
- TEEC_MEM_SHARED_INOUT = 0x4, /* no copy shared memory */
+ TEEC_MEM_SHARED_INOUT = 0x4, /* no copy shared memory */
};
enum TEEC_ParamType {
@@ -80,7 +88,7 @@ enum TEEC_ParamType {
refer TEEC_TempMemoryReference */
TEEC_ION_INPUT = 0x08, /* input type of icon memory reference, refer TEEC_IonReference */
TEEC_ION_SGLIST_INPUT = 0x09, /* input type of ion memory block reference, refer TEEC_IonSglistReference */
- TEEC_MEMREF_SHARED_INOUT = 0xa, /* no copy mem */
+ TEEC_MEMREF_SHARED_INOUT = 0x0a, /* no copy mem */
TEEC_MEMREF_WHOLE = 0xc, /* use whole memory block, refer TEEC_RegisteredMemoryReference */
TEEC_MEMREF_PARTIAL_INPUT = 0xd, /* input type of memory reference, refer TEEC_RegisteredMemoryReference */
TEEC_MEMREF_PARTIAL_OUTPUT = 0xe, /* output type of memory reference, refer TEEC_RegisteredMemoryReference */
@@ -105,7 +113,7 @@ enum TEEC_LoginMethod {
TEEC_LOGIN_GROUP_APPLICATION = 0x6, /* Login data about the group running
the Client Application and about the
Client Application itself is provided */
- TEEC_LOGIN_IDENTIFY = 0x7, /* iTrustee defined login type, Login data is provided by REE system */
+ TEEC_LOGIN_IDENTIFY = 0x7, /* Login data is provided by REE system */
};
enum TST_CMD_ID {
TST_CMD_ID_01 = 1,
diff --git a/include/CA/tee_client_list.h b/include/CA/tee_client_list.h
index 4aa6a53..9f3bb1e 100644
--- a/include/CA/tee_client_list.h
+++ b/include/CA/tee_client_list.h
@@ -1,6 +1,6 @@
/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2013-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,6 +8,7 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: linked list data types and basic operations
*/
#ifndef TEE_CLIENT_LIST_H
@@ -19,12 +20,12 @@ struct ListNode {
};
#define OFFSET_OF(type, member) (unsigned long)(&(((type *)0)->member))
-#define CONTAINER_OF(pos, type, member) (type *)(((char *)(pos)) - OFFSET_OF(type, member))
+#define CONTAINER_OF(pos, type, member) (type *)(uintptr_t)(((char *)(pos)) - OFFSET_OF(type, member))
#define LIST_DECLARE(name) \
struct ListNode name = { \
- .next = &name, \
- .prev = &name, \
+ .next = &(name), \
+ .prev = &(name), \
}
static inline void ListInit(struct ListNode *list)
@@ -80,25 +81,21 @@ static inline struct ListNode *ListRemoveTail(struct ListNode *list)
}
#define LIST_ENTRY(ptr, type, member) \
- ((type *)((char *)(ptr)-(unsigned long)(&((type *)0)->member)))
+ ((type *)(((char *)(ptr)) - (unsigned long)(&(((type *)0)->member))))
#define LIST_FOR_EACH(pos, list) \
- for (pos = (list)->next; pos != (list); pos = pos->next)
+ for ((pos) = (list)->next; (pos) != (list); (pos) = (pos)->next)
#define LIST_FOR_EACH_SAFE(pos, n, list) \
- for ((pos) = (list)->next, (n) = (pos)->next; \
- (pos) != (list); \
- (pos) = (n), (n) = (pos)->next)
-
-#define LIST_FOR_EACH_ENTRY(pos, list, member) \
- for (pos = LIST_ENTRY((list)->next, typeof(*pos), member); \
- &pos->member != (list); \
- pos = LIST_ENTRY(pos->member.next, typeof(*pos), member))
-
-#define LIST_FOR_EACH_ENTRY_SAFE(pos, n, list, member) \
- for (pos = LIST_ENTRY((list)->next, typeof(*pos), member), \
- n = LIST_ENTRY(pos->member.next, typeof(*pos), member); \
- &pos->member != (list); \
- pos = n, n = LIST_ENTRY(n->member.next, typeof(*n), member))
+ for ((pos) = (list)->next, (n) = (pos)->next; (pos) != (list); (pos) = (n), (n) = (pos)->next)
+
+#define LIST_FOR_EACH_ENTRY(pos, list, member) \
+ for ((pos) = LIST_ENTRY((list)->next, typeof(*(pos)), member); &(pos)->member != (list); \
+ (pos) = LIST_ENTRY((pos)->member.next, typeof(*(pos)), member))
+
+#define LIST_FOR_EACH_ENTRY_SAFE(pos, n, list, member) \
+ for ((pos) = LIST_ENTRY((list)->next, typeof(*(pos)), member), \
+ (n) = LIST_ENTRY((pos)->member.next, typeof(*(pos)), member); \
+ &(pos)->member != (list); (pos) = (n), (n) = LIST_ENTRY((n)->member.next, typeof(*(n)), member))
#endif
diff --git a/include/CA/tee_client_log.h b/include/CA/tee_client_log.h
index e3b7fae..1024015 100644
--- a/include/CA/tee_client_log.h
+++ b/include/CA/tee_client_log.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,19 +8,20 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: TEE client log api
*/
#ifndef TEE_CLIENT_LOG_H
#define TEE_CLIENT_LOG_H
-#include <syslog.h>
+#include <stdio.h>
#ifdef TEEC_DEBUG
-#define TEEC_Debug(...) syslog(LOG_USER | LOG_INFO, __VA_ARGS__);
+#define TEEC_Debug(fmt, args...) printf("%s: " fmt, __func__, ## args)
#else
#define TEEC_Debug(...)
#endif
-#define TEEC_Error(...) syslog(LOG_USER | LOG_INFO, __VA_ARGS__);
+#define TEEC_Error(fmt, args...) printf("%s: " fmt, __func__, ## args)
#endif
diff --git a/include/CA/tee_client_type.h b/include/CA/tee_client_type.h
index c5b97e3..ed70482 100644
--- a/include/CA/tee_client_type.h
+++ b/include/CA/tee_client_type.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,47 +8,20 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: data type and structure definition according to GP
*/
#ifndef _TEE_CLIENT_TYPE_H_
#define _TEE_CLIENT_TYPE_H_
+#include <stdbool.h>
+#include <stdint.h>
#include <stdio.h>
#include <stddef.h>
#include <semaphore.h>
#include "tee_client_list.h"
#include "tee_client_constants.h"
-typedef unsigned int uint32_t;
-
-typedef signed int int32_t;
-
-typedef unsigned short uint16_t;
-
-typedef signed short int16_t;
-
-typedef unsigned char uint8_t;
-
-typedef signed char int8_t;
-
-#ifndef __cplusplus
-#ifndef bool
-#define bool uint8_t
-#endif
-#endif
-
-#ifndef true
-#define true 1
-#endif
-
-#ifndef false
-#define false 0
-#endif
-
-#ifndef NULL
-#define NULL 0
-#endif
-
typedef enum TEEC_ReturnCode TEEC_Result;
typedef struct {
@@ -63,17 +36,23 @@ typedef struct {
uint8_t *ta_path;
struct ListNode session_list;
struct ListNode shrd_mem_list;
- struct {
- void *buffer;
- sem_t buffer_barrier;
- } share_buffer;
+ union {
+ struct {
+ void *buffer;
+ sem_t buffer_barrier;
+ } share_buffer;
+ uint64_t imp; /* for adapt */
+ };
} TEEC_Context;
typedef struct {
uint32_t session_id;
TEEC_UUID service_id;
uint32_t ops_cnt;
- struct ListNode head;
+ union {
+ struct ListNode head;
+ uint64_t imp; /* for adapt */
+ };
TEEC_Context *context;
} TEEC_Session;
@@ -83,7 +62,10 @@ typedef struct {
uint32_t flags; /* reference to TEEC_SharedMemCtl */
uint32_t ops_cnt;
bool is_allocated; /* identify whether the memory is registered or allocated */
- struct ListNode head;
+ union {
+ struct ListNode head;
+ void* imp; /* for adapt, imp is not used by system CA, only for vendor CA */
+ };
TEEC_Context *context;
} TEEC_SharedMemory;
diff --git a/include/TA/huawei_ext/crypto_cert_wrapper.h b/include/TA/huawei_ext/crypto_cert_wrapper.h
new file mode 100644
index 0000000..85e5a15
--- /dev/null
+++ b/include/TA/huawei_ext/crypto_cert_wrapper.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: soft aes engine
+ */
+#ifndef __CRYPTO_CERT_WRAPPER_H__
+#define __CRYPTO_CERT_WRAPPER_H__
+
+#include <stdint.h>
+#include <tee_defines.h>
+#include "crypto_x509_wrapper.h"
+
+/*
+ * Create attestation certificate with input params.
+ *
+ * @param cert [OUT] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ * @param valid [IN] The valid date buffer
+ * @param issuer_tlv [IN] The issuer buffer
+ * @param issuer_tlv_len [IN] The length of issuer buffer
+ * @param subject_public_key [IN] The subject public key buffer
+ * @param subject_public_key_len [IN] The length of subject public key buffer
+ * @param attestation_ext [IN] The attestation extrol info buffer
+ * @param attestation_ext_len [IN] The length of attestation extrol info buffer
+ * @param priv_sign [IN] The private key buffer
+ * @param key_usage_sign_bit [IN] The usage sign flag
+ * @param key_usage_encrypt_bit [IN] The usage encrypt flag
+ * @param keytype [IN] The keytype of private key
+ * @param hash [IN] The hash func of digest
+ *
+ * @return -1: Create attestation certificate failed
+ * @return others: The real size of certificate
+ */
+int32_t create_attestation_cert(uint8_t *cert, uint32_t cert_len, const validity_period_t *valid,
+ const uint8_t *issuer_tlv, uint32_t issuer_tlv_len,
+ const uint8_t *subject_public_key, uint32_t subject_public_key_len,
+ const uint8_t *attestation_ext, uint32_t attestation_ext_len, void *priv_sign,
+ uint32_t key_usage_sign_bit, uint32_t key_usage_encrypt_bit, uint32_t key_type,
+ uint32_t hash);
+
+/*
+ * Get element number from certificate.
+ *
+ * @param elem [OUT] The element with elem_id
+ * @param elem_id [IN] The index of element
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get element failed
+ * @return others: The length of element
+ */
+int32_t get_tbs_element(uint8_t **elem, uint32_t elem_id, const uint8_t *cert, uint32_t cert_len);
+
+/*
+ * verify Cert in tee
+ *
+ * @param cert [IN] data for salt
+ * @param cert_len [IN] salt length
+ * @param parent_key [IN] size of generated key, fix-size 32 bytes
+ * @param parent_key_len [IN] pointer where key is saved
+ *
+ * @return TEE_SUCCESS OK
+ * @return TEE_ERROR_BAD_PARAMETERS illegal parameters
+ * @return TEE_ERROR_GENERIC internal error
+ */
+TEE_Result tee_verify_dev_cert(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len);
+
+/*
+ * create cert request in TEE
+ *
+ * @param buf [OUT] cert request output buffer
+ * @param len [OUT] output buffer size
+ * @param key_type [IN] key_type RSA 0; ECC 1
+ * @param file_name [IN] pointer where key is saved
+ *
+ * @return TEE_SUCCESS operation success
+ * @return TEE_ERROR_BAD_PARAMETERS illegal parameters
+ */
+TEE_Result tee_create_cert_req(uint8_t *buf, size_t len, uint32_t key_type, uint8_t *file_name);
+#endif
diff --git a/include/TA/huawei_ext/crypto_device_key_wrapper.h b/include/TA/huawei_ext/crypto_device_key_wrapper.h
new file mode 100644
index 0000000..2c8ba9e
--- /dev/null
+++ b/include/TA/huawei_ext/crypto_device_key_wrapper.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: soft device key engine
+ */
+#ifndef __CRYPTO_DEVICE_KEY_WRAPPER_H__
+#define __CRYPTO_DEVICE_KEY_WRAPPER_H__
+
+#include <stdint.h>
+#include <tee_defines.h>
+
+/*
+ * Get oem huk.
+ *
+ * @param huk [OUT] The oem huk buffer
+ * @param key [IN] The hmac key buffer
+ * @param key_size [IN] The length of hmac key buffer
+ *
+ * @return 0: Get oem huk success
+ * @return -1: Get oem huk failed
+ */
+int32_t get_class_oem_huk(uint8_t *huk, const uint8_t *key, uint32_t key_size);
+
+#endif
diff --git a/include/TA/huawei_ext/crypto_ec_wrapper.h b/include/TA/huawei_ext/crypto_ec_wrapper.h
new file mode 100644
index 0000000..934fc40
--- /dev/null
+++ b/include/TA/huawei_ext/crypto_ec_wrapper.h
@@ -0,0 +1,149 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: soft ec engine
+ */
+#ifndef __CRYPTO_EC_WRAPPER_H__
+#define __CRYPTO_EC_WRAPPER_H__
+
+#include <stdint.h>
+#include <tee_defines.h>
+
+#define ECC_PRIV_LEN 66
+#define ECC_PUB_LEN 66
+
+struct ec_pub_info {
+ uint8_t *x;
+ uint32_t x_len;
+ uint8_t *y;
+ uint32_t y_len;
+};
+
+struct ec_priv_info {
+ uint32_t nid;
+ uint8_t *r;
+ uint32_t r_len;
+};
+
+typedef struct {
+ uint32_t domain;
+ uint8_t x[ECC_PUB_LEN];
+ uint32_t x_len;
+ uint8_t y[ECC_PUB_LEN];
+ uint32_t y_len;
+} ecc_pub_key_t;
+
+typedef struct {
+ uint32_t domain;
+ uint8_t r[ECC_PRIV_LEN];
+ uint32_t r_len;
+} ecc_priv_key_t;
+
+/*
+ * Derive ecc public key from private key.
+ *
+ * @param priv_info [IN] The ecc_priv_key_t structure
+ * @param pub_info [OUT] The ecc_pub_key_t structure
+ *
+ * @return 0: Derive ecc public key success
+ * @return -1: Derive ecc public key failed
+ */
+int32_t ecc_derive_public_key(ecc_priv_key_t *priv_info, ecc_pub_key_t *pub_info);
+
+/*
+ * Derive ecc private key from huk.
+ *
+ * @param priv [OUT] The ecc_priv_key_t structure
+ * @param secret [IN] The huk buffer
+ * @param sec_len [IN] The length of huk buffer
+ *
+ * @return 0: Derive ecc private key success
+ * @return -1: Derive ecc private key failed
+ */
+int32_t derive_ecc_private_key_from_huk(ecc_priv_key_t *priv, const uint8_t *secret, uint32_t sec_len);
+
+/*
+ * Convert the ecc_pub_key_t structure passed in by the user into ecc public key buffer.
+ *
+ * @param out [OUT] The ecc public key buffer
+ * @param outlen [IN/OUT] The length of ecc public key buffer
+ * @param pub [IN] The ecc public key structure
+ *
+ * @return -1: Export ecc public key failed
+ * @return others: The real size of out buffer
+ */
+int32_t ecc_export_pub(uint8_t *out, uint32_t out_size, ecc_pub_key_t *pub);
+
+/*
+ * Convert the ecc public key passed in by the user into the ecc_pub_key_t structure.
+ *
+ * @param pub [OUT] The ecc public key structure
+ * @param in [IN] The ecc public key buffer
+ * @param inlen [IN] The length of ecc public key buffer
+ *
+ * @return 1: Import ecc public key success
+ * @return -1: Import ecc public key failed
+ */
+int32_t ecc_import_pub(ecc_pub_key_t *pub, const uint8_t *in, uint32_t inlen);
+
+/*
+ * Convert the ecc private key passed in by the user into the ecc_priv_key_t structure.
+ *
+ * @param priv [OUT] The ecc private key structure
+ * @param in [IN] The ecc private key buffer
+ * @param inlen [IN] The length of ecc private key buffer
+ *
+ * @return -1: Import ecc private key failed
+ * @return others: The width of ecc private key
+ */
+int32_t ecc_import_priv(ecc_priv_key_t *priv, const uint8_t *in, uint32_t inlen);
+
+/*
+ * Read next TLV (Type-Length-Value) from ASN1 buffer.
+ *
+ * @param type [OUT] Type of TLV
+ * @param header_len [OUT] Length of TLV
+ * @param buf [IN] Input TLV
+ * @param buf_len [IN] Length of buf in bytes
+ *
+ * @return -1: Get next TLV failed
+ * @return others: Length of next TLV
+ */
+int32_t get_next_tlv(uint32_t *type, uint32_t *header_len, const uint8_t *buf, uint32_t buf_len);
+
+/*
+ * Use ECC algorithm to sign user data.
+ *
+ * @param signature [OUT] The signature of input data
+ * @param sig_siz [IN/OUT] The length of signature
+ * @param in [IN] The data to be sign
+ * @param in_len [IN] The length of input data
+ * @param priv [IN] The ecc private key structure
+ *
+ * @return -1: Sign input buffer use ecc failed
+ * @return others: The length of signature
+ */
+int32_t ecc_sign_digest(uint8_t *signature, uint32_t sig_size, uint8_t *in, uint32_t in_len, ecc_priv_key_t *priv);
+
+/*
+ * Verify the data with ECC algorithm.
+ *
+ * @param signature [IN] The signature of input data
+ * @param sig_len [IN] The length of signature
+ * @param in [IN] The input data
+ * @param in_len [IN] The length of input data
+ * @param pub [IN] The ecc public key structure
+ *
+ * @return 1: Verify digest success
+ * @return -1: Verify digest failed
+ */
+int32_t ecc_verify_digest(const uint8_t *signature, uint32_t sig_len, uint8_t *in, uint32_t in_len, ecc_pub_key_t *pub);
+
+#endif
diff --git a/include/TA/huawei_ext/crypto_ec_x509_wrapper.h b/include/TA/huawei_ext/crypto_ec_x509_wrapper.h
new file mode 100644
index 0000000..73e2832
--- /dev/null
+++ b/include/TA/huawei_ext/crypto_ec_x509_wrapper.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: soft ec x509 engine
+ */
+#ifndef __CRYPTO_EC_X509_WRAPPER_H__
+#define __CRYPTO_EC_X509_WRAPPER_H__
+
+#include <stdint.h>
+#include <tee_defines.h>
+#include "crypto_x509_wrapper.h"
+
+/*
+ * Recover the root certificate.
+ *
+ * @param cert [OUT] The certificate buffer
+ * @param cert_len [IN/OUT] The length of certificate buffer
+ * @param priv [IN] The private key structure
+ * @param keytype [IN] The keytype of private key
+ *
+ * @return -1: Recover root certificate failed
+ * @return others: Recover root certificate success
+ */
+int32_t recover_root_cert(uint8_t *cert, uint32_t cert_len, const void *priv, uint32_t keytype);
+
+/*
+ * Sign the pkcs10 certificate.
+ *
+ * @param cert [OUT] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ * @param csr [IN] The certificate signing request buffer
+ * @param csr_len [IN] The length of certificate signing request buffer
+ * @param valid [IN] The valid date buffer
+ * @param serial_number [IN] The serial number buffer
+ * @param serial_length [IN] The length of serial number buffer
+ * @param priv [IN] The private key structure
+ * @param keytype [IN] The keytype of private key
+ *
+ * @return -1: Sign the pkcs10 certificate failed
+ * @return others: The real size of certificate
+ */
+int32_t sign_pkcs10(uint8_t *cert, uint32_t cert_len,
+ const uint8_t *csr, uint32_t csr_len, const validity_period_t *valid,
+ const uint8_t *serial_number, uint32_t serial_length, const void *priv, uint32_t keytype);
+
+#endif
diff --git a/include/TA/huawei_ext/crypto_inner_wrapper.h b/include/TA/huawei_ext/crypto_inner_wrapper.h
new file mode 100644
index 0000000..01a171f
--- /dev/null
+++ b/include/TA/huawei_ext/crypto_inner_wrapper.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: soft inner engine
+ */
+#ifndef __CRYPTO_INNER_WRAPPER_H__
+#define __CRYPTO_INNER_WRAPPER_H__
+
+#include <stdint.h>
+#include <tee_defines.h>
+
+/*
+ * Get common name from certificate.
+ *
+ * @param name [OUT] The common name buffer
+ * @param name_size [IN/OUT] The length of common name buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get common name failed
+ * @return others: Get common name success
+ */
+int32_t get_subject_CN(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len);
+
+/*
+ * Get organization name from certificate.
+ *
+ * @param name [OUT] The organization name buffer
+ * @param name_size [IN/OUT] The length of organization name buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get organization name failed
+ * @return others: Get organization name success
+ */
+int32_t get_subject_OU(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len);
+
+/*
+ * verify Cert in tee
+ *
+ * @param cert [IN] data for salt
+ * @param cert_len [IN] salt length
+ * @param parent_key [IN] size of generated key, fix-size 32 bytes
+ * @param parent_key_len [IN] pointer where key is saved
+ *
+ * @return TEE_SUCCESS OK
+ * @return TEE_ERROR_BAD_PARAMETERS illegal parameters
+ * @return TEE_ERROR_GENERIC internal error
+ */
+TEE_Result TEE_EXT_verify_dev_cert(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len);
+
+/*
+ * create cert request in TEE
+ *
+ * @param buf [OUT] cert request output buffer
+ * @param len [OUT] output buffer size
+ * @param key_type [IN] key_type RSA 0; ECC 1
+ * @param file_name [IN] pointer where key is saved
+ *
+ * @return TEE_SUCCESS operation success
+ * @return TEE_ERROR_BAD_PARAMETERS illegal parameters
+ */
+TEE_Result TEE_EXT_create_cert_req(uint8_t *buf, size_t len, uint32_t key_type, uint8_t *file_name);
+#endif
diff --git a/include/TA/huawei_ext/crypto_rsa_wrapper.h b/include/TA/huawei_ext/crypto_rsa_wrapper.h
new file mode 100644
index 0000000..abae90c
--- /dev/null
+++ b/include/TA/huawei_ext/crypto_rsa_wrapper.h
@@ -0,0 +1,154 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: soft rsa engine
+ */
+#ifndef __CRYPTO_RSA_WRAPPER_H__
+#define __CRYPTO_RSA_WRAPPER_H__
+
+#include <stdint.h>
+#include <tee_defines.h>
+
+#define RSA_PUB_LEN 1024
+#define RSA_PRIV_LEN 512
+
+typedef struct {
+ uint8_t e[RSA_PUB_LEN];
+ uint32_t e_len;
+ uint8_t n[RSA_PUB_LEN];
+ uint32_t n_len;
+} rsa_pub_key_t;
+
+typedef struct {
+ uint8_t e[RSA_PUB_LEN];
+ uint32_t e_len;
+ uint8_t n[RSA_PUB_LEN];
+ uint32_t n_len;
+ uint8_t d[RSA_PUB_LEN];
+ uint32_t d_len;
+ uint8_t p[RSA_PRIV_LEN];
+ uint32_t p_len;
+ uint8_t q[RSA_PRIV_LEN];
+ uint32_t q_len;
+ uint8_t dp[RSA_PRIV_LEN];
+ uint32_t dp_len;
+ uint8_t dq[RSA_PRIV_LEN];
+ uint32_t dq_len;
+ uint8_t qinv[RSA_PRIV_LEN];
+ uint32_t qinv_len;
+} rsa_priv_key_t;
+
+/*
+ * Generate rsa key pair.
+ * @param priv [OUT] The rsa private key structure
+ * @param pub [OUT] The rsa public key structure
+ * @param e [IN] The exponent of rsa key
+ * @param key_size [IN] The size of rsa key
+ *
+ * @return 0: Generate rsa keypair success
+ * @return -1: Generate rsa keypair failed
+ */
+int32_t rsa_generate_keypair(rsa_priv_key_t *priv, rsa_pub_key_t *pub, uint32_t e, uint32_t key_size);
+
+/*
+ * Do rsa encryption.
+ *
+ * @param dest_data [OUT] The dest data buffer
+ * @param dest_len [IN/OUT] The length of dest data
+ * @param src_data [IN] The src data buffer
+ * @param src_len [IN] The length of src data
+ * @param pub [IN] The rsa public key structure
+ * @param padding [IN] The padding type of encryption
+ * @param hash_nid [IN] The hash_nid of encryption
+ *
+ * @return 0: Do rsa encryption success
+ * @return -1: Do rsa encryption failed
+ */
+int32_t rsa_encrypt(uint8_t *dest_data, uint32_t *dest_len, uint8_t *src_data, uint32_t src_len, rsa_pub_key_t *pub,
+ int32_t padding, int32_t hash_nid);
+
+/*
+ * Do rsa decryption.
+ *
+ * @param dest_data [OUT] The dest data buffer
+ * @param dest_len [IN/OUT] The length of dest data
+ * @param src_data [IN] The src data buffer
+ * @param src_len [IN] The length of src data
+ * @param priv [IN] THE rsa private key structure
+ * @param padding [IN] The padding type of encryption
+ * @param hash_nid [IN] The hash_nid of encryption
+ *
+ * @return 0: Do rsa decryption success
+ * @return -1: Do rsa decryption failed
+ */
+int32_t rsa_decrypt(uint8_t *dest_data, uint32_t *dest_len, uint8_t *src_data, uint32_t src_len, rsa_priv_key_t *priv,
+ uint32_t padding, int32_t hash_nid);
+
+/*
+ * Do rsa Sign digest.
+ *
+ * @param signature [OUT] The signature of input data
+ * @param sig_size [IN/OUT] The length of signature
+ * @param in [IN] The input data
+ * @param in_len [IN] The length of input data
+ * @param priv [IN] The rsa private key structure
+ * @param salt_len [IN] The length of salt
+ * @param hash_nid [IN] The hash_nid of encryption
+ * @param padding [IN] The padding type of encryption
+ *
+ * @return 0: Do rsa sign digest success
+ * @return -1: Do rsa Sign digest failed
+ */
+int32_t rsa_sign_digest(uint8_t *signature, uint32_t *sig_size, uint8_t *in, uint32_t in_len, rsa_priv_key_t *priv,
+ uint32_t salt_len, int32_t hash_nid, int32_t padding);
+
+/*
+ * Do rsa Verify digest.
+ *
+ * @param signature [IN] The signature of input data
+ * @param sig_size [IN] The length of signature
+ * @param in [IN] The input data
+ * @param in_len [IN] The length of input data
+ * @param pub [IN] The rsa public key structure
+ * @param salt_len [IN] The length of salt
+ * @param hash_nid [IN] The hash_nid of encryption
+ * @param padding [IN] The padding type of encryption
+ *
+ * @return 0: Do rsa verify success
+ * @return -1: Do rsa verify failed
+ */
+int32_t rsa_verify_digest(uint8_t *signature, uint32_t sig_size, uint8_t *in, uint32_t in_len, const rsa_pub_key_t *pub,
+ uint32_t salt_len, int32_t hash_nid, int32_t padding);
+
+/*
+ * Convert the rsa private key passed in by the user into the rsa_priv_key_t structure.
+ *
+ * @param priv [OUT] The rsa private key structure
+ * @param in [IN] The rsa private key buffer
+ * @param inlen [IN] The length of rsa private key buffer
+ *
+ * @return -1: Import rsa private key failed
+ * @return 0: Import rsa private key success
+ */
+int32_t rsa_import_priv(rsa_priv_key_t *priv, const uint8_t *in, uint32_t in_len);
+
+/*
+ * Convert the rsa_pub_key_t structure passed in by the user into rsa public key buffer.
+ *
+ * @param out [OUT] The rsa public key buffer
+ * @param outlen [IN] The length of rsa public key buffer
+ * @param pub [IN] The rsa public key structure
+ *
+ * @return -1: Export rsa public key failed
+ * @return others: The real size of out buffer
+ */
+int32_t rsa_export_pub_sp(uint8_t *out, uint32_t out_size, rsa_pub_key_t *pub);
+
+#endif
diff --git a/include/TA/huawei_ext/crypto_wrapper.h b/include/TA/huawei_ext/crypto_wrapper.h
index e05e90b..aba36c2 100755
--- a/include/TA/huawei_ext/crypto_wrapper.h
+++ b/include/TA/huawei_ext/crypto_wrapper.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,63 +8,65 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: soft engine in boringssl
*/
#ifndef __CRYPTO_WRAPPER_H__
#define __CRYPTO_WRAPPER_H__
-#include <type.h>
+#include <stdint.h>
#include <tee_defines.h>
-#include <sre_chinadrm.h>
-
-#define SHA256_LEN 32
-#define OEM_KEY_LEN 16
-
+#include "crypto_cert_wrapper.h"
+#include "crypto_device_key_wrapper.h"
+#include "crypto_ec_wrapper.h"
+#include "crypto_ec_x509_wrapper.h"
+#include "crypto_rsa_wrapper.h"
+#include "crypto_x509_wrapper.h"
+#include "crypto_inner_wrapper.h"
+
+#define SHA256_LEN 32
+#define OEM_KEY_LEN 16
#define ECC_P256_PRIV_LEN 64
#define ECC_P256_PUB_LEN 32
-#define RSA_PUB_LEN 1024
-#define RSA_PRIV_LEN 512
#define ATTEST_TBS_MAXSIZE 512
#define ATTESTATION_KEY_USAGE_OFFSET 16
#define EC_FIX_BUFFER_LEN 66
#define SHA256_HASH_LEN 32
-#define ECC_PRIV_LEN 66
-#define ECC_PUB_LEN 66
/* macro in tomcrypto start */
/* ECC domain id */
-#define NIST_P192 0
-#define NIST_P224 1
-#define NIST_P256 2
-#define NIST_P384 3
-#define NIST_P521 4
-
-#define SHA1_HASH 1
-#define SHA224_HASH 2
-#define SHA256_HASH 3
-#define SHA384_HASH 4
-#define SHA512_HASH 5
+#define NIST_P192 0
+#define NIST_P224 1
+#define NIST_P256 2
+#define NIST_P384 3
+#define NIST_P521 4
+
+#define SHA1_HASH 1
+#define SHA224_HASH 2
+#define SHA256_HASH 3
+#define SHA384_HASH 4
+#define SHA512_HASH 5
/* Algorithm id */
-#define RSA_ALG 0
-#define ECC_ALG 1
+#define RSA_ALG 0
+#define ECC_ALG 1
/* macro in tomcrypto end */
-#define DIR_ENC 0
-#define DIR_DEC 1
-
-#define CRYPTO_NUMBER_TWO 2
-#define CRYPTO_NUMBER_THREE 3
-#define CRYPTO_NUMBER_FOUR 4
-#define CRYPTO_NUMBER_FIVE 5
-#define CRYPTO_NUMBER_SIX 6
-#define CRYPTO_NUMBER_SEVEN 7
-#define CRYPTO_NUMBER_EIGHT 8
-#define VALIDITY_TIME_SIZE 13
-#define SECRET_KEY_MAX_LEN 64
-#define CER_PUBLIC_KEY_MAX_LEN 300
-#define VALIDITY_FIX_LEN 32
-#define KEY_USAGE_FIX_LEN 41
-#define ITEM_THREE_ADD_LEN 12
-#define ITEM_THREE_MOVE_LEN 27
-#define ITEM_TWO_ADD_LEN 23
+#define DIR_ENC 0
+#define DIR_DEC 1
+
+#define CRYPTO_NUMBER_TWO 2
+#define CRYPTO_NUMBER_THREE 3
+#define CRYPTO_NUMBER_FOUR 4
+#define CRYPTO_NUMBER_FIVE 5
+#define CRYPTO_NUMBER_SIX 6
+#define CRYPTO_NUMBER_SEVEN 7
+#define CRYPTO_NUMBER_EIGHT 8
+#define VALIDITY_TIME_SIZE 13
+#define SECRET_KEY_MAX_LEN 64
+#define CER_PUBLIC_KEY_MAX_LEN 300
+#define VALIDITY_FIX_LEN 32
+#define KEY_USAGE_FIX_LEN 41
+#define ITEM_THREE_ADD_LEN 12
+#define ITEM_THREE_MOVE_LEN 27
+#define ITEM_TWO_ADD_LEN 23
/* table struct for match convert */
typedef struct {
@@ -72,52 +74,6 @@ typedef struct {
uint32_t dest;
} crypto_u2u;
-#define VALIDITY_TIME_SIZE 13
-typedef struct {
- uint8_t start[VALIDITY_TIME_SIZE];
- uint8_t end[VALIDITY_TIME_SIZE];
-} validity_period_t;
-
-typedef struct {
- uint32_t domain;
- uint8_t x[ECC_PUB_LEN];
- uint32_t x_len;
- uint8_t y[ECC_PUB_LEN];
- uint32_t y_len;
-} ecc_pub_key_t;
-
-typedef struct {
- uint32_t domain;
- uint8_t r[ECC_PRIV_LEN];
- uint32_t r_len;
-} ecc_priv_key_t;
-
-typedef struct {
- uint8_t e[RSA_PUB_LEN];
- uint32_t e_len;
- uint8_t n[RSA_PUB_LEN];
- uint32_t n_len;
-} rsa_pub_key_t;
-
-typedef struct {
- uint8_t e[RSA_PUB_LEN];
- uint32_t e_len;
- uint8_t n[RSA_PUB_LEN];
- uint32_t n_len;
- uint8_t d[RSA_PUB_LEN];
- uint32_t d_len;
- uint8_t p[RSA_PRIV_LEN];
- uint32_t p_len;
- uint8_t q[RSA_PRIV_LEN];
- uint32_t q_len;
- uint8_t dp[RSA_PRIV_LEN];
- uint32_t dp_len;
- uint8_t dq[RSA_PRIV_LEN];
- uint32_t dq_len;
- uint8_t qinv[RSA_PRIV_LEN];
- uint32_t qinv_len;
-} rsa_priv_key_t;
-
typedef struct {
unsigned char *ou;
unsigned char *o;
@@ -125,455 +81,4 @@ typedef struct {
unsigned char *cn;
} dn_name_t;
-struct ec_pub_info {
- uint8_t *x;
- uint32_t x_len;
- uint8_t *y;
- uint32_t y_len;
-};
-
-struct ec_priv_info {
- uint32_t nid;
- uint8_t *r;
- uint32_t r_len;
-};
-
-/*
- * Convert the ecc public key passed in by the user into the ecc_pub_key_t structure.
- *
- * @param pub [OUT] The ecc public key structure
- * @param in [IN] The ecc public key buffer
- * @param inlen [IN] The length of ecc public key buffer
- *
- * @return 1: Import ecc public key success
- * @return -1: Import ecc public key failed
- */
-int32_t ecc_import_pub(ecc_pub_key_t *pub, const uint8_t *in, uint32_t inlen);
-
-/*
- * Convert the ecc_pub_key_t structure passed in by the user into ecc public key buffer.
- *
- * @param out [OUT] The ecc public key buffer
- * @param outlen [IN/OUT] The length of ecc public key buffer
- * @param pub [IN] The ecc public key structure
- *
- * @return -1: Export ecc public key failed
- * @return others: The real size of out buffer
- */
-int32_t ecc_export_pub(uint8_t *out, uint32_t out_size, ecc_pub_key_t *pub);
-
-/*
- * Read next TLV (Type-Length-Value) from ASN1 buffer.
- *
- * @param type [OUT] Type of TLV
- * @param header_len [OUT] Length of TLV
- * @param buf [IN] Input TLV
- * @param buf_len [IN] Length of buf in bytes
- *
- * @return -1: Get next TLV failed
- * @return others: Length of next TLV
- */
-int32_t get_next_tlv(uint32_t *type, uint32_t *header_len, const uint8_t *buf, uint32_t buf_len);
-
-/*
- * Convert the ecc private key passed in by the user into the ecc_priv_key_t structure.
- *
- * @param priv [OUT] The ecc private key structure
- * @param in [IN] The ecc private key buffer
- * @param inlen [IN] The length of ecc private key buffer
- *
- * @return -1: Import ecc private key failed
- * @return others: The width of ecc private key
- */
-int32_t ecc_import_priv(ecc_priv_key_t *priv, const uint8_t *in, uint32_t inlen);
-
-/*
- * Use ECC algorithm to sign user data.
- *
- * @param signature [OUT] The signature of input data
- * @param sig_siz [IN/OUT] The length of signature
- * @param in [IN] The data to be sign
- * @param in_len [IN] The length of input data
- * @param priv [IN] The ecc private key structure
- *
- * @return -1: Sign input buffer use ecc failed
- * @return others: The length of signature
- */
-int32_t ecc_sign_digest(uint8_t *signature, uint32_t sig_size, uint8_t *in, uint32_t in_len, ecc_priv_key_t *priv);
-
-/*
- * Verify the data with ECC algorithm.
- *
- * @param signature [IN] The signature of input data
- * @param sig_len [IN] The length of signature
- * @param in [IN] The input data
- * @param in_len [IN] The length of input data
- * @param pub [IN] The ecc public key structure
- *
- * @return 1: Verify digest success
- * @return -1: Verify digest failed
- */
-int32_t ecc_verify_digest(const uint8_t *signature, uint32_t sig_len, uint8_t *in, uint32_t in_len, ecc_pub_key_t *pub);
-
-/*
- * Generate rsa key pair.
- * @param priv [OUT] The rsa private key structure
- * @param pub [OUT] The rsa public key structure
- * @param e [IN] The exponent of rsa key
- * @param key_size [IN] The size of rsa key
- *
- * @return 0: Generate rsa keypair success
- * @return -1: Generate rsa keypair failed
- */
-int32_t rsa_generate_keypair(rsa_priv_key_t *priv, rsa_pub_key_t *pub, uint32_t e, uint32_t key_size);
-
-/*
- * Do rsa encryption.
- *
- * @param dest_data [OUT] The dest data buffer
- * @param dest_len [IN/OUT] The length of dest data
- * @param src_data [IN] The src data buffer
- * @param src_len [IN] The length of src data
- * @param pub [IN] The rsa public key structure
- * @param padding [IN] The padding type of encryption
- * @param hash_nid [IN] The hash_nid of encryption
- *
- * @return 0: Do rsa encryption success
- * @return -1: Do rsa encryption failed
- */
-int32_t rsa_encrypt(uint8_t *dest_data, uint32_t *dest_len, uint8_t *src_data, uint32_t src_len, rsa_pub_key_t *pub,
- int32_t padding, int32_t hash_nid);
-
-/*
- * Do rsa decryption.
- *
- * @param dest_data [OUT] The dest data buffer
- * @param dest_len [IN/OUT] The length of dest data
- * @param src_data [IN] The src data buffer
- * @param src_len [IN] The length of src data
- * @param priv [IN] THE rsa private key structure
- * @param padding [IN] The padding type of encryption
- * @param hash_nid [IN] The hash_nid of encryption
- *
- * @return 0: Do rsa decryption success
- * @return -1: Do rsa decryption failed
- */
-int32_t rsa_decrypt(uint8_t *dest_data, uint32_t *dest_len, uint8_t *src_data, uint32_t src_len, rsa_priv_key_t *priv,
- uint32_t padding, int32_t hash_nid);
-
-/*
- * Do rsa Sign digest.
- *
- * @param signature [OUT] The signature of input data
- * @param sig_size [IN/OUT] The length of signature
- * @param in [IN] The input data
- * @param in_len [IN] The length of input data
- * @param priv [IN] The rsa private key structure
- * @param salt_len [IN] The length of salt
- * @param hash_nid [IN] The hash_nid of encryption
- * @param padding [IN] The padding type of encryption
- *
- * @return 0: Do rsa sign digest success
- * @return -1: Do rsa Sign digest failed
- */
-int32_t rsa_sign_digest(uint8_t *signature, uint32_t *sig_size, uint8_t *in, uint32_t in_len, rsa_priv_key_t *priv,
- uint32_t salt_len, int32_t hash_nid, int32_t padding);
-
-/*
- * Do rsa Verify digest.
- *
- * @param signature [IN] The signature of input data
- * @param sig_size [IN] The length of signature
- * @param in [IN] The input data
- * @param in_len [IN] The length of input data
- * @param pub [IN] The rsa public key structure
- * @param salt_len [IN] The length of salt
- * @param hash_nid [IN] The hash_nid of encryption
- * @param padding [IN] The padding type of encryption
- *
- * @return 0: Do rsa verify success
- * @return -1: Do rsa verify failed
- */
-int32_t rsa_verify_digest(uint8_t *signature, uint32_t sig_size, uint8_t *in, uint32_t in_len, const rsa_pub_key_t *pub,
- uint32_t salt_len, int32_t hash_nid, int32_t padding);
-
-/*
- * Convert the rsa private key passed in by the user into the rsa_priv_key_t structure.
- *
- * @param priv [OUT] The rsa private key structure
- * @param in [IN] The rsa private key buffer
- * @param inlen [IN] The length of rsa private key buffer
- *
- * @return -1: Import rsa private key failed
- * @return 0: Import rsa private key success
- */
-int rsa_import_priv(rsa_priv_key_t *priv, const uint8_t *in, uint32_t in_len);
-
-/*
- * Check the certificate revocation list.
- *
- * @param cert [IN] The crl buffer
- * @param cert_len [IN] The length of crl buffer
- * @param parent_key [IN] The public key to verify the crl
- * @param parent_key_len [IN] The length of public key
- *
- * @return 1: Check the crl success
- * @return others: Check the crl failed
- */
-int x509_crl_validate(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len);
-
-/*
- * Check the x509 certificate.
- *
- * @param cert [IN] The certificate buffer
- * @param cert_len [IN] The length of certificate buffer
- * @param parent_key [IN] The public key to verify the crl
- * @param parent_key_len [IN] The length of public key
- *
- * @return 1: Check the cert success
- * @return others: Check the cert failed
- */
-int x509_cert_validate(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len);
-
-/*
- * Get public key from certificate.
- *
- * @param pub [OUT] The public key struct
- * @param in [IN] The certificate buffer
- * @param inlen [IN] The length of certificate buffer
- *
- * @return 0: Get public key success
- * @return -1: Get public key failed
- */
-int import_pub_from_sp(void *pub, const uint8_t *in, uint32_t inlen);
-
-/*
- * Get public key from certificate.
- *
- * @param pub [OUT] The public key buffer
- * @param cert [IN] The certificate buffer
- * @param cert_len [IN] The length of certificate buffer
- *
- * @return -1: Get public key failed
- * @return others: The length of public key buffer
- */
-int get_subject_public_key(uint8_t *pub, const uint8_t *cert, uint32_t cert_len);
-
-/*
- * Get public key from certificate.
- *
- * @param pub [OUT] The public key buffer
- * @param pub_size [IN/OUT] The length of public key buffer
- * @param cert [IN] The certificate buffer
- * @param cert_len [IN] The length of certificate buffer
- *
- * @return -1: Get public key failed
- * @return others: The length of public key buffer
- */
-int get_subject_public_key_new(uint8_t *pub, uint32_t pub_size, const uint8_t *cert, uint32_t cert_len);
-
-/*
- * Get valid date from certificate.
- *
- * @param vd [OUT] The valid data structure
- * @param cert [IN] The certificate buffer
- * @param cert_len [IN] The length of certificate buffer
- *
- * @return 0: Get valid date success
- * @return -1: Get valid data failed
- */
-int get_validity_from_cert(validity_period_t *vd, uint8_t *cert, uint32_t cert_len);
-
-/*
- * Get common name from certificate.
- *
- * @param name [OUT] The common name buffer
- * @param name_size [IN/OUT] The length of common name buffer
- * @param cert [IN] The certificate buffer
- * @param cert_len [IN] The length of certificate buffer
- *
- * @return -1: Get common name failed
- * @return others: Get common name success
- */
-int get_subject_CN(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len);
-
-/*
- * Get organization name from certificate.
- *
- * @param name [OUT] The organization name buffer
- * @param name_size [IN/OUT] The length of organization name buffer
- * @param cert [IN] The certificate buffer
- * @param cert_len [IN] The length of certificate buffer
- *
- * @return -1: Get organization name failed
- * @return others: Get organization name success
- */
-int get_subject_OU(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len);
-
-/*
- * Get serial number from certificate.
- *
- * @param serial_number [OUT] The serial number buffer
- * @param serial_number_size [IN/OUT] The length of serial number buffer
- * @param cert [IN] The certificate buffer
- * @param cert_len [IN] The length of certificate buffer
- *
- * @return -1: Get serial number failed
- * @return others: Get serial number success
- */
-int get_serial_number_from_cert(uint8_t *serial_number, uint32_t serial_number_size, uint8_t *cert, uint32_t cert_len);
-
-/*
- * Get issuer from certificate.
- *
- * @param issuer [OUT] The issuer buffer
- * @param issuer_size [IN/OUT] The length of issuer buffer
- * @param cert [IN] The certificate buffer
- * @param cert_len [IN] The length of certificate buffer
- *
- * @return -1: Get serial number failed
- * @return others: Get serial number success
- */
-int get_issuer_from_cert(uint8_t *issuer, uint32_t issuer_size, uint8_t *crl, uint32_t crl_len);
-
-/*
- * Get element number from certificate.
- *
- * @param elem [OUT] The element with elem_id
- * @param elem_id [IN] The index of element
- * @param cert [IN] The certificate buffer
- * @param cert_len [IN] The length of certificate buffer
- *
- * @return -1: Get element failed
- * @return others: The length of element
- */
-int32_t get_tbs_element(uint8_t **elem, uint32_t elem_id, const uint8_t *cert, uint32_t cert_len);
-
-/*
- * Recover the root certificate.
- *
- * @param cert [OUT] The certificate buffer
- * @param cert_len [IN/OUT] The length of certificate buffer
- * @param priv [IN] The private key structure
- * @param keytype [IN] The keytype of private key
- *
- * @return -1: Recover root certificate failed
- * @return others: Recover root certificate success
- */
-int32_t recover_root_cert(uint8_t *cert, uint32_t cert_len, const void *priv, uint32_t keytype);
-
-/*
- * Convert the rsa_pub_key_t structure passed in by the user into rsa public key buffer.
- *
- * @param out [OUT] The rsa public key buffer
- * @param outlen [IN] The length of rsa public key buffer
- * @param pub [IN] The rsa public key structure
- *
- * @return -1: Export rsa public key failed
- * @return others: The real size of out buffer
- */
-int32_t rsa_export_pub_sp(uint8_t *out, uint32_t out_size, rsa_pub_key_t *pub);
-
-/*
- * Sign the pkcs10 certificate.
- *
- * @param cert [OUT] The certificate buffer
- * @param cert_len [IN] The length of certificate buffer
- * @param csr [IN] The certificate signing request buffer
- * @param csr_len [IN] The length of certificate signing request buffer
- * @param valid [IN] The valid date buffer
- * @param serial_number [IN] The serial number buffer
- * @param serial_length [IN] The length of serial number buffer
- * @param priv [IN] The private key structure
- * @param keytype [IN] The keytype of private key
- *
- * @return -1: Sign the pkcs10 certificate failed
- * @return others: The real size of certificate
- */
-int32_t sign_pkcs10(uint8_t *cert, uint32_t cert_len,
- const uint8_t *csr, uint32_t csr_len, const validity_period_t *valid,
- const uint8_t *serial_number, uint32_t serial_length, const void *priv, uint32_t keytype);
-
-/*
- * Create attestation certificate with input params.
- *
- * @param cert [OUT] The certificate buffer
- * @param cert_len [IN] The length of certificate buffer
- * @param valid [IN] The valid date buffer
- * @param issuer_tlv [IN] The issuer buffer
- * @param issuer_tlv_len [IN] The length of issuer buffer
- * @param subject_public_key [IN] The subject public key buffer
- * @param subject_public_key_len [IN] The length of subject public key buffer
- * @param attestation_ext [IN] The attestation extrol infor buffer
- * @param attestation_ext_len [IN] The length of attestation extrol infor buffer
- * @param priv_sign [IN] The private key buffer
- * @param key_usage_sign_bit [IN] The usage sign falg
- * @param key_usage_encrypt_bit [IN] The usage encrypt flag
- * @param keytype [IN] The keytype of private key
- * @param hash [IN] The hash func of digest
- *
- * @return -1: Create attestation certificate failed
- * @return others: The real size of certificate
- */
-int32_t create_attestation_cert(uint8_t *cert, uint32_t cert_len, const validity_period_t *valid,
- const uint8_t *issuer_tlv, uint32_t issuer_tlv_len,
- const uint8_t *subject_public_key, uint32_t subject_public_key_len,
- const uint8_t *attestation_ext, uint32_t attestation_ext_len, void *priv_sign,
- uint32_t key_usage_sign_bit, uint32_t key_usage_encrypt_bit, uint32_t key_type,
- uint32_t hash);
-
-/*
- * Get oem huk.
- *
- * @param huk [OUT] The oem huk buffer
- * @param key [IN] The hmac key buffer
- * @param key_size [IN] The length of hmac key buffer
- *
- * @return 0: Get oem huk success
- * @return -1: Get oem huk failed
- */
-int get_class_oem_huk(uint8_t *huk, const uint8_t *key, uint32_t key_size);
-
-/*
- * Derive ecc public key from private key.
- *
- * @param priv_info [IN] The ecc_priv_key_t structure
- * @param pub_info [OUT] The ecc_pub_key_t structure
- *
- * @return 0: Derive ecc public key success
- * @return -1: Derive ecc public key failed
- */
-int ecc_derive_public_key(ecc_priv_key_t *priv_info, ecc_pub_key_t *pub_info);
-
-/*
- * Derive ecc private key from huk.
- *
- * @param priv [OUT] The ecc_priv_key_t structure
- * @param secret [IN] The huk buffer
- * @param sec_len [IN] The length of huk buffer
- *
- * @return 0: Derive ecc private key success
- * @return -1: Derive ecc private key failed
- */
-int derive_ecc_private_key_from_huk(ecc_priv_key_t *priv, const uint8_t *secret, uint32_t sec_len);
-
-/*
- * Do aes key wrap operation.
- * @param params [IN/OUT] The cdrm_params structure contains key/iv/input/output info
- *
- * @return TEE_SUCCESS: Do aes key wrap operation success
- * @return others: Do aes key wrap operation failed
- */
-TEE_Result aes_key_wrap(struct cdrm_params *params);
-
-/*
- * Do aes key unwrap operation.
- *
- * @param params [IN/OUT] The cdrm_params structure contains key/iv/input/output info
- *
- * @return TEE_SUCCESS: Do aes key unwrap operation success
- * @return others: Do aes key unwrap operation failed
- */
-TEE_Result aes_key_unwrap(struct cdrm_params *params);
-
#endif
diff --git a/include/TA/huawei_ext/crypto_x509_wrapper.h b/include/TA/huawei_ext/crypto_x509_wrapper.h
new file mode 100644
index 0000000..830e7dc
--- /dev/null
+++ b/include/TA/huawei_ext/crypto_x509_wrapper.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: soft ec x509 engine
+ */
+#ifndef __CRYPTO_X509_WRAPPER_H__
+#define __CRYPTO_X509_WRAPPER_H__
+
+#include <stdint.h>
+#include <tee_defines.h>
+
+#define VALIDITY_TIME_SIZE 13
+typedef struct {
+ uint8_t start[VALIDITY_TIME_SIZE];
+ uint8_t end[VALIDITY_TIME_SIZE];
+} validity_period_t;
+
+/*
+ * Check the certificate revocation list.
+ *
+ * @param cert [IN] The crl buffer
+ * @param cert_len [IN] The length of crl buffer
+ * @param parent_key [IN] The public key to verify the crl
+ * @param parent_key_len [IN] The length of public key
+ *
+ * @return 1: Check the crl success
+ * @return others: Check the crl failed
+ */
+int32_t x509_crl_validate(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len);
+
+/*
+ * Check the x509 certificate.
+ *
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ * @param parent_key [IN] The public key to verify the crl
+ * @param parent_key_len [IN] The length of public key
+ *
+ * @return 1: Check the cert success
+ * @return others: Check the cert failed
+ */
+int32_t x509_cert_validate(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len);
+
+/*
+ * Get public key from certificate.
+ *
+ * @param pub [OUT] The public key struct
+ * @param in [IN] The certificate buffer
+ * @param inlen [IN] The length of certificate buffer
+ *
+ * @return 0: Get public key success
+ * @return -1: Get public key failed
+ */
+int32_t import_pub_from_sp(void *pub, const uint8_t *in, uint32_t inlen);
+
+/*
+ * Get public key from certificate.
+ *
+ * @param pub [OUT] The public key buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get public key failed
+ * @return others: The length of public key buffer
+ */
+int32_t get_subject_public_key(uint8_t *pub, const uint8_t *cert, uint32_t cert_len);
+
+/*
+ * Get public key from certificate.
+ *
+ * @param pub [OUT] The public key buffer
+ * @param pub_size [IN/OUT] The length of public key buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get public key failed
+ * @return others: The length of public key buffer
+ */
+int32_t get_subject_public_key_new(uint8_t *pub, uint32_t pub_size, const uint8_t *cert, uint32_t cert_len);
+
+/*
+ * Get valid date from certificate.
+ *
+ * @param vd [OUT] The valid date structure
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return 0: Get valid date success
+ * @return -1: Get valid date failed
+ */
+int32_t get_validity_from_cert(validity_period_t *vd, uint8_t *cert, uint32_t cert_len);
+
+/*
+ * Get common name from certificate.
+ *
+ * @param name [OUT] The common name buffer
+ * @param name_size [IN/OUT] The length of common name buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get common name failed
+ * @return others: Get common name success
+ */
+int32_t get_subject_x509_cn(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len);
+
+/*
+ * Get organization name from certificate.
+ *
+ * @param name [OUT] The organization name buffer
+ * @param name_size [IN/OUT] The length of organization name buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get organization name failed
+ * @return others: Get organization name success
+ */
+int32_t get_subject_x509_ou(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len);
+
+/*
+ * Get serial number from certificate.
+ *
+ * @param serial_number [OUT] The serial number buffer
+ * @param serial_number_size [IN/OUT] The length of serial number buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get serial number failed
+ * @return others: Get serial number success
+ */
+int32_t get_serial_number_from_cert(uint8_t *serial_number, uint32_t serial_number_size,
+ uint8_t *cert, uint32_t cert_len);
+
+/*
+ * Get issuer from certificate.
+ *
+ * @param issuer [OUT] The issuer buffer
+ * @param issuer_size [IN/OUT] The length of issuer buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get serial number failed
+ * @return others: Get serial number success
+ */
+int32_t get_issuer_from_cert(uint8_t *issuer, uint32_t issuer_size, uint8_t *crl, uint32_t crl_len);
+
+/*
+ * Check cert chain valid.
+ *
+ * @param root_cert [IN] root ca cert presave
+ * @param root_cert_len [IN] The length of root ca cert
+ * @param second_cert [IN] secondary ca cert buffer
+ * @param second_cert_len [IN] The length of secondary ca cert
+ * @param leaf_cert [IN] leaf ca cert
+ * @param leaf_cert_len [IN] The length of leaf ca cert
+ *
+ * @return -1: failed
+ * @return >0: check success
+ */
+int x509_cert_chain_validate(uint8_t *root_cert, uint32_t root_cert_len,
+ uint8_t *second_cert, uint32_t second_cert_len,
+ uint8_t *leaf_cert, uint32_t leaf_cert_len);
+#endif
diff --git a/include/TA/huawei_ext/permsrv_api_cert.h b/include/TA/huawei_ext/permsrv_api_cert.h
new file mode 100644
index 0000000..8be86b1
--- /dev/null
+++ b/include/TA/huawei_ext/permsrv_api_cert.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: permsrv cert api interface head file
+ */
+
+#ifndef PEMRSRV_API_CERT_H
+#define PEMRSRV_API_CERT_H
+
+#include "tee_defines.h"
+
+TEE_Result ta_signing_cert_import(const char *cert_buf, uint32_t cert_size, const char *pub_key_buf, uint32_t pub_size);
+TEE_Result ta_signing_cert_export(uint8_t *dst, uint32_t *len, uint32_t limit);
+TEE_Result ta_signing_cert_destroy(void);
+#endif
diff --git a/include/TA/huawei_ext/permsrv_api_legacy.h b/include/TA/huawei_ext/permsrv_api_legacy.h
new file mode 100644
index 0000000..e76f5b5
--- /dev/null
+++ b/include/TA/huawei_ext/permsrv_api_legacy.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: Functions in this header file are deprecated. Do not use
+ */
+
+#ifndef PERMSRV_API_LEGACY_H
+#define PERMSRV_API_LEGACY_H
+
+#include "tee_defines.h"
+
+TEE_Result TEE_EXT_crl_cert_process(const char *crl_cert, uint32_t crl_cert_size);
+TEE_Result TEE_EXT_ta_ctrl_list_process(const char *ctrl_list, uint32_t ctrl_list_size);
+#endif
diff --git a/include/TA/huawei_ext/qsi_data_structure.h b/include/TA/huawei_ext/qsi_data_structure.h
new file mode 100644
index 0000000..2ffedf2
--- /dev/null
+++ b/include/TA/huawei_ext/qsi_data_structure.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: Data Structure Definations of QSI.
+ */
+#ifndef QSI_DATA_STRUCTURE_H
+#define QSI_DATA_STRUCTURE_H
+#include <tee_defines.h>
+
+enum seal_operation {
+ SEAL,
+ UNSEAL
+};
+
+struct ra_buffer_data {
+ uint32_t length;
+ uint8_t *buffer;
+};
+
+#endif
diff --git a/include/TA/huawei_ext/tee_crypto_err.h b/include/TA/huawei_ext/tee_crypto_err.h
new file mode 100644
index 0000000..6d019b7
--- /dev/null
+++ b/include/TA/huawei_ext/tee_crypto_err.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: tee crypto err definitions
+ */
+
+#ifndef TEE_CRYPTO_ERR_H
+#define TEE_CRYPTO_ERR_H
+
+#include <tee_openssl_err.h>
+
+#define MAX_COMMON_CRYPTO_ENGINE_ERR 99
+/*
+ * notes: all extension tee error rule is TEE_EXT_ERROR_BASE | CRYPTO_MODULE_ERR_ID | ALG_ERR_ID | base_error_value,
+ * For example, the crypto module extension error codes are prefixed with 0x8002,
+ * and base_error_value is opensoure lib err.
+ */
+enum soft_algthorm_err_id {
+ SM2_LIB_ERR_ID = 0x0000, /* GMSSL common err and ec err */
+ SM4_LIB_ERR_ID = 0x1000, /* GMSSL evp err */
+ /* as below: for openssl opensource lib */
+ COMM_LIB_ERR_ID = 0x2000,
+ BN_LIB_ERR_ID = 0x3000,
+ RSA_LIB_ERR_ID = 0x4000,
+ EVP_LIB_ERR_ID = 0x5000,
+ PEM_LIB_ERR_ID = 0x6000,
+ X509_LIB_ERR_ID = 0x7000,
+ ASN1_LIB_ERR_ID = 0x8000,
+ CRYPTO_LIB_ERR_ID = 0x9000,
+ EC_LIB_ERR_ID = 0xa000,
+ PKCS7_LIB_ERR_ID = 0xb000,
+ OTHER_LIB_ERR_ID = 0xc000,
+};
+
+#endif
diff --git a/include/TA/huawei_ext/tee_crypto_hal.h b/include/TA/huawei_ext/tee_crypto_hal.h
index 7444618..bfc0be5 100755
--- a/include/TA/huawei_ext/tee_crypto_hal.h
+++ b/include/TA/huawei_ext/tee_crypto_hal.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,17 +8,18 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: crypto hal info function
*/
#ifndef TEE_CRYPTO_HAL_H
#define TEE_CRYPTO_HAL_H
#include "tee_crypto_api.h"
enum CRYPTO_ENGINE {
- DX_CRYPTO,
- EPS_CRYPTO,
- SOFT_CRYPTO,
- SEC_CRYPTO,
- CRYPTO_ENGINE_MAX,
+ DX_CRYPTO = 0,
+ EPS_CRYPTO = 1,
+ SOFT_CRYPTO = 2,
+ SEC_CRYPTO = 3,
+ CRYPTO_ENGINE_MAX = 1024,
};
/*
@@ -42,4 +43,5 @@ TEE_Result TEE_SetCryptoFlag(TEE_OperationHandle operation, uint32_t crypto);
* @retval TEE_ERROR_BAD_PARAMETERS: Operation is NULLi or crypto is invalid
*/
TEE_Result TEE_SetObjectFlag(TEE_ObjectHandle object, uint32_t crypto);
+
#endif
diff --git a/include/TA/huawei_ext/tee_err.h b/include/TA/huawei_ext/tee_err.h
new file mode 100644
index 0000000..4b2b17c
--- /dev/null
+++ b/include/TA/huawei_ext/tee_err.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: Reference of TEE error definitions
+ */
+
+#ifndef TEE_ERROR_H
+#define TEE_ERROR_H
+
+#include <tee_crypto_err.h>
+
+/*
+ * notes: all extension tee error rule is TEE_EXT_ERROR_BASE | xx_MODULE_ERR_ID | base_error_value,
+ * For example, the crypto module extension error codes are prefixed with 0x8002.
+ */
+#define TEE_EXT_ERROR_BASE 0x80000000
+
+enum ext_error_module {
+ OTRP_MODULE_ERR_ID = 0x000000,
+ SSA_MODULE_ERR_ID = 0x010000,
+ CRYPTO_MODULE_ERR_ID = 0x020000,
+};
+
+#endif
diff --git a/include/TA/huawei_ext/tee_ext_api.h b/include/TA/huawei_ext/tee_ext_api.h
index d74c749..309abe3 100644
--- a/include/TA/huawei_ext/tee_ext_api.h
+++ b/include/TA/huawei_ext/tee_ext_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2012-2019. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,13 +8,14 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: Tee ext api header file
*/
#ifndef TEE_EXT_API_H
#define TEE_EXT_API_H
#include "tee_defines.h"
-#include "tee_core_api.h"
+#include "tee_hw_ext_api_legacy.h"
#ifdef __cplusplus
#if __cplusplus
@@ -35,14 +36,18 @@ extern "C" {
#define TEE_GET_REEINFO_SUCCESS 0
#define TEE_GET_REEINFO_FAILED 1
+#define TEE_SMC_FROM_USR 0
+#define TEE_SMC_FROM_KERNEL 1
+
#define RESERVED_BUF_SIZE 32
-typedef struct __caller_info {
+typedef struct ta_caller_info {
uint32_t session_type;
union {
TEE_UUID caller_uuid;
uint8_t ca_info[RESERVED_BUF_SIZE];
} caller_identity;
- uint8_t reserved[RESERVED_BUF_SIZE];
+ uint8_t smc_from_kernel_mode;
+ uint8_t reserved[RESERVED_BUF_SIZE - 1];
} caller_info;
/*
@@ -54,7 +59,7 @@ typedef struct __caller_info {
* return TEE_SUCCESS operation success
* return others failed to get caller info
*/
-TEE_Result TEE_EXT_GetCallerInfo(caller_info *caller_info_data, uint32_t length);
+TEE_Result tee_ext_get_caller_info(caller_info *caller_info_data, uint32_t length);
/*
* verify TA's caller's identify
@@ -70,6 +75,32 @@ TEE_Result TEE_EXT_GetCallerInfo(caller_info *caller_info_data, uint32_t length)
*/
TEE_Result addcaller_ca_exec(const char *ca_name, const char *user_name);
+/*
+ * verify TA's caller's identify
+ * TA can call this API to add caller's info,
+ * which is allowed to call this TA.
+ * this API is for CA in form of JAR or binary-excuteble file.
+ *
+ * @param ca_name [IN] CA caller's process name
+ * @param user_name [IN] CA caller's username
+ *
+ * return TEE_SUCCESS operation
+ * return others failed to add caller info for target CA
+ */
+
+TEE_Result AddCaller_CA_user(const char *ca_name, const char *user_name);
+
+/*
+ * TA can call this API to add caller's info,
+ * which is allowed to call this CA.
+ * this API is for CA in form of native ca and APK.
+ *
+ * @param cainfo_hash [IN] CA callerinfo's sha256 value
+ *
+ * return TEE_SUCCESS operation
+ */
+TEE_Result AddCaller_CA(const uint8_t *cainfo_hash, uint32_t length);
+
/*
* TA call this API allow others TA open session with itself
*
@@ -86,8 +117,32 @@ TEE_Result AddCaller_TA_all(void);
*
* @return session type of current session
*/
-uint32_t TEE_GetSessionType(void);
+uint32_t tee_get_session_type(void);
+/*
+ * Check CA params during CA Authentication
+ *
+ * @param param_types [IN] CA caller's param types
+ * @param params[TEE_PARAMS_NUM] [IN] CA caller's params
+ *
+ * return TEE_SUCCESS
+ */
+TEE_Result TEE_EXT_CheckClientPerm(uint32_t param_types, const TEE_Param params[TEE_PARAMS_NUM]);
+
+/*
+ * derive key from platform key
+ *
+ * @param object [IN/OUT] input data in ObjectInfo->keytype, output keys in Attributes.
+ * @param keySize [IN] key size in bits, it desides the ecc curve type too.
+ * @param params [IN] unused
+ * @param paramCount [IN] unused
+ * @param exinfo [IN] user info as derive slat.
+ * @param exinfo_size [IN] size of user info, Max is 64bytes, must bigger than 0.
+ *
+ * @return TEE_SUCCESS means success, others means failed.
+ */
+TEE_Result tee_ext_derive_ta_platfrom_keys(TEE_ObjectHandle object, uint32_t key_size, const TEE_Attribute *params,
+ uint32_t param_count, const uint8_t *exinfo, uint32_t exinfo_size);
#ifdef __cplusplus
#if __cplusplus
}
diff --git a/include/TA/huawei_ext/tee_hw_ext_api_legacy.h b/include/TA/huawei_ext/tee_hw_ext_api_legacy.h
new file mode 100644
index 0000000..34e480a
--- /dev/null
+++ b/include/TA/huawei_ext/tee_hw_ext_api_legacy.h
@@ -0,0 +1,293 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: Functions in this header file are deprecated. Do not use
+ */
+
+#ifndef __TEE_HW_EXT_API_LEGACY_H__
+#define __TEE_HW_EXT_API_LEGACY_H__
+
+#include "tee_defines.h"
+#include "tee_crypto_api.h"
+
+/*
+ * ta version anti rollback api
+ *
+ * @param ta_version [IN] version to be checked
+ *
+ * @return TEE_SUCCESS check result is OK
+ * @return others check ta version failed
+ */
+TEE_Result TEE_EXT_TA_version_check(uint32_t ta_version);
+
+/*
+ * check wheather target TA(uuid) has permission to invoke target command
+ * this feature is only supported by TA with certificate
+ *
+ * @param [IN] uuid of caller TA
+ * @param [IN] cmd id of request
+ *
+ * @return TEE_SUCCESS target TA has the permission to invoke target command
+ * @return TEE_ERROR_ACCESS_DENIED target TA don't has permission to invoke target command
+ */
+TEE_Result TEE_EXT_CheckInvokePermission(const TEE_UUID *uuid, uint32_t cmd);
+
+/*
+ * get sharemem of verify boot information
+ *
+ * @param buffer [OUT] the address to save verify boot info
+ * @param size [IN] length of buffer
+ *
+ * @return 0 means success, others means failed
+ */
+TEE_Result TEE_EXT_GetVerifyBootInfo(char *buffer, uint32_t size);
+
+/*
+ * derive key from device rootkey and UUID of the current task
+ *
+ * @param salt [IN] data for salt
+ * @param size [IN] salt length
+ * @param key [OUT] pointer where key is saved
+ * @param key_size [IN] key_size must be integer times of 16
+ *
+ * @return TEE_SUCCESS OK
+ * @return TEE_ERROR_BAD_PARAMETERS illegal parameters
+ * @return TEE_ERROR_GENERIC internal error
+ */
+TEE_Result TEE_EXT_DeriveTARootKey(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t key_size);
+
+/*
+ * get rot key for multiple platforms
+ *
+ * @param enc_key [IN] encrypted rot key or NULL
+ * @param en_key_size [IN] encrypted rot key buff len or zero
+ * @param key [OUT]rot key buff pointer
+ * @param key_size [IN/OUT] rot key buffer length
+ *
+ * @return 0 get rot key success
+ * @return -1 get rot key failed
+ */
+int32_t TEE_EXT_GetRoT(const uint8_t *enc_key, uint32_t en_key_size, uint8_t *key, uint32_t *key_size);
+
+/*
+ * get device unique id in TEE
+ *
+ * @param device_unique_id [OUT] buffer to store the result
+ * @param length [IN/OUT] buffer length of device ID
+ *
+ * return TEE_SUCCESS operation success
+ * return others operation failed
+ */
+TEE_Result TEE_EXT_GetDeviceUniqueId(uint8_t *device_unique_id, uint32_t *length);
+
+TEE_Result TEE_EXT_GetSeCapability(const TEE_UUID *uuid, uint64_t *result);
+
+/*
+ * @ingroup TEE_EXT_API
+ * @brief get shared memory infomation of SecFlash
+ *
+ * @param buffer [OUT] the address to save SecFlash shared memory info
+ * @param length [IN] length of buffer
+ *
+ * @retval NA
+ */
+TEE_Result TEE_EXT_GetSecFlashShareMem(char *buffer, uint32_t size);
+
+/*
+ * @ingroup share memory
+ * @brief get sharemem of verify boot information
+ *
+ * @par
+ * @param buffer [OUT] the address to save verify boot info
+ * @param size [IN] length of buffer
+ *
+ * @retval NA
+ *
+ * @par dependence:
+ * @li tee_ext_api.h
+ * @see
+ * @since V100R008C00
+ */
+TEE_Result TEE_EXT_GetTrustBootImgInfo(char *buffer, uint32_t size);
+
+/*
+ * @ingroup derive key for keymaster
+ * @brief using root key to derive key for keymaster
+ *
+ * @par
+ * @param buffer [IN] input secret
+ * @param size [IN] input secret size
+ * @param buffer [OUT] derived key
+ * @param size [OUT] derived key size
+ *
+ * @retval NA
+ *
+ * @par dependence:
+ * @li tee_ext_api.h
+ * @see
+ * @since V100R007C00
+ */
+TEE_Result TEE_EXT_ROOT_DeriveKey2(const uint8_t *secret, uint32_t secret_len, uint8_t *key, uint32_t key_len);
+
+/*
+ * @ingroup ROOT_UuidDeriveKey
+ * @brief derive key from device rootkey and UUID of the current task
+ *
+ * @attention
+ * @param salt [IN] data for salt
+ * @param size [IN] salt length
+ * @param key_size [OUT] size of generated key, fix-size 32 bytes
+ * @param key [OUT] pointer where key is saved
+ *
+ * @retval #TEE_SUCCESS OK
+ * @retval #TEE_ERROR_BAD_PARAMETERS illegal parameters
+ * @retval #TEE_ERROR_GENERIC internal error
+ *
+ * @par dependence:
+ * @li tee_ext_api.h
+ * @see
+ * @since V100R007C00
+ */
+TEE_Result TEE_EXT_ROOT_UuidDeriveKey(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t *key_size);
+
+/*
+ * @ingroup crypto
+ * @brief AES encryption and decryption integration mode.
+ *
+ * @attention: Now this api only support algorithm: AES_CBC_NOPAD/ AES_ECB_PKCS5,
+ * and input key can derive by root key.
+ * @param db [IN] Whether to derive the key with the input key and root key.
+ * @param iv [IN] input iv
+ * @param mode [IN] 0:encrypt; 1:decrypt
+ * @param alg [IN] AES algorithm: TEE_CRYPTO_ALGORITHM_ID
+ * @param key [IN] input key
+ * @param key_len [IN] input key len
+ * @param cyp_src [IN] input data
+ * @param dst [OUT] ouput data
+ * @param src_len [IN] input data len
+ * @param dst_len [OUT] ouput data len
+ *
+ * @retval #TEE_SUCCESS success
+ * @retval #TEE_ERROR_BAD_PARAMETERS illegal parameters
+ * @retval #TEE_ERROR_OUT_OF_MEMORY alloc memory fail
+ *
+ * @par dependence:
+ * @li crypto
+ * @li tee_ext_api.h
+ * @see TEE_CipherInit | TEE_CipherUpdate | TEE_CipherDoFinal
+ * @since V100R005C00
+ */
+TEE_Result TEE_EXT_AES_CRYPTO(bool db, const uint8_t *iv, bool mode, uint32_t alg, const uint8_t *key, uint32_t key_len,
+ const uint8_t *cyp_src, uint8_t *dst, uint32_t src_len, uint32_t *dst_len);
+
+/*
+ * @ingroup crypto
+ * @brief calculate hash.
+ *
+ * @attention
+ * @param algorithm [IN] hash algorithm: like SHA1, SHA256
+ * @param ptr [IN] input data
+ * @param size [IN] input data length
+ * @param hash_result [OUT] hash result: SHA1 20bytes; SHA256 32bytes
+ *
+ * @retval #TEE_SUCCESS success
+ * @retval #TEE_ERROR_BAD_PARAMETERS illegal parameters
+ * @retval #TEE_ERROR_GENERIC error
+ *
+ * @par dependence:
+ * @li crypto
+ * @li tee_ext_api.h
+ * @since V100R005C00
+ */
+TEE_Result TEE_EXT_HASH(tee_crypto_algorithm_id algorithm, const uint8_t *ptr, uint32_t size, uint8_t *hash_result);
+
+/*
+ * @ingroup TEE_HWI_IPC_MESSAGE
+ * @brief Wait for registered messages from IRQs
+ *
+ * @param hwi [IN] IRQ number to register
+ */
+TEE_Result TEE_EXT_HwiMsgRegister(uint32_t hwi);
+
+/*
+ * @ingroup TEE_HWI_IPC_MESSAGE
+ * @brief Unregister to receive message for HWI number
+ *
+ * @param hwi [IN] IRQ number to unregister for
+ */
+TEE_Result TEE_EXT_HwiMsgDeregister(uint32_t hwi);
+
+/*
+ * @ingroup TEE_HWI_IPC_MESSAGE
+ * @brief Wait for registered messages from IRQs
+ *
+ * @param NULL
+ *
+ * @retval received message id
+ */
+uint32_t TEE_EXT_HwiMsgWait(void);
+
+/*
+ * @ingroup TEE_HW_EXT_API
+ * @brief check wheather device rooted 1:rooted, 0:unrooted
+ *
+ * @param NULL
+ *
+ * @retval true means device is rooted
+ */
+bool TEE_EXT_IsDeviceRooted(void);
+
+#ifdef __cplusplus
+#if __cplusplus
+extern "C" {
+#endif /* __cpluscplus */
+#endif /* __cpluscplus */
+
+struct ta_caller_info;
+
+/*
+ * Get caller info of current session, refer caller_info struct for more details
+ *
+ * @param caller_info_data [OUT] caller info to be returned
+ * @param length [IN] sizeof struct caller_info
+ *
+ * return TEE_SUCCESS operation success
+ * return others failed to get caller info
+ */
+TEE_Result TEE_EXT_GetCallerInfo(struct ta_caller_info *caller_info_data, uint32_t length);
+
+/*
+ * get cruurent session type
+ *
+ * @return session type of current session
+ */
+uint32_t TEE_GetSessionType(void);
+
+/*
+ * derive key from platform key
+ *
+ * @param object [IN/OUT] input data in ObjectInfo->keytype, output keys in Attributes.
+ * @param keySize [IN] key size in bits, it desides the ecc curve type too.
+ * @param params [IN] unused
+ * @param paramCount [IN] unused
+ * @param exinfo [IN] user info as derive slat.
+ * @param exinfo_size [IN] size of user info, Max is 64bytes, must bigger than 0.
+ *
+ * @return TEE_SUCCESS means success, others means failed.
+ */
+TEE_Result TEE_EXT_DeriveTAPlatfromKeys(TEE_ObjectHandle object, uint32_t key_size, const TEE_Attribute *params,
+ uint32_t param_count, const uint8_t *exinfo, uint32_t exinfo_size);
+#ifdef __cplusplus
+#if __cplusplus
+}
+#endif /* __cpluscplus */
+#endif /* __cpluscplus */
+
+#endif
diff --git a/include/TA/huawei_ext/tee_log.h b/include/TA/huawei_ext/tee_log.h
index dc213da..37317ca 100644
--- a/include/TA/huawei_ext/tee_log.h
+++ b/include/TA/huawei_ext/tee_log.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,21 +8,26 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: Reference of TEE log api and internal definitions
*/
#ifndef __TEE_LOG_H
#define __TEE_LOG_H
#include "tee_defines.h"
+#include "tee_log_legacy.h"
-#define DEBUG_TAG "[debug]"
-#define INFO_TAG "[info]"
-#define WARNING_TAG "[warning]"
-#define ERROR_TAG "[error]"
+#define TA_LOG_LEVEL_ERROR 0
+#define TA_LOG_LEVEL_WARNING 1
+#define TA_LOG_LEVEL_INFO 2
+#define TA_LOG_LEVEL_DEBUG 3
+#define TA_LOG_LEVEL_VERBO 4
-#define LEVEL_DEBUG 2
-#define LEVEL_WARNING 1
-#define LEVEL_ERROR 0
+#define TA_LOG_LEVEL_DEFAULT TA_LOG_LEVEL_INFO
+// TA_LOG_LEVEL can be redefined by TA developers
+#ifndef TA_LOG_LEVEL
+#define TA_LOG_LEVEL TA_LOG_LEVEL_DEFAULT
+#endif
#define TAG_VERB "[verb]"
#define TAG_DEBUG "[debug]"
@@ -30,6 +35,10 @@
#define TAG_WARN "[warn]"
#define TAG_ERROR "[error]"
+#define DEBUG_TAG "[debug]"
+#define INFO_TAG "[info]"
+#define WARNING_TAG "[warning]"
+#define ERROR_TAG "[error]"
typedef enum {
LOG_LEVEL_ERROR = 0,
LOG_LEVEL_WARN = 1,
@@ -46,84 +55,138 @@ void tee_print(LOG_LEVEL log_level, const char *fmt, ...);
void tee_print_driver(LOG_LEVEL log_level, const char *log_tag, const char *fmt, ...);
extern const char *g_debug_prefix;
-#define TEE_LogPrintf(fmt, args...) SLog(fmt, ##args)
-#ifdef LOG_ON
+/* tlogv */
+#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO)
#ifdef DRIVER_LOG_TAG
#define tlogv(fmt, args...) \
tee_print_driver(LOG_LEVEL_VERBO, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_VERB, __LINE__, ##args)
-#define tlogd(fmt, args...) \
- tee_print_driver(LOG_LEVEL_DEBUG, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args)
-#define tlogi(fmt, args...) \
- tee_print_driver(LOG_LEVEL_INFO, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args)
-#define tlogw(fmt, args...) \
- tee_print_driver(LOG_LEVEL_WARN, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args)
#else
#define tlogv(fmt, args...) tee_print(LOG_LEVEL_VERBO, "%s %d:" fmt "", TAG_VERB, __LINE__, ##args)
-#define tlogd(fmt, args...) tee_print(LOG_LEVEL_DEBUG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args)
-#define tlogi(fmt, args...) tee_print(LOG_LEVEL_INFO, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args)
-#define tlogw(fmt, args...) tee_print(LOG_LEVEL_WARN, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args)
-#endif
+#endif /* DRIVER_LOG_TAG */
#else
#define tlogv(fmt, args...) \
do { \
} while (0)
+#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO */
+
+/* tlogd */
+#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG)
+#ifdef DRIVER_LOG_TAG
+#define tlogd(fmt, args...) \
+ tee_print_driver(LOG_LEVEL_DEBUG, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args)
+#else
+#define tlogd(fmt, args...) tee_print(LOG_LEVEL_DEBUG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args)
+#endif /* DRIVER_LOG_TAG */
+#else
#define tlogd(fmt, args...) \
do { \
} while (0)
+#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG */
+
+/* tlogi */
+#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO)
+#ifdef DRIVER_LOG_TAG
+#define tlogi(fmt, args...) \
+ tee_print_driver(LOG_LEVEL_INFO, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args)
+#else
+#define tlogi(fmt, args...) tee_print(LOG_LEVEL_INFO, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args)
+#endif /* DRIVER_LOG_TAG */
+#else
#define tlogi(fmt, args...) \
do { \
} while (0)
+#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO */
+
+/* tlogw */
+#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING)
+#ifdef DRIVER_LOG_TAG
+#define tlogw(fmt, args...) \
+ tee_print_driver(LOG_LEVEL_WARN, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args)
+#else
+#define tlogw(fmt, args...) tee_print(LOG_LEVEL_WARN, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args)
+#endif /* DRIVER_LOG_TAG */
+#else
#define tlogw(fmt, args...) \
do { \
} while (0)
-#endif /* ENG_VERSION */
+#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING */
+/* tloge */
+#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR) // Always meet this condition
#ifndef TLOGE_NO_TIMESTAMP
#ifdef DRIVER_LOG_TAG
#define tloge(fmt, args...) \
tee_print_driver(LOG_LEVEL_ERROR, DRIVER_LOG_TAG, "%s %d:" fmt " ", TAG_ERROR, __LINE__, ##args)
#else
#define tloge(fmt, args...) tee_print(LOG_LEVEL_ERROR, "%s %d:" fmt " ", TAG_ERROR, __LINE__, ##args)
-#endif
+#endif /* DRIVER_LOG_TAG */
#else
#define tloge(fmt, args...) printf("[%s] %s %d:" fmt " ", g_debug_prefix, TAG_ERROR, __LINE__, ##args)
-#endif
+#endif /* TLOGE_NO_TIMESTAMP */
+#else
+#define tloge(fmt, args...) \
+ do { \
+ } while (0)
+#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR */
void ta_print(LOG_LEVEL log_level, const char *fmt, ...);
-#ifdef LOG_ON
+/* ta_logv */
+#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO)
#define ta_logv(fmt, args...) ta_print(LOG_LEVEL_VERBO, "%s %d: " fmt "\n", TAG_VERB, __LINE__, ##args)
-#define ta_logd(fmt, args...) ta_print(LOG_LEVEL_DEBUG, "%s %d: " fmt "\n", TAG_DEBUG, __LINE__, ##args)
-#define ta_logi(fmt, args...) ta_print(LOG_LEVEL_INFO, "%s %d: " fmt "\n", TAG_INFO, __LINE__, ##args)
-#define ta_logw(fmt, args...) ta_print(LOG_LEVEL_WARN, "%s %d: " fmt "\n", TAG_WARN, __LINE__, ##args)
#else
#define ta_logv(fmt, args...) \
do { \
} while (0)
+#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO */
+
+/* ta_logd */
+#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG)
+#define ta_logd(fmt, args...) ta_print(LOG_LEVEL_DEBUG, "%s %d: " fmt "\n", TAG_DEBUG, __LINE__, ##args)
+#else
#define ta_logd(fmt, args...) \
do { \
} while (0)
+#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG */
+
+/* ta_logi */
+#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO)
+#define ta_logi(fmt, args...) ta_print(LOG_LEVEL_INFO, "%s %d: " fmt "\n", TAG_INFO, __LINE__, ##args)
+#else
#define ta_logi(fmt, args...) \
do { \
} while (0)
+#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO */
+
+/* ta_logw */
+#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING)
+#define ta_logw(fmt, args...) ta_print(LOG_LEVEL_WARN, "%s %d: " fmt "\n", TAG_WARN, __LINE__, ##args)
+#else
#define ta_logw(fmt, args...) \
do { \
} while (0)
-#endif
+#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING */
+
+/* ta_loge */
+#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR) // Always meet this condition
#define ta_loge(fmt, args...) ta_print(LOG_LEVEL_ERROR, "%s %d: " fmt "\n", TAG_ERROR, __LINE__, ##args)
+#else
+#define ta_loge(fmt, args...) \
+ do { \
+ } while (0)
+#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR */
-/* in debug version users can dynamically modify the loglevel ,in release version, users have to modify the level by
- * compile */
+/*
+in debug version, users can dynamically modify the loglevel,
+in release version, users have to modify the level by compile
+*/
#ifndef DEBUG_VERSION
-
#ifdef TA_DEBUG
#define ta_debug(fmt, args...) uart_printf_func("%s %s: " fmt "", DEBUG_TAG, __FUNCTION__, ##args)
#else
#define ta_debug(fmt, args...)
-#endif
-
+#endif /* TA_DEBUG */
#else
-
#define ta_debug(fmt, args...) \
do { \
uint32_t level; \
@@ -142,67 +205,61 @@ void ta_print(LOG_LEVEL log_level, const char *fmt, ...);
} \
} while (0)
-#endif
+#endif /* DEBUG_VERSION */
#define ta_info(fmt, args...) uart_printf_func("%s: " fmt "", INFO_TAG, ##args)
#define ta_error(fmt, args...) uart_printf_func("%s: " fmt " ", ERROR_TAG, ##args)
-#define TA_LOG
-#ifdef TA_LOG
+/* Log level for SLogx */
#define TRACE_S "[Trace]"
#define WARNING_S "[Warning]"
#define ERROR_S "[Error]"
-/*
- * Print trace level's log.
- *
- * @param fmt [IN] assert condition.
- * @param args [IN] params for format config.
- *
- * @return void
- */
-#define SLogTrace(fmt, args...) SLog("%s: " fmt "\n", TRACE_S, ##args)
+#define TA_SLOG_LEVEL_ERROR 0
+#define TA_SLOG_LEVEL_WARNING 1
+#define TA_SLOG_LEVEL_TRACE 2
-/*
- * Print warning level's log.
- *
- * @param fmt [IN] assert condition.
- * @param args [IN] params for format config.
- *
- * @return void
- */
-#define SLogWarning(fmt, args...) SLog("%s: " fmt "\n", WARNING_S, ##args)
+#define TA_SLOG_LEVEL_DEFAULT TA_SLOG_LEVEL_WARNING
+// TA_SLOG_LEVEL can be redefined by TA developers
+#ifndef TA_SLOG_LEVEL
+#define TA_SLOG_LEVEL TA_SLOG_LEVEL_DEFAULT
+#endif
-/*
- * Print error level's log.
- *
- * @param fmt [IN] assert condition.
- * @param args [IN] params for format config.
- *
- * @return void
- */
-#define SLogError(fmt, args...) SLog("%s: " fmt "\n", ERROR_S, ##args)
+/* SLogTrace */
+#if (TA_SLOG_LEVEL >= TA_SLOG_LEVEL_TRACE)
+#define SLogTrace(fmt, args...) tee_print(LOG_LEVEL_DEBUG, "%s: " fmt "\n", TRACE_S, ##args)
+#else
+#define SLogTrace(fmt, args...) \
+ do { \
+ } while (0)
+#endif
-/*
- * Assert api for tee log, note: should call Panic to deal, here just return
- *
- * @param exp [IN] Printf log's format config style.
- *
- * @return void
- */
+/* SLogWarning */
+#if (TA_SLOG_LEVEL >= TA_SLOG_LEVEL_WARNING)
+#define SLogWarning(fmt, args...) tee_print(LOG_LEVEL_WARN, "%s: " fmt "\n", WARNING_S, ##args)
+#else
+#define SLogWarning(fmt, args...) \
+ do { \
+ } while (0)
+#endif
+
+/* SLogError */
+#if (TA_SLOG_LEVEL >= TA_SLOG_LEVEL_ERROR)
+#define SLogError(fmt, args...) tee_print(LOG_LEVEL_ERROR, "%s: " fmt "\n", ERROR_S, ##args)
+#else
+#define SLogError(fmt, args...) \
+ do { \
+ } while (0)
+#endif
+
+/* SAssert, Assert api for tee log, note: should call Panic to deal, here just return */
#define SAssert(exp) \
do { \
if (!(exp)) { \
- SLog("Assertion [ %s ] Failed: File %s, Line %d\n", #exp, "__FILE__", __LINE__); \
+ tee_print(LOG_LEVEL_ERROR, "Assertion [%s] Failed: File %s, Line %d\n", #exp, __FILE__, __LINE__); \
return 0xFFFF0001; \
} \
} while (0);
-#else
-#define SLogTrace(fmt, args...) ((void)0)
-#define SLogWarning(fmt, args...) ((void)0)
-#define SLogError(fmt, args...) ((void)0)
-#define SAssert(exp) ((void)0)
-#endif
/*
* Output log to tee log file.
@@ -211,6 +268,7 @@ void ta_print(LOG_LEVEL log_level, const char *fmt, ...);
*
* @return void
*/
-void SLog(const char *fmt, ...);
+void slog(const char *fmt, ...);
uint32_t get_value(void);
-#endif
+#define TEE_LogPrintf(fmt, args...) slog(fmt, ##args)
+#endif /* __TEE_LOG_H */
diff --git a/include/TA/huawei_ext/tee_log_legacy.h b/include/TA/huawei_ext/tee_log_legacy.h
new file mode 100644
index 0000000..ffedcdc
--- /dev/null
+++ b/include/TA/huawei_ext/tee_log_legacy.h
@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: Reference of TEE log api and internal definitions
+ */
+
+#ifndef __TEE_LOG_LEGACY_H__
+#define __TEE_LOG_LEGACY_H__
+
+void SLog(const char *fmt, ...);
+#endif /* __TEE_LOG_LEGACY_H__ */
diff --git a/include/TA/huawei_ext/tee_openssl_err.h b/include/TA/huawei_ext/tee_openssl_err.h
new file mode 100644
index 0000000..a9245a3
--- /dev/null
+++ b/include/TA/huawei_ext/tee_openssl_err.h
@@ -0,0 +1,500 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: tee crypto err definitions
+ */
+
+#ifndef TEE_OPENSSL_ERR_H
+#define TEE_OPENSSL_ERR_H
+
+/*
+ * define openssl lib reasons err code:
+ * Delete the prefix TEE_ERR_, which is the error code name in the open-source library.
+ */
+/* for common lib err */
+#define TEE_ERR_R_MALLOC_FAILURE 0x80022041
+#define TEE_ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED 0x80022042
+#define TEE_ERR_R_PASSED_NULL_PARAMETER 0x80022043
+#define TEE_ERR_R_INTERNAL_ERROR 0x80022044
+#define TEE_ERR_R_DISABLED 0x80022045
+#define TEE_ERR_R_INIT_FAIL 0x80022046
+#define TEE_ERR_R_PASSED_INVALID_ARGUMENT 0x80022007
+#define TEE_ERR_R_OPERATION_FAIL 0x80022048
+
+/* for bn lib err */
+#define TEE_ERR_BN_R_ARG2_LT_ARG3 0x80023064
+#define TEE_ERR_BN_R_BAD_RECIPROCAL 0x80023065
+#define TEE_ERR_BN_R_BIGNUM_TOO_LONG 0x80023072
+#define TEE_ERR_BN_R_BITS_TOO_SMALL 0x80023076
+#define TEE_ERR_BN_R_CALLED_WITH_EVEN_MODULUS 0x80023066
+#define TEE_ERR_BN_R_DIV_BY_ZERO 0x80023067
+#define TEE_ERR_BN_R_ENCODING_ERROR 0x80023068
+#define TEE_ERR_BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 0x80023069
+#define TEE_ERR_BN_R_INPUT_NOT_REDUCED 0x8002306e
+#define TEE_ERR_BN_R_INVALID_LENGTH 0x8002306a
+#define TEE_ERR_BN_R_INVALID_RANGE 0x80023073
+#define TEE_ERR_BN_R_INVALID_SHIFT 0x80023077
+#define TEE_ERR_BN_R_NOT_A_SQUARE 0x8002306f
+#define TEE_ERR_BN_R_NOT_INITIALIZED 0x8002306b
+#define TEE_ERR_BN_R_NO_INVERSE 0x8002306c
+#define TEE_ERR_BN_R_NO_SOLUTION 0x80023074
+#define TEE_ERR_BN_R_PRIVATE_KEY_TOO_LARGE 0x80023075
+#define TEE_ERR_BN_R_P_IS_NOT_PRIME 0x80023070
+#define TEE_ERR_BN_R_TOO_MANY_ITERATIONS 0x80023071
+#define TEE_ERR_BN_R_TOO_MANY_TEMPORARY_VARIABLES 0x8002306d
+
+/* for rsa lib err */
+#define TEE_ERR_RSA_R_ALGORITHM_MISMATCH 0x80024064
+#define TEE_ERR_RSA_R_BAD_E_VALUE 0x80024065
+#define TEE_ERR_RSA_R_BAD_FIXED_HEADER_DECRYPT 0x80024066
+#define TEE_ERR_RSA_R_BAD_PAD_BYTE_COUNT 0x80024067
+#define TEE_ERR_RSA_R_BAD_SIGNATURE 0x80024068
+#define TEE_ERR_RSA_R_BLOCK_TYPE_IS_NOT_01 0x8002406a
+#define TEE_ERR_RSA_R_BLOCK_TYPE_IS_NOT_02 0x8002406b
+#define TEE_ERR_RSA_R_DATA_GREATER_THAN_MOD_LEN 0x8002406c
+#define TEE_ERR_RSA_R_DATA_TOO_LARGE 0x8002406d
+#define TEE_ERR_RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 0x8002406e
+#define TEE_ERR_RSA_R_DATA_TOO_LARGE_FOR_MODULUS 0x80024084
+#define TEE_ERR_RSA_R_DATA_TOO_SMALL 0x8002406f
+#define TEE_ERR_RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 0x8002407a
+#define TEE_ERR_RSA_R_DIGEST_DOES_NOT_MATCH 0x8002409e
+#define TEE_ERR_RSA_R_DIGEST_NOT_ALLOWED 0x80024091
+#define TEE_ERR_RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 0x80024070
+#define TEE_ERR_RSA_R_DMP1_NOT_CONGRUENT_TO_D 0x8002407c
+#define TEE_ERR_RSA_R_DMQ1_NOT_CONGRUENT_TO_D 0x8002407d
+#define TEE_ERR_RSA_R_D_E_NOT_CONGRUENT_TO_1 0x8002407b
+#define TEE_ERR_RSA_R_FIRST_OCTET_INVALID 0x80024085
+#define TEE_ERR_RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 0x80024090
+#define TEE_ERR_RSA_R_INVALID_DIGEST 0x8002409d
+#define TEE_ERR_RSA_R_INVALID_DIGEST_LENGTH 0x8002408f
+#define TEE_ERR_RSA_R_INVALID_HEADER 0x80024089
+#define TEE_ERR_RSA_R_INVALID_LABEL 0x800240a0
+#define TEE_ERR_RSA_R_INVALID_MESSAGE_LENGTH 0x80024083
+#define TEE_ERR_RSA_R_INVALID_MGF1_MD 0x8002409c
+#define TEE_ERR_RSA_R_INVALID_MULTI_PRIME_KEY 0x800240a7
+#define TEE_ERR_RSA_R_INVALID_OAEP_PARAMETERS 0x800240a1
+#define TEE_ERR_RSA_R_INVALID_PADDING 0x8002408a
+#define TEE_ERR_RSA_R_INVALID_PADDING_MODE 0x8002408d
+#define TEE_ERR_RSA_R_INVALID_PSS_PARAMETERS 0x80024095
+#define TEE_ERR_RSA_R_INVALID_PSS_SALTLEN 0x80024092
+#define TEE_ERR_RSA_R_INVALID_SALT_LENGTH 0x80024096
+#define TEE_ERR_RSA_R_INVALID_TRAILER 0x8002408b
+#define TEE_ERR_RSA_R_INVALID_X931_DIGEST 0x8002408e
+#define TEE_ERR_RSA_R_IQMP_NOT_INVERSE_OF_Q 0x8002407e
+#define TEE_ERR_RSA_R_KEY_PRIME_NUM_INVALID 0x800240a5
+#define TEE_ERR_RSA_R_KEY_SIZE_TOO_SMALL 0x80024078
+#define TEE_ERR_RSA_R_LAST_OCTET_INVALID 0x80024086
+#define TEE_ERR_RSA_R_MISSING_PRIVATE_KEY 0x800240b3
+#define TEE_ERR_RSA_R_MGF1_DIGEST_NOT_ALLOWED 0x80024098
+#define TEE_ERR_RSA_R_MODULUS_TOO_LARGE 0x80024069
+#define TEE_ERR_RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 0x800240a8
+#define TEE_ERR_RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 0x800240a9
+#define TEE_ERR_RSA_R_MP_R_NOT_PRIME 0x800240aa
+#define TEE_ERR_RSA_R_NO_PUBLIC_EXPONENT 0x8002408c
+#define TEE_ERR_RSA_R_NULL_BEFORE_BLOCK_MISSING 0x80024071
+#define TEE_ERR_RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 0x800240ac
+#define TEE_ERR_RSA_R_N_DOES_NOT_EQUAL_P_Q 0x8002407f
+#define TEE_ERR_RSA_R_OAEP_DECODING_ERROR 0x80024079
+#define TEE_ERR_RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 0x80024094
+#define TEE_ERR_RSA_R_PADDING_CHECK_FAILED 0x80024072
+#define TEE_ERR_RSA_R_PKCS_DECODING_ERROR 0x8002409f
+#define TEE_ERR_RSA_R_PSS_SALTLEN_TOO_SMALL 0x800240a4
+#define TEE_ERR_RSA_R_P_NOT_PRIME 0x80024080
+#define TEE_ERR_RSA_R_Q_NOT_PRIME 0x80024081
+#define TEE_ERR_RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 0x80024082
+#define TEE_ERR_RSA_R_SLEN_CHECK_FAILED 0x80024088
+#define TEE_ERR_RSA_R_SLEN_RECOVERY_FAILED 0x80024087
+#define TEE_ERR_RSA_R_SSLV3_ROLLBACK_ATTACK 0x80024073
+#define TEE_ERR_RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 0x80024074
+#define TEE_ERR_RSA_R_UNKNOWN_ALGORITHM_TYPE 0x80024075
+#define TEE_ERR_RSA_R_UNKNOWN_DIGEST 0x800240a6
+#define TEE_ERR_RSA_R_UNKNOWN_MASK_DIGEST 0x80024097
+#define TEE_ERR_RSA_R_UNKNOWN_PADDING_TYPE 0x80024076
+#define TEE_ERR_RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 0x800240a2
+#define TEE_ERR_RSA_R_UNSUPPORTED_LABEL_SOURCE 0x800240a3
+#define TEE_ERR_RSA_R_UNSUPPORTED_MASK_ALGORITHM 0x80024099
+#define TEE_ERR_RSA_R_UNSUPPORTED_MASK_PARAMETER 0x8002409a
+#define TEE_ERR_RSA_R_UNSUPPORTED_SIGNATURE_TYPE 0x8002409b
+#define TEE_ERR_RSA_R_VALUE_MISSING 0x80024093
+#define TEE_ERR_RSA_R_WRONG_SIGNATURE_LENGTH 0x80024077
+
+/* for evp lib err */
+#define TEE_ERR_EVP_R_AES_KEY_SETUP_FAILED 0x8002508f
+#define TEE_ERR_EVP_R_ARIA_KEY_SETUP_FAILED 0x800250b0
+#define TEE_ERR_EVP_R_BAD_DECRYPT 0x80025064
+#define TEE_ERR_EVP_R_BAD_KEY_LENGTH 0x800250c3
+#define TEE_ERR_EVP_R_BUFFER_TOO_SMALL 0x8002509b
+#define TEE_ERR_EVP_R_CAMELLIA_KEY_SETUP_FAILED 0x8002509d
+#define TEE_ERR_EVP_R_CIPHER_PARAMETER_ERROR 0x8002507a
+#define TEE_ERR_EVP_R_COMMAND_NOT_SUPPORTED 0x80025093
+#define TEE_ERR_EVP_R_COPY_ERROR 0x800250ad
+#define TEE_ERR_EVP_R_CTRL_NOT_IMPLEMENTED 0x80025084
+#define TEE_ERR_EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 0x80025085
+#define TEE_ERR_EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 0x8002508a
+#define TEE_ERR_EVP_R_DECODE_ERROR 0x80025072
+#define TEE_ERR_EVP_R_DIFFERENT_KEY_TYPES 0x80025065
+#define TEE_ERR_EVP_R_DIFFERENT_PARAMETERS 0x80025099
+#define TEE_ERR_EVP_R_ERROR_LOADING_SECTION 0x800250a5
+#define TEE_ERR_EVP_R_ERROR_SETTING_FIPS_MODE 0x800250a6
+#define TEE_ERR_EVP_R_EXPECTING_AN_HMAC_KEY 0x800250ae
+#define TEE_ERR_EVP_R_EXPECTING_AN_RSA_KEY 0x8002507f
+#define TEE_ERR_EVP_R_EXPECTING_A_DH_KEY 0x80025080
+#define TEE_ERR_EVP_R_EXPECTING_A_DSA_KEY 0x80025081
+#define TEE_ERR_EVP_R_EXPECTING_A_EC_KEY 0x8002508e
+#define TEE_ERR_EVP_R_EXPECTING_A_POLY1305_KEY 0x800250a4
+#define TEE_ERR_EVP_R_EXPECTING_A_SIPHASH_KEY 0x800250af
+#define TEE_ERR_EVP_R_FIPS_MODE_NOT_SUPPORTED 0x800250a7
+#define TEE_ERR_EVP_R_GET_RAW_KEY_FAILED 0x800250b6
+#define TEE_ERR_EVP_R_ILLEGAL_SCRYPT_PARAMETERS 0x800250ab
+#define TEE_ERR_EVP_R_INITIALIZATION_ERROR 0x80025086
+#define TEE_ERR_EVP_R_INPUT_NOT_INITIALIZED 0x8002506f
+#define TEE_ERR_EVP_R_INVALID_DIGEST 0x80025098
+#define TEE_ERR_EVP_R_INVALID_FIPS_MODE 0x800250a8
+#define TEE_ERR_EVP_R_INVALID_IV_LENGTH 0x800250c2
+#define TEE_ERR_EVP_R_INVALID_KEY 0x800250a3
+#define TEE_ERR_EVP_R_INVALID_KEY_LENGTH 0x80025082
+#define TEE_ERR_EVP_R_INVALID_OPERATION 0x80025094
+#define TEE_ERR_EVP_R_KEYGEN_FAILURE 0x80025078
+#define TEE_ERR_EVP_R_KEY_SETUP_FAILED 0x800250b4
+#define TEE_ERR_EVP_R_MEMORY_LIMIT_EXCEEDED 0x800250ac
+#define TEE_ERR_EVP_R_MESSAGE_DIGEST_IS_NULL 0x8002509f
+#define TEE_ERR_EVP_R_METHOD_NOT_SUPPORTED 0x80025090
+#define TEE_ERR_EVP_R_MISSING_PARAMETERS 0x80025067
+#define TEE_ERR_EVP_R_NOT_XOF_OR_INVALID_LENGTH 0x800250b2
+#define TEE_ERR_EVP_R_NO_CIPHER_SET 0x80025083
+#define TEE_ERR_EVP_R_NO_DEFAULT_DIGEST 0x8002509e
+#define TEE_ERR_EVP_R_NO_DIGEST_SET 0x8002508b
+#define TEE_ERR_EVP_R_NO_KEY_SET 0x8002509a
+#define TEE_ERR_EVP_R_NO_OPERATION_SET 0x80025095
+#define TEE_ERR_EVP_R_ONLY_ONESHOT_SUPPORTED 0x800250b1
+#define TEE_ERR_EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 0x80025096
+#define TEE_ERR_EVP_R_OPERATON_NOT_INITIALIZED 0x80025097
+#define TEE_ERR_EVP_R_PARTIALLY_OVERLAPPING 0x800250a2
+#define TEE_ERR_EVP_R_PBKDF2_ERROR 0x800250b5
+#define TEE_ERR_EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 0x800250b3
+#define TEE_ERR_EVP_R_PRIVATE_KEY_DECODE_ERROR 0x80025091
+#define TEE_ERR_EVP_R_PRIVATE_KEY_ENCODE_ERROR 0x80025092
+#define TEE_ERR_EVP_R_PUBLIC_KEY_NOT_RSA 0x8002506a
+#define TEE_ERR_EVP_R_UNKNOWN_CIPHER 0x800250a0
+#define TEE_ERR_EVP_R_UNKNOWN_DIGEST 0x800250a1
+#define TEE_ERR_EVP_R_UNKNOWN_OPTION 0x800250a9
+#define TEE_ERR_EVP_R_UNKNOWN_PBE_ALGORITHM 0x80025079
+#define TEE_ERR_EVP_R_UNSUPPORTED_ALGORITHM 0x8002509c
+#define TEE_ERR_EVP_R_UNSUPPORTED_CIPHER 0x8002506b
+#define TEE_ERR_EVP_R_UNSUPPORTED_KEYLENGTH 0x8002507b
+#define TEE_ERR_EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 0x8002507c
+#define TEE_ERR_EVP_R_UNSUPPORTED_KEY_SIZE 0x8002506c
+#define TEE_ERR_EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 0x80025087
+#define TEE_ERR_EVP_R_UNSUPPORTED_PRF 0x8002507d
+#define TEE_ERR_EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 0x80025076
+#define TEE_ERR_EVP_R_UNSUPPORTED_SALT_TYPE 0x8002507e
+#define TEE_ERR_EVP_R_WRAP_MODE_NOT_ALLOWED 0x800250aa
+#define TEE_ERR_EVP_R_WRONG_FINAL_BLOCK_LENGTH 0x8002506d
+#define TEE_ERR_EVP_R_XTS_DUPLICATED_KEYS 0x800250b7
+
+/* for pem lib err */
+#define TEE_ERR_PEM_R_BAD_BASE64_DECODE 0x80026064
+#define TEE_ERR_PEM_R_BAD_DECRYPT 0x80026065
+#define TEE_ERR_PEM_R_BAD_END_LINE 0x80026066
+#define TEE_ERR_PEM_R_BAD_IV_CHARS 0x80026067
+#define TEE_ERR_PEM_R_BAD_MAGIC_NUMBER 0x80026074
+#define TEE_ERR_PEM_R_BAD_PASSWORD_READ 0x80026068
+#define TEE_ERR_PEM_R_BAD_VERSION_NUMBER 0x80026075
+#define TEE_ERR_PEM_R_BIO_WRITE_FAILURE 0x80026076
+#define TEE_ERR_PEM_R_CIPHER_IS_NULL 0x8002607f
+#define TEE_ERR_PEM_R_ERROR_CONVERTING_PRIVATE_KEY 0x80026073
+#define TEE_ERR_PEM_R_EXPECTING_PRIVATE_KEY_BLOB 0x80026077
+#define TEE_ERR_PEM_R_EXPECTING_PUBLIC_KEY_BLOB 0x80026078
+#define TEE_ERR_PEM_R_HEADER_TOO_LONG 0x80026080
+#define TEE_ERR_PEM_R_INCONSISTENT_HEADER 0x80026079
+#define TEE_ERR_PEM_R_KEYBLOB_HEADER_PARSE_ERROR 0x8002607a
+#define TEE_ERR_PEM_R_KEYBLOB_TOO_SHORT 0x8002607b
+#define TEE_ERR_PEM_R_MISSING_DEK_IV 0x80026081
+#define TEE_ERR_PEM_R_NOT_DEK_INFO 0x80026069
+#define TEE_ERR_PEM_R_NOT_ENCRYPTED 0x8002606a
+#define TEE_ERR_PEM_R_NOT_PROC_TYPE 0x8002606b
+#define TEE_ERR_PEM_R_NO_START_LINE 0x8002606c
+#define TEE_ERR_PEM_R_PROBLEMS_GETTING_PASSWORD 0x8002606d
+#define TEE_ERR_PEM_R_PVK_DATA_TOO_SHORT 0x8002607c
+#define TEE_ERR_PEM_R_PVK_TOO_SHORT 0x8002607d
+#define TEE_ERR_PEM_R_READ_KEY 0x8002606f
+#define TEE_ERR_PEM_R_SHORT_HEADER 0x80026070
+#define TEE_ERR_PEM_R_UNEXPECTED_DEK_IV 0x80026082
+#define TEE_ERR_PEM_R_UNSUPPORTED_CIPHER 0x80026071
+#define TEE_ERR_PEM_R_UNSUPPORTED_ENCRYPTION 0x80026072
+#define TEE_ERR_PEM_R_UNSUPPORTED_KEY_COMPONENTS 0x8002607e
+
+/* for x509 lib err */
+#define TEE_ERR_X509_R_AKID_MISMATCH 0x8002706e
+#define TEE_ERR_X509_R_BAD_SELECTOR 0x80027085
+#define TEE_ERR_X509_R_BAD_X509_FILETYPE 0x80027064
+#define TEE_ERR_X509_R_BASE64_DECODE_ERROR 0x80027076
+#define TEE_ERR_X509_R_CANT_CHECK_DH_KEY 0x80027072
+#define TEE_ERR_X509_R_CERT_ALREADY_IN_HASH_TABLE 0x80027065
+#define TEE_ERR_X509_R_CRL_ALREADY_DELTA 0x8002707f
+#define TEE_ERR_X509_R_CRL_VERIFY_FAILURE 0x80027083
+#define TEE_ERR_X509_R_IDP_MISMATCH 0x80027080
+#define TEE_ERR_X509_R_INVALID_ATTRIBUTES 0x8002708a
+#define TEE_ERR_X509_R_INVALID_DIRECTORY 0x80027071
+#define TEE_ERR_X509_R_INVALID_FIELD_NAME 0x80027077
+#define TEE_ERR_X509_R_INVALID_TRUST 0x8002707b
+#define TEE_ERR_X509_R_ISSUER_MISMATCH 0x80027081
+#define TEE_ERR_X509_R_KEY_TYPE_MISMATCH 0x80027073
+#define TEE_ERR_X509_R_KEY_VALUES_MISMATCH 0x80027074
+#define TEE_ERR_X509_R_LOADING_CERT_DIR 0x80027067
+#define TEE_ERR_X509_R_LOADING_DEFAULTS 0x80027068
+#define TEE_ERR_X509_R_METHOD_NOT_SUPPORTED 0x8002707c
+#define TEE_ERR_X509_R_NAME_TOO_LONG 0x80027086
+#define TEE_ERR_X509_R_NEWER_CRL_NOT_NEWER 0x80027084
+#define TEE_ERR_X509_R_NO_CERTIFICATE_FOUND 0x80027087
+#define TEE_ERR_X509_R_NO_CERTIFICATE_OR_CRL_FOUND 0x80027088
+#define TEE_ERR_X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 0x80027069
+#define TEE_ERR_X509_R_NO_CRL_FOUND 0x80027089
+#define TEE_ERR_X509_R_NO_CRL_NUMBER 0x80027082
+#define TEE_ERR_X509_R_PUBLIC_KEY_DECODE_ERROR 0x8002707d
+#define TEE_ERR_X509_R_PUBLIC_KEY_ENCODE_ERROR 0x8002707e
+#define TEE_ERR_X509_R_SHOULD_RETRY 0x8002706a
+#define TEE_ERR_X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 0x8002706b
+#define TEE_ERR_X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 0x8002706c
+#define TEE_ERR_X509_R_UNKNOWN_KEY_TYPE 0x80027075
+#define TEE_ERR_X509_R_UNKNOWN_NID 0x8002706d
+#define TEE_ERR_X509_R_UNKNOWN_PURPOSE_ID 0x80027079
+#define TEE_ERR_X509_R_UNKNOWN_TRUST_ID 0x80027078
+#define TEE_ERR_X509_R_UNSUPPORTED_ALGORITHM 0x8002706f
+#define TEE_ERR_X509_R_WRONG_LOOKUP_TYPE 0x80027070
+#define TEE_ERR_X509_R_WRONG_TYPE 0x8002707a
+
+/* for asn1 lib err */
+#define TEE_ERR_ASN1_R_ADDING_OBJECT 0x800280ab
+#define TEE_ERR_ASN1_R_ASN1_PARSE_ERROR 0x800280cb
+#define TEE_ERR_ASN1_R_ASN1_SIG_PARSE_ERROR 0x800280cc
+#define TEE_ERR_ASN1_R_AUX_ERROR 0x80028064
+#define TEE_ERR_ASN1_R_BAD_OBJECT_HEADER 0x80028066
+#define TEE_ERR_ASN1_R_BMPSTRING_IS_WRONG_LENGTH 0x800280d6
+#define TEE_ERR_ASN1_R_BN_LIB 0x80028069
+#define TEE_ERR_ASN1_R_BOOLEAN_IS_WRONG_LENGTH 0x8002806a
+#define TEE_ERR_ASN1_R_BUFFER_TOO_SMALL 0x8002806b
+#define TEE_ERR_ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 0x8002806c
+#define TEE_ERR_ASN1_R_CONTEXT_NOT_INITIALISED 0x800280d9
+#define TEE_ERR_ASN1_R_DATA_IS_WRONG 0x8002806d
+#define TEE_ERR_ASN1_R_DECODE_ERROR 0x8002806e
+#define TEE_ERR_ASN1_R_DEPTH_EXCEEDED 0x800280ae
+#define TEE_ERR_ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 0x800280c6
+#define TEE_ERR_ASN1_R_ENCODE_ERROR 0x80028070
+#define TEE_ERR_ASN1_R_ERROR_GETTING_TIME 0x800280ad
+#define TEE_ERR_ASN1_R_ERROR_LOADING_SECTION 0x800280ac
+#define TEE_ERR_ASN1_R_ERROR_SETTING_CIPHER_PARAMS 0x80028072
+#define TEE_ERR_ASN1_R_EXPECTING_AN_INTEGER 0x80028073
+#define TEE_ERR_ASN1_R_EXPECTING_AN_OBJECT 0x80028074
+#define TEE_ERR_ASN1_R_EXPLICIT_LENGTH_MISMATCH 0x80028077
+#define TEE_ERR_ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 0x80028078
+#define TEE_ERR_ASN1_R_FIELD_MISSING 0x80028079
+#define TEE_ERR_ASN1_R_FIRST_NUM_TOO_LARGE 0x8002807a
+#define TEE_ERR_ASN1_R_HEADER_TOO_LONG 0x8002807b
+#define TEE_ERR_ASN1_R_ILLEGAL_BITSTRING_FORMAT 0x800280af
+#define TEE_ERR_ASN1_R_ILLEGAL_BOOLEAN 0x800280b0
+#define TEE_ERR_ASN1_R_ILLEGAL_CHARACTERS 0x8002807c
+#define TEE_ERR_ASN1_R_ILLEGAL_FORMAT 0x800280b1
+#define TEE_ERR_ASN1_R_ILLEGAL_HEX 0x800280b2
+#define TEE_ERR_ASN1_R_ILLEGAL_IMPLICIT_TAG 0x800280b3
+#define TEE_ERR_ASN1_R_ILLEGAL_INTEGER 0x800280b4
+#define TEE_ERR_ASN1_R_ILLEGAL_NEGATIVE_VALUE 0x800280e2
+#define TEE_ERR_ASN1_R_ILLEGAL_NESTED_TAGGING 0x800280b5
+#define TEE_ERR_ASN1_R_ILLEGAL_NULL 0x8002807d
+#define TEE_ERR_ASN1_R_ILLEGAL_NULL_VALUE 0x800280b6
+#define TEE_ERR_ASN1_R_ILLEGAL_OBJECT 0x800280b7
+#define TEE_ERR_ASN1_R_ILLEGAL_OPTIONAL_ANY 0x8002807e
+#define TEE_ERR_ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 0x800280aa
+#define TEE_ERR_ASN1_R_ILLEGAL_PADDING 0x800280dd
+#define TEE_ERR_ASN1_R_ILLEGAL_TAGGED_ANY 0x8002807f
+#define TEE_ERR_ASN1_R_ILLEGAL_TIME_VALUE 0x800280b8
+#define TEE_ERR_ASN1_R_ILLEGAL_ZERO_CONTENT 0x800280de
+#define TEE_ERR_ASN1_R_INTEGER_NOT_ASCII_FORMAT 0x800280b9
+#define TEE_ERR_ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 0x80028080
+#define TEE_ERR_ASN1_R_INVALID_BIT_STRING_BITS_LEFT 0x800280dc
+#define TEE_ERR_ASN1_R_INVALID_BMPSTRING_LENGTH 0x80028081
+#define TEE_ERR_ASN1_R_INVALID_DIGIT 0x80028082
+#define TEE_ERR_ASN1_R_INVALID_MIME_TYPE 0x800280cd
+#define TEE_ERR_ASN1_R_INVALID_MODIFIER 0x800280ba
+#define TEE_ERR_ASN1_R_INVALID_NUMBER 0x800280bb
+#define TEE_ERR_ASN1_R_INVALID_OBJECT_ENCODING 0x800280d8
+#define TEE_ERR_ASN1_R_INVALID_SCRYPT_PARAMETERS 0x800280e3
+#define TEE_ERR_ASN1_R_INVALID_SEPARATOR 0x80028083
+#define TEE_ERR_ASN1_R_INVALID_STRING_TABLE_VALUE 0x800280da
+#define TEE_ERR_ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 0x80028085
+#define TEE_ERR_ASN1_R_INVALID_UTF8STRING 0x80028086
+#define TEE_ERR_ASN1_R_INVALID_VALUE 0x800280db
+#define TEE_ERR_ASN1_R_LIST_ERROR 0x800280bc
+#define TEE_ERR_ASN1_R_MIME_NO_CONTENT_TYPE 0x800280ce
+#define TEE_ERR_ASN1_R_MIME_PARSE_ERROR 0x800280cf
+#define TEE_ERR_ASN1_R_MIME_SIG_PARSE_ERROR 0x800280d0
+#define TEE_ERR_ASN1_R_MISSING_EOC 0x80028089
+#define TEE_ERR_ASN1_R_MISSING_SECOND_NUMBER 0x8002808a
+#define TEE_ERR_ASN1_R_MISSING_VALUE 0x800280bd
+#define TEE_ERR_ASN1_R_MSTRING_NOT_UNIVERSAL 0x8002808b
+#define TEE_ERR_ASN1_R_MSTRING_WRONG_TAG 0x8002808c
+#define TEE_ERR_ASN1_R_NESTED_ASN1_STRING 0x800280c5
+#define TEE_ERR_ASN1_R_NESTED_TOO_DEEP 0x800280c9
+#define TEE_ERR_ASN1_R_NON_HEX_CHARACTERS 0x8002808d
+#define TEE_ERR_ASN1_R_NOT_ASCII_FORMAT 0x800280be
+#define TEE_ERR_ASN1_R_NOT_ENOUGH_DATA 0x8002808e
+#define TEE_ERR_ASN1_R_NO_CONTENT_TYPE 0x800280d1
+#define TEE_ERR_ASN1_R_NO_MATCHING_CHOICE_TYPE 0x8002808f
+#define TEE_ERR_ASN1_R_NO_MULTIPART_BODY_FAILURE 0x800280d2
+#define TEE_ERR_ASN1_R_NO_MULTIPART_BOUNDARY 0x800280d3
+#define TEE_ERR_ASN1_R_NO_SIG_CONTENT_TYPE 0x800280d4
+#define TEE_ERR_ASN1_R_NULL_IS_WRONG_LENGTH 0x80028090
+#define TEE_ERR_ASN1_R_OBJECT_NOT_ASCII_FORMAT 0x800280bf
+#define TEE_ERR_ASN1_R_ODD_NUMBER_OF_CHARS 0x80028091
+#define TEE_ERR_ASN1_R_SECOND_NUMBER_TOO_LARGE 0x80028093
+#define TEE_ERR_ASN1_R_SEQUENCE_LENGTH_MISMATCH 0x80028094
+#define TEE_ERR_ASN1_R_SEQUENCE_NOT_CONSTRUCTED 0x80028095
+#define TEE_ERR_ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 0x800280c0
+#define TEE_ERR_ASN1_R_SHORT_LINE 0x80028096
+#define TEE_ERR_ASN1_R_SIG_INVALID_MIME_TYPE 0x800280d5
+#define TEE_ERR_ASN1_R_STREAMING_NOT_SUPPORTED 0x800280ca
+#define TEE_ERR_ASN1_R_STRING_TOO_LONG 0x80028097
+#define TEE_ERR_ASN1_R_STRING_TOO_SHORT 0x80028098
+#define TEE_ERR_ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 0x8002809a
+#define TEE_ERR_ASN1_R_TIME_NOT_ASCII_FORMAT 0x800280c1
+#define TEE_ERR_ASN1_R_TOO_LARGE 0x800280df
+#define TEE_ERR_ASN1_R_TOO_LONG 0x8002809b
+#define TEE_ERR_ASN1_R_TOO_SMALL 0x800280e0
+#define TEE_ERR_ASN1_R_TYPE_NOT_CONSTRUCTED 0x8002809c
+#define TEE_ERR_ASN1_R_TYPE_NOT_PRIMITIVE 0x800280c3
+#define TEE_ERR_ASN1_R_UNEXPECTED_EOC 0x8002809f
+#define TEE_ERR_ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 0x800280d7
+#define TEE_ERR_ASN1_R_UNKNOWN_FORMAT 0x800280a0
+#define TEE_ERR_ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 0x800280a1
+#define TEE_ERR_ASN1_R_UNKNOWN_OBJECT_TYPE 0x800280a2
+#define TEE_ERR_ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 0x800280a3
+#define TEE_ERR_ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 0x800280c7
+#define TEE_ERR_ASN1_R_UNKNOWN_TAG 0x800280c2
+#define TEE_ERR_ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 0x800280a4
+#define TEE_ERR_ASN1_R_UNSUPPORTED_CIPHER 0x800280e4
+#define TEE_ERR_ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 0x800280a7
+#define TEE_ERR_ASN1_R_UNSUPPORTED_TYPE 0x800280c4
+#define TEE_ERR_ASN1_R_WRONG_INTEGER_TYPE 0x800280e1
+#define TEE_ERR_ASN1_R_WRONG_PUBLIC_KEY_TYPE 0x800280c8
+#define TEE_ERR_ASN1_R_WRONG_TAG 0x800280a8
+
+/* for crypto lib err */
+#define TEE_ERR_CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 0x80029065
+#define TEE_ERR_CRYPTO_R_ILLEGAL_HEX_DIGIT 0x80029066
+#define TEE_ERR_CRYPTO_R_ODD_NUMBER_OF_DIGITS 0x80029067
+
+/* for ec lib err */
+#define TEE_ERR_EC_R_ASN1_ERROR 0x8002a073
+#define TEE_ERR_EC_R_BAD_SIGNATURE 0x8002a09c
+#define TEE_ERR_EC_R_BIGNUM_OUT_OF_RANGE 0x8002a090
+#define TEE_ERR_EC_R_BUFFER_TOO_SMALL 0x8002a064
+#define TEE_ERR_EC_R_CANNOT_INVERT 0x8002a0a5
+#define TEE_ERR_EC_R_COORDINATES_OUT_OF_RANGE 0x8002a092
+#define TEE_ERR_EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 0x8002a0a0
+#define TEE_ERR_EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 0x8002a09f
+#define TEE_ERR_EC_R_D2I_ECPKPARAMETERS_FAILURE 0x8002a075
+#define TEE_ERR_EC_R_DECODE_ERROR 0x8002a08e
+#define TEE_ERR_EC_R_DISCRIMINANT_IS_ZERO 0x8002a076
+#define TEE_ERR_EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 0x8002a077
+#define TEE_ERR_EC_R_FIELD_TOO_LARGE 0x8002a08f
+#define TEE_ERR_EC_R_GF2M_NOT_SUPPORTED 0x8002a093
+#define TEE_ERR_EC_R_GROUP2PKPARAMETERS_FAILURE 0x8002a078
+#define TEE_ERR_EC_R_I2D_ECPKPARAMETERS_FAILURE 0x8002a079
+#define TEE_ERR_EC_R_INCOMPATIBLE_OBJECTS 0x8002a065
+#define TEE_ERR_EC_R_INVALID_ARGUMENT 0x8002a070
+#define TEE_ERR_EC_R_INVALID_COMPRESSED_POINT 0x8002a06e
+#define TEE_ERR_EC_R_INVALID_COMPRESSION_BIT 0x8002a06d
+#define TEE_ERR_EC_R_INVALID_CURVE 0x8002a08d
+#define TEE_ERR_EC_R_INVALID_DIGEST 0x8002a097
+#define TEE_ERR_EC_R_INVALID_DIGEST_TYPE 0x8002a08a
+#define TEE_ERR_EC_R_INVALID_ENCODING 0x8002a066
+#define TEE_ERR_EC_R_INVALID_FIELD 0x8002a067
+#define TEE_ERR_EC_R_INVALID_FORM 0x8002a068
+#define TEE_ERR_EC_R_INVALID_GROUP_ORDER 0x8002a07a
+#define TEE_ERR_EC_R_INVALID_KEY 0x8002a074
+#define TEE_ERR_EC_R_INVALID_OUTPUT_LENGTH 0x8002a0a1
+#define TEE_ERR_EC_R_INVALID_PEER_KEY 0x8002a085
+#define TEE_ERR_EC_R_INVALID_PENTANOMIAL_BASIS 0x8002a084
+#define TEE_ERR_EC_R_INVALID_PRIVATE_KEY 0x8002a07b
+#define TEE_ERR_EC_R_INVALID_TRINOMIAL_BASIS 0x8002a089
+#define TEE_ERR_EC_R_KDF_PARAMETER_ERROR 0x8002a094
+#define TEE_ERR_EC_R_KEYS_NOT_SET 0x8002a08c
+#define TEE_ERR_EC_R_LADDER_POST_FAILURE 0x8002a088
+#define TEE_ERR_EC_R_LADDER_PRE_FAILURE 0x8002a099
+#define TEE_ERR_EC_R_LADDER_STEP_FAILURE 0x8002a0a2
+#define TEE_ERR_EC_R_MISSING_PARAMETERS 0x8002a07c
+#define TEE_ERR_EC_R_MISSING_PRIVATE_KEY 0x8002a07d
+#define TEE_ERR_EC_R_NEED_NEW_SETUP_VALUES 0x8002a09d
+#define TEE_ERR_EC_R_NOT_A_NIST_PRIME 0x8002a087
+#define TEE_ERR_EC_R_NOT_IMPLEMENTED 0x8002a07e
+#define TEE_ERR_EC_R_NOT_INITIALIZED 0x8002a06f
+#define TEE_ERR_EC_R_NO_PARAMETERS_SET 0x8002a08b
+#define TEE_ERR_EC_R_NO_PRIVATE_VALUE 0x8002a09a
+#define TEE_ERR_EC_R_OPERATION_NOT_SUPPORTED 0x8002a098
+#define TEE_ERR_EC_R_PASSED_NULL_PARAMETER 0x8002a086
+#define TEE_ERR_EC_R_PEER_KEY_ERROR 0x8002a095
+#define TEE_ERR_EC_R_PKPARAMETERS2GROUP_FAILURE 0x8002a07f
+#define TEE_ERR_EC_R_POINT_ARITHMETIC_FAILURE 0x8002a09b
+#define TEE_ERR_EC_R_POINT_AT_INFINITY 0x8002a06a
+#define TEE_ERR_EC_R_POINT_COORDINATES_BLIND_FAILURE 0x8002a0a3
+#define TEE_ERR_EC_R_POINT_IS_NOT_ON_CURVE 0x8002a06b
+#define TEE_ERR_EC_R_RANDOM_NUMBER_GENERATION_FAILED 0x8002a09e
+#define TEE_ERR_EC_R_SHARED_INFO_ERROR 0x8002a096
+#define TEE_ERR_EC_R_SLOT_FULL 0x8002a06c
+#define TEE_ERR_EC_R_UNDEFINED_GENERATOR 0x8002a071
+#define TEE_ERR_EC_R_UNDEFINED_ORDER 0x8002a080
+#define TEE_ERR_EC_R_UNKNOWN_COFACTOR 0x8002a0a4
+#define TEE_ERR_EC_R_UNKNOWN_GROUP 0x8002a081
+#define TEE_ERR_EC_R_UNKNOWN_ORDER 0x8002a072
+#define TEE_ERR_EC_R_UNSUPPORTED_FIELD 0x8002a083
+#define TEE_ERR_EC_R_WRONG_CURVE_PARAMETERS 0x8002a091
+#define TEE_ERR_EC_R_WRONG_ORDER 0x8002a082
+
+/* for pkcs7 lib err */
+#define TEE_ERR_PKCS7_R_CERTIFICATE_VERIFY_ERROR 0x8002b075
+#define TEE_ERR_PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 0x8002b090
+#define TEE_ERR_PKCS7_R_CIPHER_NOT_INITIALIZED 0x8002b074
+#define TEE_ERR_PKCS7_R_CONTENT_AND_DATA_PRESENT 0x8002b076
+#define TEE_ERR_PKCS7_R_CTRL_ERROR 0x8002b098
+#define TEE_ERR_PKCS7_R_DECRYPT_ERROR 0x8002b077
+#define TEE_ERR_PKCS7_R_DIGEST_FAILURE 0x8002b065
+#define TEE_ERR_PKCS7_R_ENCRYPTION_CTRL_FAILURE 0x8002b095
+#define TEE_ERR_PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 0x8002b096
+#define TEE_ERR_PKCS7_R_ERROR_ADDING_RECIPIENT 0x8002b078
+#define TEE_ERR_PKCS7_R_ERROR_SETTING_CIPHER 0x8002b079
+#define TEE_ERR_PKCS7_R_INVALID_NULL_POINTER 0x8002b08f
+#define TEE_ERR_PKCS7_R_INVALID_SIGNED_DATA_TYPE 0x8002b09b
+#define TEE_ERR_PKCS7_R_NO_CONTENT 0x8002b07a
+#define TEE_ERR_PKCS7_R_NO_DEFAULT_DIGEST 0x8002b097
+#define TEE_ERR_PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 0x8002b09a
+#define TEE_ERR_PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 0x8002b073
+#define TEE_ERR_PKCS7_R_NO_SIGNATURES_ON_DATA 0x8002b07b
+#define TEE_ERR_PKCS7_R_NO_SIGNERS 0x8002b08e
+#define TEE_ERR_PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 0x8002b068
+#define TEE_ERR_PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 0x8002b07c
+#define TEE_ERR_PKCS7_R_PKCS7_ADD_SIGNER_ERROR 0x8002b099
+#define TEE_ERR_PKCS7_R_PKCS7_DATASIGN 0x8002b091
+#define TEE_ERR_PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 0x8002b07f
+#define TEE_ERR_PKCS7_R_SIGNATURE_FAILURE 0x8002b069
+#define TEE_ERR_PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 0x8002b080
+#define TEE_ERR_PKCS7_R_SIGNING_CTRL_FAILURE 0x8002b093
+#define TEE_ERR_PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 0x8002b094
+#define TEE_ERR_PKCS7_R_SMIME_TEXT_ERROR 0x8002b081
+#define TEE_ERR_PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 0x8002b06a
+#define TEE_ERR_PKCS7_R_UNABLE_TO_FIND_MEM_BIO 0x8002b06b
+#define TEE_ERR_PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 0x8002b06c
+#define TEE_ERR_PKCS7_R_UNKNOWN_DIGEST_TYPE 0x8002b06d
+#define TEE_ERR_PKCS7_R_UNKNOWN_OPERATION 0x8002b06e
+#define TEE_ERR_PKCS7_R_UNSUPPORTED_CIPHER_TYPE 0x8002b06f
+#define TEE_ERR_PKCS7_R_UNSUPPORTED_CONTENT_TYPE 0x8002b070
+#define TEE_ERR_PKCS7_R_WRONG_CONTENT_TYPE 0x8002b071
+#define TEE_ERR_PKCS7_R_WRONG_PKCS7_TYPE 0x8002b072
+
+#endif
diff --git a/include/TA/huawei_ext/tee_ra_api.h b/include/TA/huawei_ext/tee_ra_api.h
new file mode 100644
index 0000000..85c56dc
--- /dev/null
+++ b/include/TA/huawei_ext/tee_ra_api.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: API of TCMGR service.
+ */
+#ifndef TCMGR_SERVICE_TEE_RA_API_H
+#define TCMGR_SERVICE_TEE_RA_API_H
+#include <tee_defines.h>
+#include "qsi_data_structure.h"
+
+TEE_Result ra_seal(uint8_t *data, size_t in_size, uint8_t *cipher_data, size_t *cipher_size, uint32_t alg);
+TEE_Result ra_unseal(uint8_t *cipher_data, size_t cipher_size, uint8_t *data, size_t *out_size, uint32_t alg);
+TEE_Result ra_local_report(struct ra_buffer_data *in, struct ra_buffer_data *out);
+TEE_Result ra_qsi_invoke(struct ra_buffer_data *in, struct ra_buffer_data *out);
+
+#endif
diff --git a/include/TA/pthread_attr.h b/include/TA/pthread_attr.h
new file mode 100644
index 0000000..90ac946
--- /dev/null
+++ b/include/TA/pthread_attr.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: phtread attribution declared
+ */
+#ifndef PTHREAD_ATTR_H
+#define PTHREAD_ATTR_H
+
+#define TEESMP_THREAD_ATTR_CA_WILDCARD 0
+#define TEESMP_THREAD_ATTR_CA_INHERIT (-1U)
+#define TEESMP_THREAD_ATTR_TASK_ID_INHERIT (-1U)
+#define TEESMP_THREAD_ATTR_HAS_SHADOW 0x1
+#define TEESMP_THREAD_ATTR_NO_SHADOW 0x0
+
+#endif
diff --git a/include/TA/tee_arith_api.h b/include/TA/tee_arith_api.h
index 76ca0b0..313359a 100755
--- a/include/TA/tee_arith_api.h
+++ b/include/TA/tee_arith_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2012-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,16 +8,13 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: tee crypto definitions
*/
#ifndef TEE_ARITH_API_H
#define TEE_ARITH_API_H
-#include "tee_defines.h"
-
-#ifndef API_LEVEL
-#define API_LEVEL API_LEVEL1_0
-#endif
+#include <tee_defines.h>
/*
* below definitions are defined by Global Platform
@@ -69,7 +66,7 @@ void TEE_BigIntInit(TEE_BigInt *bigInt, size_t len);
*/
void TEE_BigIntInitFMMContext(TEE_BigIntFMMContext *context, size_t len, const TEE_BigInt *modulus);
-#if (API_LEVEL >= API_LEVEL1_1_1)
+#if defined(API_LEVEL) && defined(API_LEVEL1_1_1) && (API_LEVEL >= API_LEVEL1_1_1)
/*
* calculates the necessary prerequisites for the fast modular multiplication and stores them in a context.
@@ -82,7 +79,7 @@ void TEE_BigIntInitFMMContext(TEE_BigIntFMMContext *context, size_t len, const T
* @return other failed
*/
TEE_Result TEE_BigIntInitFMMContext1(TEE_BigIntFMMContext *context, size_t len, const TEE_BigInt *modulus);
-#endif // API_LEVEL
+#endif /* API_LEVEL */
/*
* initializes bigIntFMM and sets its represented value to zero.
@@ -194,7 +191,7 @@ bool TEE_BigIntGetBit(const TEE_BigInt *src, uint32_t bitIndex);
*/
uint32_t TEE_BigIntGetBitCount(const TEE_BigInt *src);
-#if (API_LEVEL >= API_LEVEL1_2)
+#if defined(API_LEVEL) && defined(API_LEVEL1_2) && (API_LEVEL >= API_LEVEL1_2)
/*
* sets the bitIndexth bit of the natural binary representation of |op| to 1 or 0
*
@@ -228,7 +225,7 @@ TEE_Result TEE_BigIntAssign(TEE_BigInt *dest, const TEE_BigInt *src);
* @return #TEE_ERROR_OVERFLOW In case the dest operand cannot hold the value of |src|
*/
TEE_Result TEE_BigIntAbs(TEE_BigInt *dest, const TEE_BigInt *src);
-#endif // API_LEVEL
+#endif /* API_LEVEL */
/*
* computes dest = op1 + op2
@@ -253,14 +250,14 @@ void TEE_BigIntAdd(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op
void TEE_BigIntSub(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2);
/*
- * negates an operand: dest = -op
+ * negates an operand: dest = -src
*
- * @param dest [OUT] PPointer to TEE_BigInt to store the result -op
+ * @param dest [OUT] PPointer to TEE_BigInt to store the result -src
* @param op [IN] Pointer to the operand to be negated
*
* @return void
*/
-void TEE_BigIntNeg(TEE_BigInt *dest, const TEE_BigInt *op);
+void TEE_BigIntNeg(TEE_BigInt *dest, const TEE_BigInt *src);
/*
* computes dest = op1 * op2
@@ -441,7 +438,7 @@ void TEE_BigIntConvertFromFMM(TEE_BigInt *dest, const TEE_BigIntFMM *src, const
void TEE_BigIntComputeFMM(TEE_BigIntFMM *dest, const TEE_BigIntFMM *op1, const TEE_BigIntFMM *op2, const TEE_BigInt *n,
const TEE_BigIntFMMContext *context);
-#if (API_LEVEL >= API_LEVEL1_1_1)
+#if defined(API_LEVEL) && defined(API_LEVEL1_1_1) && (API_LEVEL >= API_LEVEL1_1_1)
/*
* computes dest = (op1 ^ op2) (mod n).
*
@@ -456,7 +453,7 @@ void TEE_BigIntComputeFMM(TEE_BigIntFMM *dest, const TEE_BigIntFMM *op1, const T
*/
TEE_Result TEE_BigIntExpMod(TEE_BigInt *des, TEE_BigInt *op1, const TEE_BigInt *op2, const TEE_BigInt *n,
TEE_BigIntFMMContext *context);
-#endif // API_LEVEL
+#endif /* API_LEVEL */
/*
* check whether n exists to make dest = (op1 ^ op2) (mod n).
diff --git a/include/TA/tee_core_api.h b/include/TA/tee_core_api.h
index c07be0b..eabf2ec 100644
--- a/include/TA/tee_core_api.h
+++ b/include/TA/tee_core_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,13 +8,14 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: tee core api definitions
*/
#ifndef __TEE_CORE_API_H
#define __TEE_CORE_API_H
#include "tee_defines.h"
-#ifndef _TEE_TA_SESSION_HANDLE
-#define _TEE_TA_SESSION_HANDLE
+#ifndef TEE_TA_SESSION_HANDLE
+#define TEE_TA_SESSION_HANDLE
typedef uint32_t TEE_TASessionHandle;
#endif
@@ -79,4 +80,5 @@ bool TEE_UnmaskCancellation(void);
/* not supported */
bool TEE_MaskCancellation(void);
+
#endif
diff --git a/include/TA/tee_crypto_api.h b/include/TA/tee_crypto_api.h
index c711d30..5abedf2 100644
--- a/include/TA/tee_crypto_api.h
+++ b/include/TA/tee_crypto_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,23 +8,24 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: tee crypto definitions
*/
#ifndef TEE_CRYPTO_API_H
#define TEE_CRYPTO_API_H
-#include "pthread.h" // pthread_mutex_t
-#include "tee_defines.h"
-#include "tee_mem_mgmt_api.h"
+#include <pthread.h> /* pthread_mutex_t */
+#include <tee_defines.h>
+#include <tee_mem_mgmt_api.h>
#ifndef NULL
#define NULL ((void *)0)
#endif
-#define TEE_MAX_KEY_SIZE_IN_BITS (1024 * 8)
-
-#define SW_RSA_KEYLEN 1024
+#define TEE_MAX_KEY_SIZE_IN_BITS (1024 * 8)
+#define SW_RSA_KEYLEN 1024
#define TEE_DH_MAX_SIZE_OF_OTHER_INFO 64 /* bytes */
+#define TEE_PARAM_COUNT_MAX 9
enum __TEE_Operation_Constants {
TEE_OPERATION_CIPHER = 0x1,
@@ -82,54 +83,59 @@ enum __tee_crypto_algorithm_id {
TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384 = 0x60213230,
TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512 = 0x60214230,
#endif
- TEE_ALG_RSA_NOPAD = 0x60000030,
- TEE_ALG_DSA_SHA1 = 0x70002131,
- TEE_ALG_DSA_SHA224 = 0x70003131,
- TEE_ALG_DSA_SHA256 = 0x70004131,
- TEE_ALG_DH_DERIVE_SHARED_SECRET = 0x80000032,
- TEE_ALG_MD5 = 0x50000001,
- TEE_ALG_SHA1 = 0x50000002,
- TEE_ALG_SHA224 = 0x50000003,
- TEE_ALG_SHA256 = 0x50000004,
- TEE_ALG_SHA384 = 0x50000005,
- TEE_ALG_SHA512 = 0x50000006,
- TEE_ALG_HMAC_MD5 = 0x30000001,
- TEE_ALG_HMAC_SHA1 = 0x30000002,
- TEE_ALG_HMAC_SHA224 = 0x30000003,
- TEE_ALG_HMAC_SHA256 = 0x30000004,
- TEE_ALG_HMAC_SHA384 = 0x30000005,
- TEE_ALG_HMAC_SHA512 = 0x30000006,
- TEE_ALG_HMAC_SM3 = 0x30000007,
- TEE_ALG_AES_ECB_PKCS5 = 0x10000020,
- TEE_ALG_AES_CBC_PKCS5 = 0x10000220,
- TEE_ALG_ECDSA_SHA1 = 0x70001042,
- TEE_ALG_ECDSA_SHA224 = 0x70002042,
- TEE_ALG_ECDSA_SHA256 = 0x70003042,
- TEE_ALG_ECDSA_SHA384 = 0x70004042,
- TEE_ALG_ECDSA_SHA512 = 0x70005042,
- TEE_ALG_ED25519 = 0x70005043,
- TEE_ALG_ECDH_DERIVE_SHARED_SECRET = 0x80000042,
- TEE_ALG_X25519 = 0x80000044,
- TEE_ALG_ECC = 0x80000001,
- TEE_ALG_ECDSA_P192 = 0x70001042,
- TEE_ALG_ECDSA_P224 = 0x70002042,
- TEE_ALG_ECDSA_P256 = 0x70003042,
- TEE_ALG_ECDSA_P384 = 0x70004042,
- TEE_ALG_ECDSA_P521 = 0x70005042,
- TEE_ALG_ECDH_P192 = 0x80001042,
- TEE_ALG_ECDH_P224 = 0x80002042,
- TEE_ALG_ECDH_P256 = 0x80003042,
- TEE_ALG_ECDH_P384 = 0x80004042,
- TEE_ALG_ECDH_P521 = 0x80005042,
- TEE_ALG_SM2_DSA_SM3 = 0x70006045,
- TEE_ALG_SM2_PKE = 0x80000045,
- TEE_ALG_SM3 = 0x50000007,
- TEE_ALG_SM4_ECB_NOPAD = 0x10000014,
- TEE_ALG_SM4_CBC_NOPAD = 0x10000114,
- TEE_ALG_SM4_CTR = 0x10000214,
- TEE_ALG_SM4_XTS = 0x10000414,
- TEE_ALG_SM4_OFB = 0x10000514,
- TEE_ALG_AES_OFB = 0x10000510,
+ TEE_ALG_RSA_NOPAD = 0x60000030,
+ TEE_ALG_DSA_SHA1 = 0x70002131,
+ TEE_ALG_DSA_SHA224 = 0x70003131,
+ TEE_ALG_DSA_SHA256 = 0x70004131,
+ TEE_ALG_DH_DERIVE_SHARED_SECRET = 0x80000032,
+ TEE_ALG_MD5 = 0x50000001,
+ TEE_ALG_SHA1 = 0x50000002,
+ TEE_ALG_SHA224 = 0x50000003,
+ TEE_ALG_SHA256 = 0x50000004,
+ TEE_ALG_SHA384 = 0x50000005,
+ TEE_ALG_SHA512 = 0x50000006,
+ TEE_ALG_HMAC_MD5 = 0x30000001,
+ TEE_ALG_HMAC_SHA1 = 0x30000002,
+ TEE_ALG_HMAC_SHA224 = 0x30000003,
+ TEE_ALG_HMAC_SHA256 = 0x30000004,
+ TEE_ALG_HMAC_SHA384 = 0x30000005,
+ TEE_ALG_HMAC_SHA512 = 0x30000006,
+ TEE_ALG_HMAC_SM3 = 0x30000007,
+ TEE_ALG_AES_ECB_PKCS5 = 0x10000020,
+ TEE_ALG_AES_CBC_PKCS5 = 0x10000220,
+ TEE_ALG_ECDSA_SHA1 = 0x70001042,
+ TEE_ALG_ECDSA_SHA224 = 0x70002042,
+ TEE_ALG_ECDSA_SHA256 = 0x70003042,
+ TEE_ALG_ECDSA_SHA384 = 0x70004042,
+ TEE_ALG_ECDSA_SHA512 = 0x70005042,
+ TEE_ALG_ED25519 = 0x70005043,
+ TEE_ALG_ECDH_DERIVE_SHARED_SECRET = 0x80000042,
+ TEE_ALG_X25519 = 0x80000044,
+ TEE_ALG_ECC = 0x80000001,
+ TEE_ALG_ECDSA_P192 = 0x70001042,
+ TEE_ALG_ECDSA_P224 = 0x70002042,
+ TEE_ALG_ECDSA_P256 = 0x70003042,
+ TEE_ALG_ECDSA_P384 = 0x70004042,
+ TEE_ALG_ECDSA_P521 = 0x70005042,
+ TEE_ALG_ECDH_P192 = 0x80001042,
+ TEE_ALG_ECDH_P224 = 0x80002042,
+ TEE_ALG_ECDH_P256 = 0x80003042,
+ TEE_ALG_ECDH_P384 = 0x80004042,
+ TEE_ALG_ECDH_P521 = 0x80005042,
+ TEE_ALG_SIP_HASH = 0xF0000002,
+ TEE_ALG_SM2_DSA_SM3 = 0x70006045,
+ TEE_ALG_SM2_PKE = 0x80000045,
+ TEE_ALG_SM3 = 0x50000007,
+ TEE_ALG_SM4_ECB_NOPAD = 0x10000014,
+ TEE_ALG_SM4_ECB_PKCS7 = 0x10000024,
+ TEE_ALG_SM4_CBC_NOPAD = 0x10000114,
+ TEE_ALG_SM4_CBC_PKCS7 = 0xF0000003,
+ TEE_ALG_SM4_CTR = 0x10000214,
+ TEE_ALG_SM4_CFB128 = 0xF0000000,
+ TEE_ALG_SM4_XTS = 0x10000414,
+ TEE_ALG_SM4_OFB = 0x10000514,
+ TEE_ALG_AES_OFB = 0x10000510,
+ TEE_ALG_SM4_GCM = 0xF0000005,
};
typedef enum __tee_crypto_algorithm_id tee_crypto_algorithm_id;
@@ -162,13 +168,13 @@ typedef enum {
} TEE_DH_OpMode_t;
typedef enum {
- TEE_DH_ASN1_DerivMode = 0, /* *< ASN1_DerivMode */
- TEE_DH_ConcatDerivMode = 1, /* *< ConcatDerivMode */
- TEE_DH_X963_DerivMode = TEE_DH_ConcatDerivMode, /* *< X963_DerivMode */
- TEE_DH_OMADRM_DerivMode = 2, /* *< OMADRM_DerivMode */
- TEE_DH_ISO18033_KDF1_DerivMode = 3, /* *< ISO18033_KDF1_DerivMode */
- TEE_DH_ISO18033_KDF2_DerivMode = 4, /* *< ISO18033_KDF2_DerivMode */
- TEE_DH_DerivFunc_NumOfModes, /* *< num of modes */
+ TEE_DH_ASN1_DerivMode = 0, /* ASN1_DerivMode */
+ TEE_DH_ConcatDerivMode = 1, /* ConcatDerivMode */
+ TEE_DH_X963_DerivMode = TEE_DH_ConcatDerivMode, /* X963_DerivMode */
+ TEE_DH_OMADRM_DerivMode = 2, /* OMADRM_DerivMode */
+ TEE_DH_ISO18033_KDF1_DerivMode = 3, /* ISO18033_KDF1_DerivMode */
+ TEE_DH_ISO18033_KDF2_DerivMode = 4, /* ISO18033_KDF2_DerivMode */
+ TEE_DH_DerivFunc_NumOfModes, /* num of modes */
} TEE_DH_DerivFuncMode;
enum __TEE_DK_ObjectAttribute {
@@ -242,9 +248,9 @@ typedef struct {
} TEE_OperationInfoMultiple;
struct __TEE_OperationHandle {
- uint32_t algorithm; /* *< #__TEE_CRYPTO_ALGORITHM_ID */
- uint32_t operationClass; /* *< #__TEE_Operation_Constants */
- uint32_t mode; /* *< #__TEE_OperationMode */
+ uint32_t algorithm; /* #__TEE_CRYPTO_ALGORITHM_ID */
+ uint32_t operationClass; /* #__TEE_Operation_Constants */
+ uint32_t mode; /* #__TEE_OperationMode */
uint32_t digestLength;
uint32_t maxKeySize;
uint32_t keySize;
@@ -261,12 +267,12 @@ struct __TEE_OperationHandle {
void *privateKey;
uint32_t privateKeyLen;
uint32_t IVLen;
- // start of DH
+ /* start of DH */
TEE_DH_OtherInfo *dh_otherinfo; /* #TEE_DH_OtherInfo */
uint32_t dh_hash_mode; /* #TEE_DH_HASH_Mode */
uint32_t dh_derive_func; /* #TEE_DH_DerivFuncMode */
uint32_t dh_op_mode; /* #TEE_DH_OpMode_t */
- // end of DH
+ /* end of DH */
pthread_mutex_t operation_lock;
void *hal_info;
};
@@ -306,7 +312,7 @@ typedef struct __TEE_ObjectHandle TEE_ObjectHandleVar;
* @param operation [IN/OUT] #TEE_OperationHandle
* @param algorithm [IN] #TEE_CRYPTO_ALGORITHM_ID
* @param mode [IN] #TEE_OperationMode
- * @param maxKeySize [IN] The max key size
+ * @param max_key_size [IN] The max key size
*
* @return TEE_SUCCESS succss
* @return TEE_ERROR_OUT_OF_MEMORY #TEE_OperationHandle malloc failed
@@ -314,7 +320,7 @@ typedef struct __TEE_ObjectHandle TEE_ObjectHandleVar;
* @return TEE_ERROR_GENERIC other failed
*/
TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, uint32_t algorithm, uint32_t mode,
- uint32_t maxKeySize);
+ uint32_t max_key_size);
/*
* free Operation handle
*
@@ -370,12 +376,12 @@ TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, const TEE_ObjectH
/*
* copy src operation to dest operation
*
- * @param dstOperation [IN/OUT] #TEE_OperationHandle
- * @param srcOperation [IN/OUT] #TEE_OperationHandle
+ * @param dst_operation [IN/OUT] #TEE_OperationHandle
+ * @param src_operation [IN/OUT] #TEE_OperationHandle
*
* @return void
*/
-void TEE_CopyOperation(TEE_OperationHandle dstOperation, const TEE_OperationHandle srcOperation);
+void TEE_CopyOperation(TEE_OperationHandle dst_operation, const TEE_OperationHandle src_operation);
/*
* init cipher context
@@ -430,11 +436,11 @@ TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, const void *srcData,
*/
#ifndef GP_SUPPORT
-#if (API_LEVEL >= 2)
+#if defined(API_LEVEL) && (API_LEVEL >= 2)
void TEE_DigestUpdate(TEE_OperationHandle operation, const void *chunk, size_t chunkSize);
#else
TEE_Result TEE_DigestUpdate(TEE_OperationHandle operation, const void *chunk, size_t chunkSize);
-#endif // API_LEVEL
+#endif /* API_LEVEL */
#else
void TEE_DigestUpdate(TEE_OperationHandle operation, const void *chunk, size_t chunkSize);
@@ -506,13 +512,13 @@ TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, const void *messag
*/
#ifndef GP_SUPPORT
-#if (API_LEVEL >= 2)
+#if defined(API_LEVEL) && (API_LEVEL >= 2)
TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, const void *message, size_t messageLen, const void *mac,
const size_t macLen);
#else
TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, const void *message, size_t messageLen, const void *mac,
const size_t *macLen);
-#endif // API_LEVEL
+#endif /* API_LEVEL */
#else
TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, const void *message, size_t messageLen, const void *mac,
@@ -687,7 +693,7 @@ TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, const TEE_Att
TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, const TEE_Attribute *params, uint32_t paramCount,
void *digest, size_t digestLen, void *signature, size_t signatureLen);
-#if (API_LEVEL >= 2)
+#if defined(API_LEVEL) && (API_LEVEL >= 2)
/*
* Get Operation Info multiple
@@ -702,9 +708,9 @@ TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, const TEE_A
*/
TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, TEE_OperationInfoMultiple *operationInfoMultiple,
const size_t *operationSize);
-#endif // API_LEVEL
+#endif /* API_LEVEL */
-#if (API_LEVEL >= 3)
+#if defined(API_LEVEL) && (API_LEVEL >= 2)
/*
* check whether the algorithm is sopported
@@ -716,6 +722,8 @@ TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, TEE_Opera
* @return TEE_ERROR_NOT_SUPPORTED not support
*/
TEE_Result TEE_IsAlgorithmSupported(uint32_t algId, uint32_t element);
-#endif // API_LEVEL
+
+TEE_Result TEE_IsHardWareSupportAlgorithm(uint32_t alg_type);
+#endif /* API_LEVEL */
#endif
diff --git a/include/TA/tee_defines.h b/include/TA/tee_defines.h
index 8fa7ada..6b24ff2 100755
--- a/include/TA/tee_defines.h
+++ b/include/TA/tee_defines.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,6 +8,7 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: Reference of TEE internal api and internal definitions
*/
#ifndef __TEE_DEFINES_H
@@ -16,6 +17,7 @@
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>
+#include <tee_uuid.h>
#ifndef TA_EXPORT
#define TA_EXPORT
@@ -28,17 +30,8 @@ typedef int *tee_mutex_handle;
#define API_LEVEL1_2 3
#define TEE_PARAMS_NUM 4
-#undef true
-#define true 1
-#undef false
-#define false 0
-
-#ifndef NULL
-#define NULL ((void *)0)
-#endif
-
-#define PARAM_NOT_USED(val) ((void)val)
+#define PARAM_NOT_USED(val) ((void)(val))
typedef union {
struct {
@@ -85,6 +78,9 @@ enum TEE_ParamType {
TEE_PARAM_TYPE_ION_INPUT = 0x8,
TEE_PARAM_TYPE_ION_SGLIST_INPUT = 0x9,
TEE_PARAM_TYPE_MEMREF_SHARED_INOUT = 0xa,
+ TEE_PARAM_TYPE_RESMEM_INPUT = 0xc,
+ TEE_PARAM_TYPE_RESMEM_OUTPUT = 0xd,
+ TEE_PARAM_TYPE_RESMEM_INOUT = 0xe,
};
#define S_VAR_NOT_USED(variable) \
@@ -150,6 +146,9 @@ enum TEE_ObjectAttribute {
TEE_ATTR_ED25519_PH = 0xF0000543,
TEE_ATTR_X25519_PUBLIC_VALUE = 0xD0000944,
TEE_ATTR_X25519_PRIVATE_VALUE = 0xC0000A44,
+ TEE_ATTR_PBKDF2_HMAC_PASSWORD = 0xD0000133,
+ TEE_ATTR_PBKDF2_HMAC_SALT = 0xD0000134,
+ TEE_ATTR_PBKDF2_HMAC_DIGEST = 0xF0000135,
};
enum TEE_ObjectType {
@@ -186,6 +185,8 @@ enum TEE_ObjectType {
TEE_TYPE_SM2_PKE_KEYPAIR = 0xA1000047,
TEE_TYPE_HMAC_SM3 = 0xA0000007,
TEE_TYPE_SM4 = 0xA0000014,
+ TEE_TYPE_SIP_HASH = 0xF0000002,
+ TEE_TYPE_PBKDF2_HMAC = 0xF0000004,
TEE_TYPE_CORRUPTED_OBJECT = 0xA00000BE,
};
@@ -206,130 +207,116 @@ struct __TEE_ObjectHandle {
};
typedef struct __TEE_ObjectHandle *TEE_ObjectHandle;
-#define NODE_LEN 8
-typedef struct tee_uuid {
- uint32_t timeLow;
- uint16_t timeMid;
- uint16_t timeHiAndVersion;
- uint8_t clockSeqAndNode[NODE_LEN];
-} TEE_UUID;
-
-typedef struct spawn_uuid {
- uint64_t uuid_valid;
- TEE_UUID uuid;
-} spawn_uuid_t;
-
enum TEE_Result_Value {
- TEE_SUCCESS = 0x0, /* success */
- TEE_ERROR_INVALID_CMD, /* command is invalid */
- TEE_ERROR_SERVICE_NOT_EXIST, /* service is not exist */
- TEE_ERROR_SESSION_NOT_EXIST, /* session is not exist */
- TEE_ERROR_SESSION_MAXIMUM, /* exceeds max session count */
- TEE_ERROR_REGISTER_EXIST_SERVICE, /* service already registered */
- TEE_ERROR_TARGET_DEAD_FATAL, /* internal error occurs */
- TEE_ERROR_READ_DATA, /* read data failed */
- TEE_ERROR_WRITE_DATA, /* write data failed */
- TEE_ERROR_TRUNCATE_OBJECT, /* truncate data failed */
- TEE_ERROR_SEEK_DATA, /* seek data failed */
- TEE_ERROR_SYNC_DATA, /* sync data failed */
- TEE_ERROR_RENAME_OBJECT, /* rename file failed */
- TEE_ERROR_TRUSTED_APP_LOAD_ERROR, /* error occurs when loading TA */
- TEE_ERROR_OTRP_LOAD_NOT_MATCHED = 0x80000100, /* TA type is inconsistent with the loading mode. */
- TEE_ERROR_OTRP_LOAD_EXCEED = 0x80000101, /* the not open session's otrp service num exceeds */
- TEE_ERROR_OTRP_ACCESS_DENIED = 0x80000102, /* uuid of load cmd is not inconsistent with the sec file */
- TEE_ERROR_OTRP_SERVICE_AGED = 0x80000103, /* otrp service is aged */
- TEE_ERROR_STORAGE_EIO = 0x80001001, /* I/O error occurs in storage operation */
- TEE_ERROR_STORAGE_EAGAIN = 0x80001002, /* storage section is unavailable */
- TEE_ERROR_STORAGE_ENOTDIR = 0x80001003, /* operation target is not directory */
- TEE_ERROR_STORAGE_EISDIR = 0x80001004, /* cannot do this operation on directory */
- TEE_ERROR_STORAGE_ENFILE = 0x80001005, /* opened files exceed max count in system */
- TEE_ERROR_STORAGE_EMFILE = 0x80001006, /* opened files exceed max count for this process */
- TEE_ERROR_STORAGE_EROFS = 0x80001007, /* stroage section is read only */
- TEE_ERROR_STORAGE_INSE_NOTSUPPORT = 0x80001008, /* SFS inse mode is not supported */
- TEE_ERROR_STORAGE_INSE_ERROR = 0x80001009, /* SFS inse encrypto/decrypto error occurs */
- TEE_ERROR_STORAGE_PATH_WRONG = 0x8000100A, /* File path error */
- TEE_ERROR_MSG_QUEUE_OVERFLOW = 0x8000100B, /* sevice msg queue overflow */
- TEE_ERROR_CORRUPT_OBJECT = 0xF0100001, /* file object has been damaged */
- TEE_ERROR_STORAGE_NOT_AVAILABLE = 0xF0100003, /* storage section is unavailable */
- TEE_ERROR_CIPHERTEXT_INVALID = 0xF0100006, /* cipher text is incorrect */
- TEE_ISOCKET_ERROR_PROTOCOL = 0xF1007001, /* protocol error in socket connection */
- TEE_ISOCKET_ERROR_REMOTE_CLOSED = 0xF1007002, /* socket is closed by remote */
- TEE_ISOCKET_ERROR_TIMEOUT = 0xF1007003, /* socket connection is timeout */
- TEE_ISOCKET_ERROR_OUT_OF_RESOURCES = 0xF1007004, /* no resource avaliable for socket connection */
- TEE_ISOCKET_ERROR_LARGE_BUFFER = 0xF1007005, /* buffer is too large in socket connection */
- TEE_ISOCKET_WARNING_PROTOCOL = 0xF1007006, /* warnning occurs in socket connection */
- TEE_ERROR_GENERIC = 0xFFFF0000, /* generic error */
- TEE_ERROR_ACCESS_DENIED = 0xFFFF0001, /* access is denied */
- TEE_ERROR_CANCEL = 0xFFFF0002, /* operation has been canceled */
- TEE_ERROR_ACCESS_CONFLICT = 0xFFFF0003, /* conflict access error occurs */
- TEE_ERROR_EXCESS_DATA = 0xFFFF0004, /* exceeds max data size */
- TEE_ERROR_BAD_FORMAT = 0xFFFF0005, /* incorrect data format */
- TEE_ERROR_BAD_PARAMETERS = 0xFFFF0006, /* incorrect parameters */
- TEE_ERROR_BAD_STATE = 0xFFFF0007, /* operation is not allowed in current state */
- TEE_ERROR_ITEM_NOT_FOUND = 0xFFFF0008, /* cannot find target item */
- TEE_ERROR_NOT_IMPLEMENTED = 0xFFFF0009, /* api is not implemented */
- TEE_ERROR_NOT_SUPPORTED = 0xFFFF000A, /* api is not supported */
- TEE_ERROR_NO_DATA = 0xFFFF000B, /* no data avaliable for this operation */
- TEE_ERROR_OUT_OF_MEMORY = 0xFFFF000C, /* not memory avaliable for this operation */
- TEE_ERROR_BUSY = 0xFFFF000D, /* system busy to handle this operation */
- TEE_ERROR_COMMUNICATION = 0xFFFF000E, /* communication error with target */
- TEE_ERROR_SECURITY = 0xFFFF000F, /* security error occurs */
- TEE_ERROR_SHORT_BUFFER = 0xFFFF0010, /* buffer is too short for this operation */
- TEE_ERROR_EXTERNAL_CANCEL = 0xFFFF0011, /* operation is canceled */
- TEE_PENDING = 0xFFFF2000, /* service is in pending state(in asynchronous state) */
- TEE_PENDING2 = 0xFFFF2001, /* service is in pending state() */
- TEE_PENDING3 = 0xFFFF2002, /* reserved error definition */
- TEE_ERROR_TIMEOUT = 0xFFFF3001, /* operation is timeout */
- TEE_ERROR_OVERFLOW = 0xFFFF300f, /* operation overflow */
- TEE_ERROR_TARGET_DEAD = 0xFFFF3024, /* TA is crashed */
- TEE_ERROR_STORAGE_NO_SPACE = 0xFFFF3041, /* no enough space to store data */
- TEE_ERROR_MAC_INVALID = 0xFFFF3071, /* MAC operation failed */
- TEE_ERROR_SIGNATURE_INVALID = 0xFFFF3072, /* signature check failed */
- TEE_CLIENT_INTR = 0xFFFF4000, /* Interrupted by CFC. Broken control flow is detected. */
- TEE_ERROR_TIME_NOT_SET = 0xFFFF5000, /* time is not set */
- TEE_ERROR_TIME_NEEDS_RESET = 0xFFFF5001, /* time need to be reset */
- TEE_FAIL = 0xFFFF5002, /* system error */
- TEE_ERROR_TIMER = 0xFFFF6000, /* base value of timer error codes */
- TEE_ERROR_TIMER_CREATE_FAILED, /* failed to create timer */
- TEE_ERROR_TIMER_DESTORY_FAILED, /* failed to destory timer */
- TEE_ERROR_TIMER_NOT_FOUND, /* timer not found */
- TEE_ERROR_RPMB_BASE = 0xFFFF7000, /* base value of RPMB error codes */
- TEE_ERROR_RPMB_GENERIC = 0xFFFF7001, /* generic error of RPMB operations */
- TEE_ERROR_RPMB_MAC_FAIL, /* verify MAC failed in RPMB operations */
- TEE_ERROR_RPMB_COUNTER_FAIL, /* invalid counter in RPMB operations */
- TEE_ERROR_RPMB_ADDR_FAIL, /* addresss check failed in RPMB operations */
- TEE_ERROR_RPMB_WRITE_FAIL, /* failed to write data to RPMB */
- TEE_ERROR_RPMB_READ_FAIL, /* failed to read data in RPMB */
- TEE_ERROR_RPMB_KEY_NOT_PROGRAM, /* key is not provisioned in RPMB */
- TEE_ERROR_RPMB_RESP_UNEXPECT_MSGTYPE = 0xFFFF7100, /* incorrect message type in RPMB response */
- TEE_ERROR_RPMB_RESP_UNEXPECT_BLKCNT, /* incorrect message data block count in RPMB response */
- TEE_ERROR_RPMB_RESP_UNEXPECT_BLKIDX, /* incorrect message data block index in RPMB response */
- TEE_ERROR_RPMB_RESP_UNEXPECT_WRCNT, /* incorrect message data counter in RPMB response */
- TEE_ERROR_RPMB_RESP_UNEXPECT_NONCE, /* incorrect message data nonce in RPMB response */
- TEE_ERROR_RPMB_RESP_UNEXPECT_MAC, /* incorrect message data MAC in RPMB response */
- TEE_ERROR_RPMB_FILE_NOT_FOUND, /* file not found in RPMB */
- TEE_ERROR_RPMB_NOSPC, /* not space left for RPMB operations */
- TEE_ERROR_RPMB_SPC_CONFLICT, /* exceeds max space of RPMB for this TA */
- TEE_ERROR_RPMB_NOT_AVAILABLE, /* RPMB service not ready */
- TEE_ERROR_RPMB_DAMAGED, /* RPMB partition is damaged */
- TEE_ERROR_TUI_IN_USE = 0xFFFF7110,
- TEE_ERROR_TUI_SWITCH_CHANNAL,
- TEE_ERROR_TUI_CFG_DRIVER,
- TEE_ERROR_TUI_INVALID_EVENT,
- TEE_ERROR_TUI_POLL_EVENT,
- TEE_ERROR_TUI_CANCELED,
- TEE_ERROR_TUI_EXIT,
- TEE_ERROR_TUI_NOT_AVAILABLE,
- TEE_ERROR_SEC_FLASH_NOT_AVAILABLE,
- TEE_ERROR_SESRV_NOT_AVAILABLE,
- TEE_ERROR_BIOSRV_NOT_AVAILABLE,
- TEE_ERROR_ROTSRV_NOT_AVAILABLE,
- TEE_ERROR_ARTSRV_NOT_AVAILABLE,
- TEE_ERROR_HSMSRV_NOT_AVAILABLE,
- TEE_ERROR_ANTIROOT_RSP_FAIL = 0xFFFF9110,
- TEE_ERROR_ANTIROOT_INVOKE_ERROR = 0xFFFF9111,
- TEE_ERROR_AUDIT_FAIL = 0xFFFF9112,
- TEE_FAIL2
+ TEE_SUCCESS = 0x00000000, /* success */
+ TEE_ERROR_INVALID_CMD = 0x00000001, /* command is invalid */
+ TEE_ERROR_SERVICE_NOT_EXIST = 0x00000002, /* service is not exist */
+ TEE_ERROR_SESSION_NOT_EXIST = 0x00000003, /* session is not exist */
+ TEE_ERROR_SESSION_MAXIMUM = 0x00000004, /* exceeds max session count */
+ TEE_ERROR_REGISTER_EXIST_SERVICE = 0x00000005, /* service already registered */
+ TEE_ERROR_TARGET_DEAD_FATAL = 0x00000006, /* internal error occurs */
+ TEE_ERROR_READ_DATA = 0x00000007, /* read data failed */
+ TEE_ERROR_WRITE_DATA = 0x00000008, /* write data failed */
+ TEE_ERROR_TRUNCATE_OBJECT = 0x00000009, /* truncate data failed */
+ TEE_ERROR_SEEK_DATA = 0x0000000A, /* seek data failed */
+ TEE_ERROR_SYNC_DATA = 0x0000000B, /* sync data failed */
+ TEE_ERROR_RENAME_OBJECT = 0x0000000C, /* rename file failed */
+ TEE_ERROR_TRUSTED_APP_LOAD_ERROR = 0x0000000D, /* error occurs when loading TA */
+ TEE_ERROR_OTRP_LOAD_NOT_MATCHED = 0x80000100, /* TA type is inconsistent with the loading mode. */
+ TEE_ERROR_OTRP_LOAD_EXCEED = 0x80000101, /* the not open session's otrp service num exceeds */
+ TEE_ERROR_OTRP_ACCESS_DENIED = 0x80000102, /* uuid of load cmd is not inconsistent with the sec file */
+ TEE_ERROR_OTRP_SERVICE_AGED = 0x80000103, /* otrp service is aged */
+ TEE_ERROR_STORAGE_EIO = 0x80001001, /* I/O error occurs in storage operation */
+ TEE_ERROR_STORAGE_EAGAIN = 0x80001002, /* storage section is unavailable */
+ TEE_ERROR_STORAGE_ENOTDIR = 0x80001003, /* operation target is not directory */
+ TEE_ERROR_STORAGE_EISDIR = 0x80001004, /* cannot do this operation on directory */
+ TEE_ERROR_STORAGE_ENFILE = 0x80001005, /* opened files exceed max count in system */
+ TEE_ERROR_STORAGE_EMFILE = 0x80001006, /* opened files exceed max count for this process */
+ TEE_ERROR_STORAGE_EROFS = 0x80001007, /* stroage section is read only */
+ TEE_ERROR_STORAGE_PATH_WRONG = 0x8000100A, /* File path error */
+ TEE_ERROR_MSG_QUEUE_OVERFLOW = 0x8000100B, /* sevice msg queue overflow */
+ TEE_ERROR_CORRUPT_OBJECT = 0xF0100001, /* file object has been damaged */
+ TEE_ERROR_STORAGE_NOT_AVAILABLE = 0xF0100003, /* storage section is unavailable */
+ TEE_ERROR_CIPHERTEXT_INVALID = 0xF0100006, /* cipher text is incorrect */
+ TEE_ISOCKET_ERROR_PROTOCOL = 0xF1007001, /* protocol error in socket connection */
+ TEE_ISOCKET_ERROR_REMOTE_CLOSED = 0xF1007002, /* socket is closed by remote */
+ TEE_ISOCKET_ERROR_TIMEOUT = 0xF1007003, /* socket connection is timeout */
+ TEE_ISOCKET_ERROR_OUT_OF_RESOURCES = 0xF1007004, /* no resource avaliable for socket connection */
+ TEE_ISOCKET_ERROR_LARGE_BUFFER = 0xF1007005, /* buffer is too large in socket connection */
+ TEE_ISOCKET_WARNING_PROTOCOL = 0xF1007006, /* warnning occurs in socket connection */
+ TEE_ERROR_GENERIC = 0xFFFF0000, /* generic error */
+ TEE_ERROR_ACCESS_DENIED = 0xFFFF0001, /* access is denied */
+ TEE_ERROR_CANCEL = 0xFFFF0002, /* operation has been canceled */
+ TEE_ERROR_ACCESS_CONFLICT = 0xFFFF0003, /* conflict access error occurs */
+ TEE_ERROR_EXCESS_DATA = 0xFFFF0004, /* exceeds max data size */
+ TEE_ERROR_BAD_FORMAT = 0xFFFF0005, /* incorrect data format */
+ TEE_ERROR_BAD_PARAMETERS = 0xFFFF0006, /* incorrect parameters */
+ TEE_ERROR_BAD_STATE = 0xFFFF0007, /* operation is not allowed in current state */
+ TEE_ERROR_ITEM_NOT_FOUND = 0xFFFF0008, /* cannot find target item */
+ TEE_ERROR_NOT_IMPLEMENTED = 0xFFFF0009, /* api is not implemented */
+ TEE_ERROR_NOT_SUPPORTED = 0xFFFF000A, /* api is not supported */
+ TEE_ERROR_NO_DATA = 0xFFFF000B, /* no data avaliable for this operation */
+ TEE_ERROR_OUT_OF_MEMORY = 0xFFFF000C, /* not memory avaliable for this operation */
+ TEE_ERROR_BUSY = 0xFFFF000D, /* system busy to handle this operation */
+ TEE_ERROR_COMMUNICATION = 0xFFFF000E, /* communication error with target */
+ TEE_ERROR_SECURITY = 0xFFFF000F, /* security error occurs */
+ TEE_ERROR_SHORT_BUFFER = 0xFFFF0010, /* buffer is too short for this operation */
+ TEE_ERROR_EXTERNAL_CANCEL = 0xFFFF0011, /* operation is canceled */
+ TEE_PENDING = 0xFFFF2000, /* service is in pending state(in asynchronous state) */
+ TEE_PENDING2 = 0xFFFF2001, /* service is in pending state() */
+ TEE_PENDING3 = 0xFFFF2002, /* reserved error definition */
+ TEE_ERROR_TIMEOUT = 0xFFFF3001, /* operation is timeout */
+ TEE_ERROR_OVERFLOW = 0xFFFF300f, /* operation overflow */
+ TEE_ERROR_TARGET_DEAD = 0xFFFF3024, /* TA is crashed */
+ TEE_ERROR_STORAGE_NO_SPACE = 0xFFFF3041, /* no enough space to store data */
+ TEE_ERROR_MAC_INVALID = 0xFFFF3071, /* MAC operation failed */
+ TEE_ERROR_SIGNATURE_INVALID = 0xFFFF3072, /* signature check failed */
+ TEE_CLIENT_INTR = 0xFFFF4000, /* Interrupted by CFC. Broken control flow is detected. */
+ TEE_ERROR_TIME_NOT_SET = 0xFFFF5000, /* time is not set */
+ TEE_ERROR_TIME_NEEDS_RESET = 0xFFFF5001, /* time need to be reset */
+ TEE_FAIL = 0xFFFF5002, /* system error */
+ TEE_ERROR_TIMER = 0xFFFF6000, /* base value of timer error codes */
+ TEE_ERROR_TIMER_CREATE_FAILED = 0xFFFF6001, /* failed to create timer */
+ TEE_ERROR_TIMER_DESTROY_FAILED = 0xFFFF6002, /* failed to destroy timer */
+ TEE_ERROR_TIMER_NOT_FOUND = 0xFFFF6003, /* timer not found */
+ TEE_ERROR_RPMB_BASE = 0xFFFF7000, /* base value of RPMB error codes */
+ TEE_ERROR_RPMB_GENERIC = 0xFFFF7001, /* generic error of RPMB operations */
+ TEE_ERROR_RPMB_MAC_FAIL = 0xFFFF7002, /* verify MAC failed in RPMB operations */
+ TEE_ERROR_RPMB_COUNTER_FAIL = 0xFFFF7003, /* invalid counter in RPMB operations */
+ TEE_ERROR_RPMB_ADDR_FAIL = 0xFFFF7004, /* addresss check failed in RPMB operations */
+ TEE_ERROR_RPMB_WRITE_FAIL = 0xFFFF7005, /* failed to write data to RPMB */
+ TEE_ERROR_RPMB_READ_FAIL = 0xFFFF7006, /* failed to read data in RPMB */
+ TEE_ERROR_RPMB_KEY_NOT_PROGRAM = 0xFFFF7007, /* key is not provisioned in RPMB */
+ TEE_ERROR_RPMB_RESP_UNEXPECT_MSGTYPE = 0xFFFF7100, /* incorrect message type in RPMB response */
+ TEE_ERROR_RPMB_RESP_UNEXPECT_BLKCNT = 0xFFFF7101, /* incorrect message data block count in RPMB response */
+ TEE_ERROR_RPMB_RESP_UNEXPECT_BLKIDX = 0xFFFF7102, /* incorrect message data block index in RPMB response */
+ TEE_ERROR_RPMB_RESP_UNEXPECT_WRCNT = 0xFFFF7103, /* incorrect message data counter in RPMB response */
+ TEE_ERROR_RPMB_RESP_UNEXPECT_NONCE = 0xFFFF7104, /* incorrect message data nonce in RPMB response */
+ TEE_ERROR_RPMB_RESP_UNEXPECT_MAC = 0xFFFF7105, /* incorrect message data MAC in RPMB response */
+ TEE_ERROR_RPMB_FILE_NOT_FOUND = 0xFFFF7106, /* file not found in RPMB */
+ TEE_ERROR_RPMB_NOSPC = 0xFFFF7107, /* not space left for RPMB operations */
+ TEE_ERROR_RPMB_SPC_CONFLICT = 0xFFFF7108, /* exceeds max space of RPMB for this TA */
+ TEE_ERROR_RPMB_NOT_AVAILABLE = 0xFFFF7109, /* RPMB service not ready */
+ TEE_ERROR_RPMB_DAMAGED = 0xFFFF710A, /* RPMB partition is damaged */
+ TEE_ERROR_TUI_IN_USE = 0xFFFF7110, /* TUI is being used */
+ TEE_ERROR_TUI_SWITCH_CHANNAL = 0xFFFF7111, /* incorrect message switch channal in TUI response */
+ TEE_ERROR_TUI_CFG_DRIVER = 0xFFFF7112, /* incorrect message configurator driver in TUI response */
+ TEE_ERROR_TUI_INVALID_EVENT = 0xFFFF7113, /* invalid TUI event */
+ TEE_ERROR_TUI_POLL_EVENT = 0xFFFF7114, /* incorrect message polling events in TUI response */
+ TEE_ERROR_TUI_CANCELED = 0xFFFF7115, /* TUI is cancelled */
+ TEE_ERROR_TUI_EXIT = 0xFFFF7116, /* TUI is exited */
+ TEE_ERROR_TUI_NOT_AVAILABLE = 0xFFFF7117, /* TUI unavailable */
+ TEE_ERROR_SEC_FLASH_NOT_AVAILABLE = 0xFFFF7118, /* sec flash is not available */
+ TEE_ERROR_SESRV_NOT_AVAILABLE = 0xFFFF7119, /* SE service has crashed or not enabled */
+ TEE_ERROR_BIOSRV_NOT_AVAILABLE = 0xFFFF711A, /* BIO service is not available */
+ TEE_ERROR_ROTSRV_NOT_AVAILABLE = 0xFFFF711B, /* ROT service is not available */
+ TEE_ERROR_ARTSRV_NOT_AVAILABLE = 0xFFFF711C, /* ART service is not available */
+ TEE_ERROR_HSMSRV_NOT_AVAILABLE = 0xFFFF711D, /* HSM service is not available */
+ TEE_ERROR_ANTIROOT_RSP_FAIL = 0xFFFF9110, /* AntiRoot Response verify failed */
+ TEE_ERROR_ANTIROOT_INVOKE_ERROR = 0xFFFF9111, /* AntiRoot ERROR during invokecmd */
+ TEE_ERROR_AUDIT_FAIL = 0xFFFF9112, /* audit failed */
+ TEE_FAIL2 = 0xFFFF9113, /* unused */
+ TEE_ERROR_IPC_OVERFLOW = 0xFFFF9114 /* IPC Channel overflow error */
};
/*
@@ -343,6 +330,7 @@ enum TEE_LoginMethod {
TEE_LOGIN_USER_APPLICATION = 0x5,
TEE_LOGIN_GROUP_APPLICATION = 0x6,
TEE_LOGIN_IDENTIFY = 0x7, /* iTrustee defined Lognin type */
+ TEEK_LOGIN_IDENTIFY = 0x80000001, /* iTrustee defined lognin type from linux kernel */
};
typedef struct {
@@ -356,8 +344,8 @@ typedef TEE_Result TEEC_Result;
#define TEE_ORIGIN_TEE 0x00000003
#define TEE_ORIGIN_TRUSTED_APP 0x00000004
-#ifndef _TEE_TA_SESSION_HANDLE
-#define _TEE_TA_SESSION_HANDLE
+#ifndef TEE_TA_SESSION_HANDLE
+#define TEE_TA_SESSION_HANDLE
typedef uint32_t TEE_TASessionHandle;
#endif
@@ -365,4 +353,28 @@ typedef struct __TEE_ObjectHandle *TEE_ObjectHandle;
typedef struct __TEE_ObjectEnumHandle *TEE_ObjectEnumHandle;
typedef struct __TEE_OperationHandle *TEE_OperationHandle;
+#define TEE_TIMEOUT_INFINITE (0xFFFFFFFF)
+
+typedef struct {
+ uint32_t seconds;
+ uint32_t millis;
+} TEE_Time;
+
+typedef struct {
+ int32_t seconds;
+ int32_t millis;
+ int32_t min;
+ int32_t hour;
+ int32_t day;
+ int32_t month;
+ int32_t year;
+} TEE_Date_Time;
+
+typedef struct {
+ uint32_t type;
+ uint32_t timer_id;
+ uint32_t timer_class;
+ uint32_t reserved2;
+} TEE_timer_property;
+
#endif
diff --git a/include/TA/tee_mem_mgmt_api.h b/include/TA/tee_mem_mgmt_api.h
index 5b91566..48f9888 100644
--- a/include/TA/tee_mem_mgmt_api.h
+++ b/include/TA/tee_mem_mgmt_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2012-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,6 +8,7 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: Header file of memory management api
*/
#ifndef TEE_MEM_MGMT_API_H
@@ -61,7 +62,7 @@ enum MALLOC_HINT {
*
* @return void
*/
-#if (API_LEVEL >= API_LEVEL1_2)
+#if defined(API_LEVEL) && defined(API_LEVEL1_2) && (API_LEVEL >= API_LEVEL1_2)
void TEE_MemFill(void *buffer, uint8_t x, size_t size);
#else
void TEE_MemFill(void *buffer, uint32_t x, size_t size);
diff --git a/include/TA/tee_object_api.h b/include/TA/tee_object_api.h
index c8200e5..a62f68f 100644
--- a/include/TA/tee_object_api.h
+++ b/include/TA/tee_object_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,6 +8,7 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: Reference of TEE object api definitions
*/
#ifndef __TEE_OBJECT_API_H
@@ -237,7 +238,7 @@ TEE_Result TEE_GenerateKey(TEE_ObjectHandle object, uint32_t keySize, TEE_Attrib
*/
TEE_Result TEE_InfoObjectData(TEE_ObjectHandle object, uint32_t *pos, uint32_t *len);
-#if (API_LEVEL >= 2)
+#if defined(API_LEVEL) && (API_LEVEL >= 2)
/*
* Obtain the TEE_ObjectInfo of the object and copy it to the space pointed
diff --git a/include/TA/tee_property_api.h b/include/TA/tee_property_api.h
index fb00a96..2d8b567 100644
--- a/include/TA/tee_property_api.h
+++ b/include/TA/tee_property_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2012-2019. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,6 +8,7 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: TEE property implementation header file
*/
#ifndef TEE_PROPERTY_API_H
@@ -69,7 +70,7 @@ TEE_Result TEE_GetPropertyAsBool(TEE_PropSetHandle propsetOrEnumerator, const ch
*/
TEE_Result TEE_GetPropertyAsU32(TEE_PropSetHandle propsetOrEnumerator, const char *name, uint32_t *value);
-#if (API_LEVEL >= API_LEVEL1_2)
+#if defined(API_LEVEL) && defined(API_LEVEL1_2) && (API_LEVEL >= API_LEVEL1_2)
/*
* retrieves a single property in a property set and converts its value to a 64-bit unsigned integer
*
@@ -120,7 +121,7 @@ TEE_Result TEE_GetPropertyAsUUID(TEE_PropSetHandle propsetOrEnumerator, const ch
* @return TEE_SUCCESS operation success
* @return TEE_ERROR_ITEM_NOT_FOUND cannot find target property
*/
-TEE_Result TEE_GetPropertyAsIdentity(TEE_PropSetHandle propsetOrEnumerator, const char *name, TEE_Identity *value);
+TEE_Result TEE_GetPropertyAsIdentity(TEE_PropSetHandle propsetOrEnumerator, const char *name, TEE_Identity *identity);
/*
* allocates a property enumerator object
diff --git a/include/TA/tee_time_api.h b/include/TA/tee_time_api.h
index 31cc5f8..fa97c31 100644
--- a/include/TA/tee_time_api.h
+++ b/include/TA/tee_time_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,6 +8,7 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: Reference of TEE time api definitions
*/
#ifndef __TEE_TIME_API_H
@@ -15,34 +16,6 @@
#include "tee_defines.h"
-#define TEE_TIMEOUT_INFINITE (0xFFFFFFFF)
-
-typedef struct {
- uint32_t seconds;
- uint32_t millis;
-} TEE_Time;
-
-typedef struct {
- int32_t seconds;
- int32_t millis;
- int32_t min;
- int32_t hour;
- int32_t day;
- int32_t month;
- int32_t year;
-} TEE_Date_Time;
-
-typedef struct {
- uint32_t type;
- uint32_t timer_id;
- uint32_t timer_class;
- uint32_t reserved2;
-} TEE_timer_property;
-
-typedef enum {
- ANTI_ROOT_TIMER = 1,
-} TEE_Anti_Root_Timer_Type;
-
/*
* Get current TEE system rtc time
*
@@ -111,54 +84,4 @@ void TEE_GetREETime(TEE_Time *time);
* @return void
*/
void TEE_GetREETimeStr(char *time_str, uint32_t time_str_len);
-
-/*
- * Create rtc timer event
- *
- * @param time_seconds [IN] specified number of seconds
- * @param timer_property [IN] specified property of timer
- *
- * @return TEE_SUCCESS success
- * @return TEE_ERROR_GENERIC create timer fail
- */
-TEE_Result TEE_EXT_CreateTimer(uint32_t time_seconds, TEE_timer_property *timer_property);
-
-/*
- * Destory rtc timer event
- *
- * @param timer_property [IN] specified property of timer
- *
- * @return TEE_SUCCESS success
- * @return TEE_ERROR_GENERIC destroy timer fail
- */
-TEE_Result TEE_EXT_DestoryTimer(TEE_timer_property *timer_property);
-
-/*
- * Get expire time of rtc timer event
- *
- * @param timer_property [IN] specified property of timer
- * @param time_seconds [OUT] expire time of rtc timer event
- *
- * @return TEE_SUCCESS success
- * @return TEE_ERROR_GENERIC get expire time fail
- */
-TEE_Result TEE_EXT_GetTimerExpire(TEE_timer_property *timer_property, uint32_t *time_seconds);
-
-/*
- * Get remain time of rtc timer event
- *
- * @param timer_property [IN] specified property of timer
- * @param time_seconds [OUT] remain time of rtc timer event
- *
- * @return TEE_SUCCESS success
- * @return TEE_ERROR_GENERIC get remain time fail
- */
-TEE_Result TEE_EXT_GetTimerRemain(TEE_timer_property *timer_property, uint32_t *time_seconds);
-
-/*
- * Get secure rtc time
- *
- * @return current rtc seconds
- */
-unsigned int __get_secure_rtc_time(void);
#endif
diff --git a/include/TA/tee_trusted_storage_api.h b/include/TA/tee_trusted_storage_api.h
new file mode 100644
index 0000000..cfe7554
--- /dev/null
+++ b/include/TA/tee_trusted_storage_api.h
@@ -0,0 +1,309 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: Reference of TEE trusted storage definitions
+ */
+
+#ifndef __TEE_TRUSTED_STORAGE_API_H
+#define __TEE_TRUSTED_STORAGE_API_H
+
+#include "tee_defines.h"
+#include "tee_object_api.h"
+
+/*
+ * Data stream positioning start position option, used in TEE_SeekObjectData function
+ */
+enum __TEE_Whence {
+ TEE_DATA_SEEK_SET = 0, /* Position the starting position as the beginning of the data stream */
+ TEE_DATA_SEEK_CUR, /* Position the starting position as the current data stream position */
+ TEE_DATA_SEEK_END /* Position the starting position at the end of the data stream */
+};
+
+struct __TEE_ObjectEnumHandle;
+typedef struct __TEE_ObjectEnumHandle *TEE_ObjectEnumHandle;
+
+typedef uint32_t TEE_Whence;
+
+/*
+ * Storage ID, which defines the storage space of the corresponding application
+ */
+enum Object_Storage_Constants {
+ TEE_OBJECT_STORAGE_PRIVATE = 0x00000001, /* Separate private storage space for each application */
+};
+
+/*
+ * System resource constraints, such as the maximum value that the data stream position indicator can take
+ */
+enum Miscellaneous_Constants {
+ TEE_DATA_MAX_POSITION = 0xFFFFFFFF, /* The maximum length that the position indicator of the data stream can take */
+ TEE_OBJECT_ID_MAX_LEN = 64, /* The maximum length of objectID, which actually extends to 128 bytes */
+};
+
+/*
+ * The maximum number of bytes of data that the data stream can store
+ */
+enum TEE_DATA_Size {
+ TEE_DATA_OBJECT_MAX_SIZE = 0xFFFFFFFF /* The maximum bytes of data that the object data stream can store */
+};
+
+/*
+ * The handleFlags of TEE_ObjectHandle determines the access authority of
+ * the TEE_ObjectHandle to the object data stream
+ */
+enum Data_Flag_Constants {
+ /* Have read permission to the data stream, and can read */
+ TEE_DATA_FLAG_ACCESS_READ = 0x00000001,
+ /* Have write permission to the data stream, and can write and truncate */
+ TEE_DATA_FLAG_ACCESS_WRITE = 0x00000002,
+ /* Have WRITE_META permission for data stream, and can delete and rename operation */
+ TEE_DATA_FLAG_ACCESS_WRITE_META = 0x00000004,
+ /*
+ * Have shared read permissions on the data stream, you can open multiple
+ * TEE_ObjectHandles for concurrent reading
+ */
+ TEE_DATA_FLAG_SHARE_READ = 0x00000010,
+ /*
+ * Have shared write permissions for the data stream, and multiple TEE_ObjectHandles
+ * can be opened for concurrent writing
+ */
+ TEE_DATA_FLAG_SHARE_WRITE = 0x00000020,
+ /* Unused */
+ TEE_DATA_FLAG_CREATE = 0x00000200,
+ /*
+ * Protect an existing file with the same name. If the file with the same name does not exist,
+ * create a new data file; if the file with the same name exists, an error will be reported
+ */
+ TEE_DATA_FLAG_EXCLUSIVE = 0x00000400,
+ /*
+ * Protect an existing file with the same name. If the file with the same name does not exist,
+ * create a new data file; if the file with the same name exists, an error will be reported
+ */
+ TEE_DATA_FLAG_OVERWRITE = 0x00000400,
+ /*
+ * If the bit27 is set to 1, it means deriving the 32-bytes TA root key at one time,
+ * if it is 0, it means deriving two 16-bytes TA root keys and combined them together
+ */
+ TEE_DATA_FLAG_DERIVE_32BYTES_KEY_ONCE = 0x08000000,
+ /* If bit28 is set to 1, it means AES256, if it is 0, it means AES128 */
+ TEE_DATA_FLAG_AES256 = 0x10000000,
+ /* If bit29 is set to 1, it means that the lower version will be opened first */
+ TEE_DATA_FLAG_OPEN_AESC = 0x20000000,
+};
+
+/*
+ * Create a new persistent object, you can directly initialize the data stream and TEE_Attribute,
+ * the user can use the returned handle to access the object's TEE_Attribute and data stream
+ *
+ * @param storageID [IN] Corresponding to a separate storage space for each application,
+ * the value is Object_Storage_Constants
+ * @param objectID [IN] Object identifier, the name of the object to be created
+ * @param objectIDLen [IN] The length of the object identifier by byte, no more than 128 bytes
+ * @param flags [IN] Flags after object creation, the value can be one or more of Data_Flag_Constants
+ * or Handle_Flag_Constants
+ * @param attributes [IN] The TEE_ObjectHandle of the transient object, used to initialize the
+ * TEE_Attribute of the object, can be TEE_HANDLE_NULL
+ * @param initialData [IN] Initial data, used to initialize data stream data
+ * @param initialDataLen [IN] InitialData length in byte
+ * @param object [OUT] TEE_ObjectHandle returned after the function is successfully executed
+ *
+ * @return TEE_SUCCESS Indicates that the function was executed successfully
+ * @return TEE_ERROR_ITEM_NOT_FOUND: The storageID does not exist
+ * @return TEE_ERROR_ACCESS_CONFLICT Access conflict
+ * @return TEE_ERROR_OUT_OF_MEMORY Insufficient memory to complete the operation
+ * @return TEE_ERROR_STORAGE_NO_SPACE There is not enough space to create the object
+ */
+TEE_Result TEE_CreatePersistentObject(uint32_t storageID, const void *ojbectID, size_t objectIDLen, uint32_t flags,
+ TEE_ObjectHandle attributes, const void *initialData, size_t initialDataLen,
+ TEE_ObjectHandle *object);
+
+/*
+ * Open an existing permanent object, the returned handle can be used by the user to access
+ * the object's TEE_Attribute and data stream
+ *
+ * @param storageID [IN] orresponding to a separate storage space for each application,
+ * the value is Object_Storage_Constants
+ * @param objectID [IN] object identifier, the name of the object to be opened
+ * @param objectIDLen [IN] The length of the object identifier by byte, no more than 128 bytes
+ * @param flags [IN] Flags after object opened, the value can be one or more of
+ * Data_Flag_Constants or Handle_Flag_Constants
+ * @param object [OUT] TEE_ObjectHandle returned after the function is successfully executed
+ *
+ * @return TEE_SUCCESS Indicates that the function was executed successfully
+ * @return TEE_ERROR_ITEM_NOT_FOUND: The storageID does not exist or cannot find object identifier
+ * @return TEE_ERROR_ACCESS_CONFLICT Access conflict
+ * @return TEE_ERROR_OUT_OF_MEMORY Insufficient memory to complete the operation
+ */
+TEE_Result TEE_OpenPersistentObject(uint32_t storageID, const void *ojbectID, size_t objectIDLen, uint32_t flags,
+ TEE_ObjectHandle *object);
+
+/*
+ * Read size bytes of data from the object's data stream to the buffer,
+ * the TEE_ObjectHandle must have been opened with TEE_DATA_FLAG_ACCESS_READ permission
+ *
+ * @param objbect [IN] The TEE_ObjectHandle to be read
+ * @param buffer [OUT] Buffer for storing read data
+ * @param size [IN] Size of data to be read by byte
+ * @param count [OUT] Size of data actually read by byte
+ *
+ * @return TEE_SUCCESS Indicates that the function was executed successfully
+ * @return TEE_ERROR_OUT_OF_MEMORY Insufficient memory to complete the operation
+ */
+TEE_Result TEE_ReadObjectData(TEE_ObjectHandle ojbect, void *buffer, size_t size, uint32_t *count);
+
+/*
+ * Write size bytes of data from the buffer to the data stream of the object.
+ * TEE_ObjectHandle must have been opened with TEE_DATA_FLAG_ACCESS_WRITE permission
+ *
+ * @param ojbect [IN] The TEE_ObjectHandle to be write
+ * @param buffer [IN] Store the data to be written
+ * @param size [IN] The length of the data to be written, the size does not exceed 4096 bytes
+ *
+ * @return TEE_SUCCESS Indicates that the function was executed successfully
+ * @return TEE_ERROR_OUT_OF_MEMORY Insufficient memory to complete the operation
+ * @return TEE_ERROR_STORAGE_NO_SPACE There is not enough space to perform the operation
+ */
+TEE_Result TEE_WriteObjectData(TEE_ObjectHandle ojbect, const void *buffer, size_t size);
+
+/*
+ * This function changes the size of the data stream. If the size is smaller than the size of
+ * the current data stream, delete all excess bytes. If size is greater than the size of the
+ * current data stream, use '0' to expand
+ * TEE_ObjectHandle must be opened with TEE_DATA_FLAG_ACCESS_WRITE permission
+ *
+ * @param object [IN] TEE_ObjectHandle to be truncated
+ * @param size [IN] The new length of the data stream, the size does not exceed 4096 bytes
+ *
+ * @return TEE_SUCCESS Indicates that the function was executed successfully
+ * @return TEE_ERROR_STORAGE_NO_SPACE There is not enough space to perform the operation
+ */
+TEE_Result TEE_TruncateObjectData(TEE_ObjectHandle object, size_t size);
+
+/*
+ * Set the data stream position pointed to by TEE_ObjectHandle, and set the data stream position to:
+ * start position + offset
+ * The parameter whence controls the starting position of the offset, the value can choose in TEE_Whence,
+ * and the meaning is as follows:
+ * TEE_DATA_SEEK_SET, the starting position of the data stream offset is the file header, which is 0
+ * TEE_DATA_SEEK_CUR, the starting position of the data stream offset is the current position
+ * TEE_DATA_SEEK_END, the starting position of the data stream offset is the end of the file
+ * When the parameter offset is a positive number, it is offset backward, and when it is negative, it is offset forward.
+ *
+ * @param object [IN] TEE_ObjectHandle to be set
+ * @param offset [IN] The size of the data stream position movement, the size does not exceed 4096 bytes
+ * @param whence [IN] The initial position of the data stream offset
+ *
+ * @return TEE_SUCCESS Indicates that the function was executed successfully
+ * @return TEE_ERROR_OVERFLOW The operation causes the value of the position indicator to exceed its
+ * system limit TEE_DATA_MAX_POSITION
+ */
+TEE_Result TEE_SeekObjectData(TEE_ObjectHandle object, int32_t offset, TEE_Whence whence);
+
+/*
+ * Close the opened TEE_ObjectHandle and delete the object. The object must be a persistent object
+ * and must have been opened with TEE_DATA_FLAG_ACCESS_WRITE_META permission
+ *
+ * @param object [IN] TEE_ObjectHandle to be closed and deleted
+ *
+ * @return void
+ */
+void TEE_CloseAndDeletePersistentObject(TEE_ObjectHandle object);
+
+/*
+ * Synchronize the opened TEE_ObjectHandle, and synchronize the corresponding security attribute files to the disk
+ *
+ * @param object [IN] TEE_ObjectHandle to be synchronized
+ *
+ * @return TEE_SUCCESS Indicates that the function was executed successfully
+ */
+TEE_Result TEE_SyncPersistentObject(TEE_ObjectHandle object);
+
+/*
+ * Change the object identifier, the TEE_ObjectHandle must be opened with TEE_DATA_FLAG_ACCESS_WRITE_META permission
+ *
+ * @param ojbect [IN/OUT] The object handle to be modified
+ * @param newObjectID [IN] New object identifier
+ * @param newObjectIDLen [IN] New object identifier length
+ *
+ * @return TEE_SUCCESS Indicates that the function was executed successfully
+ */
+TEE_Result TEE_RenamePersistentObject(TEE_ObjectHandle object, void *newObjectID, size_t newObjectIDLen);
+
+/*
+ * Allocate the handle of an uninitialized object enumerator
+ *
+ * @param object [OUT] Pointer to the handle of the newly created object enumerator
+ *
+ * @return TEE_SUCCESS Indicates that the function was executed successfully
+ * @return TEE_ERROR_OUT_OF_MEMORY No enough memory to allocate
+ */
+TEE_Result TEE_AllocatePersistentObjectEnumerator(TEE_ObjectEnumHandle *obj_enumerator);
+
+/*
+ * Release a object enumerator handle that has allocated. The handle becomes invalid after the function is called,
+ * and all allocated are released. Use it in pair with TEE_AllocatePersistentObjectEnumerator
+ *
+ * @param object [IN] TEE_ObjectEnumHandle to be released
+ *
+ * @return void
+ */
+void TEE_FreePersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator);
+
+/*
+ * Reset the temporary object enumerator to its initial state, that is, the state just after the allocate
+ *
+ * @param object [IN] TEE_ObjectEnumHandle of the object enumerator to be reset
+ *
+ * @return void
+ */
+void TEE_ResetPersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator);
+
+/*
+ * Start enumerating all objects in a given storage space, the information of the object can be obtained
+ * through the TEE_GetNextPersistentObject function
+ *
+ * @param object [IN] TEE_ObjectEnumHandle of the allocated object enumerator
+ * @param storageID [IN] Correspond to a separate storage space for each application, the value is
+ * Object_Storage_Constants, currently only supports TEE_STORAGE_PRIVATE
+ *
+ * @return TEE_SUCCESS Indicates that the function was executed successfully
+ * @return TEE_ITEM_NOT_FOUND storageID is not TEE_STORAGE_PRIVATE or there is no object in the storage space
+ */
+TEE_Result TEE_StartPersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator, uint32_t storage_id);
+
+/*
+ * Get the next object in the object enumerator, and return the object's TEE_ObjectInfo, objectID,
+ * objectIDLen information
+ *
+ * @param object [IN] TEE_ObjectEnumHandle of the initialized object enumerator
+ * @param objectInfo [OUT] Pointer to the structure used to store the obtained TEE_ObjectInfo
+ * @param objectInfo [OUT] Pointer to a buffer, used to store the obtained objectID
+ * @param objectInfo [OUT] Used to store the obtained objectIDLen
+ *
+ * @return TEE_SUCCESS Indicates that the function was executed successfully
+ * @return TEE_ITEM_NOT_FOUND The enumerator has no object or the enumerator has not been initialized
+ */
+TEE_Result TEE_GetNextPersistentObject(TEE_ObjectEnumHandle obj_enumerator,
+ TEE_ObjectInfo *object_info, void *object_id, size_t *object_id_len);
+
+#if defined(API_LEVEL) && (API_LEVEL >= 2)
+
+/*
+ * Close the opened TEE_ObjectHandle and delete the object. The object must be a persistent object
+ * and must have been opened with TEE_DATA_FLAG_ACCESS_WRITE_META permission
+ *
+ * @param object [IN] TEE_ObjectHandle to be closed and deleted
+ *
+ * @return TEE_SUCCESS Indicates that the function was executed successfully
+ * @return TEE_ERROR_STORAGE_NOT_AVAILABLE Cannot access the storage area where the file is located
+ */
+TEE_Result TEE_CloseAndDeletePersistentObject1(TEE_ObjectHandle object);
+
+#endif // API_LEVEL
+#endif
diff --git a/include/TA/tee_uuid.h b/include/TA/tee_uuid.h
new file mode 100644
index 0000000..51fb298
--- /dev/null
+++ b/include/TA/tee_uuid.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: Defines of GP TEE_UUID
+ */
+
+#ifndef TEE_UUID_H
+#define TEE_UUID_H
+
+#include <stdint.h>
+
+#define NODE_LEN 8
+typedef struct tee_uuid {
+ uint32_t timeLow;
+ uint16_t timeMid;
+ uint16_t timeHiAndVersion;
+ uint8_t clockSeqAndNode[NODE_LEN];
+} TEE_UUID;
+
+#endif
diff --git a/src/CA/libteec_adaptor.c b/src/CA/libteec_adaptor.c
new file mode 100644
index 0000000..9fd2042
--- /dev/null
+++ b/src/CA/libteec_adaptor.c
@@ -0,0 +1,269 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: this file is used for adapting interfaces in libteec.so
+ */
+
+#include <dlfcn.h>
+#include <pthread.h>
+
+#include "tee_client_api.h"
+
+#ifdef LOG_TAG
+#undef LOG_TAG
+#endif
+#define LOG_TAG "libteec_adaptor"
+
+#define LIBTEEC_PATH "/usr/lib64/libteec.so"
+
+/*
+ * these Function pointers are consistent with those defined in "tee_client_api.h"
+ * if you want to call the new interface in "tee_client_api.h",
+ * you should add a new definition here
+ */
+typedef TEEC_Result (*initializeContext_f)(const char *name, TEEC_Context *context);
+typedef void (*finalizeContext_f)(TEEC_Context *context);
+typedef TEEC_Result (*openSession_f)(TEEC_Context *context, TEEC_Session *session,
+ const TEEC_UUID *destination, uint32_t connectionMethod, const void *connectionData,
+ TEEC_Operation *operation, uint32_t *returnOrigin);
+typedef void (*closeSession_f)(TEEC_Session *session);
+typedef TEEC_Result (*invokeCommand_f)(TEEC_Session *session, uint32_t commandID,
+ TEEC_Operation *operation, uint32_t *returnOrigin);
+typedef TEEC_Result (*registerSharedMemory_f)(TEEC_Context *context,
+ TEEC_SharedMemory *sharedMem);
+typedef TEEC_Result (*allocateSharedMemory_f)(TEEC_Context *context,
+ TEEC_SharedMemory *sharedMem);
+typedef void (*releaseSharedMemory_f)(TEEC_SharedMemory *sharedMem);
+typedef void (*requestCancellation_f)(TEEC_Operation *operation);
+
+typedef struct {
+ initializeContext_f initializeContextFn;
+ finalizeContext_f finalizeContextFn;
+ openSession_f openSessionFn;
+ closeSession_f closeSessionFn;
+ invokeCommand_f invokeCommandFn;
+ registerSharedMemory_f registerSharedMemoryFn;
+ allocateSharedMemory_f allocateSharedMemoryFn;
+ releaseSharedMemory_f releaseSharedMemoryFn;
+ requestCancellation_f requestCancellationFn;
+} TeecApiTable;
+
+static TeecApiTable g_teecApiTable;
+static void *g_libTeecHandle = NULL;
+static pthread_mutex_t g_libTeecHandleLock = PTHREAD_MUTEX_INITIALIZER;
+
+static TEEC_Result GetBasicApiSymbol(TeecApiTable *teecApiTable)
+{
+ teecApiTable->initializeContextFn =
+ (initializeContext_f)(dlsym(g_libTeecHandle, "TEEC_InitializeContext"));
+ if (teecApiTable->initializeContextFn == NULL) {
+ TEEC_Error("get symbol TEEC_InitializeContext failed\n");
+ return TEEC_ERROR_GENERIC;
+ }
+
+ teecApiTable->finalizeContextFn =
+ (finalizeContext_f)(dlsym(g_libTeecHandle, "TEEC_FinalizeContext"));
+ if (teecApiTable->finalizeContextFn == NULL) {
+ TEEC_Error("get symbol TEEC_FinalizeContext failed\n");
+ return TEEC_ERROR_GENERIC;
+ }
+
+ teecApiTable->openSessionFn =
+ (openSession_f)(dlsym(g_libTeecHandle, "TEEC_OpenSession"));
+ if (teecApiTable->openSessionFn == NULL) {
+ TEEC_Error("get symbol TEEC_OpenSession failed\n");
+ return TEEC_ERROR_GENERIC;
+ }
+
+ teecApiTable->closeSessionFn =
+ (closeSession_f)(dlsym(g_libTeecHandle, "TEEC_CloseSession"));
+ if (teecApiTable->closeSessionFn == NULL) {
+ TEEC_Error("get symbol TEEC_CloseSession failed\n");
+ return TEEC_ERROR_GENERIC;
+ }
+
+ teecApiTable->invokeCommandFn =
+ (invokeCommand_f)(dlsym(g_libTeecHandle, "TEEC_InvokeCommand"));
+ if (teecApiTable->invokeCommandFn == NULL) {
+ TEEC_Error("get symbol TEEC_InvokeCommand failed\n");
+ return TEEC_ERROR_GENERIC;
+ }
+
+ return TEEC_SUCCESS;
+}
+
+static TEEC_Result GetMemApiSymbol(TeecApiTable *teecApiTable)
+{
+ teecApiTable->registerSharedMemoryFn =
+ (registerSharedMemory_f)(dlsym(g_libTeecHandle, "TEEC_RegisterSharedMemory"));
+ if (teecApiTable->registerSharedMemoryFn == NULL) {
+ TEEC_Error("get symbol TEEC_RegisterSharedMemory failed\n");
+ return TEEC_ERROR_GENERIC;
+ }
+
+ teecApiTable->allocateSharedMemoryFn =
+ (allocateSharedMemory_f)(dlsym(g_libTeecHandle, "TEEC_AllocateSharedMemory"));
+ if (teecApiTable->allocateSharedMemoryFn == NULL) {
+ TEEC_Error("get symbol TEEC_AllocateSharedMemory failed\n");
+ return TEEC_ERROR_GENERIC;
+ }
+
+ teecApiTable->releaseSharedMemoryFn =
+ (releaseSharedMemory_f)(dlsym(g_libTeecHandle, "TEEC_ReleaseSharedMemory"));
+ if (teecApiTable->releaseSharedMemoryFn == NULL) {
+ TEEC_Error("get symbol TEEC_ReleaseSharedMemory failed\n");
+ return TEEC_ERROR_GENERIC;
+ }
+
+ teecApiTable->requestCancellationFn =
+ (requestCancellation_f)(dlsym(g_libTeecHandle, "TEEC_RequestCancellation"));
+ if (teecApiTable->requestCancellationFn == NULL) {
+ TEEC_Error("get symbol TEEC_RequestCancellation failed\n");
+ return TEEC_ERROR_GENERIC;
+ }
+
+ return TEEC_SUCCESS;
+}
+
+static TEEC_Result GetTeecApiSymbol()
+{
+ TeecApiTable teecApiTable = {0};
+ (void)pthread_mutex_lock(&g_libTeecHandleLock);
+
+ if (g_libTeecHandle != NULL) {
+ (void)pthread_mutex_unlock(&g_libTeecHandleLock);
+ return TEEC_SUCCESS;
+ }
+
+ g_libTeecHandle = dlopen(LIBTEEC_PATH, RTLD_LAZY);
+ if (g_libTeecHandle == NULL) {
+ TEEC_Error("dlopen libteec failed\n");
+ (void)pthread_mutex_unlock(&g_libTeecHandleLock);
+ return TEEC_ERROR_GENERIC;
+ }
+
+ if (GetBasicApiSymbol(&teecApiTable) != TEEC_SUCCESS ||
+ GetMemApiSymbol(&teecApiTable) != TEEC_SUCCESS) {
+ TEEC_Error("get symbol failed\n");
+ goto ERROR;
+ }
+
+ g_teecApiTable = teecApiTable;
+ (void)pthread_mutex_unlock(&g_libTeecHandleLock);
+ return TEEC_SUCCESS;
+
+ERROR:
+ dlclose(g_libTeecHandle);
+ g_libTeecHandle = NULL;
+ (void)pthread_mutex_unlock(&g_libTeecHandleLock);
+ return TEEC_ERROR_GENERIC;
+}
+
+/*
+ * The following are Interfaces for CA application,
+ * In these interfaces, you should make sure the function pointer in g_teecApiTable is not NULL
+ */
+TEEC_Result TEEC_InitializeContext(const char *name, TEEC_Context *context)
+{
+ TEEC_Result ret = GetTeecApiSymbol();
+ if (ret != TEEC_SUCCESS) {
+ TEEC_Error("get teec api symbol failed!\n");
+ return TEEC_ERROR_GENERIC;
+ }
+
+ return g_teecApiTable.initializeContextFn(name, context);
+}
+
+void TEEC_FinalizeContext(TEEC_Context *context)
+{
+ if (g_teecApiTable.finalizeContextFn == NULL) {
+ TEEC_Error("finalizeContextFn is null!\n");
+ return;
+ }
+
+ g_teecApiTable.finalizeContextFn(context);
+}
+
+TEEC_Result TEEC_OpenSession(TEEC_Context *context, TEEC_Session *session,
+ const TEEC_UUID *destination, uint32_t connectionMethod,
+ const void *connectionData, TEEC_Operation *operation,
+ uint32_t *returnOrigin)
+{
+ if (g_teecApiTable.openSessionFn == NULL) {
+ TEEC_Error("openSessionFn is null!\n");
+ return TEEC_ERROR_GENERIC;
+ }
+
+ return g_teecApiTable.openSessionFn(context, session, destination,
+ connectionMethod, connectionData, operation, returnOrigin);
+}
+
+void TEEC_CloseSession(TEEC_Session *session)
+{
+ if (g_teecApiTable.closeSessionFn == NULL) {
+ TEEC_Error("closeSessionFn is null!\n");
+ return;
+ }
+
+ g_teecApiTable.closeSessionFn(session);
+}
+
+TEEC_Result TEEC_InvokeCommand(TEEC_Session *session, uint32_t commandID,
+ TEEC_Operation *operation, uint32_t *returnOrigin)
+{
+ if (g_teecApiTable.invokeCommandFn == NULL) {
+ TEEC_Error("invokeCommandFn is null!\n");
+ return TEEC_ERROR_GENERIC;
+ }
+
+ return g_teecApiTable.invokeCommandFn(session, commandID, operation, returnOrigin);
+}
+
+TEEC_Result TEEC_RegisterSharedMemory(TEEC_Context *context,
+ TEEC_SharedMemory *sharedMem)
+{
+ if (g_teecApiTable.registerSharedMemoryFn == NULL) {
+ TEEC_Error("registerSharedMemoryFn is null!\n");
+ return TEEC_ERROR_GENERIC;
+ }
+
+ return g_teecApiTable.registerSharedMemoryFn(context, sharedMem);
+}
+
+TEEC_Result TEEC_AllocateSharedMemory(TEEC_Context *context,
+ TEEC_SharedMemory *sharedMem)
+{
+ if (g_teecApiTable.allocateSharedMemoryFn == NULL) {
+ TEEC_Error("allocateSharedMemoryFn is null!\n");
+ return TEEC_ERROR_GENERIC;
+ }
+
+ return g_teecApiTable.allocateSharedMemoryFn(context, sharedMem);
+}
+
+void TEEC_ReleaseSharedMemory(TEEC_SharedMemory *sharedMem)
+{
+ if (g_teecApiTable.releaseSharedMemoryFn == NULL) {
+ TEEC_Error("releaseSharedMemoryFn is null!\n");
+ return;
+ }
+
+ g_teecApiTable.releaseSharedMemoryFn(sharedMem);
+}
+
+void TEEC_RequestCancellation(TEEC_Operation *operation)
+{
+ if (g_teecApiTable.requestCancellationFn == NULL) {
+ TEEC_Error("requestCancellationFn is null!\n");
+ return;
+ }
+
+ g_teecApiTable.requestCancellationFn(operation);
+}
diff --git a/test/CA/cert_manager/Makefile b/test/CA/cert_manager/Makefile
new file mode 100644
index 0000000..589ac63
--- /dev/null
+++ b/test/CA/cert_manager/Makefile
@@ -0,0 +1,27 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2021-2022. All rights reserved.
+
+CUR_DIR=$(shell pwd)
+ITRUSTEE_BUILD_PATH=${CUR_DIR}/../../../
+
+TARGET_APP := certmanager
+
+APP_SOURCES := ./cert_file.c
+APP_SOURCES += ./cert_manager.c
+
+APP_SOURCES += $(ITRUSTEE_BUILD_PATH)/src/CA/libteec_adaptor.c
+
+APP_CFLAGS += -fstack-protector-strong -fPIC
+
+APP_CFLAGS += -I$(ITRUSTEE_BUILD_PATH)/include/CA \
+ -I$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck/include
+
+APP_LDFLAGS += -ldl -lpthread -lboundscheck
+
+APP_LDFLAGS += -z text -z now -z relro -z noexecstack -pie -s
+
+APP_OBJECTS := $(APP_SOURCES:.c=.o)
+$(TARGET_APP): $(APP_SOURCES)
+ $(CC) $(APP_CFLAGS) -o $@ $(APP_SOURCES) $(APP_LDFLAGS)
+
+clean:
+ @rm -f *.o $(TARGET_APP)
diff --git a/test/CA/cert_manager/cert_common.h b/test/CA/cert_manager/cert_common.h
new file mode 100644
index 0000000..c485e0f
--- /dev/null
+++ b/test/CA/cert_manager/cert_common.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: CA for certification management.
+ */
+#ifndef CERT_COMMON_H
+#define CERT_COMMON_H
+
+#define printf_err(msg, ...) fprintf(stderr, msg, ##__VA_ARGS__)
+#define MAX_BUFFER_LEN 8192
+#define MAX_LOG_BUFFER_LEN 10000
+
+#endif
+
diff --git a/test/CA/cert_manager/cert_file.c b/test/CA/cert_manager/cert_file.c
new file mode 100644
index 0000000..87b62e1
--- /dev/null
+++ b/test/CA/cert_manager/cert_file.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: CA for certification management.
+ */
+#include "cert_file.h"
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <tee_client_type.h>
+
+#include "cert_common.h"
+
+bool IsFileExist(const char *path)
+{
+ return access(path, F_OK) == 0;
+}
+
+static int32_t GetFileSize(const char *path, long *size)
+{
+ int32_t ret;
+ struct stat buf;
+ ret = stat(path, &buf);
+ if (ret != 0)
+ printf_err("file stat failed: %s\n", path);
+ else
+ *size = buf.st_size;
+ return ret;
+}
+
+int32_t LoadFromFs(void *buffer, size_t size, const char *filePath, size_t *fileSize)
+{
+ int32_t ret;
+ /* check file name */
+ if (strstr(filePath, ".der") == NULL && strstr(filePath, ".crl") == NULL) {
+ ret = errno;
+ printf_err("only support der or crl file\n");
+ goto end;
+ }
+ /* get file length */
+ ret = GetFileSize(filePath, fileSize);
+ if (ret != 0) {
+ printf_err("get file length failed: %s\n", filePath);
+ goto end;
+ }
+ /* check file content overflow */
+ if (*fileSize > size) {
+ printf_err("file is too long: %s\n", filePath);
+ ret = errno;
+ goto end;
+ }
+ /* read contents from file into buffer */
+ FILE *fp = fopen(filePath, "r");
+ if (fp == NULL) {
+ ret = errno;
+ printf_err("open file failed: %s\n", filePath);
+ goto end;
+ }
+ size_t readLen = fread(buffer, 1, size, fp);
+ if (readLen != *fileSize) {
+ ret = errno;
+ printf_err("read file failed: %s\n", filePath);
+ }
+ (void)fclose(fp);
+end:
+ return ret;
+}
+
+int32_t StoreToFs(const void *buffer, uint32_t size, const char *filePath)
+{
+ int32_t ret = 0;
+ if (buffer == NULL || size == 0 || filePath == NULL) {
+ printf_err("store to fs bad parameters\n");
+ return errno;
+ }
+ /* write size of buffer into file */
+ FILE *fp = fopen(filePath, "w");
+ if (fp == NULL) {
+ ret = errno;
+ printf_err("open file failed: %s\n", filePath);
+ goto end;
+ }
+ size_t writeLen = fwrite(buffer, 1, size, fp);
+ if (writeLen != size) {
+ ret = errno;
+ printf_err("write file failed: %s\n", filePath);
+ }
+ (void)fclose(fp);
+end:
+ return ret;
+}
diff --git a/test/CA/cert_manager/cert_file.h b/test/CA/cert_manager/cert_file.h
new file mode 100644
index 0000000..7d68f40
--- /dev/null
+++ b/test/CA/cert_manager/cert_file.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: CA for certification management.
+ */
+#ifndef CERT_FILE_H
+#define CERT_FILE_H
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <unistd.h>
+
+bool IsFileExist(const char *path);
+int32_t LoadFromFs(void *buffer, size_t size, const char *filePath, size_t* fileSize);
+int32_t StoreToFs(const void *buffer, uint32_t size, const char *filePath);
+
+#endif
diff --git a/test/CA/cert_manager/cert_manager.c b/test/CA/cert_manager/cert_manager.c
new file mode 100644
index 0000000..da24c8f
--- /dev/null
+++ b/test/CA/cert_manager/cert_manager.c
@@ -0,0 +1,368 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: CA for certification management.
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <securec.h>
+#include <tee_client_api.h>
+#include <tee_client_type.h>
+#include <limits.h>
+
+#include "cert_file.h"
+#include "cert_common.h"
+
+#define TA_PATH "/usr/bin/4acaf7c8-c652-4643-9b7a-cc07e7a3187a.sec"
+
+/* commands */
+#define CMD_DESTROY "destroy"
+#define CMD_IMPORT "import"
+#define CMD_IMPORT_CRL "import_crl"
+#define CMD_EXPORT "export"
+/* sub commands of export */
+#define CMD_EXPORT_CERT "cert"
+#define CMD_EXPORT_LOG "log"
+
+/* number of command arguments */
+#define CMD_IMPORT_ARGC 3
+#define CMD_EXPORT_CERT_ARGC 4
+#define CMD_EXPORT_LOG_ARGC 3
+#define CMD_DESTROY_ARGC 2
+#define CMD_IMPORT_CRL_ARGC 3
+
+/* index of command parameters */
+#define CMD_NAME 1
+#define CMD_IMPORT_ARG_PATH 2
+#define CMD_EXPORT_SUBCMD 2
+#define CMD_EXPORT_ARG_PATH 3
+
+enum {
+ IPC_IMPORT_CERT = 1,
+ IPC_EXPORT_CERT = 2,
+ IPC_DESTROY_CERT = 3,
+ IPC_EXPORT_LOG = 4,
+ IPC_IMPORT_CRL = 5
+};
+
+enum {
+ CERTMANGER_CMD_IMPORT_CERT = 1,
+ CERTMANGER_CMD_EXPORT = 2,
+ CERTMANGER_CMD_DESTROY = 3,
+ CERTMANGER_CMD_IMPORT_CRL = 4
+};
+
+static TEEC_Result Destroy(TEEC_Session *session)
+{
+ TEEC_Result result;
+ /* invoke ipc command */
+ TEEC_Operation operation = { 0 };
+ operation.started = 1;
+ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE);
+ result = TEEC_InvokeCommand(session, IPC_DESTROY_CERT, &operation, NULL);
+ if (result != TEEC_SUCCESS)
+ printf_err("ipc failed\n");
+ return result;
+}
+
+static TEEC_Result ProcessExportResult(TEEC_SharedMemory *sharedMem, uint32_t len, const char *certPath)
+{
+ TEEC_Result result = TEEC_SUCCESS;
+ uint8_t *outbuf = (uint8_t *)malloc(sharedMem->size);
+ if (outbuf == NULL) {
+ printf_err("memory allocate failed\n");
+ result = TEEC_ERROR_OUT_OF_MEMORY;
+ goto end;
+ }
+ if (len == 0)
+ printf_err("warning: empty content\n");
+ /* replaced with memcpy(outbuf, sharedMem->buffer, len) when memcpy_s is not supported */
+ if (memcpy_s(outbuf, sharedMem->size, sharedMem->buffer, len) != EOK) {
+ result = TEEC_ERROR_OUT_OF_MEMORY;
+ printf_err("memcpy_s failed\n");
+ goto end;
+ }
+ if (certPath != NULL) {
+ if (StoreToFs(outbuf, len, certPath) != 0) {
+ result = TEEC_ERROR_WRITE_DATA;
+ printf_err("write to file failed: %s\n", certPath);
+ }
+ } else {
+ printf("%s\n", outbuf);
+ }
+end:
+ if (outbuf != NULL) {
+ free(outbuf);
+ outbuf = NULL;
+ }
+ return result;
+}
+
+static TEEC_Result Export(TEEC_Context *context, TEEC_Session *session, const char *cmdLine, const char *certPath)
+{
+ TEEC_Result result;
+ char realPath[PATH_MAX];
+ /* 1. parse sub-command */
+ uint32_t cmd;
+ if (memcmp(cmdLine, CMD_EXPORT_CERT, sizeof(CMD_EXPORT_CERT)) == 0) {
+ /* check Legality of certPath */
+ if (realpath(certPath, realPath) == NULL) {
+ result = errno;
+ printf_err("illegal certification path: %s\n", certPath);
+ goto end;
+ }
+ cmd = IPC_EXPORT_CERT;
+ } else if (memcmp(cmdLine, CMD_EXPORT_LOG, sizeof(CMD_EXPORT_LOG)) == 0) {
+ cmd = IPC_EXPORT_LOG;
+ } else {
+ result = TEEC_ERROR_INVALID_CMD;
+ printf_err("unknown sub-command: %s\n", cmdLine);
+ goto end;
+ }
+ /* 2. allocate shared memory */
+ TEEC_SharedMemory sharedMem;
+ sharedMem.size = (cmd == IPC_EXPORT_LOG) ? MAX_LOG_BUFFER_LEN : MAX_BUFFER_LEN;
+ sharedMem.flags = TEEC_MEM_OUTPUT | TEEC_MEM_INPUT;
+ result = TEEC_AllocateSharedMemory(context, &sharedMem);
+ if (result != TEEC_SUCCESS) {
+ printf_err("allocate shared memory failed\n");
+ goto end;
+ }
+ /* 3. invoke ipc command */
+ TEEC_Operation operation = { 0 };
+ operation.started = 1;
+ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INOUT, TEEC_NONE, TEEC_NONE, TEEC_NONE);
+ operation.params[0].memref.parent = &sharedMem;
+ operation.params[0].memref.offset = 0;
+ operation.params[0].memref.size = sharedMem.size;
+ result = TEEC_InvokeCommand(session, cmd, &operation, NULL);
+ if (result != TEEC_SUCCESS) {
+ printf_err("ipc failed\n");
+ goto free_sharedMem;
+ }
+ /* 4. process ipc result */
+ const char *path = cmd == IPC_EXPORT_CERT ? realPath : NULL;
+ result = ProcessExportResult(&sharedMem, operation.params[0].memref.size, path);
+free_sharedMem:
+ TEEC_ReleaseSharedMemory(&sharedMem);
+end:
+ return result;
+}
+
+static TEEC_Result Import(TEEC_Context *context, TEEC_Session *session, const char *certPath)
+{
+ TEEC_Result result;
+ char realPath[PATH_MAX];
+ /* 1. allocate shared memory */
+ TEEC_SharedMemory sharedMem;
+ sharedMem.size = MAX_BUFFER_LEN;
+ sharedMem.flags = TEEC_MEM_OUTPUT | TEEC_MEM_INPUT;
+ result = TEEC_AllocateSharedMemory(context, &sharedMem);
+ if (result != TEEC_SUCCESS) {
+ printf_err("allocate shared memory failed\n");
+ goto end;
+ }
+ /* 2. check certPath legality */
+ if (realpath(certPath, realPath) == NULL) {
+ printf_err("illegal certification path:%s\n", certPath);
+ result = errno;
+ goto free_sharedMem;
+ }
+ if (!IsFileExist(realPath)) {
+ printf_err("certification not exist:%s\n", certPath);
+ result = TEEC_ERROR_BAD_PARAMETERS;
+ goto free_sharedMem;
+ }
+ /* 3. read cert from filesystem to shared memory */
+ size_t fileSize = 0;
+ if (LoadFromFs(sharedMem.buffer, sharedMem.size, certPath, &fileSize) != 0) {
+ result = TEEC_ERROR_READ_DATA;
+ printf_err("load certification failed\n");
+ goto free_sharedMem;
+ }
+ /* 4. invoke ipc command */
+ TEEC_Operation operation = { 0 };
+ operation.started = 1;
+ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INPUT, TEEC_NONE, TEEC_NONE, TEEC_NONE);
+ operation.params[0].memref.parent = &sharedMem;
+ operation.params[0].memref.offset = 0;
+ operation.params[0].memref.size = fileSize;
+ result = TEEC_InvokeCommand(session, IPC_IMPORT_CERT, &operation, NULL);
+ if (result != TEEC_SUCCESS)
+ printf_err("ipc failed\n");
+free_sharedMem:
+ TEEC_ReleaseSharedMemory(&sharedMem);
+end:
+ return result;
+}
+
+static TEEC_Result ImportCrl(TEEC_Context *context, TEEC_Session *session, const char *certPath)
+{
+ TEEC_Result result;
+ char realPath[PATH_MAX];
+ /* 1. allocate shared memory */
+ TEEC_SharedMemory sharedMem;
+ sharedMem.size = MAX_BUFFER_LEN;
+ sharedMem.flags = TEEC_MEM_OUTPUT | TEEC_MEM_INPUT;
+ result = TEEC_AllocateSharedMemory(context, &sharedMem);
+ if (result != TEEC_SUCCESS) {
+ printf_err("allocate crl shared memory failed\n");
+ goto end;
+ }
+ /* 2. check certPath legality */
+ if (realpath(certPath, realPath) == NULL) {
+ printf_err("illegal certification path:%s\n", certPath);
+ result = errno;
+ goto free_sharedMem;
+ }
+ if (!IsFileExist(realPath)) {
+ printf_err("certification not exist:%s\n", certPath);
+ result = TEEC_ERROR_BAD_PARAMETERS;
+ goto free_sharedMem;
+ }
+ /* 3. read cert from filesystem to shared memory */
+ size_t fileSize = 0;
+ if (LoadFromFs(sharedMem.buffer, sharedMem.size, certPath, &fileSize) != 0) {
+ result = TEEC_ERROR_READ_DATA;
+ printf_err("load crl failed\n");
+ goto free_sharedMem;
+ }
+ /* 4. invoke ipc command */
+ TEEC_Operation operation = { 0 };
+ operation.started = 1;
+ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INPUT, TEEC_NONE, TEEC_NONE, TEEC_NONE);
+ operation.params[0].memref.parent = &sharedMem;
+ operation.params[0].memref.offset = 0;
+ operation.params[0].memref.size = fileSize;
+ result = TEEC_InvokeCommand(session, IPC_IMPORT_CRL, &operation, NULL);
+ if (result != TEEC_SUCCESS)
+ printf_err("ipc failed\n");
+free_sharedMem:
+ TEEC_ReleaseSharedMemory(&sharedMem);
+end:
+ return result;
+}
+
+static TEEC_UUID g_taId = {
+ 0x4acaf7c8, 0xc652, 0x4643,
+ { 0x9b, 0x7a, 0xcc, 0x07, 0xe7, 0xa3, 0x18, 0x7a }
+};
+
+static TEEC_Result OpenSessionTa(TEEC_Context *context, TEEC_Session *session)
+{
+ TEEC_UUID *uuidp = &g_taId;
+ TEEC_Operation operation = { 0 };
+ context->ta_path = (uint8_t *)TA_PATH;
+ operation.started = 1;
+ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE);
+ TEEC_Result result = TEEC_OpenSession(context, session, uuidp, TEEC_LOGIN_IDENTIFY, NULL, &operation, NULL);
+ if (result != TEEC_SUCCESS) {
+ printf_err("teec open session failed,result is 0x%x\n", result);
+ return result;
+ }
+ return TEEC_SUCCESS;
+}
+
+static int32_t GetInputCmd(int argc, char *argv[])
+{
+ if (argc < CMD_DESTROY_ARGC || argc > CMD_EXPORT_CERT_ARGC) {
+ printf_err("wrong parameters num \n");
+ return -1;
+ }
+ /* 1. process command line */
+ if (memcmp(argv[CMD_NAME], CMD_IMPORT, sizeof(CMD_IMPORT)) == 0 && argc == CMD_IMPORT_ARGC) {
+ /* import */
+ return CERTMANGER_CMD_IMPORT_CERT;
+ } else if (memcmp(argv[CMD_NAME], CMD_IMPORT_CRL, sizeof(CMD_IMPORT_CRL)) == 0 && argc == CMD_IMPORT_CRL_ARGC) {
+ /* import crl */
+ return CERTMANGER_CMD_IMPORT_CRL;
+ } else if (memcmp(argv[CMD_NAME], CMD_EXPORT, sizeof(CMD_EXPORT)) == 0 &&
+ (argc == CMD_EXPORT_CERT_ARGC || argc == CMD_EXPORT_LOG_ARGC)) {
+ /* export */
+ return CERTMANGER_CMD_EXPORT;
+ } else if (memcmp(argv[CMD_NAME], CMD_DESTROY, sizeof(CMD_DESTROY)) == 0 && argc == CMD_DESTROY_ARGC) {
+ /* destroy */
+ return CERTMANGER_CMD_DESTROY;
+ } else {
+ /* undefined */
+ printf("invalid command \n");
+ return -1;
+ }
+}
+
+static TEEC_Result SelectCmd(char *argv[], TEEC_Context *context, TEEC_Session *session, int32_t cmd)
+{
+ switch (cmd) {
+ case CERTMANGER_CMD_IMPORT_CERT:
+ return Import(context, session, argv[CMD_IMPORT_ARG_PATH]);
+ case CERTMANGER_CMD_IMPORT_CRL:
+ return ImportCrl(context, session, argv[CMD_IMPORT_ARG_PATH]);
+ case CERTMANGER_CMD_EXPORT:
+ return Export(context, session, argv[CMD_EXPORT_SUBCMD], argv[CMD_EXPORT_ARG_PATH]);
+ case CERTMANGER_CMD_DESTROY:
+ return Destroy(session);
+ default:
+ printf_err("failed, errno input:%d\n", cmd);
+ return TEEC_ERROR_INVALID_CMD;
+ }
+}
+
+int main(int argc, char *argv[])
+{
+ int32_t ret = 0;
+ TEEC_Result result;
+ TEEC_Context context;
+ TEEC_Session session;
+
+ /* 1. check input cmd */
+ int32_t cmd = GetInputCmd(argc, argv);
+ if (cmd <= 0) {
+ printf_err("input parameter errno\n");
+ return -1;
+ }
+
+ /* 2. init context */
+ result = TEEC_InitializeContext(NULL, &context);
+ if (result != TEEC_SUCCESS) {
+ printf_err("teec initialize failed\n");
+ return -1;
+ }
+
+ /* 3. open session */
+ result = OpenSessionTa(&context, &session);
+ if (result != TEEC_SUCCESS) {
+ printf_err("teec open session failed\n");
+ goto final;
+ }
+
+ /* 4. select cmd */
+ result = SelectCmd(argv, &context, &session, cmd);
+ switch (result) {
+ case TEEC_SUCCESS:
+ printf("success\n");
+ break;
+ case TEEC_ERROR_ITEM_NOT_FOUND:
+ printf_err("ssa log is not exist\n");
+ ret = -1;
+ goto close;
+ default:
+ printf_err("certmanger error: %d\n", result);
+ ret = -1;
+ goto close;
+ }
+close:
+ TEEC_CloseSession(&session);
+final:
+ TEEC_FinalizeContext(&context);
+ return ret;
+}
diff --git a/test/CA/helloworld/Makefile b/test/CA/helloworld/Makefile
new file mode 100644
index 0000000..d4392da
--- /dev/null
+++ b/test/CA/helloworld/Makefile
@@ -0,0 +1,24 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved.
+CUR_DIR=$(shell pwd)
+ITRUSTEE_BUILD_PATH=${CUR_DIR}/../../../
+
+TARGET_APP := demo_hello
+
+APP_SOURCES := ./ca_demo.c
+
+APP_SOURCES += $(ITRUSTEE_BUILD_PATH)/src/CA/libteec_adaptor.c
+
+APP_CFLAGS += -fstack-protector-strong -fPIC
+
+APP_CFLAGS += -I$(ITRUSTEE_BUILD_PATH)/include/CA \
+
+APP_LDFLAGS += -ldl -lpthread
+
+APP_LDFLAGS += -z text -z now -z relro -z noexecstack -pie -s
+
+APP_OBJECTS := $(APP_SOURCES:.c=.o)
+$(TARGET_APP): $(APP_SOURCES)
+ @$(CC) $(APP_CFLAGS) -o $@ $(APP_SOURCES) $(APP_LDFLAGS)
+
+clean:
+ rm -f *.o $(TARGET_APP)
diff --git a/test/CA/helloworld/ca_demo.c b/test/CA/helloworld/ca_demo.c
index 57c0e35..630ce84 100755
--- a/test/CA/helloworld/ca_demo.c
+++ b/test/CA/helloworld/ca_demo.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,6 +8,7 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: C file template for CA
*/
#include <stdio.h>
@@ -25,10 +26,8 @@
#define OPERATION_START_FLAG 1
#define OUT_BUFF_INDEX 3
-static const TEEC_UUID DEMO_TEMPLATE_UUID =
-{
- 0xe3d37f4a, 0xf24c, 0x48d0,
- { 0x88, 0x84, 0x3b, 0xdd, 0x6c, 0x44, 0xe9, 0x88 }
+static const TEEC_UUID g_demoTemplateUuid = {
+ 0xe3d37f4a, 0xf24c, 0x48d0, { 0x88, 0x84, 0x3b, 0xdd, 0x6c, 0x44, 0xe9, 0x88 }
};
enum {
@@ -57,16 +56,14 @@ int main(void)
operation.paramTypes = TEEC_PARAM_TYPES(
TEEC_NONE,
TEEC_NONE,
- TEEC_MEMREF_TEMP_INPUT,
- TEEC_MEMREF_TEMP_INPUT);
+ TEEC_NONE,
+ TEEC_NONE);
result = TEEC_OpenSession(
- &context, &session, &DEMO_TEMPLATE_UUID, TEEC_LOGIN_IDENTIFY, NULL, &operation, &origin);
+ &context, &session, &g_demoTemplateUuid, TEEC_LOGIN_IDENTIFY, NULL, &operation, &origin);
if (result != TEEC_SUCCESS) {
printf("teec open session failed");
goto cleanup_2;
- } else {
- TEEC_Debug("teec open session successed");
}
operation.started = OPERATION_START_FLAG;
diff --git a/test/CA/libqca/Makefile b/test/CA/libqca/Makefile
new file mode 100644
index 0000000..51d5112
--- /dev/null
+++ b/test/CA/libqca/Makefile
@@ -0,0 +1,42 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved.
+CUR_DIR=$(shell pwd)
+ITRUSTEE_BUILD_PATH=${CUR_DIR}/../../../
+
+TARGET_LIB := libqca.so
+TARGET_DIR := output
+TARGET_LIB_BOUNDSCHECK := libboundscheck.so
+
+LIB_SOURCES := src/ra_operate_api.c
+
+LIB_SOURCES += $(ITRUSTEE_BUILD_PATH)/src/CA/libteec_adaptor.c
+
+LIB_CFLAGS += -Werror -Wall -Wextra -fstack-protector-strong -Wl,-z,relro,-z,now,-z,noexecstack -s -fPIC -D_FORTIFY_SOURCE=2 -O2
+
+LIB_CFLAGS += -I$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck/include
+LIB_CFLAGS += -I$(ITRUSTEE_BUILD_PATH)/include/CA
+LIB_CFLAGS += -I./include
+
+LIB_LDFLAGS += -ldl -lpthread
+LIB_LDFLAGS += -lboundscheck -L$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck/lib/
+
+LIB_OBJECTS := $(LIB_SOURCES:.c=.o)
+
+all: $(TARGET_LIB_BOUNDSCHECK) $(TARGET_LIB)
+
+LIB_BOUNDSCHECK_DIR := $(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck/
+$(TARGET_LIB_BOUNDSCHECK):
+ @echo "compile libboundscheck start"
+ @$(MAKE) -C $(LIB_BOUNDSCHECK_DIR)
+ @echo "compile libboundscheck finish"
+
+$(TARGET_LIB): $(TARGET_LIB_BOUNDSCHECK) $(LIB_SOURCES)
+ @echo "start compile libqca.so ......"
+ @$(CC) -shared $(LIB_CFLAGS) -o $@ $(LIB_SOURCES) $(LIB_LDFLAGS)
+ @mkdir -p $(TARGET_DIR)
+ @mv $(TARGET_LIB) $(TARGET_DIR)
+ @echo "compile libqca.so done!"
+
+clean:
+ $(MAKE) -C $(LIB_BOUNDSCHECK_DIR) clean
+ rm -rf $(LIB_OBJECTS)
+ rm -rf $(TARGET_DIR)
diff --git a/test/CA/libqca/include/ra_client_api.h b/test/CA/libqca/include/ra_client_api.h
new file mode 100644
index 0000000..dd793a3
--- /dev/null
+++ b/test/CA/libqca/include/ra_client_api.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+#ifndef LIBQCA_H
+#define LIBQCA_H
+#include <tee_client_type.h>
+
+struct ra_buffer_data {
+ uint32_t size;
+ uint8_t *buf;
+};
+
+TEEC_Result RemoteAttest(struct ra_buffer_data *in, struct ra_buffer_data *out);
+#endif
diff --git a/test/CA/libqca/src/ra_log.h b/test/CA/libqca/src/ra_log.h
new file mode 100644
index 0000000..1cb9d38
--- /dev/null
+++ b/test/CA/libqca/src/ra_log.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+#ifndef LIBQCA_RA_LOG_H
+#define LIBQCA_RA_LOG_H
+
+#define TAG_WARN "[warn]"
+#define TAG_INFO "[info]"
+#define TAG_ERROR "[error]"
+#define TAG_DEBUG "[debug]"
+
+#define LIBQCA_PREFIX "libqca"
+
+#define tloge(fmt, args...) printf("[%s] %s %d:" fmt " ", LIBQCA_PREFIX, TAG_ERROR, __LINE__, ##args)
+#define tlogd(fmt, args...) printf("[%s] %s %d:" fmt " ", LIBQCA_PREFIX, TAG_DEBUG, __LINE__, ##args)
+#define tlogi(fmt, args...) printf("[%s] %s %d:" fmt " ", LIBQCA_PREFIX, TAG_INFO, __LINE__, ##args)
+#define tlogw(fmt, args...) printf("[%s] %s %d:" fmt " ", LIBQCA_PREFIX, TAG_WARN, __LINE__, ##args)
+
+#endif
diff --git a/test/CA/libqca/src/ra_operate_api.c b/test/CA/libqca/src/ra_operate_api.c
new file mode 100644
index 0000000..810f11f
--- /dev/null
+++ b/test/CA/libqca/src/ra_operate_api.c
@@ -0,0 +1,147 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+#include "ra_operate_api.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include "tee_client_api.h"
+#include "securec.h"
+#include "ra_log.h"
+#include "ra_client_api.h"
+
+static const TEEC_UUID g_tee_qta_uuid = {
+ 0xe08f7eca, 0xe875, 0x440e, {
+ 0x9a, 0xb0, 0x5f, 0x38, 0x11, 0x36, 0xc6, 0x00
+ }
+};
+
+static TEEC_Result set_remote_attest_out_data(TEEC_SharedMemory *shared_out, uint32_t out_size,
+ struct ra_buffer_data *out)
+{
+ if (out == NULL || out->buf == NULL) {
+ return TEEC_SUCCESS;
+ }
+ if (out_size == 0) {
+ out->size = out_size;
+ return TEEC_SUCCESS;
+ } else if (out_size > out->size) {
+ tloge("out size is too short\n");
+ return TEEC_ERROR_SHORT_BUFFER;
+ }
+ if (memcpy_s(out->buf, out->size, shared_out->buffer, out_size) != EOK) {
+ tloge("memcpy shared out buffer failed\n");
+ return TEEC_ERROR_GENERIC;
+ }
+ out->size = out_size;
+ return TEEC_SUCCESS;
+}
+
+static TEEC_Result handle_remote_attest(TEEC_Context *context, TEEC_Session *session, struct ra_buffer_data *in,
+ struct ra_buffer_data *out)
+{
+ uint32_t origin;
+ TEEC_Operation operation = {0};
+ operation.started = 1;
+ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INPUT, TEEC_MEMREF_PARTIAL_OUTPUT,
+ TEEC_VALUE_OUTPUT, TEEC_NONE);
+
+ TEEC_SharedMemory shared_in;
+ (void)memset_s(&shared_in, sizeof(shared_in), 0, sizeof(shared_in));
+ shared_in.size = in->size;
+ shared_in.flags = TEEC_MEM_INPUT;
+ TEEC_Result result = TEEC_AllocateSharedMemory(context, &shared_in);
+ if (result != TEEC_SUCCESS) {
+ tloge("allocate shared input failed, result = 0x%x.\n", result);
+ return result;
+ }
+ operation.params[0].memref.parent = &shared_in;
+ operation.params[0].memref.size = shared_in.size;
+ operation.params[0].memref.offset = 0;
+ (void)memcpy_s(shared_in.buffer, in->size, in->buf, in->size);
+
+ TEEC_SharedMemory shared_out;
+ (void)memset_s(&shared_out, sizeof(shared_out), 0, sizeof(shared_out));
+ shared_out.flags = TEEC_MEM_OUTPUT;
+ if (out != NULL && out->buf != NULL) {
+ shared_out.size = out->size;
+ result = TEEC_AllocateSharedMemory(context, &shared_out);
+ if (result != TEEC_SUCCESS) {
+ tloge("allocate shared output failed, result = 0x%x.\n", result);
+ goto clear1;
+ }
+ (void)memset_s(out->buf, out->size, 0, out->size);
+ (void)memset_s(shared_out.buffer, shared_out.size, 0, shared_out.size);
+ }
+ operation.params[1].memref.parent = &shared_out;
+ operation.params[1].memref.size = shared_out.size;
+ operation.params[1].memref.offset = 0;
+
+ result = TEEC_InvokeCommand(session, REMOTE_ATTEST_CMD, &operation, &origin);
+ if (result != TEEC_SUCCESS) {
+ tloge("invoke command failed, result = 0x%x\n", result);
+ goto clear2;
+ }
+
+ result = set_remote_attest_out_data(&shared_out, operation.params[2].value.a, out);
+clear2:
+ if (out != NULL && out->buf != NULL)
+ TEEC_ReleaseSharedMemory(&shared_out);
+clear1:
+ TEEC_ReleaseSharedMemory(&shared_in);
+ return result;
+}
+
+TEEC_Result RemoteAttest(struct ra_buffer_data *in, struct ra_buffer_data *out)
+{
+ if (in == NULL || in->buf == NULL || in->size == 0 || in->size > PARAMS_RESERVED_SIZE) {
+ tloge("check input failed\n");
+ return TEEC_ERROR_BAD_PARAMETERS;
+ }
+
+ if (out != NULL) {
+ if (out->size > SHAREMEM_LIMIT || (out->buf == NULL && out->size > 0) ||
+ (out->buf != NULL && out->size < OUT_DATA_RESERVED_SIZE)) {
+ tloge("check output failed\n");
+ return TEEC_ERROR_BAD_PARAMETERS;
+ }
+ }
+
+ TEEC_Context context = {0};
+ TEEC_Session session = {0};
+ TEEC_Operation operation = {0};
+ TEEC_UUID uuid = g_tee_qta_uuid;
+
+ TEEC_Result result = TEEC_InitializeContext(NULL, &context);
+ if (result != TEEC_SUCCESS) {
+ tloge("init context is failed, result is 0x%x\n", result);
+ return result;
+ }
+
+ operation.started = 1;
+ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE);
+ result = TEEC_OpenSession(&context, &session, &uuid, TEEC_LOGIN_IDENTIFY, NULL, &operation, NULL);
+ if (result != TEEC_SUCCESS) {
+ tloge("open session is failed, result is 0x%x\n", result);
+ goto cleanup_1;
+ }
+
+ result = handle_remote_attest(&context, &session, in, out);
+ if (result != TEEC_SUCCESS) {
+ tloge("handle remote attest failed, result is 0x%x\n", result);
+ goto cleanup_2;
+ }
+
+cleanup_2:
+ TEEC_CloseSession(&session);
+cleanup_1:
+ TEEC_FinalizeContext(&context);
+ return result;
+}
diff --git a/test/CA/libqca/src/ra_operate_api.h b/test/CA/libqca/src/ra_operate_api.h
new file mode 100644
index 0000000..0269712
--- /dev/null
+++ b/test/CA/libqca/src/ra_operate_api.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+#ifndef LIBQCA_RA_OPERATE_H
+#define LIBQCA_RA_OPERATE_H
+
+#include <stdint.h>
+#include "tee_client_api.h"
+#include "ra_client_api.h"
+
+#define SHAREMEM_LIMIT (0x100000) /* 1 MB */
+#define PARAMS_RESERVED_SIZE (0x2000)
+#define OUT_DATA_RESERVED_SIZE (0x3000)
+#define REMOTE_ATTEST_CMD (0x1001)
+
+#endif
diff --git a/test/TA/cert_manager/CMakeLists.txt b/test/TA/cert_manager/CMakeLists.txt
new file mode 100644
index 0000000..47a92b9
--- /dev/null
+++ b/test/TA/cert_manager/CMakeLists.txt
@@ -0,0 +1,38 @@
+# sdk cmake.
+# Copyright (c) Huawei Technologies Co., Ltd. 2021-2022. All rights reserved.
+cmake_minimum_required(VERSION 3.16 FATAL_ERROR)
+project(tee_sdk C)
+
+if (PROJECT_SOURCE_DIR STREQUAL PROJECT_BINARY_DIR)
+ message(FATAL_ERROR "Forbid compiling in the source tree")
+endif()
+
+include(${CMAKE_CURRENT_SOURCE_DIR}/config.cmake)
+include($ENV{ITRUSTEE_BUILD_PATH}/build/cmake/common.cmake)
+
+set(LIBRARY_OUTPUT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+set(CURRENT_TARGET_SO "combine")
+
+set(SDK_C_SOURCES
+ ${SDK_C_SOURCES}
+ src/cert_logger.c
+ src/cert_manager.c
+)
+
+set(COMMON_INCLUDES
+ ${COMMON_INCLUDES}
+ ${CMAKE_CURRENT_SOURCE_DIR}/include
+ ${CMAKE_CURRENT_SOURCE_DIR}/src
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../include/TA
+)
+
+add_library(${CURRENT_TARGET_SO} SHARED ${SDK_C_SOURCES})
+target_include_directories(${CURRENT_TARGET_SO} PUBLIC ${COMMON_INCLUDES})
+target_compile_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_CFLAGS})
+target_link_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_LDFLAGS})
+
+add_custom_command(
+ TARGET ${CURRENT_TARGET_SO} POST_BUILD
+ COMMAND sh $ENV{ITRUSTEE_BUILD_PATH}/build/tools/ta_entry_check.sh ${CMAKE_READELF} ${CMAKE_CURRENT_SOURCE_DIR}/libcombine.so n y ${TARGET_IS_ARM64}
+ COMMAND python3 -B $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/signtool_v3.py ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR} --privateCfg $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/config_cloud.ini
+)
diff --git a/test/TA/cert_manager/Makefile b/test/TA/cert_manager/Makefile
new file mode 100644
index 0000000..19ef02c
--- /dev/null
+++ b/test/TA/cert_manager/Makefile
@@ -0,0 +1,34 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2021-2022. All rights reserved.
+include ./config.mk
+include ../../../build/mk/common.mk
+
+# set the compilation tool chain example : export CC=path_to_gcc ; export LD=path_to_ld
+
+SRC += $(wildcard src/*.c)
+
+# set header directory
+INCLUDEDIR += -I${CUR_DIR}/include
+INCLUDEDIR += -I${CUR_DIR}/src
+INCLUDEDIR += -I${CUR_DIR}/../../../include/TA
+
+#set libhwsecurec path example : INCLUDEDIR += -Ipath_to_libhwsecurec
+
+# set target
+COBJS := $(SRC:%.c=%.o)
+TARGET = $(COBJS)
+
+sec_binary:combine
+ python3 -B ${SIGNTOOL_DIR}/signtool_v3.py ${CUR_DIR} ${CUR_DIR} --privateCfg ${SIGNTOOL_DIR}/config_cloud.ini
+
+combine: $(TARGET)
+ $(LD) $(LDFLAGS) $(TARGET) $(EXTRAO) -o libcombine.so
+ bash $(ITRUSTEE_BUILD_PATH)/build/tools/ta_entry_check.sh $(READELF) $(shell pwd)/libcombine.so n y $(TARGET_IS_ARM64)
+
+src/%.o: ./src/%.c
+ $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@
+
+%.o: %.c
+ $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@
+
+clean:
+ rm -f $(COBJS) *.so *.sec
diff --git a/test/TA/cert_manager/config.cmake b/test/TA/cert_manager/config.cmake
new file mode 100644
index 0000000..933d051
--- /dev/null
+++ b/test/TA/cert_manager/config.cmake
@@ -0,0 +1,11 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+#
+# API_LEVEL which indicates the GP API version of TA
+# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee
+# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner
+# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support
+# If no API_LEVEL is specified, API of GP 1.0 will be taken
+set(COMMON_CFLAGS -DAPI_LEVEL=1)
+if ("${TARGET_IS_ARM64}" STREQUAL "")
+ set(TARGET_IS_ARM64 y)
+endif()
\ No newline at end of file
diff --git a/test/TA/cert_manager/config.mk b/test/TA/cert_manager/config.mk
new file mode 100644
index 0000000..5e4ccfa
--- /dev/null
+++ b/test/TA/cert_manager/config.mk
@@ -0,0 +1,12 @@
+#
+# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+#
+# API_LEVEL which indicates the GP API version of TA
+# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee
+# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner
+# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support
+# If no API_LEVEL is specified, API of GP 1.0 will be taken
+CFLAGS += -DAPI_LEVEL=1
+ifeq ($(TARGET_IS_ARM64),)
+ TARGET_IS_ARM64 = y
+endif
\ No newline at end of file
diff --git a/test/TA/cert_manager/config.sh b/test/TA/cert_manager/config.sh
new file mode 100644
index 0000000..ad3c822
--- /dev/null
+++ b/test/TA/cert_manager/config.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+# This script is used to compile the demo sdk.
+set -e
+
+export SOURCE_PATH=$(dirname $0)
+export ABS_SOURCE_PATH=$(cd ${SOURCE_PATH};pwd)
+export ITRUSTEE_BUILD_PATH=${ABS_SOURCE_PATH}/../../..
+
+#clean
+if [ "$#" -eq 1 ] && [ "$1"x = "clean"x ]; then
+ rm -f *.o *.so *.sec
+ if [ -d "cmake_build" ]; then
+ rm -rf cmake_build
+ echo "rm -rf cmake_build"
+ fi
+ exit 0
+fi
+
+echo "Cmake compile TA begin"
+if [ -d "cmake_build" ]; then
+ rm -rf cmake_build
+ echo "rm -rf cmake_build"
+fi
+mkdir -p cmake_build
+echo "mkdir cmake_build"
+cd cmake_build/
+
+cmake -DCMAKE_TOOLCHAIN_FILE=${ITRUSTEE_BUILD_PATH}/build/cmake/aarch64_toolchain.cmake ..
+
+make VERBOSE=1
+
+cd ..
+rm -rf cmake_build
\ No newline at end of file
diff --git a/test/TA/cert_manager/include/cert_config.h b/test/TA/cert_manager/include/cert_config.h
new file mode 100644
index 0000000..dee55d0
--- /dev/null
+++ b/test/TA/cert_manager/include/cert_config.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: declaration of logger tool interfaces.
+ */
+#ifndef CERT_CONFIG_H
+#define CERT_CONFIG_H
+
+#define CERT_MANAGER_DEPLOY_PATH "/usr/bin/certmanager"
+#define CERT_MANAGER_DEPLOY_USER "root"
+
+/*
+ * defines the public key for verifying the imported certification.
+ */
+const char g_root_public_key[] = {
+/* add public_key len 550*/
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+#endif
diff --git a/test/TA/cert_manager/manifest.txt b/test/TA/cert_manager/manifest.txt
new file mode 100644
index 0000000..c3f9b41
--- /dev/null
+++ b/test/TA/cert_manager/manifest.txt
@@ -0,0 +1,7 @@
+gpd.ta.appID: 4acaf7c8-c652-4643-9b7a-cc07e7a3187a
+gpd.ta.service_name: certmanager
+gpd.ta.singleInstance: true
+gpd.ta.multiSession: true
+gpd.ta.instanceKeepAlive: false
+gpd.ta.dataSize: 2097152
+gpd.ta.stackSize: 32768
\ No newline at end of file
diff --git a/test/TA/cert_manager/src/cert_logger.c b/test/TA/cert_manager/src/cert_logger.c
new file mode 100644
index 0000000..99b1dfb
--- /dev/null
+++ b/test/TA/cert_manager/src/cert_logger.c
@@ -0,0 +1,165 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: logger tool implementations.
+ */
+#include "cert_logger.h"
+
+#include <tee_log.h>
+#include <tee_trusted_storage_api.h>
+#include <string.h>
+#include <stdlib.h>
+#include <securec.h>
+
+static const char *g_log_path = "dyn_crt_op.log";
+
+static TEE_Result log_open(TEE_ObjectHandle *obj, uint32_t flag)
+{
+ uint32_t storage_id = TEE_OBJECT_STORAGE_PRIVATE;
+ uint32_t create_flag = TEE_DATA_FLAG_ACCESS_WRITE |
+ TEE_DATA_FLAG_ACCESS_WRITE_META |
+ TEE_DATA_FLAG_ACCESS_READ;
+ /* open log file */
+ TEE_Result ret = TEE_OpenPersistentObject(storage_id, g_log_path, strlen(g_log_path), flag, obj);
+ if (ret == TEE_ERROR_ITEM_NOT_FOUND &&
+ (((flag & TEE_DATA_FLAG_ACCESS_WRITE) != 0) || ((flag & TEE_DATA_FLAG_ACCESS_WRITE_META) != 0) ||
+ ((flag & TEE_DATA_FLAG_SHARE_WRITE) != 0))) {
+ /* create it if file is not exist when writing or changing metadata */
+ tlogi("file not exist, creating: %s\n", g_log_path);
+ ret = TEE_CreatePersistentObject(storage_id, g_log_path, strlen(g_log_path),
+ create_flag, TEE_HANDLE_NULL,
+ NULL, 0, obj);
+ if (ret != TEE_SUCCESS)
+ tloge("create file failed: %s\n", g_log_path);
+ }
+ return ret;
+}
+
+/* truncate if the file beyonds MAX_LOG_LINE_NUM */
+static TEE_Result log_truncate(TEE_ObjectHandle obj)
+{
+ TEE_Result ret;
+ char buf[MAX_LOG_SIZE] = { 0 };
+ uint32_t len = 0;
+ /* 1. read all content in the log file into memory buf */
+ ret = TEE_SeekObjectData(obj, 0, TEE_DATA_SEEK_SET);
+ if (ret != TEE_SUCCESS) {
+ tloge("seek file failed: %s\n", g_log_path);
+ goto end;
+ }
+ ret = TEE_ReadObjectData(obj, buf, sizeof(buf), &len);
+ if (ret != TEE_SUCCESS) {
+ tloge("read file failed: %s\n", g_log_path);
+ goto end;
+ }
+ /* 2. statistic line-breaks for counting lines */
+ int line_cnt = 0;
+ for (uint32_t i = 0; i < len; ++i) {
+ if (buf[i] == '\n')
+ line_cnt += 1;
+ }
+ /* 3. if the line number is overflow, remove the first (line_cnt - MAX_LOG_LINE_NUM) lines */
+ if (line_cnt > MAX_LOG_LINE_NUM) {
+ /* line break */
+ uint32_t line_break_idx = 0;
+ uint32_t remain = line_cnt - MAX_LOG_LINE_NUM;
+ for (uint32_t i = 0; remain > 0; ++i) {
+ if (buf[i] == '\n') {
+ line_break_idx = i;
+ remain--;
+ }
+ }
+ /* 3.1 override the first (line_cnt - MAX_LOG_LINE_NUM) lines */
+ uint32_t resize_to = len - line_break_idx - 1;
+ if (memmove_s(buf, sizeof(buf), buf + line_break_idx + 1, resize_to) != EOK) {
+ tloge("memory movement failed\n");
+ ret = TEE_ERROR_OUT_OF_MEMORY;
+ goto end;
+ }
+ /* 3.2 write back to the start of file */
+ ret = TEE_SeekObjectData(obj, 0, TEE_DATA_SEEK_SET);
+ if (ret != TEE_SUCCESS) {
+ tloge("seek file failed: %s\n", g_log_path);
+ goto end;
+ }
+ ret = TEE_WriteObjectData(obj, buf, resize_to);
+ if (ret != TEE_SUCCESS)
+ tloge("write file failed: %s\n", g_log_path);
+ /* 3.3 truncate to correct size */
+ ret = TEE_TruncateObjectData(obj, resize_to);
+ if (ret != TEE_SUCCESS)
+ tloge("truncate file failed: %s\n", g_log_path);
+ }
+end:
+ return ret;
+}
+
+/* write a NULL-terminated string into log */
+TEE_Result cert_log_write(char *log_info)
+{
+ TEE_Result ret;
+ TEE_ObjectHandle obj;
+ if (log_info == NULL)
+ return TEE_ERROR_BAD_PARAMETERS;
+ /* 1. open log file */
+ uint32_t open_flag = TEE_DATA_FLAG_ACCESS_WRITE |
+ TEE_DATA_FLAG_SHARE_WRITE |
+ TEE_DATA_FLAG_SHARE_READ |
+ TEE_DATA_FLAG_ACCESS_READ;
+ ret = log_open(&obj, open_flag);
+ if (ret != TEE_SUCCESS) {
+ tloge("open file failed: %s\n", g_log_path);
+ goto end;
+ }
+ /* 2. append log to the end */
+ ret = TEE_SeekObjectData(obj, 0, TEE_DATA_SEEK_END);
+ if (ret != TEE_SUCCESS) {
+ tloge("seek file failed: %s\n", g_log_path);
+ goto close;
+ }
+ ret = TEE_WriteObjectData(obj, log_info, strlen(log_info));
+ if (ret != TEE_SUCCESS) {
+ tloge("write file failed: %s\n", g_log_path);
+ goto close;
+ }
+ /* 3. truncate the file for keeping the number of lines MAX_LOG_LINE_NUM */
+ ret = log_truncate(obj);
+ if (ret != TEE_SUCCESS) {
+ tloge("roll back file failed: %s\n", g_log_path);
+ goto close;
+ }
+close:
+ (void)TEE_SyncPersistentObject(obj);
+ TEE_CloseObject(obj);
+end:
+ return ret;
+}
+
+TEE_Result cert_log_read(char *dst, uint64_t dst_len, uint32_t *read_len)
+{
+ TEE_Result ret;
+ TEE_ObjectHandle obj;
+ if (dst == NULL || read_len == NULL)
+ return TEE_ERROR_BAD_PARAMETERS;
+ /* 1. open log file */
+ uint32_t open_flag = TEE_DATA_FLAG_ACCESS_READ | TEE_DATA_FLAG_SHARE_READ;
+ ret = log_open(&obj, open_flag);
+ if (ret != TEE_SUCCESS) {
+ tloge("open file failed: %s\n", g_log_path);
+ goto end;
+ }
+ /* 2. read log file */
+ ret = TEE_ReadObjectData(obj, dst, dst_len, read_len);
+ if (ret != TEE_SUCCESS)
+ tloge("read file failed: %s\n", g_log_path);
+ TEE_CloseObject(obj);
+end:
+ return ret;
+}
diff --git a/test/TA/cert_manager/src/cert_logger.h b/test/TA/cert_manager/src/cert_logger.h
new file mode 100644
index 0000000..ec8ebeb
--- /dev/null
+++ b/test/TA/cert_manager/src/cert_logger.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: declaration of logger tool interfaces.
+ */
+#ifndef CERT_LOGGER_H
+#define CERT_LOGGER_H
+
+#include <tee_defines.h>
+
+/*
+ * MAX_LOG_LINE_NUM: defines the max line numbers of which the operation log records.
+ * MAX_LOG_LINE_LEN: defines the max length of each operation log entry.
+ * MAX_LOG_SIZE: defines the max size of the operation log file.
+ * Notice: MAX_LOG_LINE_NUM * MAX_LOG_LINE_LEN <= MAX_LOG_SIZE
+ */
+#define MAX_LOG_LINE_NUM 60
+#define MAX_LOG_LINE_LEN 150
+#define MAX_LOG_SIZE 10000
+
+TEE_Result cert_log_write(char *log_info);
+TEE_Result cert_log_read(char *dst, uint64_t dst_len, uint32_t *read_len);
+
+#endif
diff --git a/test/TA/cert_manager/src/cert_manager.c b/test/TA/cert_manager/src/cert_manager.c
new file mode 100644
index 0000000..7764af8
--- /dev/null
+++ b/test/TA/cert_manager/src/cert_manager.c
@@ -0,0 +1,301 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: do cert management on kunpeng.
+ */
+#include <stdlib.h>
+#include <tee_log.h>
+#include <permsrv_api_cert.h>
+#include <permsrv_api_legacy.h>
+#include <tee_ext_api.h>
+#include <securec.h>
+#include <time.h>
+#include <cert_config.h>
+
+#include "cert_logger.h"
+
+enum {
+ SAVE_CERT_CMD = 1,
+ SEARCH_CERT_CMD = 2,
+ DEL_CERT_CMD = 3,
+ SEARCH_LOG_CMD = 4,
+ SEND_CRL_CMD = 5
+};
+
+#define ACTION_CRT_EXPORT "export"
+#define ACTION_CRT_IMPORT "cert_import"
+#define ACTION_CRL_IMPORT "crl_import"
+#define ACTION_CRT_REMOVE "remove"
+#define ACTION_CRT_UNDEFINED "undefined"
+#define MAX_BUFFER_LEN 8192
+#define MAX_LOG_BUFFER_LEN 10000
+#define BASE_YEAR 1900
+#define BASE_MON 1
+
+static void log_action(const char *action, TEE_Result result)
+{
+ /* format result */
+ char *suc = result == TEE_SUCCESS ? "true" : "false";
+ /* get system time */
+ struct timespec time;
+ clock_gettime(CLOCK_REALTIME, &time);
+ struct tm *lt = localtime(&time.tv_sec);
+ if (lt == NULL) {
+ tloge("get UTC time failed\n");
+ return;
+ }
+ /* format log entry: "[yyyy/mm/dd HH:MM:SS] ACTION: xxx, SUCCESS: true/false " */
+ char buf[MAX_LOG_LINE_LEN];
+ if (snprintf_s(buf, sizeof(buf), sizeof(buf) - 1,
+ "[UTC:%04d/%02d/%02d %02d:%02d:%02d] ACTION: %s, SUCCESS: %s.\n",
+ lt->tm_year + BASE_YEAR, lt->tm_mon + BASE_MON, lt->tm_mday, lt->tm_hour, lt->tm_min, lt->tm_sec,
+ action, suc) < 0) {
+ tloge("format log entry failed\n");
+ return;
+ }
+ /* write into log file on ssa */
+ if (cert_log_write(buf) != TEE_SUCCESS)
+ tloge("write to log failed\n");
+}
+
+/* ----------------------------------------------------------------------------
+ * Trusted Application Entry Points
+ * ----------------------------------------------------------------------------
+ */
+
+static TEE_Result cert_verify_and_send(uint32_t param_types, TEE_Param params[4])
+{
+ TEE_Result ret;
+ const char *pubkey = g_root_public_key;
+ uint32_t pubkey_len = sizeof(g_root_public_key) / sizeof(char);
+ if (!check_param_type(param_types,
+ TEE_PARAM_TYPE_MEMREF_INPUT,
+ TEE_PARAM_TYPE_NONE,
+ TEE_PARAM_TYPE_NONE,
+ TEE_PARAM_TYPE_NONE)) {
+ tloge("Bad expected parameter types, 0x%x.\n", param_types);
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ if (params[0].memref.size == 0 || params[0].memref.size > MAX_BUFFER_LEN || params[0].memref.buffer == NULL) {
+ tloge("Bad expected parameter.\n");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ ret = ta_signing_cert_import(params[0].memref.buffer, params[0].memref.size, pubkey, pubkey_len);
+ if (ret != TEE_SUCCESS)
+ tloge("cert store failed\n");
+ return ret;
+}
+
+static TEE_Result crl_send_service(uint32_t param_types, TEE_Param params[4])
+{
+ TEE_Result ret;
+ if (!check_param_type(param_types,
+ TEE_PARAM_TYPE_MEMREF_INPUT,
+ TEE_PARAM_TYPE_NONE,
+ TEE_PARAM_TYPE_NONE,
+ TEE_PARAM_TYPE_NONE)) {
+ tloge("Bad expected parameter types, 0x%x.\n", param_types);
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ if (params[0].memref.size == 0 || params[0].memref.size > MAX_BUFFER_LEN || params[0].memref.buffer == NULL) {
+ tloge("Bad expected parameter.\n");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ ret = TEE_EXT_crl_cert_process(params[0].memref.buffer, params[0].memref.size);
+ if (ret != TEE_SUCCESS)
+ tloge("crl send failed\n");
+ return ret;
+}
+
+static TEE_Result cert_search_service(uint32_t param_types, uint32_t cmd_id, TEE_Param params[4])
+{
+ TEE_Result ret = TEE_SUCCESS;
+ uint32_t limit = params[0].memref.size;
+ uint32_t len = 0;
+ uint8_t *dst = NULL;
+ if (!check_param_type(param_types,
+ TEE_PARAM_TYPE_MEMREF_INOUT,
+ TEE_PARAM_TYPE_NONE,
+ TEE_PARAM_TYPE_NONE,
+ TEE_PARAM_TYPE_NONE)) {
+ tloge("Bad expected parameter types, 0x%x.\n", param_types);
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ if (params[0].memref.size == 0 || params[0].memref.size > MAX_LOG_BUFFER_LEN || params[0].memref.buffer == NULL) {
+ tloge("Bad expected parameter.\n");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ dst = (uint8_t *)malloc(params[0].memref.size);
+ if (dst == NULL) {
+ tloge("malloc failed");
+ return TEE_ERROR_OUT_OF_MEMORY;
+ }
+
+ switch (cmd_id) {
+ case SEARCH_CERT_CMD:
+ ret = ta_signing_cert_export((uint8_t *)dst, &len, limit);
+ break;
+ case SEARCH_LOG_CMD:
+ ret = cert_log_read((char *)dst, limit, &len);
+ if (len < limit) {
+ dst[len++] = '\0';
+ } else {
+ dst[limit - 1] = '\0';
+ len = limit;
+ }
+ break;
+ default:
+ break;
+ }
+ if (memcpy_s(params[0].memref.buffer, limit, dst, len) != EOK) {
+ free(dst);
+ dst = NULL;
+ return TEE_ERROR_SECURITY;
+ }
+
+ params[0].memref.size = len;
+ if (ret != TEE_SUCCESS)
+ tloge("cert search failed\n");
+ free(dst);
+ dst = NULL;
+ return ret;
+}
+
+static TEE_Result cert_delete_service(uint32_t param_types)
+{
+ TEE_Result ret;
+ if (!check_param_type(param_types,
+ TEE_PARAM_TYPE_NONE,
+ TEE_PARAM_TYPE_NONE,
+ TEE_PARAM_TYPE_NONE,
+ TEE_PARAM_TYPE_NONE)) {
+ tloge("Bad expected parameter types, 0x%x.\n", param_types);
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+ ret = ta_signing_cert_destroy();
+ if (ret != TEE_SUCCESS)
+ tloge("cert delete failed\n");
+ return ret;
+}
+
+/**
+ * Function TA_CreateEntryPoint
+ * Description:
+ * The function TA_CreateEntryPoint is the Trusted Application's constructor,
+ * which the Framework calls when it creates a new instance of the Trusted Application.
+ */
+TEE_Result TA_CreateEntryPoint(void)
+{
+ TEE_Result ret = addcaller_ca_exec(CERT_MANAGER_DEPLOY_PATH, CERT_MANAGER_DEPLOY_USER);
+ if (ret != TEE_SUCCESS)
+ tloge("TA_CreateEntryPoint: AddCaller_CA_exec failed.\n");
+ return ret;
+}
+
+/**
+ * Function TA_OpenSessionEntryPoint
+ * Description:
+ * The Framework calls the function TA_OpenSessionEntryPoint
+ * when a client requests to open a session with the Trusted Application.
+ * The open session request may result in a new Trusted Application instance
+ * being created.
+ */
+TEE_Result TA_OpenSessionEntryPoint(uint32_t paramTypes,
+ TEE_Param params[4], void** sessionContext)
+{
+ /* -Wunused-parameter */
+ (void)paramTypes;
+ /* -Wunused-parameter */
+ (void)params;
+ /* -Wunused-parameter */
+ (void)sessionContext;
+ SLogTrace("---- TA_OpenSessionEntryPoint -------- ");
+ return TEE_SUCCESS;
+}
+
+/**
+ * Function TA_InvokeCommandEntryPoint
+ * Description:
+ * The Framework calls this function when the client invokes a command
+ * within the given session.
+ */
+TEE_Result TA_InvokeCommandEntryPoint(void* sessionContext, uint32_t cmd_id,
+ uint32_t paramTypes, TEE_Param params[4])
+{
+ /* -Wunused-parameter */
+ (void)sessionContext;
+ TEE_Result ret;
+ char *action = NULL;
+ switch (cmd_id) {
+ case SAVE_CERT_CMD:
+ action = ACTION_CRT_IMPORT;
+ ret = cert_verify_and_send(paramTypes, params);
+ if (ret != TEE_SUCCESS)
+ tloge("certificate restoring failed\n");
+ break;
+ case SEND_CRL_CMD:
+ action = ACTION_CRL_IMPORT;
+ ret = crl_send_service(paramTypes, params);
+ if (ret != TEE_SUCCESS)
+ tloge("crl restoring failed\n");
+ break;
+ case SEARCH_CERT_CMD:
+ /* fall through: to be handled with the same function as SEARCH_LOG_CMD case */
+ case SEARCH_LOG_CMD:
+ action = ACTION_CRT_EXPORT;
+ ret = cert_search_service(paramTypes, cmd_id, params);
+ if (ret != TEE_SUCCESS)
+ tloge("certificate searching failed\n");
+ break;
+ case DEL_CERT_CMD:
+ action = ACTION_CRT_REMOVE;
+ ret = cert_delete_service(paramTypes);
+ if (ret != TEE_SUCCESS)
+ tloge("certificate delete failed\n");
+ break;
+ default:
+ action = ACTION_CRT_UNDEFINED;
+ ret = TEE_ERROR_BAD_PARAMETERS;
+ break;
+ }
+ log_action(action, ret);
+ return ret;
+}
+
+/**
+ * Function TA_CloseSessionEntryPoint
+ * Description:
+ * The Framework calls this function to close a client session.
+ * During the call to this function the implementation can use
+ * any session functions.
+ */
+void TA_CloseSessionEntryPoint(void* sessionContext)
+{
+ /* -Wunused-parameter */
+ (void)sessionContext;
+ SLogTrace("---- TA_CloseSessionEntryPoint ----- ");
+}
+
+/**
+ * Function TA_DestroyEntryPoint
+ * Description:
+ * The function TA_DestroyEntryPoint is the Trusted Application's destructor,
+ * which the Framework calls when the instance is being destroyed.
+ */
+void TA_DestroyEntryPoint(void)
+{
+ SLogTrace("---- TA_DestroyEntryPoint ---- ");
+}
diff --git a/test/TA/helloworld/CMakeLists.txt b/test/TA/helloworld/CMakeLists.txt
new file mode 100644
index 0000000..45334da
--- /dev/null
+++ b/test/TA/helloworld/CMakeLists.txt
@@ -0,0 +1,30 @@
+# sdk cmake.
+# Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved.
+cmake_minimum_required(VERSION 3.16 FATAL_ERROR)
+project(tee_sdk C)
+
+if (PROJECT_SOURCE_DIR STREQUAL PROJECT_BINARY_DIR)
+ message(FATAL_ERROR "Forbid compiling in the source tree")
+endif()
+
+include(${CMAKE_CURRENT_SOURCE_DIR}/config.cmake)
+include($ENV{ITRUSTEE_BUILD_PATH}/build/cmake/common.cmake)
+
+set(LIBRARY_OUTPUT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+set(CURRENT_TARGET_SO "combine")
+
+set(SDK_C_SOURCES
+ ${SDK_C_SOURCES}
+ ta_demo.c
+)
+
+add_library(${CURRENT_TARGET_SO} SHARED ${SDK_C_SOURCES})
+target_include_directories(${CURRENT_TARGET_SO} PUBLIC ${COMMON_INCLUDES})
+target_compile_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_CFLAGS})
+target_link_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_LDFLAGS})
+
+add_custom_command(
+ TARGET ${CURRENT_TARGET_SO} POST_BUILD
+ COMMAND ${CMAKE_OBJCOPY} ${CMAKE_CURRENT_SOURCE_DIR}/libcombine.so
+ COMMAND python3 -B $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/signtool_v3.py ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR} --privateCfg $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/config_cloud.ini
+)
diff --git a/test/TA/helloworld/Makefile b/test/TA/helloworld/Makefile
new file mode 100644
index 0000000..1a659b2
--- /dev/null
+++ b/test/TA/helloworld/Makefile
@@ -0,0 +1,28 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved.
+include ./config.mk
+include ../../../build/mk/common.mk
+
+SRC += $(wildcard ./*.c)
+
+# set header directory
+INCLUDEDIR += -I./include
+
+# set target
+COBJS := $(SRC:%.c=%.o)
+TARGET = $(COBJS)
+
+sec_binary:combine
+ python3 -B ${SIGNTOOL_DIR}/signtool_v3.py ${CUR_DIR} ${CUR_DIR} --privateCfg ${SIGNTOOL_DIR}/config_cloud.ini
+
+combine: $(TARGET)
+ $(LD) $(LDFLAGS) $(TARGET) $(EXTRAO) -o libcombine.so
+ objcopy libcombine.so
+
+src/%.o: ./src/%.c
+ $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@
+
+%.o: %.c
+ $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@
+
+clean:
+ rm -f $(COBJS) *.so *.sec
diff --git a/test/TA/helloworld/ReadMe.txt b/test/TA/helloworld/ReadMe.txt
index e10f8b8..0802d8b 100755
--- a/test/TA/helloworld/ReadMe.txt
+++ b/test/TA/helloworld/ReadMe.txt
@@ -1,2 +1,5 @@
-Makefile is located in different folder for different product
-please switch to target folder and execute "make" command to build TA binary for target product
+You need to install the pycryptodome library of python and run the make command to compile the binary of ta.
+
+If TA wants to regist driver's permission, you must have dynamic permission file and driver's excel
+The name of the dynamic permission file must be 'dyn_perm.xml', the driver's excel's name can be 'driver name'.xlsx, and you can get it from driver's developer.
+You must install the xlrd-1.2.0 and defusedxml-0.7.1 library of python and run the make command to sign the binary of ta.
\ No newline at end of file
diff --git a/test/TA/helloworld/auth_config.xml b/test/TA/helloworld/auth_config.xml
new file mode 100644
index 0000000..d71581d
--- /dev/null
+++ b/test/TA/helloworld/auth_config.xml
@@ -0,0 +1,7 @@
+<auth_conf>
+ <auth_base_info auth_enable="true" auth_type_uid="false" />
+ <auth_cmdline_username>
+ <item cmdline="/vendor/bin/demo_hello" username="root" />
+ <item cmdline="/vendor/bin/dyn/demo_hello" username="root" />
+ </auth_cmdline_username>
+</auth_conf>
diff --git a/test/TA/helloworld/config.cmake b/test/TA/helloworld/config.cmake
new file mode 100644
index 0000000..929328b
--- /dev/null
+++ b/test/TA/helloworld/config.cmake
@@ -0,0 +1,23 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+#
+# API_LEVEL which indicates the GP API version of TA
+# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee
+# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner
+# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support
+# If no API_LEVEL is specified, API of GP 1.0 will be taken
+
+# TEE flags
+set(COMMON_CFLAGS -DAPI_LEVEL=1)
+if ("${TARGET_IS_ARM64}" STREQUAL "")
+ set(TARGET_IS_ARM64 y)
+endif()
+
+# USE_SMEE which indicates the feature of sram memory encryption
+# set(USE_SMEE y) indicates the feature of sram memory encryption will be enabled
+# If no USE_SMEE is specified, smee feature will be disabled
+# If USE_SMEE is specified and a section is custimized,
+# explicitly specify the segment to which the section belongs in the link script(ta_link_64.smee.ld)
+set(USE_SMEE n)
+if ("${USE_SMEE}" STREQUAL "")
+ set(USE_SMEE n)
+endif()
diff --git a/test/TA/helloworld/config.mk b/test/TA/helloworld/config.mk
index ebdbd8c..7a405a3 100644
--- a/test/TA/helloworld/config.mk
+++ b/test/TA/helloworld/config.mk
@@ -1,10 +1,23 @@
#
-# Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
+# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
#
# API_LEVEL which indicates the GP API version of TA
# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee
# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner
# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support
-# If no API_LEVEL is specified, API of GP 1.0 will be taked
+# If no API_LEVEL is specified, API of GP 1.0 will be taken
+#
+# USE_SMEE which indicates the feature of sram memory encryption
+# USE_SMEE=y indicates the feature of sram memory encryption will be enabled
+# If no USE_SMEE is specified, smee feature will not be disabled
+# If USE_SMEE is specified and a section is custimized,
+# explicitly specify the segment to which the section belongs in the link script(ta_link_64.smee.ld)
+
CFLAGS += -DAPI_LEVEL=1
-TARGET_IS_ARM64 = y
+USE_SMEE = n
+ifeq ($(TARGET_IS_ARM64),)
+ TARGET_IS_ARM64 = y
+endif
+ifeq ($(USE_SMEE),)
+ USE_SMEE = n
+endif
diff --git a/test/TA/helloworld/config.sh b/test/TA/helloworld/config.sh
new file mode 100644
index 0000000..f1170b9
--- /dev/null
+++ b/test/TA/helloworld/config.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+# Copyright Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+# This script is used to compile the demo sdk.
+set -e
+
+export SOURCE_PATH=$(dirname $0)
+export ABS_SOURCE_PATH=$(cd ${SOURCE_PATH};pwd)
+export ITRUSTEE_BUILD_PATH=${ABS_SOURCE_PATH}/../../..
+
+#clean
+if [ "$#" -eq 1 ] && [ "$1"x = "clean"x ]; then
+ rm -f *.o *.so *.sec
+ if [ -d "cmake_build" ]; then
+ rm -rf cmake_build
+ echo "rm -rf cmake_build"
+ fi
+ exit 0
+fi
+
+echo "Cmake compile TA begin"
+if [ -d "cmake_build" ]; then
+ rm -rf cmake_build
+ echo "rm -rf cmake_build"
+fi
+mkdir -p cmake_build
+echo "mkdir cmake_build"
+cd cmake_build/
+
+cmake -DCMAKE_TOOLCHAIN_FILE=${ITRUSTEE_BUILD_PATH}/build/cmake/aarch64_toolchain.cmake ..
+
+make VERBOSE=1
+
+cd ..
+rm -rf cmake_build
diff --git a/test/TA/helloworld/ta_demo.c b/test/TA/helloworld/ta_demo.c
index ec17d6d..5c1f6b6 100755
--- a/test/TA/helloworld/ta_demo.c
+++ b/test/TA/helloworld/ta_demo.c
@@ -1,6 +1,6 @@
/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -8,6 +8,7 @@
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
+ * Description: TA template code for reference
*/
#include <tee_ext_api.h>
@@ -24,7 +25,7 @@ enum {
static TEE_Result get_ta_version(char* buffer, size_t *buf_len)
{
- char *version = TA_TEMPLATE_VERSION;
+ const char *version = TA_TEMPLATE_VERSION;
if (*buf_len < strlen(version) + 1) {
tloge("buffer is too short for storing result");
@@ -49,14 +50,12 @@ static TEE_Result get_ta_version(char* buffer, size_t *buf_len)
*/
TEE_Result TA_CreateEntryPoint(void)
{
- TEE_Result ret = TEE_ERROR_GENERIC;
+ TEE_Result ret;
tlogd("----- TA entry point ----- ");
tlogd("TA version: %s", TA_TEMPLATE_VERSION);
-#ifdef CONFIG_AUTH_CLOUD
- ret = addcaller_ca_exec("/vendor/bin/teec_hello", "root");
-#endif
+ ret = addcaller_ca_exec("/vendor/bin/demo_hello", "root");
if (ret == TEE_SUCCESS) {
tlogd("TA entry point: add ca whitelist success");
} else {
@@ -149,5 +148,5 @@ void TA_CloseSessionEntryPoint(void* session_context)
*/
void TA_DestroyEntryPoint(void)
{
- tlogd("---- destory TA ---- ");
+ tlogd("---- destroy TA ---- ");
}
diff --git a/test/TA/qta/CMakeLists.txt b/test/TA/qta/CMakeLists.txt
new file mode 100644
index 0000000..e39ca5e
--- /dev/null
+++ b/test/TA/qta/CMakeLists.txt
@@ -0,0 +1,67 @@
+# sdk cmake.
+# Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved.
+cmake_minimum_required(VERSION 3.16 FATAL_ERROR)
+project(tee_sdk C)
+
+if (PROJECT_SOURCE_DIR STREQUAL PROJECT_BINARY_DIR)
+ message(FATAL_ERROR "Forbid compiling in the source tree")
+endif()
+
+include(${CMAKE_CURRENT_SOURCE_DIR}/config.cmake)
+include($ENV{ITRUSTEE_BUILD_PATH}/build/cmake/common.cmake)
+
+set(LIBRARY_OUTPUT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+set(CURRENT_TARGET_SO "combine")
+
+# enable check daa pairing using MIRACAL library
+# you should download the opensource library: miracl/core, copy its dir c/ into src/, and compile core.a
+# for instance:
+# cd src; ln -s $MIRACL_DIR/c miracl-c
+# cd miracl-c; export CC=xxx CFLAGS=-fPIC; python3 config64.py -o 33; unset CC CFLAGS
+set(ENABLE_DAA_PAIR_MIRACL n)
+if ("${ENABLE_DAA_PAIR_MIRACL}" STREQUAL "y")
+ set(DAA_PAIR_MIRACL_C_DIR ${CMAKE_CURRENT_SOURCE_DIR}/src/miracl-c)
+ set(DAA_PAIR_MIRACL_C_INC ${DAA_PAIR_MIRACL_C_DIR}/)
+ set(DAA_PAIR_MIRACL_C_LIB ${DAA_PAIR_MIRACL_C_DIR}/core.a)
+ set(DAA_PAIR_MIRACL_C_SRC
+ src/daa/validate_akcert.c
+ src/daa/daa_structure.c
+ )
+else()
+ set(DAA_PAIR_MIRACL_C_INC "")
+ set(DAA_PAIR_MIRACL_C_SRC "")
+endif()
+
+# qta need cjson, so you can download cjson and rename cJSON to put it src directory
+set(CJSON_INC ${CMAKE_CURRENT_SOURCE_DIR}/src/cJSON)
+set(CJSON_SRC ${CMAKE_CURRENT_SOURCE_DIR}/src/cJSON/cJSON.c)
+
+set(SDK_C_SOURCES
+ ${SDK_C_SOURCES}
+ src/tee_qta.c
+ ${CJSON_SRC}
+ ${DAA_PAIR_MIRACL_C_SRC}
+)
+
+set(COMMON_INCLUDES
+ ${COMMON_INCLUDES}
+ ${CMAKE_CURRENT_SOURCE_DIR}/src/.
+ ${CJSON_INC}
+ ${DAA_PAIR_MIRACL_C_INC}
+)
+
+add_library(${CURRENT_TARGET_SO} SHARED ${SDK_C_SOURCES})
+target_include_directories(${CURRENT_TARGET_SO} PUBLIC ${COMMON_INCLUDES})
+target_compile_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_CFLAGS})
+target_link_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_LDFLAGS})
+
+if ("${ENABLE_DAA_PAIR_MIRACL}" STREQUAL "y")
+ add_definitions(-DENABLE_DAA_PAIR_MIRACL)
+ target_link_libraries(${CURRENT_TARGET_SO} PUBLIC ${DAA_PAIR_MIRACL_C_LIB})
+endif()
+
+add_custom_command(
+ TARGET ${CURRENT_TARGET_SO} POST_BUILD
+ COMMAND ${CMAKE_OBJCOPY} ${CMAKE_CURRENT_SOURCE_DIR}/libcombine.so
+ COMMAND python3 -B $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/signtool_v3.py ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR} --privateCfg $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/config_cloud.ini
+)
diff --git a/test/TA/qta/Makefile b/test/TA/qta/Makefile
new file mode 100644
index 0000000..cefce06
--- /dev/null
+++ b/test/TA/qta/Makefile
@@ -0,0 +1,41 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved.
+include ./config.mk
+include ../../../build/mk/common.mk
+
+SRC += $(wildcard ./src/*.c)
+
+# set header directory
+INCLUDEDIR += -I./src
+
+# qta need cJSON code, so download it and put it into src
+SRC += ./src/cJSON/cJSON.c
+INCLUDEDIR += -I./src/cJSON/
+
+# if enable daa, so need to download pair_miracl lib
+ifeq ($(ENABLE_DAA_PAIR_MIRACL), true)
+INCLUDEDIR += -I./src/miracl-c
+CFLAGS += -DENABLE_DAA_PAIR_MIRACL
+LDFLFAGS += -lcore -L./src/miracl-c
+SRC += ./src/daa/validate_akcert.c \
+ ./src/daa/daa_structure.c
+endif
+
+# set target
+COBJS := $(SRC:%.c=%.o)
+TARGET = $(COBJS)
+
+sec_binary:combine
+ python3 -B ${SIGNTOOL_DIR}/signtool_v3.py ${CUR_DIR} ${CUR_DIR} --privateCfg ${SIGNTOOL_DIR}/config_cloud.ini
+
+combine: $(TARGET)
+ $(LD) $(LDFLAGS) $(TARGET) $(EXTRAO) -o libcombine.so
+ objcopy libcombine.so
+
+src/%.o: ./src/%.c
+ $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@
+
+%.o: %.c
+ $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@
+
+clean:
+ rm -f $(COBJS) *.so *.sec
diff --git a/test/TA/qta/ReadMe.txt b/test/TA/qta/ReadMe.txt
new file mode 100644
index 0000000..7cc8b88
--- /dev/null
+++ b/test/TA/qta/ReadMe.txt
@@ -0,0 +1,12 @@
+You need to install the pycryptodome library of python and run the make command to compile the binary of ta.
+
+qta is trusted application for remote attestion, when compile it, some libraries and tools are depended on.
+
+1. cjson: download it, put it to "src" directory, rename it into cJSON
+2. miracl core: when you enable DAA feture in makefile or cmakelist, download it and execute follow cmd:
+ 2.1 copy c directory in miracl into src, example copy miracl/c ./src/miracl-c
+ 2.2 cd ./src/miracl-c;
+ 2.3 export CC=gcc CFLAGS=-fPIC; python3 config64.py -o 33;unset CC CFLAGS
+ 2.4 cp core.a libcore.a
+3. make for make cmd; or sh config.sh for cmake cmd
+
diff --git a/test/TA/qta/config.cmake b/test/TA/qta/config.cmake
new file mode 100644
index 0000000..b7323b6
--- /dev/null
+++ b/test/TA/qta/config.cmake
@@ -0,0 +1,23 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+#
+# API_LEVEL which indicates the GP API version of TA
+# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee
+# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner
+# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support
+# If no API_LEVEL is specified, API of GP 1.0 will be taken
+#
+# USE_SMEE which indicates the feature of sram memory encryption
+# set(USE_SMEE y) indicates the feature of sram memory encryption will be enabled
+# If no USE_SMEE is specified, smee feature will be disabled
+# If USE_SMEE is specified and a section is custimized,
+# explicitly specify the segment to which the section belongs in the link script(ta_link_64.smee.ld)
+
+# TEE flags
+set(COMMON_CFLAGS -DAPI_LEVEL=1)
+set(USE_SMEE n)
+if ("${TARGET_IS_ARM64}" STREQUAL "")
+ set(TARGET_IS_ARM64 y)
+endif()
+if ("${USE_SMEE}" STREQUAL "")
+ set(USE_SMEE n)
+endif()
diff --git a/test/TA/qta/config.mk b/test/TA/qta/config.mk
new file mode 100644
index 0000000..7a405a3
--- /dev/null
+++ b/test/TA/qta/config.mk
@@ -0,0 +1,23 @@
+#
+# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+#
+# API_LEVEL which indicates the GP API version of TA
+# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee
+# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner
+# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support
+# If no API_LEVEL is specified, API of GP 1.0 will be taken
+#
+# USE_SMEE which indicates the feature of sram memory encryption
+# USE_SMEE=y indicates the feature of sram memory encryption will be enabled
+# If no USE_SMEE is specified, smee feature will not be disabled
+# If USE_SMEE is specified and a section is custimized,
+# explicitly specify the segment to which the section belongs in the link script(ta_link_64.smee.ld)
+
+CFLAGS += -DAPI_LEVEL=1
+USE_SMEE = n
+ifeq ($(TARGET_IS_ARM64),)
+ TARGET_IS_ARM64 = y
+endif
+ifeq ($(USE_SMEE),)
+ USE_SMEE = n
+endif
diff --git a/test/TA/qta/config.sh b/test/TA/qta/config.sh
new file mode 100644
index 0000000..f1170b9
--- /dev/null
+++ b/test/TA/qta/config.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+# Copyright Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+# This script is used to compile the demo sdk.
+set -e
+
+export SOURCE_PATH=$(dirname $0)
+export ABS_SOURCE_PATH=$(cd ${SOURCE_PATH};pwd)
+export ITRUSTEE_BUILD_PATH=${ABS_SOURCE_PATH}/../../..
+
+#clean
+if [ "$#" -eq 1 ] && [ "$1"x = "clean"x ]; then
+ rm -f *.o *.so *.sec
+ if [ -d "cmake_build" ]; then
+ rm -rf cmake_build
+ echo "rm -rf cmake_build"
+ fi
+ exit 0
+fi
+
+echo "Cmake compile TA begin"
+if [ -d "cmake_build" ]; then
+ rm -rf cmake_build
+ echo "rm -rf cmake_build"
+fi
+mkdir -p cmake_build
+echo "mkdir cmake_build"
+cd cmake_build/
+
+cmake -DCMAKE_TOOLCHAIN_FILE=${ITRUSTEE_BUILD_PATH}/build/cmake/aarch64_toolchain.cmake ..
+
+make VERBOSE=1
+
+cd ..
+rm -rf cmake_build
diff --git a/test/TA/qta/manifest.txt b/test/TA/qta/manifest.txt
new file mode 100644
index 0000000..72c7d8c
--- /dev/null
+++ b/test/TA/qta/manifest.txt
@@ -0,0 +1,7 @@
+gpd.ta.appID: e08f7eca-e875-440e-9ab0-5f381136c600
+gpd.ta.service_name: tee_qta
+gpd.ta.singleInstance: true
+gpd.ta.multiSession: true
+gpd.ta.instanceKeepAlive: false
+gpd.ta.dataSize: 304857
+gpd.ta.stackSize: 64768
diff --git a/test/TA/qta/src/daa/daa_structure.c b/test/TA/qta/src/daa/daa_structure.c
new file mode 100644
index 0000000..cde248a
--- /dev/null
+++ b/test/TA/qta/src/daa/daa_structure.c
@@ -0,0 +1,185 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+#include "daa_structure.h"
+
+#include <securec.h>
+#include <errno.h>
+#include <tee_defines.h>
+#include <tee_log.h>
+#include <tee_ext_api.h>
+#include <tee_core_api.h>
+
+#define HEX_STR_SIZE_PER_CHAR 2
+#define BIT_4 4
+#define BYTE_HIGH_BIT_4 0xF0
+#define BYTE_LOW_BIT_4 0xF
+#define BYTE_CONVERT_ERROR 0xFF
+#define is_between_value(value, min, max) (((value) >= (min)) && ((value) <= (max)))
+#define cal_char_value(value, min, inc) ((value) - (min) + (inc))
+static uint8_t hex2ch(uint8_t c)
+{
+ if (is_between_value(c, '0', '9')) {
+ return cal_char_value(c, '0', 0);
+ } else if (is_between_value(c, 'a', 'f')) {
+ return cal_char_value(c, 'a', 10);
+ } else if (is_between_value(c, 'A', 'F')) {
+ return cal_char_value(c, 'A', 10);
+ } else {
+ tloge("hex2ch: Error! Input is not a hex value!");
+ return BYTE_CONVERT_ERROR;
+ }
+}
+
+void free_daa_grp_pubkey(struct daa_grp_pubkey *pubkey)
+{
+ if (pubkey == NULL || pubkey->pt_size == 0 || pubkey->pt_size > DAA_ECC_PT_MAX_SIZE)
+ return;
+ for (uint32_t i = 0; i < DAA_GRP_PUBKEY_DIMS; i++) {
+ if (pubkey->pt_buf[i]) {
+ free(pubkey->pt_buf[i]);
+ pubkey->pt_buf[i] = NULL;
+ }
+ }
+ pubkey->pt_size = 0;
+}
+
+static TEE_Result hex_array2ch_array(uint8_t *hex_cert, uint8_t *cert, uint32_t cert_size)
+{
+ uint8_t ch_high, ch_low;
+ for (uint32_t j = 0; j < cert_size; j++) {
+ ch_high = hex2ch(hex_cert[HEX_STR_SIZE_PER_CHAR * j]);
+ ch_low = hex2ch(hex_cert[HEX_STR_SIZE_PER_CHAR * j + 1]);
+ if (ch_high == BYTE_CONVERT_ERROR || ch_low == BYTE_CONVERT_ERROR) {
+ tloge("bad hex string, j %u\n", j);
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+ cert[j] = ((ch_high << BIT_4) & BYTE_HIGH_BIT_4) + ch_low;
+ }
+ return TEE_SUCCESS;
+}
+
+TEE_Result alloc_daa_grp_pubkey(uint8_t *hex_array[DAA_GRP_PUBKEY_DIMS], uint32_t hex_pt_size,
+ struct daa_grp_pubkey *pubkey)
+{
+ tlogi("TA request to convert daa group key\n");
+ if (hex_array == NULL || hex_pt_size == 0 || hex_pt_size > DAA_ECC_PT_MAX_SIZE || pubkey == NULL) {
+ tloge("bad params to convert daa grp pubkeys\n");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ TEE_Result ret;
+ pubkey->pt_size = hex_pt_size / HEX_STR_SIZE_PER_CHAR;
+ for (uint32_t i = 0; i < DAA_GRP_PUBKEY_DIMS; i++) {
+ pubkey->pt_buf[i] = (uint8_t*)malloc(pubkey->pt_size);
+ if (pubkey->pt_buf[i] == NULL) {
+ tloge("alloc pubkey failed\n");
+ ret = TEE_ERROR_OUT_OF_MEMORY;
+ goto err;
+ }
+ }
+
+ /* copy data */
+ for (uint32_t i = 0; i < DAA_GRP_PUBKEY_DIMS; i++) {
+ ret = hex_array2ch_array(hex_array[i], pubkey->pt_buf[i], pubkey->pt_size);
+ if (ret != TEE_SUCCESS) {
+ tloge("bad hex string, i %u\n", i);
+ goto err;
+ }
+ }
+
+ tlogi("convert daa group key succeed!\n");
+ return TEE_SUCCESS;
+err:
+ free_daa_grp_pubkey(pubkey);
+ pubkey = NULL;
+ return ret;
+}
+
+static TEE_Result get_akcert_one_field(struct daa_ak_cert *cert, uint32_t idx, uint8_t *field_buf, uint32_t field_size)
+{
+ uint32_t pos = 0;
+ uint32_t x_size = 0;
+ uint32_t y_size = 0;
+
+ /* get x field */
+ if (memcpy_s(&x_size, sizeof(uint32_t), field_buf + pos, sizeof(uint32_t)) != 0)
+ return TEE_ERROR_GENERIC;
+ pos += (uint32_t)sizeof(uint32_t);
+ if (x_size > field_size || pos > field_size - x_size)
+ return TEE_ERROR_BAD_PARAMETERS;
+ cert->pt_buf[(idx << 1)] = field_buf + pos;
+
+ if (cert->pt_size != 0 && cert->pt_size != x_size) {
+ tloge("the pt_size for all extract data do not match! %u vs. %u\n", x_size, cert->pt_size);
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+ cert->pt_size = x_size;
+ pos += x_size;
+
+ /* get y field */
+ if (pos > field_size - sizeof(uint32_t))
+ return TEE_ERROR_BAD_PARAMETERS;
+ if (memcpy_s(&y_size, sizeof(uint32_t), field_buf + pos, sizeof(uint32_t)) != 0)
+ return TEE_ERROR_GENERIC;
+ pos += (uint32_t)sizeof(uint32_t);
+ if (y_size > field_size || pos > field_size - y_size)
+ return TEE_ERROR_BAD_PARAMETERS;
+ cert->pt_buf[(idx << 1) + 1] = field_buf + pos;
+ if (cert->pt_size != y_size) {
+ tloge("the pt_size for all extract data do not match! %u vs. %u\n", y_size, cert->pt_size);
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ return TEE_SUCCESS;
+}
+
+TEE_Result convert_daa_ak_cert(struct daa_ak_cert *cert, uint8_t *akcert, uint32_t akcert_size)
+{
+ if (cert == NULL || akcert == NULL || akcert_size < (uint32_t)sizeof(uint32_t) ||
+ akcert_size > DAA_SAVE_AKCERT_MAX_SIZE)
+ return TEE_ERROR_BAD_PARAMETERS;
+
+ uint32_t pos = 0;
+ TEE_Result ret;
+ uint32_t field_size = 0;
+ uint8_t *field_buf = NULL;
+ for (uint32_t i = 0; i < (DAA_AK_CERT_DIMS >> 1); i++) {
+ if (pos > akcert_size - (uint32_t)sizeof(uint32_t))
+ return TEE_ERROR_BAD_PARAMETERS;
+
+ if (memcpy_s(&field_size, sizeof(uint32_t), akcert + pos, sizeof(uint32_t)) != 0)
+ return TEE_ERROR_GENERIC;
+
+ pos += (uint32_t)sizeof(uint32_t);
+ field_buf = akcert + pos;
+
+ ret = get_akcert_one_field(cert, i, field_buf, field_size);
+ if (ret != TEE_SUCCESS) {
+ tloge("get one field[%u] from akcert failed\n", i);
+ return ret;
+ }
+
+ pos += field_size;
+ }
+ tlogi("convert daa_ak_cert succeed!\n");
+ return TEE_SUCCESS;
+}
+
+TEE_Result load_daa_hex_akcert(uint8_t *hex_cert, uint32_t hex_cert_size, uint8_t *cert, uint32_t cert_size)
+{
+ if (hex_cert == NULL || cert == NULL || hex_cert_size == 0 ||
+ hex_cert_size / HEX_STR_SIZE_PER_CHAR != cert_size) {
+ tloge("cannot convert hex to raw, bad params\n");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+ return hex_array2ch_array(hex_cert, cert, cert_size);
+}
diff --git a/test/TA/qta/src/daa/daa_structure.h b/test/TA/qta/src/daa/daa_structure.h
new file mode 100644
index 0000000..3e07b3b
--- /dev/null
+++ b/test/TA/qta/src/daa/daa_structure.h
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+#ifndef TEE_QTA_DAA_STRUCTURE_H
+#define TEE_QTA_DAA_STRUCTURE_H
+#include <tee_defines.h>
+
+#define DAA_ECC_PT_MAX_SIZE 256
+#define DAA_SAVE_AKCERT_MAX_SIZE 0x1000
+
+enum {
+ DAA_GRP_PK_X_X0 = 0,
+ DAA_GRP_PK_X_Y0,
+ DAA_GRP_PK_X_X1,
+ DAA_GRP_PK_X_Y1,
+ DAA_GRP_PK_Y_X0,
+ DAA_GRP_PK_Y_Y0,
+ DAA_GRP_PK_Y_X1,
+ DAA_GRP_PK_Y_Y1,
+ DAA_GRP_PUBKEY_DIMS
+};
+struct daa_grp_pubkey {
+ uint8_t *pt_buf[DAA_GRP_PUBKEY_DIMS];
+ uint32_t pt_size; /* size of all uint8_t* is pt_size */
+};
+
+enum {
+ DAA_AK_CERT_A_X = 0,
+ DAA_AK_CERT_A_Y,
+ DAA_AK_CERT_B_X,
+ DAA_AK_CERT_B_Y,
+ DAA_AK_CERT_C_X,
+ DAA_AK_CERT_C_Y,
+ DAA_AK_CERT_D_X,
+ DAA_AK_CERT_D_Y,
+ DAA_AK_CERT_DIMS
+};
+struct daa_ak_cert {
+ uint8_t *pt_buf[DAA_AK_CERT_DIMS];
+ uint32_t pt_size; /* size of all uint8_t* is pt_size */
+};
+
+/*
+ * utils for validate_akcert before invoking ECC's pairing functions.
+ * These functions does not invoke tcmgr service. They runs in libtcmgr only.
+ */
+
+/*
+ * convert @hex_array to @pubkey
+ */
+TEE_Result alloc_daa_grp_pubkey(uint8_t *hex_array[DAA_GRP_PUBKEY_DIMS], uint32_t hex_pt_size,
+ struct daa_grp_pubkey *pubkey);
+void free_daa_grp_pubkey(struct daa_grp_pubkey *pubkey);
+TEE_Result convert_daa_ak_cert(struct daa_ak_cert *cert, uint8_t *akcert, uint32_t akcert_size);
+TEE_Result load_daa_hex_akcert(uint8_t *hex_cert, uint32_t hex_cert_size, uint8_t *cert, uint32_t cert_size);
+#endif
diff --git a/test/TA/qta/src/daa/validate_akcert.c b/test/TA/qta/src/daa/validate_akcert.c
new file mode 100644
index 0000000..2c55320
--- /dev/null
+++ b/test/TA/qta/src/daa/validate_akcert.c
@@ -0,0 +1,191 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+#include "validate_akcert.h"
+#include <tee_log.h>
+#include <tee_ext_api.h>
+#include <securec.h>
+
+#include <pair_FP512BN.h>
+#include "daa_structure.h"
+
+#define DAA_GRP_KEY_PK_X_X0 "0cb2c846b963556d3651f89a490a0257039637dfee774caedb32513eccec6789" \
+ "e29269aa054814000227a6d34bb29c67fe399ebe1dd6c9f6b33604d5b990912c"
+#define DAA_GRP_KEY_PK_X_X1 "7be073749d20ff1a57131f66c0271f219b8b767f924b8ab187fc480bfbf84ff2" \
+ "6ce81aa42549fb100b851d9867c5e12baa5362417c4d2b5f3726ad1f5bf9b98b"
+#define DAA_GRP_KEY_PK_X_Y0 "a4523e489bd2245a5ee92255b3e54dd0a90fd1f0f4712514dce6ab85397bba3a" \
+ "7a2921956f14fc2207495ecb7a2442df36092254fbb29bbab2fed41ff198d0ae"
+#define DAA_GRP_KEY_PK_X_Y1 "7daf3d8855ed007da8d41d143ae8a086c5a63ae665856ecff09af7fe9eecf066" \
+ "5f8527de27a0cd606ffe7ca18a6988c4830a28d0f9ece0f1f08dbc4ea526c36f"
+
+#define DAA_GRP_KEY_PK_Y_X0 "d2c6994dee1b5dc071d5d547f26471bcd6aef7c2dc2ce112b9475bdecc0e85a7" \
+ "2015841f85a8de39506396cec11c520975f6d985b262c6f97413d2632f899896"
+#define DAA_GRP_KEY_PK_Y_X1 "e391d2d0cf2703b327ffb88615bfe6d7a9c5715007c9bfa91ff6b01210000a8e" \
+ "ddff2a310a2af6e042135b399989b7f54833ea96d5cbc93ae5da61ee63669941"
+#define DAA_GRP_KEY_PK_Y_Y0 "ffbde64729b2f8a212bfe2eef22c7b62edd77a78bc5e7f3c6782bcd839d26e0c" \
+ "7cea338240874edc3654bd3293974a7581ec168bfaee35bb093a8302bce9ac90"
+#define DAA_GRP_KEY_PK_Y_Y1 "03836c48550cf1c9dc5c455201e248acccf7a5395f9d4cc477734fdbaf8330d9" \
+ "7386aa451893824994cbedfdde7f9a8b8b7baad4b0b4dca8201135392b4910d4"
+
+#define DAA_GRP_KEY_PK_LEN (sizeof(DAA_GRP_KEY_PK_X_X0))
+
+#define DAA_GRP_PK_ELE_NUM 2
+#define DAA_GRP_AK_CERT_ELE_NUM 4
+
+#define GRP_PK_EACH_ELE_DIM 4 /* ((uint32_t)DAA_GRP_PUBKEY_DIMS / (uint32_t)DAA_GRP_PK_ELE_NUM) */
+#define GRP_PK_EACH_ELE_IDX2 2
+#define GRP_PK_EACH_ELE_IDX3 3
+static TEE_Result daa_grp_pk_to_ecp(struct daa_grp_pubkey *grp_pk, ECP2_FP512BN *ecp2[DAA_GRP_PK_ELE_NUM])
+{
+ for (uint32_t i = 0; i < DAA_GRP_PK_ELE_NUM; i++) {
+ FP2_FP512BN fp2_bn_x, fp2_bn_y;
+ BIG_512_60 bn_x0, bn_y0, bn_x1, bn_y1;
+ BIG_512_60_fromBytes(bn_x0, (char*)(uintptr_t)(grp_pk->pt_buf[GRP_PK_EACH_ELE_DIM * i + 0]));
+ BIG_512_60_fromBytes(bn_y0, (char*)(uintptr_t)(grp_pk->pt_buf[GRP_PK_EACH_ELE_DIM * i + 1]));
+ BIG_512_60_fromBytes(bn_x1,
+ (char*)(uintptr_t)(grp_pk->pt_buf[GRP_PK_EACH_ELE_DIM * i + GRP_PK_EACH_ELE_IDX2]));
+ BIG_512_60_fromBytes(bn_y1,
+ (char*)(uintptr_t)(grp_pk->pt_buf[GRP_PK_EACH_ELE_DIM * i + GRP_PK_EACH_ELE_IDX3]));
+ FP2_FP512BN_from_BIGs(&fp2_bn_x, bn_x0, bn_y0);
+ FP2_FP512BN_from_BIGs(&fp2_bn_y, bn_x1, bn_y1);
+ if (ECP2_FP512BN_set(ecp2[i], &fp2_bn_x, &fp2_bn_y) == 0) {
+ tloge("bad point[%u] when converting DAA pubkey to ECP2\n", i);
+ return TEE_ERROR_GENERIC;
+ }
+ }
+ return TEE_SUCCESS;
+}
+
+#define AK_CERT_EACH_ELE_DIM 2 /* ((uint32_t)DAA_AK_CERT_DIMS / (uint32_t)DAA_GRP_AK_CERT_ELE_NUM) */
+static TEE_Result daa_ak_cert_to_ecp(struct daa_ak_cert *ak_cert, ECP_FP512BN *ecp[DAA_GRP_AK_CERT_ELE_NUM])
+{
+ for (uint32_t i = 0; i < DAA_GRP_AK_CERT_ELE_NUM; i++) {
+ BIG_512_60 big_x, big_y;
+ BIG_512_60_fromBytes(big_x, (char*)(uintptr_t)(ak_cert->pt_buf[AK_CERT_EACH_ELE_DIM * i]));
+ BIG_512_60_fromBytes(big_y, (char*)(uintptr_t)(ak_cert->pt_buf[AK_CERT_EACH_ELE_DIM * i + 1]));
+ if (ECP_FP512BN_set(ecp[i], big_x, big_y) == 0) {
+ tloge("bad point[%u] when converting DAA ak cert to ECP\n", i);
+ return TEE_ERROR_GENERIC;
+ }
+ }
+ return TEE_SUCCESS;
+}
+
+struct validate_daa_pair_context {
+ ECP_FP512BN a, b, c, d;
+ ECP2_FP512BN ecp2_x, ecp2_y;
+ FP12_FP512BN pair_lhs, pair_rhs;
+ ECP2_FP512BN p2;
+};
+
+static TEE_Result validate_daa_pairs(struct daa_grp_pubkey *grp_pk, struct daa_ak_cert *ak_cert)
+{
+ TEE_Result pairings_ok;
+ tlogi("qta begins to validate daa pairs\n");
+ struct validate_daa_pair_context context;
+ (void)memset_s(&context, sizeof(context), 0, sizeof(context));
+
+ if (ECP2_FP512BN_generator(&context.p2) == 0) {
+ tloge("bad point when getting P2\n");
+ return TEE_ERROR_GENERIC;
+ }
+
+ ECP2_FP512BN *ecp2[DAA_GRP_PK_ELE_NUM] = { &context.ecp2_x, &context.ecp2_y };
+ pairings_ok = daa_grp_pk_to_ecp(grp_pk, ecp2);
+ if (pairings_ok != TEE_SUCCESS) {
+ tloge("convert group pubkey to ECP2_FP512BN failed\n");
+ return pairings_ok;
+ }
+
+ ECP_FP512BN *ecp[DAA_GRP_AK_CERT_ELE_NUM] = { &context.a, &context.b, &context.c, &context.d };
+ pairings_ok = daa_ak_cert_to_ecp(ak_cert, ecp);
+ if (pairings_ok != TEE_SUCCESS) {
+ tloge("convert DAA ak cert to ECP_FP512BN failed\n");
+ return pairings_ok;
+ }
+
+ PAIR_FP512BN_ate(&context.pair_lhs, &context.ecp2_y, &context.a);
+ PAIR_FP512BN_fexp(&context.pair_lhs);
+
+ PAIR_FP512BN_ate(&context.pair_rhs, &context.p2, &context.b);
+ PAIR_FP512BN_fexp(&context.pair_rhs);
+ if (FP12_FP512BN_equals(&context.pair_lhs, &context.pair_rhs) == 0) {
+ tloge("validate DAA pair[0] failed\n");
+ return TEE_ERROR_GENERIC;
+ }
+ ECP_FP512BN_add(&context.d, &context.a);
+
+ PAIR_FP512BN_ate(&context.pair_lhs, &context.ecp2_x, &context.d);
+ PAIR_FP512BN_fexp(&context.pair_lhs);
+
+ PAIR_FP512BN_ate(&context.pair_rhs, &context.p2, &context.c);
+ PAIR_FP512BN_fexp(&context.pair_rhs);
+
+ if (FP12_FP512BN_equals(&context.pair_lhs, &context.pair_rhs) == 0) {
+ tloge("validate DAA pair[1] failed\n");
+ return TEE_ERROR_GENERIC;
+ }
+ tlogi("qta finishes check daa pair: pairings_ok = %u, expect value = %u\n", pairings_ok, TEE_SUCCESS);
+ return pairings_ok;
+}
+
+TEE_Result validate_akcert(char *hex_input, uint32_t hex_input_size)
+{
+ if (hex_input == NULL || hex_input_size == 0 || hex_input_size > DAA_SAVE_AKCERT_MAX_SIZE)
+ return TEE_ERROR_BAD_PARAMETERS;
+
+ TEE_Result ret;
+
+ tlogi("prepare to init daa group pubkeys\n");
+ struct daa_grp_pubkey grp_pk;
+ (void)memset_s(&grp_pk, sizeof(grp_pk), 0, sizeof(grp_pk));
+ uint8_t* array[] = { (uint8_t*)DAA_GRP_KEY_PK_X_X0, (uint8_t*)DAA_GRP_KEY_PK_X_X1, (uint8_t*)DAA_GRP_KEY_PK_X_Y0,
+ (uint8_t*)DAA_GRP_KEY_PK_X_Y1, (uint8_t*)DAA_GRP_KEY_PK_Y_X0, (uint8_t*)DAA_GRP_KEY_PK_Y_X1,
+ (uint8_t*)DAA_GRP_KEY_PK_Y_Y0, (uint8_t*)DAA_GRP_KEY_PK_Y_Y1 };
+ ret = alloc_daa_grp_pubkey(array, DAA_GRP_KEY_PK_LEN, &grp_pk);
+ if (ret != TEE_SUCCESS) {
+ tloge("validate akcert: alloc daa group keys failed, ret 0x%x\n", ret);
+ return ret;
+ }
+
+ tlogi("prepare to load daa ak_cert\n");
+ uint32_t input_size = hex_input_size >> 1;
+ uint8_t *input = TEE_Malloc(input_size, 0);
+ if (input == NULL) {
+ tloge("validate akcert: alloc input buffer failed, ret 0x%x\n", ret);
+ ret = TEE_ERROR_OUT_OF_MEMORY;
+ goto clear;
+ }
+ ret = load_daa_hex_akcert((uint8_t*)(uintptr_t)hex_input, hex_input_size, input, input_size);
+ if (ret != TEE_SUCCESS) {
+ tloge("validate akcert: convert hex str to raw failed, ret 0x%x\n", ret);
+ goto clear;
+ }
+
+ struct daa_ak_cert ak_cert;
+ (void)memset_s(&ak_cert, sizeof(ak_cert), 0, sizeof(ak_cert));
+ ret = convert_daa_ak_cert(&ak_cert, input, input_size);
+ if (ret != TEE_SUCCESS) {
+ tloge("validate akcert: validate daa pairs failed, ret 0x%x\n", ret);
+ goto clear;
+ }
+
+ ret = validate_daa_pairs(&grp_pk, &ak_cert);
+ if (ret != TEE_SUCCESS) {
+ tloge("validate akcert: validate daa pairs failed, ret 0x%x\n", ret);
+ goto clear;
+ }
+clear:
+ if (input)
+ TEE_Free(input);
+ free_daa_grp_pubkey(&grp_pk);
+ return ret;
+}
diff --git a/test/TA/qta/src/daa/validate_akcert.h b/test/TA/qta/src/daa/validate_akcert.h
new file mode 100644
index 0000000..bce08d3
--- /dev/null
+++ b/test/TA/qta/src/daa/validate_akcert.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+#ifndef TEE_QTA_VALIDATE_AKCERT_H
+#define TEE_QTA_VALIDATE_AKCERT_H
+#include <tee_defines.h>
+#include <tee_ext_api.h>
+
+TEE_Result validate_akcert(char *akcert, uint32_t akcert_size);
+
+#endif
+
diff --git a/test/TA/qta/src/tee_qta.c b/test/TA/qta/src/tee_qta.c
new file mode 100644
index 0000000..8dff8a6
--- /dev/null
+++ b/test/TA/qta/src/tee_qta.c
@@ -0,0 +1,279 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+#include "tee_qta.h"
+#include <tee_log.h>
+#include <tee_ext_api.h>
+#include "tee_ra_api.h"
+#include "securec.h"
+#include <cJSON.h>
+
+#ifdef ENABLE_DAA_PAIR_MIRACL
+#include "daa/validate_akcert.h"
+#endif
+
+TEE_Result TA_CreateEntryPoint(void)
+{
+ TEE_Result ret;
+ /* TA auth CA */
+
+ /* TA auth TA */
+ ret = AddCaller_TA_all();
+ if (ret != TEE_SUCCESS)
+ return ret;
+
+ tlogi("tee_qta: CreateEntryPoint success.\n");
+ return ret;
+}
+
+TEE_Result TA_OpenSessionEntryPoint(uint32_t param_types, TEE_Param params[PARAM_NUM], void **session_context)
+{
+ (void)param_types;
+ (void)params;
+ (void)session_context;
+ tlogi("tee_qta: OpenSessionEntryPoint success.\n");
+ return TEE_SUCCESS;
+}
+
+static bool check_akcert_params_valid(struct ra_buffer_data *akcert)
+{
+ bool result = false;
+ if (akcert == NULL || akcert->buffer == NULL || akcert->length == 0 || akcert->length > SHAREMEM_LIMIT) {
+ tloge("akcert params is invalid\n");
+ return result;
+ }
+
+ char *akcert_buf = REINTERPRET_CAST(char *, uint8_t *, akcert->buffer);
+ cJSON *json = cJSON_Parse(akcert_buf);
+ if (json == NULL) {
+ tloge("check akcert json failed\n");
+ return result;
+ }
+
+ char *handler = cJSON_GetStringValue(cJSON_GetObjectItem(json, "handler"));
+ if (handler == NULL || strcmp(handler, "saveakcert-output") != 0) {
+ tloge("check akcert handler failed\n");
+ goto clear;
+ }
+
+ cJSON *payload = cJSON_GetObjectItem(json, "payload");
+ if (payload == NULL) {
+ tloge("check akcert payload failed\n");
+ goto clear;
+ }
+
+ char *version = cJSON_GetStringValue(cJSON_GetObjectItem(payload, "version"));
+ if (version == NULL || strcmp(version, "TEE.RA.1.0") != 0) {
+ tloge("check akcert version failed\n");
+ goto clear;
+ }
+
+ char *scenario = cJSON_GetStringValue(cJSON_GetObjectItem(payload, "scenario"));
+ if (scenario == NULL || strcmp(scenario, "sce_as_with_daa") != 0) {
+ tloge("check akcert scenario failed\n");
+ goto clear;
+ }
+#ifdef ENABLE_DAA_PAIR_MIRACL
+ char *hex_akcert = cJSON_GetStringValue(cJSON_GetObjectItem(payload, "hex_akcert"));
+ if (validate_akcert(hex_akcert, strlen(hex_akcert)) != TEE_SUCCESS) {
+ tloge("check akcert using pairing failed\n");
+ goto clear;
+ }
+#endif
+ result = true;
+clear:
+ cJSON_Delete(json);
+ return result;
+}
+
+static TEE_Result qta_validate_akcert(struct ra_buffer_data *akcert)
+{
+ TEE_Result result = TEE_ERROR_GENERIC;
+ if (!check_akcert_params_valid(akcert)) {
+ tloge("qta validate akcert: check params invalid\n");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ char *akcert_buf = REINTERPRET_CAST(char *, uint8_t *, akcert->buffer);
+ cJSON *json = cJSON_Parse(akcert_buf);
+ cJSON *handler = cJSON_CreateString("validateakcert-input");
+ if (handler == NULL) {
+ tloge("qta validate akcert: handler is null\n");
+ goto clear1;
+ }
+ if (!cJSON_ReplaceItemInObject(json, "handler", handler)) {
+ tloge("qta validate akcert: replace handler in json failed\n");
+ cJSON_Delete(handler);
+ goto clear1;
+ }
+
+ char *json_buf = cJSON_Print(json);
+ if (json_buf == NULL) {
+ tloge("json buf is null");
+ goto clear1;
+ }
+
+ if (strlen(json_buf) > IN_RESERVED_SIZE) {
+ tloge("qta validate akcert: json size is invalid\n");
+ result = TEE_ERROR_BAD_PARAMETERS;
+ goto clear2;
+ }
+
+ uint32_t in_size = strlen(json_buf);
+ uint8_t *in_buf = REINTERPRET_CAST(uint8_t *, char *, json_buf);
+ struct ra_buffer_data in = {in_size, in_buf};
+ result = ra_qsi_invoke(&in, NULL);
+ if (result != TEE_SUCCESS)
+ tloge("qta validate akcert failed\n");
+clear2:
+ cJSON_free(json_buf);
+clear1:
+ cJSON_Delete(json);
+ return result;
+}
+
+static TEE_Result local_attest(struct ra_buffer_data *in, struct ra_buffer_data *out)
+{
+ TEE_Result result;
+ char *buf = REINTERPRET_CAST(char *, uint8_t *, in->buffer);
+ cJSON *json = cJSON_Parse(buf);
+ if (json == NULL) {
+ tloge("check local attest json failed\n");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ char *handler = cJSON_GetStringValue(cJSON_GetObjectItem(json, "handler"));
+ if (handler == NULL) {
+ tloge("handler is null\n");
+ result = TEE_ERROR_BAD_PARAMETERS;
+ goto clear;
+ }
+ if (strcmp(handler, "report-input") != 0) {
+ tloge("check local attest handler failed\n");
+ result = TEE_ERROR_BAD_PARAMETERS;
+ goto clear;
+ }
+ result = ra_qsi_invoke(in, out);
+clear:
+ cJSON_Delete(json);
+ return result;
+}
+
+static TEE_Result qta_local_attest(uint32_t param_types, TEE_Param *params)
+{
+ bool ret = check_param_type(param_types, TEE_PARAM_TYPE_MEMREF_INPUT, TEE_PARAM_TYPE_MEMREF_OUTPUT,
+ TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_NONE);
+ if (!ret || params == NULL) {
+ tloge("qta local attest: bad params\n");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ if (params[0].memref.buffer == NULL || params[0].memref.size == 0 ||
+ params[0].memref.size > IN_RESERVED_SIZE || params[1].memref.buffer == NULL ||
+ params[1].memref.size < OUT_RESERVED_SIZE || params[1].memref.size > SHAREMEM_LIMIT) {
+ tloge("qta local attest: invalid memref info\n");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ struct ra_buffer_data in;
+ struct ra_buffer_data out;
+ in.buffer = params[0].memref.buffer;
+ in.length = params[0].memref.size;
+ out.buffer = params[1].memref.buffer;
+ out.length = params[1].memref.size;
+
+ TEE_Result result = local_attest(&in, &out);
+ if (result != TEE_SUCCESS) {
+ tloge("local attest failed\n");
+ return result;
+ }
+ params[PARAM_TWO].value.a = out.length;
+ return result;
+}
+
+static TEE_Result qta_remote_attest(uint32_t param_types, TEE_Param *params)
+{
+ bool ret = check_param_type(param_types, TEE_PARAM_TYPE_MEMREF_INPUT, TEE_PARAM_TYPE_MEMREF_OUTPUT,
+ TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_NONE);
+ if (!ret || params == NULL) {
+ tloge("qta remote attest: bad params\n");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ if (params[0].memref.buffer == NULL || params[0].memref.size == 0 ||
+ params[0].memref.size > IN_RESERVED_SIZE || params[1].memref.size > SHAREMEM_LIMIT ||
+ (params[1].memref.buffer != NULL && params[1].memref.size < OUT_RESERVED_SIZE) ||
+ (params[1].memref.buffer == NULL && params[1].memref.size > 0)) {
+ tloge("qta remote attest: invalid memref info\n");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ struct ra_buffer_data in;
+ struct ra_buffer_data out;
+ in.buffer = params[0].memref.buffer;
+ in.length = params[0].memref.size;
+ out.buffer = params[1].memref.buffer;
+ out.length = params[1].memref.size;
+ TEE_Result result = ra_qsi_invoke(&in, &out);
+ if (result == TEE_PENDING) {
+ return qta_validate_akcert(&out);
+ } else if (result == TEE_SUCCESS) {
+ params[PARAM_TWO].value.a = out.length;
+ return result;
+ }
+ tloge("ra qsi invoke failed\n");
+ return result;
+}
+
+TEE_Result TA_InvokeCommandEntryPoint(void *session_context, uint32_t cmd_id,
+ uint32_t param_types, TEE_Param params[PARAM_NUM])
+{
+ tlogi("tee_qta: Enter TA_InvokeCommandEntryPoint.\n");
+ (void)session_context;
+ if (cmd_id != REMOTE_ATTEST_CMD) {
+ tloge("tee_qta: InvokeCommandEntryPoint failed, cmd: 0x%x.\n", cmd_id);
+ return TEE_ERROR_INVALID_CMD;
+ }
+
+ caller_info cinfo;
+ (void)memset_s(&cinfo, sizeof(cinfo), 0, sizeof(cinfo));
+ TEE_Result ret = TEE_EXT_GetCallerInfo(&cinfo, sizeof(cinfo));
+ if (ret != TEE_SUCCESS) {
+ tloge("tee_qta: Get call info failed.\n");
+ return ret;
+ }
+ if (cinfo.session_type == SESSION_FROM_TA) {
+ ret = qta_local_attest(param_types, params);
+ if (ret != TEE_SUCCESS)
+ tloge("tee_qta: local attest failed, cmd: 0x%x, ret: 0x%x.\n", cmd_id, ret);
+ else
+ tlogi("tee_qta: InvokeCommandEntryPoint success.\n");
+ return ret;
+ }
+
+ ret = qta_remote_attest(param_types, params);
+ if (ret != TEE_SUCCESS)
+ tloge("tee_qta: remote attest failed, cmd: 0x%x, ret: 0x%x.\n", cmd_id, ret);
+ else
+ tlogi("tee_qta: InvokeCommandEntryPoint success.\n");
+ return ret;
+}
+
+void TA_CloseSessionEntryPoint(void *session_context)
+{
+ (void)session_context;
+ tlogi("tee_qta: CloseSessionEntryPoint success.\n");
+}
+
+void TA_DestroyEntryPoint(void)
+{
+ tlogi("tee_qta: DestroyEntryPoint success.\n");
+}
diff --git a/test/TA/qta/src/tee_qta.h b/test/TA/qta/src/tee_qta.h
new file mode 100644
index 0000000..0dfb1d5
--- /dev/null
+++ b/test/TA/qta/src/tee_qta.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+#ifndef TEE_QTA_H
+#define TEE_QTA_H
+#include <tee_defines.h>
+#include <tee_ext_api.h>
+
+#define PARAM_TWO 2
+#define PARAM_THREE 3
+#define PARAM_NUM 4
+#define SHAREMEM_LIMIT 0x100000
+#define IN_RESERVED_SIZE 0x2000
+#define OUT_RESERVED_SIZE 0x3000
+#define REMOTE_ATTEST_CMD 0x1001
+
+#define REINTERPRET_CAST(dest_type, source_type, temp) \
+ ((__extension__(union { source_type source; dest_type dest; })(temp)).dest)
+
+#endif
+
diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/alltypes.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/alltypes.h
index a0309c0..04d8c0b 100644
--- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/alltypes.h
+++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/alltypes.h
@@ -1,35 +1,15 @@
#define _Addr long
-#ifdef __LP64__
#define _Int64 long
-#else
-#define _Int64 long long
-#endif
#define _Reg long
-#define __LITTLE_ENDIAN 1234
-#define __BIG_ENDIAN 4321
-#define __USE_TIME_BITS64 1
-
-#ifndef __BYTE_ORDER
#if __AARCH64EB__
#define __BYTE_ORDER 4321
#else
#define __BYTE_ORDER 1234
#endif
-#endif
#define __LONG_MAX 0x7fffffffffffffffL
-#if defined(__NEED_va_list) && !defined(__DEFINED_va_list)
-typedef __builtin_va_list va_list;
-#define __DEFINED_va_list
-#endif
-
-#if defined(__NEED___isoc_va_list) && !defined(__DEFINED___isoc_va_list)
-typedef __builtin_va_list __isoc_va_list;
-#define __DEFINED___isoc_va_list
-#endif
-
#ifndef __cplusplus
#if defined(__NEED_wchar_t) && !defined(__DEFINED_wchar_t)
typedef unsigned wchar_t;
@@ -42,6 +22,7 @@ typedef unsigned wint_t;
#define __DEFINED_wint_t
#endif
+
#if defined(__NEED_blksize_t) && !defined(__DEFINED_blksize_t)
typedef int blksize_t;
#define __DEFINED_blksize_t
@@ -52,6 +33,7 @@ typedef unsigned int nlink_t;
#define __DEFINED_nlink_t
#endif
+
#if defined(__NEED_float_t) && !defined(__DEFINED_float_t)
typedef float float_t;
#define __DEFINED_float_t
@@ -62,100 +44,15 @@ typedef double double_t;
#define __DEFINED_double_t
#endif
+
#if defined(__NEED_max_align_t) && !defined(__DEFINED_max_align_t)
-typedef struct {
- long long __ll;
- long double __ld;
-} max_align_t;
+typedef struct { long long __ll; long double __ld; } max_align_t;
#define __DEFINED_max_align_t
#endif
-#if defined(__NEED_time_t) && !defined(__DEFINED_time_t)
-typedef long time_t;
-#define __DEFINED_time_t
-#endif
-
-#if defined(__NEED_suseconds_t) && !defined(__DEFINED_suseconds_t)
-typedef long suseconds_t;
-#define __DEFINED_suseconds_t
-#endif
-
-#if defined(__NEED_pthread_attr_t) && !defined(__DEFINED_pthread_attr_t)
-typedef struct {
- union {
- int __i[14];
- volatile int __vi[14];
- unsigned long __s[7];
- } __u;
-} pthread_attr_t;
-#define __DEFINED_pthread_attr_t
-#endif
-
-#if defined(__NEED_pthread_mutex_t) && !defined(__DEFINED_pthread_mutex_t)
-typedef struct {
- union {
- int __i[10];
- volatile int __vi[10];
- volatile void *volatile __p[5];
- } __u;
-} pthread_mutex_t;
-#define __DEFINED_pthread_mutex_t
-#endif
-
-#if defined(__NEED_mtx_t) && !defined(__DEFINED_mtx_t)
-typedef struct {
- union {
- int __i[10];
- volatile int __vi[10];
- volatile void *volatile __p[5];
- } __u;
-} mtx_t;
-#define __DEFINED_mtx_t
-#endif
-
-#if defined(__NEED_pthread_cond_t) && !defined(__DEFINED_pthread_cond_t)
-typedef struct {
- union {
- int __i[12];
- volatile int __vi[12];
- void *__p[6];
- } __u;
-} pthread_cond_t;
-#define __DEFINED_pthread_cond_t
-#endif
-
-#if defined(__NEED_cnd_t) && !defined(__DEFINED_cnd_t)
-typedef struct {
- union {
- int __i[12];
- volatile int __vi[12];
- void *__p[6];
- } __u;
-} cnd_t;
-#define __DEFINED_cnd_t
-#endif
-
-#if defined(__NEED_pthread_rwlock_t) && !defined(__DEFINED_pthread_rwlock_t)
-typedef struct {
- union {
- int __i[14];
- volatile int __vi[14];
- void *__p[7];
- } __u;
-} pthread_rwlock_t;
-#define __DEFINED_pthread_rwlock_t
-#endif
-
-#if defined(__NEED_pthread_barrier_t) && !defined(__DEFINED_pthread_barrier_t)
-typedef struct {
- union {
- int __i[8];
- volatile int __vi[8];
- void *__p[4];
- } __u;
-} pthread_barrier_t;
-#define __DEFINED_pthread_barrier_t
-#endif
+#define __LITTLE_ENDIAN 1234
+#define __BIG_ENDIAN 4321
+#define __USE_TIME_BITS64 1
#if defined(__NEED_size_t) && !defined(__DEFINED_size_t)
typedef unsigned _Addr size_t;
@@ -192,28 +89,39 @@ typedef _Reg register_t;
#define __DEFINED_register_t
#endif
+#if defined(__NEED_time_t) && !defined(__DEFINED_time_t)
+typedef _Int64 time_t;
+#define __DEFINED_time_t
+#endif
+
+#if defined(__NEED_suseconds_t) && !defined(__DEFINED_suseconds_t)
+typedef _Int64 suseconds_t;
+#define __DEFINED_suseconds_t
+#endif
+
+
#if defined(__NEED_int8_t) && !defined(__DEFINED_int8_t)
typedef signed char int8_t;
#define __DEFINED_int8_t
#endif
#if defined(__NEED_int16_t) && !defined(__DEFINED_int16_t)
-typedef short int16_t;
+typedef signed short int16_t;
#define __DEFINED_int16_t
#endif
#if defined(__NEED_int32_t) && !defined(__DEFINED_int32_t)
-typedef int int32_t;
+typedef signed int int32_t;
#define __DEFINED_int32_t
#endif
#if defined(__NEED_int64_t) && !defined(__DEFINED_int64_t)
-typedef _Int64 int64_t;
+typedef signed _Int64 int64_t;
#define __DEFINED_int64_t
#endif
#if defined(__NEED_intmax_t) && !defined(__DEFINED_intmax_t)
-typedef _Int64 intmax_t;
+typedef signed _Int64 intmax_t;
#define __DEFINED_intmax_t
#endif
@@ -247,6 +155,7 @@ typedef unsigned _Int64 uintmax_t;
#define __DEFINED_uintmax_t
#endif
+
#if defined(__NEED_mode_t) && !defined(__DEFINED_mode_t)
typedef unsigned mode_t;
#define __DEFINED_mode_t
@@ -292,6 +201,7 @@ typedef unsigned _Int64 fsfilcnt_t;
#define __DEFINED_fsfilcnt_t
#endif
+
#if defined(__NEED_wint_t) && !defined(__DEFINED_wint_t)
typedef unsigned wint_t;
#define __DEFINED_wint_t
@@ -302,8 +212,9 @@ typedef unsigned long wctype_t;
#define __DEFINED_wctype_t
#endif
+
#if defined(__NEED_timer_t) && !defined(__DEFINED_timer_t)
-typedef void *timer_t;
+typedef void * timer_t;
#define __DEFINED_timer_t
#endif
@@ -318,21 +229,16 @@ typedef long clock_t;
#endif
#if defined(__NEED_struct_timeval) && !defined(__DEFINED_struct_timeval)
-struct timeval {
- time_t tv_sec;
- suseconds_t tv_usec;
-};
+struct timeval { time_t tv_sec; suseconds_t tv_usec; };
#define __DEFINED_struct_timeval
#endif
#if defined(__NEED_struct_timespec) && !defined(__DEFINED_struct_timespec)
-struct timespec {
- time_t tv_sec;
- long tv_nsec;
-};
+struct timespec { time_t tv_sec; int :8*(sizeof(time_t)-sizeof(long))*(__BYTE_ORDER==4321); long tv_nsec; int :8*(sizeof(time_t)-sizeof(long))*(__BYTE_ORDER!=4321); };
#define __DEFINED_struct_timespec
#endif
+
#if defined(__NEED_pid_t) && !defined(__DEFINED_pid_t)
typedef int pid_t;
#define __DEFINED_pid_t
@@ -363,6 +269,7 @@ typedef unsigned useconds_t;
#define __DEFINED_useconds_t
#endif
+
#ifdef __cplusplus
#if defined(__NEED_pthread_t) && !defined(__DEFINED_pthread_t)
typedef unsigned long pthread_t;
@@ -371,7 +278,7 @@ typedef unsigned long pthread_t;
#else
#if defined(__NEED_pthread_t) && !defined(__DEFINED_pthread_t)
-typedef struct __pthread *pthread_t;
+typedef struct __pthread * pthread_t;
#define __DEFINED_pthread_t
#endif
@@ -392,65 +299,78 @@ typedef int pthread_spinlock_t;
#endif
#if defined(__NEED_pthread_mutexattr_t) && !defined(__DEFINED_pthread_mutexattr_t)
-typedef struct {
- unsigned __attr;
-} pthread_mutexattr_t;
+typedef struct { unsigned __attr; } pthread_mutexattr_t;
#define __DEFINED_pthread_mutexattr_t
#endif
#if defined(__NEED_pthread_condattr_t) && !defined(__DEFINED_pthread_condattr_t)
-typedef struct {
- unsigned __attr;
-} pthread_condattr_t;
+typedef struct { unsigned __attr; } pthread_condattr_t;
#define __DEFINED_pthread_condattr_t
#endif
#if defined(__NEED_pthread_barrierattr_t) && !defined(__DEFINED_pthread_barrierattr_t)
-typedef struct {
- unsigned __attr;
-} pthread_barrierattr_t;
+typedef struct { unsigned __attr; } pthread_barrierattr_t;
#define __DEFINED_pthread_barrierattr_t
#endif
#if defined(__NEED_pthread_rwlockattr_t) && !defined(__DEFINED_pthread_rwlockattr_t)
-typedef struct {
- unsigned __attr[2];
-} pthread_rwlockattr_t;
+typedef struct { unsigned __attr[2]; } pthread_rwlockattr_t;
#define __DEFINED_pthread_rwlockattr_t
#endif
+
+#if defined(__NEED_struct__IO_FILE) && !defined(__DEFINED_struct__IO_FILE)
+struct _IO_FILE { char __x; };
+#define __DEFINED_struct__IO_FILE
+#endif
+
#if defined(__NEED_FILE) && !defined(__DEFINED_FILE)
typedef struct _IO_FILE FILE;
#define __DEFINED_FILE
#endif
+
+#if defined(__NEED_va_list) && !defined(__DEFINED_va_list)
+typedef __builtin_va_list va_list;
+#define __DEFINED_va_list
+#endif
+
+#if defined(__NEED___isoc_va_list) && !defined(__DEFINED___isoc_va_list)
+typedef __builtin_va_list __isoc_va_list;
+#define __DEFINED___isoc_va_list
+#endif
+
+
#if defined(__NEED_mbstate_t) && !defined(__DEFINED_mbstate_t)
-typedef struct __mbstate_t {
- unsigned __opaque1, __opaque2;
-} mbstate_t;
+typedef struct __mbstate_t { unsigned __opaque1, __opaque2; } mbstate_t;
#define __DEFINED_mbstate_t
#endif
+
#if defined(__NEED_locale_t) && !defined(__DEFINED_locale_t)
-typedef struct __locale_struct *locale_t;
+typedef struct __locale_struct * locale_t;
#define __DEFINED_locale_t
#endif
+
#if defined(__NEED_sigset_t) && !defined(__DEFINED_sigset_t)
-typedef struct __sigset_t {
- unsigned long __bits[128 / sizeof(long)];
-} sigset_t;
+typedef struct __sigset_t { unsigned long __bits[128/sizeof(long)]; } sigset_t;
#define __DEFINED_sigset_t
#endif
+
#if defined(__NEED_struct_iovec) && !defined(__DEFINED_struct_iovec)
-struct iovec {
- void *iov_base;
- size_t iov_len;
-};
+struct iovec { void *iov_base; size_t iov_len; };
#define __DEFINED_struct_iovec
#endif
+
+#if defined(__NEED_struct_winsize) && !defined(__DEFINED_struct_winsize)
+struct winsize { unsigned short ws_row, ws_col, ws_xpixel, ws_ypixel; };
+#define __DEFINED_struct_winsize
+#endif
+
+
#if defined(__NEED_socklen_t) && !defined(__DEFINED_socklen_t)
typedef unsigned socklen_t;
#define __DEFINED_socklen_t
@@ -461,6 +381,43 @@ typedef unsigned short sa_family_t;
#define __DEFINED_sa_family_t
#endif
+
+#if defined(__NEED_pthread_attr_t) && !defined(__DEFINED_pthread_attr_t)
+typedef struct { union { int __i[sizeof(long)==8?14:9]; volatile int __vi[sizeof(long)==8?14:9]; unsigned long __s[sizeof(long)==8?7:9]; } __u; } pthread_attr_t;
+#define __DEFINED_pthread_attr_t
+#endif
+
+#if defined(__NEED_pthread_mutex_t) && !defined(__DEFINED_pthread_mutex_t)
+typedef struct { union { int __i[sizeof(long)==8?10:6]; volatile int __vi[sizeof(long)==8?10:6]; volatile void *volatile __p[sizeof(long)==8?5:6]; } __u; } pthread_mutex_t;
+#define __DEFINED_pthread_mutex_t
+#endif
+
+#if defined(__NEED_mtx_t) && !defined(__DEFINED_mtx_t)
+typedef struct { union { int __i[sizeof(long)==8?10:6]; volatile int __vi[sizeof(long)==8?10:6]; volatile void *volatile __p[sizeof(long)==8?5:6]; } __u; } mtx_t;
+#define __DEFINED_mtx_t
+#endif
+
+#if defined(__NEED_pthread_cond_t) && !defined(__DEFINED_pthread_cond_t)
+typedef struct { union { int __i[12]; volatile int __vi[12]; void *__p[12*sizeof(int)/sizeof(void*)]; } __u; } pthread_cond_t;
+#define __DEFINED_pthread_cond_t
+#endif
+
+#if defined(__NEED_cnd_t) && !defined(__DEFINED_cnd_t)
+typedef struct { union { int __i[12]; volatile int __vi[12]; void *__p[12*sizeof(int)/sizeof(void*)]; } __u; } cnd_t;
+#define __DEFINED_cnd_t
+#endif
+
+#if defined(__NEED_pthread_rwlock_t) && !defined(__DEFINED_pthread_rwlock_t)
+typedef struct { union { int __i[sizeof(long)==8?14:8]; volatile int __vi[sizeof(long)==8?14:8]; void *__p[sizeof(long)==8?7:8]; } __u; } pthread_rwlock_t;
+#define __DEFINED_pthread_rwlock_t
+#endif
+
+#if defined(__NEED_pthread_barrier_t) && !defined(__DEFINED_pthread_barrier_t)
+typedef struct { union { int __i[sizeof(long)==8?8:5]; volatile int __vi[sizeof(long)==8?8:5]; void *__p[sizeof(long)==8?4:5]; } __u; } pthread_barrier_t;
+#define __DEFINED_pthread_barrier_t
+#endif
+
+
#undef _Addr
#undef _Int64
#undef _Reg
diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/hwcap.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/hwcap.h
index a748402..424cc4d 100644
--- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/hwcap.h
+++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/hwcap.h
@@ -38,3 +38,15 @@
#define HWCAP2_SVEBITPERM (1 << 4)
#define HWCAP2_SVESHA3 (1 << 5)
#define HWCAP2_SVESM4 (1 << 6)
+#define HWCAP2_FLAGM2 (1 << 7)
+#define HWCAP2_FRINT (1 << 8)
+#define HWCAP2_SVEI8MM (1 << 9)
+#define HWCAP2_SVEF32MM (1 << 10)
+#define HWCAP2_SVEF64MM (1 << 11)
+#define HWCAP2_SVEBF16 (1 << 12)
+#define HWCAP2_I8MM (1 << 13)
+#define HWCAP2_BF16 (1 << 14)
+#define HWCAP2_DGH (1 << 15)
+#define HWCAP2_RNG (1 << 16)
+#define HWCAP2_BTI (1 << 17)
+#define HWCAP2_MTE (1 << 18)
diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/mman.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/mman.h
new file mode 100644
index 0000000..8fad5ce
--- /dev/null
+++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/mman.h
@@ -0,0 +1,2 @@
+#define PROT_BTI 0x10
+#define PROT_MTE 0x20
diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/signal.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/signal.h
index b71261f..5098c73 100644
--- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/signal.h
+++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/signal.h
@@ -11,7 +11,7 @@ typedef unsigned long greg_t;
typedef unsigned long gregset_t[34];
typedef struct {
- long double vregs[32];
+ __uint128_t vregs[32];
unsigned int fpsr;
unsigned int fpcr;
} fpregset_t;
@@ -34,7 +34,7 @@ struct fpsimd_context {
struct _aarch64_ctx head;
unsigned int fpsr;
unsigned int fpcr;
- long double vregs[32];
+ __uint128_t vregs[32];
};
struct esr_context {
struct _aarch64_ctx head;
diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h
index d57a091..24b5438 100644
--- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h
+++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h
@@ -1,551 +1,603 @@
-#define __NR_io_setup 0
-#define __NR_io_destroy 1
-#define __NR_io_submit 2
-#define __NR_io_cancel 3
-#define __NR_io_getevents 4
-#define __NR_setxattr 5
-#define __NR_lsetxattr 6
-#define __NR_fsetxattr 7
-#define __NR_getxattr 8
-#define __NR_lgetxattr 9
-#define __NR_fgetxattr 10
-#define __NR_listxattr 11
-#define __NR_llistxattr 12
-#define __NR_flistxattr 13
-#define __NR_removexattr 14
-#define __NR_lremovexattr 15
-#define __NR_fremovexattr 16
-#define __NR_getcwd 17
-#define __NR_lookup_dcookie 18
-#define __NR_eventfd2 19
-#define __NR_epoll_create1 20
-#define __NR_epoll_ctl 21
-#define __NR_epoll_pwait 22
-#define __NR_dup 23
-#define __NR_dup3 24
-#define __NR_fcntl 25
-#define __NR_inotify_init1 26
-#define __NR_inotify_add_watch 27
-#define __NR_inotify_rm_watch 28
-#define __NR_ioctl 29
-#define __NR_ioprio_set 30
-#define __NR_ioprio_get 31
-#define __NR_flock 32
-#define __NR_mknodat 33
-#define __NR_mkdirat 34
-#define __NR_unlinkat 35
-#define __NR_symlinkat 36
-#define __NR_linkat 37
-#define __NR_renameat 38
-#define __NR_umount2 39
-#define __NR_mount 40
-#define __NR_pivot_root 41
-#define __NR_nfsservctl 42
-#define __NR_statfs 43
-#define __NR_fstatfs 44
-#define __NR_truncate 45
-#define __NR_ftruncate 46
-#define __NR_fallocate 47
-#define __NR_faccessat 48
-#define __NR_chdir 49
-#define __NR_fchdir 50
-#define __NR_chroot 51
-#define __NR_fchmod 52
-#define __NR_fchmodat 53
-#define __NR_fchownat 54
-#define __NR_fchown 55
-#define __NR_openat 56
-#define __NR_close 57
-#define __NR_vhangup 58
-#define __NR_pipe2 59
-#define __NR_quotactl 60
-#define __NR_getdents64 61
-#define __NR_lseek 62
-#define __NR_read 63
-#define __NR_write 64
-#define __NR_readv 65
-#define __NR_writev 66
-#define __NR_pread64 67
-#define __NR_pwrite64 68
-#define __NR_preadv 69
-#define __NR_pwritev 70
-#define __NR_sendfile 71
-#define __NR_pselect6 72
-#define __NR_ppoll 73
-#define __NR_signalfd4 74
-#define __NR_vmsplice 75
-#define __NR_splice 76
-#define __NR_tee 77
-#define __NR_readlinkat 78
-#define __NR_newfstatat 79
-#define __NR_fstat 80
-#define __NR_sync 81
-#define __NR_fsync 82
-#define __NR_fdatasync 83
-#define __NR_sync_file_range 84
-#define __NR_timerfd_create 85
-#define __NR_timerfd_settime 86
-#define __NR_timerfd_gettime 87
-#define __NR_utimensat 88
-#define __NR_acct 89
-#define __NR_capget 90
-#define __NR_capset 91
-#define __NR_personality 92
-#define __NR_exit 93
-#define __NR_exit_group 94
-#define __NR_waitid 95
-#define __NR_set_tid_address 96
-#define __NR_unshare 97
-#define __NR_futex 98
-#define __NR_set_robust_list 99
-#define __NR_get_robust_list 100
-#define __NR_nanosleep 101
-#define __NR_getitimer 102
-#define __NR_setitimer 103
-#define __NR_kexec_load 104
-#define __NR_init_module 105
-#define __NR_delete_module 106
-#define __NR_timer_create 107
-#define __NR_timer_gettime 108
-#define __NR_timer_getoverrun 109
-#define __NR_timer_settime 110
-#define __NR_timer_delete 111
-#define __NR_clock_settime 112
-#define __NR_clock_gettime 113
-#define __NR_clock_getres 114
-#define __NR_clock_nanosleep 115
-#define __NR_syslog 116
-#define __NR_ptrace 117
-#define __NR_sched_setparam 118
-#define __NR_sched_setscheduler 119
-#define __NR_sched_getscheduler 120
-#define __NR_sched_getparam 121
-#define __NR_sched_setaffinity 122
-#define __NR_sched_getaffinity 123
-#define __NR_sched_yield 124
+#define __NR_io_setup 0
+#define __NR_io_destroy 1
+#define __NR_io_submit 2
+#define __NR_io_cancel 3
+#define __NR_io_getevents 4
+#define __NR_setxattr 5
+#define __NR_lsetxattr 6
+#define __NR_fsetxattr 7
+#define __NR_getxattr 8
+#define __NR_lgetxattr 9
+#define __NR_fgetxattr 10
+#define __NR_listxattr 11
+#define __NR_llistxattr 12
+#define __NR_flistxattr 13
+#define __NR_removexattr 14
+#define __NR_lremovexattr 15
+#define __NR_fremovexattr 16
+#define __NR_getcwd 17
+#define __NR_lookup_dcookie 18
+#define __NR_eventfd2 19
+#define __NR_epoll_create1 20
+#define __NR_epoll_ctl 21
+#define __NR_epoll_pwait 22
+#define __NR_dup 23
+#define __NR_dup3 24
+#define __NR_fcntl 25
+#define __NR_inotify_init1 26
+#define __NR_inotify_add_watch 27
+#define __NR_inotify_rm_watch 28
+#define __NR_ioctl 29
+#define __NR_ioprio_set 30
+#define __NR_ioprio_get 31
+#define __NR_flock 32
+#define __NR_mknodat 33
+#define __NR_mkdirat 34
+#define __NR_unlinkat 35
+#define __NR_symlinkat 36
+#define __NR_linkat 37
+#define __NR_renameat 38
+#define __NR_umount2 39
+#define __NR_mount 40
+#define __NR_pivot_root 41
+#define __NR_nfsservctl 42
+#define __NR_statfs 43
+#define __NR_fstatfs 44
+#define __NR_truncate 45
+#define __NR_ftruncate 46
+#define __NR_fallocate 47
+#define __NR_faccessat 48
+#define __NR_chdir 49
+#define __NR_fchdir 50
+#define __NR_chroot 51
+#define __NR_fchmod 52
+#define __NR_fchmodat 53
+#define __NR_fchownat 54
+#define __NR_fchown 55
+#define __NR_openat 56
+#define __NR_close 57
+#define __NR_vhangup 58
+#define __NR_pipe2 59
+#define __NR_quotactl 60
+#define __NR_getdents64 61
+#define __NR_lseek 62
+#define __NR_read 63
+#define __NR_write 64
+#define __NR_readv 65
+#define __NR_writev 66
+#define __NR_pread64 67
+#define __NR_pwrite64 68
+#define __NR_preadv 69
+#define __NR_pwritev 70
+#define __NR_sendfile 71
+#define __NR_pselect6 72
+#define __NR_ppoll 73
+#define __NR_signalfd4 74
+#define __NR_vmsplice 75
+#define __NR_splice 76
+#define __NR_tee 77
+#define __NR_readlinkat 78
+#define __NR_newfstatat 79
+#define __NR_fstat 80
+#define __NR_sync 81
+#define __NR_fsync 82
+#define __NR_fdatasync 83
+#define __NR_sync_file_range 84
+#define __NR_timerfd_create 85
+#define __NR_timerfd_settime 86
+#define __NR_timerfd_gettime 87
+#define __NR_utimensat 88
+#define __NR_acct 89
+#define __NR_capget 90
+#define __NR_capset 91
+#define __NR_personality 92
+#define __NR_exit 93
+#define __NR_exit_group 94
+#define __NR_waitid 95
+#define __NR_set_tid_address 96
+#define __NR_unshare 97
+#define __NR_futex 98
+#define __NR_set_robust_list 99
+#define __NR_get_robust_list 100
+#define __NR_nanosleep 101
+#define __NR_getitimer 102
+#define __NR_setitimer 103
+#define __NR_kexec_load 104
+#define __NR_init_module 105
+#define __NR_delete_module 106
+#define __NR_timer_create 107
+#define __NR_timer_gettime 108
+#define __NR_timer_getoverrun 109
+#define __NR_timer_settime 110
+#define __NR_timer_delete 111
+#define __NR_clock_settime 112
+#define __NR_clock_gettime 113
+#define __NR_clock_getres 114
+#define __NR_clock_nanosleep 115
+#define __NR_syslog 116
+#define __NR_ptrace 117
+#define __NR_sched_setparam 118
+#define __NR_sched_setscheduler 119
+#define __NR_sched_getscheduler 120
+#define __NR_sched_getparam 121
+#define __NR_sched_setaffinity 122
+#define __NR_sched_getaffinity 123
+#define __NR_sched_yield 124
#define __NR_sched_get_priority_max 125
#define __NR_sched_get_priority_min 126
-#define __NR_sched_rr_get_interval 127
-#define __NR_restart_syscall 128
-#define __NR_kill 129
-#define __NR_tkill 130
-#define __NR_tgkill 131
-#define __NR_sigaltstack 132
-#define __NR_rt_sigsuspend 133
-#define __NR_rt_sigaction 134
-#define __NR_rt_sigprocmask 135
-#define __NR_rt_sigpending 136
-#define __NR_rt_sigtimedwait 137
-#define __NR_rt_sigqueueinfo 138
-#define __NR_rt_sigreturn 139
-#define __NR_setpriority 140
-#define __NR_getpriority 141
-#define __NR_reboot 142
-#define __NR_setregid 143
-#define __NR_setgid 144
-#define __NR_setreuid 145
-#define __NR_setuid 146
-#define __NR_setresuid 147
-#define __NR_getresuid 148
-#define __NR_setresgid 149
-#define __NR_getresgid 150
-#define __NR_setfsuid 151
-#define __NR_setfsgid 152
-#define __NR_times 153
-#define __NR_setpgid 154
-#define __NR_getpgid 155
-#define __NR_getsid 156
-#define __NR_setsid 157
-#define __NR_getgroups 158
-#define __NR_setgroups 159
-#define __NR_uname 160
-#define __NR_sethostname 161
-#define __NR_setdomainname 162
-#define __NR_getrlimit 163
-#define __NR_setrlimit 164
-#define __NR_getrusage 165
-#define __NR_umask 166
-#define __NR_prctl 167
-#define __NR_getcpu 168
-#define __NR_gettimeofday 169
-#define __NR_settimeofday 170
-#define __NR_adjtimex 171
-#define __NR_getpid 172
-#define __NR_getppid 173
-#define __NR_getuid 174
-#define __NR_geteuid 175
-#define __NR_getgid 176
-#define __NR_getegid 177
-#define __NR_gettid 178
-#define __NR_sysinfo 179
-#define __NR_mq_open 180
-#define __NR_mq_unlink 181
-#define __NR_mq_timedsend 182
-#define __NR_mq_timedreceive 183
-#define __NR_mq_notify 184
-#define __NR_mq_getsetattr 185
-#define __NR_msgget 186
-#define __NR_msgctl 187
-#define __NR_msgrcv 188
-#define __NR_msgsnd 189
-#define __NR_semget 190
-#define __NR_semctl 191
-#define __NR_semtimedop 192
-#define __NR_semop 193
-#define __NR_shmget 194
-#define __NR_shmctl 195
-#define __NR_shmat 196
-#define __NR_shmdt 197
-#define __NR_socket 198
-#define __NR_socketpair 199
-#define __NR_bind 200
-#define __NR_listen 201
-#define __NR_accept 202
-#define __NR_connect 203
-#define __NR_getsockname 204
-#define __NR_getpeername 205
-#define __NR_sendto 206
-#define __NR_recvfrom 207
-#define __NR_setsockopt 208
-#define __NR_getsockopt 209
-#define __NR_shutdown 210
-#define __NR_sendmsg 211
-#define __NR_recvmsg 212
-#define __NR_readahead 213
-#define __NR_brk 214
-#define __NR_munmap 215
-#define __NR_mremap 216
-#define __NR_add_key 217
-#define __NR_request_key 218
-#define __NR_keyctl 219
-#define __NR_clone 220
-#define __NR_execve 221
-#define __NR_mmap 222
-#define __NR_fadvise64 223
-#define __NR_swapon 224
-#define __NR_swapoff 225
-#define __NR_mprotect 226
-#define __NR_msync 227
-#define __NR_mlock 228
-#define __NR_munlock 229
-#define __NR_mlockall 230
-#define __NR_munlockall 231
-#define __NR_mincore 232
-#define __NR_madvise 233
-#define __NR_remap_file_pages 234
-#define __NR_mbind 235
-#define __NR_get_mempolicy 236
-#define __NR_set_mempolicy 237
-#define __NR_migrate_pages 238
-#define __NR_move_pages 239
-#define __NR_rt_tgsigqueueinfo 240
-#define __NR_perf_event_open 241
-#define __NR_accept4 242
-#define __NR_recvmmsg 243
-#define __NR_wait4 260
-#define __NR_prlimit64 261
-#define __NR_fanotify_init 262
-#define __NR_fanotify_mark 263
-#define __NR_name_to_handle_at 264
-#define __NR_open_by_handle_at 265
-#define __NR_clock_adjtime 266
-#define __NR_syncfs 267
-#define __NR_setns 268
-#define __NR_sendmmsg 269
-#define __NR_process_vm_readv 270
-#define __NR_process_vm_writev 271
-#define __NR_kcmp 272
-#define __NR_finit_module 273
-#define __NR_sched_setattr 274
-#define __NR_sched_getattr 275
-#define __NR_renameat2 276
-#define __NR_seccomp 277
-#define __NR_getrandom 278
-#define __NR_memfd_create 279
-#define __NR_bpf 280
-#define __NR_execveat 281
-#define __NR_userfaultfd 282
-#define __NR_membarrier 283
-#define __NR_mlock2 284
-#define __NR_copy_file_range 285
-#define __NR_preadv2 286
-#define __NR_pwritev2 287
-#define __NR_pkey_mprotect 288
-#define __NR_pkey_alloc 289
-#define __NR_pkey_free 290
+#define __NR_sched_rr_get_interval 127
+#define __NR_restart_syscall 128
+#define __NR_kill 129
+#define __NR_tkill 130
+#define __NR_tgkill 131
+#define __NR_sigaltstack 132
+#define __NR_rt_sigsuspend 133
+#define __NR_rt_sigaction 134
+#define __NR_rt_sigprocmask 135
+#define __NR_rt_sigpending 136
+#define __NR_rt_sigtimedwait 137
+#define __NR_rt_sigqueueinfo 138
+#define __NR_rt_sigreturn 139
+#define __NR_setpriority 140
+#define __NR_getpriority 141
+#define __NR_reboot 142
+#define __NR_setregid 143
+#define __NR_setgid 144
+#define __NR_setreuid 145
+#define __NR_setuid 146
+#define __NR_setresuid 147
+#define __NR_getresuid 148
+#define __NR_setresgid 149
+#define __NR_getresgid 150
+#define __NR_setfsuid 151
+#define __NR_setfsgid 152
+#define __NR_times 153
+#define __NR_setpgid 154
+#define __NR_getpgid 155
+#define __NR_getsid 156
+#define __NR_setsid 157
+#define __NR_getgroups 158
+#define __NR_setgroups 159
+#define __NR_uname 160
+#define __NR_sethostname 161
+#define __NR_setdomainname 162
+#define __NR_getrlimit 163
+#define __NR_setrlimit 164
+#define __NR_getrusage 165
+#define __NR_umask 166
+#define __NR_prctl 167
+#define __NR_getcpu 168
+#define __NR_gettimeofday 169
+#define __NR_settimeofday 170
+#define __NR_adjtimex 171
+#define __NR_getpid 172
+#define __NR_getppid 173
+#define __NR_getuid 174
+#define __NR_geteuid 175
+#define __NR_getgid 176
+#define __NR_getegid 177
+#define __NR_gettid 178
+#define __NR_sysinfo 179
+#define __NR_mq_open 180
+#define __NR_mq_unlink 181
+#define __NR_mq_timedsend 182
+#define __NR_mq_timedreceive 183
+#define __NR_mq_notify 184
+#define __NR_mq_getsetattr 185
+#define __NR_msgget 186
+#define __NR_msgctl 187
+#define __NR_msgrcv 188
+#define __NR_msgsnd 189
+#define __NR_semget 190
+#define __NR_semctl 191
+#define __NR_semtimedop 192
+#define __NR_semop 193
+#define __NR_shmget 194
+#define __NR_shmctl 195
+#define __NR_shmat 196
+#define __NR_shmdt 197
+#define __NR_socket 198
+#define __NR_socketpair 199
+#define __NR_bind 200
+#define __NR_listen 201
+#define __NR_accept 202
+#define __NR_connect 203
+#define __NR_getsockname 204
+#define __NR_getpeername 205
+#define __NR_sendto 206
+#define __NR_recvfrom 207
+#define __NR_setsockopt 208
+#define __NR_getsockopt 209
+#define __NR_shutdown 210
+#define __NR_sendmsg 211
+#define __NR_recvmsg 212
+#define __NR_readahead 213
+#define __NR_brk 214
+#define __NR_munmap 215
+#define __NR_mremap 216
+#define __NR_add_key 217
+#define __NR_request_key 218
+#define __NR_keyctl 219
+#define __NR_clone 220
+#define __NR_execve 221
+#define __NR_mmap 222
+#define __NR_fadvise64 223
+#define __NR_swapon 224
+#define __NR_swapoff 225
+#define __NR_mprotect 226
+#define __NR_msync 227
+#define __NR_mlock 228
+#define __NR_munlock 229
+#define __NR_mlockall 230
+#define __NR_munlockall 231
+#define __NR_mincore 232
+#define __NR_madvise 233
+#define __NR_remap_file_pages 234
+#define __NR_mbind 235
+#define __NR_get_mempolicy 236
+#define __NR_set_mempolicy 237
+#define __NR_migrate_pages 238
+#define __NR_move_pages 239
+#define __NR_rt_tgsigqueueinfo 240
+#define __NR_perf_event_open 241
+#define __NR_accept4 242
+#define __NR_recvmmsg 243
+#define __NR_wait4 260
+#define __NR_prlimit64 261
+#define __NR_fanotify_init 262
+#define __NR_fanotify_mark 263
+#define __NR_name_to_handle_at 264
+#define __NR_open_by_handle_at 265
+#define __NR_clock_adjtime 266
+#define __NR_syncfs 267
+#define __NR_setns 268
+#define __NR_sendmmsg 269
+#define __NR_process_vm_readv 270
+#define __NR_process_vm_writev 271
+#define __NR_kcmp 272
+#define __NR_finit_module 273
+#define __NR_sched_setattr 274
+#define __NR_sched_getattr 275
+#define __NR_renameat2 276
+#define __NR_seccomp 277
+#define __NR_getrandom 278
+#define __NR_memfd_create 279
+#define __NR_bpf 280
+#define __NR_execveat 281
+#define __NR_userfaultfd 282
+#define __NR_membarrier 283
+#define __NR_mlock2 284
+#define __NR_copy_file_range 285
+#define __NR_preadv2 286
+#define __NR_pwritev2 287
+#define __NR_pkey_mprotect 288
+#define __NR_pkey_alloc 289
+#define __NR_pkey_free 290
+#define __NR_statx 291
+#define __NR_io_pgetevents 292
+#define __NR_rseq 293
+#define __NR_kexec_file_load 294
+#define __NR_pidfd_send_signal 424
+#define __NR_io_uring_setup 425
+#define __NR_io_uring_enter 426
+#define __NR_io_uring_register 427
+#define __NR_open_tree 428
+#define __NR_move_mount 429
+#define __NR_fsopen 430
+#define __NR_fsconfig 431
+#define __NR_fsmount 432
+#define __NR_fspick 433
+#define __NR_pidfd_open 434
+#define __NR_clone3 435
+#define __NR_close_range 436
+#define __NR_openat2 437
+#define __NR_pidfd_getfd 438
+#define __NR_faccessat2 439
+#define __NR_process_madvise 440
+#define __NR_epoll_pwait2 441
+#define __NR_mount_setattr 442
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
-#define SYS_io_setup 0
-#define SYS_io_destroy 1
-#define SYS_io_submit 2
-#define SYS_io_cancel 3
-#define SYS_io_getevents 4
-#define SYS_setxattr 5
-#define SYS_lsetxattr 6
-#define SYS_fsetxattr 7
-#define SYS_getxattr 8
-#define SYS_lgetxattr 9
-#define SYS_fgetxattr 10
-#define SYS_listxattr 11
-#define SYS_llistxattr 12
-#define SYS_flistxattr 13
-#define SYS_removexattr 14
-#define SYS_lremovexattr 15
-#define SYS_fremovexattr 16
-#define SYS_getcwd 17
-#define SYS_lookup_dcookie 18
-#define SYS_eventfd2 19
-#define SYS_epoll_create1 20
-#define SYS_epoll_ctl 21
-#define SYS_epoll_pwait 22
-#define SYS_dup 23
-#define SYS_dup3 24
-#define SYS_fcntl 25
-#define SYS_inotify_init1 26
-#define SYS_inotify_add_watch 27
-#define SYS_inotify_rm_watch 28
-#define SYS_ioctl 29
-#define SYS_ioprio_set 30
-#define SYS_ioprio_get 31
-#define SYS_flock 32
-#define SYS_mknodat 33
-#define SYS_mkdirat 34
-#define SYS_unlinkat 35
-#define SYS_symlinkat 36
-#define SYS_linkat 37
-#define SYS_renameat 38
-#define SYS_umount2 39
-#define SYS_mount 40
-#define SYS_pivot_root 41
-#define SYS_nfsservctl 42
-#define SYS_statfs 43
-#define SYS_fstatfs 44
-#define SYS_truncate 45
-#define SYS_ftruncate 46
-#define SYS_fallocate 47
-#define SYS_faccessat 48
-#define SYS_chdir 49
-#define SYS_fchdir 50
-#define SYS_chroot 51
-#define SYS_fchmod 52
-#define SYS_fchmodat 53
-#define SYS_fchownat 54
-#define SYS_fchown 55
-#define SYS_openat 56
-#define SYS_close 57
-#define SYS_vhangup 58
-#define SYS_pipe2 59
-#define SYS_quotactl 60
-#define SYS_getdents64 61
-#define SYS_lseek 62
-#define SYS_read 63
-#define SYS_write 64
-#define SYS_readv 65
-#define SYS_writev 66
-#define SYS_pread64 67
-#define SYS_pwrite64 68
-#define SYS_preadv 69
-#define SYS_pwritev 70
-#define SYS_sendfile 71
-#define SYS_pselect6 72
-#define SYS_ppoll 73
-#define SYS_signalfd4 74
-#define SYS_vmsplice 75
-#define SYS_splice 76
-#define SYS_tee 77
-#define SYS_readlinkat 78
-#define SYS_newfstatat 79
-#define SYS_fstat 80
-#define SYS_sync 81
-#define SYS_fsync 82
-#define SYS_fdatasync 83
-#define SYS_sync_file_range 84
-#define SYS_timerfd_create 85
-#define SYS_timerfd_settime 86
-#define SYS_timerfd_gettime 87
-#define SYS_utimensat 88
-#define SYS_acct 89
-#define SYS_capget 90
-#define SYS_capset 91
-#define SYS_personality 92
-#define SYS_exit 93
-#define SYS_exit_group 94
-#define SYS_waitid 95
-#define SYS_set_tid_address 96
-#define SYS_unshare 97
-#define SYS_futex 98
-#define SYS_set_robust_list 99
-#define SYS_get_robust_list 100
-#define SYS_nanosleep 101
-#define SYS_getitimer 102
-#define SYS_setitimer 103
-#define SYS_kexec_load 104
-#define SYS_init_module 105
-#define SYS_delete_module 106
-#define SYS_timer_create 107
-#define SYS_timer_gettime 108
-#define SYS_timer_getoverrun 109
-#define SYS_timer_settime 110
-#define SYS_timer_delete 111
-#define SYS_clock_settime 112
-#define SYS_clock_gettime 113
-#define SYS_clock_getres 114
-#define SYS_clock_nanosleep 115
-#define SYS_syslog 116
-#define SYS_ptrace 117
-#define SYS_sched_setparam 118
-#define SYS_sched_setscheduler 119
-#define SYS_sched_getscheduler 120
-#define SYS_sched_getparam 121
-#define SYS_sched_setaffinity 122
-#define SYS_sched_getaffinity 123
-#define SYS_sched_yield 124
+#define SYS_io_setup 0
+#define SYS_io_destroy 1
+#define SYS_io_submit 2
+#define SYS_io_cancel 3
+#define SYS_io_getevents 4
+#define SYS_setxattr 5
+#define SYS_lsetxattr 6
+#define SYS_fsetxattr 7
+#define SYS_getxattr 8
+#define SYS_lgetxattr 9
+#define SYS_fgetxattr 10
+#define SYS_listxattr 11
+#define SYS_llistxattr 12
+#define SYS_flistxattr 13
+#define SYS_removexattr 14
+#define SYS_lremovexattr 15
+#define SYS_fremovexattr 16
+#define SYS_getcwd 17
+#define SYS_lookup_dcookie 18
+#define SYS_eventfd2 19
+#define SYS_epoll_create1 20
+#define SYS_epoll_ctl 21
+#define SYS_epoll_pwait 22
+#define SYS_dup 23
+#define SYS_dup3 24
+#define SYS_fcntl 25
+#define SYS_inotify_init1 26
+#define SYS_inotify_add_watch 27
+#define SYS_inotify_rm_watch 28
+#define SYS_ioctl 29
+#define SYS_ioprio_set 30
+#define SYS_ioprio_get 31
+#define SYS_flock 32
+#define SYS_mknodat 33
+#define SYS_mkdirat 34
+#define SYS_unlinkat 35
+#define SYS_symlinkat 36
+#define SYS_linkat 37
+#define SYS_renameat 38
+#define SYS_umount2 39
+#define SYS_mount 40
+#define SYS_pivot_root 41
+#define SYS_nfsservctl 42
+#define SYS_statfs 43
+#define SYS_fstatfs 44
+#define SYS_truncate 45
+#define SYS_ftruncate 46
+#define SYS_fallocate 47
+#define SYS_faccessat 48
+#define SYS_chdir 49
+#define SYS_fchdir 50
+#define SYS_chroot 51
+#define SYS_fchmod 52
+#define SYS_fchmodat 53
+#define SYS_fchownat 54
+#define SYS_fchown 55
+#define SYS_openat 56
+#define SYS_close 57
+#define SYS_vhangup 58
+#define SYS_pipe2 59
+#define SYS_quotactl 60
+#define SYS_getdents64 61
+#define SYS_lseek 62
+#define SYS_read 63
+#define SYS_write 64
+#define SYS_readv 65
+#define SYS_writev 66
+#define SYS_pread64 67
+#define SYS_pwrite64 68
+#define SYS_preadv 69
+#define SYS_pwritev 70
+#define SYS_sendfile 71
+#define SYS_pselect6 72
+#define SYS_ppoll 73
+#define SYS_signalfd4 74
+#define SYS_vmsplice 75
+#define SYS_splice 76
+#define SYS_tee 77
+#define SYS_readlinkat 78
+#define SYS_newfstatat 79
+#define SYS_fstat 80
+#define SYS_sync 81
+#define SYS_fsync 82
+#define SYS_fdatasync 83
+#define SYS_sync_file_range 84
+#define SYS_timerfd_create 85
+#define SYS_timerfd_settime 86
+#define SYS_timerfd_gettime 87
+#define SYS_utimensat 88
+#define SYS_acct 89
+#define SYS_capget 90
+#define SYS_capset 91
+#define SYS_personality 92
+#define SYS_exit 93
+#define SYS_exit_group 94
+#define SYS_waitid 95
+#define SYS_set_tid_address 96
+#define SYS_unshare 97
+#define SYS_futex 98
+#define SYS_set_robust_list 99
+#define SYS_get_robust_list 100
+#define SYS_nanosleep 101
+#define SYS_getitimer 102
+#define SYS_setitimer 103
+#define SYS_kexec_load 104
+#define SYS_init_module 105
+#define SYS_delete_module 106
+#define SYS_timer_create 107
+#define SYS_timer_gettime 108
+#define SYS_timer_getoverrun 109
+#define SYS_timer_settime 110
+#define SYS_timer_delete 111
+#define SYS_clock_settime 112
+#define SYS_clock_gettime 113
+#define SYS_clock_getres 114
+#define SYS_clock_nanosleep 115
+#define SYS_syslog 116
+#define SYS_ptrace 117
+#define SYS_sched_setparam 118
+#define SYS_sched_setscheduler 119
+#define SYS_sched_getscheduler 120
+#define SYS_sched_getparam 121
+#define SYS_sched_setaffinity 122
+#define SYS_sched_getaffinity 123
+#define SYS_sched_yield 124
#define SYS_sched_get_priority_max 125
#define SYS_sched_get_priority_min 126
-#define SYS_sched_rr_get_interval 127
-#define SYS_restart_syscall 128
-#define SYS_kill 129
-#define SYS_tkill 130
-#define SYS_tgkill 131
-#define SYS_sigaltstack 132
-#define SYS_rt_sigsuspend 133
-#define SYS_rt_sigaction 134
-#define SYS_rt_sigprocmask 135
-#define SYS_rt_sigpending 136
-#define SYS_rt_sigtimedwait 137
-#define SYS_rt_sigqueueinfo 138
-#define SYS_rt_sigreturn 139
-#define SYS_setpriority 140
-#define SYS_getpriority 141
-#define SYS_reboot 142
-#define SYS_setregid 143
-#define SYS_setgid 144
-#define SYS_setreuid 145
-#define SYS_setuid 146
-#define SYS_setresuid 147
-#define SYS_getresuid 148
-#define SYS_setresgid 149
-#define SYS_getresgid 150
-#define SYS_setfsuid 151
-#define SYS_setfsgid 152
-#define SYS_times 153
-#define SYS_setpgid 154
-#define SYS_getpgid 155
-#define SYS_getsid 156
-#define SYS_setsid 157
-#define SYS_getgroups 158
-#define SYS_setgroups 159
-#define SYS_uname 160
-#define SYS_sethostname 161
-#define SYS_setdomainname 162
-#define SYS_getrlimit 163
-#define SYS_setrlimit 164
-#define SYS_getrusage 165
-#define SYS_umask 166
-#define SYS_prctl 167
-#define SYS_getcpu 168
-#define SYS_gettimeofday 169
-#define SYS_settimeofday 170
-#define SYS_adjtimex 171
-#define SYS_getpid 172
-#define SYS_getppid 173
-#define SYS_getuid 174
-#define SYS_geteuid 175
-#define SYS_getgid 176
-#define SYS_getegid 177
-#define SYS_gettid 178
-#define SYS_sysinfo 179
-#define SYS_mq_open 180
-#define SYS_mq_unlink 181
-#define SYS_mq_timedsend 182
-#define SYS_mq_timedreceive 183
-#define SYS_mq_notify 184
-#define SYS_mq_getsetattr 185
-#define SYS_msgget 186
-#define SYS_msgctl 187
-#define SYS_msgrcv 188
-#define SYS_msgsnd 189
-#define SYS_semget 190
-#define SYS_semctl 191
-#define SYS_semtimedop 192
-#define SYS_semop 193
-#define SYS_shmget 194
-#define SYS_shmctl 195
-#define SYS_shmat 196
-#define SYS_shmdt 197
-#define SYS_socket 198
-#define SYS_socketpair 199
-#define SYS_bind 200
-#define SYS_listen 201
-#define SYS_accept 202
-#define SYS_connect 203
-#define SYS_getsockname 204
-#define SYS_getpeername 205
-#define SYS_sendto 206
-#define SYS_recvfrom 207
-#define SYS_setsockopt 208
-#define SYS_getsockopt 209
-#define SYS_shutdown 210
-#define SYS_sendmsg 211
-#define SYS_recvmsg 212
-#define SYS_readahead 213
-#define SYS_brk 214
-#define SYS_munmap 215
-#define SYS_mremap 216
-#define SYS_add_key 217
-#define SYS_request_key 218
-#define SYS_keyctl 219
-#define SYS_clone 220
-#define SYS_execve 221
-#define SYS_mmap 222
-#define SYS_fadvise64 223
-#define SYS_swapon 224
-#define SYS_swapoff 225
-#define SYS_mprotect 226
-#define SYS_msync 227
-#define SYS_mlock 228
-#define SYS_munlock 229
-#define SYS_mlockall 230
-#define SYS_munlockall 231
-#define SYS_mincore 232
-#define SYS_madvise 233
-#define SYS_remap_file_pages 234
-#define SYS_mbind 235
-#define SYS_get_mempolicy 236
-#define SYS_set_mempolicy 237
-#define SYS_migrate_pages 238
-#define SYS_move_pages 239
-#define SYS_rt_tgsigqueueinfo 240
-#define SYS_perf_event_open 241
-#define SYS_accept4 242
-#define SYS_recvmmsg 243
-#define SYS_wait4 260
-#define SYS_prlimit64 261
-#define SYS_fanotify_init 262
-#define SYS_fanotify_mark 263
-#define SYS_name_to_handle_at 264
-#define SYS_open_by_handle_at 265
-#define SYS_clock_adjtime 266
-#define SYS_syncfs 267
-#define SYS_setns 268
-#define SYS_sendmmsg 269
-#define SYS_process_vm_readv 270
-#define SYS_process_vm_writev 271
-#define SYS_kcmp 272
-#define SYS_finit_module 273
-#define SYS_sched_setattr 274
-#define SYS_sched_getattr 275
-#define SYS_renameat2 276
-#define SYS_seccomp 277
-#define SYS_getrandom 278
-#define SYS_memfd_create 279
-#define SYS_bpf 280
-#define SYS_execveat 281
-#define SYS_userfaultfd 282
-#define SYS_membarrier 283
-#define SYS_mlock2 284
-#define SYS_copy_file_range 285
-#define SYS_preadv2 286
-#define SYS_pwritev2 287
-#define SYS_pkey_mprotect 288
-#define SYS_pkey_alloc 289
-#define SYS_pkey_free 290
+#define SYS_sched_rr_get_interval 127
+#define SYS_restart_syscall 128
+#define SYS_kill 129
+#define SYS_tkill 130
+#define SYS_tgkill 131
+#define SYS_sigaltstack 132
+#define SYS_rt_sigsuspend 133
+#define SYS_rt_sigaction 134
+#define SYS_rt_sigprocmask 135
+#define SYS_rt_sigpending 136
+#define SYS_rt_sigtimedwait 137
+#define SYS_rt_sigqueueinfo 138
+#define SYS_rt_sigreturn 139
+#define SYS_setpriority 140
+#define SYS_getpriority 141
+#define SYS_reboot 142
+#define SYS_setregid 143
+#define SYS_setgid 144
+#define SYS_setreuid 145
+#define SYS_setuid 146
+#define SYS_setresuid 147
+#define SYS_getresuid 148
+#define SYS_setresgid 149
+#define SYS_getresgid 150
+#define SYS_setfsuid 151
+#define SYS_setfsgid 152
+#define SYS_times 153
+#define SYS_setpgid 154
+#define SYS_getpgid 155
+#define SYS_getsid 156
+#define SYS_setsid 157
+#define SYS_getgroups 158
+#define SYS_setgroups 159
+#define SYS_uname 160
+#define SYS_sethostname 161
+#define SYS_setdomainname 162
+#define SYS_getrlimit 163
+#define SYS_setrlimit 164
+#define SYS_getrusage 165
+#define SYS_umask 166
+#define SYS_prctl 167
+#define SYS_getcpu 168
+#define SYS_gettimeofday 169
+#define SYS_settimeofday 170
+#define SYS_adjtimex 171
+#define SYS_getpid 172
+#define SYS_getppid 173
+#define SYS_getuid 174
+#define SYS_geteuid 175
+#define SYS_getgid 176
+#define SYS_getegid 177
+#define SYS_gettid 178
+#define SYS_sysinfo 179
+#define SYS_mq_open 180
+#define SYS_mq_unlink 181
+#define SYS_mq_timedsend 182
+#define SYS_mq_timedreceive 183
+#define SYS_mq_notify 184
+#define SYS_mq_getsetattr 185
+#define SYS_msgget 186
+#define SYS_msgctl 187
+#define SYS_msgrcv 188
+#define SYS_msgsnd 189
+#define SYS_semget 190
+#define SYS_semctl 191
+#define SYS_semtimedop 192
+#define SYS_semop 193
+#define SYS_shmget 194
+#define SYS_shmctl 195
+#define SYS_shmat 196
+#define SYS_shmdt 197
+#define SYS_socket 198
+#define SYS_socketpair 199
+#define SYS_bind 200
+#define SYS_listen 201
+#define SYS_accept 202
+#define SYS_connect 203
+#define SYS_getsockname 204
+#define SYS_getpeername 205
+#define SYS_sendto 206
+#define SYS_recvfrom 207
+#define SYS_setsockopt 208
+#define SYS_getsockopt 209
+#define SYS_shutdown 210
+#define SYS_sendmsg 211
+#define SYS_recvmsg 212
+#define SYS_readahead 213
+#define SYS_brk 214
+#define SYS_munmap 215
+#define SYS_mremap 216
+#define SYS_add_key 217
+#define SYS_request_key 218
+#define SYS_keyctl 219
+#define SYS_clone 220
+#define SYS_execve 221
+#define SYS_mmap 222
+#define SYS_fadvise64 223
+#define SYS_swapon 224
+#define SYS_swapoff 225
+#define SYS_mprotect 226
+#define SYS_msync 227
+#define SYS_mlock 228
+#define SYS_munlock 229
+#define SYS_mlockall 230
+#define SYS_munlockall 231
+#define SYS_mincore 232
+#define SYS_madvise 233
+#define SYS_remap_file_pages 234
+#define SYS_mbind 235
+#define SYS_get_mempolicy 236
+#define SYS_set_mempolicy 237
+#define SYS_migrate_pages 238
+#define SYS_move_pages 239
+#define SYS_rt_tgsigqueueinfo 240
+#define SYS_perf_event_open 241
+#define SYS_accept4 242
+#define SYS_recvmmsg 243
+#define SYS_wait4 260
+#define SYS_prlimit64 261
+#define SYS_fanotify_init 262
+#define SYS_fanotify_mark 263
+#define SYS_name_to_handle_at 264
+#define SYS_open_by_handle_at 265
+#define SYS_clock_adjtime 266
+#define SYS_syncfs 267
+#define SYS_setns 268
+#define SYS_sendmmsg 269
+#define SYS_process_vm_readv 270
+#define SYS_process_vm_writev 271
+#define SYS_kcmp 272
+#define SYS_finit_module 273
+#define SYS_sched_setattr 274
+#define SYS_sched_getattr 275
+#define SYS_renameat2 276
+#define SYS_seccomp 277
+#define SYS_getrandom 278
+#define SYS_memfd_create 279
+#define SYS_bpf 280
+#define SYS_execveat 281
+#define SYS_userfaultfd 282
+#define SYS_membarrier 283
+#define SYS_mlock2 284
+#define SYS_copy_file_range 285
+#define SYS_preadv2 286
+#define SYS_pwritev2 287
+#define SYS_pkey_mprotect 288
+#define SYS_pkey_alloc 289
+#define SYS_pkey_free 290
+#define SYS_statx 291
+#define SYS_io_pgetevents 292
+#define SYS_rseq 293
+#define SYS_kexec_file_load 294
+#define SYS_pidfd_send_signal 424
+#define SYS_io_uring_setup 425
+#define SYS_io_uring_enter 426
+#define SYS_io_uring_register 427
+#define SYS_open_tree 428
+#define SYS_move_mount 429
+#define SYS_fsopen 430
+#define SYS_fsconfig 431
+#define SYS_fsmount 432
+#define SYS_fspick 433
+#define SYS_pidfd_open 434
+#define SYS_clone3 435
+#define SYS_close_range 436
+#define SYS_openat2 437
+#define SYS_pidfd_getfd 438
+#define SYS_faccessat2 439
+#define SYS_process_madvise 440
+#define SYS_epoll_pwait2 441
+#define SYS_mount_setattr 442
+#define SYS_landlock_create_ruleset 444
+#define SYS_landlock_add_rule 445
+#define SYS_landlock_restrict_self 446
diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h.in b/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h.in
index 93648af..5f420e6 100644
--- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h.in
+++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h.in
@@ -289,4 +289,14 @@
#define __NR_fspick 433
#define __NR_pidfd_open 434
#define __NR_clone3 435
+#define __NR_close_range 436
+#define __NR_openat2 437
+#define __NR_pidfd_getfd 438
+#define __NR_faccessat2 439
+#define __NR_process_madvise 440
+#define __NR_epoll_pwait2 441
+#define __NR_mount_setattr 442
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/user.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/user.h
index d12cdf7..8a1002a 100644
--- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/user.h
+++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/user.h
@@ -6,7 +6,7 @@ struct user_regs_struct {
};
struct user_fpsimd_struct {
- long double vregs[32];
+ __uint128_t vregs[32];
unsigned int fpsr;
unsigned int fpcr;
};
diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/pthread_arch.h b/thirdparty/open_source/musl/libc/arch/aarch64/pthread_arch.h
index e64b126..3909616 100644
--- a/thirdparty/open_source/musl/libc/arch/aarch64/pthread_arch.h
+++ b/thirdparty/open_source/musl/libc/arch/aarch64/pthread_arch.h
@@ -1,12 +1,11 @@
-static inline struct pthread *__pthread_self()
+static inline uintptr_t __get_tp()
{
- char *self;
- __asm__ ("mrs %0,tpidr_el0" : "=r"(self));
- return (void*)(self - sizeof(struct pthread));
+ uintptr_t tp;
+ __asm__ ("mrs %0,tpidr_el0" : "=r"(tp));
+ return tp;
}
#define TLS_ABOVE_TP
#define GAP_ABOVE_TP 16
-#define TP_ADJ(p) ((char *)(p) + sizeof(struct pthread))
#define MC_PC pc
diff --git a/thirdparty/open_source/musl/libc/arch/arm/bits/alltypes.h b/thirdparty/open_source/musl/libc/arch/arm/bits/alltypes.h
index 41b4204..8121b75 100644
--- a/thirdparty/open_source/musl/libc/arch/arm/bits/alltypes.h
+++ b/thirdparty/open_source/musl/libc/arch/arm/bits/alltypes.h
@@ -1,31 +1,16 @@
-#define _Addr int
+#define _REDIR_TIME64 0
+#define _Addr int
#define _Int64 long long
-#define _Reg int
+#define _Reg int
-#define __LITTLE_ENDIAN 1234
-#define __BIG_ENDIAN 4321
-#define __USE_TIME_BITS64 1
-
-#ifndef __BYTE_ORDER
-#if __AARCH64EB__
+#if __ARMEB__
#define __BYTE_ORDER 4321
#else
#define __BYTE_ORDER 1234
#endif
-#endif
#define __LONG_MAX 0x7fffffffL
-#if defined(__NEED_va_list) && !defined(__DEFINED_va_list)
-typedef __builtin_va_list va_list;
-#define __DEFINED_va_list
-#endif
-
-#if defined(__NEED___isoc_va_list) && !defined(__DEFINED___isoc_va_list)
-typedef __builtin_va_list __isoc_va_list;
-#define __DEFINED___isoc_va_list
-#endif
-
#ifndef __cplusplus
#if defined(__NEED_wchar_t) && !defined(__DEFINED_wchar_t)
typedef unsigned wchar_t;
@@ -44,100 +29,15 @@ typedef double double_t;
#define __DEFINED_double_t
#endif
+
#if defined(__NEED_max_align_t) && !defined(__DEFINED_max_align_t)
-typedef struct {
- long long __ll;
- long double __ld;
-} max_align_t;
+typedef struct { long long __ll; long double __ld; } max_align_t;
#define __DEFINED_max_align_t
#endif
-#if defined(__NEED_time_t) && !defined(__DEFINED_time_t)
-typedef long time_t;
-#define __DEFINED_time_t
-#endif
-
-#if defined(__NEED_suseconds_t) && !defined(__DEFINED_suseconds_t)
-typedef long suseconds_t;
-#define __DEFINED_suseconds_t
-#endif
-
-#if defined(__NEED_pthread_attr_t) && !defined(__DEFINED_pthread_attr_t)
-typedef struct {
- union {
- int __i[9];
- volatile int __vi[9];
- unsigned __s[9];
- } __u;
-} pthread_attr_t;
-#define __DEFINED_pthread_attr_t
-#endif
-
-#if defined(__NEED_pthread_mutex_t) && !defined(__DEFINED_pthread_mutex_t)
-typedef struct {
- union {
- int __i[6];
- volatile int __vi[6];
- volatile void *volatile __p[6];
- } __u;
-} pthread_mutex_t;
-#define __DEFINED_pthread_mutex_t
-#endif
-
-#if defined(__NEED_mtx_t) && !defined(__DEFINED_mtx_t)
-typedef struct {
- union {
- int __i[6];
- volatile int __vi[6];
- volatile void *volatile __p[6];
- } __u;
-} mtx_t;
-#define __DEFINED_mtx_t
-#endif
-
-#if defined(__NEED_pthread_cond_t) && !defined(__DEFINED_pthread_cond_t)
-typedef struct {
- union {
- int __i[12];
- volatile int __vi[12];
- void *__p[12];
- } __u;
-} pthread_cond_t;
-#define __DEFINED_pthread_cond_t
-#endif
-
-#if defined(__NEED_cnd_t) && !defined(__DEFINED_cnd_t)
-typedef struct {
- union {
- int __i[12];
- volatile int __vi[12];
- void *__p[12];
- } __u;
-} cnd_t;
-#define __DEFINED_cnd_t
-#endif
-
-#if defined(__NEED_pthread_rwlock_t) && !defined(__DEFINED_pthread_rwlock_t)
-typedef struct {
- union {
- int __i[8];
- volatile int __vi[8];
- void *__p[8];
- } __u;
-} pthread_rwlock_t;
-#define __DEFINED_pthread_rwlock_t
-#endif
-
-#if defined(__NEED_pthread_barrier_t) && !defined(__DEFINED_pthread_barrier_t)
-typedef struct {
- union {
- int __i[5];
- volatile int __vi[5];
- void *__p[5];
- } __u;
-} pthread_barrier_t;
-#define __DEFINED_pthread_barrier_t
-#endif
+#define __LITTLE_ENDIAN 1234
+#define __BIG_ENDIAN 4321
+#define __USE_TIME_BITS64 1
#if defined(__NEED_size_t) && !defined(__DEFINED_size_t)
typedef unsigned _Addr size_t;
@@ -174,28 +74,39 @@ typedef _Reg register_t;
#define __DEFINED_register_t
#endif
+#if defined(__NEED_time_t) && !defined(__DEFINED_time_t)
+typedef long time_t;
+#define __DEFINED_time_t
+#endif
+
+#if defined(__NEED_suseconds_t) && !defined(__DEFINED_suseconds_t)
+typedef long suseconds_t;
+#define __DEFINED_suseconds_t
+#endif
+
+
#if defined(__NEED_int8_t) && !defined(__DEFINED_int8_t)
typedef signed char int8_t;
#define __DEFINED_int8_t
#endif
#if defined(__NEED_int16_t) && !defined(__DEFINED_int16_t)
-typedef short int16_t;
+typedef signed short int16_t;
#define __DEFINED_int16_t
#endif
#if defined(__NEED_int32_t) && !defined(__DEFINED_int32_t)
-typedef int int32_t;
+typedef signed int int32_t;
#define __DEFINED_int32_t
#endif
#if defined(__NEED_int64_t) && !defined(__DEFINED_int64_t)
-typedef _Int64 int64_t;
+typedef signed _Int64 int64_t;
#define __DEFINED_int64_t
#endif
#if defined(__NEED_intmax_t) && !defined(__DEFINED_intmax_t)
-typedef _Int64 intmax_t;
+typedef signed _Int64 intmax_t;
#define __DEFINED_intmax_t
#endif
@@ -229,6 +140,7 @@ typedef unsigned _Int64 uintmax_t;
#define __DEFINED_uintmax_t
#endif
+
#if defined(__NEED_mode_t) && !defined(__DEFINED_mode_t)
typedef unsigned mode_t;
#define __DEFINED_mode_t
@@ -274,6 +186,7 @@ typedef unsigned _Int64 fsfilcnt_t;
#define __DEFINED_fsfilcnt_t
#endif
+
#if defined(__NEED_wint_t) && !defined(__DEFINED_wint_t)
typedef unsigned wint_t;
#define __DEFINED_wint_t
@@ -284,8 +197,9 @@ typedef unsigned long wctype_t;
#define __DEFINED_wctype_t
#endif
+
#if defined(__NEED_timer_t) && !defined(__DEFINED_timer_t)
-typedef void *timer_t;
+typedef void * timer_t;
#define __DEFINED_timer_t
#endif
@@ -300,21 +214,16 @@ typedef long clock_t;
#endif
#if defined(__NEED_struct_timeval) && !defined(__DEFINED_struct_timeval)
-struct timeval {
- time_t tv_sec;
- suseconds_t tv_usec;
-};
+struct timeval { time_t tv_sec; suseconds_t tv_usec; };
#define __DEFINED_struct_timeval
#endif
#if defined(__NEED_struct_timespec) && !defined(__DEFINED_struct_timespec)
-struct timespec {
- time_t tv_sec;
- long tv_nsec;
-};
+struct timespec { time_t tv_sec; long tv_nsec; };
#define __DEFINED_struct_timespec
#endif
+
#if defined(__NEED_pid_t) && !defined(__DEFINED_pid_t)
typedef int pid_t;
#define __DEFINED_pid_t
@@ -345,6 +254,7 @@ typedef unsigned useconds_t;
#define __DEFINED_useconds_t
#endif
+
#ifdef __cplusplus
#if defined(__NEED_pthread_t) && !defined(__DEFINED_pthread_t)
typedef unsigned long pthread_t;
@@ -353,7 +263,7 @@ typedef unsigned long pthread_t;
#else
#if defined(__NEED_pthread_t) && !defined(__DEFINED_pthread_t)
-typedef struct __pthread *pthread_t;
+typedef struct __pthread * pthread_t;
#define __DEFINED_pthread_t
#endif
@@ -374,65 +284,78 @@ typedef int pthread_spinlock_t;
#endif
#if defined(__NEED_pthread_mutexattr_t) && !defined(__DEFINED_pthread_mutexattr_t)
-typedef struct {
- unsigned __attr;
-} pthread_mutexattr_t;
+typedef struct { unsigned __attr; } pthread_mutexattr_t;
#define __DEFINED_pthread_mutexattr_t
#endif
#if defined(__NEED_pthread_condattr_t) && !defined(__DEFINED_pthread_condattr_t)
-typedef struct {
- unsigned __attr;
-} pthread_condattr_t;
+typedef struct { unsigned __attr; } pthread_condattr_t;
#define __DEFINED_pthread_condattr_t
#endif
#if defined(__NEED_pthread_barrierattr_t) && !defined(__DEFINED_pthread_barrierattr_t)
-typedef struct {
- unsigned __attr;
-} pthread_barrierattr_t;
+typedef struct { unsigned __attr; } pthread_barrierattr_t;
#define __DEFINED_pthread_barrierattr_t
#endif
#if defined(__NEED_pthread_rwlockattr_t) && !defined(__DEFINED_pthread_rwlockattr_t)
-typedef struct {
- unsigned __attr[2];
-} pthread_rwlockattr_t;
+typedef struct { unsigned __attr[2]; } pthread_rwlockattr_t;
#define __DEFINED_pthread_rwlockattr_t
#endif
+
+#if defined(__NEED_struct__IO_FILE) && !defined(__DEFINED_struct__IO_FILE)
+struct _IO_FILE { char __x; };
+#define __DEFINED_struct__IO_FILE
+#endif
+
#if defined(__NEED_FILE) && !defined(__DEFINED_FILE)
typedef struct _IO_FILE FILE;
#define __DEFINED_FILE
#endif
+
+#if defined(__NEED_va_list) && !defined(__DEFINED_va_list)
+typedef __builtin_va_list va_list;
+#define __DEFINED_va_list
+#endif
+
+#if defined(__NEED___isoc_va_list) && !defined(__DEFINED___isoc_va_list)
+typedef __builtin_va_list __isoc_va_list;
+#define __DEFINED___isoc_va_list
+#endif
+
+
#if defined(__NEED_mbstate_t) && !defined(__DEFINED_mbstate_t)
-typedef struct __mbstate_t {
- unsigned __opaque1, __opaque2;
-} mbstate_t;
+typedef struct __mbstate_t { unsigned __opaque1, __opaque2; } mbstate_t;
#define __DEFINED_mbstate_t
#endif
+
#if defined(__NEED_locale_t) && !defined(__DEFINED_locale_t)
-typedef struct __locale_struct *locale_t;
+typedef struct __locale_struct * locale_t;
#define __DEFINED_locale_t
#endif
+
#if defined(__NEED_sigset_t) && !defined(__DEFINED_sigset_t)
-typedef struct __sigset_t {
- unsigned long __bits[128 / sizeof(long)];
-} sigset_t;
+typedef struct __sigset_t { unsigned long __bits[128/sizeof(long)]; } sigset_t;
#define __DEFINED_sigset_t
#endif
+
#if defined(__NEED_struct_iovec) && !defined(__DEFINED_struct_iovec)
-struct iovec {
- void *iov_base;
- size_t iov_len;
-};
+struct iovec { void *iov_base; size_t iov_len; };
#define __DEFINED_struct_iovec
#endif
+
+#if defined(__NEED_struct_winsize) && !defined(__DEFINED_struct_winsize)
+struct winsize { unsigned short ws_row, ws_col, ws_xpixel, ws_ypixel; };
+#define __DEFINED_struct_winsize
+#endif
+
+
#if defined(__NEED_socklen_t) && !defined(__DEFINED_socklen_t)
typedef unsigned socklen_t;
#define __DEFINED_socklen_t
@@ -443,6 +366,43 @@ typedef unsigned short sa_family_t;
#define __DEFINED_sa_family_t
#endif
+
+#if defined(__NEED_pthread_attr_t) && !defined(__DEFINED_pthread_attr_t)
+typedef struct { union { int __i[sizeof(long)==8?14:9]; volatile int __vi[sizeof(long)==8?14:9]; unsigned long __s[sizeof(long)==8?7:9]; } __u; } pthread_attr_t;
+#define __DEFINED_pthread_attr_t
+#endif
+
+#if defined(__NEED_pthread_mutex_t) && !defined(__DEFINED_pthread_mutex_t)
+typedef struct { union { int __i[sizeof(long)==8?10:6]; volatile int __vi[sizeof(long)==8?10:6]; volatile void *volatile __p[sizeof(long)==8?5:6]; } __u; } pthread_mutex_t;
+#define __DEFINED_pthread_mutex_t
+#endif
+
+#if defined(__NEED_mtx_t) && !defined(__DEFINED_mtx_t)
+typedef struct { union { int __i[sizeof(long)==8?10:6]; volatile int __vi[sizeof(long)==8?10:6]; volatile void *volatile __p[sizeof(long)==8?5:6]; } __u; } mtx_t;
+#define __DEFINED_mtx_t
+#endif
+
+#if defined(__NEED_pthread_cond_t) && !defined(__DEFINED_pthread_cond_t)
+typedef struct { union { int __i[12]; volatile int __vi[12]; void *__p[12*sizeof(int)/sizeof(void*)]; } __u; } pthread_cond_t;
+#define __DEFINED_pthread_cond_t
+#endif
+
+#if defined(__NEED_cnd_t) && !defined(__DEFINED_cnd_t)
+typedef struct { union { int __i[12]; volatile int __vi[12]; void *__p[12*sizeof(int)/sizeof(void*)]; } __u; } cnd_t;
+#define __DEFINED_cnd_t
+#endif
+
+#if defined(__NEED_pthread_rwlock_t) && !defined(__DEFINED_pthread_rwlock_t)
+typedef struct { union { int __i[sizeof(long)==8?14:8]; volatile int __vi[sizeof(long)==8?14:8]; void *__p[sizeof(long)==8?7:8]; } __u; } pthread_rwlock_t;
+#define __DEFINED_pthread_rwlock_t
+#endif
+
+#if defined(__NEED_pthread_barrier_t) && !defined(__DEFINED_pthread_barrier_t)
+typedef struct { union { int __i[sizeof(long)==8?8:5]; volatile int __vi[sizeof(long)==8?8:5]; void *__p[sizeof(long)==8?4:5]; } __u; } pthread_barrier_t;
+#define __DEFINED_pthread_barrier_t
+#endif
+
+
#undef _Addr
#undef _Int64
#undef _Reg
diff --git a/thirdparty/open_source/musl/libc/arch/arm/bits/syscall.h b/thirdparty/open_source/musl/libc/arch/arm/bits/syscall.h
index 6b128e5..2131e1e 100644
--- a/thirdparty/open_source/musl/libc/arch/arm/bits/syscall.h
+++ b/thirdparty/open_source/musl/libc/arch/arm/bits/syscall.h
@@ -1,715 +1,810 @@
-#define __NR_restart_syscall 0
-#define __NR_exit 1
-#define __NR_fork 2
-#define __NR_read 3
-#define __NR_write 4
-#define __NR_open 5
-#define __NR_close 6
-#define __NR_creat 8
-#define __NR_link 9
-#define __NR_unlink 10
-#define __NR_execve 11
-#define __NR_chdir 12
-#define __NR_mknod 14
-#define __NR_chmod 15
-#define __NR_lchown 16
-#define __NR_lseek 19
-#define __NR_getpid 20
-#define __NR_mount 21
-#define __NR_setuid 23
-#define __NR_getuid 24
-#define __NR_ptrace 26
-#define __NR_pause 29
-#define __NR_access 33
-#define __NR_nice 34
-#define __NR_sync 36
-#define __NR_kill 37
-#define __NR_rename 38
-#define __NR_mkdir 39
-#define __NR_rmdir 40
-#define __NR_dup 41
-#define __NR_pipe 42
-#define __NR_times 43
-#define __NR_brk 45
-#define __NR_setgid 46
-#define __NR_getgid 47
-#define __NR_geteuid 49
-#define __NR_getegid 50
-#define __NR_acct 51
-#define __NR_umount2 52
-#define __NR_ioctl 54
-#define __NR_fcntl 55
-#define __NR_setpgid 57
-#define __NR_umask 60
-#define __NR_chroot 61
-#define __NR_ustat 62
-#define __NR_dup2 63
-#define __NR_getppid 64
-#define __NR_getpgrp 65
-#define __NR_setsid 66
-#define __NR_sigaction 67
-#define __NR_setreuid 70
-#define __NR_setregid 71
-#define __NR_sigsuspend 72
-#define __NR_sigpending 73
-#define __NR_sethostname 74
-#define __NR_setrlimit 75
-#define __NR_getrusage 77
-#define __NR_gettimeofday 78
-#define __NR_settimeofday 79
-#define __NR_getgroups 80
-#define __NR_setgroups 81
-#define __NR_symlink 83
-#define __NR_readlink 85
-#define __NR_uselib 86
-#define __NR_swapon 87
-#define __NR_reboot 88
-#define __NR_munmap 91
-#define __NR_truncate 92
-#define __NR_ftruncate 93
-#define __NR_fchmod 94
-#define __NR_fchown 95
-#define __NR_getpriority 96
-#define __NR_setpriority 97
-#define __NR_statfs 99
-#define __NR_fstatfs 100
-#define __NR_syslog 103
-#define __NR_setitimer 104
-#define __NR_getitimer 105
-#define __NR_stat 106
-#define __NR_lstat 107
-#define __NR_fstat 108
-#define __NR_vhangup 111
-#define __NR_wait4 114
-#define __NR_swapoff 115
-#define __NR_sysinfo 116
-#define __NR_fsync 118
-#define __NR_sigreturn 119
-#define __NR_clone 120
-#define __NR_setdomainname 121
-#define __NR_uname 122
-#define __NR_adjtimex 124
-#define __NR_mprotect 125
-#define __NR_sigprocmask 126
-#define __NR_init_module 128
-#define __NR_delete_module 129
-#define __NR_quotactl 131
-#define __NR_getpgid 132
-#define __NR_fchdir 133
-#define __NR_bdflush 134
-#define __NR_sysfs 135
-#define __NR_personality 136
-#define __NR_setfsuid 138
-#define __NR_setfsgid 139
-#define __NR__llseek 140
-#define __NR_getdents 141
-#define __NR__newselect 142
-#define __NR_flock 143
-#define __NR_msync 144
-#define __NR_readv 145
-#define __NR_writev 146
-#define __NR_getsid 147
-#define __NR_fdatasync 148
-#define __NR__sysctl 149
-#define __NR_mlock 150
-#define __NR_munlock 151
-#define __NR_mlockall 152
-#define __NR_munlockall 153
-#define __NR_sched_setparam 154
-#define __NR_sched_getparam 155
-#define __NR_sched_setscheduler 156
-#define __NR_sched_getscheduler 157
-#define __NR_sched_yield 158
-#define __NR_sched_get_priority_max 159
-#define __NR_sched_get_priority_min 160
-#define __NR_sched_rr_get_interval 161
-#define __NR_nanosleep 162
-#define __NR_mremap 163
-#define __NR_setresuid 164
-#define __NR_getresuid 165
-#define __NR_poll 168
-#define __NR_nfsservctl 169
-#define __NR_setresgid 170
-#define __NR_getresgid 171
-#define __NR_prctl 172
-#define __NR_rt_sigreturn 173
-#define __NR_rt_sigaction 174
-#define __NR_rt_sigprocmask 175
-#define __NR_rt_sigpending 176
-#define __NR_rt_sigtimedwait 177
-#define __NR_rt_sigqueueinfo 178
-#define __NR_rt_sigsuspend 179
-#define __NR_pread64 180
-#define __NR_pwrite64 181
-#define __NR_chown 182
-#define __NR_getcwd 183
-#define __NR_capget 184
-#define __NR_capset 185
-#define __NR_sigaltstack 186
-#define __NR_sendfile 187
-#define __NR_vfork 190
-#define __NR_ugetrlimit 191
-#define __NR_mmap2 192
-#define __NR_truncate64 193
-#define __NR_ftruncate64 194
-#define __NR_stat64 195
-#define __NR_lstat64 196
-#define __NR_fstat64 197
-#define __NR_lchown32 198
-#define __NR_getuid32 199
-#define __NR_getgid32 200
-#define __NR_geteuid32 201
-#define __NR_getegid32 202
-#define __NR_setreuid32 203
-#define __NR_setregid32 204
-#define __NR_getgroups32 205
-#define __NR_setgroups32 206
-#define __NR_fchown32 207
-#define __NR_setresuid32 208
-#define __NR_getresuid32 209
-#define __NR_setresgid32 210
-#define __NR_getresgid32 211
-#define __NR_chown32 212
-#define __NR_setuid32 213
-#define __NR_setgid32 214
-#define __NR_setfsuid32 215
-#define __NR_setfsgid32 216
-#define __NR_getdents64 217
-#define __NR_pivot_root 218
-#define __NR_mincore 219
-#define __NR_madvise 220
-#define __NR_fcntl64 221
-#define __NR_gettid 224
-#define __NR_readahead 225
-#define __NR_setxattr 226
-#define __NR_lsetxattr 227
-#define __NR_fsetxattr 228
-#define __NR_getxattr 229
-#define __NR_lgetxattr 230
-#define __NR_fgetxattr 231
-#define __NR_listxattr 232
-#define __NR_llistxattr 233
-#define __NR_flistxattr 234
-#define __NR_removexattr 235
-#define __NR_lremovexattr 236
-#define __NR_fremovexattr 237
-#define __NR_tkill 238
-#define __NR_sendfile64 239
-#define __NR_futex 240
-#define __NR_sched_setaffinity 241
-#define __NR_sched_getaffinity 242
-#define __NR_io_setup 243
-#define __NR_io_destroy 244
-#define __NR_io_getevents 245
-#define __NR_io_submit 246
-#define __NR_io_cancel 247
-#define __NR_exit_group 248
-#define __NR_lookup_dcookie 249
-#define __NR_epoll_create 250
-#define __NR_epoll_ctl 251
-#define __NR_epoll_wait 252
-#define __NR_remap_file_pages 253
-#define __NR_set_tid_address 256
-#define __NR_timer_create 257
-#define __NR_timer_settime 258
-#define __NR_timer_gettime 259
-#define __NR_timer_getoverrun 260
-#define __NR_timer_delete 261
-#define __NR_clock_settime 262
-#define __NR_clock_gettime 263
-#define __NR_clock_getres 264
-#define __NR_clock_nanosleep 265
-#define __NR_statfs64 266
-#define __NR_fstatfs64 267
-#define __NR_tgkill 268
-#define __NR_utimes 269
-#define __NR_fadvise64_64 270
-#define __NR_arm_fadvise64_64 270
-#define __NR_pciconfig_iobase 271
-#define __NR_pciconfig_read 272
-#define __NR_pciconfig_write 273
-#define __NR_mq_open 274
-#define __NR_mq_unlink 275
-#define __NR_mq_timedsend 276
-#define __NR_mq_timedreceive 277
-#define __NR_mq_notify 278
-#define __NR_mq_getsetattr 279
-#define __NR_waitid 280
-#define __NR_socket 281
-#define __NR_bind 282
-#define __NR_connect 283
-#define __NR_listen 284
-#define __NR_accept 285
-#define __NR_getsockname 286
-#define __NR_getpeername 287
-#define __NR_socketpair 288
-#define __NR_send 289
-#define __NR_sendto 290
-#define __NR_recv 291
-#define __NR_recvfrom 292
-#define __NR_shutdown 293
-#define __NR_setsockopt 294
-#define __NR_getsockopt 295
-#define __NR_sendmsg 296
-#define __NR_recvmsg 297
-#define __NR_semop 298
-#define __NR_semget 299
-#define __NR_semctl 300
-#define __NR_msgsnd 301
-#define __NR_msgrcv 302
-#define __NR_msgget 303
-#define __NR_msgctl 304
-#define __NR_shmat 305
-#define __NR_shmdt 306
-#define __NR_shmget 307
-#define __NR_shmctl 308
-#define __NR_add_key 309
-#define __NR_request_key 310
-#define __NR_keyctl 311
-#define __NR_semtimedop 312
-#define __NR_vserver 313
-#define __NR_ioprio_set 314
-#define __NR_ioprio_get 315
-#define __NR_inotify_init 316
-#define __NR_inotify_add_watch 317
-#define __NR_inotify_rm_watch 318
-#define __NR_mbind 319
-#define __NR_get_mempolicy 320
-#define __NR_set_mempolicy 321
-#define __NR_openat 322
-#define __NR_mkdirat 323
-#define __NR_mknodat 324
-#define __NR_fchownat 325
-#define __NR_futimesat 326
-#define __NR_fstatat64 327
-#define __NR_unlinkat 328
-#define __NR_renameat 329
-#define __NR_linkat 330
-#define __NR_symlinkat 331
-#define __NR_readlinkat 332
-#define __NR_fchmodat 333
-#define __NR_faccessat 334
-#define __NR_pselect6 335
-#define __NR_ppoll 336
-#define __NR_unshare 337
-#define __NR_set_robust_list 338
-#define __NR_get_robust_list 339
-#define __NR_splice 340
-#define __NR_sync_file_range2 341
-#define __NR_arm_sync_file_range 341
-#define __NR_tee 342
-#define __NR_vmsplice 343
-#define __NR_move_pages 344
-#define __NR_getcpu 345
-#define __NR_epoll_pwait 346
-#define __NR_kexec_load 347
-#define __NR_utimensat 348
-#define __NR_signalfd 349
-#define __NR_timerfd_create 350
-#define __NR_eventfd 351
-#define __NR_fallocate 352
-#define __NR_timerfd_settime 353
-#define __NR_timerfd_gettime 354
-#define __NR_signalfd4 355
-#define __NR_eventfd2 356
-#define __NR_epoll_create1 357
-#define __NR_dup3 358
-#define __NR_pipe2 359
-#define __NR_inotify_init1 360
-#define __NR_preadv 361
-#define __NR_pwritev 362
-#define __NR_rt_tgsigqueueinfo 363
-#define __NR_perf_event_open 364
-#define __NR_recvmmsg 365
-#define __NR_accept4 366
-#define __NR_fanotify_init 367
-#define __NR_fanotify_mark 368
-#define __NR_prlimit64 369
-#define __NR_name_to_handle_at 370
-#define __NR_open_by_handle_at 371
-#define __NR_clock_adjtime 372
-#define __NR_syncfs 373
-#define __NR_sendmmsg 374
-#define __NR_setns 375
-#define __NR_process_vm_readv 376
-#define __NR_process_vm_writev 377
-#define __NR_kcmp 378
-#define __NR_finit_module 379
-#define __NR_sched_setattr 380
-#define __NR_sched_getattr 381
-#define __NR_renameat2 382
-#define __NR_seccomp 383
-#define __NR_getrandom 384
-#define __NR_memfd_create 385
-#define __NR_bpf 386
-#define __NR_execveat 387
-#define __NR_userfaultfd 388
-#define __NR_membarrier 389
-#define __NR_mlock2 390
-#define __NR_copy_file_range 391
-#define __NR_preadv2 392
-#define __NR_pwritev2 393
-#define __NR_pkey_mprotect 394
-#define __NR_pkey_alloc 395
-#define __NR_pkey_free 396
+#define __NR_restart_syscall 0
+#define __NR_exit 1
+#define __NR_fork 2
+#define __NR_read 3
+#define __NR_write 4
+#define __NR_open 5
+#define __NR_close 6
+#define __NR_creat 8
+#define __NR_link 9
+#define __NR_unlink 10
+#define __NR_execve 11
+#define __NR_chdir 12
+#define __NR_mknod 14
+#define __NR_chmod 15
+#define __NR_lchown 16
+#define __NR_lseek 19
+#define __NR_getpid 20
+#define __NR_mount 21
+#define __NR_setuid 23
+#define __NR_getuid 24
+#define __NR_ptrace 26
+#define __NR_pause 29
+#define __NR_access 33
+#define __NR_nice 34
+#define __NR_sync 36
+#define __NR_kill 37
+#define __NR_rename 38
+#define __NR_mkdir 39
+#define __NR_rmdir 40
+#define __NR_dup 41
+#define __NR_pipe 42
+#define __NR_times 43
+#define __NR_brk 45
+#define __NR_setgid 46
+#define __NR_getgid 47
+#define __NR_geteuid 49
+#define __NR_getegid 50
+#define __NR_acct 51
+#define __NR_umount2 52
+#define __NR_ioctl 54
+#define __NR_fcntl 55
+#define __NR_setpgid 57
+#define __NR_umask 60
+#define __NR_chroot 61
+#define __NR_ustat 62
+#define __NR_dup2 63
+#define __NR_getppid 64
+#define __NR_getpgrp 65
+#define __NR_setsid 66
+#define __NR_sigaction 67
+#define __NR_setreuid 70
+#define __NR_setregid 71
+#define __NR_sigsuspend 72
+#define __NR_sigpending 73
+#define __NR_sethostname 74
+#define __NR_setrlimit 75
+#define __NR_getrusage 77
+#define __NR_gettimeofday_time32 78
+#define __NR_settimeofday_time32 79
+#define __NR_getgroups 80
+#define __NR_setgroups 81
+#define __NR_symlink 83
+#define __NR_readlink 85
+#define __NR_uselib 86
+#define __NR_swapon 87
+#define __NR_reboot 88
+#define __NR_munmap 91
+#define __NR_truncate 92
+#define __NR_ftruncate 93
+#define __NR_fchmod 94
+#define __NR_fchown 95
+#define __NR_getpriority 96
+#define __NR_setpriority 97
+#define __NR_statfs 99
+#define __NR_fstatfs 100
+#define __NR_syslog 103
+#define __NR_setitimer 104
+#define __NR_getitimer 105
+#define __NR_stat 106
+#define __NR_lstat 107
+#define __NR_fstat 108
+#define __NR_vhangup 111
+#define __NR_wait4 114
+#define __NR_swapoff 115
+#define __NR_sysinfo 116
+#define __NR_fsync 118
+#define __NR_sigreturn 119
+#define __NR_clone 120
+#define __NR_setdomainname 121
+#define __NR_uname 122
+#define __NR_adjtimex 124
+#define __NR_mprotect 125
+#define __NR_sigprocmask 126
+#define __NR_init_module 128
+#define __NR_delete_module 129
+#define __NR_quotactl 131
+#define __NR_getpgid 132
+#define __NR_fchdir 133
+#define __NR_bdflush 134
+#define __NR_sysfs 135
+#define __NR_personality 136
+#define __NR_setfsuid 138
+#define __NR_setfsgid 139
+#define __NR__llseek 140
+#define __NR_getdents 141
+#define __NR__newselect 142
+#define __NR_flock 143
+#define __NR_msync 144
+#define __NR_readv 145
+#define __NR_writev 146
+#define __NR_getsid 147
+#define __NR_fdatasync 148
+#define __NR__sysctl 149
+#define __NR_mlock 150
+#define __NR_munlock 151
+#define __NR_mlockall 152
+#define __NR_munlockall 153
+#define __NR_sched_setparam 154
+#define __NR_sched_getparam 155
+#define __NR_sched_setscheduler 156
+#define __NR_sched_getscheduler 157
+#define __NR_sched_yield 158
+#define __NR_sched_get_priority_max 159
+#define __NR_sched_get_priority_min 160
+#define __NR_sched_rr_get_interval 161
+#define __NR_nanosleep 162
+#define __NR_mremap 163
+#define __NR_setresuid 164
+#define __NR_getresuid 165
+#define __NR_poll 168
+#define __NR_nfsservctl 169
+#define __NR_setresgid 170
+#define __NR_getresgid 171
+#define __NR_prctl 172
+#define __NR_rt_sigreturn 173
+#define __NR_rt_sigaction 174
+#define __NR_rt_sigprocmask 175
+#define __NR_rt_sigpending 176
+#define __NR_rt_sigtimedwait 177
+#define __NR_rt_sigqueueinfo 178
+#define __NR_rt_sigsuspend 179
+#define __NR_pread64 180
+#define __NR_pwrite64 181
+#define __NR_chown 182
+#define __NR_getcwd 183
+#define __NR_capget 184
+#define __NR_capset 185
+#define __NR_sigaltstack 186
+#define __NR_sendfile 187
+#define __NR_vfork 190
+#define __NR_ugetrlimit 191
+#define __NR_mmap2 192
+#define __NR_truncate64 193
+#define __NR_ftruncate64 194
+#define __NR_stat64 195
+#define __NR_lstat64 196
+#define __NR_fstat64 197
+#define __NR_lchown32 198
+#define __NR_getuid32 199
+#define __NR_getgid32 200
+#define __NR_geteuid32 201
+#define __NR_getegid32 202
+#define __NR_setreuid32 203
+#define __NR_setregid32 204
+#define __NR_getgroups32 205
+#define __NR_setgroups32 206
+#define __NR_fchown32 207
+#define __NR_setresuid32 208
+#define __NR_getresuid32 209
+#define __NR_setresgid32 210
+#define __NR_getresgid32 211
+#define __NR_chown32 212
+#define __NR_setuid32 213
+#define __NR_setgid32 214
+#define __NR_setfsuid32 215
+#define __NR_setfsgid32 216
+#define __NR_getdents64 217
+#define __NR_pivot_root 218
+#define __NR_mincore 219
+#define __NR_madvise 220
+#define __NR_fcntl64 221
+#define __NR_gettid 224
+#define __NR_readahead 225
+#define __NR_setxattr 226
+#define __NR_lsetxattr 227
+#define __NR_fsetxattr 228
+#define __NR_getxattr 229
+#define __NR_lgetxattr 230
+#define __NR_fgetxattr 231
+#define __NR_listxattr 232
+#define __NR_llistxattr 233
+#define __NR_flistxattr 234
+#define __NR_removexattr 235
+#define __NR_lremovexattr 236
+#define __NR_fremovexattr 237
+#define __NR_tkill 238
+#define __NR_sendfile64 239
+#define __NR_futex 240
+#define __NR_sched_setaffinity 241
+#define __NR_sched_getaffinity 242
+#define __NR_io_setup 243
+#define __NR_io_destroy 244
+#define __NR_io_getevents 245
+#define __NR_io_submit 246
+#define __NR_io_cancel 247
+#define __NR_exit_group 248
+#define __NR_lookup_dcookie 249
+#define __NR_epoll_create 250
+#define __NR_epoll_ctl 251
+#define __NR_epoll_wait 252
+#define __NR_remap_file_pages 253
+#define __NR_set_tid_address 256
+#define __NR_timer_create 257
+#define __NR_timer_settime32 258
+#define __NR_timer_gettime32 259
+#define __NR_timer_getoverrun 260
+#define __NR_timer_delete 261
+#define __NR_clock_settime32 262
+#define __NR_clock_gettime32 263
+#define __NR_clock_getres_time32 264
+#define __NR_clock_nanosleep_time32 265
+#define __NR_statfs64 266
+#define __NR_fstatfs64 267
+#define __NR_tgkill 268
+#define __NR_utimes 269
+#define __NR_fadvise64_64 270
+#define __NR_arm_fadvise64_64 270
+#define __NR_pciconfig_iobase 271
+#define __NR_pciconfig_read 272
+#define __NR_pciconfig_write 273
+#define __NR_mq_open 274
+#define __NR_mq_unlink 275
+#define __NR_mq_timedsend 276
+#define __NR_mq_timedreceive 277
+#define __NR_mq_notify 278
+#define __NR_mq_getsetattr 279
+#define __NR_waitid 280
+#define __NR_socket 281
+#define __NR_bind 282
+#define __NR_connect 283
+#define __NR_listen 284
+#define __NR_accept 285
+#define __NR_getsockname 286
+#define __NR_getpeername 287
+#define __NR_socketpair 288
+#define __NR_send 289
+#define __NR_sendto 290
+#define __NR_recv 291
+#define __NR_recvfrom 292
+#define __NR_shutdown 293
+#define __NR_setsockopt 294
+#define __NR_getsockopt 295
+#define __NR_sendmsg 296
+#define __NR_recvmsg 297
+#define __NR_semop 298
+#define __NR_semget 299
+#define __NR_semctl 300
+#define __NR_msgsnd 301
+#define __NR_msgrcv 302
+#define __NR_msgget 303
+#define __NR_msgctl 304
+#define __NR_shmat 305
+#define __NR_shmdt 306
+#define __NR_shmget 307
+#define __NR_shmctl 308
+#define __NR_add_key 309
+#define __NR_request_key 310
+#define __NR_keyctl 311
+#define __NR_semtimedop 312
+#define __NR_vserver 313
+#define __NR_ioprio_set 314
+#define __NR_ioprio_get 315
+#define __NR_inotify_init 316
+#define __NR_inotify_add_watch 317
+#define __NR_inotify_rm_watch 318
+#define __NR_mbind 319
+#define __NR_get_mempolicy 320
+#define __NR_set_mempolicy 321
+#define __NR_openat 322
+#define __NR_mkdirat 323
+#define __NR_mknodat 324
+#define __NR_fchownat 325
+#define __NR_futimesat 326
+#define __NR_fstatat64 327
+#define __NR_unlinkat 328
+#define __NR_renameat 329
+#define __NR_linkat 330
+#define __NR_symlinkat 331
+#define __NR_readlinkat 332
+#define __NR_fchmodat 333
+#define __NR_faccessat 334
+#define __NR_pselect6 335
+#define __NR_ppoll 336
+#define __NR_unshare 337
+#define __NR_set_robust_list 338
+#define __NR_get_robust_list 339
+#define __NR_splice 340
+#define __NR_sync_file_range2 341
+#define __NR_arm_sync_file_range 341
+#define __NR_tee 342
+#define __NR_vmsplice 343
+#define __NR_move_pages 344
+#define __NR_getcpu 345
+#define __NR_epoll_pwait 346
+#define __NR_kexec_load 347
+#define __NR_utimensat 348
+#define __NR_signalfd 349
+#define __NR_timerfd_create 350
+#define __NR_eventfd 351
+#define __NR_fallocate 352
+#define __NR_timerfd_settime32 353
+#define __NR_timerfd_gettime32 354
+#define __NR_signalfd4 355
+#define __NR_eventfd2 356
+#define __NR_epoll_create1 357
+#define __NR_dup3 358
+#define __NR_pipe2 359
+#define __NR_inotify_init1 360
+#define __NR_preadv 361
+#define __NR_pwritev 362
+#define __NR_rt_tgsigqueueinfo 363
+#define __NR_perf_event_open 364
+#define __NR_recvmmsg 365
+#define __NR_accept4 366
+#define __NR_fanotify_init 367
+#define __NR_fanotify_mark 368
+#define __NR_prlimit64 369
+#define __NR_name_to_handle_at 370
+#define __NR_open_by_handle_at 371
+#define __NR_clock_adjtime 372
+#define __NR_syncfs 373
+#define __NR_sendmmsg 374
+#define __NR_setns 375
+#define __NR_process_vm_readv 376
+#define __NR_process_vm_writev 377
+#define __NR_kcmp 378
+#define __NR_finit_module 379
+#define __NR_sched_setattr 380
+#define __NR_sched_getattr 381
+#define __NR_renameat2 382
+#define __NR_seccomp 383
+#define __NR_getrandom 384
+#define __NR_memfd_create 385
+#define __NR_bpf 386
+#define __NR_execveat 387
+#define __NR_userfaultfd 388
+#define __NR_membarrier 389
+#define __NR_mlock2 390
+#define __NR_copy_file_range 391
+#define __NR_preadv2 392
+#define __NR_pwritev2 393
+#define __NR_pkey_mprotect 394
+#define __NR_pkey_alloc 395
+#define __NR_pkey_free 396
+#define __NR_statx 397
+#define __NR_rseq 398
+#define __NR_io_pgetevents 399
+#define __NR_migrate_pages 400
+#define __NR_kexec_file_load 401
+#define __NR_clock_gettime64 403
+#define __NR_clock_settime64 404
+#define __NR_clock_adjtime64 405
+#define __NR_clock_getres_time64 406
+#define __NR_clock_nanosleep_time64 407
+#define __NR_timer_gettime64 408
+#define __NR_timer_settime64 409
+#define __NR_timerfd_gettime64 410
+#define __NR_timerfd_settime64 411
+#define __NR_utimensat_time64 412
+#define __NR_pselect6_time64 413
+#define __NR_ppoll_time64 414
+#define __NR_io_pgetevents_time64 416
+#define __NR_recvmmsg_time64 417
+#define __NR_mq_timedsend_time64 418
+#define __NR_mq_timedreceive_time64 419
+#define __NR_semtimedop_time64 420
+#define __NR_rt_sigtimedwait_time64 421
+#define __NR_futex_time64 422
+#define __NR_sched_rr_get_interval_time64 423
+#define __NR_pidfd_send_signal 424
+#define __NR_io_uring_setup 425
+#define __NR_io_uring_enter 426
+#define __NR_io_uring_register 427
+#define __NR_open_tree 428
+#define __NR_move_mount 429
+#define __NR_fsopen 430
+#define __NR_fsconfig 431
+#define __NR_fsmount 432
+#define __NR_fspick 433
+#define __NR_pidfd_open 434
+#define __NR_clone3 435
+#define __NR_close_range 436
+#define __NR_openat2 437
+#define __NR_pidfd_getfd 438
+#define __NR_faccessat2 439
+#define __NR_process_madvise 440
+#define __NR_epoll_pwait2 441
+#define __NR_mount_setattr 442
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
-#define __ARM_NR_breakpoint 0x0f0001
-#define __ARM_NR_cacheflush 0x0f0002
-#define __ARM_NR_usr26 0x0f0003
-#define __ARM_NR_usr32 0x0f0004
-#define __ARM_NR_set_tls 0x0f0005
+#define __ARM_NR_breakpoint 0x0f0001
+#define __ARM_NR_cacheflush 0x0f0002
+#define __ARM_NR_usr26 0x0f0003
+#define __ARM_NR_usr32 0x0f0004
+#define __ARM_NR_set_tls 0x0f0005
+#define __ARM_NR_get_tls 0x0f0006
-#define SYS_restart_syscall 0
-#define SYS_exit 1
-#define SYS_fork 2
-#define SYS_read 3
-#define SYS_write 4
-#define SYS_open 5
-#define SYS_close 6
-#define SYS_creat 8
-#define SYS_link 9
-#define SYS_unlink 10
-#define SYS_execve 11
-#define SYS_chdir 12
-#define SYS_mknod 14
-#define SYS_chmod 15
-#define SYS_lchown 16
-#define SYS_lseek 19
-#define SYS_getpid 20
-#define SYS_mount 21
-#define SYS_setuid 23
-#define SYS_getuid 24
-#define SYS_ptrace 26
-#define SYS_pause 29
-#define SYS_access 33
-#define SYS_nice 34
-#define SYS_sync 36
-#define SYS_kill 37
-#define SYS_rename 38
-#define SYS_mkdir 39
-#define SYS_rmdir 40
-#define SYS_dup 41
-#define SYS_pipe 42
-#define SYS_times 43
-#define SYS_brk 45
-#define SYS_setgid 46
-#define SYS_getgid 47
-#define SYS_geteuid 49
-#define SYS_getegid 50
-#define SYS_acct 51
-#define SYS_umount2 52
-#define SYS_ioctl 54
-#define SYS_fcntl 55
-#define SYS_setpgid 57
-#define SYS_umask 60
-#define SYS_chroot 61
-#define SYS_ustat 62
-#define SYS_dup2 63
-#define SYS_getppid 64
-#define SYS_getpgrp 65
-#define SYS_setsid 66
-#define SYS_sigaction 67
-#define SYS_setreuid 70
-#define SYS_setregid 71
-#define SYS_sigsuspend 72
-#define SYS_sigpending 73
-#define SYS_sethostname 74
-#define SYS_setrlimit 75
-#define SYS_getrusage 77
-#define SYS_gettimeofday 78
-#define SYS_settimeofday 79
-#define SYS_getgroups 80
-#define SYS_setgroups 81
-#define SYS_symlink 83
-#define SYS_readlink 85
-#define SYS_uselib 86
-#define SYS_swapon 87
-#define SYS_reboot 88
-#define SYS_munmap 91
-#define SYS_truncate 92
-#define SYS_ftruncate 93
-#define SYS_fchmod 94
-#define SYS_fchown 95
-#define SYS_getpriority 96
-#define SYS_setpriority 97
-#define SYS_statfs 99
-#define SYS_fstatfs 100
-#define SYS_syslog 103
-#define SYS_setitimer 104
-#define SYS_getitimer 105
-#define SYS_stat 106
-#define SYS_lstat 107
-#define SYS_fstat 108
-#define SYS_vhangup 111
-#define SYS_wait4 114
-#define SYS_swapoff 115
-#define SYS_sysinfo 116
-#define SYS_fsync 118
-#define SYS_sigreturn 119
-#define SYS_clone 120
-#define SYS_setdomainname 121
-#define SYS_uname 122
-#define SYS_adjtimex 124
-#define SYS_mprotect 125
-#define SYS_sigprocmask 126
-#define SYS_init_module 128
-#define SYS_delete_module 129
-#define SYS_quotactl 131
-#define SYS_getpgid 132
-#define SYS_fchdir 133
-#define SYS_bdflush 134
-#define SYS_sysfs 135
-#define SYS_personality 136
-#define SYS_setfsuid 138
-#define SYS_setfsgid 139
-#define SYS__llseek 140
-#define SYS_getdents 141
-#define SYS__newselect 142
-#define SYS_flock 143
-#define SYS_msync 144
-#define SYS_readv 145
-#define SYS_writev 146
-#define SYS_getsid 147
-#define SYS_fdatasync 148
-#define SYS__sysctl 149
-#define SYS_mlock 150
-#define SYS_munlock 151
-#define SYS_mlockall 152
-#define SYS_munlockall 153
-#define SYS_sched_setparam 154
-#define SYS_sched_getparam 155
-#define SYS_sched_setscheduler 156
-#define SYS_sched_getscheduler 157
-#define SYS_sched_yield 158
-#define SYS_sched_get_priority_max 159
-#define SYS_sched_get_priority_min 160
-#define SYS_sched_rr_get_interval 161
-#define SYS_nanosleep 162
-#define SYS_mremap 163
-#define SYS_setresuid 164
-#define SYS_getresuid 165
-#define SYS_poll 168
-#define SYS_nfsservctl 169
-#define SYS_setresgid 170
-#define SYS_getresgid 171
-#define SYS_prctl 172
-#define SYS_rt_sigreturn 173
-#define SYS_rt_sigaction 174
-#define SYS_rt_sigprocmask 175
-#define SYS_rt_sigpending 176
-#define SYS_rt_sigtimedwait 177
-#define SYS_rt_sigqueueinfo 178
-#define SYS_rt_sigsuspend 179
-#define SYS_pread64 180
-#define SYS_pwrite64 181
-#define SYS_chown 182
-#define SYS_getcwd 183
-#define SYS_capget 184
-#define SYS_capset 185
-#define SYS_sigaltstack 186
-#define SYS_sendfile 187
-#define SYS_vfork 190
-#define SYS_ugetrlimit 191
-#define SYS_mmap2 192
-#define SYS_truncate64 193
-#define SYS_ftruncate64 194
-#define SYS_stat64 195
-#define SYS_lstat64 196
-#define SYS_fstat64 197
-#define SYS_lchown32 198
-#define SYS_getuid32 199
-#define SYS_getgid32 200
-#define SYS_geteuid32 201
-#define SYS_getegid32 202
-#define SYS_setreuid32 203
-#define SYS_setregid32 204
-#define SYS_getgroups32 205
-#define SYS_setgroups32 206
-#define SYS_fchown32 207
-#define SYS_setresuid32 208
-#define SYS_getresuid32 209
-#define SYS_setresgid32 210
-#define SYS_getresgid32 211
-#define SYS_chown32 212
-#define SYS_setuid32 213
-#define SYS_setgid32 214
-#define SYS_setfsuid32 215
-#define SYS_setfsgid32 216
-#define SYS_getdents64 217
-#define SYS_pivot_root 218
-#define SYS_mincore 219
-#define SYS_madvise 220
-#define SYS_fcntl64 221
-#define SYS_gettid 224
-#define SYS_readahead 225
-#define SYS_setxattr 226
-#define SYS_lsetxattr 227
-#define SYS_fsetxattr 228
-#define SYS_getxattr 229
-#define SYS_lgetxattr 230
-#define SYS_fgetxattr 231
-#define SYS_listxattr 232
-#define SYS_llistxattr 233
-#define SYS_flistxattr 234
-#define SYS_removexattr 235
-#define SYS_lremovexattr 236
-#define SYS_fremovexattr 237
-#define SYS_tkill 238
-#define SYS_sendfile64 239
-#define SYS_futex 240
-#define SYS_sched_setaffinity 241
-#define SYS_sched_getaffinity 242
-#define SYS_io_setup 243
-#define SYS_io_destroy 244
-#define SYS_io_getevents 245
-#define SYS_io_submit 246
-#define SYS_io_cancel 247
-#define SYS_exit_group 248
-#define SYS_lookup_dcookie 249
-#define SYS_epoll_create 250
-#define SYS_epoll_ctl 251
-#define SYS_epoll_wait 252
-#define SYS_remap_file_pages 253
-#define SYS_set_tid_address 256
-#define SYS_timer_create 257
-#define SYS_timer_settime 258
-#define SYS_timer_gettime 259
-#define SYS_timer_getoverrun 260
-#define SYS_timer_delete 261
-#define SYS_clock_settime 262
-#define SYS_clock_gettime 263
-#define SYS_clock_getres 264
-#define SYS_clock_nanosleep 265
-#define SYS_statfs64 266
-#define SYS_fstatfs64 267
-#define SYS_tgkill 268
-#define SYS_utimes 269
-#define SYS_fadvise64_64 270
-#define SYS_arm_fadvise64_64 270
-#define SYS_pciconfig_iobase 271
-#define SYS_pciconfig_read 272
-#define SYS_pciconfig_write 273
-#define SYS_mq_open 274
-#define SYS_mq_unlink 275
-#define SYS_mq_timedsend 276
-#define SYS_mq_timedreceive 277
-#define SYS_mq_notify 278
-#define SYS_mq_getsetattr 279
-#define SYS_waitid 280
-#define SYS_socket 281
-#define SYS_bind 282
-#define SYS_connect 283
-#define SYS_listen 284
-#define SYS_accept 285
-#define SYS_getsockname 286
-#define SYS_getpeername 287
-#define SYS_socketpair 288
-#define SYS_send 289
-#define SYS_sendto 290
-#define SYS_recv 291
-#define SYS_recvfrom 292
-#define SYS_shutdown 293
-#define SYS_setsockopt 294
-#define SYS_getsockopt 295
-#define SYS_sendmsg 296
-#define SYS_recvmsg 297
-#define SYS_semop 298
-#define SYS_semget 299
-#define SYS_semctl 300
-#define SYS_msgsnd 301
-#define SYS_msgrcv 302
-#define SYS_msgget 303
-#define SYS_msgctl 304
-#define SYS_shmat 305
-#define SYS_shmdt 306
-#define SYS_shmget 307
-#define SYS_shmctl 308
-#define SYS_add_key 309
-#define SYS_request_key 310
-#define SYS_keyctl 311
-#define SYS_semtimedop 312
-#define SYS_vserver 313
-#define SYS_ioprio_set 314
-#define SYS_ioprio_get 315
-#define SYS_inotify_init 316
-#define SYS_inotify_add_watch 317
-#define SYS_inotify_rm_watch 318
-#define SYS_mbind 319
-#define SYS_get_mempolicy 320
-#define SYS_set_mempolicy 321
-#define SYS_openat 322
-#define SYS_mkdirat 323
-#define SYS_mknodat 324
-#define SYS_fchownat 325
-#define SYS_futimesat 326
-#define SYS_fstatat64 327
-#define SYS_unlinkat 328
-#define SYS_renameat 329
-#define SYS_linkat 330
-#define SYS_symlinkat 331
-#define SYS_readlinkat 332
-#define SYS_fchmodat 333
-#define SYS_faccessat 334
-#define SYS_pselect6 335
-#define SYS_ppoll 336
-#define SYS_unshare 337
-#define SYS_set_robust_list 338
-#define SYS_get_robust_list 339
-#define SYS_splice 340
-#define SYS_sync_file_range2 341
-#define SYS_arm_sync_file_range 341
-#define SYS_tee 342
-#define SYS_vmsplice 343
-#define SYS_move_pages 344
-#define SYS_getcpu 345
-#define SYS_epoll_pwait 346
-#define SYS_kexec_load 347
-#define SYS_utimensat 348
-#define SYS_signalfd 349
-#define SYS_timerfd_create 350
-#define SYS_eventfd 351
-#define SYS_fallocate 352
-#define SYS_timerfd_settime 353
-#define SYS_timerfd_gettime 354
-#define SYS_signalfd4 355
-#define SYS_eventfd2 356
-#define SYS_epoll_create1 357
-#define SYS_dup3 358
-#define SYS_pipe2 359
-#define SYS_inotify_init1 360
-#define SYS_preadv 361
-#define SYS_pwritev 362
-#define SYS_rt_tgsigqueueinfo 363
-#define SYS_perf_event_open 364
-#define SYS_recvmmsg 365
-#define SYS_accept4 366
-#define SYS_fanotify_init 367
-#define SYS_fanotify_mark 368
-#define SYS_prlimit64 369
-#define SYS_name_to_handle_at 370
-#define SYS_open_by_handle_at 371
-#define SYS_clock_adjtime 372
-#define SYS_syncfs 373
-#define SYS_sendmmsg 374
-#define SYS_setns 375
-#define SYS_process_vm_readv 376
-#define SYS_process_vm_writev 377
-#define SYS_kcmp 378
-#define SYS_finit_module 379
-#define SYS_sched_setattr 380
-#define SYS_sched_getattr 381
-#define SYS_renameat2 382
-#define SYS_seccomp 383
-#define SYS_getrandom 384
-#define SYS_memfd_create 385
-#define SYS_bpf 386
-#define SYS_execveat 387
-#define SYS_userfaultfd 388
-#define SYS_membarrier 389
-#define SYS_mlock2 390
-#define SYS_copy_file_range 391
-#define SYS_preadv2 392
-#define SYS_pwritev2 393
-#define SYS_pkey_mprotect 394
-#define SYS_pkey_alloc 395
-#define SYS_pkey_free 396
+#define SYS_restart_syscall 0
+#define SYS_exit 1
+#define SYS_fork 2
+#define SYS_read 3
+#define SYS_write 4
+#define SYS_open 5
+#define SYS_close 6
+#define SYS_creat 8
+#define SYS_link 9
+#define SYS_unlink 10
+#define SYS_execve 11
+#define SYS_chdir 12
+#define SYS_mknod 14
+#define SYS_chmod 15
+#define SYS_lchown 16
+#define SYS_lseek 19
+#define SYS_getpid 20
+#define SYS_mount 21
+#define SYS_setuid 23
+#define SYS_getuid 24
+#define SYS_ptrace 26
+#define SYS_pause 29
+#define SYS_access 33
+#define SYS_nice 34
+#define SYS_sync 36
+#define SYS_kill 37
+#define SYS_rename 38
+#define SYS_mkdir 39
+#define SYS_rmdir 40
+#define SYS_dup 41
+#define SYS_pipe 42
+#define SYS_times 43
+#define SYS_brk 45
+#define SYS_setgid 46
+#define SYS_getgid 47
+#define SYS_geteuid 49
+#define SYS_getegid 50
+#define SYS_acct 51
+#define SYS_umount2 52
+#define SYS_ioctl 54
+#define SYS_fcntl 55
+#define SYS_setpgid 57
+#define SYS_umask 60
+#define SYS_chroot 61
+#define SYS_ustat 62
+#define SYS_dup2 63
+#define SYS_getppid 64
+#define SYS_getpgrp 65
+#define SYS_setsid 66
+#define SYS_sigaction 67
+#define SYS_setreuid 70
+#define SYS_setregid 71
+#define SYS_sigsuspend 72
+#define SYS_sigpending 73
+#define SYS_sethostname 74
+#define SYS_setrlimit 75
+#define SYS_getrusage 77
+#define SYS_gettimeofday_time32 78
+#define SYS_settimeofday_time32 79
+#define SYS_getgroups 80
+#define SYS_setgroups 81
+#define SYS_symlink 83
+#define SYS_readlink 85
+#define SYS_uselib 86
+#define SYS_swapon 87
+#define SYS_reboot 88
+#define SYS_munmap 91
+#define SYS_truncate 92
+#define SYS_ftruncate 93
+#define SYS_fchmod 94
+#define SYS_fchown 95
+#define SYS_getpriority 96
+#define SYS_setpriority 97
+#define SYS_statfs 99
+#define SYS_fstatfs 100
+#define SYS_syslog 103
+#define SYS_setitimer 104
+#define SYS_getitimer 105
+#define SYS_stat 106
+#define SYS_lstat 107
+#define SYS_fstat 108
+#define SYS_vhangup 111
+#define SYS_wait4 114
+#define SYS_swapoff 115
+#define SYS_sysinfo 116
+#define SYS_fsync 118
+#define SYS_sigreturn 119
+#define SYS_clone 120
+#define SYS_setdomainname 121
+#define SYS_uname 122
+#define SYS_adjtimex 124
+#define SYS_mprotect 125
+#define SYS_sigprocmask 126
+#define SYS_init_module 128
+#define SYS_delete_module 129
+#define SYS_quotactl 131
+#define SYS_getpgid 132
+#define SYS_fchdir 133
+#define SYS_bdflush 134
+#define SYS_sysfs 135
+#define SYS_personality 136
+#define SYS_setfsuid 138
+#define SYS_setfsgid 139
+#define SYS__llseek 140
+#define SYS_getdents 141
+#define SYS__newselect 142
+#define SYS_flock 143
+#define SYS_msync 144
+#define SYS_readv 145
+#define SYS_writev 146
+#define SYS_getsid 147
+#define SYS_fdatasync 148
+#define SYS__sysctl 149
+#define SYS_mlock 150
+#define SYS_munlock 151
+#define SYS_mlockall 152
+#define SYS_munlockall 153
+#define SYS_sched_setparam 154
+#define SYS_sched_getparam 155
+#define SYS_sched_setscheduler 156
+#define SYS_sched_getscheduler 157
+#define SYS_sched_yield 158
+#define SYS_sched_get_priority_max 159
+#define SYS_sched_get_priority_min 160
+#define SYS_sched_rr_get_interval 161
+#define SYS_nanosleep 162
+#define SYS_mremap 163
+#define SYS_setresuid 164
+#define SYS_getresuid 165
+#define SYS_poll 168
+#define SYS_nfsservctl 169
+#define SYS_setresgid 170
+#define SYS_getresgid 171
+#define SYS_prctl 172
+#define SYS_rt_sigreturn 173
+#define SYS_rt_sigaction 174
+#define SYS_rt_sigprocmask 175
+#define SYS_rt_sigpending 176
+#define SYS_rt_sigtimedwait 177
+#define SYS_rt_sigqueueinfo 178
+#define SYS_rt_sigsuspend 179
+#define SYS_pread64 180
+#define SYS_pwrite64 181
+#define SYS_chown 182
+#define SYS_getcwd 183
+#define SYS_capget 184
+#define SYS_capset 185
+#define SYS_sigaltstack 186
+#define SYS_sendfile 187
+#define SYS_vfork 190
+#define SYS_ugetrlimit 191
+#define SYS_mmap2 192
+#define SYS_truncate64 193
+#define SYS_ftruncate64 194
+#define SYS_stat64 195
+#define SYS_lstat64 196
+#define SYS_fstat64 197
+#define SYS_lchown32 198
+#define SYS_getuid32 199
+#define SYS_getgid32 200
+#define SYS_geteuid32 201
+#define SYS_getegid32 202
+#define SYS_setreuid32 203
+#define SYS_setregid32 204
+#define SYS_getgroups32 205
+#define SYS_setgroups32 206
+#define SYS_fchown32 207
+#define SYS_setresuid32 208
+#define SYS_getresuid32 209
+#define SYS_setresgid32 210
+#define SYS_getresgid32 211
+#define SYS_chown32 212
+#define SYS_setuid32 213
+#define SYS_setgid32 214
+#define SYS_setfsuid32 215
+#define SYS_setfsgid32 216
+#define SYS_getdents64 217
+#define SYS_pivot_root 218
+#define SYS_mincore 219
+#define SYS_madvise 220
+#define SYS_fcntl64 221
+#define SYS_gettid 224
+#define SYS_readahead 225
+#define SYS_setxattr 226
+#define SYS_lsetxattr 227
+#define SYS_fsetxattr 228
+#define SYS_getxattr 229
+#define SYS_lgetxattr 230
+#define SYS_fgetxattr 231
+#define SYS_listxattr 232
+#define SYS_llistxattr 233
+#define SYS_flistxattr 234
+#define SYS_removexattr 235
+#define SYS_lremovexattr 236
+#define SYS_fremovexattr 237
+#define SYS_tkill 238
+#define SYS_sendfile64 239
+#define SYS_futex 240
+#define SYS_sched_setaffinity 241
+#define SYS_sched_getaffinity 242
+#define SYS_io_setup 243
+#define SYS_io_destroy 244
+#define SYS_io_getevents 245
+#define SYS_io_submit 246
+#define SYS_io_cancel 247
+#define SYS_exit_group 248
+#define SYS_lookup_dcookie 249
+#define SYS_epoll_create 250
+#define SYS_epoll_ctl 251
+#define SYS_epoll_wait 252
+#define SYS_remap_file_pages 253
+#define SYS_set_tid_address 256
+#define SYS_timer_create 257
+#define SYS_timer_settime32 258
+#define SYS_timer_gettime32 259
+#define SYS_timer_getoverrun 260
+#define SYS_timer_delete 261
+#define SYS_clock_settime32 262
+#define SYS_clock_gettime32 263
+#define SYS_clock_getres_time32 264
+#define SYS_clock_nanosleep_time32 265
+#define SYS_statfs64 266
+#define SYS_fstatfs64 267
+#define SYS_tgkill 268
+#define SYS_utimes 269
+#define SYS_fadvise64_64 270
+#define SYS_arm_fadvise64_64 270
+#define SYS_pciconfig_iobase 271
+#define SYS_pciconfig_read 272
+#define SYS_pciconfig_write 273
+#define SYS_mq_open 274
+#define SYS_mq_unlink 275
+#define SYS_mq_timedsend 276
+#define SYS_mq_timedreceive 277
+#define SYS_mq_notify 278
+#define SYS_mq_getsetattr 279
+#define SYS_waitid 280
+#define SYS_socket 281
+#define SYS_bind 282
+#define SYS_connect 283
+#define SYS_listen 284
+#define SYS_accept 285
+#define SYS_getsockname 286
+#define SYS_getpeername 287
+#define SYS_socketpair 288
+#define SYS_send 289
+#define SYS_sendto 290
+#define SYS_recv 291
+#define SYS_recvfrom 292
+#define SYS_shutdown 293
+#define SYS_setsockopt 294
+#define SYS_getsockopt 295
+#define SYS_sendmsg 296
+#define SYS_recvmsg 297
+#define SYS_semop 298
+#define SYS_semget 299
+#define SYS_semctl 300
+#define SYS_msgsnd 301
+#define SYS_msgrcv 302
+#define SYS_msgget 303
+#define SYS_msgctl 304
+#define SYS_shmat 305
+#define SYS_shmdt 306
+#define SYS_shmget 307
+#define SYS_shmctl 308
+#define SYS_add_key 309
+#define SYS_request_key 310
+#define SYS_keyctl 311
+#define SYS_semtimedop 312
+#define SYS_vserver 313
+#define SYS_ioprio_set 314
+#define SYS_ioprio_get 315
+#define SYS_inotify_init 316
+#define SYS_inotify_add_watch 317
+#define SYS_inotify_rm_watch 318
+#define SYS_mbind 319
+#define SYS_get_mempolicy 320
+#define SYS_set_mempolicy 321
+#define SYS_openat 322
+#define SYS_mkdirat 323
+#define SYS_mknodat 324
+#define SYS_fchownat 325
+#define SYS_futimesat 326
+#define SYS_fstatat64 327
+#define SYS_unlinkat 328
+#define SYS_renameat 329
+#define SYS_linkat 330
+#define SYS_symlinkat 331
+#define SYS_readlinkat 332
+#define SYS_fchmodat 333
+#define SYS_faccessat 334
+#define SYS_pselect6 335
+#define SYS_ppoll 336
+#define SYS_unshare 337
+#define SYS_set_robust_list 338
+#define SYS_get_robust_list 339
+#define SYS_splice 340
+#define SYS_sync_file_range2 341
+#define SYS_arm_sync_file_range 341
+#define SYS_tee 342
+#define SYS_vmsplice 343
+#define SYS_move_pages 344
+#define SYS_getcpu 345
+#define SYS_epoll_pwait 346
+#define SYS_kexec_load 347
+#define SYS_utimensat 348
+#define SYS_signalfd 349
+#define SYS_timerfd_create 350
+#define SYS_eventfd 351
+#define SYS_fallocate 352
+#define SYS_timerfd_settime32 353
+#define SYS_timerfd_gettime32 354
+#define SYS_signalfd4 355
+#define SYS_eventfd2 356
+#define SYS_epoll_create1 357
+#define SYS_dup3 358
+#define SYS_pipe2 359
+#define SYS_inotify_init1 360
+#define SYS_preadv 361
+#define SYS_pwritev 362
+#define SYS_rt_tgsigqueueinfo 363
+#define SYS_perf_event_open 364
+#define SYS_recvmmsg 365
+#define SYS_accept4 366
+#define SYS_fanotify_init 367
+#define SYS_fanotify_mark 368
+#define SYS_prlimit64 369
+#define SYS_name_to_handle_at 370
+#define SYS_open_by_handle_at 371
+#define SYS_clock_adjtime 372
+#define SYS_syncfs 373
+#define SYS_sendmmsg 374
+#define SYS_setns 375
+#define SYS_process_vm_readv 376
+#define SYS_process_vm_writev 377
+#define SYS_kcmp 378
+#define SYS_finit_module 379
+#define SYS_sched_setattr 380
+#define SYS_sched_getattr 381
+#define SYS_renameat2 382
+#define SYS_seccomp 383
+#define SYS_getrandom 384
+#define SYS_memfd_create 385
+#define SYS_bpf 386
+#define SYS_execveat 387
+#define SYS_userfaultfd 388
+#define SYS_membarrier 389
+#define SYS_mlock2 390
+#define SYS_copy_file_range 391
+#define SYS_preadv2 392
+#define SYS_pwritev2 393
+#define SYS_pkey_mprotect 394
+#define SYS_pkey_alloc 395
+#define SYS_pkey_free 396
+#define SYS_statx 397
+#define SYS_rseq 398
+#define SYS_io_pgetevents 399
+#define SYS_migrate_pages 400
+#define SYS_kexec_file_load 401
+#define SYS_clock_gettime64 403
+#define SYS_clock_settime64 404
+#define SYS_clock_adjtime64 405
+#define SYS_clock_getres_time64 406
+#define SYS_clock_nanosleep_time64 407
+#define SYS_timer_gettime64 408
+#define SYS_timer_settime64 409
+#define SYS_timerfd_gettime64 410
+#define SYS_timerfd_settime64 411
+#define SYS_utimensat_time64 412
+#define SYS_pselect6_time64 413
+#define SYS_ppoll_time64 414
+#define SYS_io_pgetevents_time64 416
+#define SYS_recvmmsg_time64 417
+#define SYS_mq_timedsend_time64 418
+#define SYS_mq_timedreceive_time64 419
+#define SYS_semtimedop_time64 420
+#define SYS_rt_sigtimedwait_time64 421
+#define SYS_futex_time64 422
+#define SYS_sched_rr_get_interval_time64 423
+#define SYS_pidfd_send_signal 424
+#define SYS_io_uring_setup 425
+#define SYS_io_uring_enter 426
+#define SYS_io_uring_register 427
+#define SYS_open_tree 428
+#define SYS_move_mount 429
+#define SYS_fsopen 430
+#define SYS_fsconfig 431
+#define SYS_fsmount 432
+#define SYS_fspick 433
+#define SYS_pidfd_open 434
+#define SYS_clone3 435
+#define SYS_close_range 436
+#define SYS_openat2 437
+#define SYS_pidfd_getfd 438
+#define SYS_faccessat2 439
+#define SYS_process_madvise 440
+#define SYS_epoll_pwait2 441
+#define SYS_mount_setattr 442
+#define SYS_landlock_create_ruleset 444
+#define SYS_landlock_add_rule 445
+#define SYS_landlock_restrict_self 446
diff --git a/thirdparty/open_source/musl/libc/arch/arm/crt_arch.h b/thirdparty/open_source/musl/libc/arch/arm/crt_arch.h
new file mode 100644
index 0000000..42e9a26
--- /dev/null
+++ b/thirdparty/open_source/musl/libc/arch/arm/crt_arch.h
@@ -0,0 +1,27 @@
+#ifndef ARM_CRT_ARCH_H
+#define ARM_CRT_ARCH_H
+
+__asm__(
+".text\n"
+".global " START "\n"
+".type " START ",%function\n"
+START ": \n"
+" mov fp, #0\n"
+" mov lr, #0\n"
+" ldr r5, [r0, #8]\n" /* paratbl */
+/* Little-endian */
+" str r1, [r5, #20]\n" /* PT_ZERO1 */
+" str r2, [r5, #24]\n" /* PT_ZERO2 */
+" ldr r1, 1f\n"
+" add r1, pc, r1\n"
+" mov r5, sp\n"
+"2: and r5, r5, #-16\n"
+" mov sp, r5\n"
+" bl " START "_c\n"
+".weak _DYNAMIC\n"
+".hidden _DYNAMIC\n"
+".align 2\n"
+"1: .word _DYNAMIC-2b\n"
+);
+
+#endif
\ No newline at end of file
diff --git a/thirdparty/open_source/musl/libc/arch/generic/bits/fcntl.h b/thirdparty/open_source/musl/libc/arch/generic/bits/fcntl.h
index ae233cc..730a98c 100644
--- a/thirdparty/open_source/musl/libc/arch/generic/bits/fcntl.h
+++ b/thirdparty/open_source/musl/libc/arch/generic/bits/fcntl.h
@@ -30,9 +30,15 @@
#define F_SETSIG 10
#define F_GETSIG 11
+#if __LONG_MAX == 0x7fffffffL
#define F_GETLK 12
#define F_SETLK 13
#define F_SETLKW 14
+#else
+#define F_GETLK 5
+#define F_SETLK 6
+#define F_SETLKW 7
+#endif
#define F_SETOWN_EX 15
#define F_GETOWN_EX 16
diff --git a/thirdparty/open_source/musl/libc/arch/generic/bits/shm.h b/thirdparty/open_source/musl/libc/arch/generic/bits/shm.h
index 8d19378..da07a2a 100644
--- a/thirdparty/open_source/musl/libc/arch/generic/bits/shm.h
+++ b/thirdparty/open_source/musl/libc/arch/generic/bits/shm.h
@@ -1,4 +1,4 @@
-#define SHMLBA 4096
+#define SHMLBA (4*4096)
struct shmid_ds {
struct ipc_perm shm_perm;
diff --git a/thirdparty/open_source/musl/libc/arpa/inet.h b/thirdparty/open_source/musl/libc/arpa/inet.h
index 37f8c11..9d20a15 100644
--- a/thirdparty/open_source/musl/libc/arpa/inet.h
+++ b/thirdparty/open_source/musl/libc/arpa/inet.h
@@ -24,11 +24,6 @@ struct in_addr inet_makeaddr(in_addr_t, in_addr_t);
in_addr_t inet_lnaof(struct in_addr);
in_addr_t inet_netof(struct in_addr);
-#undef INET_ADDRSTRLEN
-#undef INET6_ADDRSTRLEN
-#define INET_ADDRSTRLEN 16
-#define INET6_ADDRSTRLEN 46
-
#ifdef __cplusplus
}
#endif
diff --git a/thirdparty/open_source/musl/libc/ctype.h b/thirdparty/open_source/musl/libc/ctype.h
index 7936536..fe72b3f 100644
--- a/thirdparty/open_source/musl/libc/ctype.h
+++ b/thirdparty/open_source/musl/libc/ctype.h
@@ -64,7 +64,14 @@ int isascii(int);
int toascii(int);
#define _tolower(a) ((a)|0x20)
#define _toupper(a) ((a)&0x5f)
+#ifndef __cplusplus
#define isascii(a) (0 ? isascii(a) : (unsigned)(a) < 128)
+#endif
+
+#include <stdint.h>
+
+const int32_t **__ctype_tolower_loc(void);
+const int32_t **__ctype_toupper_loc(void);
#endif
diff --git a/thirdparty/open_source/musl/libc/elf.h b/thirdparty/open_source/musl/libc/elf.h
index 549f92c..86e2f0b 100644
--- a/thirdparty/open_source/musl/libc/elf.h
+++ b/thirdparty/open_source/musl/libc/elf.h
@@ -603,6 +603,7 @@ typedef struct {
#define PT_GNU_EH_FRAME 0x6474e550
#define PT_GNU_STACK 0x6474e551
#define PT_GNU_RELRO 0x6474e552
+#define PT_GNU_PROPERTY 0x6474e553
#define PT_LOSUNW 0x6ffffffa
#define PT_SUNWBSS 0x6ffffffa
#define PT_SUNWSTACK 0x6ffffffb
@@ -685,6 +686,8 @@ typedef struct {
#define NT_ARM_PAC_MASK 0x406
#define NT_ARM_PACA_KEYS 0x407
#define NT_ARM_PACG_KEYS 0x408
+#define NT_ARM_TAGGED_ADDR_CTRL 0x409
+#define NT_ARM_PAC_ENABLED_KEYS 0x40a
#define NT_METAG_CBUF 0x500
#define NT_METAG_RPIPE 0x501
#define NT_METAG_TLS 0x502
@@ -1085,6 +1088,7 @@ typedef struct {
#define NT_GNU_BUILD_ID 3
#define NT_GNU_GOLD_VERSION 4
+#define NT_GNU_PROPERTY_TYPE_0 5
diff --git a/thirdparty/open_source/musl/libc/float.h b/thirdparty/open_source/musl/libc/float.h
new file mode 100644
index 0000000..713aadb
--- /dev/null
+++ b/thirdparty/open_source/musl/libc/float.h
@@ -0,0 +1,52 @@
+#ifndef _FLOAT_H
+#define _FLOAT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int __flt_rounds(void);
+#define FLT_ROUNDS (__flt_rounds())
+
+#define FLT_RADIX 2
+
+#define FLT_TRUE_MIN 1.40129846432481707092e-45F
+#define FLT_MIN 1.17549435082228750797e-38F
+#define FLT_MAX 3.40282346638528859812e+38F
+#define FLT_EPSILON 1.1920928955078125e-07F
+
+#define FLT_MANT_DIG 24
+#define FLT_MIN_EXP (-125)
+#define FLT_MAX_EXP 128
+#define FLT_HAS_SUBNORM 1
+
+#define FLT_DIG 6
+#define FLT_DECIMAL_DIG 9
+#define FLT_MIN_10_EXP (-37)
+#define FLT_MAX_10_EXP 38
+
+#define DBL_TRUE_MIN 4.94065645841246544177e-324
+#define DBL_MIN 2.22507385850720138309e-308
+#define DBL_MAX 1.79769313486231570815e+308
+#define DBL_EPSILON 2.22044604925031308085e-16
+
+#define DBL_MANT_DIG 53
+#define DBL_MIN_EXP (-1021)
+#define DBL_MAX_EXP 1024
+#define DBL_HAS_SUBNORM 1
+
+#define DBL_DIG 15
+#define DBL_DECIMAL_DIG 17
+#define DBL_MIN_10_EXP (-307)
+#define DBL_MAX_10_EXP 308
+
+#define LDBL_HAS_SUBNORM 1
+#define LDBL_DECIMAL_DIG DECIMAL_DIG
+
+#include <bits/float.h>
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/thirdparty/open_source/musl/libc/limits.h b/thirdparty/open_source/musl/libc/limits.h
index c9794bb..53a27b9 100644
--- a/thirdparty/open_source/musl/libc/limits.h
+++ b/thirdparty/open_source/musl/libc/limits.h
@@ -37,6 +37,8 @@
#if defined(_POSIX_SOURCE) || defined(_POSIX_C_SOURCE) \
|| defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) || defined(_BSD_SOURCE)
+#include <bits/limits.h>
+
#define PIPE_BUF 4096
#define FILESIZEBITS 64
#ifndef NAME_MAX
diff --git a/thirdparty/open_source/musl/libc/locale.h b/thirdparty/open_source/musl/libc/locale.h
index ce38438..11106fe 100644
--- a/thirdparty/open_source/musl/libc/locale.h
+++ b/thirdparty/open_source/musl/libc/locale.h
@@ -7,7 +7,9 @@ extern "C" {
#include <features.h>
-#ifdef __cplusplus
+#if __cplusplus >= 201103L
+#define NULL nullptr
+#elif defined(__cplusplus)
#define NULL 0L
#else
#define NULL ((void*)0)
diff --git a/thirdparty/open_source/musl/libc/netinet/in.h b/thirdparty/open_source/musl/libc/netinet/in.h
index 5b8b21e..fb628b6 100644
--- a/thirdparty/open_source/musl/libc/netinet/in.h
+++ b/thirdparty/open_source/musl/libc/netinet/in.h
@@ -48,6 +48,7 @@ struct ipv6_mreq {
#define INADDR_BROADCAST ((in_addr_t) 0xffffffff)
#define INADDR_NONE ((in_addr_t) 0xffffffff)
#define INADDR_LOOPBACK ((in_addr_t) 0x7f000001)
+#define INADDR_DUMMY ((in_addr_t) 0xc0000008)
#define INADDR_UNSPEC_GROUP ((in_addr_t) 0xe0000000)
#define INADDR_ALLHOSTS_GROUP ((in_addr_t) 0xe0000001)
@@ -60,8 +61,6 @@ struct ipv6_mreq {
extern const struct in6_addr in6addr_any, in6addr_loopback;
-#undef INET_ADDRSTRLEN
-#undef INET6_ADDRSTRLEN
#define INET_ADDRSTRLEN 16
#define INET6_ADDRSTRLEN 46
@@ -103,8 +102,10 @@ uint16_t ntohs(uint16_t);
#define IPPROTO_MH 135
#define IPPROTO_UDPLITE 136
#define IPPROTO_MPLS 137
+#define IPPROTO_ETHERNET 143
#define IPPROTO_RAW 255
-#define IPPROTO_MAX 256
+#define IPPROTO_MPTCP 262
+#define IPPROTO_MAX 263
#define IN6_IS_ADDR_UNSPECIFIED(a) \
(((uint32_t *) (a))[0] == 0 && ((uint32_t *) (a))[1] == 0 && \
@@ -202,6 +203,7 @@ uint16_t ntohs(uint16_t);
#define IP_CHECKSUM 23
#define IP_BIND_ADDRESS_NO_PORT 24
#define IP_RECVFRAGSIZE 25
+#define IP_RECVERR_RFC4884 26
#define IP_MULTICAST_IF 32
#define IP_MULTICAST_TTL 33
#define IP_MULTICAST_LOOP 34
diff --git a/thirdparty/open_source/musl/libc/netinet/tcp.h b/thirdparty/open_source/musl/libc/netinet/tcp.h
index 44a007a..fad1d84 100644
--- a/thirdparty/open_source/musl/libc/netinet/tcp.h
+++ b/thirdparty/open_source/musl/libc/netinet/tcp.h
@@ -78,6 +78,10 @@ enum {
TCP_NLA_DSACK_DUPS,
TCP_NLA_REORD_SEEN,
TCP_NLA_SRTT,
+ TCP_NLA_TIMEOUT_REHASH,
+ TCP_NLA_BYTES_NOTSENT,
+ TCP_NLA_EDT,
+ TCP_NLA_TTL,
};
#if defined(_GNU_SOURCE) || defined(_BSD_SOURCE)
@@ -181,6 +185,13 @@ struct tcphdr {
#define TCP_CA_Recovery 3
#define TCP_CA_Loss 4
+enum tcp_fastopen_client_fail {
+ TFO_STATUS_UNSPEC,
+ TFO_COOKIE_UNAVAILABLE,
+ TFO_DATA_NOT_ACKED,
+ TFO_SYN_RETRANSMITTED,
+};
+
struct tcp_info {
uint8_t tcpi_state;
uint8_t tcpi_ca_state;
@@ -189,7 +200,7 @@ struct tcp_info {
uint8_t tcpi_backoff;
uint8_t tcpi_options;
uint8_t tcpi_snd_wscale : 4, tcpi_rcv_wscale : 4;
- uint8_t tcpi_delivery_rate_app_limited : 1;
+ uint8_t tcpi_delivery_rate_app_limited : 1, tcpi_fastopen_client_fail : 2;
uint32_t tcpi_rto;
uint32_t tcpi_ato;
uint32_t tcpi_snd_mss;
@@ -240,14 +251,15 @@ struct tcp_info {
#define TCP_MD5SIG_MAXKEYLEN 80
-#define TCP_MD5SIG_FLAG_PREFIX 1
+#define TCP_MD5SIG_FLAG_PREFIX 0x1
+#define TCP_MD5SIG_FLAG_IFINDEX 0x2
struct tcp_md5sig {
struct sockaddr_storage tcpm_addr;
uint8_t tcpm_flags;
uint8_t tcpm_prefixlen;
uint16_t tcpm_keylen;
- uint32_t __tcpm_pad;
+ int tcpm_ifindex;
uint8_t tcpm_key[TCP_MD5SIG_MAXKEYLEN];
};
@@ -271,10 +283,21 @@ struct tcp_repair_window {
uint32_t rcv_wup;
};
+#define TCP_RECEIVE_ZEROCOPY_FLAG_TLB_CLEAN_HINT 0x1
+
struct tcp_zerocopy_receive {
uint64_t address;
uint32_t length;
uint32_t recv_skip_hint;
+ uint32_t inq;
+ int32_t err;
+ uint64_t copybuf_address;
+ int32_t copybuf_len;
+ uint32_t flags;
+ uint64_t msg_control;
+ uint64_t msg_controllen;
+ uint32_t msg_flags;
+ uint32_t reserved;
};
#endif
diff --git a/thirdparty/open_source/musl/libc/nl_types.h b/thirdparty/open_source/musl/libc/nl_types.h
new file mode 100644
index 0000000..7c2d48e
--- /dev/null
+++ b/thirdparty/open_source/musl/libc/nl_types.h
@@ -0,0 +1,22 @@
+#ifndef _NL_TYPES_H
+#define _NL_TYPES_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define NL_SETD 1
+#define NL_CAT_LOCALE 1
+
+typedef int nl_item;
+typedef void *nl_catd;
+
+nl_catd catopen (const char *, int);
+char *catgets (nl_catd, int, int, const char *);
+int catclose (nl_catd);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/thirdparty/open_source/musl/libc/pthread.h b/thirdparty/open_source/musl/libc/pthread.h
index 22120b0..77f0017 100644
--- a/thirdparty/open_source/musl/libc/pthread.h
+++ b/thirdparty/open_source/musl/libc/pthread.h
@@ -6,6 +6,24 @@ extern "C" {
#include <features.h>
+/* Musl did not provide the "owner" marco directly,
+ * so users can not access the mutex-owner-ID.
+ * Thus we added this macro for getting the owner-ID
+ * of the mutex. */
+#define MUTEX_OWNER (__u.__vi[1] & 0x7fffffff)
+
+/* These macros provides macros for accessing inner
+ * attributes of the pthread_mutex_t struct.
+ * It is intened for solving the compiling failure
+ * of Dopra codes which claims that .__data.* realm
+ * can not be found in pthread_mutex_t. */
+#define MUTEX_TYPE __u.__i[0]
+#define MUTEX_LOCK __u.__vi[1]
+#define MUTEX_WAITERS __u.__vi[2]
+#define MUTEX_PREV __u.__p[3]
+#define MUTEX_NEXT __u.__p[4]
+#define MUTEX_COUNT __u.__i[5]
+
#define __NEED_time_t
#define __NEED_clockid_t
#define __NEED_struct_timespec
@@ -76,6 +94,9 @@ extern "C" {
#define PTHREAD_BARRIER_SERIAL_THREAD (-1)
+#define PTHREAD_NULL ((pthread_t)0)
+
+
int pthread_create(pthread_t *__restrict, const pthread_attr_t *__restrict, void *(*)(void *), void *__restrict);
int pthread_detach(pthread_t);
_Noreturn void pthread_exit(void *);
@@ -221,6 +242,7 @@ int pthread_getaffinity_np(pthread_t, size_t, struct cpu_set_t *);
int pthread_setaffinity_np(pthread_t, size_t, const struct cpu_set_t *);
int pthread_getattr_np(pthread_t, pthread_attr_t *);
int pthread_setname_np(pthread_t, const char *);
+int pthread_getname_np(pthread_t, char *, size_t);
int pthread_getattr_default_np(pthread_attr_t *);
int pthread_setattr_default_np(const pthread_attr_t *);
int pthread_tryjoin_np(pthread_t, void **);
diff --git a/thirdparty/open_source/musl/libc/sched.h b/thirdparty/open_source/musl/libc/sched.h
index 822f464..fda4b48 100644
--- a/thirdparty/open_source/musl/libc/sched.h
+++ b/thirdparty/open_source/musl/libc/sched.h
@@ -49,6 +49,7 @@ int sched_yield(void);
#ifdef _GNU_SOURCE
#define CSIGNAL 0x000000ff
+#define CLONE_NEWTIME 0x00000080
#define CLONE_VM 0x00000100
#define CLONE_FS 0x00000200
#define CLONE_FILES 0x00000400
diff --git a/thirdparty/open_source/musl/libc/setjmp.h b/thirdparty/open_source/musl/libc/setjmp.h
index 2d43abf..1976af2 100644
--- a/thirdparty/open_source/musl/libc/setjmp.h
+++ b/thirdparty/open_source/musl/libc/setjmp.h
@@ -15,25 +15,33 @@ typedef struct __jmp_buf_tag {
unsigned long __ss[128/sizeof(long)];
} jmp_buf[1];
+#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 1)
+#define __setjmp_attr __attribute__((__returns_twice__))
+#else
+#define __setjmp_attr
+#endif
+
#if defined(_POSIX_SOURCE) || defined(_POSIX_C_SOURCE) \
|| defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) \
|| defined(_BSD_SOURCE)
typedef jmp_buf sigjmp_buf;
-int sigsetjmp (sigjmp_buf, int);
+int sigsetjmp (sigjmp_buf, int) __setjmp_attr;
_Noreturn void siglongjmp (sigjmp_buf, int);
#endif
#if defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) \
|| defined(_BSD_SOURCE)
-int _setjmp (jmp_buf);
+int _setjmp (jmp_buf) __setjmp_attr;
_Noreturn void _longjmp (jmp_buf, int);
#endif
-int setjmp (jmp_buf);
+int setjmp (jmp_buf) __setjmp_attr;
_Noreturn void longjmp (jmp_buf, int);
#define setjmp setjmp
+#undef __setjmp_attr
+
#ifdef __cplusplus
}
#endif
diff --git a/thirdparty/open_source/musl/libc/signal.h b/thirdparty/open_source/musl/libc/signal.h
index fbdf667..c347f86 100644
--- a/thirdparty/open_source/musl/libc/signal.h
+++ b/thirdparty/open_source/musl/libc/signal.h
@@ -75,6 +75,8 @@ typedef struct sigaltstack stack_t;
#define SEGV_ACCERR 2
#define SEGV_BNDERR 3
#define SEGV_PKUERR 4
+#define SEGV_MTEAERR 8
+#define SEGV_MTESERR 9
#define BUS_ADRALN 1
#define BUS_ADRERR 2
@@ -176,18 +178,31 @@ struct sigaction {
#define sa_handler __sa_handler.sa_handler
#define sa_sigaction __sa_handler.sa_sigaction
+#define SA_UNSUPPORTED 0x00000400
+#define SA_EXPOSE_TAGBITS 0x00000800
+
struct sigevent {
union sigval sigev_value;
int sigev_signo;
int sigev_notify;
- void (*sigev_notify_function)(union sigval);
- pthread_attr_t *sigev_notify_attributes;
- char __pad[56-3*sizeof(long)];
+ union {
+ char __pad[64 - 2*sizeof(int) - sizeof(union sigval)];
+ pid_t sigev_notify_thread_id;
+ struct {
+ void (*sigev_notify_function)(union sigval);
+ pthread_attr_t *sigev_notify_attributes;
+ } __sev_thread;
+ } __sev_fields;
};
+#define sigev_notify_thread_id __sev_fields.sigev_notify_thread_id
+#define sigev_notify_function __sev_fields.__sev_thread.sigev_notify_function
+#define sigev_notify_attributes __sev_fields.__sev_thread.sigev_notify_attributes
+
#define SIGEV_SIGNAL 0
#define SIGEV_NONE 1
#define SIGEV_THREAD 2
+#define SIGEV_THREAD_ID 4
int __libc_current_sigrtmin(void);
int __libc_current_sigrtmax(void);
@@ -249,6 +264,9 @@ void (*sigset(int, void (*)(int)))(int);
#if defined(_BSD_SOURCE) || defined(_GNU_SOURCE)
#define NSIG _NSIG
typedef void (*sig_t)(int);
+
+#define SYS_SECCOMP 1
+#define SYS_USER_DISPATCH 2
#endif
#ifdef _GNU_SOURCE
diff --git a/thirdparty/open_source/musl/libc/stddef.h b/thirdparty/open_source/musl/libc/stddef.h
index 4a914ee..f25b863 100644
--- a/thirdparty/open_source/musl/libc/stddef.h
+++ b/thirdparty/open_source/musl/libc/stddef.h
@@ -1,13 +1,13 @@
#ifndef _STDDEF_H
#define _STDDEF_H
-#ifndef NULL
-#ifdef __cplusplus
+#if __cplusplus >= 201103L
+#define NULL nullptr
+#elif defined(__cplusplus)
#define NULL 0L
#else
#define NULL ((void*)0)
#endif
-#endif
#define __NEED_ptrdiff_t
#define __NEED_size_t
diff --git a/thirdparty/open_source/musl/libc/stdio.h b/thirdparty/open_source/musl/libc/stdio.h
index 3604198..d1ed01f 100644
--- a/thirdparty/open_source/musl/libc/stdio.h
+++ b/thirdparty/open_source/musl/libc/stdio.h
@@ -25,7 +25,9 @@ extern "C" {
#include <bits/alltypes.h>
-#ifdef __cplusplus
+#if __cplusplus >= 201103L
+#define NULL nullptr
+#elif defined(__cplusplus)
#define NULL 0L
#else
#define NULL ((void*)0)
diff --git a/thirdparty/open_source/musl/libc/stdlib.h b/thirdparty/open_source/musl/libc/stdlib.h
index 194c203..622002d 100644
--- a/thirdparty/open_source/musl/libc/stdlib.h
+++ b/thirdparty/open_source/musl/libc/stdlib.h
@@ -7,7 +7,9 @@ extern "C" {
#include <features.h>
-#ifdef __cplusplus
+#if __cplusplus >= 201103L
+#define NULL nullptr
+#elif defined(__cplusplus)
#define NULL 0L
#else
#define NULL ((void*)0)
@@ -36,6 +38,7 @@ int rand (void);
void srand (unsigned);
void *malloc (size_t);
+void *malloc_coherent(size_t n);
void *calloc (size_t, size_t);
void *realloc (void *, size_t);
void free (void *);
@@ -145,6 +148,8 @@ int getloadavg(double *, int);
int clearenv(void);
#define WCOREDUMP(s) ((s) & 0x80)
#define WIFCONTINUED(s) ((s) == 0xffff)
+void *reallocarray (void *, size_t, size_t);
+void qsort_r (void *, size_t, size_t, int (*)(const void *, const void *, void *), void *);
#endif
#ifdef _GNU_SOURCE
diff --git a/thirdparty/open_source/musl/libc/string.h b/thirdparty/open_source/musl/libc/string.h
index 795a2ab..43ad094 100644
--- a/thirdparty/open_source/musl/libc/string.h
+++ b/thirdparty/open_source/musl/libc/string.h
@@ -7,7 +7,9 @@ extern "C" {
#include <features.h>
-#ifdef __cplusplus
+#if __cplusplus >= 201103L
+#define NULL nullptr
+#elif defined(__cplusplus)
#define NULL 0L
#else
#define NULL ((void*)0)
diff --git a/thirdparty/open_source/musl/libc/sys/fcntl.h b/thirdparty/open_source/musl/libc/sys/fcntl.h
new file mode 100644
index 0000000..3dd928e
--- /dev/null
+++ b/thirdparty/open_source/musl/libc/sys/fcntl.h
@@ -0,0 +1,2 @@
+#warning redirecting incorrect #include <sys/fcntl.h> to <fcntl.h>
+#include <fcntl.h>
diff --git a/thirdparty/open_source/musl/libc/sys/ioctl.h b/thirdparty/open_source/musl/libc/sys/ioctl.h
index c2ce3b4..a9a2346 100644
--- a/thirdparty/open_source/musl/libc/sys/ioctl.h
+++ b/thirdparty/open_source/musl/libc/sys/ioctl.h
@@ -4,6 +4,8 @@
extern "C" {
#endif
+#define __NEED_struct_winsize
+
#include <bits/alltypes.h>
#include <bits/ioctl.h>
@@ -47,13 +49,6 @@ extern "C" {
#define TIOCSER_TEMT 1
-struct winsize {
- unsigned short ws_row;
- unsigned short ws_col;
- unsigned short ws_xpixel;
- unsigned short ws_ypixel;
-};
-
#define SIOCADDRT 0x890B
#define SIOCDELRT 0x890C
#define SIOCRTMSG 0x890D
diff --git a/thirdparty/open_source/musl/libc/sys/mman.h b/thirdparty/open_source/musl/libc/sys/mman.h
index 105af9d..80a3baa 100644
--- a/thirdparty/open_source/musl/libc/sys/mman.h
+++ b/thirdparty/open_source/musl/libc/sys/mman.h
@@ -20,7 +20,6 @@ extern "C" {
#define MAP_SHARED 0x01
#define MAP_PRIVATE 0x02
-#define MAP_RESERVE 0x04
#define MAP_SHARED_VALIDATE 0x03
#define MAP_TYPE 0x0f
#define MAP_FIXED 0x10
@@ -41,6 +40,7 @@ extern "C" {
#define MAP_HUGE_SHIFT 26
#define MAP_HUGE_MASK 0x3f
+#define MAP_HUGE_16KB (14 << 26)
#define MAP_HUGE_64KB (16 << 26)
#define MAP_HUGE_512KB (19 << 26)
#define MAP_HUGE_1MB (20 << 26)
@@ -102,6 +102,7 @@ extern "C" {
#ifdef _GNU_SOURCE
#define MREMAP_MAYMOVE 1
#define MREMAP_FIXED 2
+#define MREMAP_DONTUNMAP 4
#define MLOCK_ONFAULT 0x01
@@ -113,7 +114,7 @@ extern "C" {
#include <bits/mman.h>
void *mmap (void *, size_t, int, int, int, off_t);
-int munmap (const void *, size_t);
+int munmap (void *, size_t);
int mprotect (void *, size_t, int);
int msync (void *, size_t, int);
diff --git a/thirdparty/open_source/musl/libc/sys/socket.h b/thirdparty/open_source/musl/libc/sys/socket.h
index 38f5bb1..6dc1e40 100644
--- a/thirdparty/open_source/musl/libc/sys/socket.h
+++ b/thirdparty/open_source/musl/libc/sys/socket.h
@@ -289,6 +289,8 @@ struct linger {
#define SCM_TXTIME SO_TXTIME
#define SO_BINDTOIFINDEX 62
#define SO_DETACH_REUSEPORT_BPF 68
+#define SO_PREFER_BUSY_POLL 69
+#define SO_BUSY_POLL_BUDGET 70
#ifndef SOL_SOCKET
#define SOL_SOCKET 1
diff --git a/thirdparty/open_source/musl/libc/time.h b/thirdparty/open_source/musl/libc/time.h
index 1b18024..3d94837 100644
--- a/thirdparty/open_source/musl/libc/time.h
+++ b/thirdparty/open_source/musl/libc/time.h
@@ -7,13 +7,13 @@ extern "C" {
#include <features.h>
-#ifndef NULL
-#ifdef __cplusplus
+#if __cplusplus >= 201103L
+#define NULL nullptr
+#elif defined(__cplusplus)
#define NULL 0L
#else
#define NULL ((void*)0)
#endif
-#endif
#define __NEED_size_t
diff --git a/thirdparty/open_source/musl/libc/unistd.h b/thirdparty/open_source/musl/libc/unistd.h
index 7bcbff9..212263a 100644
--- a/thirdparty/open_source/musl/libc/unistd.h
+++ b/thirdparty/open_source/musl/libc/unistd.h
@@ -14,8 +14,12 @@ extern "C" {
#define SEEK_SET 0
#define SEEK_CUR 1
#define SEEK_END 2
+#define SEEK_DATA 3
+#define SEEK_HOLE 4
-#ifdef __cplusplus
+#if __cplusplus >= 201103L
+#define NULL nullptr
+#elif defined(__cplusplus)
#define NULL 0L
#else
#define NULL ((void*)0)
@@ -82,6 +86,7 @@ unsigned sleep(unsigned);
int pause(void);
pid_t fork(void);
+pid_t _Fork(void);
int execve(const char *, char *const [], char *const []);
int execv(const char *, char *const []);
int execle(const char *, const char *, ...);
@@ -190,6 +195,7 @@ int syncfs(int);
int euidaccess(const char *, int);
int eaccess(const char *, int);
ssize_t copy_file_range(int, off_t *, int, off_t *, size_t, unsigned);
+pid_t gettid(void);
#endif
#if defined(_LARGEFILE64_SOURCE) || defined(_GNU_SOURCE)
diff --git a/thirdparty/open_source/musl/libc/wchar.h b/thirdparty/open_source/musl/libc/wchar.h
index 88eb55b..ed5d774 100644
--- a/thirdparty/open_source/musl/libc/wchar.h
+++ b/thirdparty/open_source/musl/libc/wchar.h
@@ -38,7 +38,9 @@ extern "C" {
#define WCHAR_MIN (-1-0x7fffffff+L'\0')
#endif
-#ifdef __cplusplus
+#if __cplusplus >= 201103L
+#define NULL nullptr
+#elif defined(__cplusplus)
#define NULL 0L
#else
#define NULL ((void*)0)
diff --git a/include/TA/openssl/crypto/asn1.h b/thirdparty/open_source/openssl/crypto/asn1.h
similarity index 97%
rename from include/TA/openssl/crypto/asn1.h
rename to thirdparty/open_source/openssl/crypto/asn1.h
index 9c28a7d..9c9b4d8 100644
--- a/include/TA/openssl/crypto/asn1.h
+++ b/thirdparty/open_source/openssl/crypto/asn1.h
@@ -92,9 +92,6 @@ extern const EVP_PKEY_ASN1_METHOD siphash_asn1_meth;
# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */
# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */
-#ifndef OPENSSL_NO_CRL_MEMPOOL
-# define ASN1_OBJECT_FLAG_MEMPOOL 0x1000/* internal use*/
-#endif
struct asn1_object_st {
const char *sn, *ln;
int nid;
diff --git a/include/TA/openssl/crypto/bn.h b/thirdparty/open_source/openssl/crypto/bn.h
similarity index 100%
rename from include/TA/openssl/crypto/bn.h
rename to thirdparty/open_source/openssl/crypto/bn.h
diff --git a/include/TA/openssl/crypto/ec.h b/thirdparty/open_source/openssl/crypto/ec.h
similarity index 91%
rename from include/TA/openssl/crypto/ec.h
rename to thirdparty/open_source/openssl/crypto/ec.h
index 184c5c1..fe52ae7 100644
--- a/include/TA/openssl/crypto/ec.h
+++ b/thirdparty/open_source/openssl/crypto/ec.h
@@ -49,11 +49,5 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
const unsigned char *sinfo, size_t sinfolen,
const EVP_MD *md);
-/*-
- * Checking for Elliptic Curve types that do not support signatures for fips 140-3
- */
-#ifndef OPENSSL_NO_FIPS
-int fips_check_ecdsa_curve_type(int nid);
-#endif
# endif /* OPENSSL_NO_EC */
#endif
diff --git a/include/TA/openssl/crypto/err.h b/thirdparty/open_source/openssl/crypto/err.h
similarity index 100%
rename from include/TA/openssl/crypto/err.h
rename to thirdparty/open_source/openssl/crypto/err.h
diff --git a/include/TA/openssl/internal/bio.h b/thirdparty/open_source/openssl/internal/bio.h
similarity index 82%
rename from include/TA/openssl/internal/bio.h
rename to thirdparty/open_source/openssl/internal/bio.h
index 51b991d..c343b27 100644
--- a/include/TA/openssl/internal/bio.h
+++ b/thirdparty/open_source/openssl/internal/bio.h
@@ -27,13 +27,7 @@ struct bio_method_st {
void bio_free_ex_data(BIO *bio);
void bio_cleanup(void);
-#ifndef OPENSSL_NO_DTO
-#define BIO_set_dto_key(b, keyblob, type) \
- BIO_ctrl(b, BIO_CTRL_SET_DTO_KEY, type, keyblob)
-#define BIO_set_dto_epoch_sequence(b, keyblob) \
- BIO_ctrl(b, BIO_CTRL_SET_DTO_EPOCH_SEQUENCE, 0, keyblob)
-#endif
/* Old style to new style BIO_METHOD conversion functions */
int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written);
int bread_conv(BIO *bio, char *data, size_t datal, size_t *read);
diff --git a/include/TA/openssl/openssl/asn1.h b/thirdparty/open_source/openssl/openssl/asn1.h
similarity index 99%
rename from include/TA/openssl/openssl/asn1.h
rename to thirdparty/open_source/openssl/openssl/asn1.h
index fbf8373..9522eec 100644
--- a/include/TA/openssl/openssl/asn1.h
+++ b/thirdparty/open_source/openssl/openssl/asn1.h
@@ -248,12 +248,6 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
type *name##_new(void); \
void name##_free(type *a);
-# define DECLARE_ASN1_DUP_FUNCTION(type) \
- DECLARE_ASN1_DUP_FUNCTION_name(type, type)
-
-# define DECLARE_ASN1_DUP_FUNCTION_name(type, name) \
- type *name##_dup(type *a);
-
# define DECLARE_ASN1_PRINT_FUNCTION(stname) \
DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
@@ -668,6 +662,7 @@ BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a);
int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r);
+
int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai);
diff --git a/include/TA/openssl/openssl/asn1err.h b/thirdparty/open_source/openssl/openssl/asn1err.h
similarity index 100%
rename from include/TA/openssl/openssl/asn1err.h
rename to thirdparty/open_source/openssl/openssl/asn1err.h
diff --git a/include/TA/openssl/openssl/asn1t.h b/thirdparty/open_source/openssl/openssl/asn1t.h
similarity index 98%
rename from include/TA/openssl/openssl/asn1t.h
rename to thirdparty/open_source/openssl/openssl/asn1t.h
index 4c326ea..a450ba0 100644
--- a/include/TA/openssl/openssl/asn1t.h
+++ b/thirdparty/open_source/openssl/openssl/asn1t.h
@@ -860,23 +860,6 @@ typedef struct ASN1_STREAM_ARG_st {
ASN1_ITEM_rptr(stname)); \
}
-#ifndef OPENSSL_NO_TTO
-# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS(stname) \
- static int i2d_##stname(stname *a, unsigned char **out) \
- { \
- return ASN1_item_i2d((ASN1_VALUE *)a, out, \
- ASN1_ITEM_rptr(stname)); \
- }
-
-# define IMPLEMENT_ASN1_DECODE_FUNCTIONS(stname) \
- static stname *d2i_##stname(stname **a, \
- const unsigned char **in, long len) \
- { \
- return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \
- ASN1_ITEM_rptr(stname)); \
- }
-#endif
-
/*
* This includes evil casts to remove const: they will go away when full ASN1
* constification is done.
diff --git a/include/TA/openssl/openssl/bio.h b/thirdparty/open_source/openssl/openssl/bio.h
similarity index 98%
rename from include/TA/openssl/openssl/bio.h
rename to thirdparty/open_source/openssl/openssl/bio.h
index 3f68687..ae559a5 100644
--- a/include/TA/openssl/openssl/bio.h
+++ b/thirdparty/open_source/openssl/openssl/bio.h
@@ -140,17 +140,6 @@ extern "C" {
# endif
# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71
-# define BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY 77
-# define BIO_CTRL_DGRAM_SCTP_MSG_WAITING 78
-
-/* Negotiate with the SE (Chen Shengqi) to reserve the value before 1000 for the open-source community,
- * and use the value after 1000 for Huawei-developed features. */
-#ifndef OPENSSL_NO_DTO
-/* Export DTLS1.2 key information and epoch commands used by the BIO_set_dto macro */
-#define BIO_CTRL_SET_DTO_KEY 1001
-#define BIO_CTRL_SET_DTO_EPOCH_SEQUENCE 1002
-
-#endif
/* modifiers */
# define BIO_FP_READ 0x02
@@ -563,8 +552,6 @@ void BIO_set_data(BIO *a, void *ptr);
void *BIO_get_data(BIO *a);
void BIO_set_init(BIO *a, int init);
int BIO_get_init(BIO *a);
-void BIO_set_num(BIO *a, int num);
-int BIO_get_num(BIO *a);
void BIO_set_shutdown(BIO *a, int shut);
int BIO_get_shutdown(BIO *a);
void BIO_vfree(BIO *a);
@@ -773,6 +760,7 @@ ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0)));
# undef ossl_bio__attr__
# undef ossl_bio__printf__
+
BIO_METHOD *BIO_meth_new(int type, const char *name);
void BIO_meth_free(BIO_METHOD *biom);
int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int);
diff --git a/include/TA/openssl/openssl/bioerr.h b/thirdparty/open_source/openssl/openssl/bioerr.h
similarity index 100%
rename from include/TA/openssl/openssl/bioerr.h
rename to thirdparty/open_source/openssl/openssl/bioerr.h
diff --git a/include/TA/openssl/openssl/bn.h b/thirdparty/open_source/openssl/openssl/bn.h
similarity index 83%
rename from include/TA/openssl/openssl/bn.h
rename to thirdparty/open_source/openssl/openssl/bn.h
index 51fff4a..d877660 100644
--- a/include/TA/openssl/openssl/bn.h
+++ b/thirdparty/open_source/openssl/openssl/bn.h
@@ -11,7 +11,6 @@
#ifndef HEADER_BN_H
# define HEADER_BN_H
-#ifndef VPP_HICRYPTO_COMPILE
# include <openssl/e_os2.h>
# ifndef OPENSSL_NO_STDIO
# include <stdio.h>
@@ -20,35 +19,11 @@
# include <openssl/ossl_typ.h>
# include <openssl/crypto.h>
# include <openssl/bnerr.h>
-#else
-#include <limits.h>
-#include <hicrypto/crypto.h>
-#include <hicrypto/opensslconf.h>
-
-#ifndef OPENSSL_API_COMPAT
-#define OPENSSL_API_COMPAT 0x10100000L
-#endif
-
-/* Only one for the following should be defined */
-#cmakedefine SIXTY_FOUR_BIT_LONG
-#cmakedefine SIXTY_FOUR_BIT
-#cmakedefine THIRTY_TWO_BIT
-
-typedef struct bignum_st BIGNUM;
-typedef struct bignum_ctx BN_CTX;
-typedef struct bn_blinding_st BN_BLINDING;
-typedef struct bn_mont_ctx_st BN_MONT_CTX;
-typedef struct bn_recp_ctx_st BN_RECP_CTX;
-typedef struct bn_gencb_st BN_GENCB;
-#endif
#ifdef __cplusplus
extern "C" {
#endif
-#ifdef VPP_HICRYPTO_COMPILE
-# pragma GCC visibility push(default)
-#endif
/*
* 64-bit processor with LP64 ABI
*/
@@ -319,12 +294,10 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
int BN_mask_bits(BIGNUM *a, int n);
-#ifndef VPP_HICRYPTO_COMPILE
# ifndef OPENSSL_NO_STDIO
int BN_print_fp(FILE *fp, const BIGNUM *a);
# endif
int BN_print(BIO *bio, const BIGNUM *a);
-#endif
int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
int BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
int BN_rshift1(BIGNUM *r, const BIGNUM *a);
@@ -349,7 +322,6 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret,
void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
-#ifndef VPP_HICRYPTO_COMPILE
/* Deprecated versions */
DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
const BIGNUM *add,
@@ -366,7 +338,7 @@ DEPRECATEDIN_0_9_8(int
void (*callback) (int, int, void *),
BN_CTX *ctx, void *cb_arg,
int do_trial_division))
-#endif
+
/* Newer versions */
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
const BIGNUM *rem, BN_GENCB *cb);
@@ -394,13 +366,9 @@ int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
void BN_MONT_CTX_free(BN_MONT_CTX *mont);
int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx);
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
-#ifndef VPP_HICRYPTO_COMPILE
BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock,
const BIGNUM *mod, BN_CTX *ctx);
-#else
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRPT_THREAD_MUTEX *lock,
- const BIGNUM *mod, BN_CTX *ctx);
-#endif
+
/* BN_BLINDING flags */
# define BN_BLINDING_NO_UPDATE 0x00000001
# define BN_BLINDING_NO_RECREATE 0x00000002
@@ -430,11 +398,11 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
BN_CTX *ctx,
BN_MONT_CTX *m_ctx),
BN_MONT_CTX *m_ctx);
-#ifndef VPP_HICRYPTO_COMPILE
+
DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont))
DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3
* mont */
-#endif
+
BN_RECP_CTX *BN_RECP_CTX_new(void);
void BN_RECP_CTX_free(BN_RECP_CTX *recp);
int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
@@ -564,93 +532,6 @@ BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn);
int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
-#ifdef VPP_HICRYPTO_COMPILE
-/** Internal APIs */
-BIGNUM *bn_wexpand(BIGNUM *a, int words);
-BIGNUM *bn_expand2(BIGNUM *a, int words);
-
-void bn_correct_top(BIGNUM *a);
-
-int bn_get_top(const BIGNUM *a);
-
-int bn_get_dmax(const BIGNUM *a);
-
-/* Set all words to zero */
-void bn_set_all_zero(BIGNUM *a);
-
-/*
- * Copy the internal BIGNUM words into out which holds size elements (and size
- * must be bigger than top)
- */
-int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size);
-
-BN_ULONG *bn_get_words(const BIGNUM *a);
-
-/*
- * Set the internal data words in a to point to words which contains size
- * elements. The BN_FLG_STATIC_DATA flag is set
- */
-void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size);
-
-/*
- * Copy words into the BIGNUM |a|, reallocating space as necessary.
- * The negative flag of |a| is not modified.
- * Returns 1 on success and 0 on failure.
- */
-/*
- * |num_words| is int because bn_expand2 takes an int. This is an internal
- * function so we simply trust callers not to pass negative values.
- */
-int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
-
-/*
- * Some BIGNUM functions assume most significant limb to be non-zero, which
- * is customarily arranged by bn_correct_top. Output from below functions
- * is not processed with bn_correct_top, and for this reason it may not be
- * returned out of public API. It may only be passed internally into other
- * functions known to support non-minimal or zero-padded BIGNUMs. Even
- * though the goal is to facilitate constant-time-ness, not each subroutine
- * is constant-time by itself. They all have pre-conditions, consult source
- * code...
- */
-int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx);
-int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx);
-int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx);
-int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
-int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
-int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
-int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
-int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
-int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
-
-/*
- * BN reason codes.
- */
-#define BN_R_ARG2_LT_ARG3 100
-#define BN_R_BAD_RECIPROCAL 101
-#define BN_R_BIGNUM_TOO_LONG 114
-#define BN_R_BITS_TOO_SMALL 118
-#define BN_R_CALLED_WITH_EVEN_MODULUS 102
-#define BN_R_DIV_BY_ZERO 103
-#define BN_R_ENCODING_ERROR 104
-#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105
-#define BN_R_INPUT_NOT_REDUCED 110
-#define BN_R_INVALID_LENGTH 106
-#define BN_R_INVALID_RANGE 115
-#define BN_R_INVALID_SHIFT 119
-#define BN_R_NOT_A_SQUARE 111
-#define BN_R_NOT_INITIALIZED 107
-#define BN_R_NO_INVERSE 108
-#define BN_R_NO_SOLUTION 116
-#define BN_R_NO_SUITABLE_DIGEST 120
-#define BN_R_PRIVATE_KEY_TOO_LARGE 117
-#define BN_R_P_IS_NOT_PRIME 112
-#define BN_R_TOO_MANY_ITERATIONS 113
-#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109
-
-#pragma GCC visibility pop
-#endif
# ifdef __cplusplus
}
diff --git a/include/TA/openssl/openssl/bnerr.h b/thirdparty/open_source/openssl/openssl/bnerr.h
similarity index 100%
rename from include/TA/openssl/openssl/bnerr.h
rename to thirdparty/open_source/openssl/openssl/bnerr.h
diff --git a/include/TA/openssl/openssl/buffer.h b/thirdparty/open_source/openssl/openssl/buffer.h
similarity index 99%
rename from include/TA/openssl/openssl/buffer.h
rename to thirdparty/open_source/openssl/openssl/buffer.h
index 35a8503..d276576 100644
--- a/include/TA/openssl/openssl/buffer.h
+++ b/thirdparty/open_source/openssl/openssl/buffer.h
@@ -16,6 +16,7 @@
# endif
# include <openssl/buffererr.h>
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -50,6 +51,7 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len);
size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
+
# ifdef __cplusplus
}
# endif
diff --git a/include/TA/openssl/openssl/buffererr.h b/thirdparty/open_source/openssl/openssl/buffererr.h
similarity index 100%
rename from include/TA/openssl/openssl/buffererr.h
rename to thirdparty/open_source/openssl/openssl/buffererr.h
diff --git a/include/TA/openssl/openssl/cmac.h b/thirdparty/open_source/openssl/openssl/cmac.h
similarity index 100%
rename from include/TA/openssl/openssl/cmac.h
rename to thirdparty/open_source/openssl/openssl/cmac.h
diff --git a/include/TA/openssl/openssl/crypto.h b/thirdparty/open_source/openssl/openssl/crypto.h
similarity index 90%
rename from include/TA/openssl/openssl/crypto.h
rename to thirdparty/open_source/openssl/openssl/crypto.h
index 2b5c52a..7d0b526 100644
--- a/include/TA/openssl/openssl/crypto.h
+++ b/thirdparty/open_source/openssl/openssl/crypto.h
@@ -107,8 +107,7 @@ DEFINE_STACK_OF(void)
# define CRYPTO_EX_INDEX_APP 13
# define CRYPTO_EX_INDEX_UI_METHOD 14
# define CRYPTO_EX_INDEX_DRBG 15
-# define CRYPTO_EX_INDEX_SM9_KEY 16
-# define CRYPTO_EX_INDEX__COUNT 17
+# define CRYPTO_EX_INDEX__COUNT 16
/* No longer needed, so this is a no-op */
#define OPENSSL_malloc_init() while(0) continue
@@ -319,10 +318,6 @@ int CRYPTO_mem_leaks_fp(FILE *);
int CRYPTO_mem_leaks(BIO *bio);
# endif
-#ifndef OPENSSL_NO_CRL_MEMPOOL
-int CRYPT_init_memory_pool(int pool_size, int max_no_pool);
-#endif
-
/* die if we have to */
ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line);
# if OPENSSL_API_COMPAT < 0x10100000L
@@ -331,31 +326,11 @@ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line
# define OPENSSL_assert(e) \
(void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1))
-#if defined(OPENSSL_SYS_VXWORKS) && defined(OPENSSL_SYS_VXWORKS55)
-int CRYPTO_strncasecmp(unsigned char *a, unsigned char *b, size_t len);
-int CRYPTO_strcasecmp(unsigned char *a, unsigned char *b);
-
-#define strncasecmp(a,b,len) CRYPTO_strncasecmp((a), (b), (len))
-#define strcasecmp(a,b) CRYPTO_strcasecmp((a), (b))
-#endif
-
-#if !defined(OPENSSL_NO_NDCPP)
-#define NDCPP_MODE_OFF 0
-#define NDCPP_MODE_ON 1
-
-int NDCPP_mode(void);
-int NDCPP_mode_set(int r);
-#endif
-
int OPENSSL_isservice(void);
int FIPS_mode(void);
int FIPS_mode_set(int r);
-#ifndef OPENSSL_NO_FIPS
-int FIPS_selftest_result(int result);
-#endif
-
void OPENSSL_init(void);
# ifdef OPENSSL_SYS_UNIX
void OPENSSL_fork_prepare(void);
@@ -407,6 +382,7 @@ int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len);
| OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \
OPENSSL_INIT_ENGINE_PADLOCK)
+
/* Library initialisation functions */
void OPENSSL_cleanup(void);
int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
@@ -462,38 +438,6 @@ int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key);
CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void);
int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b);
-#ifndef OPENSSL_NO_ALT_MEMORY
-int CRYPTO_set_mem_functions_alt(
- void *(*m) (size_t, const char *, int),
- void *(*r) (void *, size_t, const char *, int),
- void (*f) (void *, const char *, int));
-
-void *CRYPTO_malloc_alt(size_t num, const char *file, int line);
-void *CRYPTO_zalloc_alt(size_t num, const char *file, int line);
-void *CRYPTO_realloc_alt(void *addr, size_t num, const char *file, int line);
-void CRYPTO_free_alt(void *ptr, const char *file, int line);
-
-#define OPENSSL_malloc_alt(num) \
- CRYPTO_malloc_alt((num), OPENSSL_FILE, OPENSSL_LINE)
-
-#define OPENSSL_realloc_alt(num) \
- CRYPTO_realloc_alt((num), OPENSSL_FILE, OPENSSL_LINE)
-
-#define OPENSSL_free_alt(num) \
- CRYPTO_free_alt((num), OPENSSL_FILE, OPENSSL_LINE)
-
-#define OPENSSL_zalloc_alt(num) \
- CRYPTO_zalloc_alt(num, OPENSSL_FILE, OPENSSL_LINE)
-
-#define SSLBUF_malloc(num) OPENSSL_malloc_alt(num)
-#define SSLBUF_free(num) OPENSSL_free_alt(num)
-
-#else
-
-#define SSLBUF_malloc(num) OPENSSL_malloc(num)
-#define SSLBUF_free(num) OPENSSL_free(num)
-
-#endif
# ifdef __cplusplus
}
diff --git a/include/TA/openssl/openssl/cryptoerr.h b/thirdparty/open_source/openssl/openssl/cryptoerr.h
similarity index 100%
rename from include/TA/openssl/openssl/cryptoerr.h
rename to thirdparty/open_source/openssl/openssl/cryptoerr.h
diff --git a/include/TA/openssl/openssl/dh.h b/thirdparty/open_source/openssl/openssl/dh.h
similarity index 98%
rename from include/TA/openssl/openssl/dh.h
rename to thirdparty/open_source/openssl/openssl/dh.h
index 352b37a..3527540 100644
--- a/include/TA/openssl/openssl/dh.h
+++ b/thirdparty/open_source/openssl/openssl/dh.h
@@ -30,11 +30,7 @@ extern "C" {
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
# endif
-# ifndef OPENSSL_NO_FIPS
- # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 2048
-#else
- # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
-#endif
+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
# define DH_FLAG_CACHE_MONT_P 0x01
@@ -229,6 +225,7 @@ int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
int DH_meth_set_generate_params(DH_METHOD *dhm,
int (*generate_params) (DH *, int, int, BN_GENCB *));
+
# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
@@ -335,6 +332,7 @@ int DH_meth_set_generate_params(DH_METHOD *dhm,
# define EVP_PKEY_DH_KDF_X9_42 2
# endif
+
# ifdef __cplusplus
}
# endif
diff --git a/include/TA/openssl/openssl/dsa.h b/thirdparty/open_source/openssl/openssl/dsa.h
similarity index 98%
rename from include/TA/openssl/openssl/dsa.h
rename to thirdparty/open_source/openssl/openssl/dsa.h
index 741fd4f..6d8a18a 100644
--- a/include/TA/openssl/openssl/dsa.h
+++ b/thirdparty/open_source/openssl/openssl/dsa.h
@@ -30,12 +30,7 @@ extern "C" {
# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
# endif
-#ifndef OPENSSL_NO_FIPS
-# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 2048
-# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_verify 512
-#else
# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
-#endif
# define DSA_FLAG_CACHE_MONT_P 0x01
# if OPENSSL_API_COMPAT < 0x10100000L
@@ -241,6 +236,7 @@ int DSA_meth_set_paramgen(DSA_METHOD *dsam,
int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *);
int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *));
+
# ifdef __cplusplus
}
# endif
diff --git a/include/TA/openssl/openssl/e_os2.h b/thirdparty/open_source/openssl/openssl/e_os2.h
similarity index 95%
rename from include/TA/openssl/openssl/e_os2.h
rename to thirdparty/open_source/openssl/openssl/e_os2.h
index 86c201e..5c88e51 100644
--- a/include/TA/openssl/openssl/e_os2.h
+++ b/thirdparty/open_source/openssl/openssl/e_os2.h
@@ -42,7 +42,7 @@ extern "C" {
* UEFI lives here because it might be built with a Microsoft toolchain and
* we need to avoid the false positive match on Windows.
*/
-# if defined(OPENSSL_SYS_UEFI) || defined(__UBOOT__)
+# if defined(OPENSSL_SYS_UEFI)
# undef OPENSSL_SYS_UNIX
# elif defined(OPENSSL_SYS_UWIN)
# undef OPENSSL_SYS_UNIX
@@ -212,7 +212,7 @@ extern "C" {
# ifndef ossl_ssize_t
# define ossl_ssize_t ssize_t
-# if defined(SSIZE_MAX) && !defined(OPENSSL_SYS_VXWORKS)
+# if defined(SSIZE_MAX)
# define OSSL_SSIZE_MAX SSIZE_MAX
# elif defined(_POSIX_SSIZE_MAX)
# define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX
@@ -237,9 +237,9 @@ typedef INT32 int32_t;
typedef UINT32 uint32_t;
typedef INT64 int64_t;
typedef UINT64 uint64_t;
-# elif !defined(OPENSSL_SYS_VXWORKS) && ((defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
+# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
defined(__osf__) || defined(__sgi) || defined(__hpux) || \
- defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__))
+ defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
# include <inttypes.h>
# elif defined(_MSC_VER) && _MSC_VER<1600
/*
@@ -254,15 +254,9 @@ typedef int int32_t;
typedef unsigned int uint32_t;
typedef __int64 int64_t;
typedef unsigned __int64 uint64_t;
-# elif defined(OPENSSL_SYS_VXWORKS) && !defined(VPP_CRYPTO_COMPILE)
-# define UINT16_MAX 0xffff
-# define INT16_MAX 0x7fff
-# include <sys/types.h>
# else
-# ifndef __NO_STDINTH__
# include <stdint.h>
# endif
-# endif
/* ossl_inline: portable inline definition usable in public headers */
# if !defined(inline) && !defined(__cplusplus)
diff --git a/include/TA/openssl/openssl/ec.h b/thirdparty/open_source/openssl/openssl/ec.h
similarity index 99%
rename from include/TA/openssl/openssl/ec.h
rename to thirdparty/open_source/openssl/openssl/ec.h
index 0c830ab..24baf53 100644
--- a/include/TA/openssl/openssl/ec.h
+++ b/thirdparty/open_source/openssl/openssl/ec.h
@@ -1104,7 +1104,7 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
# endif
-const EC_KEY_METHOD *EC_KEY_get_iso_15946_2_method(void);
+
const EC_KEY_METHOD *EC_KEY_OpenSSL(void);
const EC_KEY_METHOD *EC_KEY_get_default_method(void);
void EC_KEY_set_default_method(const EC_KEY_METHOD *meth);
@@ -1476,6 +1476,7 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
*/
# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63
+
# ifdef __cplusplus
}
# endif
diff --git a/include/TA/openssl/openssl/ecdsa.h b/thirdparty/open_source/openssl/openssl/ecdsa.h
similarity index 68%
rename from include/TA/openssl/openssl/ecdsa.h
rename to thirdparty/open_source/openssl/openssl/ecdsa.h
index a9aeb7c..681f3d5 100644
--- a/include/TA/openssl/openssl/ecdsa.h
+++ b/thirdparty/open_source/openssl/openssl/ecdsa.h
@@ -7,13 +7,4 @@
* https://www.openssl.org/source/license.html
*/
-#ifndef ECDSA_H
-# define ECDSA_H
#include <openssl/ec.h>
-
-#ifndef OPENSSL_NO_FIPS
-#define ECDSA_VERIFY_SIG_MIN_KEY_SIZE 160
-#define ECDSA_SIGN_SIG_MIN_KEY_SIZE 224
-#endif
-
-#endif // ECDSA_H
diff --git a/include/TA/openssl/openssl/ecerr.h b/thirdparty/open_source/openssl/openssl/ecerr.h
similarity index 98%
rename from include/TA/openssl/openssl/ecerr.h
rename to thirdparty/open_source/openssl/openssl/ecerr.h
index a796d22..5173811 100644
--- a/include/TA/openssl/openssl/ecerr.h
+++ b/thirdparty/open_source/openssl/openssl/ecerr.h
@@ -187,8 +187,6 @@ int ERR_load_EC_strings(void);
# define EC_F_OSSL_ECDH_COMPUTE_KEY 247
# define EC_F_OSSL_ECDSA_SIGN_SIG 249
# define EC_F_OSSL_ECDSA_VERIFY_SIG 250
-# define EC_F_OSSL_ECDSA_SIGN_SIG_ISO_15946_2 300
-# define EC_F_OSSL_ECDSA_VERIFY_SIG_ISO_15946_2 301
# define EC_F_PKEY_ECD_CTRL 271
# define EC_F_PKEY_ECD_DIGESTSIGN 272
# define EC_F_PKEY_ECD_DIGESTSIGN25519 276
@@ -202,7 +200,6 @@ int ERR_load_EC_strings(void);
# define EC_F_PKEY_EC_KEYGEN 199
# define EC_F_PKEY_EC_PARAMGEN 219
# define EC_F_PKEY_EC_SIGN 218
-# define EC_F_PKEY_EC_SM2DH_DERIVE 299
# define EC_F_VALIDATE_ECX_DERIVE 278
/*
@@ -274,9 +271,6 @@ int ERR_load_EC_strings(void);
# define EC_R_UNSUPPORTED_FIELD 131
# define EC_R_WRONG_CURVE_PARAMETERS 145
# define EC_R_WRONG_ORDER 130
-#ifndef OPENSSL_NO_FIPS
-# define EC_R_KEY_SIZE_INVALID 166
-#endif
# endif
#endif
diff --git a/include/TA/openssl/openssl/err.h b/thirdparty/open_source/openssl/openssl/err.h
similarity index 94%
rename from include/TA/openssl/openssl/err.h
rename to thirdparty/open_source/openssl/openssl/err.h
index cd219c7..b49f881 100644
--- a/include/TA/openssl/openssl/err.h
+++ b/thirdparty/open_source/openssl/openssl/err.h
@@ -95,11 +95,6 @@ typedef struct err_state_st {
# define ERR_LIB_ASYNC 51
# define ERR_LIB_KDF 52
# define ERR_LIB_SM2 53
-# define ERR_LIB_CRMF 56
-# define ERR_LIB_CMP 57
-# define ERR_LIB_SM9 58
-# define ERR_LIB_PQC 59
-# define ERR_LIB_PQC_HYBRID 60
# define ERR_LIB_USER 128
@@ -133,17 +128,12 @@ typedef struct err_state_st {
# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define CRMFerr(f,r) ERR_PUT_error(ERR_LIB_CRMF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define CMPerr(f,r) ERR_PUT_error(ERR_LIB_CMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define SM9err(f,r) ERR_PUT_error(ERR_LIB_SM9,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define PQCerr(f,r) ERR_PUT_error(ERR_LIB_SM9,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define PQC_HYBRIDerr(f,r) ERR_PUT_error(ERR_LIB_SM9,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define ERR_PACK(l,f,r) ( \
(((unsigned int)(l) & 0x0FF) << 24L) | \
@@ -200,8 +190,6 @@ typedef struct err_state_st {
# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */
# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */
# define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */
-# define ERR_R_SM9_LIB ERR_LIB_SM9/* 58 */
-# define ERR_R_PQC_HYBRID_LIB ERR_LIB_PQC_HYBRID/* 60 */
# define ERR_R_NESTED_ASN1_ERROR 58
# define ERR_R_MISSING_ASN1_EOS 63
diff --git a/include/TA/openssl/openssl/evp.h b/thirdparty/open_source/openssl/openssl/evp.h
similarity index 99%
rename from include/TA/openssl/openssl/evp.h
rename to thirdparty/open_source/openssl/openssl/evp.h
index d6c7292..a411f3f 100644
--- a/include/TA/openssl/openssl/evp.h
+++ b/thirdparty/open_source/openssl/openssl/evp.h
@@ -352,10 +352,6 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24
# define EVP_CTRL_GET_IVLEN 0x25
-#ifndef OPENSSL_NO_TTO
-/* Set the input buffer lengths to use for a pipelined operation in case of TTO */
-# define EVP_CTRL_GCM_SET_IV_INV_TTO 0x99
-#endif
/* Padding modes */
#define EVP_PADDING_PKCS7 1
@@ -402,6 +398,7 @@ typedef struct evp_cipher_info_st {
unsigned char iv[EVP_MAX_IV_LENGTH];
} EVP_CIPHER_INFO;
+
/* Password based encryption function */
typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
int passlen, ASN1_TYPE *param,
@@ -940,10 +937,6 @@ const EVP_CIPHER *EVP_sm4_cfb128(void);
# define EVP_sm4_cfb EVP_sm4_cfb128
const EVP_CIPHER *EVP_sm4_ofb(void);
const EVP_CIPHER *EVP_sm4_ctr(void);
-const EVP_CIPHER *EVP_sm4_gcm(void);
-#ifndef OPENSSL_NO_SM4_XTS
-const EVP_CIPHER *EVP_sm4_xts(void);
-# endif
# endif
# if OPENSSL_API_COMPAT < 0x10100000L
@@ -1344,13 +1337,6 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx);
EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
-#ifndef OPENSSL_NO_GMTLS
-EVP_PKEY_CTX *EVP_PKEY_CTX_new_pkey_id(EVP_PKEY *pkey, int id, ENGINE *e);
-int EVP_PKEY_CTX_set_sm2_param(EVP_PKEY_CTX *pctx, EVP_MD *md, int server,
- unsigned char *peer_id, int peerid_len,
- unsigned char *self_id, int selfid_len,
- EC_KEY *peer_ecdhe_key, EC_KEY *self_ecdhe_key);
-#endif
EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
@@ -1673,9 +1659,6 @@ void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
EVP_MD_CTX *mctx));
void EVP_add_alg_module(void);
-#ifndef OPENSSL_NO_SM2
-int EVP_PKEY_is_sm2(EVP_PKEY *pkey);
-#endif
# ifdef __cplusplus
}
diff --git a/include/TA/openssl/openssl/evperr.h b/thirdparty/open_source/openssl/openssl/evperr.h
similarity index 98%
rename from include/TA/openssl/openssl/evperr.h
rename to thirdparty/open_source/openssl/openssl/evperr.h
index daabe9b..b4ea90a 100644
--- a/include/TA/openssl/openssl/evperr.h
+++ b/thirdparty/open_source/openssl/openssl/evperr.h
@@ -123,8 +123,6 @@ int ERR_load_EVP_strings(void);
# define EVP_F_R_32_12_16_INIT_KEY 242
# define EVP_F_S390X_AES_GCM_CTRL 201
# define EVP_F_UPDATE 173
-# define EVP_F_SM4_GCM_CTRL 231
-# define EVP_F_SM4_XTS_INIT_KEY 232
/*
* EVP reason codes.
diff --git a/include/TA/openssl/openssl/hmac.h b/thirdparty/open_source/openssl/openssl/hmac.h
similarity index 100%
rename from include/TA/openssl/openssl/hmac.h
rename to thirdparty/open_source/openssl/openssl/hmac.h
diff --git a/include/TA/openssl/openssl/kdf.h b/thirdparty/open_source/openssl/openssl/kdf.h
similarity index 99%
rename from include/TA/openssl/openssl/kdf.h
rename to thirdparty/open_source/openssl/openssl/kdf.h
index 01e5448..5abd4c3 100644
--- a/include/TA/openssl/openssl/kdf.h
+++ b/thirdparty/open_source/openssl/openssl/kdf.h
@@ -90,6 +90,7 @@ extern "C" {
EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes)
+
# ifdef __cplusplus
}
# endif
diff --git a/include/TA/openssl/openssl/kdferr.h b/thirdparty/open_source/openssl/openssl/kdferr.h
similarity index 100%
rename from include/TA/openssl/openssl/kdferr.h
rename to thirdparty/open_source/openssl/openssl/kdferr.h
diff --git a/include/TA/openssl/openssl/lhash.h b/thirdparty/open_source/openssl/openssl/lhash.h
similarity index 99%
rename from include/TA/openssl/openssl/lhash.h
rename to thirdparty/open_source/openssl/openssl/lhash.h
index 84cfab0..2e42d72 100644
--- a/include/TA/openssl/openssl/lhash.h
+++ b/thirdparty/open_source/openssl/openssl/lhash.h
@@ -66,6 +66,7 @@ typedef struct lhash_st OPENSSL_LHASH;
name##_doall_arg(a, b); }
# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
+
# define LH_LOAD_MULT 256
int OPENSSL_LH_error(OPENSSL_LHASH *lh);
diff --git a/include/TA/openssl/openssl/obj_mac.h b/thirdparty/open_source/openssl/openssl/obj_mac.h
similarity index 97%
rename from include/TA/openssl/openssl/obj_mac.h
rename to thirdparty/open_source/openssl/openssl/obj_mac.h
index 66ec330..53516a0 100644
--- a/include/TA/openssl/openssl/obj_mac.h
+++ b/thirdparty/open_source/openssl/openssl/obj_mac.h
@@ -77,11 +77,6 @@
#define NID_international_organizations 647
#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L
-#define SN_subject_key_attestation_evidence "subject-key-attestation-evidence"
-#define LN_subject_key_attestation_evidence "Subject Key Attestation Evidence"
-#define NID_subject_key_attestation_evidence 1195
-#define OBJ_subject_key_attestation_evidence OBJ_international_organizations,133L,6L,1L,1L
-
#define SN_wap "wap"
#define NID_wap 678
#define OBJ_wap OBJ_international_organizations,43L
@@ -318,14 +313,6 @@
#define NID_ecdsa_with_SHA512 796
#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L
-#define SN_ec192wapi "ec192wapi"
-#define NID_ec192wapi 1214
-#define OBJ_ec192wapi OBJ_ISO_CN,11235L,1L,1L,2L,1L
-
-#define SN_ec192wapi_with_SHA256 "ec192wapi-with-SHA256"
-#define NID_ec192wapi_with_SHA256 1215
-#define OBJ_ec192wapi_with_SHA256 OBJ_ISO_CN,11235L,1L,1L,1L
-
#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L
#define SN_secp112r1 "secp112r1"
@@ -1187,80 +1174,11 @@
#define NID_sm3 1143
#define OBJ_sm3 OBJ_sm_scheme,401L
-#define SN_SM2_with_SM3 "SM2-SM3"
-#define LN_SM2_with_SM3 "SM2-with-SM3"
-#define NID_SM2_with_SM3 1196
-#define OBJ_SM2_with_SM3 OBJ_sm_scheme,501L
-
#define SN_sm3WithRSAEncryption "RSA-SM3"
#define LN_sm3WithRSAEncryption "sm3WithRSAEncryption"
#define NID_sm3WithRSAEncryption 1144
#define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L
-#define SN_sm9 "SM9"
-#define LN_sm9 "sm9"
-#define NID_sm9 1197
-#define OBJ_sm9 OBJ_sm_scheme,302L
-
-#define SN_sm2_sign "SM2-1"
-#define LN_sm2_sign "sm2-sign"
-#define NID_sm2_sign 1198
-#define OBJ_sm2_sign OBJ_sm2,1L
-
-#define SN_sm2_encrypt "SM2-3"
-#define LN_sm2_encrypt "sm2-encrypt"
-#define NID_sm2_encrypt 1211
-#define OBJ_sm2_encrypt OBJ_sm2,3L
-
-#define SN_sm2_cryptography_message_syntax_specification "sm2-cryptography-message-syntax-specification"
-#define LN_sm2_cryptography_message_syntax_specification "SM2 Cryptography Message Syntax Specification"
-#define NID_sm2_cryptography_message_syntax_specification 1199
-#define OBJ_sm2_cryptography_message_syntax_specification OBJ_oscca,6L,1L,4L,2L
-
-#define LN_pkcs7_sm2data "pkcs7-sm2data"
-#define NID_pkcs7_sm2data 1200
-#define OBJ_pkcs7_sm2data OBJ_sm2_cryptography_message_syntax_specification,1L
-
-#define LN_pkcs7_sm2signedData "pkcs7-sm2signedData"
-#define NID_pkcs7_sm2signedData 1201
-#define OBJ_pkcs7_sm2signedData OBJ_sm2_cryptography_message_syntax_specification,2L
-
-#define LN_pkcs7_sm2envelopedData "pkcs7-sm2envelopedData"
-#define NID_pkcs7_sm2envelopedData 1212
-#define OBJ_pkcs7_sm2envelopedData OBJ_sm2_cryptography_message_syntax_specification,3L
-
-#define LN_pkcs7_sm2signedAndEnvelopedData "pkcs7-sm2signedAndEnvelopedData"
-#define NID_pkcs7_sm2signedAndEnvelopedData 1213
-#define OBJ_pkcs7_sm2signedAndEnvelopedData OBJ_sm2_cryptography_message_syntax_specification,4L
-
-#define SN_sm2_cryptography_algorithm_application_specification "sm2-cryptography-algorithm-application-specification"
-#define LN_sm2_cryptography_algorithm_application_specification "SM2 Cryptography Algorithm Application Specification"
-#define NID_sm2_cryptography_algorithm_application_specification 1204
-#define OBJ_sm2_cryptography_algorithm_application_specification OBJ_oscca,6L,1L,4L,1L
-
-#define SN_q5 "q5"
-#define LN_q5 "Password-based Key Derivation Specification"
-#define NID_q5 1205
-#define OBJ_q5 OBJ_sm2_cryptography_algorithm_application_specification,5L
-
-#define LN_id_gm_pbkdf "GM-PBKDF"
-#define NID_id_gm_pbkdf 1206
-#define OBJ_id_gm_pbkdf OBJ_q5,1L
-
-#define LN_id_gm_pbes "GM-PBES"
-#define NID_id_gm_pbes 1207
-#define OBJ_id_gm_pbes OBJ_q5,2L
-
-#define SN_pbeWithSM3AndSM4_CBC "PBE-SM3-SM4"
-#define LN_pbeWithSM3AndSM4_CBC "pbeWithSM3AndSM4-CBC"
-#define NID_pbeWithSM3AndSM4_CBC 1208
-#define OBJ_pbeWithSM3AndSM4_CBC OBJ_sm2_cryptography_algorithm_application_specification,12L,1L,1L
-
-#define SN_hmacWithSM3 "sm3WithKey"
-#define LN_hmacWithSM3 "hmacWithSM3"
-#define NID_hmacWithSM3 1209
-#define OBJ_hmacWithSM3 OBJ_sm3,2L
-
#define LN_hmacWithSHA224 "hmacWithSHA224"
#define NID_hmacWithSHA224 798
#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L
@@ -4814,11 +4732,6 @@
#define NID_seed_ofb128 778
#define OBJ_seed_ofb128 OBJ_kisa,1L,6L
-#define SN_sm4Cipher "SM4-CIPHER"
-#define LN_sm4Cipher "sm4Cipher"
-#define NID_sm4Cipher 1210
-#define OBJ_sm4Cipher OBJ_sm_scheme,104L
-
#define SN_sm4_ecb "SM4-ECB"
#define LN_sm4_ecb "sm4-ecb"
#define NID_sm4_ecb 1133
@@ -4854,16 +4767,6 @@
#define NID_sm4_ctr 1139
#define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L
-#define SN_sm4_gcm "SM4-GCM"
-#define LN_sm4_gcm "sm4-gcm"
-#define NID_sm4_gcm 1203
-#define OBJ_sm4_gcm OBJ_sm_scheme,104L,8L
-
-#define SN_sm4_xts "SM4-XTS"
-#define LN_sm4_xts "sm4-xts"
-#define NID_sm4_xts 1202
-#define OBJ_sm4_xts OBJ_sm_scheme,104L,10L
-
#define SN_hmac "HMAC"
#define LN_hmac "hmac"
#define NID_hmac 855
@@ -5196,14 +5099,6 @@
#define SN_ffdhe8192 "ffdhe8192"
#define NID_ffdhe8192 1130
-#define SN_kyber512 "kyber512"
-#define LN_kyber512 "kyber512"
-#define NID_kyber512 1216
-
-#define SN_x25519_kyber512 "x25519_kyber512"
-#define LN_x25519_kyber512 "x25519_kyber512"
-#define NID_x25519_kyber512 1217
-
#define SN_ISO_UA "ISO-UA"
#define NID_ISO_UA 1150
#define OBJ_ISO_UA OBJ_member_body,804L
diff --git a/include/TA/openssl/openssl/objects.h b/thirdparty/open_source/openssl/openssl/objects.h
similarity index 99%
rename from include/TA/openssl/openssl/objects.h
rename to thirdparty/open_source/openssl/openssl/objects.h
index 611895f..5e8b576 100644
--- a/include/TA/openssl/openssl/objects.h
+++ b/thirdparty/open_source/openssl/openssl/objects.h
@@ -27,6 +27,7 @@
# define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01
# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -167,6 +168,7 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
void OBJ_sigid_free(void);
+
# ifdef __cplusplus
}
# endif
diff --git a/include/TA/openssl/openssl/objectserr.h b/thirdparty/open_source/openssl/openssl/objectserr.h
similarity index 100%
rename from include/TA/openssl/openssl/objectserr.h
rename to thirdparty/open_source/openssl/openssl/objectserr.h
diff --git a/include/TA/openssl/openssl/opensslconf.h b/thirdparty/open_source/openssl/openssl/opensslconf.h
similarity index 100%
rename from include/TA/openssl/openssl/opensslconf.h
rename to thirdparty/open_source/openssl/openssl/opensslconf.h
diff --git a/include/TA/openssl/openssl/opensslv.h b/thirdparty/open_source/openssl/openssl/opensslv.h
similarity index 99%
rename from include/TA/openssl/openssl/opensslv.h
rename to thirdparty/open_source/openssl/openssl/opensslv.h
index 2b107a8..c486264 100644
--- a/include/TA/openssl/openssl/opensslv.h
+++ b/thirdparty/open_source/openssl/openssl/opensslv.h
@@ -94,6 +94,7 @@ extern "C" {
# define SHLIB_VERSION_HISTORY ""
# define SHLIB_VERSION_NUMBER "1.1"
+
#ifdef __cplusplus
}
#endif
diff --git a/include/TA/openssl/openssl/ossl_typ.h b/thirdparty/open_source/openssl/openssl/ossl_typ.h
similarity index 98%
rename from include/TA/openssl/openssl/ossl_typ.h
rename to thirdparty/open_source/openssl/openssl/ossl_typ.h
index fa54d67..e0edfaa 100644
--- a/include/TA/openssl/openssl/ossl_typ.h
+++ b/thirdparty/open_source/openssl/openssl/ossl_typ.h
@@ -96,9 +96,6 @@ typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
-#ifndef OPENSSL_NO_GMSM
-typedef struct sm2_derive_param_st SM2_DERIVE_PARAM;
-#endif
typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
diff --git a/include/TA/openssl/openssl/pem.h b/thirdparty/open_source/openssl/openssl/pem.h
similarity index 97%
rename from include/TA/openssl/openssl/pem.h
rename to thirdparty/open_source/openssl/openssl/pem.h
index a187bea..2ef5b5d 100644
--- a/include/TA/openssl/openssl/pem.h
+++ b/thirdparty/open_source/openssl/openssl/pem.h
@@ -16,9 +16,6 @@
# include <openssl/evp.h>
# include <openssl/x509.h>
# include <openssl/pemerr.h>
-# ifndef OPENSSL_NO_SM2_ENVELOP
-# include <openssl/sm2.h>
-# endif
#ifdef __cplusplus
extern "C" {
@@ -51,9 +48,6 @@ extern "C" {
# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
# define PEM_STRING_PARAMETERS "PARAMETERS"
# define PEM_STRING_CMS "CMS"
-# ifndef OPENSSL_NO_SM2_ENVELOP
-# define PEM_STRING_SM2_ENVELOPED_KEY "SM2 ENVELOPED KEY"
-# endif
# define PEM_TYPE_ENCRYPTED 10
# define PEM_TYPE_MIC_ONLY 20
@@ -377,11 +371,6 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
pem_password_cb *cb, void *u);
# endif
# endif
-# ifndef OPENSSL_NO_SM2_ENVELOP
-DECLARE_PEM_rw(SM2_ENVELOPED_KEY, SM2_ENVELOPED_KEY)
-SM2_ENVELOPED_KEY *d2i_SM2_ENVELOPED_KEY_bio(BIO *bp, SM2_ENVELOPED_KEY **sm2evpkey);
-int i2d_SM2_ENVELOPED_KEY_bio(BIO *bp, SM2_ENVELOPED_KEY *sm2evpkey);
-# endif
# ifdef __cplusplus
}
diff --git a/include/TA/openssl/openssl/pemerr.h b/thirdparty/open_source/openssl/openssl/pemerr.h
similarity index 100%
rename from include/TA/openssl/openssl/pemerr.h
rename to thirdparty/open_source/openssl/openssl/pemerr.h
diff --git a/include/TA/openssl/openssl/pkcs7.h b/thirdparty/open_source/openssl/openssl/pkcs7.h
similarity index 64%
rename from include/TA/openssl/openssl/pkcs7.h
rename to thirdparty/open_source/openssl/openssl/pkcs7.h
index 0ea05c5..9b66e00 100644
--- a/include/TA/openssl/openssl/pkcs7.h
+++ b/thirdparty/open_source/openssl/openssl/pkcs7.h
@@ -151,28 +151,6 @@ DEFINE_STACK_OF(PKCS7)
# define PKCS7_get_signed_attributes(si) ((si)->auth_attr)
# define PKCS7_get_attributes(si) ((si)->unauth_attr)
-#ifndef OPENSSL_NO_PKCS7_SM2
-# define PKCS7_type_is_sm2(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_sm2data \
- || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2signedData \
- || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2envelopedData \
- || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2signedAndEnvelopedData \
- )
-# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed \
- || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2signedData \
- )
-# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
-# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped \
- || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2envelopedData \
- )
-# define PKCS7_type_is_signedAndEnveloped(a) \
- (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped \
- || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2signedAndEnvelopedData \
- )
-# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data \
- || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2data \
- )
-# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
-#else
# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
@@ -180,7 +158,6 @@ DEFINE_STACK_OF(PKCS7)
(OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
-#endif
# define PKCS7_set_detached(p,v) \
PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
@@ -208,7 +185,6 @@ DEFINE_STACK_OF(PKCS7)
# define PKCS7_PARTIAL 0x4000
# define PKCS7_REUSE_DIGEST 0x8000
# define PKCS7_NO_DUAL_CONTENT 0x10000
-# define PKCS7_NOPADDING 0x20000
/* Flags: for compatibility with older code */
@@ -337,120 +313,6 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
-#ifndef OPENSSL_NO_PKCS7_SM2
-/**
- * @API:
- * PKCS7 *PKCS7_sm2_sign_envelop(X509 *signer, EVP_PKEY *pkey, STACK_OF(X509) *certs,
- STACK_OF(X509) *recips, const EVP_CIPHER *cipher,
- BIO *indata, int flags);
- * @function: Build a complete PKCS#7 sm2 signedAndEnveloped data
- * @param[in]
- * X509 *signer -- the certificate to sign with
- * EVP_PKEY *pkey -- the corresponding private key
- * STACK_OF(X509) *certs -- an optional additional set of certificates
- * STACK_OF(X509) *recips -- a list of recipient certificates
- * const EVP_CIPHER *cipher -- the symmetric cipher to use
- * BIO *indata -- the content to be enveloped and signed
- * int flags -- an optional set of flags
- * @return PKCS7* PKCS7 struct pointer
- * @see GM/T 0010-2012 SM2 cryptography message syntax specification. Sec. 10
- * @reused API:
- * PKCS7_set_type
- * PKCS7_set_cipher
- * PKCS7_sign_add_signer
- * PKCS7_add_recipient
- * PKCS7_add_certificate
- * PKCS7_final
- */
-PKCS7 *PKCS7_sm2_sign_envelop(X509 *signer, EVP_PKEY *pkey, STACK_OF(X509) *certs,
- STACK_OF(X509) *recips, const EVP_CIPHER *cipher,
- BIO *indata, int flags);
-/**
- * @API:
- * int PKCS7_sm2_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
- * @function: PKCS#7 sm2 enveloped or signedAndEnveloped data decryption
- * @param[in]
- * PKCS7 *p7 -- PKCS7 struct pointer
- * EVP_PKEY *pkey -- the private key for decryption
- * X509 *cert -- the corresponding recipient certificate
- * int flags -- an optional set of flags
- * @param[out]
- * BIO *data -- output data BIO struct pointer
- * @return int: 1 for success; 0 for failure
- * @see GM/T 0010-2012 SM2 cryptography message syntax specification. Sec. 9 and 10
- * @reused API:
- * PKCS7_decrypt
- */
-int PKCS7_sm2_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
-/**
- * @API:
- * int PKCS7_sm2_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
- BIO *indata, BIO *out, int flags);
- * @function: PKCS#7 sm2 signed or signedAndEnveloped data signature verification
- * @param[in]
- * PKCS7 *p7 -- PKCS7 struct pointer
- * STACK_OF(X509) *certs -- a set of signer certificates
- * EVP_PKEY *pkey -- the private key for decryption
- * X509 *cert -- the corresponding recipient certificate
- * int flags -- an optional set of flags
- * @param[out]
- * BIO *data -- output data BIO struct pointer
- * @return int: 1 for success; 0 for failure
- * @see GM/T 0010-2012 SM2 cryptography message syntax specification. Sec. 8 and 10
- * @reused API:
- * PKCS7_get0_signers
- * PKCS7_get_signer_info
- * PKCS7_signatureVerify
- */
-int PKCS7_sm2_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
- BIO *indata, BIO *out, int flags);
-/**
- * @API:
- * int PKCS7_sm2_decrypt_verify(PKCS7 *p7, X509 *recip, EVP_PKEY *recipkey, STACK_OF(X509) *certs,
- X509_STORE *store, BIO *out, int flags);
- * @function: PKCS#7 sm2 signedAndEnveloped data decryption and signature verification
- * @param[in]
- * PKCS7 *p7 -- PKCS7 struct pointer
- * X509 *recip -- the recipient certificate
- * EVP_PKEY *recipkey -- the corresponding private key for decryption
- * STACK_OF(X509) *certs -- a set of signer certificates
- * X509_STORE *store -- the trusted certificate store to use for chain verification
- * int flags -- an optional set of flags
- * @param[out]
- * BIO *out -- output data BIO struct pointer
- * @return int: 1 for success; 0 for failure
- * @see GM/T 0010-2012 SM2 cryptography message syntax specification. Sec. 8 and 10
- * @reused API:
- * PKCS7_sm2_decrypt
- * PKCS7_sm2_verify
- */
-int PKCS7_sm2_decrypt_verify(PKCS7 *p7, X509 *recip, EVP_PKEY *recipkey, STACK_OF(X509) *certs,
- X509_STORE *store, BIO *out, int flags);
-/**
- * @API:
- * int PKCS7_sm2_dataFinal(PKCS7 *p7, BIO *bio, BIO *data);
- * @function: PKCS#7 sm2 signed, enveloped and signedAndEnveloped data signing and encrypting
- * @param[in]
- * PKCS7 *p7 -- PKCS7 struct pointer
- * BIO *bio -- BIO chain
- * BIO *data -- input data BIO struct pointer
- * @param[out]
- * BIO *out -- output data BIO struct pointer
- * @return int: 1 for success; 0 for failure
- * @see GM/T 0010-2012 SM2 cryptography message syntax specification. Sec. 8, 9 and 10
- * @note:
- * Why do we create a new sm2 data final API?
- *
- * The process in the native OpenSSL API PKCS7_final calls PKCS7_dataInit and PKCS7_dataFinal
- * in sequence. PKCS7_dataInit constructs a digest BIO. Each digest algorithm corresponds to only
- * one digest BIO. PKCS7_dataFinal obtains the digest value in plaintext. Because the z value of
- * SM2 Signature needs to be calculated and it is different for each signer.
- *
- * The interface is added to adapt to the multi-sm2-signer scenario.
- */
-int PKCS7_sm2_dataFinal(PKCS7 *p7, BIO *bio, BIO *data);
-#endif
-
# ifdef __cplusplus
}
# endif
diff --git a/include/TA/openssl/openssl/pkcs7err.h b/thirdparty/open_source/openssl/openssl/pkcs7err.h
similarity index 84%
rename from include/TA/openssl/openssl/pkcs7err.h
rename to thirdparty/open_source/openssl/openssl/pkcs7err.h
index 22f8d52..02e0299 100644
--- a/include/TA/openssl/openssl/pkcs7err.h
+++ b/thirdparty/open_source/openssl/openssl/pkcs7err.h
@@ -57,15 +57,6 @@ int ERR_load_PKCS7_strings(void);
# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137
# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119
# define PKCS7_F_PKCS7_VERIFY 117
-# define PKCS7_F_PKCS7_ADD_RECIPIENT 140
-# define PKCS7_F_PKCS7_SM2_SIGN_ENVELOP 141
-# define PKCS7_F_PKCS7_SM2_VERIFY 142
-# define PKCS7_F_PKCS7_SM2_VERIFY_CERT 143
-# define PKCS7_F_PKCS7_SM2_VERIFY_SIGNATURE 144
-# define PKCS7_F_PKCS7_SM2_VERIFY_DATA 145
-# define PKCS7_F_PKCS7_SM2_DECRYPT_VERIFY 146
-# define PKCS7_F_PKCS7_SM2_SIGN_DATA 147
-# define PKCS7_F_PKCS7_SM2_DATAFINAL 148
/*
* PKCS7 reason codes.
@@ -108,11 +99,5 @@ int ERR_load_PKCS7_strings(void);
# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112
# define PKCS7_R_WRONG_CONTENT_TYPE 113
# define PKCS7_R_WRONG_PKCS7_TYPE 114
-# define PKCS7_R_UNSUPPORTED_SIGNERS 146
-# define PKCS7_R_UNSUPPORTED_RECIPIENTS 147
-# define PKCS7_R_SM2_SIGN_DATA_FAILURE 148
-# define PKCS7_R_SM2_VERIFY_DATA_FAILURE 149
-# define PKCS7_R_SM2_SIGNATURE_FAILURE 150
-# define PKCS7_R_SM2_VERIFY_ERROR 151
#endif
diff --git a/include/TA/openssl/openssl/rand.h b/thirdparty/open_source/openssl/openssl/rand.h
similarity index 85%
rename from include/TA/openssl/openssl/rand.h
rename to thirdparty/open_source/openssl/openssl/rand.h
index ec3b31f..38a2a27 100644
--- a/include/TA/openssl/openssl/rand.h
+++ b/thirdparty/open_source/openssl/openssl/rand.h
@@ -69,16 +69,6 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void))
DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
# endif
-#if !defined(OPENSSL_NO_FIPS) || !defined(OPENSSL_NO_CMVP)
-int FIPS_rand_set_method(const RAND_METHOD *meth);
-const RAND_METHOD *FIPS_rand_get_method(void);
-int FIPS_rand_strength(void);
-/* 1.0.0 compat functions */
-int FIPS_rand_seed(const void *buf, int num);
-int FIPS_rand_bytes(unsigned char *out, int outlen);
-void FIPS_rand_reset(void);
-int FIPS_rand_status(void);
-#endif
#ifdef __cplusplus
}
diff --git a/include/TA/openssl/openssl/randerr.h b/thirdparty/open_source/openssl/openssl/randerr.h
similarity index 100%
rename from include/TA/openssl/openssl/randerr.h
rename to thirdparty/open_source/openssl/openssl/randerr.h
diff --git a/include/TA/openssl/openssl/rsa.h b/thirdparty/open_source/openssl/openssl/rsa.h
similarity index 99%
rename from include/TA/openssl/openssl/rsa.h
rename to thirdparty/open_source/openssl/openssl/rsa.h
index 459f0d2..5e76365 100644
--- a/include/TA/openssl/openssl/rsa.h
+++ b/thirdparty/open_source/openssl/openssl/rsa.h
@@ -31,12 +31,7 @@ extern "C" {
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
# endif
-# ifndef OPENSSL_NO_FIPS
- # define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 2048
- # define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS_LEGACY 1024
-#else
- # define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
-# endif
+# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
diff --git a/include/TA/openssl/openssl/rsaerr.h b/thirdparty/open_source/openssl/openssl/rsaerr.h
similarity index 97%
rename from include/TA/openssl/openssl/rsaerr.h
rename to thirdparty/open_source/openssl/openssl/rsaerr.h
index 30a39de..59b15e1 100644
--- a/include/TA/openssl/openssl/rsaerr.h
+++ b/thirdparty/open_source/openssl/openssl/rsaerr.h
@@ -86,10 +86,6 @@ int ERR_load_RSA_strings(void);
# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 126
# define RSA_F_SETUP_TBUF 167
-#ifndef OPENSSL_NO_FIPS
-# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 207
-# define RSA_F_FIPS_NDCPP_RSA_BUILTIN_KEYGEN 206
-#endif
/*
* RSA reason codes.
@@ -167,8 +163,5 @@ int ERR_load_RSA_strings(void);
# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155
# define RSA_R_VALUE_MISSING 147
# define RSA_R_WRONG_SIGNATURE_LENGTH 119
-#ifndef OPENSSL_NO_FIPS
-# define RSA_R_UNSUPPORTED_PARAMETERS 202
-#endif
#endif
diff --git a/include/TA/openssl/openssl/safestack.h b/thirdparty/open_source/openssl/openssl/safestack.h
similarity index 100%
rename from include/TA/openssl/openssl/safestack.h
rename to thirdparty/open_source/openssl/openssl/safestack.h
diff --git a/include/TA/openssl/openssl/sha.h b/thirdparty/open_source/openssl/openssl/sha.h
similarity index 97%
rename from include/TA/openssl/openssl/sha.h
rename to thirdparty/open_source/openssl/openssl/sha.h
index 4a47e6e..6a1eb0d 100644
--- a/include/TA/openssl/openssl/sha.h
+++ b/thirdparty/open_source/openssl/openssl/sha.h
@@ -83,10 +83,13 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
# define SHA512_CBLOCK (SHA_LBLOCK*8)
# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
# define SHA_LONG64 unsigned __int64
+# define U64(C) C##UI64
# elif defined(__arch64__)
# define SHA_LONG64 unsigned long
+# define U64(C) C##UL
# else
# define SHA_LONG64 unsigned long long
+# define U64(C) C##ULL
# endif
typedef struct SHA512state_st {
diff --git a/include/TA/openssl/openssl/stack.h b/thirdparty/open_source/openssl/openssl/stack.h
similarity index 100%
rename from include/TA/openssl/openssl/stack.h
rename to thirdparty/open_source/openssl/openssl/stack.h
diff --git a/include/TA/openssl/openssl/symhacks.h b/thirdparty/open_source/openssl/openssl/symhacks.h
similarity index 100%
rename from include/TA/openssl/openssl/symhacks.h
rename to thirdparty/open_source/openssl/openssl/symhacks.h
diff --git a/include/TA/openssl/openssl/x509.h b/thirdparty/open_source/openssl/openssl/x509.h
similarity index 98%
rename from include/TA/openssl/openssl/x509.h
rename to thirdparty/open_source/openssl/openssl/x509.h
index efdde0e..3ff86ec 100644
--- a/include/TA/openssl/openssl/x509.h
+++ b/thirdparty/open_source/openssl/openssl/x509.h
@@ -34,6 +34,7 @@
extern "C" {
#endif
+
/* Flags for X509_get_signature_info() */
/* Signature info is valid */
# define X509_SIG_INFO_VALID 0x1
@@ -54,9 +55,6 @@ extern "C" {
# define X509v3_KU_ENCIPHER_ONLY 0x0001
# define X509v3_KU_DECIPHER_ONLY 0x8000
# define X509v3_KU_UNDEF 0xffff
-#define X509v3_KU_SM2_SIGN (X509v3_KU_DIGITAL_SIGNATURE | X509v3_KU_NON_REPUDIATION)
-#define X509v3_KU_SM2_ENC_ENCIPHERMENT (X509v3_KU_KEY_ENCIPHERMENT | X509v3_KU_DATA_ENCIPHERMENT)
-#define X509v3_KU_SM2_ENC_CIPHER_ONLY (X509v3_KU_ENCIPHER_ONLY | X509v3_KU_DECIPHER_ONLY)
struct X509_algor_st {
ASN1_OBJECT *algorithm;
@@ -575,13 +573,6 @@ void X509_get0_signature(const ASN1_BIT_STRING **psig,
const X509_ALGOR **palg, const X509 *x);
int X509_get_signature_nid(const X509 *x);
-# ifndef OPENSSL_NO_SM2
-void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id);
-ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x);
-void X509_REQ_set0_sm2_id(X509_REQ *x, ASN1_OCTET_STRING *sm2_id);
-ASN1_OCTET_STRING *X509_REQ_get0_sm2_id(X509_REQ *x);
-# endif
-
int X509_trusted(const X509 *x);
int X509_alias_set1(X509 *x, const unsigned char *name, int len);
int X509_keyid_set1(X509 *x, const unsigned char *id, int len);
@@ -660,12 +651,6 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
int X509_up_ref(X509 *x);
int X509_get_signature_type(const X509 *x);
-#ifndef OPENSSL_NO_X509_REQ_EXP_ATTR
-int X509_REQ_add1_exp_attr_by_NID(X509_REQ *req,
- int nid, int type,
- const unsigned char *bytes, int len);
-#endif
-
# if OPENSSL_API_COMPAT < 0x10100000L
# define X509_get_notBefore X509_getm_notBefore
# define X509_get_notAfter X509_getm_notAfter
@@ -673,6 +658,7 @@ int X509_REQ_add1_exp_attr_by_NID(X509_REQ *req,
# define X509_set_notAfter X509_set1_notAfter
#endif
+
/*
* This one is only used so that a binary form can output, as in
* i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf)
@@ -743,7 +729,6 @@ const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl))
DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl))
-const unsigned char *X509_CRL_get_hash(const X509_CRL *crl);
X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
diff --git a/include/TA/openssl/openssl/x509_vfy.h b/thirdparty/open_source/openssl/openssl/x509_vfy.h
similarity index 99%
rename from include/TA/openssl/openssl/x509_vfy.h
rename to thirdparty/open_source/openssl/openssl/x509_vfy.h
index fa6027f..25c79f1 100644
--- a/include/TA/openssl/openssl/x509_vfy.h
+++ b/thirdparty/open_source/openssl/openssl/x509_vfy.h
@@ -79,6 +79,7 @@ typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx
X509_NAME *nm);
typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
+
void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
# define X509_STORE_CTX_set_app_data(ctx,data) \
@@ -188,9 +189,6 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
# define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 78
# define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 79
-/*huawei_0032_check_x509v3_pathlen_extension.patch*/
-# define X509_V_ERR_INVALID_PATHLEN_EXTENSION 101 /* Returned by the verify callback to indicate that the pathlen is invalid */
-
/* Certificate verify flags */
# if OPENSSL_API_COMPAT < 0x10100000L
@@ -449,6 +447,7 @@ int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
const X509_LOOKUP_METHOD *method);
+
int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
diff --git a/include/TA/openssl/openssl/x509err.h b/thirdparty/open_source/openssl/openssl/x509err.h
similarity index 95%
rename from include/TA/openssl/openssl/x509err.h
rename to thirdparty/open_source/openssl/openssl/x509err.h
index 0a84ef0..cd08673 100644
--- a/include/TA/openssl/openssl/x509err.h
+++ b/thirdparty/open_source/openssl/openssl/x509err.h
@@ -26,7 +26,6 @@ int ERR_load_X509_strings(void);
# define X509_F_BY_FILE_CTRL 101
# define X509_F_CHECK_NAME_CONSTRAINTS 149
# define X509_F_CHECK_POLICY 145
-# define X509_F_COMMON_VERIFY_SM2 165
# define X509_F_DANE_I2D 107
# define X509_F_DIR_CTRL 102
# define X509_F_GET_CERT_BY_SUBJECT 103
@@ -71,8 +70,6 @@ int ERR_load_X509_strings(void);
# define X509_F_X509_REQ_PRINT_EX 121
# define X509_F_X509_REQ_PRINT_FP 122
# define X509_F_X509_REQ_TO_X509 123
-# define X509_F_X509_REQ_VERIFY 163
-# define X509_F_X509_REQ_VERIFY_SM2 164
# define X509_F_X509_STORE_ADD_CERT 124
# define X509_F_X509_STORE_ADD_CRL 125
# define X509_F_X509_STORE_ADD_LOOKUP 157
@@ -84,10 +81,8 @@ int ERR_load_X509_strings(void);
# define X509_F_X509_TO_X509_REQ 126
# define X509_F_X509_TRUST_ADD 133
# define X509_F_X509_TRUST_SET 141
-# define X509_F_X509_VERIFY 161
# define X509_F_X509_VERIFY_CERT 127
# define X509_F_X509_VERIFY_PARAM_NEW 159
-# define X509_F_X509_VERIFY_SM2 162
/*
* X509 reason codes.
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink