diff --git a/build/pack-Config/Config_pre.py b/build/pack-Config/Config_pre.py
new file mode 100644
index 0000000000000000000000000000000000000000..39f33092592377a357cb3313a6f9000b9ec2c056
--- /dev/null
+++ b/build/pack-Config/Config_pre.py
@@ -0,0 +1,284 @@
+#!/usr/bin/env python
+# coding=utf-8
+#----------------------------------------------------------------------------
+# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+# tools for generating data for signing
+#----------------------------------------------------------------------------
+
+import struct
+import os
+import stat
+import sys
+import hashlib
+import subprocess
+import re
+import logging
+import shutil
+import xml.etree.ElementTree as ET
+sys.path.append('../signtools')
+from dyn_conf_parser import parser_config_xml
+from dyn_conf_parser import parser_dyn_conf
+
+CONFIG_VERSION = 2
+BASE_POLICY_VERSION_TEE = 0b001
+
+XML2TLV_PARSE_TOOL_INDEX = 1
+XML2TLV_PY_VALUE = 1 << XML2TLV_PARSE_TOOL_INDEX
+
+
+def get_policy_version():
+ ''' get policy type '''
+ policy_ver = BASE_POLICY_VERSION_TEE | XML2TLV_PY_VALUE
+ return policy_ver
+
+
+def run_cmd(command):
+ ret = subprocess.run(command, shell=False, check=True)
+ if ret.returncode != 0:
+ logging.error("run command failed.")
+ sys.exit(1)
+
+
+def whitelist_check(intput_str):
+ if not re.match(r"^[A-Za-z0-9\/\-_.]+$", intput_str):
+ return 1
+ return 0
+
+
+class load_config_header:
+ str = struct.Struct('IHHIIIIIIIII')
+
+ def __init__(self, data):
+ unpacked_data = (load_config_header.str).unpack(data.encode())
+ self.unpacked_data = unpacked_data
+ self.magic_num = unpacked_data[0]
+ self.version = unpacked_data[1]
+ self.policy_versio = unpacked_data[2]
+ self.context_len = unpacked_data[3]
+ self.ta_cert_len = unpacked_data[4]
+ self.config_len = unpacked_data[5]
+ self.sign_verify_len = unpacked_data[6]
+ self.reserved1 = unpacked_data[7]
+ self.reserved2 = unpacked_data[8]
+ self.reserved3 = unpacked_data[9]
+ self.reserved4 = unpacked_data[10]
+ self.reserved5 = unpacked_data[11]
+
+ def get_packed_data(self):
+ values = [self.magic_num,
+ self.version,
+ self.policy_version,
+ self.context_len,
+ self.ta_cert_len,
+ self.config_len,
+ self.sign_verify_len,
+ self.reserved1,
+ self.reserved2,
+ self.reserved3,
+ self.reserved4,
+ self.reserved5,
+ ]
+ return (load_config_header.str).pack(*values)
+
+
+def pkg_config_header(hdr_len, magic_num, version, policy_version, \
+ context_len, ta_cert_len, config_len, sign_verify_len):
+ config_hd_len = hdr_len
+ config_hd = load_config_header('\0' * config_hd_len)
+ config_hd.magic_num = magic_num
+ config_hd.version = version
+ config_hd.policy_version = policy_version
+ config_hd.context_len = context_len
+ config_hd.ta_cert_len = ta_cert_len
+ config_hd.config_len = config_len
+ config_hd.sign_verify_len = sign_verify_len
+ return config_hd
+
+
+#----------------------------------------------------------------------------
+# generate hash use SHA256
+#----------------------------------------------------------------------------
+def generate_sha256_hash(in_buf):
+ # Initialize a SHA256 object from the Python hash library
+ obj = hashlib.sha256()
+ # Set the input buffer and return the output digest
+ obj.update(in_buf)
+ return obj.digest()
+
+
+def check_dyn_perm(xml_config_file, input_path):
+ ''' check_dyn_perm '''
+ xml_tree = ET.parse(xml_config_file)
+ xml_root = xml_tree.getroot()
+ drv_perm = None
+ for child in xml_root.findall('drv_perm'):
+ if child != '':
+ drv_perm = child
+ if os.path.exists(os.path.join(input_path, 'temp')):
+ out_save_file = os.path.join(input_path, \
+ 'temp/configs_bak.xml')
+ xml_tree.write(out_save_file, encoding="utf-8")
+ xml_root.remove(child)
+ if drv_perm is not None:
+ newtree = ET.ElementTree(drv_perm)
+ if os.path.exists(os.path.join(input_path, 'temp')):
+ out_file = os.path.join(input_path, 'temp/dyn_perm.xml')
+ newtree.write(out_file, encoding="utf-8")
+ xml_tree.write(xml_config_file)
+ return 1
+ return 0
+
+
+def creat_temp_folder(input_path_creat):
+ ''' creat temp '''
+ creat_temp = os.path.join(input_path_creat, 'temp')
+ if os.path.exists(creat_temp):
+ shutil.rmtree(creat_temp)
+ temp_path = os.path.join(input_path_creat, 'temp')
+ cmd = ["mkdir", temp_path]
+ run_cmd(cmd)
+
+
+def delete_temp_folder(input_path_delete):
+ ''' delete temp '''
+ delete_temp = os.path.join(input_path_delete, 'temp')
+ delete_config_tlv = os.path.join(input_path_delete, 'config_tlv')
+ if os.path.exists(delete_temp):
+ shutil.rmtree(delete_temp)
+ if os.path.exists(delete_config_tlv):
+ os.remove(delete_config_tlv)
+
+
+def convert_xml2tlv(xml_file, tlv_file, input_path):
+ ''' configs.xml exchange to tlv '''
+ if (get_policy_version() & (1 << XML2TLV_PARSE_TOOL_INDEX)) == XML2TLV_PY_VALUE:
+ csv_dir = os.path.realpath(os.path.join(os.getcwd(), 'xml2tlv_tools/csv'))
+ tag_parse_dict_file_path = \
+ os.path.join(csv_dir, 'tag_parse_dict.csv')
+ parser_config_xml(xml_file, tag_parse_dict_file_path, \
+ tlv_file, input_path)
+ if os.path.isfile(tlv_file):
+ logging.critical("convert xml to tlv success")
+ else:
+ logging.error("convert xml to tlv failed")
+ raise RuntimeError
+ else:
+ logging.error("invlid policy version")
+ raise RuntimeError
+
+
+def get_target_type_in_config(config_path, in_path):
+ ''' get target type '''
+ tree = ET.parse(config_path)
+ flags = os.O_WRONLY | os.O_CREAT | os.O_EXCL
+ modes = stat.S_IRUSR | stat.S_IWUSR
+ drv_target_type = tree.find('./TA_Manifest_Info/target_type')
+ if drv_target_type is not None:
+ if drv_target_type.text == "1":
+ ans = "gpd.ta.dynConf:00000\n"
+ out_tlv = os.path.join(in_path, 'config_tlv')
+ with os.fdopen(os.open(out_tlv, flags, modes), 'w+') as conf:
+ conf.write(ans)
+
+
+def gen_data_for_sign(input_path, ta_cert_path, config_cert_path):
+ ''' convert xml to tlv '''
+ logging.critical(os.getcwd())
+ creat_temp_folder(input_path)
+ tlv_dynconf_data = os.path.join(input_path, "config_tlv")
+ xml_config_file = os.path.join(input_path, "configs.xml")
+ tlv_config_file = os.path.join(input_path, "temp/configs_tlv")
+ if check_dyn_perm(xml_config_file, input_path) != 0:
+ sys.path.append('../signtools')
+ dyn_conf_xml_file_path = os.path.join(input_path, 'temp/dyn_perm.xml')
+ # may be use abspath
+ csv_dir = os.path.realpath(os.path.join(os.getcwd(), 'xml2tlv_tools/csv'))
+ tag_parse_dict_file_path = \
+ os.path.join(csv_dir, 'tag_parse_dict.csv')
+ parser_dyn_conf(dyn_conf_xml_file_path, "", tag_parse_dict_file_path, input_path)
+ convert_xml2tlv(xml_config_file, tlv_config_file, input_path)
+ src_file_path = os.path.join(input_path, 'temp/configs_bak.xml')
+ cmd = ["mv", src_file_path, xml_config_file]
+ run_cmd(cmd)
+ else:
+ convert_xml2tlv(xml_config_file, tlv_config_file, input_path)
+ get_target_type_in_config(xml_config_file, input_path)
+ config_cert_size = 0
+ if os.path.exists(config_cert_path):
+ config_cert_size = os.path.getsize(config_cert_path)
+
+ if os.path.exists(tlv_dynconf_data):
+ with open(tlv_config_file, 'rb') as tlv_config_fp:
+ tlv_config_buf = \
+ tlv_config_fp.read(os.path.getsize(tlv_config_file))
+ with open(tlv_dynconf_data, 'rb') as tlv_dynconf_fp:
+ tlv_config_buf = tlv_config_buf + \
+ tlv_dynconf_fp.read(os.path.getsize(tlv_dynconf_data)) + b"\n"
+ tlv_data_size = len(tlv_config_buf)
+ else:
+ tlv_data_size = os.path.getsize(tlv_config_file)
+ with open(tlv_config_file, 'rb') as tlv_config_fp:
+ tlv_config_buf = tlv_config_fp.read(tlv_data_size)
+
+ ta_cert_size = 4 + os.path.getsize(ta_cert_path)
+ with open(ta_cert_path, 'rb') as ta_cert_fp:
+ ta_cert_buf = struct.pack('I', 1) + ta_cert_fp.read(ta_cert_size)
+
+ sign_data_size = 4 + 4 + 4 + config_cert_size + 512
+
+ config_hd_len = 44
+ context_size = ta_cert_size + tlv_data_size + sign_data_size
+ config_header = pkg_config_header(config_hd_len, 0xABCDABCD, \
+ CONFIG_VERSION, get_policy_version(), \
+ context_size, ta_cert_size, tlv_data_size, sign_data_size)
+
+ logging.critical(os.getcwd())
+ data_for_sign = os.path.join(input_path, "data_for_sign")
+ fd_sign = os.open(data_for_sign, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ data_for_sign_fp = os.fdopen(fd_sign, "wb")
+ data_for_sign_fp.write(config_header.get_packed_data())
+ data_for_sign_fp.write(ta_cert_buf)
+ data_for_sign_fp.write(tlv_config_buf)
+ data_for_sign_fp.close()
+ delete_temp_folder(input_path)
+
+
+def main():
+ argvs = sys.argv
+ ta_input_path = argvs[1]
+ ta_cert_path = argvs[2]
+ config_cert_path = argvs[3]
+ if not os.path.exists(ta_input_path):
+ logging.error("ta_input_path does not exist.")
+ sys.exit(1)
+ if not os.path.exists(ta_cert_path):
+ logging.error("ta_cert_path does not exist.")
+ sys.exit(1)
+ if not os.path.exists(config_cert_path):
+ # cloud Product Signing Config May Not Have Certificates
+ logging.error("config_cert_path does not exist.")
+
+ if whitelist_check(ta_input_path):
+ logging.error("ta_input_path is incorrect.")
+ sys.exit(1)
+ if whitelist_check(ta_cert_path):
+ logging.error("ta_cert_path is incorrect.")
+ sys.exit(1)
+ if whitelist_check(config_cert_path):
+ logging.error("config_cert_path is incorrect.")
+ sys.exit(1)
+ gen_data_for_sign(ta_input_path, ta_cert_path, config_cert_path)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/build/pack-Config/ReadMe.txt b/build/pack-Config/ReadMe.txt
new file mode 100644
index 0000000000000000000000000000000000000000..4eae5adf54fce128d1914708b1e912268e361a6d
--- /dev/null
+++ b/build/pack-Config/ReadMe.txt
@@ -0,0 +1,18 @@
+使用说明
+1.taconfig.der(证书)和config_cert_private.key(私钥)放入config_cert文件夹下
+ =>放置taconfig.der(证书)和config_cert_private.key(私钥)至换当前目录config_cert文件夹下,注意保持文件名一致
+ =>taconfig.der(证书)为config证书,该证书应由导入证书CA签发(三方TA),证书内保存的公钥对应私钥为taconfig_key.pem
+ =>config_cert_private.key为taconfig.der证书公钥对应私钥,用来对signature段签名
+2.TA开发者的证书ta_cert.der放至在ta_cert目录
+ =>ta_cert.der证书应至在ta_cert目录,该证书应由导入证书CA签发(三方TA),证书内保存的公钥用来验签TA
+3.configs.xml文件放至在input目录
+ =>configs.xml保存TA基础信息
+4.生成config二进制
+ =>所需文件:input/configs.xml、config_cert/taconfig.der、config_cert/config_cert_private.key、ta_cert/ta_cert.der
+ =>生成待签名文件data_for_sign: python3 Config_pre.py input/ ${ta_cert_dir}/ta_cert.der ${config_cert_dir}/taconfig.der
+ =>生成签名文件data_for_sign.rsa(仅举例): openssl dgst -sign ${config_cert_dir}/config_cert_private.key -sha256 -out data_for_sign.rsa data_for_sign
+ =>生成config(使用公钥)python3 config_v2.py input/ output/ TYPE_PUBKEY
+ =>生成config(使用证书)cp ${config_cert_dir}/taconfig.der input/ ; python3 config_v2.py input/ output/ TYPE_CERT
+5.config二进制生成在output目录
+ =>参考local_sign.sh(包含步骤5中流程)
+
diff --git a/build/pack-Config/config_cert/ReadMe.txt b/build/pack-Config/config_cert/ReadMe.txt
new file mode 100644
index 0000000000000000000000000000000000000000..40fde8aff9b69842247755791d5016d67fbd8bd5
--- /dev/null
+++ b/build/pack-Config/config_cert/ReadMe.txt
@@ -0,0 +1,2 @@
+1.config cert signed by CA
+2.private key of config cert used for signing TA/DRV configuration
diff --git a/build/pack-Config/config_v2.py b/build/pack-Config/config_v2.py
new file mode 100644
index 0000000000000000000000000000000000000000..7c801b4e7c86ed0bb0fff5c9ddeae9c379a26896
--- /dev/null
+++ b/build/pack-Config/config_v2.py
@@ -0,0 +1,122 @@
+#!/usr/bin/env python
+# coding=utf-8
+#----------------------------------------------------------------------------
+# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+# tools for generating a signed config
+#----------------------------------------------------------------------------
+
+import struct
+import os
+import stat
+import sys
+import re
+import configparser
+import logging
+
+CONFIG_VERSION = 2
+
+
+class Configuration:
+ ''' Configuration '''
+ sign_alg = "RSA_PKCS1"
+
+ def __init__(self, file_name):
+ parser = configparser.ConfigParser()
+ parser.read(file_name)
+ self.sign_alg = parser.get("signConfigPrivateCfg", "configSignAlg")
+ if whitelist_check(self.sign_alg):
+ logging.error("configSignAlg is invalid.")
+ sys.exit(1)
+
+
+def whitelist_check(intput_str):
+ if not re.match(r"^[A-Za-z0-9\/\-_.]+$", intput_str):
+ return 1
+ return 0
+
+
+def gen_config_section(input_path, output_path, verify_type):
+ ''' generate config file section '''
+ data_for_sign = os.path.join(input_path, "data_for_sign")
+ signature = os.path.join(input_path, "data_for_sign.rsa")
+ signed_config = os.path.join(output_path, "config")
+ config_certpath = os.path.join(input_path, "taconfig.der")
+
+ config_path = input_path + '/../../signtools'
+ config_file = os.path.join(config_path, "config_tee_private_sample.ini")
+ if not os.path.exists(config_file):
+ logging.critical("config_tee_private_sample.ini is not exist.")
+ sign_conf_alg = 1
+ else:
+ cfg = Configuration(config_file)
+ if cfg.sign_alg == "RSA_PKCS1":
+ sign_conf_alg = 1
+ elif cfg.sign_alg == "RSA_PSS":
+ sign_conf_alg = 3
+ elif cfg.sign_alg == "ECDSA":
+ sign_conf_alg = 2
+
+ data_for_sign_size = os.path.getsize(data_for_sign)
+ with open(data_for_sign, 'rb') as data_for_sign_fp:
+ data_for_sign_buf = data_for_sign_fp.read(data_for_sign_size)
+
+ signature_size = os.path.getsize(signature)
+ with open(signature, 'rb') as signature_fp:
+ signature_buf = signature_fp.read(signature_size)
+
+ if(verify_type == "TYPE_PUBKEY"):
+ sign_verify_buf = struct.pack('III', 0, sign_conf_alg, 0) + signature_buf
+ elif(verify_type == "TYPE_CERT"):
+ config_cert_size = os.path.getsize(config_certpath)
+ with open(config_certpath, 'rb') as config_cert_fp:
+ config_cert_buf = config_cert_fp.read(config_cert_size)
+ sign_verify_buf = struct.pack('III', 1, sign_conf_alg, config_cert_size) + \
+ config_cert_buf + signature_buf
+
+ fd_sign = os.open(signed_config, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ signed_config_fp = os.fdopen(fd_sign, "wb")
+ # write data (header + ta cert + tlv config)
+ signed_config_fp.write(data_for_sign_buf)
+ # write config cert
+ signed_config_fp.write(sign_verify_buf)
+ signed_config_fp.close()
+
+
+def main():
+ argvs = sys.argv
+ input_file = argvs[1]
+ output_file = argvs[2]
+ verify_type = argvs[3]
+ if not os.path.exists(input_file):
+ logging.error("input does not exist.")
+ exit()
+ if not os.path.exists(output_file):
+ logging.error("ta_cert_path does not exist.")
+ exit()
+
+ if whitelist_check(input_file):
+ logging.error("input is incorrect.")
+ exit()
+ if whitelist_check(output_file):
+ logging.error("output is incorrect.")
+ exit()
+ if whitelist_check(verify_type):
+ logging.error("output is incorrect.")
+ exit()
+
+ gen_config_section(input_file, output_file, verify_type)
+
+
+if __name__ == '__main__':
+ main()
+
diff --git a/build/pack-Config/input/configs.xml b/build/pack-Config/input/configs.xml
new file mode 100644
index 0000000000000000000000000000000000000000..631a70894fd87f0de6760198973064b9803b5e02
--- /dev/null
+++ b/build/pack-Config/input/configs.xml
@@ -0,0 +1,15 @@
+
+
+
+ demo
+ 00000000-0000-0000-0000-000000000000
+
+
+ false
+ 2048
+ 20480
+ false
+ true
+ true
+
+
diff --git a/build/pack-Config/local_sign.sh b/build/pack-Config/local_sign.sh
new file mode 100644
index 0000000000000000000000000000000000000000..a3657e0ecfd9c2b8dcfe7680d1967bf8da01cf98
--- /dev/null
+++ b/build/pack-Config/local_sign.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+# make config binary
+# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+set -e
+# generate and sign the config binary with local private key.
+
+work_dir=$(pwd)
+input_dir=${work_dir}/"input"
+config_cert_dir=${work_dir}/"config_cert"
+ta_cert_dir=${work_dir}/"ta_cert"
+
+# prepare data for been signed.
+python3 Config_pre.py input/ ${ta_cert_dir}/ta_cert.der ${config_cert_dir}/taconfig.der
+
+# begin sign.
+cd ${input_dir}
+if [ ! -f "data_for_sign" ]; then
+ echo "can't find data for sign"
+ echo "sign fail!"
+ exit -1
+fi
+
+# config_cert_private.key is the private key of the config certificate.
+openssl dgst -sign ${config_cert_dir}/config_cert_private.key -sha256 -sigopt rsa_padding_mode:pss \
+ -sigopt rsa_pss_saltlen:-1 -out data_for_sign.rsa data_for_sign
+
+# generate config binary
+cd ${work_dir}
+
+if [ -f "${config_cert_dir}/taconfig.der" ]; then
+ echo "make config with config cert"
+ cp ${config_cert_dir}/taconfig.der ${input_dir}/
+ python3 config_v2.py input/ output/ TYPE_CERT
+else
+ python3 config_v2.py input/ output/ TYPE_PUBKEY
+fi
+
+# clean
+cd $input_dir
+[ -f "$input_dir"/data_for_sign ] && rm data_for_sign
+[ -f "$input_dir"/data_for_sign.rsa ] && rm data_for_sign.rsa
+[ -f "$input_dir"/configs_tlv ] && rm configs_tlv
+[ -f "$input_dir"/*.der ] && rm *.der
+
+if [ "$?" == 0 ]; then
+ echo "generate config binary success"
+ exit 0
+else
+ echo "generate config binary failed"
+ exit 1
+fi
diff --git a/build/pack-Config/output/ReadMe.txt b/build/pack-Config/output/ReadMe.txt
new file mode 100644
index 0000000000000000000000000000000000000000..cbf7ad20c39fa761e16caf3cf0b9e1f8affaacc8
--- /dev/null
+++ b/build/pack-Config/output/ReadMe.txt
@@ -0,0 +1 @@
+output the signed perm_config
diff --git a/build/pack-Config/ta_cert/ReadMe.txt b/build/pack-Config/ta_cert/ReadMe.txt
new file mode 100644
index 0000000000000000000000000000000000000000..cabddd4f702b19a0373e4b81486f949fb8104f73
--- /dev/null
+++ b/build/pack-Config/ta_cert/ReadMe.txt
@@ -0,0 +1 @@
+TA cert signed by CA to verify the identify of TA
diff --git a/build/pack-TA/build_ta.sh b/build/pack-TA/build_ta.sh
index c5cff34050f2eb9683a2056ee3d22301e0e19d00..97a6e0ae9fdc946214bbccc39d24e6194beee853 100644
--- a/build/pack-TA/build_ta.sh
+++ b/build/pack-TA/build_ta.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# Description: preare toolchains and env for build ta.
# Copyright @ Huawei Technologies Co., Ltd. 2021-2022. All rights reserved.
-# iTrustee licensed under the Mulan PSL v2.
+# Licensed under the Mulan PSL v2.
# You can use this software according to the terms and conditions of the Mulan
# PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
diff --git a/build/signtools/auth_conf_parser.py b/build/signtools/auth_conf_parser.py
new file mode 100644
index 0000000000000000000000000000000000000000..cf525b1bd538a4e4f34f47b1a0d71ed09d29c930
--- /dev/null
+++ b/build/signtools/auth_conf_parser.py
@@ -0,0 +1,260 @@
+#!/usr/bin/env python3
+# coding=utf-8
+#----------------------------------------------------------------------------
+# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+# tools for parsering the dynamic ca caller infomation
+#----------------------------------------------------------------------------
+from __future__ import absolute_import
+import os
+import stat
+import logging
+import hashlib
+import struct
+from ctypes import create_string_buffer
+from ctypes import c_uint32
+from ctypes import sizeof
+from ctypes import memmove
+from ctypes import byref
+from defusedxml import ElementTree as ET
+
+logging.basicConfig(level=logging.INFO,
+ format='%(asctime)s line:%(lineno)d %(levelname)s:%(name)s:%(message)s',
+ datefmt='%H:%M:%S'
+ )
+
+
+# caller base config
+MAX_CALLER_NUM = 16
+MAX_CMDLINE_LEN = 256
+MAX_USERNAME_LEN = 256
+AUTH_CONFIG_KEY = "gpd.ta.auth:"
+DEFAULT_AUTH_TYPE_UID = True
+
+
+# init caller info
+g_caller_num = 0
+g_caller_enable = 1
+g_hash_byte_list = bytes("", 'utf-8')
+g_auth_type = True # default auth type: cmdline + uid
+g_big_endian = False
+
+
+def print_hash(byte_buf):
+ """ print caller hash """
+ buf = [hex(int(i)) for i in byte_buf]
+ logging.info(" ".join(buf))
+
+
+def calc_sha256(buf):
+ """ calcuate sha256 """
+ md = hashlib.sha256()
+ md.update(buf)
+ return md.digest()
+
+
+def calc_cmdline_uid_hash(cmdline, uid):
+ """ calcuate cmdline||uid hash """
+ c_uid = c_uint32(uid)
+ c_str = create_string_buffer(cmdline.encode('utf-8'), len(cmdline) + sizeof(c_uid))
+ memmove(byref(c_str, len(c_str.value)), byref(c_uid), sizeof(c_uid))
+ return calc_sha256(c_str)
+
+
+def calc_cmdline_username_hash(cmdline, username):
+ """ calcuate cmdline||username hash """
+ c_str = create_string_buffer((cmdline + username).encode('utf-8'), len(cmdline) + MAX_USERNAME_LEN)
+ return calc_sha256(c_str)
+
+
+def check_auth_enable_type(value):
+ """ check auth_enable type """
+ if len(value) == 0:
+ raise RuntimeError("auth_enable value must be configured")
+ if value != "true" and value != 'false':
+ raise RuntimeError("auth_enable value must be true or false", value)
+
+
+def get_auth_enable_value(value):
+ """ check auth_enable value """
+ global g_caller_enable
+ if value == "false":
+ g_caller_enable = 0
+ else:
+ g_caller_enable = 1
+
+
+def check_auth_type(value):
+ """ check auth type """
+ if len(value) == 0:
+ raise RuntimeError("auth_uid_type value must be configured")
+ if value != "true" and value != 'false':
+ raise RuntimeError("auth_uid_type value must be true or false", value)
+
+
+def get_auth_type_value(value):
+ """ check auth type value """
+ global g_auth_type
+ if value == "false":
+ g_auth_type = False
+ else:
+ g_auth_type = True
+
+
+def check_item_type(item):
+ """ check item value """
+ if item.tag != "item" or len(item.attrib) != 2:
+ raise RuntimeError("invaild item attrib", item.tag, item.attrib, len(item.attrib))
+
+
+def check_cmdline_type(value):
+ """ check cmdline type """
+ if len(value) == 0 or len(value) > MAX_CMDLINE_LEN:
+ raise RuntimeError("invaild cmdline, the cmdline length must be in range (0, {}]".format(MAX_CMDLINE_LEN), \
+ value, len(value))
+
+
+def check_uid_type(value):
+ """ check uid type """
+ if int(value, 10) > 0xffffffff or int(value, 10) < 0:
+ raise RuntimeError("invaild uid, the uid value must be in [0, 0xffffffff]", value)
+
+
+def check_username_type(value):
+ """ check username type """
+ if len(value) == 0 or len(value) > MAX_USERNAME_LEN:
+ raise RuntimeError("invaild username, the username length must be in range (0, {}]".format(MAX_USERNAME_LEN), \
+ value, len(value))
+
+
+def get_item_value(item, auth_type):
+ """ get item value """
+ cmdline = ""
+ uid = 0
+ username = ""
+ caller_hash = ""
+ global g_caller_num
+ global g_hash_byte_list
+
+ if auth_type == DEFAULT_AUTH_TYPE_UID:
+ attr_key = "uid"
+ else:
+ attr_key = "username"
+
+ for attr in item.attrib:
+ value = item.attrib[attr]
+ if attr == "cmdline":
+ check_cmdline_type(value)
+ cmdline = value
+ elif attr == attr_key:
+ if auth_type == DEFAULT_AUTH_TYPE_UID:
+ check_uid_type(value)
+ uid = int(value, 10)
+ else:
+ check_username_type(value)
+ username = value
+ else:
+ raise RuntimeError("invaild item attr", attr)
+
+ if auth_type == DEFAULT_AUTH_TYPE_UID:
+ caller_hash = calc_cmdline_uid_hash(cmdline, uid)
+ logging.info("cmdline %s, uid %s", cmdline, uid)
+ else:
+ caller_hash = calc_cmdline_username_hash(cmdline, username)
+ logging.info("cmdline %s, username %s", cmdline, username)
+ print_hash(caller_hash)
+ if g_big_endian is True:
+ pack_format = ">32s"
+ else:
+ pack_format = "32s"
+ g_hash_byte_list = g_hash_byte_list + struct.pack(pack_format, caller_hash)
+ g_caller_num = g_caller_num + 1
+ if g_caller_num > MAX_CALLER_NUM:
+ raise RuntimeError("Exceed max caller num", MAX_CALLER_NUM)
+
+
+def handle_auth_base_info(child):
+ """ handle auth_base_info """
+ for attr in child.attrib:
+ if attr == "auth_enable":
+ check_auth_enable_type(child.attrib.get(attr))
+ get_auth_enable_value(child.attrib.get(attr))
+ elif attr == "auth_type_uid":
+ check_auth_type(child.attrib.get(attr))
+ get_auth_type_value(child.attrib.get(attr))
+ else:
+ raise RuntimeError("invaild auth_base_info attrib", attr)
+
+
+def handle_auth_item(child, auth_type):
+ """ handle auth item """
+ for item in child:
+ check_item_type(item)
+ get_item_value(item, auth_type)
+
+
+def do_parser_auth_conf(root):
+ """ do parser auth config """
+ auth_tag = "auth_cmdline_uid"
+ xml_line_num = 0
+ for child in root:
+ if child.tag == "auth_base_info":
+ if xml_line_num != 0:
+ raise RuntimeError("the auth_base_info must be configured first")
+ handle_auth_base_info(child)
+ if g_auth_type != DEFAULT_AUTH_TYPE_UID:
+ auth_tag = "auth_cmdline_username"
+ elif child.tag == auth_tag:
+ handle_auth_item(child, g_auth_type)
+ else:
+ raise RuntimeError("not support xml tag", child.tag)
+ xml_line_num = xml_line_num + 1
+
+
+def parser_auth_xml(auth_xml_file_path, manifest_ext_path, big_endian=False):
+ """ parser auth xml """
+ global g_caller_num
+ global g_hash_byte_list
+ global g_big_endian
+
+ g_big_endian = big_endian
+
+ if not os.path.exists(auth_xml_file_path):
+ raise RuntimeError("auth_config.xml file doesn't exist")
+
+ tree = ET.parse(auth_xml_file_path)
+ root = tree.getroot()
+
+ # parser auth config
+ do_parser_auth_conf(root)
+
+ # gen auth header
+ if g_caller_enable == 0:
+ g_caller_num = 0
+ g_hash_byte_list = bytes("", 'utf-8')
+
+ if g_big_endian is True:
+ pack_format = ">II"
+ else:
+ pack_format = "II"
+ auth_header = struct.pack(pack_format, g_caller_enable, g_caller_num)
+
+ #write auth to mani_ext
+ if not os.path.exists(manifest_ext_path):
+ fd_ext = os.open(manifest_ext_path, os.O_WRONLY | os.O_CREAT, stat.S_IWUSR | stat.S_IRUSR)
+ else:
+ fd_ext = os.open(manifest_ext_path, os.O_RDWR, 0o600)
+ with os.fdopen(fd_ext, 'ba+') as fp_mani_ext:
+ fp_mani_ext.write(bytes(AUTH_CONFIG_KEY, "utf-8"))
+ fp_mani_ext.write(auth_header)
+ fp_mani_ext.write(g_hash_byte_list)
+ fp_mani_ext.write(bytes("\n", "utf-8"))
+ fp_mani_ext.close()
diff --git a/build/signtools/config_cloud.ini b/build/signtools/config_cloud.ini
index 14f60fff71882caa73dfc09543340424956aed2b..b366ad84e807d88c72e804fe8a410c108fd2047a 100644
--- a/build/signtools/config_cloud.ini
+++ b/build/signtools/config_cloud.ini
@@ -15,7 +15,7 @@ secHashType = 0
;0 means padding type is pkcs1v15
;1 means padding type is PSS
;[fixed value]
-secPaddingType = 0
+secPaddingType = 1
;;;
;[fixed value]
;RSA alg
diff --git a/build/signtools/config_tee_private_sample.ini b/build/signtools/config_tee_private_sample.ini
new file mode 100644
index 0000000000000000000000000000000000000000..5b2bb9c5cc3b79af3f0e8e9520e1d3eebddd4bef
--- /dev/null
+++ b/build/signtools/config_tee_private_sample.ini
@@ -0,0 +1,35 @@
+[signSecPrivateCfg]
+;;;
+;private key length for signing TA
+secSignKeyLen = 4096
+;;;
+;0 means SHA256 hash type
+;1 means SHA512 hash type
+secHashType = 0
+;;;
+; Fixed value
+;1 means padding type is PSS
+secPaddingType = 1
+;;;
+;RSA alg
+;ECDSA alg
+secSignAlg = RSA
+[signConfigPrivateCfg]
+;;;
+; Fixed value
+;0 config证书
+configVersion = 0
+;;;
+; Fixed value 1
+configPolicy = 1
+;;;
+;RSA_PKCS1 alg
+;RSA_PSS alg
+;ECDSA alg
+configSignAlg = RSA_PSS
+;;;
+;1 means signed by local private
+configSignType = 1
+;;;
+;private key for signing TA
+configSignKey = taconfig_key.pem
diff --git a/build/signtools/dyn_conf_checker.py b/build/signtools/dyn_conf_checker.py
new file mode 100644
index 0000000000000000000000000000000000000000..64eeaf21c2208fbd95b793fd2d48b1605921eab9
--- /dev/null
+++ b/build/signtools/dyn_conf_checker.py
@@ -0,0 +1,512 @@
+#!/usr/bin/env python3
+# coding=utf-8
+#----------------------------------------------------------------------------
+# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+# tools for generating a trusted application dyn perm checker
+#----------------------------------------------------------------------------
+
+
+import re
+import uuid
+
+uuid_split_sym_list = ['-']
+spilt_sym_list = [';', '|', ',']
+unused_sym_list = ['_']
+unique_list = []
+permission_unique_dict = {}
+cmd_unique_dict = {}
+
+
+def check_csv_sym(value):
+
+ for sym in value:
+ if sym in unused_sym_list:
+ continue
+ elif sym >= 'A' and sym <= 'Z':
+ continue
+ elif sym >= 'a' and sym <= 'z':
+ continue
+ elif sym >= '0' and sym <= '9':
+ continue
+ else:
+ raise RuntimeError("has invalid sym in csv", value)
+
+
+def classify_uuid_list(value):
+
+ ans = ""
+ uuid_list = value.split(',')
+ for uuid_item in uuid_list:
+ ans = "%s%s," % (ans, str(uuid.UUID(uuid_item)))
+
+ return ans[:len(ans) - 1].strip()
+
+
+def check_context_sym(old_item, attr, value):
+
+ if len(value) == 0:
+ return -1
+
+ for sym in value:
+ if sym in uuid_split_sym_list:
+ continue
+ elif sym in spilt_sym_list:
+ continue
+ elif sym in unused_sym_list:
+ continue
+ elif sym >= 'A' and sym <= 'Z':
+ continue
+ elif sym >= 'a' and sym <= 'z':
+ continue
+ elif sym >= '0' and sym <= '9':
+ continue
+ else:
+ raise RuntimeError("has invalid sym in xml", \
+ old_item + attr, value)
+ return 0
+
+
+def do_split_and_classify(old_item, attr, split_sym_index, value):
+
+ ans = ""
+ value_list = value.split(spilt_sym_list[split_sym_index])
+ for val in value_list:
+ val = val.strip()
+ if len(val) == 0:
+ raise RuntimeError("cannot split empty region", value)
+ if split_sym_index == len(spilt_sym_list) - 1:
+ if check_context_sym(old_item, attr, val) != 0:
+ raise RuntimeError("xml attrib cannot be NULL", \
+ old_item + attr, value)
+ ans += val + spilt_sym_list[split_sym_index]
+ else:
+ ans += do_split_and_classify(old_item, attr, split_sym_index + 1,\
+ val) + spilt_sym_list[split_sym_index]
+
+ return ans[: len(ans) - 1]
+
+
+def check_and_classify_attr(old_item, attr, value):
+
+ if len(value) == 0:
+ raise RuntimeError("tag %s%s is NULL in xml" % (old_item, attr))
+
+ value = do_split_and_classify(old_item, attr, 0, value)
+
+ if attr == "uuid":
+ value = classify_uuid_list(value)
+
+ return value
+
+
+def check_iomap_range(iomap_range):
+
+ if len(iomap_range) == 0:
+ raise RuntimeError("you must define iomap_range")
+
+ iomap_range.replace(" ", "")
+ iomap_ranges = iomap_range.split(";")
+ for iomap in iomap_ranges:
+ addrs = iomap.split(",")
+ # check if range is start,end format
+ if len(addrs) == 0:
+ continue
+
+ if len(addrs) != 2:
+ raise RuntimeError("iomap must be start1,end1;\
+start2,end2....", addrs)
+
+ if '0x' not in addrs[0] or '0x' not in addrs[1]:
+ raise RuntimeError("addr must be hex like \
+0xF8555000", addrs[0], addrs[1])
+
+ # check if addr is 4K aligned
+ start = int(addrs[0], 16)
+ end = int(addrs[1], 16)
+ if start > 0xffffffffffffffff or end > 0xffffffffffffffff:
+ raise RuntimeError("addr is so large", addrs[0], addrs[1])
+ if start % 0x1000 != 0 or end % 0x1000 != 0:
+ raise RuntimeError("addr must be 4K aligned", addrs[0], addrs[1])
+ if end <= start:
+ raise RuntimeError("iomap range start must \
+smaller than end ", addrs[0], addrs[1])
+
+ return 0
+
+
+def check_thread_limit(value):
+
+ if len(value) > 0:
+ thread_limit = int(value)
+ if thread_limit > 0xffffffff or thread_limit <= 0:
+ raise RuntimeError("thread_limit is invalid", thread_limit)
+
+
+def check_upgrade(value):
+
+ if len(value) > 0:
+ if value.lower() != 'true' and value.lower() != 'false':
+ raise RuntimeError("upgrade must be true or false", value)
+
+
+def check_virt2phys(value):
+
+ if len(value) > 0:
+ if value.lower() != 'true' and value.lower() != 'false':
+ raise RuntimeError("virt2phys must be true or false", value)
+
+
+def check_exception_mode(value):
+
+ if value != "restart" and value != "syscrash" and value != "ddos":
+ raise RuntimeError("unknown exception mode", value)
+
+
+def check_chip_type(attrib, value):
+
+ if len(value) == 0:
+ raise RuntimeError("chip_type cannot be NULL")
+
+ if not re.match(r"[A-Za-z0-9_,]*$", value):
+ raise RuntimeError("there has invalid sym in chip type", value)
+
+ chips = value.split(",")
+ for chip in chips:
+ chip_item = chip.lower().strip()
+ if len(chip_item) > 31:
+ raise RuntimeError("{} length is larger than 31".format(chip_item), chip_item)
+
+ flag = 0
+ for attr in attrib:
+ if attr != "chip_type":
+ flag = 1
+ break
+ if flag == 0:
+ raise RuntimeError("you cannot only set chip_type in item")
+
+
+def check_drv_name(value):
+
+ if len(value) > 31 or len(value) == 0:
+ raise RuntimeError("drv name should not be NULL or \
+length larger than 31", value)
+
+
+def check_irq(value):
+
+ if len(value) == 0:
+ raise RuntimeError("irq cannot be NULL")
+
+ if ';' in value or '|' in value:
+ raise RuntimeError("irq can only split by ,", value)
+
+ irq_list = value.split(',')
+ for irq in irq_list:
+ num = int(irq, 10)
+ if num < 32:
+ raise RuntimeError("irq shoule not smaller than 32", value)
+
+
+def check_map_secure_uuid(attrib, value):
+
+ if len(value) != 36:
+ raise RuntimeError("uuid len is invalid", value)
+
+ flag = 0
+ for attr in attrib:
+ if attr == "region":
+ flag = 1
+
+ if flag == 0:
+ raise RuntimeError("please set region in map secure item", attrib)
+
+
+def check_map_secure_region(attrib, value):
+
+ if len(value) == 0:
+ raise RuntimeError("region cannot be NULL")
+
+ flag = 0
+ for attr in attrib:
+ if attr == "uuid":
+ flag = 1
+
+ if flag == 0:
+ raise RuntimeError("please set uuid in map secure item", attrib)
+
+ check_iomap_range(value)
+
+
+def check_drv_cmd_perm_info_item_permission(attrs, perm):
+
+ if len(perm) == 0:
+ raise RuntimeError("permssion len should not be NULL")
+
+ if not re.match(r"^[0-9]*$", perm):
+ raise RuntimeError("there has invalid sym in perm", perm)
+
+ if int(perm, 10) > 64 or int(perm, 10) < 1:
+ raise RuntimeError("perm can only in range 1-64", perm)
+
+ flag = 0
+
+ for attr in attrs:
+ if attr == "cmd" and len(attrs[attr]) != 0:
+ flag = 1
+ break
+
+ if flag == 0:
+ raise RuntimeError("you should set cmd while you set cmd permission")
+
+
+def check_drv_cmd_perm_info_item_cmd(attrs, dyn_key):
+
+ if len(dyn_key) == 0:
+ raise RuntimeError("dyn_key len should not be 0")
+
+ flag = 0
+
+ cmd = ""
+ for attr in attrs:
+ if attr == "permission" and len(attrs[attr]) != 0:
+ flag = 1
+ if attr == "cmd" and len(attrs[attr]) != 0:
+ cmd = attrs[attr]
+ if (dyn_key, attrs[attr]) in unique_list:
+ raise RuntimeError("one cmd can only set \
+permission once", attrs[attr])
+
+ unique_list.append((dyn_key, cmd))
+
+ if flag == 0:
+ raise RuntimeError("you should set permission while \
+you set cmd permission")
+
+
+def check_mac_info_item_permission(attrs, perm):
+
+ if len(perm) == 0:
+ raise RuntimeError("permssion len should not be 0")
+
+ if ',' in perm or ';' in perm:
+ raise RuntimeError("multi permssion can only split by | ", perm)
+
+ flag = 0
+
+ for attr in attrs:
+ if attr == "uuid" and len(attrs[attr]) != 0:
+ flag = 1
+ break
+
+ if flag == 0:
+ raise RuntimeError("you should set uuid while \
+you set drvcall's permission")
+
+ for perm_num in perm.split("|"):
+ if int(perm_num, 10) > 64 or int(perm_num, 10) < 1:
+ raise RuntimeError("perm can only in range 1-64", perm)
+
+
+def check_mac_info_item_uuid(attrs, dyn_key):
+
+ if len(dyn_key) == 0:
+ raise RuntimeError("dyn_key len should not be 0")
+
+ uuid_str = ""
+ for attr in attrs:
+ if attr == "uuid" and len(attrs[attr]) != 0:
+ uuid_str = attrs[attr]
+ if ',' in uuid_str:
+ raise RuntimeError("uuid in mac can only set one", uuid_str)
+ if (dyn_key, uuid_str) in unique_list:
+ raise RuntimeError("uuid can only set once in mac", uuid_str)
+
+ unique_list.append((dyn_key, uuid_str))
+
+
+def check_permssion_unique(value, origin_value):
+
+ value_list = value.split("|")
+ origin_value_list = origin_value.split("|")
+ if len(value) == 0 or len(value_list) != len(origin_value_list):
+ RuntimeError("permssion trans by csv failed", value, origin_value)
+
+ for (i, _) in enumerate(value_list):
+ if value_list[i] in permission_unique_dict.keys() and \
+ permission_unique_dict.get(value_list[i]) != origin_value_list[i]:
+ raise RuntimeError("different permission set same num in csv",\
+ value, origin_value)
+ permission_unique_dict[value_list[i]] = origin_value_list[i]
+
+
+def check_cmd_unique(value, origin_value):
+
+ value_list = value.split("|")
+ origin_value_list = origin_value.split("|")
+ if len(value) == 0 or len(value_list) != len(origin_value_list):
+ RuntimeError("cmd trans by csv failed", value, origin_value)
+
+ for (i, _) in enumerate(value_list):
+ if value_list[i] in cmd_unique_dict.keys() and \
+ cmd_unique_dict.get(value_list[i]) != origin_value_list[i]:
+ raise RuntimeError("different cmd set same num in csv", \
+ value, origin_value)
+ cmd_unique_dict[value_list[i]] = origin_value_list[i]
+
+
+def check_perm_apply_item(attrs, perm):
+
+ if len(perm) == 0:
+ raise RuntimeError("permssion len should not be 0")
+
+ flag = 0
+
+ for attr in attrs:
+ if attr == "name" and len(attrs[attr]) != 0:
+ flag = 1
+ break
+
+ if flag == 0:
+ raise RuntimeError("you should set drv's name while \
+you set drv's permission")
+
+
+def check_ta_config_service_name(service_name):
+
+ if len(service_name) == 0 or len(service_name) >= 40:
+ raise Exception("service name is invalid", service_name)
+
+
+def check_ta_config_stack_size(stack_size):
+
+ if int(stack_size, 10) > 0xffffffff or int(stack_size, 10) <= 0:
+ raise Exception("stack size is invalid", stack_size)
+
+
+def check_ta_config_heap_size(heap_size):
+
+ if int(heap_size, 10) > 0xffffffff or int(heap_size, 10) <= 0:
+ raise Exception("heap size is invalid", heap_size)
+
+
+def check_ta_config_rpmb_size(rpmb_size):
+
+ if int(rpmb_size, 10) > 0xffffffff or int(rpmb_size, 10) <= 0:
+ raise Exception("rpmb size is invalid", rpmb_size)
+
+
+def check_ta_config_device_id(device_id):
+
+ if len(device_id) != 64:
+ raise Exception("device_id len is invalid", device_id)
+
+ for sym in device_id:
+ if sym >= 'A' and sym <= 'Z':
+ continue
+ elif sym >= '0' and sym <= '9':
+ continue
+ else:
+ raise RuntimeError("has invalid sym in device_id", sym, device_id)
+
+
+def dyn_perm_check(dyn_key, attrib, value, origin_value):
+
+ if dyn_key == 'drv_perm/drv_basic_info/thread_limit':
+ check_thread_limit(value)
+ elif dyn_key == 'drv_perm/drv_basic_info/upgrade':
+ check_upgrade(value)
+ elif dyn_key == 'drv_perm/drv_basic_info/virt2phys':
+ check_virt2phys(value)
+ elif dyn_key == 'drv_perm/drv_basic_info/exception_mode':
+ check_exception_mode(value)
+ elif dyn_key == 'drv_perm/drv_io_map/item/chip_type':
+ check_chip_type(attrib, value)
+ elif dyn_key == 'drv_perm/drv_io_map/item/iomap':
+ check_iomap_range(value)
+ elif dyn_key == 'drv_perm/irq/item/irq':
+ check_irq(value)
+ elif dyn_key == 'drv_perm/map_secure/item/chip_type':
+ check_chip_type(attrib, value)
+ elif dyn_key == 'drv_perm/map_secure/item/uuid':
+ check_map_secure_uuid(attrib, value)
+ return
+ elif dyn_key == 'drv_perm/map_secure/item/region':
+ check_map_secure_region(attrib, value)
+ elif dyn_key == 'drv_perm/map_nosecure/item/chip_type':
+ check_chip_type(attrib, value)
+ elif dyn_key == 'drv_perm/map_nosecure/item/uuid':
+ # uuid has been checked in classify_uuid()
+ return
+ elif dyn_key == 'drv_perm/drv_cmd_perm_info/item/cmd':
+ # cmd has been trans by csv, so it must be valied
+ check_drv_cmd_perm_info_item_cmd(attrib, dyn_key)
+ check_cmd_unique(value, origin_value)
+ return
+ elif dyn_key == 'drv_perm/drv_cmd_perm_info/item/permission':
+ check_drv_cmd_perm_info_item_permission(attrib, value)
+ check_permssion_unique(value, origin_value)
+ elif dyn_key == 'drv_perm/drv_mac_info/item/uuid':
+ # uuid has been checked in classify_uuid()
+ check_mac_info_item_uuid(attrib, dyn_key)
+ return
+ elif dyn_key == 'drv_perm/drv_mac_info/item/permission':
+ check_mac_info_item_permission(attrib, value)
+ check_permssion_unique(value, origin_value)
+ elif dyn_key == 'drvcall_conf/drvcall_perm_apply/item/permission':
+ check_perm_apply_item(attrib, value)
+ check_permssion_unique(value, origin_value)
+ elif dyn_key == 'ConfigInfo/TA_Basic_Info/service_name/service_name':
+ check_ta_config_service_name(value)
+ elif dyn_key == 'ConfigInfo/TA_Basic_Info/uuid/uuid':
+ classify_uuid_list(value)
+ elif dyn_key == 'ConfigInfo/TA_Manifest_Info/stack_size/stack_size':
+ check_ta_config_stack_size(value)
+ elif dyn_key == 'ConfigInfo/TA_Manifest_Info/heap_size/heap_size':
+ check_ta_config_heap_size(value)
+ elif dyn_key == 'ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/RPMB_size':
+ check_ta_config_rpmb_size(value)
+ elif dyn_key == \
+ 'ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/DEBUG_device_id':
+ check_ta_config_device_id(value)
+ else:
+ return
+
+
+def check_text_ava(old_item, text):
+
+ if text is None or len(text.strip()) == 0:
+ raise Exception("text is invalied", old_item)
+
+
+ta_config_item_list = [
+ 'ConfigInfo/TA_Basic_Info/service_name/',
+ 'ConfigInfo/TA_Basic_Info/uuid/',
+ 'ConfigInfo/TA_Manifest_Info/instance_keep_alive/',
+ 'ConfigInfo/TA_Manifest_Info/stack_size/',
+ 'ConfigInfo/TA_Manifest_Info/heap_size/',
+ 'ConfigInfo/TA_Manifest_Info/multi_command/',
+ 'ConfigInfo/TA_Manifest_Info/multi_session/',
+ 'ConfigInfo/TA_Manifest_Info/single_instance/',
+ 'ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/',
+ 'ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/RPMB_general/',
+ 'ConfigInfo/TA_Control_Info/SE_Info/SE_open_session/',
+ 'ConfigInfo/TA_Control_Info/TUI_Info/TUI_general/',
+ 'ConfigInfo/TA_Control_Info/DEBUG_Info/debug_status/',
+ 'ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/']
+
+
+def check_ta_config(old_item, text):
+
+ if old_item in ta_config_item_list:
+ check_text_ava(old_item, text)
+
+ return True
diff --git a/build/signtools/dyn_conf_parser.py b/build/signtools/dyn_conf_parser.py
new file mode 100644
index 0000000000000000000000000000000000000000..7ecb7f691992edf9e445a0643cf79abd57aeaac3
--- /dev/null
+++ b/build/signtools/dyn_conf_parser.py
@@ -0,0 +1,315 @@
+#!/usr/bin/env python3
+# coding=utf-8
+#----------------------------------------------------------------------------
+# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+# tools for generating a trusted application dyn perm parser
+#----------------------------------------------------------------------------
+
+import string
+import os
+import stat
+import logging
+from defusedxml import ElementTree as ET
+from dyn_conf_checker import dyn_perm_check
+from dyn_conf_checker import check_and_classify_attr
+from dyn_conf_checker import check_csv_sym
+from dyn_conf_checker import check_ta_config
+
+
+type_trans = {"TYPE_NONE": "-1",
+ "TYPE_CLASS": "0",
+ "TYPE_BOOL": "1",
+ "TYPE_INT": "2",
+ "TYPE_CHAR": "3"}
+
+# the length len in tlv
+DYN_CONF_LEN_LEN = 4
+
+tag_dict = {}
+type_dict = {}
+trans_dict = {}
+
+
+def get_csv_size(path):
+
+ with open(path, "r", encoding="utf-8") as csvfile:
+ lines = csvfile.readlines()
+ return len(lines)
+ return 0
+
+
+def get_csv_data(path, lnum, rnum):
+
+ with open(path, "r", encoding="utf-8") as csvfile:
+ count = 0
+ lines = csvfile.readlines()
+ for line in lines:
+ if count == lnum:
+ return str(line.split(",")[rnum]).strip()
+ count = count + 1
+ return ""
+
+
+def classify_tag(tag):
+
+ while len(tag) < 3:
+ tag = "0%s" % (tag)
+
+ return tag
+
+
+# save tag type and trans dict
+def handle_tag_dict(path):
+
+ for i in range(0, get_csv_size(path)):
+ dyn_sym = get_csv_data(path, i, 0)
+ tag_dict[dyn_sym] = classify_tag(get_csv_data(path, i, 1))
+ type_dict[dyn_sym] = type_trans.get(get_csv_data(path, i, 2))
+ trans_dict[dyn_sym] = get_csv_data(path, i, 3)
+
+
+def check_target_data_been_found(sym, find_out, path):
+
+ if find_out == 1:
+ raise RuntimeError(sym + " can only set one time in " + path)
+
+
+# trans value sym by trans dict
+def handle_trans(value, path):
+
+ datas = value.split("|")
+
+ for i, data in enumerate(datas):
+ find_out = 0
+ target_data = data
+ for j in range(0, get_csv_size(path)):
+ sym = get_csv_data(path, j, 0)
+ tag = get_csv_data(path, j, 1)
+ check_csv_sym(sym)
+ check_csv_sym(tag)
+ if sym == target_data:
+ # if one sym has been set more than one time in csv
+ check_target_data_been_found(sym, find_out, path)
+ datas[i] = tag
+ find_out = 1 # means we find sym in dict
+
+ if find_out == 0:
+ raise RuntimeError("cannot find {} in {}".format(datas[i], path))
+
+ ans = datas[0]
+ for i in range(1, len(datas)):
+ ans = "%s|%s" % (ans, datas[i])
+
+ return ans
+
+
+def get_value_by_name_in_config(config_name, in_path):
+
+ config_file = os.path.join(in_path, config_name)
+ if not os.path.exists(config_file):
+ logging.error("configs.xml file doesn't exist")
+ return ""
+ xml_tree = ET.parse(config_file)
+ drv_perm = xml_tree.find('./TA_Basic_Info/service_name')
+ return drv_perm.text
+
+
+def get_value_by_name_in_manifest(manifest_name, in_path):
+
+ manifest = os.path.join(in_path, "manifest.txt")
+ if not os.path.exists(manifest):
+ name = get_value_by_name_in_config("configs.xml", in_path)
+ if name != "":
+ return name
+ else:
+ with open(manifest, 'r') as mani_fp:
+ for each_line in mani_fp:
+ if each_line.startswith("#") or not each_line.strip():
+ continue
+ name = each_line.split(":")[0].strip()
+ if "{" + name + "}" == manifest_name:
+ return str(each_line.split(":")[1].strip())
+
+ raise RuntimeError("{" + manifest_name + "}" + \
+ "cannot find in " + manifest)
+
+
+def get_value_trans(old_item, value, attrib, key, in_path):
+
+ # if name contains '.csv' means
+ # we can transform value by {manifest_name}.csv
+ # manifest_name must in manifest.txt
+ if ".csv" in trans_dict.get(key):
+ manifest_name = trans_dict.get(key).split(".csv")[0]
+ manifest_value = get_value_by_name_in_manifest(manifest_name, in_path)
+ trans_file_path = os.path.join(in_path, "{}.csv".format(manifest_value))
+ return handle_trans(value, trans_file_path)
+ # if name not contains '.csv' means
+ # we can transform value by {attrib[attri]}.csv
+ # attrib[attri] must in xml file
+ for attri in attrib:
+ if old_item + attri == trans_dict.get(key):
+ if len(attrib[attri]) == 0:
+ raise RuntimeError("you should set drv name while \
+ you set drv permission")
+ trans_file_path = os.path.join(in_path, "{}.csv".format(attrib[attri]))
+ return handle_trans(value, trans_file_path)
+
+ raise RuntimeError("cannot find second trans file",\
+ key, trans_dict.get(key))
+
+
+def item_zip(old_item, attr, value, attrib, in_path):
+
+ dyn_key = old_item + attr
+ dyn_type = type_dict.get(dyn_key)
+ origin_value = value
+
+ if len(trans_dict.get(dyn_key)) > 0:
+ value = get_value_trans(old_item, value, attrib, dyn_key, in_path)
+
+ # check the xml is invalid for dyn perm
+ dyn_perm_check(dyn_key, attrib, value, origin_value)
+
+ if dyn_type == type_trans.get("TYPE_BOOL"):
+ if value.lower() == "true":
+ return "1"
+ elif value.lower() == "false":
+ return "0"
+ else:
+ raise Exception("bool can only be true or false")
+ elif dyn_type == type_trans.get("TYPE_INT"):
+ if '0x' in value:
+ return str(int(value, base=16))
+ elif '0b' in value:
+ return str(int(value, base=2))
+ else:
+ return str(int(value, base=10))
+ elif dyn_type == type_trans.get("TYPE_CHAR"):
+ return value
+ else:
+ raise RuntimeError("unknown type")
+
+
+def get_length(value):
+
+ length = len(value)
+ off = int((DYN_CONF_LEN_LEN / 2 - 1) * 8)
+ ans = ""
+
+ for _ in range(int(DYN_CONF_LEN_LEN / 2)):
+ tmp = ""
+ dyn_len = (length >> off) & 0xFF;
+ if dyn_len >= 0 and dyn_len <= 0xF:
+ tmp = "0"
+ tmp += str(hex(dyn_len)).split("x")[1]
+ ans += tmp
+ off -= 8
+
+ return ans
+
+
+def do_parser_dyn_conf(old_item, ele, in_path):
+
+ attrs = ""
+ if len(ele.attrib) > 0:
+ for attr in ele.attrib:
+ ele.attrib[attr] = check_and_classify_attr(old_item,\
+ attr, ele.attrib.get(attr))
+ tag = tag_dict.get(old_item + attr)
+ dyn_type = type_dict.get(old_item + attr)
+ if dyn_type == type_trans.get("TYPE_NONE"):
+ continue
+
+ value = item_zip(old_item, attr, ele.attrib[attr],
+ ele.attrib, in_path)
+ length = get_length(value)
+ attrs = attrs + tag + dyn_type + length + value
+ else:
+ for child in ele:
+ tmp_attrs = do_parser_dyn_conf(old_item + child.tag + "/",
+ child, in_path)
+ if tmp_attrs == "":
+ continue
+ attrs = attrs + tmp_attrs
+
+ # handle inner context
+ if check_ta_config(old_item, ele.text) is True and \
+ ele.text is not None and len(ele.text.strip()) > 0:
+ inner_text = item_zip(old_item + ele.tag, "", ele.text, {}, in_path)
+ attrs = attrs + tag_dict.get(old_item + ele.tag) + \
+ type_dict.get(old_item + ele.tag) + \
+ get_length(inner_text) + inner_text
+
+ if len(tag_dict.get(old_item)) == 0 or attrs == "":
+ return ""
+
+ return tag_dict.get(old_item) + type_dict.get(old_item) + \
+ get_length(attrs) + attrs
+
+
+def parser_dyn_conf(dyn_conf_xml_file_path, manifest_ext_path,
+ tag_parse_dict_path, in_path):
+
+ if not os.path.exists(dyn_conf_xml_file_path):
+ logging.error("dyn perm xml file doesn't exist")
+ return
+
+ if not os.path.exists(tag_parse_dict_path):
+ logging.error("tag_parse_dict.csv file doesn't exist")
+ return
+
+ handle_tag_dict(tag_parse_dict_path)
+ tree = ET.parse(dyn_conf_xml_file_path)
+ root = tree.getroot()
+
+ ans = do_parser_dyn_conf(root.tag + "/", root, in_path)
+ if ans == "":
+ ans = "00000"
+
+ ans = "gpd.ta.dynConf:" + ans + "\n"
+
+ if not os.path.exists(manifest_ext_path):
+ out_tlv = os.path.join(in_path, "config_tlv")
+ with os.fdopen(os.open(out_tlv, \
+ os.O_RDWR | os.O_TRUNC | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR), 'w+') as conf:
+ conf.write(ans)
+ else:
+ #write items to mani_ext
+ manifest_ext_path_fd = os.open(manifest_ext_path, os.O_RDWR, 0o600)
+ with os.fdopen(manifest_ext_path_fd, 'a+') as mani_ext_fp:
+ mani_ext_fp.write(ans)
+
+
+def parser_config_xml(config_xml_file_path, tag_parse_dict_path, \
+ out_path, in_path):
+
+ if not os.path.exists(config_xml_file_path):
+ logging.error("config xml file doesn't exist")
+ return
+ if not os.path.exists(tag_parse_dict_path):
+ logging.error("tag_parse_dict.csv file doesn't exist")
+ return
+
+ handle_tag_dict(tag_parse_dict_path)
+ tree = ET.parse(config_xml_file_path)
+ root = tree.getroot()
+
+ ans = do_parser_dyn_conf(root.tag + "/", root, in_path)
+ if ans == "":
+ ans = "00000"
+
+ # write items to mani_ext
+ config_path_fd = os.open(out_path, os.O_CREAT | os.O_RDWR, 0o600)
+ with os.fdopen(config_path_fd, 'a+') as config_fp:
+ config_fp.write(ans)
diff --git a/build/signtools/generate_hash.py b/build/signtools/generate_hash.py
index 58252c8c9aa021be00be557be93f03722717bc53..fd90a0112c88a3b5561cb850e6f85562e4d8d681 100644
--- a/build/signtools/generate_hash.py
+++ b/build/signtools/generate_hash.py
@@ -1,8 +1,8 @@
#!/usr/bin/env python
-# coding:utf-8
+# coding=utf-8
#----------------------------------------------------------------------------
# Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
-# iTrustee licensed under the Mulan PSL v2.
+# Licensed under the Mulan PSL v2.
# You can use this software according to the terms and conditions of the Mulan
# PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
@@ -37,11 +37,11 @@ def gen_hash(hash_type, in_data, out_file_path):
hash_fp = os.fdopen(fd_hash, "wb")
# fixed hash prefix value
if int(hash_type) == HASH256:
- hash_fp.write(struct.pack('B'*19, 0x30, 0x31, 0x30, 0x0d, 0x06, \
+ hash_fp.write(struct.pack('B' * 19, 0x30, 0x31, 0x30, 0x0d, 0x06, \
0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, \
0x05, 0x00, 0x04, 0x20))
elif int(hash_type) == HASH512:
- hash_fp.write(struct.pack('B'*19, 0x30, 0x51, 0x30, 0x0d, 0x06, \
+ hash_fp.write(struct.pack('B' * 19, 0x30, 0x51, 0x30, 0x0d, 0x06, \
0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, \
0x05, 0x00, 0x04, 0x40))
hash_fp.write(hash_op.digest())
diff --git a/build/signtools/generate_signature.py b/build/signtools/generate_signature.py
index b309505f3e12f9abc8c5c38335b9839cadd1f214..95657e89e57257263ecf7ee24d43c72e0c436350 100644
--- a/build/signtools/generate_signature.py
+++ b/build/signtools/generate_signature.py
@@ -1,8 +1,8 @@
#!/usr/bin/env python
-# coding:utf-8
+# coding=utf-8
#----------------------------------------------------------------------------
# Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
-# iTrustee licensed under the Mulan PSL v2.
+# Licensed under the Mulan PSL v2.
# You can use this software according to the terms and conditions of the Mulan
# PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
@@ -14,24 +14,43 @@
# Description: tools for generating a trusted application load image
#----------------------------------------------------------------------------
+import os
+import stat
import subprocess
+import logging
from generate_hash import gen_hash
def gen_ta_signature(cfg, uuid_str, raw_data, raw_data_path, hash_file_path, \
- out_file_path, out_path, key_info_data):
+ out_file_path, out_path, key_info_data, is_big_ending):
+ msg_file = os.path.join(out_path, "temp", "config_msg")
+ fd_msg = os.open(msg_file, os.O_WRONLY | os.O_CREAT, \
+ stat.S_IWUSR | stat.S_IRUSR)
+ msg_file_fp = os.fdopen(fd_msg, "wb")
+ msg_file_fp.write(raw_data)
+ msg_file_fp.close()
if cfg.sign_type == '1': # signed with local key
- gen_hash(cfg.hash_type, raw_data, hash_file_path)
- cmd = "openssl rsautl -sign -inkey {} -in {} -out {}".\
- format(cfg.sign_key, hash_file_path, out_file_path)
+ if cfg.padding_type == '0':
+ gen_hash(cfg.hash_type, raw_data, hash_file_path)
+ cmd = "openssl pkeyutl -sign -inkey {} -in {} -out {}".\
+ format(cfg.sign_key, hash_file_path, out_file_path)
+ elif cfg.padding_type == '1':
+ if cfg.hash_type == '0':
+ cmd = "openssl dgst -sign {} -sha256 -sigopt \
+ rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 \
+ -out {} {}".format(cfg.sign_key, out_file_path, msg_file)
+ else:
+ cmd = "openssl dgst -sign {} -sha512 -sigopt \
+ rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 \
+ -out {} {}".format(cfg.sign_key, out_file_path, msg_file)
try:
subprocess.check_output(cmd.split(), shell=False)
except Exception:
- print("sign operation failed")
+ logging.error("sign operation failed")
raise RuntimeError
else:
- print("unhandled signtype %s" % cfg.sign_type)
+ logging.error("unhandled signtype %s", cfg.sign_type)
return
diff --git a/build/signtools/get_ta_elf_hash.py b/build/signtools/get_ta_elf_hash.py
index 25d4fc32df38b9f11b2b9c1a5334bb520708a09d..89443e0c4bf4fb64633dfc6fde988ded6a4e35a1 100644
--- a/build/signtools/get_ta_elf_hash.py
+++ b/build/signtools/get_ta_elf_hash.py
@@ -1,9 +1,8 @@
#!/usr/bin/env python3
-# coding:utf-8
-"""
-Calculate the elfhash values of TAs by segment and combine the values.
-Copyright @ Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
-# iTrustee licensed under the Mulan PSL v2.
+# coding=utf-8
+#----------------------------------------------------------------------------
+# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
# You can use this software according to the terms and conditions of the Mulan
# PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
@@ -12,6 +11,11 @@ Copyright @ Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
# See the Mulan PSL v2 for more details.
+# Calculate the elfhash values of TAs by segment and combine the values.
+#----------------------------------------------------------------------------
+
+"""
+calculate the elfhash values of TA
"""
from __future__ import print_function
@@ -19,6 +23,7 @@ import os
import sys
import hashlib
import struct
+import logging
def elf_header_verify_check(elf_header):
@@ -190,10 +195,10 @@ def get_code_segment_from_elf(elf_file_name, out_hash_file_name, sign_data):
elf_hd_buf = elf_fp.read(elf_info.elf32_hdr_size)
elf_header = Elf32Ehdr(elf_hd_buf)
else:
- print("No Support ELFINFO_CLASS")
+ logging.error("No Support ELFINFO_CLASS")
if elf_header_verify_check(elf_header) is False:
- print("ELF file failed verification: %s" % elf_file_name)
+ logging.error("ELF file failed verification: %s", elf_file_name)
for i_phd in range(0, elf_header.e_phnum):
if elf_ident.ei_class == elf_info.elfinfo_class_64:
@@ -201,7 +206,7 @@ def get_code_segment_from_elf(elf_file_name, out_hash_file_name, sign_data):
elif elf_ident.ei_class == elf_info.elfinfo_class_32:
elf_phd_header = Elf32Phdr(elf_fp.read(elf_info.elf32_phdr_size))
else:
- print("No Support ELFINFO_CLASS")
+ logging.error("No Support ELFINFO_CLASS")
if (elf_phd_header.p_type != elf_info.load_type) or \
(elf_phd_header.p_flags & elf_info.exec_flag != elf_info.exec_flag) or \
diff --git a/build/signtools/manifest.py b/build/signtools/manifest.py
index 66aa30190164f214377c3ca6e28d947354c230ee..bd6bf907450e5948060b9b87de2f2fccb6f8f120 100755
--- a/build/signtools/manifest.py
+++ b/build/signtools/manifest.py
@@ -1,8 +1,8 @@
#!/usr/bin/env python
-# coding:utf-8
+# coding=utf-8
#----------------------------------------------------------------------------
# Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
-# iTrustee licensed under the Mulan PSL v2.
+# Licensed under the Mulan PSL v2.
# You can use this software according to the terms and conditions of the Mulan
# PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
@@ -19,6 +19,8 @@ import uuid
import os
import re
import stat
+import logging
+
PRODUCT_TA_IMAGE = 1
PRODUCT_DYN_LIB = 2
@@ -31,18 +33,20 @@ class PackUuid:
# Structure object to align and package the TEE_UUID
data = struct.Struct('IHH8b')
- def __init__(self, data):
+ def __init__(self, data, big_endian=False):
unpacked_data = (PackUuid.data).unpack(str.encode(data))
self.unpacked_data = unpacked_data
self.time_low = unpacked_data[0]
self.time_mid = unpacked_data[1]
self.time_hi_version = unpacked_data[2]
self.clock_seq_node = unpacked_data[3]
+ if big_endian:
+ PackUuid.data = struct.Struct('>IHH8b')
def print_values(self):
- print("ATTRIBUTE / VALUE")
+ logging.critical("ATTRIBUTE / VALUE")
for attr, value in self.__dict__.items():
- print(attr, value)
+ logging.critical(attr, value)
def get_pack_data(self):
values = [self.time_low,
@@ -62,7 +66,7 @@ class Manifest:
# Structure object to align and package the Manifest
data = struct.Struct('I' * 6)
- def __init__(self, data):
+ def __init__(self, data, big_endian=False):
unpacked_data = (Manifest.data).unpack(str.encode(data))
self.unpacked_data = unpacked_data
self.single_instance = unpacked_data[0]
@@ -71,11 +75,13 @@ class Manifest:
self.heap_size = unpacked_data[3]
self.stack_size = unpacked_data[4]
self.instancekeepalive = unpacked_data[5]
+ if big_endian:
+ Manifest.data = struct.Struct('>' + 'I' * 6)
def print_values(self):
- print("ATTRIBUTE / VALUE")
+ logging.critical("ATTRIBUTE / VALUE")
for attr, value in self.__dict__.items():
- print(attr, value)
+ logging.critical(attr, value)
def get_pack_data(self):
values = [self.single_instance,
@@ -93,20 +99,20 @@ class Manifest:
# verify property name in manifest file
#----------------------------------------------------------------------------
def verify_property_name(str_line):
- print('verify property name')
+ logging.critical("verify property name")
alphas = string.ascii_letters + string.digits
cont = "".join([alphas, '-', '_', '.'])
if len(str_line) > 1:
if str_line[0] not in alphas:
- print('invalid first letter in property name')
+ logging.error("invalid first letter in property name")
return False
else:
for otherchar in str_line[1:]:
if otherchar not in cont:
- print('invalid char in property name')
+ logging.error("invalid char in property name")
return False
else:
- print('invalid property name')
+ logging.error("invalid property name")
return False
return True
@@ -116,11 +122,11 @@ def verify_property_name(str_line):
# verify property value in manifest file
#----------------------------------------------------------------------------
def verify_property_value(str_line):
- print('verify property value')
+ logging.critical("verify property value")
filt_letter = chr(0) + chr(10) + chr(13)
for thechar in str_line:
if thechar in filt_letter:
- print('invalid letter in prop value')
+ logging.error("invalid letter in prop value")
return False
return True
@@ -129,11 +135,11 @@ def verify_property_value(str_line):
# remove tabs and space in property value
#----------------------------------------------------------------------------
def trailing_space_tabs(str_line):
- print('trailing space tabs in value head and trail')
+ logging.critical("trailing space tabs in value head and trail")
space_tabs = chr(9) + chr(32) + chr(160)
space_tabs_newlines = space_tabs + chr(10) + chr(13)
- print('str in: {}'.format(str_line))
+ logging.critical("str in: %s", str_line)
index = 0
for thechar in str_line:
if thechar in space_tabs:
@@ -152,8 +158,8 @@ def trailing_space_tabs(str_line):
else:
break
- str_ret = headvalue[0:strlen+1] + chr(10)
- print('str ret: {}'.format(str_ret))
+ str_ret = headvalue[0:strlen + 1] + chr(10)
+ logging.critical("str ret: %s", str_ret)
return str_ret
@@ -161,14 +167,14 @@ def trailing_space_tabs(str_line):
#----------------------------------------------------------------------------
# verify manifest file, parse manifest file, generate a new manfiest file
#----------------------------------------------------------------------------
-def parser_manifest(manifest, manifest_data_path, mani_ext):
- print('verify manifest')
+def parser_manifest(manifest, manifest_data_path, mani_ext, big_endian=False):
+ logging.critical("verify manifest")
target_type = PRODUCT_TA_IMAGE
- uuid_val = PackUuid('\0' * 16)
+ uuid_val = PackUuid('\0' * 16, big_endian)
#manifest default
- manifest_val = Manifest('\0'*24)
+ manifest_val = Manifest('\0' * 24, big_endian)
manifest_val.single_instance = 1
manifest_val.multi_session = 0
@@ -185,39 +191,39 @@ def parser_manifest(manifest, manifest_data_path, mani_ext):
stat.S_IWUSR | stat.S_IRUSR)
mani_ext_fp = os.fdopen(fd_ext, "wb")
for each_line in mani_fp:
- print(each_line)
- if each_line.startswith("#") or not len(each_line.strip()):
+ logging.critical(each_line)
+ if each_line.startswith("#") or not each_line.strip():
continue
index = each_line.find(':', 1, len(each_line))
prop_name = each_line[0:index]
- prop_name_t = each_line[0:index+1]
- prop_value_t = each_line[index+1:]
- print('name is: {}; value is: {}'.format(prop_name, prop_value_t))
+ prop_name_t = each_line[0:index + 1]
+ prop_value_t = each_line[index + 1:]
+ logging.critical("name is: %s; value is: %s", prop_name, prop_value_t)
prop_value = trailing_space_tabs(prop_value_t)
prop_len = len(prop_value)
- prop_value_v = prop_value[0:prop_len-1]
- print('prop value_v: {}'.format(prop_value_v))
+ prop_value_v = prop_value[0:prop_len - 1]
+ logging.critical("prop value_v: %s", prop_value_v)
if verify_property_name(prop_name) is False:
- print('manifest format invalid, please check it')
+ logging.error("manifest format invalid, please check it")
mani_ext_fp.close()
- return (False, 0)
+ return (False, 0, 0)
if verify_property_value(prop_value_v) is False:
- print('manifest format invalid, please check it')
+ logging.error("manifest format invalid, please check it")
mani_ext_fp.close()
- return (False, 0)
+ return (False, 0, 0)
# name:value to lowcase, and parse manifest
prop_name_low = prop_name.lower()
- print("name lower: {}".format(prop_name_low))
+ logging.critical("name lower: %s", prop_name_low)
if 'gpd.ta.appid' == prop_name_low:
- print("compare name is srv id")
+ logging.critical("compare name is srv id")
uuid_val = uuid.UUID(prop_value_v)
- print('uuid str {}'.format(uuid_val))
- print('val fields {}'.format(uuid_val.fields))
+ logging.critical("uuid str %s", uuid_val)
+ logging.critical("val fields %s", uuid_val.fields)
elif 'gpd.ta.singleinstance' == prop_name_low:
prop_value_low = prop_value_v.lower()
@@ -226,7 +232,7 @@ def parser_manifest(manifest, manifest_data_path, mani_ext):
elif 'false' == prop_value_low:
manifest_val.single_instance = 0
else:
- print('single_instance value error!')
+ logging.error("single_instance value error!")
elif 'gpd.ta.multisession' == prop_name_low:
prop_value_low = prop_value_v.lower()
@@ -235,7 +241,7 @@ def parser_manifest(manifest, manifest_data_path, mani_ext):
elif 'false' == prop_value_low:
manifest_val.multi_session = 0
else:
- print('multi_session value error!')
+ logging.error("multi_session value error!")
elif 'gpd.ta.multicommand' == prop_name_low:
prop_value_low = prop_value_v.lower()
@@ -244,7 +250,7 @@ def parser_manifest(manifest, manifest_data_path, mani_ext):
elif 'false' == prop_value_low:
manifest_val.multi_command = 0
else:
- print('multi_command value error!')
+ logging.error("multi_command value error!")
elif 'gpd.ta.instancekeepalive' == prop_name_low:
prop_value_low = prop_value_v.lower()
@@ -253,26 +259,27 @@ def parser_manifest(manifest, manifest_data_path, mani_ext):
elif 'false' == prop_value_low:
manifest_val.instancekeepalive = 0
else:
- print('instancekeepalive value error!')
+ logging.error("instancekeepalive value error!")
elif 'gpd.ta.datasize' == prop_name_low:
manifest_val.heap_size = int(prop_value_v)
- print('b')
+ logging.critical('b')
elif 'gpd.ta.stacksize' == prop_name_low:
manifest_val.stack_size = int(prop_value_v)
- print('b')
+ logging.critical('b')
elif 'gpd.ta.service_name' == prop_name_low:
service_name = prop_value_v
- print('b')
+ logging.critical('b')
elif 'gpd.ta.dynconf' == prop_name_low:
mani_ext_fp.close()
- raise Exception("gpd.ta.dynConf is reserved, cannot set")
+ logging.error("gpd.ta.dynConf is reserved, cannot set")
+ return (False, 0, 0)
else:
- print('b')
+ logging.critical('b')
#write have not paresed manifest into sample.manifest file
mani_ext_fp.write(str.encode(prop_name_t))
mani_ext_fp.write(str.encode(prop_value))
@@ -285,16 +292,16 @@ def parser_manifest(manifest, manifest_data_path, mani_ext):
if dyn_conf_target_type > 0xFFFF or \
dyn_conf_target_type < 0:
mani_ext_fp.close()
- raise RuntimeError("target_type " + \
- str(dyn_conf_target_type) + \
- " must in range [0, 0xFFFF]")
+ logging.error("gpd.ta.target_type must \
+ in range [0, 0xFFFF]")
+ return (False, 0, 0)
mani_ext_fp.close()
#write the whole parsed manifest into sample.manifest file
service_name_len = len(service_name)
- print('service name: {}'.format(service_name))
- print('service name len: {}'.format(service_name_len))
+ logging.critical("service name: %s", service_name)
+ logging.critical("service name len: %s", service_name_len)
max_service_len = 64
@@ -303,46 +310,53 @@ def parser_manifest(manifest, manifest_data_path, mani_ext):
max_service_len = 32
target_type = PRODUCT_DRIVER_IMAGE
if not re.match(r"^[A-Za-z0-9_]*$", service_name):
- raise RuntimeError("drv's name only can use \
- [A-Z] [a-z] [0-9] and '_'")
+ logging.error("drv's name only can use [A-Z] [a-z] [0-9] and '_'")
+ return (False, 0, 0)
if dyn_conf_target_type == 3:
max_service_len = 32
target_type = PRODUCT_SERVICE_IMAGE
if not re.match(r"^[A-Za-z0-9_]*$", service_name):
- raise RuntimeError("drv's name only can use \
- [A-Z] [a-z] [0-9] and '_'")
+ logging.error("drv's name only can use \
+ [A-Z] [a-z] [0-9] and '_'")
+ return (False, 0, 0)
if dyn_conf_target_type == 4:
max_service_len = 32
target_type = PRODUCT_CLIENT_IMAGE
if not re.match(r"^[A-Za-z0-9_]*$", service_name):
- raise RuntimeError("drv's name only can use \
- [A-Z] [a-z] [0-9] and '_'")
+ logging.error("drv's name only can use \
+ [A-Z] [a-z] [0-9] and '_'")
+ return (False, 0, 0)
if service_name_len > max_service_len:
- print("service name len cannot larger than " + str(max_service_len))
- raise RuntimeError
+ logging.error("service name len cannot larger than %s", str(max_service_len))
+ return (False, 0, 0)
# get manifest string file len
manifest_str_size = os.path.getsize(mani_ext)
- print('manifest str size {}'.format(manifest_str_size))
-
+ logging.critical('manifest str size %s', manifest_str_size)
# 2> manifest + service_name
- print("bytes len {}".format(len(uuid_val.bytes_le)))
- print("bytes len {}".format(len(manifest_val.get_pack_data())))
- print("bytes len {}".format(len(service_name)))
+ if big_endian:
+ logging.critical("bytes len %s", len(uuid_val.bytes))
+ else:
+ logging.critical("bytes len %s", len(uuid_val.bytes_le))
+ logging.critical("bytes len %s", len(manifest_val.get_pack_data()))
+ logging.critical("bytes len %s", len(service_name))
# 3> unparsed manifest, string manifest
with open(mani_ext, 'rb') as string_mani_fp:
- print("read manifest string size {}".format(manifest_str_size))
+ logging.critical("read manifest string size %s", manifest_str_size)
manifest_string_buf = string_mani_fp.read(manifest_str_size)
- print("manifest strint: {}".format(manifest_string_buf))
+ logging.critical("manifest strint: %s", manifest_string_buf)
#---- write manifest parse context to manifest file
fd_out = os.open(manifest_data_path, os.O_WRONLY | os.O_CREAT, \
stat.S_IWUSR | stat.S_IRUSR)
out_manifest_fp = os.fdopen(fd_out, "wb")
- out_manifest_fp.write(uuid_val.bytes_le)
+ if big_endian:
+ out_manifest_fp.write(uuid_val.bytes)
+ else:
+ out_manifest_fp.write(uuid_val.bytes_le)
out_manifest_fp.write(str.encode(service_name))
out_manifest_fp.write(manifest_val.get_pack_data())
out_manifest_fp.close()
@@ -350,37 +364,47 @@ def parser_manifest(manifest, manifest_data_path, mani_ext):
uuid_str = str(uuid_val)
product_name = str(uuid_val)
if target_type == PRODUCT_TA_IMAGE:
- print("product type is ta image")
+ logging.critical("product type is ta image")
product_name = "".join([uuid_str, ".sec"])
elif target_type == PRODUCT_DRIVER_IMAGE:
- print("product type is driver")
+ logging.critical("product type is driver")
product_name = "".join([service_name, ".sec"])
elif target_type == PRODUCT_SERVICE_IMAGE:
- print("product type is service")
+ logging.critical("product type is service")
product_name = "".join([service_name, ".sec"])
elif target_type == PRODUCT_CLIENT_IMAGE:
- print("product type is client")
+ logging.critical("product type is client")
product_name = "".join([service_name, ".so.sec"])
elif target_type == PRODUCT_DYN_LIB:
- print("product type is dyn lib")
+ logging.critical("product type is dyn lib")
product_name = "".join([uuid_str, service_name, ".so.sec"])
else:
- print("invalid product type!")
- raise RuntimeError
+ logging.error("invalid product type!")
+ return (False, 0, 0)
return (True, product_name, uuid_str)
+class ManifestInfo:
+ ''' get manifest info '''
+ def __init__(self, ret, product_name, uuid_str, manifest_txt_exist):
+ self.ret = ret
+ self.product_name = product_name
+ self.uuid_str = uuid_str
+ self.manifest_txt_exist = manifest_txt_exist
+
+
def process_manifest_file(xml_config_path, manifest_path, \
- manifest_data_path, mani_ext):
+ manifest_data_path, mani_ext, big_endian=False):
manifest_txt_exist = True
if not os.path.exists(manifest_path):
- print("xml trans manifest cfg")
+ logging.critical("xml trans manifest cfg")
manifest_txt_exist = False
from xml_trans_manifest import trans_xml_to_manifest
trans_xml_to_manifest(xml_config_path, manifest_path)
ret, product_name, uuid_str = parser_manifest(manifest_path, \
- manifest_data_path, mani_ext)
- return (ret, product_name, uuid_str, manifest_txt_exist)
+ manifest_data_path, mani_ext, big_endian)
+ manifest_info = ManifestInfo(ret, product_name, uuid_str, manifest_txt_exist)
+ return manifest_info
diff --git a/build/signtools/manifest_tag_parse_dict.csv b/build/signtools/manifest_tag_parse_dict.csv
new file mode 100644
index 0000000000000000000000000000000000000000..e56a82dca59df91316ba326d739e4a88c0bc4664
--- /dev/null
+++ b/build/signtools/manifest_tag_parse_dict.csv
@@ -0,0 +1,24 @@
+ConfigInfo/,0,TYPE_CLASS,
+ConfigInfo/TA_Basic_Info/,1,TYPE_CLASS,
+ConfigInfo/TA_Basic_Info/service_name,2,TYPE_CHAR,gpd.ta.service_name
+ConfigInfo/TA_Basic_Info/uuid,4,TYPE_CHAR,gpd.ta.appID
+ConfigInfo/TA_Manifest_Info/,6,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/instance_keep_alive,7,TYPE_CHAR,gpd.ta.instanceKeepAlive
+ConfigInfo/TA_Manifest_Info/stack_size,9,TYPE_CHAR,gpd.ta.stackSize
+ConfigInfo/TA_Manifest_Info/heap_size,11,TYPE_CHAR,gpd.ta.dataSize
+ConfigInfo/TA_Manifest_Info/target_type,13,TYPE_CHAR,gpd.ta.target_type
+ConfigInfo/TA_Manifest_Info/multi_command,15,TYPE_CHAR,gpd.ta.multicommand
+ConfigInfo/TA_Manifest_Info/multi_session,17,TYPE_CHAR,gpd.ta.multiSession
+ConfigInfo/TA_Manifest_Info/single_instance,19,TYPE_CHAR,gpd.ta.singleInstance
+ConfigInfo/TA_Manifest_Info/sdk_version,21,TYPE_CHAR,gpd.sdk.version
+ConfigInfo/TA_Manifest_Info/is_tee_service,23,TYPE_CHAR,gpd.ta.is_tee_service
+ConfigInfo/TA_Manifest_Info/is_lib,25,TYPE_CHAR,gpd.ta.is_lib
+ConfigInfo/TA_Manifest_Info/objectEnumEnable,27,TYPE_CHAR,gpd.ta.objectEnumEnable
+ConfigInfo/TA_Manifest_Info/distribution,29,TYPE_CHAR,gpd.ta.distribution
+ConfigInfo/TA_Manifest_Info/target_version,31,TYPE_CHAR,gpd.elf.target_version
+ConfigInfo/TA_Manifest_Info/mem_page_align,33,TYPE_CHAR,gpd.ta.mem_page_align
+ConfigInfo/TA_Manifest_Info/hardWareType,35,TYPE_CHAR,gpd.ta.hardWareType
+ConfigInfo/TA_Manifest_Info/is_need_release_ta_res,37,TYPE_CHAR,gpd.srv.is_need_release_ta_res
+ConfigInfo/TA_Manifest_Info/srv_crash_callback,39,TYPE_CHAR,gpd.srv.crash_callback
+ConfigInfo/TA_Manifest_Info/srv_is_need_create_msg,41,TYPE_CHAR,gpd.srv.is_need_create_msg
+ConfigInfo/TA_Manifest_Info/srv_is_need_release_msg,43,TYPE_CHAR,gpd.srv.is_need_release_msg
diff --git a/build/signtools/signtool_v3.py b/build/signtools/signtool_v3.py
index 357dce0cb4d958612b84381c84d0a59cdaf9af69..b588707a97d327afd84134b6c9e02194ed4432c9 100755
--- a/build/signtools/signtool_v3.py
+++ b/build/signtools/signtool_v3.py
@@ -1,8 +1,8 @@
#!/usr/bin/env python
-# coding:utf-8
+# coding=utf-8
#----------------------------------------------------------------------------
# Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
-# iTrustee licensed under the Mulan PSL v2.
+# Licensed under the Mulan PSL v2.
# You can use this software according to the terms and conditions of the Mulan
# PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
@@ -22,21 +22,21 @@ import shutil
import argparse
import configparser
import re
+import logging
from manifest import process_manifest_file
from generate_signature import gen_ta_signature
-from Cryptodome.Hash import SHA256
-from Cryptodome.Cipher import PKCS1_OAEP
-from Cryptodome.PublicKey import RSA
-from Cryptodome.Cipher import AES
-from Cryptodome.Random import get_random_bytes
+from Crypto.Hash import SHA256
+from Crypto.Cipher import PKCS1_OAEP
+from Crypto.PublicKey import RSA
+from Crypto.Cipher import AES
+from Crypto.Random import get_random_bytes
-# fixed value, {1, 2} version are abandoned.
-VERSION = 3
-TA_VERSION = 3
-
+TYPE_PUBKEY = 0
+TYPE_CERT = 1
+TYPE_CERT_CHAIN = 2
MAGIC1 = 0xA5A55A5A
MAGIC2 = 0x55AA
@@ -65,6 +65,7 @@ ELF_INFO_VERSION_CURRENT = 1
ELF_BLOCK_ALIGN = 0x1000
SEC_HEADER_BYTES = 16
+SING_BIG_ENDIAN = False
def whitelist_check(intput_str):
@@ -85,7 +86,7 @@ def integer_check(intput_str):
def verify_elf_header(elf_path):
elf_type = 0
with open(elf_path, 'rb') as elf:
- elf_data = struct.unpack('B'*16, elf.read(16))
+ elf_data = struct.unpack('B' * 16, elf.read(16))
elf_type = elf_data[4]
if ((elf_data[ELF_INFO_MAGIC0_INDEX] != ELF_INFO_MAGIC0) or \
(elf_data[ELF_INFO_MAGIC1_INDEX] != ELF_INFO_MAGIC1) or \
@@ -93,7 +94,7 @@ def verify_elf_header(elf_path):
(elf_data[ELF_INFO_MAGIC3_INDEX] != ELF_INFO_MAGIC3) or \
(elf_data[ELF_INFO_VERSION_INDEX] != \
ELF_INFO_VERSION_CURRENT)):
- print("invalid elf header info")
+ logging.error("invalid elf header info")
raise RuntimeError
if ((elf_type == 1 and elf_data[ELF_INFO_CLASS_INDEX] != \
@@ -101,7 +102,7 @@ def verify_elf_header(elf_path):
(elf_type == 2 and elf_data[ELF_INFO_CLASS_INDEX] != \
ELF_INFO_CLASS_64) or \
(elf_type != 1 and elf_type != 2)):
- print("invliad elf format")
+ logging.error("invliad elf format")
raise RuntimeError
return
@@ -116,7 +117,10 @@ class AllCfg:
server_ip = ""
config_path = ""
sign_key = ""
+ sign_key_type = "0"
sign_alg = "RSA"
+ ta_cert_chain = ""
+ ta_version = 3
class PublicCfg:
@@ -136,6 +140,14 @@ class PublicCfg:
all_cfg.config_path = parser.get(cfg_section, "configPath")
all_cfg.sign_key = parser.get(cfg_section, "secSignKey")
+ if parser.has_option(cfg_section, "secTaVersion"):
+ all_cfg.ta_version = int(parser.get(cfg_section, "secTaVersion"))
+ else:
+ all_cfg.ta_version = 3
+ if parser.has_option(cfg_section, "secSignKeyType"):
+ all_cfg.sign_key_type = parser.get(cfg_section, "secSignKeyType")
+ if parser.has_option(cfg_section, "secTaCertChain"):
+ all_cfg.ta_cert_chain = parser.get(cfg_section, "secTaCertChain")
class PrivateCfg:
@@ -162,64 +174,69 @@ class PrivateCfg:
def check_cfg(cfg):
+ ret = 0
if cfg.release_type != "":
if integer_check(cfg.release_type):
- print("secReleaseType is invalid.")
- return 1
+ logging.error("secReleaseType is invalid.")
+ ret = 1
if cfg.otrp_flag != "":
if integer_check(cfg.otrp_flag):
- print("secOtrpFlag is invalid.")
- return 1
+ logging.error("secOtrpFlag is invalid.")
+ ret = 1
if cfg.sign_type != "":
if integer_check(cfg.sign_type):
- print("secSignType is invalid.")
- return 1
+ logging.error("secSignType is invalid.")
+ ret = 1
if cfg.server_ip != "":
if whitelist_check(cfg.server_ip):
- print("secSignServerIp is invalid.")
- return 1
+ logging.error("secSignServerIp is invalid.")
+ ret = 1
if cfg.config_path != "":
if whitelist_check(cfg.config_path):
- print("configPath is invalid.")
- return 1
+ logging.error("configPath is invalid.")
+ ret = 1
if cfg.sign_key != "":
if whitelist_check(cfg.sign_key):
- print("secSignKey is invalid.")
- return 1
+ logging.error("secSignKey is invalid.")
+ ret = 1
if cfg.public_key != "":
if whitelist_check(cfg.public_key):
- print("secEncryptKey is invalid.")
- return 1
+ logging.error("secEncryptKey is invalid.")
+ ret = 1
if cfg.pub_key_len != "":
if integer_check(cfg.pub_key_len):
- print("secEncryptKeyLen is invalid.")
- return 1
+ logging.error("secEncryptKeyLen is invalid.")
+ ret = 1
if cfg.re_sign_flag != "":
if integer_check(cfg.re_sign_flag):
- print("secReSignFlag is invalid.")
- return 1
+ logging.error("secReSignFlag is invalid.")
+ ret = 1
if cfg.hash_type != "":
if integer_check(cfg.hash_type):
- print("secHashType is invalid.")
- return 1
+ logging.error("secHashType is invalid.")
+ ret = 1
if cfg.sign_key_len != "":
if integer_check(cfg.sign_key_len):
- print("secSignKeyLen is invalid.")
- return 1
+ logging.error("secSignKeyLen is invalid.")
+ ret = 1
if cfg.padding_type != "":
if integer_check(cfg.padding_type):
- print("secPaddingType is invalid.")
- return 1
+ logging.error("secPaddingType is invalid.")
+ ret = 1
if cfg.sign_alg != "":
if whitelist_check(cfg.sign_alg):
- print("secSignAlg is invalid.")
- return 1
- return 0
+ logging.error("secSignAlg is invalid.")
+ ret = 1
+ return ret
-def gen_header(content_len, key_version):
- return struct.pack('IHHII', MAGIC1, MAGIC2, VERSION, content_len, \
- key_version)
+def gen_header(content_len, key_version, cfg):
+ ''' gen header by endian '''
+ if SING_BIG_ENDIAN:
+ head_tag = '>IHHII'
+ else:
+ head_tag = 'IHHII'
+ return struct.pack(head_tag, MAGIC1, MAGIC2, cfg.ta_version, content_len, key_version)
def get_sign_alg(cfg):
@@ -231,7 +248,7 @@ def get_sign_alg(cfg):
sign_alg = sign_alg | (2 << 20)
elif cfg.sign_alg == "ECDSA":
sign_alg = sign_alg | (1 << 20)
- if cfg.sign_type == '4':
+ if cfg.sign_type == '4' or cfg.sign_type == '5' or cfg.sign_type == '6' :
sign_alg = sign_alg | 0x0000C000
else:
if cfg.sign_key_len == "2048":
@@ -246,9 +263,12 @@ def get_sign_alg(cfg):
def gen_aes_key_info(cfg):
iv_data = get_random_bytes(16)
key_data = get_random_bytes(32)
-
+ if SING_BIG_ENDIAN:
+ aes_tag = '>3I'
+ else:
+ aes_tag = '<3I'
sign_alg = get_sign_alg(cfg)
- key_info = struct.pack('<3I', 32, 16, sign_alg)
+ key_info = struct.pack(aes_tag, 32, 16, sign_alg)
key_info += key_data
key_info += iv_data
return key_data, iv_data, key_info
@@ -256,14 +276,17 @@ def gen_aes_key_info(cfg):
def gen_sign_alg_info(cfg, out_file_path):
sign_alg = get_sign_alg(cfg)
- print("sign_alg value is 0x%x" % sign_alg)
-
+ logging.critical("sign_alg value is 0x%x", sign_alg)
+ if SING_BIG_ENDIAN:
+ info_tag = '>I'
+ else:
+ info_tag = 'I'
fd_out = os.open(out_file_path, os.O_WRONLY | os.O_CREAT, \
stat.S_IWUSR | stat.S_IRUSR)
out_file = os.fdopen(fd_out, "wb")
- out_file.write(struct.pack('I', 0))
- out_file.write(struct.pack('I', 0))
- out_file.write(struct.pack('I', sign_alg))
+ out_file.write(struct.pack(info_tag, 0))
+ out_file.write(struct.pack(info_tag, 0))
+ out_file.write(struct.pack(info_tag, sign_alg))
out_file.close()
return
@@ -287,13 +310,13 @@ def encrypt_aes_key(pubkey_path, in_data, out_path):
def gen_signature(cfg, uuid_str, raw_data, raw_data_path, hash_file_path, \
out_file_path, out_path, key_info_data):
gen_ta_signature(cfg, uuid_str, raw_data, raw_data_path, \
- hash_file_path, out_file_path, out_path, key_info_data)
+ hash_file_path, out_file_path, out_path, key_info_data, SING_BIG_ENDIAN)
os.chmod(out_file_path, stat.S_IWUSR | stat.S_IRUSR)
return
def gen_raw_data(manifest_data_path, manifest_ext_path, elf_file_path, \
- config_path, raw_file_path):
+ config_path, raw_file_path, ta_version):
manifest_size = os.path.getsize(manifest_data_path)
manifest_ext_size = os.path.getsize(manifest_ext_path)
elf_size = os.path.getsize(elf_file_path)
@@ -307,7 +330,11 @@ def gen_raw_data(manifest_data_path, manifest_ext_path, elf_file_path, \
header = ""
if os.path.isfile(config_path):
config_size = os.path.getsize(config_path)
- header = struct.pack('IIIII', TA_VERSION, manifest_size, \
+ if SING_BIG_ENDIAN:
+ raw_tag = '>IIIII'
+ else:
+ raw_tag = 'IIIII'
+ header = struct.pack(raw_tag, ta_version, manifest_size, \
manifest_ext_size, \
elf_size, config_size)
file_op.write(header)
@@ -359,19 +386,19 @@ def parser_api_level(mk_compile_cfg, cmake_compile_cfg):
elif os.path.exists(cmake_compile_cfg):
compile_cfg_file = cmake_compile_cfg
else:
- print("Build config file doesn't exist, ignore it")
+ logging.error("Build config file doesn't exist, ignore it")
return default_api_level
with open(compile_cfg_file) as file_op:
for line in file_op:
- if line.startswith("#") or not "-DAPI_LEVEL" in line:
+ if line.startswith("#") or "-DAPI_LEVEL" not in line:
continue
key, value = line.strip().split("-DAPI_LEVEL=")
- print("key info {}".format(key))
- print(("ta_api_level = {}".format(value[0])))
+ logging.critical("key info %s", key)
+ logging.critical("ta_api_level = %s", value[0])
return value[0]
- print("Build Config file doesn't define API_LEVEL")
+ logging.error("Build Config file doesn't define API_LEVEL")
return default_api_level
@@ -379,7 +406,7 @@ def update_api_level(mk_compile_cfg, cmake_compile_cfg, manifest):
data = ''
with open(manifest, 'r') as file_op:
for line in file_op:
- if line.startswith("#") or not "gpd.ta.api_level" in line:
+ if line.startswith("#") or "gpd.ta.api_level" not in line:
data += line
api_level = parser_api_level(mk_compile_cfg, cmake_compile_cfg)
@@ -396,7 +423,7 @@ def update_otrp_flag(manifest):
data = ''
with open(manifest, 'r') as file_op:
for line in file_op:
- if line.startswith("#") or not "gpd.ta.otrp_flag" in line:
+ if line.startswith("#") or "gpd.ta.otrp_flag" not in line:
data += line
line = "\ngpd.ta.otrp_flag:{}\n".format('true')
data += line
@@ -419,14 +446,16 @@ def gen_data_for_sign(header, key_data, raw_file):
def gen_key_version(cfg):
- if cfg.pub_key_len == '3072':
+ if cfg.pub_key_len == '4096':
+ return int(0x0302)
+ elif cfg.pub_key_len == '3072':
return int(0x0202)
elif cfg.pub_key_len == '2048':
return int(0x0002)
elif cfg.pub_key_len == '':
return int(0x0000)
- print("unhandled pulic key len %s" % cfg.pub_key_len)
+ logging.error("unhandled pulic key len %s", cfg.pub_key_len)
raise RuntimeError
@@ -435,7 +464,7 @@ def pack_signature(signature_path, signature_size):
with open(signature_path, 'rb+') as signature_file:
signature_buf = signature_file.read(signature_size)
signature_file.seek(0)
- for index in range(0, add_size):
+ for _ in range(0, add_size):
signature_file.write(b'\x00')
signature_file.write(signature_buf)
@@ -443,7 +472,7 @@ def pack_signature(signature_path, signature_size):
def check_if_is_drv(manifest_path):
with open(manifest_path, 'r') as mani_fp:
for each_line in mani_fp:
- if each_line.startswith("#") or not len(each_line.strip()):
+ if each_line.startswith("#") or not each_line.strip():
continue
name = each_line.split(":")[0].strip()
if name == "gpd.ta.target_type" and \
@@ -452,6 +481,25 @@ def check_if_is_drv(manifest_path):
return 0
+def get_sign_cert_block_buffer(cfg, signature_path, signature_size):
+ ''' get sign and cert buffer '''
+ with open(signature_path, 'rb') as signature_file:
+ signature_buf = signature_file.read(signature_size)
+ ta_cert_len = 0
+ if cfg.sign_key_type == TYPE_PUBKEY:
+ sign_verify_buf = struct.pack('II', TYPE_PUBKEY, 0) + signature_buf
+ else:
+ ta_cert_path = cfg.ta_cert_chain
+ ta_cert_len = os.path.getsize(ta_cert_path)
+ with open(ta_cert_path, 'rb') as ta_cert_file:
+ ta_cert_buf = ta_cert_file.read(ta_cert_len)
+ if cfg.sign_key_type == TYPE_CERT:
+ sign_verify_buf = struct.pack('II', TYPE_CERT, ta_cert_len) + ta_cert_buf + signature_buf
+ else:
+ sign_verify_buf = struct.pack('II', TYPE_CERT_CHAIN, ta_cert_len) + ta_cert_buf + signature_buf
+ return sign_verify_buf
+
+
def gen_sec_image(in_path, out_path, cfg):
# temporary files
temp_path = os.path.join(out_path, "temp")
@@ -476,16 +524,24 @@ def gen_sec_image(in_path, out_path, cfg):
dyn_conf_xml_file_path = os.path.join(in_path, "dyn_perm.xml")
tag_parse_dict_file_path = os.path.join(os.getcwd(), "tag_parse_dict.csv")
xml_config_path = os.path.join(in_path, "configs.xml")
+ auth_xml_file_path = os.path.join(in_path, "auth_config.xml")
+
+ ta_cert_path = cfg.ta_cert_chain
+ if cfg.ta_version == 5:
+ if cfg.sign_key_type == TYPE_PUBKEY:
+ ta_cert_len = 0
+ else:
+ ta_cert_len = os.path.getsize(ta_cert_path)
is_encrypt_sec = True
if cfg.public_key == "" or cfg.pub_key_len == "":
is_encrypt_sec = False
# 1. parser_manifest
- ret, product_name, uuid_str, manifest_txt_exist = \
- process_manifest_file(xml_config_path, \
- manifest_path, manifest_data_path, manifest_ext_path)
- if ret is False:
+ manifest_info = process_manifest_file(xml_config_path, \
+ manifest_path, manifest_data_path, manifest_ext_path, SING_BIG_ENDIAN)
+ uuid_str = manifest_info.uuid_str
+ if manifest_info.ret is False:
raise RuntimeError
# 2. update_api_level
@@ -493,14 +549,16 @@ def gen_sec_image(in_path, out_path, cfg):
# 3. update_otrp_flag
if cfg.otrp_flag == "1":
- print("package otrp sec file\n")
+ logging.critical("package otrp sec file\n")
update_otrp_flag(manifest_ext_path)
# 4. parser_dyn_conf
if os.path.exists(dyn_conf_xml_file_path):
- from dyn_conf_parser import parser_dyn_conf
- parser_dyn_conf(dyn_conf_xml_file_path, manifest_ext_path, \
- tag_parse_dict_file_path, in_path)
+ # V3.1 ta/drv do not need manifest_ext
+ if not os.path.exists(cfg.config_path):
+ from dyn_conf_parser import parser_dyn_conf
+ parser_dyn_conf(dyn_conf_xml_file_path, manifest_ext_path, \
+ tag_parse_dict_file_path, in_path)
else:
if check_if_is_drv(manifest_path) == 1:
if not os.path.exists(cfg.config_path):
@@ -510,12 +568,21 @@ def gen_sec_image(in_path, out_path, cfg):
with os.fdopen(manifest_ext_path_fd, 'a+') as mani_ext_fp:
mani_ext_fp.write(ans)
+ # parser auth config xml: the auth info must be packed in the end of manifest_ext.
+ if os.path.exists(auth_xml_file_path):
+ from auth_conf_parser import parser_auth_xml
+ parser_auth_xml(auth_xml_file_path, manifest_ext_path, SING_BIG_ENDIAN)
+
# 5. gen_raw_data
gen_raw_data(manifest_data_path, manifest_ext_path, elf_file_path, \
- cfg.config_path, raw_file_path)
+ cfg.config_path, raw_file_path, cfg.ta_version)
if cfg.sign_type == '4':
+ sign_len = 9219
+ elif cfg.sign_type == '5':
sign_len = 0
+ elif cfg.sign_type == '6':
+ sign_len = 9227
else:
if int(cfg.sign_key_len) == 256:
sign_len = 72
@@ -531,24 +598,34 @@ def gen_sec_image(in_path, out_path, cfg):
aes_encrypt(key_data, iv_data, raw_file_path, enc_raw_path)
# generate Main Header
- content_len = os.path.getsize(enc_key_path) \
+ if cfg.ta_version == 5:
+ content_len = os.path.getsize(enc_key_path) \
+ + 4 + 4 + ta_cert_len + sign_len \
+ + os.path.getsize(enc_raw_path)
+ else:
+ content_len = os.path.getsize(enc_key_path) \
+ sign_len \
+ os.path.getsize(enc_raw_path)
else:
gen_sign_alg_info(cfg, key_info_path)
# generate Main Header
- content_len = os.path.getsize(key_info_path) \
+ if cfg.ta_version == 5:
+ content_len = os.path.getsize(key_info_path) \
+ + 4 + 4 + ta_cert_len + sign_len \
+ + os.path.getsize(raw_file_path)
+ else:
+ content_len = os.path.getsize(key_info_path) \
+ sign_len \
+ os.path.getsize(raw_file_path)
with open(key_info_path, 'rb') as key_info_fp:
key_info_data = key_info_fp.read(os.path.getsize(key_info_path))
key_version = gen_key_version(cfg)
- header = gen_header(int(content_len), key_version)
+ header = gen_header(int(content_len), key_version, cfg)
data_for_sign = gen_data_for_sign(header, key_info_data, raw_file_path)
uuid_str = uuid_str[0:36]
- print('uuid str {}'.format(uuid_str))
+ logging.critical("uuid str %s", uuid_str)
# 7. gen signature
gen_signature(cfg, uuid_str, data_for_sign, data_for_sign_path, \
@@ -576,9 +653,9 @@ def gen_sec_image(in_path, out_path, cfg):
content_len = os.path.getsize(key_data_path) \
+ sign_len \
+ os.path.getsize(raw_data_path)
- header = gen_header(int(content_len), key_version)
+ header = gen_header(int(content_len), key_version, cfg)
- sec_img_path = os.path.join(out_path, product_name)
+ sec_img_path = os.path.join(out_path, manifest_info.product_name)
fd_image = os.open(sec_img_path, os.O_WRONLY | os.O_CREAT, \
stat.S_IWUSR | stat.S_IRUSR)
sec_image = os.fdopen(fd_image, "wb")
@@ -594,9 +671,14 @@ def gen_sec_image(in_path, out_path, cfg):
with open(key_info_path, 'rb') as key_info_fp:
sec_image.write(key_info_fp.read(key_info_size))
# write to sec file [3.signature]
- signature_size = os.path.getsize(signature_path)
- with open(signature_path, 'rb') as signature_file:
- sec_image.write(signature_file.read(signature_size))
+ if cfg.ta_version == 5:
+ signature_size = os.path.getsize(signature_path)
+ sign_cert_buf = get_sign_cert_block_buffer(cfg, signature_path, signature_size)
+ sec_image.write(sign_cert_buf)
+ else:
+ signature_size = os.path.getsize(signature_path)
+ with open(signature_path, 'rb') as signature_file:
+ sec_image.write(signature_file.read(signature_size))
if is_encrypt_sec is True:
# write to sec file [4.encrypted raw data]
enc_raw_size = os.path.getsize(enc_raw_path)
@@ -609,12 +691,12 @@ def gen_sec_image(in_path, out_path, cfg):
sec_image.truncate(int(SEC_HEADER_BYTES) + int(content_len))
sec_image.close()
- print("=========================SUCCESS============================")
- print("generate sec(common format) load image success: ")
- print(sec_img_path)
- print("============================================================")
+ logging.critical("=========================SUCCESS============================")
+ logging.critical("generate sec(common format) load image success: ")
+ logging.critical(sec_img_path)
+ logging.critical("============================================================")
- if manifest_txt_exist is False and os.path.exists(manifest_path):
+ if manifest_info.manifest_txt_exist is False and os.path.exists(manifest_path):
os.remove(manifest_path)
#remove temp files
@@ -623,7 +705,8 @@ def gen_sec_image(in_path, out_path, cfg):
def main():
- sign_tool_dir = os.path.dirname(os.path.abspath(__file__))
+ global SING_BIG_ENDIAN
+ sign_tool_dir = os.path.dirname(os.path.realpath(__file__))
parser = argparse.ArgumentParser()
parser.add_argument("in_path", help="input path of data to be signed. \
(libcombine.so; manifest.txt; ...", type=str)
@@ -633,12 +716,14 @@ def main():
help="sign cfg for ta developer", type=str)
parser.add_argument("--privateCfg", \
help="sign cfg for product developer", type=str)
+ parser.add_argument("--sign_endian", \
+ help="sign endian (little/big default little)", type=str)
args = parser.parse_args()
cfg = AllCfg()
if args.privateCfg:
PrivateCfg(args.privateCfg, cfg)
else:
- print("please config private cfg file")
+ logging.error("please config private cfg file")
raise RuntimeError
if args.publicCfg:
@@ -646,22 +731,25 @@ def main():
else:
PublicCfg(args.privateCfg, cfg)
+ if args.sign_endian and args.sign_endian == "big":
+ SING_BIG_ENDIAN = True
+
if check_cfg(cfg):
- print("the configuration file field is incorrect.")
+ logging.error("the configuration file field is incorrect.")
exit()
- in_path = os.path.abspath(args.in_path)
- out_path = os.path.abspath(args.out_path)
+ in_path = os.path.realpath(args.in_path)
+ out_path = os.path.realpath(args.out_path)
if not os.path.exists(in_path):
- print("input_path does not exist.")
+ logging.error("input_path does not exist.")
exit()
if not os.path.exists(out_path):
- print("out_path does not exist.")
+ logging.error("out_path does not exist.")
exit()
if whitelist_check(in_path):
- print("input_path is incorrect.")
+ logging.error("input_path is incorrect.")
exit()
if whitelist_check(out_path):
- print("out_path is incorrect.")
+ logging.error("out_path is incorrect.")
exit()
os.chdir(sign_tool_dir)
diff --git a/build/signtools/tag_parse_dict.csv b/build/signtools/tag_parse_dict.csv
new file mode 100644
index 0000000000000000000000000000000000000000..22040eaaec0c145219dc31df44f332cec0f5f102
--- /dev/null
+++ b/build/signtools/tag_parse_dict.csv
@@ -0,0 +1,120 @@
+drv_perm/,0,TYPE_CLASS,
+drv_perm/drvcall_perm_apply/,1,TYPE_CLASS,
+drv_perm/drvcall_perm_apply/item/,2,TYPE_CLASS,
+drv_perm/drvcall_perm_apply/item/name,3,TYPE_CHAR,
+drv_perm/drvcall_perm_apply/item/permission,4,TYPE_CHAR,drv_perm/drvcall_perm_apply/item/name
+drv_perm/drv_basic_info/,5,TYPE_CLASS,
+drv_perm/drv_basic_info/thread_limit,6,TYPE_INT,
+drv_perm/drv_basic_info/upgrade,7,TYPE_BOOL,
+drv_perm/drv_basic_info/virt2phys,8,TYPE_BOOL,
+drv_perm/drv_basic_info/exception_mode,9,TYPE_CHAR,
+drv_perm/drv_io_map/,10,TYPE_CLASS,
+drv_perm/drv_io_map/item/,11,TYPE_CLASS,
+drv_perm/drv_io_map/item/chip_type,12,TYPE_CHAR,
+drv_perm/drv_io_map/item/iomap,13,TYPE_CHAR,
+drv_perm/irq/,14,TYPE_CLASS,
+drv_perm/irq/item/,15,TYPE_CLASS,
+drv_perm/irq/item/chip_type,16,TYPE_CHAR,
+drv_perm/irq/item/irq,17,TYPE_CHAR,
+drv_perm/map_secure/,18,TYPE_CLASS,
+drv_perm/map_secure/item/,19,TYPE_CLASS,
+drv_perm/map_secure/item/chip_type,20,TYPE_CHAR,
+drv_perm/map_secure/item/uuid,21,TYPE_CHAR,
+drv_perm/map_secure/item/region,22,TYPE_CHAR,
+drv_perm/map_nosecure/,23,TYPE_CLASS,
+drv_perm/map_nosecure/item/,24,TYPE_CLASS,
+drv_perm/map_nosecure/item/chip_type,25,TYPE_CHAR,
+drv_perm/map_nosecure/item/uuid,26,TYPE_CHAR,
+drv_perm/drv_cmd_perm_info/,27,TYPE_CLASS,
+drv_perm/drv_cmd_perm_info/item/,28,TYPE_CLASS,
+drv_perm/drv_cmd_perm_info/item/cmd,29,TYPE_CHAR,{gpd.ta.service_name}.csv
+drv_perm/drv_cmd_perm_info/item/permission,30,TYPE_CHAR,{gpd.ta.service_name}.csv
+drv_perm/drv_mac_info/,31,TYPE_CLASS,
+drv_perm/drv_mac_info/item/,32,TYPE_CLASS,
+drv_perm/drv_mac_info/item/uuid,33,TYPE_CHAR,
+drv_perm/drv_mac_info/item/permission,34,TYPE_CHAR,{gpd.ta.service_name}.csv
+ConfigInfo/drv_perm/,0,TYPE_CLASS,
+ConfigInfo/drv_perm/drvcall_perm_apply/,1,TYPE_CLASS,
+ConfigInfo/drv_perm/drvcall_perm_apply/item/,2,TYPE_CLASS,
+ConfigInfo/drv_perm/drvcall_perm_apply/item/name,3,TYPE_CHAR,
+ConfigInfo/drv_perm/drvcall_perm_apply/item/permission,4,TYPE_CHAR,ConfigInfo/drv_perm/drvcall_perm_apply/item/name
+ConfigInfo/drv_perm/drv_basic_info/,5,TYPE_CLASS,
+ConfigInfo/drv_perm/drv_basic_info/thread_limit,6,TYPE_INT,
+ConfigInfo/drv_perm/drv_basic_info/upgrade,7,TYPE_BOOL,
+ConfigInfo/drv_perm/drv_basic_info/virt2phys,8,TYPE_BOOL,
+ConfigInfo/drv_perm/drv_basic_info/exception_mode,9,TYPE_CHAR,
+ConfigInfo/drv_perm/drv_io_map/,10,TYPE_CLASS,
+ConfigInfo/drv_perm/drv_io_map/item/,11,TYPE_CLASS,
+ConfigInfo/drv_perm/drv_io_map/item/chip_type,12,TYPE_CHAR,
+ConfigInfo/drv_perm/drv_io_map/item/iomap,13,TYPE_CHAR,
+ConfigInfo/drv_perm/irq/,14,TYPE_CLASS,
+ConfigInfo/drv_perm/irq/item/,15,TYPE_CLASS,
+ConfigInfo/drv_perm/irq/item/chip_type,16,TYPE_CHAR,
+ConfigInfo/drv_perm/irq/item/irq,17,TYPE_CHAR,
+ConfigInfo/drv_perm/map_secure/,18,TYPE_CLASS,
+ConfigInfo/drv_perm/map_secure/item/,19,TYPE_CLASS,
+ConfigInfo/drv_perm/map_secure/item/chip_type,20,TYPE_CHAR,
+ConfigInfo/drv_perm/map_secure/item/uuid,21,TYPE_CHAR,
+ConfigInfo/drv_perm/map_secure/item/region,22,TYPE_CHAR,
+ConfigInfo/drv_perm/map_nosecure/,23,TYPE_CLASS,
+ConfigInfo/drv_perm/map_nosecure/item/,24,TYPE_CLASS,
+ConfigInfo/drv_perm/map_nosecure/item/chip_type,25,TYPE_CHAR,
+ConfigInfo/drv_perm/map_nosecure/item/uuid,26,TYPE_CHAR,
+ConfigInfo/drv_perm/drv_cmd_perm_info/,27,TYPE_CLASS,
+ConfigInfo/drv_perm/drv_cmd_perm_info/item/,28,TYPE_CLASS,
+ConfigInfo/drv_perm/drv_cmd_perm_info/item/cmd,29,TYPE_CHAR,{gpd.ta.service_name}.csv
+ConfigInfo/drv_perm/drv_cmd_perm_info/item/permission,30,TYPE_CHAR,{gpd.ta.service_name}.csv
+ConfigInfo/drv_perm/drv_mac_info/,31,TYPE_CLASS,
+ConfigInfo/drv_perm/drv_mac_info/item/,32,TYPE_CLASS,
+ConfigInfo/drv_perm/drv_mac_info/item/uuid,33,TYPE_CHAR,
+ConfigInfo/drv_perm/drv_mac_info/item/permission,34,TYPE_CHAR,{gpd.ta.service_name}.csv
+ConfigInfo/,0,TYPE_CLASS,
+ConfigInfo/TA_Basic_Info/,1,TYPE_CLASS,
+ConfigInfo/TA_Basic_Info/service_name/,2,TYPE_CLASS,
+ConfigInfo/TA_Basic_Info/service_name/service_name,3,TYPE_CHAR,
+ConfigInfo/TA_Basic_Info/uuid/,4,TYPE_CLASS,
+ConfigInfo/TA_Basic_Info/uuid/uuid,5,TYPE_CHAR,
+ConfigInfo/TA_Manifest_Info/,6,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/instance_keep_alive/,7,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/instance_keep_alive/instance_keep_alive,8,TYPE_BOOL,
+ConfigInfo/TA_Manifest_Info/stack_size/,9,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/stack_size/stack_size,10,TYPE_INT,
+ConfigInfo/TA_Manifest_Info/heap_size/,11,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/heap_size/heap_size,12,TYPE_INT,
+ConfigInfo/TA_Manifest_Info/target_type/,13,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/target_type/target_type,14,TYPE_INT,
+ConfigInfo/TA_Manifest_Info/multi_command/,15,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/multi_command/multi_command,16,TYPE_BOOL,
+ConfigInfo/TA_Manifest_Info/multi_session/,17,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/multi_session/multi_session,18,TYPE_BOOL,
+ConfigInfo/TA_Manifest_Info/single_instance/,19,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/single_instance/single_instance,20,TYPE_BOOL,
+ConfigInfo/TA_Control_Info/,21,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/RPMB_Info/,22,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/,23,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/RPMB_size,24,TYPE_INT,
+ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/,25,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/RPMB_general/,26,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/RPMB_general/RPMB_general,27,TYPE_BOOL,
+ConfigInfo/TA_Control_Info/SE_Info/,28,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/SE_Info/SE_open_session/,29,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/SE_Info/SE_open_session/SE_open_session,30,TYPE_BOOL,
+ConfigInfo/TA_Control_Info/TUI_Info/,31,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/TUI_Info/TUI_general/,32,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/TUI_Info/TUI_general/TUI_general,33,TYPE_BOOL,
+ConfigInfo/TA_Control_Info/DEBUG_Info/,34,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/DEBUG_Info/debug_status/,35,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/DEBUG_Info/debug_status/debug_status,36,TYPE_BOOL,
+ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_status/,35,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_status/DEBUG_status,36,TYPE_BOOL,
+ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/,37,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/DEBUG_device_id,38,TYPE_CHAR,
+ConfigInfo/TA_Manifest_Info/mem_page_align/,39,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/mem_page_align/mem_page_align,40,TYPE_BOOL,
+ConfigInfo/TA_Manifest_Info/sys_verify_ta/,41,TYPE_CLASS,
+ConfigInfo/TA_Manifest_Info/sys_verify_ta/sys_verify_ta,42,TYPE_BOOL,
+ConfigInfo/TA_Control_Info/TA_Manager/,43,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/TA_Manager/TA_Manager,44,TYPE_CHAR,
+ConfigInfo/TA_Control_Info/CERT_Info/,45,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/CERT_Info/CERT_Permission/,46,TYPE_CLASS,
+ConfigInfo/TA_Control_Info/CERT_Info/CERT_Permission/CERT_Permission,47,TYPE_BOOL,
diff --git a/build/signtools/xml_trans_manifest.py b/build/signtools/xml_trans_manifest.py
new file mode 100644
index 0000000000000000000000000000000000000000..f9eb36a910b8ca092c24399c4e16f714a4ac64cc
--- /dev/null
+++ b/build/signtools/xml_trans_manifest.py
@@ -0,0 +1,109 @@
+#!/usr/bin/env python
+# coding=utf-8
+#----------------------------------------------------------------------------
+# Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved.
+# Licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan
+# PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+# http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
+# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+# Description: tools for xml trans
+#----------------------------------------------------------------------------
+
+import os
+import logging
+from defusedxml import ElementTree as ET
+
+
+type_trans = {"TYPE_NONE": "-1",
+ "TYPE_CLASS": "0",
+ "TYPE_BOOL": "1",
+ "TYPE_INT": "2",
+ "TYPE_CHAR": "3"}
+
+type_dict = {}
+manifest_dict = {}
+
+
+def get_csv_size(path):
+
+ with open(path, "r", encoding="utf-8") as csvfile:
+ lines = csvfile.readlines()
+ return len(lines)
+ return 0
+
+
+def get_csv_data(path, lnum, rnum):
+ with open(path, "r", encoding="utf-8") as csvfile:
+ count = 0
+ lines = csvfile.readlines()
+ for line in lines:
+ if count == lnum:
+ return str(line.split(",")[rnum]).strip()
+ count = count + 1
+ return ""
+
+
+def classify_tag(tag):
+
+ while len(tag) < 3:
+ tag = "0%s" % (tag)
+
+ return tag
+
+
+# save tag type and manifest item dict
+def handle_manifest_tag_dict(path):
+ for index in range(0, get_csv_size(path)):
+ dyn_sym = get_csv_data(path, index, 0)
+ type_dict[dyn_sym] = type_trans.get(get_csv_data(path, index, 2))
+ manifest_dict[dyn_sym] = get_csv_data(path, index, 3)
+
+
+def process_xml_to_manifest(config_xml_file_path, manifest_path):
+ tree = ET.parse(config_xml_file_path)
+ root = tree.getroot()
+ #Layer 1 node name
+ old_item = root.tag
+ attrs = ""
+ write_data = False
+
+ #write items to manifest.txt
+ manifest_fd = os.open(manifest_path, os.O_CREAT | os.O_RDWR, 0o600)
+ manifest_fp = os.fdopen(manifest_fd, "wb")
+
+ #Traversing the second layer of the xml file
+ for child in root:
+ child_item = "{}/{}".format(old_item, child.tag)
+ #Traversing the third layer of the xml file
+ for children in child:
+ children_item = "{}/{}".format(child_item, children.tag)
+ dyn_type = type_dict.get(children_item + attrs)
+ manifest_item_name = manifest_dict.get(children_item + attrs)
+ if dyn_type == type_trans.get("TYPE_CHAR"):
+ value = "{}: {}\n".format(manifest_item_name, children.text)
+ manifest_fp.write(value.encode())
+ write_data = True
+
+ #close manifest.txt file
+ manifest_fp.close()
+ if write_data is False:
+ os.remove(manifest_path)
+
+
+def trans_xml_to_manifest(config_xml_file_path, manifest_path):
+ if not os.path.exists(config_xml_file_path):
+ logging.error("config xml file doesn't exist")
+ return
+ if not os.path.exists("./manifest_tag_parse_dict.csv"):
+ logging.error("config manifest_tag_parse_dict.csv file doesn't exist")
+ return
+ if os.path.exists(manifest_path):
+ return
+
+ handle_manifest_tag_dict("./manifest_tag_parse_dict.csv")
+ process_xml_to_manifest(config_xml_file_path, manifest_path)
diff --git a/build/tools/ta_link_64.gcc_xom.ld b/build/tools/ta_link_64.gcc_xom.ld
new file mode 100644
index 0000000000000000000000000000000000000000..3023ed9b33e0082d9266d7ec77dce1156e1ac228
--- /dev/null
+++ b/build/tools/ta_link_64.gcc_xom.ld
@@ -0,0 +1,226 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: Define the link rule of dyn service 64 bits for xom
+ */
+
+OUTPUT_FORMAT("elf64-littleaarch64", "elf64-bigaarch64",
+ "elf64-littleaarch64")
+OUTPUT_ARCH(aarch64)
+ENTRY(_start)
+PHDRS
+{
+ phdr PT_PHDR PHDRS FLAGS (4);
+ rodata PT_LOAD FILEHDR PHDRS FLAGS (4);
+ xtext PT_LOAD FLAGS (1);
+ data PT_LOAD FLAGS (6);
+ dynamic PT_DYNAMIC FLAGS (6);
+ stack PT_GNU_STACK FLAGS (6);
+ relro 0x6474e552 FLAGS (4);
+}
+SEARCH_DIR("=/home/tcwg-buildslave/workspace/tcwg-make-release/builder_arch/amd64/label/tcwg-x86_64-build/target/aarch64-linux-gnu/_build/builds/destdir/x86_64-unknown-linux-gnu/aarch64-linux-gnu/lib64"); SEARCH_DIR("=/usr/local/lib64"); SEARCH_DIR("=/lib64"); SEARCH_DIR("=/usr/lib64"); SEARCH_DIR("=/home/tcwg-buildslave/workspace/tcwg-make-release/builder_arch/amd64/label/tcwg-x86_64-build/target/aarch64-linux-gnu/_build/builds/destdir/x86_64-unknown-linux-gnu/aarch64-linux-gnu/lib"); SEARCH_DIR("=/usr/local/lib"); SEARCH_DIR("=/lib"); SEARCH_DIR("=/usr/lib");
+SECTIONS
+{
+ /* Read-only sections, merged into text segment: */
+ . = SEGMENT_START("text-segment", 0) + SIZEOF_HEADERS;
+ /* This should be the first section after program headers */
+ .magic : { *(.magic) } : rodata
+ .note.gnu.build-id : { *(.note.gnu.build-id) }
+ .hash : { *(.hash) }
+ .gnu.hash : { *(.gnu.hash) }
+ .dynsym : { *(.dynsym) }
+ .dynstr : { *(.dynstr) }
+ .gnu.version : { *(.gnu.version) }
+ .gnu.version_d : { *(.gnu.version_d) }
+ .gnu.version_r : { *(.gnu.version_r) }
+ .rela.dyn :
+ {
+ *(.rela.init)
+ *(.rela.text .rela.text.* .rela.gnu.linkonce.t.*)
+ *(.rela.fini)
+ *(.rela.rodata .rela.rodata.* .rela.gnu.linkonce.r.*)
+ *(.rela.data .rela.data.* .rela.gnu.linkonce.d.*)
+ *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*)
+ *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*)
+ *(.rela.ctors)
+ *(.rela.dtors)
+ *(.rela.got)
+ *(.rela.bss .rela.bss.* .rela.gnu.linkonce.b.*)
+ *(.rela.ifunc)
+ }
+ .rela.plt :
+ {
+ *(.rela.plt)
+ *(.rela.iplt)
+ }
+ .rodata : { *(.rodata .rodata.* .gnu.linkonce.r.*) }
+ .rodata1 : { *(.rodata1) }
+ .eh_frame_hdr : { *(.eh_frame_hdr) *(.eh_frame_entry .eh_frame_entry.*) }
+ .eh_frame : ONLY_IF_RO { KEEP (*(.eh_frame)) *(.eh_frame.*) }
+ .gcc_except_table : ONLY_IF_RO { *(.gcc_except_table
+ .gcc_except_table.*) }
+ .gnu_extab : ONLY_IF_RO { *(.gnu_extab*) }
+ /* These sections are generated by the Sun/Oracle C++ compiler. */
+ .exception_ranges : ONLY_IF_RO { *(.exception_ranges
+ .exception_ranges*) }
+ /* Make sure the address of text segment is aligned in 4k for xom */
+ .init :
+ {
+ KEEP (*(SORT_NONE(.init)))
+ }:text
+ .fini :
+ {
+ KEEP (*(SORT_NONE(.fini)))
+ }
+ . = ALIGN(0x1000);
+ .plt : { *(.plt) } :xtext
+ .iplt : { *(.iplt) }
+ .xtext :
+ {
+ *(.text.unlikely .text.*_unlikely .text.unlikely.*)
+ *(.text.exit .text.exit.*)
+ *(.text.startup .text.startup.*)
+ *(.text.hot .text.hot.*)
+ *(.text .stub .text.* .gnu.linkonce.t.*)
+ /* .gnu.warning sections are handled specially by elf32.em. */
+ *(.gnu.warning)
+ }:xtext
+ PROVIDE (__etext = .);
+ PROVIDE (_etext = .);
+ PROVIDE (etext = .);
+ /* Adjust the address for the data segment. We want to adjust up to
+ the same address within the page on the next page up. */
+ . = DATA_SEGMENT_ALIGN (CONSTANT (MAXPAGESIZE), CONSTANT (COMMONPAGESIZE));
+ /* Exception handling */
+ /* Thread Local Storage sections */
+ .tdata : { *(.tdata .tdata.* .gnu.linkonce.td.*) }:data
+ .tbss : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) }
+ .preinit_array :
+ {
+ KEEP (*(.preinit_array))
+ }
+ .init_array :
+ {
+ PROVIDE_HIDDEN (__init_array_start = .);
+ KEEP (*(SORT_BY_INIT_PRIORITY(.init_array.*) SORT_BY_INIT_PRIORITY(.ctors.*)))
+ KEEP (*(.init_array EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .ctors))
+ PROVIDE_HIDDEN (__init_array_end = .);
+ }
+ .fini_array :
+ {
+ PROVIDE_HIDDEN (__fini_array_start = .);
+ KEEP (*(SORT_BY_INIT_PRIORITY(.fini_array.*) SORT_BY_INIT_PRIORITY(.dtors.*)))
+ KEEP (*(.fini_array EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .dtors))
+ PROVIDE_HIDDEN (__fini_array_end = .);
+ }
+ .ctors :
+ {
+ /* gcc uses crtbegin.o to find the start of
+ the constructors, so we make sure it is
+ first. Because this is a wildcard, it
+ doesn't matter if the user does not
+ actually link against crtbegin.o; the
+ linker won't look for a file to match a
+ wildcard. The wildcard also means that it
+ doesn't matter which directory crtbegin.o
+ is in. */
+ KEEP (*crtbegin.o(.ctors))
+ KEEP (*crtbegin?.o(.ctors))
+ /* We don't want to include the .ctor section from
+ the crtend.o file until after the sorted ctors.
+ The .ctor section from the crtend file contains the
+ end of ctors marker and it must be last */
+ KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .ctors))
+ KEEP (*(SORT(.ctors.*)))
+ KEEP (*(.ctors))
+ }
+ .dtors :
+ {
+ KEEP (*crtbegin.o(.dtors))
+ KEEP (*crtbegin?.o(.dtors))
+ KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .dtors))
+ KEEP (*(SORT(.dtors.*)))
+ KEEP (*(.dtors))
+ }
+ .jcr : { KEEP (*(.jcr)) }
+ .data.rel.ro : { *(.data.rel.ro.local* .gnu.linkonce.d.rel.ro.local.*) *(.data.rel.ro .data.rel.ro.* .gnu.linkonce.d.rel.ro.*) } : data : relro
+ .dynamic : { *(.dynamic) } : data : dynamic : relro
+ .got : { *(.got.plt) *(.igot.plt) *(.got) *(.igot) } : data : relro
+ . = DATA_SEGMENT_RELRO_END (0, .);
+ .data :
+ {
+ PROVIDE (__data_start = .);
+ *(.data .data.* .gnu.linkonce.d.*)
+ SORT(CONSTRUCTORS)
+ }:data
+ .data1 : { *(.data1) }
+ _edata = .; PROVIDE (edata = .);
+ . = .;
+ __bss_start = .;
+ __bss_start__ = .;
+ TA_BSS_START = .;
+ .bss :
+ {
+ *(.dynbss)
+ *(.bss .bss.* .gnu.linkonce.b.*)
+ *(COMMON)
+ . = ALIGN(. != 0 ? 64 / 8 : 1);
+ }
+ TA_BSS_END = .;
+ _bss_end__ = . ; __bss_end__ = . ;
+ . = ALIGN(64 / 8);
+ . = SEGMENT_START("ldata-segment", .);
+ . = ALIGN(64 / 8);
+ __end__ = . ;
+ _end = .; PROVIDE (end = .);
+ . = DATA_SEGMENT_END (.);
+ /* Stabs debugging sections. */
+ .stab 0 : { *(.stab) }
+ .stabstr 0 : { *(.stabstr) }
+ .stab.excl 0 : { *(.stab.excl) }
+ .stab.exclstr 0 : { *(.stab.exclstr) }
+ .stab.index 0 : { *(.stab.index) }
+ .stab.indexstr 0 : { *(.stab.indexstr) }
+ .comment 0 : { *(.comment) }
+ /* DWARF debug sections.
+ Symbols in the DWARF debugging sections are relative to the beginning
+ of the section so we begin them at 0. */
+ /* DWARF 1 */
+ .debug 0 : { *(.debug) }
+ .line 0 : { *(.line) }
+ /* GNU DWARF 1 extensions */
+ .debug_srcinfo 0 : { *(.debug_srcinfo) }
+ .debug_sfnames 0 : { *(.debug_sfnames) }
+ /* DWARF 1.1 and DWARF 2 */
+ .debug_aranges 0 : { *(.debug_aranges) }
+ .debug_pubnames 0 : { *(.debug_pubnames) }
+ /* DWARF 2 */
+ .debug_info 0 : { *(.debug_info .gnu.linkonce.wi.*) }
+ .debug_abbrev 0 : { *(.debug_abbrev) }
+ .debug_line 0 : { *(.debug_line .debug_line.* .debug_line_end ) }
+ .debug_frame 0 : { *(.debug_frame) }
+ .debug_str 0 : { *(.debug_str) }
+ .debug_loc 0 : { *(.debug_loc) }
+ .debug_macinfo 0 : { *(.debug_macinfo) }
+ /* SGI/MIPS DWARF 2 extensions */
+ .debug_weaknames 0 : { *(.debug_weaknames) }
+ .debug_funcnames 0 : { *(.debug_funcnames) }
+ .debug_typenames 0 : { *(.debug_typenames) }
+ .debug_varnames 0 : { *(.debug_varnames) }
+ /* DWARF 3 */
+ .debug_pubtypes 0 : { *(.debug_pubtypes) }
+ .debug_ranges 0 : { *(.debug_ranges) }
+ /* DWARF Extension. */
+ .debug_macro 0 : { *(.debug_macro) }
+ .debug_addr 0 : { *(.debug_addr) }
+ .ARM.attributes 0 : { KEEP (*(.ARM.attributes)) KEEP (*(.gnu.attributes)) }
+ .note.gnu.arm.ident 0 : { KEEP (*(.note.gnu.arm.ident)) }
+ /DISCARD/ : { *(.note.GNU-stack) *(.gnu_debuglink) *(.gnu.lto_*) }
+}
diff --git a/include/CA/tee_client_api.h b/include/CA/tee_client_api.h
index 637c11065135fdf036d4a17bbb83cf7d65722ab6..f9ce68e3ce356553e4f831823c6d2250d286ef1c 100644
--- a/include/CA/tee_client_api.h
+++ b/include/CA/tee_client_api.h
@@ -1,6 +1,6 @@
/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2013-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
diff --git a/include/CA/tee_client_constants.h b/include/CA/tee_client_constants.h
index ba5b9d26840069ee9cf6864ab61f9f0fa7cf056f..896222d84a5d0e04f5d05e0775f08fd32e1cb191 100644
--- a/include/CA/tee_client_constants.h
+++ b/include/CA/tee_client_constants.h
@@ -1,6 +1,6 @@
/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2013-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -59,7 +59,8 @@ enum TEEC_ReturnCode {
TEEC_ERROR_STORAGE_NO_SPACE = 0xFFFF3041, /* used by adapt only */
TEEC_ERROR_SIGNATURE_INVALID = 0xFFFF3072, /* used by adapt only */
TEEC_ERROR_TIME_NOT_SET = 0xFFFF5000, /* used by adapt only */
- TEEC_ERROR_TIME_NEEDS_RESET = 0xFFFF5001 /* used by adapt only */
+ TEEC_ERROR_TIME_NEEDS_RESET = 0xFFFF5001, /* used by adapt only */
+ TEEC_ERROR_IPC_OVERFLOW = 0xFFFF9114 /* ipc overflow */
};
enum TEEC_ReturnCodeOrigin {
diff --git a/include/CA/tee_client_list.h b/include/CA/tee_client_list.h
index b606984aa3faad8da267852ee0f7d38370bdc6b7..9f3bb1e4293e5f469e64578175a6cb96306ccf67 100644
--- a/include/CA/tee_client_list.h
+++ b/include/CA/tee_client_list.h
@@ -1,6 +1,6 @@
/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2013-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -20,7 +20,7 @@ struct ListNode {
};
#define OFFSET_OF(type, member) (unsigned long)(&(((type *)0)->member))
-#define CONTAINER_OF(pos, type, member) (type *)(((char *)(pos)) - OFFSET_OF(type, member))
+#define CONTAINER_OF(pos, type, member) (type *)(uintptr_t)(((char *)(pos)) - OFFSET_OF(type, member))
#define LIST_DECLARE(name) \
struct ListNode name = { \
@@ -81,7 +81,7 @@ static inline struct ListNode *ListRemoveTail(struct ListNode *list)
}
#define LIST_ENTRY(ptr, type, member) \
- ((type *)((char *)(ptr)-(unsigned long)(&((type *)0)->(member))))
+ ((type *)(((char *)(ptr)) - (unsigned long)(&(((type *)0)->member))))
#define LIST_FOR_EACH(pos, list) \
for ((pos) = (list)->next; (pos) != (list); (pos) = (pos)->next)
@@ -89,17 +89,13 @@ static inline struct ListNode *ListRemoveTail(struct ListNode *list)
#define LIST_FOR_EACH_SAFE(pos, n, list) \
for ((pos) = (list)->next, (n) = (pos)->next; (pos) != (list); (pos) = (n), (n) = (pos)->next)
-#define LIST_FOR_EACH_ENTRY(pos, list, member) \
- do { \
- for ((pos) = LIST_ENTRY((list)->next, typeof(*(pos)), (member)); &(pos)->(member) != (list); \
- (pos) = LIST_ENTRY((pos)->(member).next, typeof(*(pos)), (member))) \
- } while (0)
-
-#define LIST_FOR_EACH_ENTRY_SAFE(pos, n, list, member) \
- do { \
- for ((pos) = LIST_ENTRY((list)->next, typeof(*(pos)), (member)), \
- (n) = LIST_ENTRY((pos)->(member).next, typeof(*(pos)), (member)); \
- &(pos)->(member) != (list); (pos) = (n), (n) = LIST_ENTRY((n)->(member).next, typeof(*(n)), (member))) \
- } while (0)
+#define LIST_FOR_EACH_ENTRY(pos, list, member) \
+ for ((pos) = LIST_ENTRY((list)->next, typeof(*(pos)), member); &(pos)->member != (list); \
+ (pos) = LIST_ENTRY((pos)->member.next, typeof(*(pos)), member))
+
+#define LIST_FOR_EACH_ENTRY_SAFE(pos, n, list, member) \
+ for ((pos) = LIST_ENTRY((list)->next, typeof(*(pos)), member), \
+ (n) = LIST_ENTRY((pos)->member.next, typeof(*(pos)), member); \
+ &(pos)->member != (list); (pos) = (n), (n) = LIST_ENTRY((n)->member.next, typeof(*(n)), member))
#endif
diff --git a/include/CA/tee_client_log.h b/include/CA/tee_client_log.h
index 69abcb625b45c544b3ef47f7fd590e016d1e191a..1024015b33534cfeed085cd8ca47f04f83665f1e 100644
--- a/include/CA/tee_client_log.h
+++ b/include/CA/tee_client_log.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
diff --git a/include/CA/tee_client_type.h b/include/CA/tee_client_type.h
index 356663371c6446e2460bf5e90c5d9b86235b23bd..ed7048265b09d2efb594d84a42258c920ce2faf4 100644
--- a/include/CA/tee_client_type.h
+++ b/include/CA/tee_client_type.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
diff --git a/include/TA/huawei_ext/crypto_cert_wrapper.h b/include/TA/huawei_ext/crypto_cert_wrapper.h
new file mode 100644
index 0000000000000000000000000000000000000000..85e5a150aa65adff6e9a7cf391d6fd16919670e7
--- /dev/null
+++ b/include/TA/huawei_ext/crypto_cert_wrapper.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: soft aes engine
+ */
+#ifndef __CRYPTO_CERT_WRAPPER_H__
+#define __CRYPTO_CERT_WRAPPER_H__
+
+#include
+#include
+#include "crypto_x509_wrapper.h"
+
+/*
+ * Create attestation certificate with input params.
+ *
+ * @param cert [OUT] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ * @param valid [IN] The valid date buffer
+ * @param issuer_tlv [IN] The issuer buffer
+ * @param issuer_tlv_len [IN] The length of issuer buffer
+ * @param subject_public_key [IN] The subject public key buffer
+ * @param subject_public_key_len [IN] The length of subject public key buffer
+ * @param attestation_ext [IN] The attestation extrol info buffer
+ * @param attestation_ext_len [IN] The length of attestation extrol info buffer
+ * @param priv_sign [IN] The private key buffer
+ * @param key_usage_sign_bit [IN] The usage sign flag
+ * @param key_usage_encrypt_bit [IN] The usage encrypt flag
+ * @param keytype [IN] The keytype of private key
+ * @param hash [IN] The hash func of digest
+ *
+ * @return -1: Create attestation certificate failed
+ * @return others: The real size of certificate
+ */
+int32_t create_attestation_cert(uint8_t *cert, uint32_t cert_len, const validity_period_t *valid,
+ const uint8_t *issuer_tlv, uint32_t issuer_tlv_len,
+ const uint8_t *subject_public_key, uint32_t subject_public_key_len,
+ const uint8_t *attestation_ext, uint32_t attestation_ext_len, void *priv_sign,
+ uint32_t key_usage_sign_bit, uint32_t key_usage_encrypt_bit, uint32_t key_type,
+ uint32_t hash);
+
+/*
+ * Get element number from certificate.
+ *
+ * @param elem [OUT] The element with elem_id
+ * @param elem_id [IN] The index of element
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get element failed
+ * @return others: The length of element
+ */
+int32_t get_tbs_element(uint8_t **elem, uint32_t elem_id, const uint8_t *cert, uint32_t cert_len);
+
+/*
+ * verify Cert in tee
+ *
+ * @param cert [IN] data for salt
+ * @param cert_len [IN] salt length
+ * @param parent_key [IN] size of generated key, fix-size 32 bytes
+ * @param parent_key_len [IN] pointer where key is saved
+ *
+ * @return TEE_SUCCESS OK
+ * @return TEE_ERROR_BAD_PARAMETERS illegal parameters
+ * @return TEE_ERROR_GENERIC internal error
+ */
+TEE_Result tee_verify_dev_cert(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len);
+
+/*
+ * create cert request in TEE
+ *
+ * @param buf [OUT] cert request output buffer
+ * @param len [OUT] output buffer size
+ * @param key_type [IN] key_type RSA 0; ECC 1
+ * @param file_name [IN] pointer where key is saved
+ *
+ * @return TEE_SUCCESS operation success
+ * @return TEE_ERROR_BAD_PARAMETERS illegal parameters
+ */
+TEE_Result tee_create_cert_req(uint8_t *buf, size_t len, uint32_t key_type, uint8_t *file_name);
+#endif
diff --git a/include/TA/huawei_ext/crypto_device_key_wrapper.h b/include/TA/huawei_ext/crypto_device_key_wrapper.h
new file mode 100644
index 0000000000000000000000000000000000000000..2c8ba9e6b667b8e90bd62bab0dd45678c3e1eb40
--- /dev/null
+++ b/include/TA/huawei_ext/crypto_device_key_wrapper.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: soft device key engine
+ */
+#ifndef __CRYPTO_DEVICE_KEY_WRAPPER_H__
+#define __CRYPTO_DEVICE_KEY_WRAPPER_H__
+
+#include
+#include
+
+/*
+ * Get oem huk.
+ *
+ * @param huk [OUT] The oem huk buffer
+ * @param key [IN] The hmac key buffer
+ * @param key_size [IN] The length of hmac key buffer
+ *
+ * @return 0: Get oem huk success
+ * @return -1: Get oem huk failed
+ */
+int32_t get_class_oem_huk(uint8_t *huk, const uint8_t *key, uint32_t key_size);
+
+#endif
diff --git a/include/TA/huawei_ext/crypto_ec_wrapper.h b/include/TA/huawei_ext/crypto_ec_wrapper.h
new file mode 100644
index 0000000000000000000000000000000000000000..934fc40ee9114db2ca6fe72b6608293a95a258f0
--- /dev/null
+++ b/include/TA/huawei_ext/crypto_ec_wrapper.h
@@ -0,0 +1,149 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: soft ec engine
+ */
+#ifndef __CRYPTO_EC_WRAPPER_H__
+#define __CRYPTO_EC_WRAPPER_H__
+
+#include
+#include
+
+#define ECC_PRIV_LEN 66
+#define ECC_PUB_LEN 66
+
+struct ec_pub_info {
+ uint8_t *x;
+ uint32_t x_len;
+ uint8_t *y;
+ uint32_t y_len;
+};
+
+struct ec_priv_info {
+ uint32_t nid;
+ uint8_t *r;
+ uint32_t r_len;
+};
+
+typedef struct {
+ uint32_t domain;
+ uint8_t x[ECC_PUB_LEN];
+ uint32_t x_len;
+ uint8_t y[ECC_PUB_LEN];
+ uint32_t y_len;
+} ecc_pub_key_t;
+
+typedef struct {
+ uint32_t domain;
+ uint8_t r[ECC_PRIV_LEN];
+ uint32_t r_len;
+} ecc_priv_key_t;
+
+/*
+ * Derive ecc public key from private key.
+ *
+ * @param priv_info [IN] The ecc_priv_key_t structure
+ * @param pub_info [OUT] The ecc_pub_key_t structure
+ *
+ * @return 0: Derive ecc public key success
+ * @return -1: Derive ecc public key failed
+ */
+int32_t ecc_derive_public_key(ecc_priv_key_t *priv_info, ecc_pub_key_t *pub_info);
+
+/*
+ * Derive ecc private key from huk.
+ *
+ * @param priv [OUT] The ecc_priv_key_t structure
+ * @param secret [IN] The huk buffer
+ * @param sec_len [IN] The length of huk buffer
+ *
+ * @return 0: Derive ecc private key success
+ * @return -1: Derive ecc private key failed
+ */
+int32_t derive_ecc_private_key_from_huk(ecc_priv_key_t *priv, const uint8_t *secret, uint32_t sec_len);
+
+/*
+ * Convert the ecc_pub_key_t structure passed in by the user into ecc public key buffer.
+ *
+ * @param out [OUT] The ecc public key buffer
+ * @param outlen [IN/OUT] The length of ecc public key buffer
+ * @param pub [IN] The ecc public key structure
+ *
+ * @return -1: Export ecc public key failed
+ * @return others: The real size of out buffer
+ */
+int32_t ecc_export_pub(uint8_t *out, uint32_t out_size, ecc_pub_key_t *pub);
+
+/*
+ * Convert the ecc public key passed in by the user into the ecc_pub_key_t structure.
+ *
+ * @param pub [OUT] The ecc public key structure
+ * @param in [IN] The ecc public key buffer
+ * @param inlen [IN] The length of ecc public key buffer
+ *
+ * @return 1: Import ecc public key success
+ * @return -1: Import ecc public key failed
+ */
+int32_t ecc_import_pub(ecc_pub_key_t *pub, const uint8_t *in, uint32_t inlen);
+
+/*
+ * Convert the ecc private key passed in by the user into the ecc_priv_key_t structure.
+ *
+ * @param priv [OUT] The ecc private key structure
+ * @param in [IN] The ecc private key buffer
+ * @param inlen [IN] The length of ecc private key buffer
+ *
+ * @return -1: Import ecc private key failed
+ * @return others: The width of ecc private key
+ */
+int32_t ecc_import_priv(ecc_priv_key_t *priv, const uint8_t *in, uint32_t inlen);
+
+/*
+ * Read next TLV (Type-Length-Value) from ASN1 buffer.
+ *
+ * @param type [OUT] Type of TLV
+ * @param header_len [OUT] Length of TLV
+ * @param buf [IN] Input TLV
+ * @param buf_len [IN] Length of buf in bytes
+ *
+ * @return -1: Get next TLV failed
+ * @return others: Length of next TLV
+ */
+int32_t get_next_tlv(uint32_t *type, uint32_t *header_len, const uint8_t *buf, uint32_t buf_len);
+
+/*
+ * Use ECC algorithm to sign user data.
+ *
+ * @param signature [OUT] The signature of input data
+ * @param sig_siz [IN/OUT] The length of signature
+ * @param in [IN] The data to be sign
+ * @param in_len [IN] The length of input data
+ * @param priv [IN] The ecc private key structure
+ *
+ * @return -1: Sign input buffer use ecc failed
+ * @return others: The length of signature
+ */
+int32_t ecc_sign_digest(uint8_t *signature, uint32_t sig_size, uint8_t *in, uint32_t in_len, ecc_priv_key_t *priv);
+
+/*
+ * Verify the data with ECC algorithm.
+ *
+ * @param signature [IN] The signature of input data
+ * @param sig_len [IN] The length of signature
+ * @param in [IN] The input data
+ * @param in_len [IN] The length of input data
+ * @param pub [IN] The ecc public key structure
+ *
+ * @return 1: Verify digest success
+ * @return -1: Verify digest failed
+ */
+int32_t ecc_verify_digest(const uint8_t *signature, uint32_t sig_len, uint8_t *in, uint32_t in_len, ecc_pub_key_t *pub);
+
+#endif
diff --git a/include/TA/huawei_ext/crypto_ec_x509_wrapper.h b/include/TA/huawei_ext/crypto_ec_x509_wrapper.h
new file mode 100644
index 0000000000000000000000000000000000000000..73e2832c070f013c153cadc86665f3aa27250948
--- /dev/null
+++ b/include/TA/huawei_ext/crypto_ec_x509_wrapper.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: soft ec x509 engine
+ */
+#ifndef __CRYPTO_EC_X509_WRAPPER_H__
+#define __CRYPTO_EC_X509_WRAPPER_H__
+
+#include
+#include
+#include "crypto_x509_wrapper.h"
+
+/*
+ * Recover the root certificate.
+ *
+ * @param cert [OUT] The certificate buffer
+ * @param cert_len [IN/OUT] The length of certificate buffer
+ * @param priv [IN] The private key structure
+ * @param keytype [IN] The keytype of private key
+ *
+ * @return -1: Recover root certificate failed
+ * @return others: Recover root certificate success
+ */
+int32_t recover_root_cert(uint8_t *cert, uint32_t cert_len, const void *priv, uint32_t keytype);
+
+/*
+ * Sign the pkcs10 certificate.
+ *
+ * @param cert [OUT] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ * @param csr [IN] The certificate signing request buffer
+ * @param csr_len [IN] The length of certificate signing request buffer
+ * @param valid [IN] The valid date buffer
+ * @param serial_number [IN] The serial number buffer
+ * @param serial_length [IN] The length of serial number buffer
+ * @param priv [IN] The private key structure
+ * @param keytype [IN] The keytype of private key
+ *
+ * @return -1: Sign the pkcs10 certificate failed
+ * @return others: The real size of certificate
+ */
+int32_t sign_pkcs10(uint8_t *cert, uint32_t cert_len,
+ const uint8_t *csr, uint32_t csr_len, const validity_period_t *valid,
+ const uint8_t *serial_number, uint32_t serial_length, const void *priv, uint32_t keytype);
+
+#endif
diff --git a/include/TA/huawei_ext/crypto_inner_wrapper.h b/include/TA/huawei_ext/crypto_inner_wrapper.h
new file mode 100644
index 0000000000000000000000000000000000000000..01a171fc2a3ec26c04a48dfa5c61ea0bbe2d1b7d
--- /dev/null
+++ b/include/TA/huawei_ext/crypto_inner_wrapper.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: soft inner engine
+ */
+#ifndef __CRYPTO_INNER_WRAPPER_H__
+#define __CRYPTO_INNER_WRAPPER_H__
+
+#include
+#include
+
+/*
+ * Get common name from certificate.
+ *
+ * @param name [OUT] The common name buffer
+ * @param name_size [IN/OUT] The length of common name buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get common name failed
+ * @return others: Get common name success
+ */
+int32_t get_subject_CN(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len);
+
+/*
+ * Get organization name from certificate.
+ *
+ * @param name [OUT] The organization name buffer
+ * @param name_size [IN/OUT] The length of organization name buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get organization name failed
+ * @return others: Get organization name success
+ */
+int32_t get_subject_OU(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len);
+
+/*
+ * verify Cert in tee
+ *
+ * @param cert [IN] data for salt
+ * @param cert_len [IN] salt length
+ * @param parent_key [IN] size of generated key, fix-size 32 bytes
+ * @param parent_key_len [IN] pointer where key is saved
+ *
+ * @return TEE_SUCCESS OK
+ * @return TEE_ERROR_BAD_PARAMETERS illegal parameters
+ * @return TEE_ERROR_GENERIC internal error
+ */
+TEE_Result TEE_EXT_verify_dev_cert(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len);
+
+/*
+ * create cert request in TEE
+ *
+ * @param buf [OUT] cert request output buffer
+ * @param len [OUT] output buffer size
+ * @param key_type [IN] key_type RSA 0; ECC 1
+ * @param file_name [IN] pointer where key is saved
+ *
+ * @return TEE_SUCCESS operation success
+ * @return TEE_ERROR_BAD_PARAMETERS illegal parameters
+ */
+TEE_Result TEE_EXT_create_cert_req(uint8_t *buf, size_t len, uint32_t key_type, uint8_t *file_name);
+#endif
diff --git a/include/TA/huawei_ext/crypto_rsa_wrapper.h b/include/TA/huawei_ext/crypto_rsa_wrapper.h
new file mode 100644
index 0000000000000000000000000000000000000000..abae90cd9b22007972e82eceef83f9992b6039d1
--- /dev/null
+++ b/include/TA/huawei_ext/crypto_rsa_wrapper.h
@@ -0,0 +1,154 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: soft rsa engine
+ */
+#ifndef __CRYPTO_RSA_WRAPPER_H__
+#define __CRYPTO_RSA_WRAPPER_H__
+
+#include
+#include
+
+#define RSA_PUB_LEN 1024
+#define RSA_PRIV_LEN 512
+
+typedef struct {
+ uint8_t e[RSA_PUB_LEN];
+ uint32_t e_len;
+ uint8_t n[RSA_PUB_LEN];
+ uint32_t n_len;
+} rsa_pub_key_t;
+
+typedef struct {
+ uint8_t e[RSA_PUB_LEN];
+ uint32_t e_len;
+ uint8_t n[RSA_PUB_LEN];
+ uint32_t n_len;
+ uint8_t d[RSA_PUB_LEN];
+ uint32_t d_len;
+ uint8_t p[RSA_PRIV_LEN];
+ uint32_t p_len;
+ uint8_t q[RSA_PRIV_LEN];
+ uint32_t q_len;
+ uint8_t dp[RSA_PRIV_LEN];
+ uint32_t dp_len;
+ uint8_t dq[RSA_PRIV_LEN];
+ uint32_t dq_len;
+ uint8_t qinv[RSA_PRIV_LEN];
+ uint32_t qinv_len;
+} rsa_priv_key_t;
+
+/*
+ * Generate rsa key pair.
+ * @param priv [OUT] The rsa private key structure
+ * @param pub [OUT] The rsa public key structure
+ * @param e [IN] The exponent of rsa key
+ * @param key_size [IN] The size of rsa key
+ *
+ * @return 0: Generate rsa keypair success
+ * @return -1: Generate rsa keypair failed
+ */
+int32_t rsa_generate_keypair(rsa_priv_key_t *priv, rsa_pub_key_t *pub, uint32_t e, uint32_t key_size);
+
+/*
+ * Do rsa encryption.
+ *
+ * @param dest_data [OUT] The dest data buffer
+ * @param dest_len [IN/OUT] The length of dest data
+ * @param src_data [IN] The src data buffer
+ * @param src_len [IN] The length of src data
+ * @param pub [IN] The rsa public key structure
+ * @param padding [IN] The padding type of encryption
+ * @param hash_nid [IN] The hash_nid of encryption
+ *
+ * @return 0: Do rsa encryption success
+ * @return -1: Do rsa encryption failed
+ */
+int32_t rsa_encrypt(uint8_t *dest_data, uint32_t *dest_len, uint8_t *src_data, uint32_t src_len, rsa_pub_key_t *pub,
+ int32_t padding, int32_t hash_nid);
+
+/*
+ * Do rsa decryption.
+ *
+ * @param dest_data [OUT] The dest data buffer
+ * @param dest_len [IN/OUT] The length of dest data
+ * @param src_data [IN] The src data buffer
+ * @param src_len [IN] The length of src data
+ * @param priv [IN] THE rsa private key structure
+ * @param padding [IN] The padding type of encryption
+ * @param hash_nid [IN] The hash_nid of encryption
+ *
+ * @return 0: Do rsa decryption success
+ * @return -1: Do rsa decryption failed
+ */
+int32_t rsa_decrypt(uint8_t *dest_data, uint32_t *dest_len, uint8_t *src_data, uint32_t src_len, rsa_priv_key_t *priv,
+ uint32_t padding, int32_t hash_nid);
+
+/*
+ * Do rsa Sign digest.
+ *
+ * @param signature [OUT] The signature of input data
+ * @param sig_size [IN/OUT] The length of signature
+ * @param in [IN] The input data
+ * @param in_len [IN] The length of input data
+ * @param priv [IN] The rsa private key structure
+ * @param salt_len [IN] The length of salt
+ * @param hash_nid [IN] The hash_nid of encryption
+ * @param padding [IN] The padding type of encryption
+ *
+ * @return 0: Do rsa sign digest success
+ * @return -1: Do rsa Sign digest failed
+ */
+int32_t rsa_sign_digest(uint8_t *signature, uint32_t *sig_size, uint8_t *in, uint32_t in_len, rsa_priv_key_t *priv,
+ uint32_t salt_len, int32_t hash_nid, int32_t padding);
+
+/*
+ * Do rsa Verify digest.
+ *
+ * @param signature [IN] The signature of input data
+ * @param sig_size [IN] The length of signature
+ * @param in [IN] The input data
+ * @param in_len [IN] The length of input data
+ * @param pub [IN] The rsa public key structure
+ * @param salt_len [IN] The length of salt
+ * @param hash_nid [IN] The hash_nid of encryption
+ * @param padding [IN] The padding type of encryption
+ *
+ * @return 0: Do rsa verify success
+ * @return -1: Do rsa verify failed
+ */
+int32_t rsa_verify_digest(uint8_t *signature, uint32_t sig_size, uint8_t *in, uint32_t in_len, const rsa_pub_key_t *pub,
+ uint32_t salt_len, int32_t hash_nid, int32_t padding);
+
+/*
+ * Convert the rsa private key passed in by the user into the rsa_priv_key_t structure.
+ *
+ * @param priv [OUT] The rsa private key structure
+ * @param in [IN] The rsa private key buffer
+ * @param inlen [IN] The length of rsa private key buffer
+ *
+ * @return -1: Import rsa private key failed
+ * @return 0: Import rsa private key success
+ */
+int32_t rsa_import_priv(rsa_priv_key_t *priv, const uint8_t *in, uint32_t in_len);
+
+/*
+ * Convert the rsa_pub_key_t structure passed in by the user into rsa public key buffer.
+ *
+ * @param out [OUT] The rsa public key buffer
+ * @param outlen [IN] The length of rsa public key buffer
+ * @param pub [IN] The rsa public key structure
+ *
+ * @return -1: Export rsa public key failed
+ * @return others: The real size of out buffer
+ */
+int32_t rsa_export_pub_sp(uint8_t *out, uint32_t out_size, rsa_pub_key_t *pub);
+
+#endif
diff --git a/include/TA/huawei_ext/crypto_wrapper.h b/include/TA/huawei_ext/crypto_wrapper.h
old mode 100755
new mode 100644
index 48ae46ab6822e3f7087738234ebfc58780c2c192..aba36c2541410ec3fa77e8fe65922db9e2f4ee96
--- a/include/TA/huawei_ext/crypto_wrapper.h
+++ b/include/TA/huawei_ext/crypto_wrapper.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -15,7 +15,6 @@
#include
#include
-#include "crypto_aes_wrapper.h"
#include "crypto_cert_wrapper.h"
#include "crypto_device_key_wrapper.h"
#include "crypto_ec_wrapper.h"
diff --git a/include/TA/huawei_ext/crypto_x509_wrapper.h b/include/TA/huawei_ext/crypto_x509_wrapper.h
new file mode 100644
index 0000000000000000000000000000000000000000..830e7dc0d147414de5eb872126cf5a0b69808509
--- /dev/null
+++ b/include/TA/huawei_ext/crypto_x509_wrapper.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: soft ec x509 engine
+ */
+#ifndef __CRYPTO_X509_WRAPPER_H__
+#define __CRYPTO_X509_WRAPPER_H__
+
+#include
+#include
+
+#define VALIDITY_TIME_SIZE 13
+typedef struct {
+ uint8_t start[VALIDITY_TIME_SIZE];
+ uint8_t end[VALIDITY_TIME_SIZE];
+} validity_period_t;
+
+/*
+ * Check the certificate revocation list.
+ *
+ * @param cert [IN] The crl buffer
+ * @param cert_len [IN] The length of crl buffer
+ * @param parent_key [IN] The public key to verify the crl
+ * @param parent_key_len [IN] The length of public key
+ *
+ * @return 1: Check the crl success
+ * @return others: Check the crl failed
+ */
+int32_t x509_crl_validate(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len);
+
+/*
+ * Check the x509 certificate.
+ *
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ * @param parent_key [IN] The public key to verify the crl
+ * @param parent_key_len [IN] The length of public key
+ *
+ * @return 1: Check the cert success
+ * @return others: Check the cert failed
+ */
+int32_t x509_cert_validate(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len);
+
+/*
+ * Get public key from certificate.
+ *
+ * @param pub [OUT] The public key struct
+ * @param in [IN] The certificate buffer
+ * @param inlen [IN] The length of certificate buffer
+ *
+ * @return 0: Get public key success
+ * @return -1: Get public key failed
+ */
+int32_t import_pub_from_sp(void *pub, const uint8_t *in, uint32_t inlen);
+
+/*
+ * Get public key from certificate.
+ *
+ * @param pub [OUT] The public key buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get public key failed
+ * @return others: The length of public key buffer
+ */
+int32_t get_subject_public_key(uint8_t *pub, const uint8_t *cert, uint32_t cert_len);
+
+/*
+ * Get public key from certificate.
+ *
+ * @param pub [OUT] The public key buffer
+ * @param pub_size [IN/OUT] The length of public key buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get public key failed
+ * @return others: The length of public key buffer
+ */
+int32_t get_subject_public_key_new(uint8_t *pub, uint32_t pub_size, const uint8_t *cert, uint32_t cert_len);
+
+/*
+ * Get valid date from certificate.
+ *
+ * @param vd [OUT] The valid date structure
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return 0: Get valid date success
+ * @return -1: Get valid date failed
+ */
+int32_t get_validity_from_cert(validity_period_t *vd, uint8_t *cert, uint32_t cert_len);
+
+/*
+ * Get common name from certificate.
+ *
+ * @param name [OUT] The common name buffer
+ * @param name_size [IN/OUT] The length of common name buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get common name failed
+ * @return others: Get common name success
+ */
+int32_t get_subject_x509_cn(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len);
+
+/*
+ * Get organization name from certificate.
+ *
+ * @param name [OUT] The organization name buffer
+ * @param name_size [IN/OUT] The length of organization name buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get organization name failed
+ * @return others: Get organization name success
+ */
+int32_t get_subject_x509_ou(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len);
+
+/*
+ * Get serial number from certificate.
+ *
+ * @param serial_number [OUT] The serial number buffer
+ * @param serial_number_size [IN/OUT] The length of serial number buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get serial number failed
+ * @return others: Get serial number success
+ */
+int32_t get_serial_number_from_cert(uint8_t *serial_number, uint32_t serial_number_size,
+ uint8_t *cert, uint32_t cert_len);
+
+/*
+ * Get issuer from certificate.
+ *
+ * @param issuer [OUT] The issuer buffer
+ * @param issuer_size [IN/OUT] The length of issuer buffer
+ * @param cert [IN] The certificate buffer
+ * @param cert_len [IN] The length of certificate buffer
+ *
+ * @return -1: Get serial number failed
+ * @return others: Get serial number success
+ */
+int32_t get_issuer_from_cert(uint8_t *issuer, uint32_t issuer_size, uint8_t *crl, uint32_t crl_len);
+
+/*
+ * Check cert chain valid.
+ *
+ * @param root_cert [IN] root ca cert presave
+ * @param root_cert_len [IN] The length of root ca cert
+ * @param second_cert [IN] secondary ca cert buffer
+ * @param second_cert_len [IN] The length of secondary ca cert
+ * @param leaf_cert [IN] leaf ca cert
+ * @param leaf_cert_len [IN] The length of leaf ca cert
+ *
+ * @return -1: failed
+ * @return >0: check success
+ */
+int x509_cert_chain_validate(uint8_t *root_cert, uint32_t root_cert_len,
+ uint8_t *second_cert, uint32_t second_cert_len,
+ uint8_t *leaf_cert, uint32_t leaf_cert_len);
+#endif
diff --git a/include/TA/huawei_ext/permsrv_api_cert.h b/include/TA/huawei_ext/permsrv_api_cert.h
index bfc0a8889ca9f2b0ca71e8502dac4b97c8166791..8be86b1ecd274aa83413d239cb183e652afede7e 100644
--- a/include/TA/huawei_ext/permsrv_api_cert.h
+++ b/include/TA/huawei_ext/permsrv_api_cert.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -11,8 +11,8 @@
* Description: permsrv cert api interface head file
*/
-#ifndef __PERSRV_API_CERT_H__
-#define __PERSRV_API_CERT_H__
+#ifndef PEMRSRV_API_CERT_H
+#define PEMRSRV_API_CERT_H
#include "tee_defines.h"
diff --git a/include/TA/huawei_ext/permsrv_api_legacy.h b/include/TA/huawei_ext/permsrv_api_legacy.h
new file mode 100644
index 0000000000000000000000000000000000000000..e76f5b5effa3f8648d9988370dc4b7ba83646132
--- /dev/null
+++ b/include/TA/huawei_ext/permsrv_api_legacy.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: Functions in this header file are deprecated. Do not use
+ */
+
+#ifndef PERMSRV_API_LEGACY_H
+#define PERMSRV_API_LEGACY_H
+
+#include "tee_defines.h"
+
+TEE_Result TEE_EXT_crl_cert_process(const char *crl_cert, uint32_t crl_cert_size);
+TEE_Result TEE_EXT_ta_ctrl_list_process(const char *ctrl_list, uint32_t ctrl_list_size);
+#endif
diff --git a/include/TA/huawei_ext/qsi_data_structure.h b/include/TA/huawei_ext/qsi_data_structure.h
index 38e6673d8d6b41c5422a4e0f08166d2a631f34cc..2ffedf2211a2a7450b86446c49e1d73a402be2f8 100644
--- a/include/TA/huawei_ext/qsi_data_structure.h
+++ b/include/TA/huawei_ext/qsi_data_structure.h
@@ -1,6 +1,6 @@
/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -19,39 +19,6 @@ enum seal_operation {
UNSEAL
};
-struct seal_param {
- uint8_t *data;
- size_t size;
- uint8_t *cipher_data;
- size_t *cipher_size;
- uint32_t algorithm;
- enum seal_operation operation;
-};
-
-struct qsi_provision_params {
- uint32_t scenario;
- uint32_t param_set_size;
- uint8_t *param_set;
- uint32_t out_size;
- uint8_t *out_data;
-};
-
-struct qsi_report_params {
- TEE_UUID uuid;
- void *user_data;
- uint32_t user_size;
- uint32_t param_set_size;
- uint8_t *param_set;
- void *report;
- uint32_t report_size;
- bool with_tcb;
-};
-
-struct qsi_save_akcert_params {
- uint32_t length;
- uint8_t *buffer;
-};
-
struct ra_buffer_data {
uint32_t length;
uint8_t *buffer;
diff --git a/include/TA/huawei_ext/tee_crypto_err.h b/include/TA/huawei_ext/tee_crypto_err.h
index fe9091e774cf541d84236b9fa46cb2301ca9b453..6d019b7788ca108c8e235d074659a4e34f62fd17 100644
--- a/include/TA/huawei_ext/tee_crypto_err.h
+++ b/include/TA/huawei_ext/tee_crypto_err.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
diff --git a/include/TA/huawei_ext/tee_crypto_hal.h b/include/TA/huawei_ext/tee_crypto_hal.h
old mode 100755
new mode 100644
index f8b3b50e5277e9f2dbc1bd8909e2e56cc7d31b52..bfc0be5fefe2dadd1de229614578760f8c66985c
--- a/include/TA/huawei_ext/tee_crypto_hal.h
+++ b/include/TA/huawei_ext/tee_crypto_hal.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -43,4 +43,5 @@ TEE_Result TEE_SetCryptoFlag(TEE_OperationHandle operation, uint32_t crypto);
* @retval TEE_ERROR_BAD_PARAMETERS: Operation is NULLi or crypto is invalid
*/
TEE_Result TEE_SetObjectFlag(TEE_ObjectHandle object, uint32_t crypto);
+
#endif
diff --git a/include/TA/huawei_ext/tee_err.h b/include/TA/huawei_ext/tee_err.h
index 3dc4ed33d07839a64b8ecc5f67f077c8d2627213..4b2b17c6c49cd81819c21b931e4acd429341093f 100644
--- a/include/TA/huawei_ext/tee_err.h
+++ b/include/TA/huawei_ext/tee_err.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -28,4 +28,4 @@ enum ext_error_module {
CRYPTO_MODULE_ERR_ID = 0x020000,
};
-#endif
\ No newline at end of file
+#endif
diff --git a/include/TA/huawei_ext/tee_ext_api.h b/include/TA/huawei_ext/tee_ext_api.h
index 2e593cddc5ebb6b8f98333f07a45f53c61245d7c..309abe33c3f1b08f50dc0577e7b915904e679a97 100644
--- a/include/TA/huawei_ext/tee_ext_api.h
+++ b/include/TA/huawei_ext/tee_ext_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2012-2019. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -75,6 +75,32 @@ TEE_Result tee_ext_get_caller_info(caller_info *caller_info_data, uint32_t lengt
*/
TEE_Result addcaller_ca_exec(const char *ca_name, const char *user_name);
+/*
+ * verify TA's caller's identify
+ * TA can call this API to add caller's info,
+ * which is allowed to call this TA.
+ * this API is for CA in form of JAR or binary-excuteble file.
+ *
+ * @param ca_name [IN] CA caller's process name
+ * @param user_name [IN] CA caller's username
+ *
+ * return TEE_SUCCESS operation
+ * return others failed to add caller info for target CA
+ */
+
+TEE_Result AddCaller_CA_user(const char *ca_name, const char *user_name);
+
+/*
+ * TA can call this API to add caller's info,
+ * which is allowed to call this CA.
+ * this API is for CA in form of native ca and APK.
+ *
+ * @param cainfo_hash [IN] CA callerinfo's sha256 value
+ *
+ * return TEE_SUCCESS operation
+ */
+TEE_Result AddCaller_CA(const uint8_t *cainfo_hash, uint32_t length);
+
/*
* TA call this API allow others TA open session with itself
*
diff --git a/include/TA/huawei_ext/tee_hw_ext_api_legacy.h b/include/TA/huawei_ext/tee_hw_ext_api_legacy.h
index bf5a770359b06dd8664d797d5abc0c914235bb1c..34e480a2aa37405430fcc992c5d80147098a46be 100644
--- a/include/TA/huawei_ext/tee_hw_ext_api_legacy.h
+++ b/include/TA/huawei_ext/tee_hw_ext_api_legacy.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
diff --git a/include/TA/huawei_ext/tee_log.h b/include/TA/huawei_ext/tee_log.h
index bd836862c1d2edabe7be84f0def6f52e14180095..37317cafa54666bf128853488197fadf94c6bcba 100644
--- a/include/TA/huawei_ext/tee_log.h
+++ b/include/TA/huawei_ext/tee_log.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
diff --git a/include/TA/huawei_ext/tee_log_legacy.h b/include/TA/huawei_ext/tee_log_legacy.h
index ab555aae6362d4fc9eb630adf82a076211ae2e10..ffedcdca7643515b4b834ca210e6bc35ae63c7f1 100644
--- a/include/TA/huawei_ext/tee_log_legacy.h
+++ b/include/TA/huawei_ext/tee_log_legacy.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -14,7 +14,5 @@
#ifndef __TEE_LOG_LEGACY_H__
#define __TEE_LOG_LEGACY_H__
-#include
-
void SLog(const char *fmt, ...);
#endif /* __TEE_LOG_LEGACY_H__ */
diff --git a/include/TA/huawei_ext/tee_openssl_err.h b/include/TA/huawei_ext/tee_openssl_err.h
index c23e6354ebb107878bcfdc4fb2ce84d0e5677ae2..a9245a344694a502d975d3cdec8d27422a2b6465 100644
--- a/include/TA/huawei_ext/tee_openssl_err.h
+++ b/include/TA/huawei_ext/tee_openssl_err.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -497,4 +497,4 @@
#define TEE_ERR_PKCS7_R_WRONG_CONTENT_TYPE 0x8002b071
#define TEE_ERR_PKCS7_R_WRONG_PKCS7_TYPE 0x8002b072
-#endif
\ No newline at end of file
+#endif
diff --git a/include/TA/huawei_ext/tee_ra_api.h b/include/TA/huawei_ext/tee_ra_api.h
index 0eabd16a3ba1fe04da1f27f420e5e0a7b47e1663..85c56dc5a4f2ea2682e65888e156f4f8ed85f0d0 100644
--- a/include/TA/huawei_ext/tee_ra_api.h
+++ b/include/TA/huawei_ext/tee_ra_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -15,13 +15,9 @@
#include
#include "qsi_data_structure.h"
-TEE_Result ra_qsi_provision(struct qsi_provision_params *provision_params);
-TEE_Result ra_qsi_report(struct qsi_report_params *ra_params);
-TEE_Result ra_qsi_save_akcert(struct qsi_save_akcert_params *akcert_params);
-TEE_Result ra_local_report(TEE_UUID target_uuid, const struct ra_buffer_data *usr_data,
- struct ra_buffer_data *param_set, struct ra_buffer_data *report, bool with_tcb);
-
TEE_Result ra_seal(uint8_t *data, size_t in_size, uint8_t *cipher_data, size_t *cipher_size, uint32_t alg);
TEE_Result ra_unseal(uint8_t *cipher_data, size_t cipher_size, uint8_t *data, size_t *out_size, uint32_t alg);
+TEE_Result ra_local_report(struct ra_buffer_data *in, struct ra_buffer_data *out);
+TEE_Result ra_qsi_invoke(struct ra_buffer_data *in, struct ra_buffer_data *out);
#endif
diff --git a/include/TA/pthread_attr.h b/include/TA/pthread_attr.h
index 9583cbd7063ffbb28239c1a3649fb1eb29f4b1e9..90ac9463225d310b1823b85ff3ecbc93ab273083 100644
--- a/include/TA/pthread_attr.h
+++ b/include/TA/pthread_attr.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
diff --git a/include/TA/tee_arith_api.h b/include/TA/tee_arith_api.h
index e45680411c1d17d1fabd235f67595dca7b552632..313359ae0a798168014c5e9b568ccc4b6a62bb25 100755
--- a/include/TA/tee_arith_api.h
+++ b/include/TA/tee_arith_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2012-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -66,7 +66,7 @@ void TEE_BigIntInit(TEE_BigInt *bigInt, size_t len);
*/
void TEE_BigIntInitFMMContext(TEE_BigIntFMMContext *context, size_t len, const TEE_BigInt *modulus);
-#if defined(API_LEVEL) && (API_LEVEL >= API_LEVEL1_1_1)
+#if defined(API_LEVEL) && defined(API_LEVEL1_1_1) && (API_LEVEL >= API_LEVEL1_1_1)
/*
* calculates the necessary prerequisites for the fast modular multiplication and stores them in a context.
@@ -191,7 +191,7 @@ bool TEE_BigIntGetBit(const TEE_BigInt *src, uint32_t bitIndex);
*/
uint32_t TEE_BigIntGetBitCount(const TEE_BigInt *src);
-#if defined(API_LEVEL) && (API_LEVEL >= API_LEVEL1_2)
+#if defined(API_LEVEL) && defined(API_LEVEL1_2) && (API_LEVEL >= API_LEVEL1_2)
/*
* sets the bitIndexth bit of the natural binary representation of |op| to 1 or 0
*
@@ -250,14 +250,14 @@ void TEE_BigIntAdd(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op
void TEE_BigIntSub(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2);
/*
- * negates an operand: dest = -op
+ * negates an operand: dest = -src
*
- * @param dest [OUT] PPointer to TEE_BigInt to store the result -op
+ * @param dest [OUT] PPointer to TEE_BigInt to store the result -src
* @param op [IN] Pointer to the operand to be negated
*
* @return void
*/
-void TEE_BigIntNeg(TEE_BigInt *dest, const TEE_BigInt *op);
+void TEE_BigIntNeg(TEE_BigInt *dest, const TEE_BigInt *src);
/*
* computes dest = op1 * op2
@@ -438,7 +438,7 @@ void TEE_BigIntConvertFromFMM(TEE_BigInt *dest, const TEE_BigIntFMM *src, const
void TEE_BigIntComputeFMM(TEE_BigIntFMM *dest, const TEE_BigIntFMM *op1, const TEE_BigIntFMM *op2, const TEE_BigInt *n,
const TEE_BigIntFMMContext *context);
-#if defined(API_LEVEL) && (API_LEVEL >= API_LEVEL1_1_1)
+#if defined(API_LEVEL) && defined(API_LEVEL1_1_1) && (API_LEVEL >= API_LEVEL1_1_1)
/*
* computes dest = (op1 ^ op2) (mod n).
*
diff --git a/include/TA/tee_core_api.h b/include/TA/tee_core_api.h
index 9fd9b35abd2788edb68711634f5c3e119308d678..eabf2ece0d88bf76a51909e1cdbc711bfc0ee36b 100644
--- a/include/TA/tee_core_api.h
+++ b/include/TA/tee_core_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -14,8 +14,8 @@
#define __TEE_CORE_API_H
#include "tee_defines.h"
-#ifndef _TEE_TA_SESSION_HANDLE
-#define _TEE_TA_SESSION_HANDLE
+#ifndef TEE_TA_SESSION_HANDLE
+#define TEE_TA_SESSION_HANDLE
typedef uint32_t TEE_TASessionHandle;
#endif
diff --git a/include/TA/tee_crypto_api.h b/include/TA/tee_crypto_api.h
index eca49c1779ef86f089de20cf72f6b559391fe717..5abedf23d5bd979bef3de4d4d5878f29faebd3ec 100644
--- a/include/TA/tee_crypto_api.h
+++ b/include/TA/tee_crypto_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -25,6 +25,7 @@
#define TEE_MAX_KEY_SIZE_IN_BITS (1024 * 8)
#define SW_RSA_KEYLEN 1024
#define TEE_DH_MAX_SIZE_OF_OTHER_INFO 64 /* bytes */
+#define TEE_PARAM_COUNT_MAX 9
enum __TEE_Operation_Constants {
TEE_OPERATION_CIPHER = 0x1,
@@ -126,6 +127,7 @@ enum __tee_crypto_algorithm_id {
TEE_ALG_SM2_PKE = 0x80000045,
TEE_ALG_SM3 = 0x50000007,
TEE_ALG_SM4_ECB_NOPAD = 0x10000014,
+ TEE_ALG_SM4_ECB_PKCS7 = 0x10000024,
TEE_ALG_SM4_CBC_NOPAD = 0x10000114,
TEE_ALG_SM4_CBC_PKCS7 = 0xF0000003,
TEE_ALG_SM4_CTR = 0x10000214,
@@ -310,7 +312,7 @@ typedef struct __TEE_ObjectHandle TEE_ObjectHandleVar;
* @param operation [IN/OUT] #TEE_OperationHandle
* @param algorithm [IN] #TEE_CRYPTO_ALGORITHM_ID
* @param mode [IN] #TEE_OperationMode
- * @param maxKeySize [IN] The max key size
+ * @param max_key_size [IN] The max key size
*
* @return TEE_SUCCESS succss
* @return TEE_ERROR_OUT_OF_MEMORY #TEE_OperationHandle malloc failed
@@ -318,7 +320,7 @@ typedef struct __TEE_ObjectHandle TEE_ObjectHandleVar;
* @return TEE_ERROR_GENERIC other failed
*/
TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, uint32_t algorithm, uint32_t mode,
- uint32_t maxKeySize);
+ uint32_t max_key_size);
/*
* free Operation handle
*
@@ -374,12 +376,12 @@ TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, const TEE_ObjectH
/*
* copy src operation to dest operation
*
- * @param dstOperation [IN/OUT] #TEE_OperationHandle
- * @param srcOperation [IN/OUT] #TEE_OperationHandle
+ * @param dst_operation [IN/OUT] #TEE_OperationHandle
+ * @param src_operation [IN/OUT] #TEE_OperationHandle
*
* @return void
*/
-void TEE_CopyOperation(TEE_OperationHandle dstOperation, const TEE_OperationHandle srcOperation);
+void TEE_CopyOperation(TEE_OperationHandle dst_operation, const TEE_OperationHandle src_operation);
/*
* init cipher context
diff --git a/include/TA/tee_defines.h b/include/TA/tee_defines.h
index 7d77c3223d963718e98546c0c738c957882a2b4f..6b24ff206ed12027ed1cc66a35c0406a7d6cdc72 100755
--- a/include/TA/tee_defines.h
+++ b/include/TA/tee_defines.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -277,7 +277,7 @@ enum TEE_Result_Value {
TEE_FAIL = 0xFFFF5002, /* system error */
TEE_ERROR_TIMER = 0xFFFF6000, /* base value of timer error codes */
TEE_ERROR_TIMER_CREATE_FAILED = 0xFFFF6001, /* failed to create timer */
- TEE_ERROR_TIMER_DESTORY_FAILED = 0xFFFF6002, /* failed to destory timer */
+ TEE_ERROR_TIMER_DESTROY_FAILED = 0xFFFF6002, /* failed to destroy timer */
TEE_ERROR_TIMER_NOT_FOUND = 0xFFFF6003, /* timer not found */
TEE_ERROR_RPMB_BASE = 0xFFFF7000, /* base value of RPMB error codes */
TEE_ERROR_RPMB_GENERIC = 0xFFFF7001, /* generic error of RPMB operations */
@@ -315,7 +315,8 @@ enum TEE_Result_Value {
TEE_ERROR_ANTIROOT_RSP_FAIL = 0xFFFF9110, /* AntiRoot Response verify failed */
TEE_ERROR_ANTIROOT_INVOKE_ERROR = 0xFFFF9111, /* AntiRoot ERROR during invokecmd */
TEE_ERROR_AUDIT_FAIL = 0xFFFF9112, /* audit failed */
- TEE_FAIL2 = 0xFFFF9113 /* unused */
+ TEE_FAIL2 = 0xFFFF9113, /* unused */
+ TEE_ERROR_IPC_OVERFLOW = 0xFFFF9114 /* IPC Channel overflow error */
};
/*
@@ -343,8 +344,8 @@ typedef TEE_Result TEEC_Result;
#define TEE_ORIGIN_TEE 0x00000003
#define TEE_ORIGIN_TRUSTED_APP 0x00000004
-#ifndef _TEE_TA_SESSION_HANDLE
-#define _TEE_TA_SESSION_HANDLE
+#ifndef TEE_TA_SESSION_HANDLE
+#define TEE_TA_SESSION_HANDLE
typedef uint32_t TEE_TASessionHandle;
#endif
diff --git a/include/TA/tee_mem_mgmt_api.h b/include/TA/tee_mem_mgmt_api.h
index c8908368c24547ffe6eae4d4244344a6a0c21bb4..48f98881375a8aa59eaf896b53ea3b0b9ff9e0b2 100644
--- a/include/TA/tee_mem_mgmt_api.h
+++ b/include/TA/tee_mem_mgmt_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2012-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -62,7 +62,7 @@ enum MALLOC_HINT {
*
* @return void
*/
-#if defined(API_LEVEL) && (API_LEVEL >= API_LEVEL1_2)
+#if defined(API_LEVEL) && defined(API_LEVEL1_2) && (API_LEVEL >= API_LEVEL1_2)
void TEE_MemFill(void *buffer, uint8_t x, size_t size);
#else
void TEE_MemFill(void *buffer, uint32_t x, size_t size);
diff --git a/include/TA/tee_object_api.h b/include/TA/tee_object_api.h
index e4c10c3c7e96aacb60082000e616bfd5a98928f4..a62f68f180178e0350014dccebeda401f61fd7fc 100644
--- a/include/TA/tee_object_api.h
+++ b/include/TA/tee_object_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
diff --git a/include/TA/tee_property_api.h b/include/TA/tee_property_api.h
index a88586a943fcf841fbcc4deec1163154f5d065c4..2d8b5674da711cf8782db8d80c96a6a972d2cc68 100644
--- a/include/TA/tee_property_api.h
+++ b/include/TA/tee_property_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2012-2019. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -70,7 +70,7 @@ TEE_Result TEE_GetPropertyAsBool(TEE_PropSetHandle propsetOrEnumerator, const ch
*/
TEE_Result TEE_GetPropertyAsU32(TEE_PropSetHandle propsetOrEnumerator, const char *name, uint32_t *value);
-#if defined(API_LEVEL) && (API_LEVEL >= API_LEVEL1_2)
+#if defined(API_LEVEL) && defined(API_LEVEL1_2) && (API_LEVEL >= API_LEVEL1_2)
/*
* retrieves a single property in a property set and converts its value to a 64-bit unsigned integer
*
@@ -121,7 +121,7 @@ TEE_Result TEE_GetPropertyAsUUID(TEE_PropSetHandle propsetOrEnumerator, const ch
* @return TEE_SUCCESS operation success
* @return TEE_ERROR_ITEM_NOT_FOUND cannot find target property
*/
-TEE_Result TEE_GetPropertyAsIdentity(TEE_PropSetHandle propsetOrEnumerator, const char *name, TEE_Identity *value);
+TEE_Result TEE_GetPropertyAsIdentity(TEE_PropSetHandle propsetOrEnumerator, const char *name, TEE_Identity *identity);
/*
* allocates a property enumerator object
diff --git a/include/TA/tee_time_api.h b/include/TA/tee_time_api.h
index fb09958ca1ab8743ab2d26780742127878244cd1..fa97c31ec3fcd315486ccc4a7e68a19497d2e829 100644
--- a/include/TA/tee_time_api.h
+++ b/include/TA/tee_time_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
diff --git a/include/TA/tee_trusted_storage_api.h b/include/TA/tee_trusted_storage_api.h
index 9c3d51be710f52d3b584cd9833f2879483e0330b..cfe7554a3071de96680cb6aba9c9803e182a7b46 100644
--- a/include/TA/tee_trusted_storage_api.h
+++ b/include/TA/tee_trusted_storage_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
diff --git a/include/TA/tee_uuid.h b/include/TA/tee_uuid.h
index 3bad4e7a33dda3a9bb877e941237aa05e1ca42d6..51fb2988463684bb0242c47bac3f05eb68c72fa5 100644
--- a/include/TA/tee_uuid.h
+++ b/include/TA/tee_uuid.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
diff --git a/src/CA/libteec_adaptor.c b/src/CA/libteec_adaptor.c
index 65ce2fd7767240c5ffef2ebbd046129aa3928735..9fd2042fdce415d94abd0faddf740290fa4dd8a8 100644
--- a/src/CA/libteec_adaptor.c
+++ b/src/CA/libteec_adaptor.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
diff --git a/test/CA/cert_manager/Makefile b/test/CA/cert_manager/Makefile
index 699af4725bf9188e236988a4fb5be77041b9d89d..589ac63d32d4f8cd21fd59928f2191326434bd7c 100644
--- a/test/CA/cert_manager/Makefile
+++ b/test/CA/cert_manager/Makefile
@@ -13,8 +13,9 @@ APP_SOURCES += $(ITRUSTEE_BUILD_PATH)/src/CA/libteec_adaptor.c
APP_CFLAGS += -fstack-protector-strong -fPIC
APP_CFLAGS += -I$(ITRUSTEE_BUILD_PATH)/include/CA \
+ -I$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck/include
-APP_LDFLAGS += -ldl -lpthread
+APP_LDFLAGS += -ldl -lpthread -lboundscheck
APP_LDFLAGS += -z text -z now -z relro -z noexecstack -pie -s
@@ -23,4 +24,4 @@ $(TARGET_APP): $(APP_SOURCES)
$(CC) $(APP_CFLAGS) -o $@ $(APP_SOURCES) $(APP_LDFLAGS)
clean:
- rm -f *.o $(TARGET_APP)
+ @rm -f *.o $(TARGET_APP)
diff --git a/test/CA/cert_manager/cert_common.h b/test/CA/cert_manager/cert_common.h
index 7b63b2c72c71f95870a7b6d651a7fca90c8c8930..c485e0f275723a6c2489b3a2f114d9f9c435c9f5 100644
--- a/test/CA/cert_manager/cert_common.h
+++ b/test/CA/cert_manager/cert_common.h
@@ -10,7 +10,6 @@
* See the Mulan PSL v2 for more details.
* Description: CA for certification management.
*/
-
#ifndef CERT_COMMON_H
#define CERT_COMMON_H
@@ -19,3 +18,4 @@
#define MAX_LOG_BUFFER_LEN 10000
#endif
+
diff --git a/test/CA/cert_manager/cert_file.c b/test/CA/cert_manager/cert_file.c
index 917a00a8242e38c698205792b9084ddb29d964c6..87b62e14d404423057881df73a1f89abbb5728b0 100644
--- a/test/CA/cert_manager/cert_file.c
+++ b/test/CA/cert_manager/cert_file.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
* Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
@@ -30,11 +30,10 @@ static int32_t GetFileSize(const char *path, long *size)
int32_t ret;
struct stat buf;
ret = stat(path, &buf);
- if (ret != 0) {
+ if (ret != 0)
printf_err("file stat failed: %s\n", path);
- } else {
+ else
*size = buf.st_size;
- }
return ret;
}
@@ -42,9 +41,9 @@ int32_t LoadFromFs(void *buffer, size_t size, const char *filePath, size_t *file
{
int32_t ret;
/* check file name */
- if (strstr(filePath, ".der") == NULL) {
+ if (strstr(filePath, ".der") == NULL && strstr(filePath, ".crl") == NULL) {
ret = errno;
- printf_err("only support der file\n");
+ printf_err("only support der or crl file\n");
goto end;
}
/* get file length */
@@ -56,6 +55,7 @@ int32_t LoadFromFs(void *buffer, size_t size, const char *filePath, size_t *file
/* check file content overflow */
if (*fileSize > size) {
printf_err("file is too long: %s\n", filePath);
+ ret = errno;
goto end;
}
/* read contents from file into buffer */
@@ -78,6 +78,10 @@ end:
int32_t StoreToFs(const void *buffer, uint32_t size, const char *filePath)
{
int32_t ret = 0;
+ if (buffer == NULL || size == 0 || filePath == NULL) {
+ printf_err("store to fs bad parameters\n");
+ return errno;
+ }
/* write size of buffer into file */
FILE *fp = fopen(filePath, "w");
if (fp == NULL) {
diff --git a/test/CA/cert_manager/cert_file.h b/test/CA/cert_manager/cert_file.h
index 2e5081a432095781a92afeee9e4c07b5dd9e6cf1..7d68f40228b2ad175f7d5f4ef461b129aca9229c 100644
--- a/test/CA/cert_manager/cert_file.h
+++ b/test/CA/cert_manager/cert_file.h
@@ -10,7 +10,6 @@
* See the Mulan PSL v2 for more details.
* Description: CA for certification management.
*/
-
#ifndef CERT_FILE_H
#define CERT_FILE_H
diff --git a/test/CA/cert_manager/cert_manager.c b/test/CA/cert_manager/cert_manager.c
index 5509983738e349298b5095d00b5c8312fb9e6693..da24c8f4036f94089b9d90d8f54bcd89bbadd402 100644
--- a/test/CA/cert_manager/cert_manager.c
+++ b/test/CA/cert_manager/cert_manager.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
* Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
@@ -28,6 +28,7 @@
/* commands */
#define CMD_DESTROY "destroy"
#define CMD_IMPORT "import"
+#define CMD_IMPORT_CRL "import_crl"
#define CMD_EXPORT "export"
/* sub commands of export */
#define CMD_EXPORT_CERT "cert"
@@ -38,6 +39,7 @@
#define CMD_EXPORT_CERT_ARGC 4
#define CMD_EXPORT_LOG_ARGC 3
#define CMD_DESTROY_ARGC 2
+#define CMD_IMPORT_CRL_ARGC 3
/* index of command parameters */
#define CMD_NAME 1
@@ -48,8 +50,16 @@
enum {
IPC_IMPORT_CERT = 1,
IPC_EXPORT_CERT = 2,
- IPC_DESTORY_CERT = 3,
- IPC_EXPORT_LOG = 4
+ IPC_DESTROY_CERT = 3,
+ IPC_EXPORT_LOG = 4,
+ IPC_IMPORT_CRL = 5
+};
+
+enum {
+ CERTMANGER_CMD_IMPORT_CERT = 1,
+ CERTMANGER_CMD_EXPORT = 2,
+ CERTMANGER_CMD_DESTROY = 3,
+ CERTMANGER_CMD_IMPORT_CRL = 4
};
static TEEC_Result Destroy(TEEC_Session *session)
@@ -59,7 +69,7 @@ static TEEC_Result Destroy(TEEC_Session *session)
TEEC_Operation operation = { 0 };
operation.started = 1;
operation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE);
- result = TEEC_InvokeCommand(session, IPC_DESTORY_CERT, &operation, NULL);
+ result = TEEC_InvokeCommand(session, IPC_DESTROY_CERT, &operation, NULL);
if (result != TEEC_SUCCESS)
printf_err("ipc failed\n");
return result;
@@ -74,9 +84,8 @@ static TEEC_Result ProcessExportResult(TEEC_SharedMemory *sharedMem, uint32_t le
result = TEEC_ERROR_OUT_OF_MEMORY;
goto end;
}
- if (len == 0) {
+ if (len == 0)
printf_err("warning: empty content\n");
- }
/* replaced with memcpy(outbuf, sharedMem->buffer, len) when memcpy_s is not supported */
if (memcpy_s(outbuf, sharedMem->size, sharedMem->buffer, len) != EOK) {
result = TEEC_ERROR_OUT_OF_MEMORY;
@@ -94,6 +103,7 @@ static TEEC_Result ProcessExportResult(TEEC_SharedMemory *sharedMem, uint32_t le
end:
if (outbuf != NULL) {
free(outbuf);
+ outbuf = NULL;
}
return result;
}
@@ -169,7 +179,7 @@ static TEEC_Result Import(TEEC_Context *context, TEEC_Session *session, const ch
goto free_sharedMem;
}
if (!IsFileExist(realPath)) {
- printf_err("certification not exsit:%s\n", certPath);
+ printf_err("certification not exist:%s\n", certPath);
result = TEEC_ERROR_BAD_PARAMETERS;
goto free_sharedMem;
}
@@ -196,67 +206,163 @@ end:
return result;
}
+static TEEC_Result ImportCrl(TEEC_Context *context, TEEC_Session *session, const char *certPath)
+{
+ TEEC_Result result;
+ char realPath[PATH_MAX];
+ /* 1. allocate shared memory */
+ TEEC_SharedMemory sharedMem;
+ sharedMem.size = MAX_BUFFER_LEN;
+ sharedMem.flags = TEEC_MEM_OUTPUT | TEEC_MEM_INPUT;
+ result = TEEC_AllocateSharedMemory(context, &sharedMem);
+ if (result != TEEC_SUCCESS) {
+ printf_err("allocate crl shared memory failed\n");
+ goto end;
+ }
+ /* 2. check certPath legality */
+ if (realpath(certPath, realPath) == NULL) {
+ printf_err("illegal certification path:%s\n", certPath);
+ result = errno;
+ goto free_sharedMem;
+ }
+ if (!IsFileExist(realPath)) {
+ printf_err("certification not exist:%s\n", certPath);
+ result = TEEC_ERROR_BAD_PARAMETERS;
+ goto free_sharedMem;
+ }
+ /* 3. read cert from filesystem to shared memory */
+ size_t fileSize = 0;
+ if (LoadFromFs(sharedMem.buffer, sharedMem.size, certPath, &fileSize) != 0) {
+ result = TEEC_ERROR_READ_DATA;
+ printf_err("load crl failed\n");
+ goto free_sharedMem;
+ }
+ /* 4. invoke ipc command */
+ TEEC_Operation operation = { 0 };
+ operation.started = 1;
+ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INPUT, TEEC_NONE, TEEC_NONE, TEEC_NONE);
+ operation.params[0].memref.parent = &sharedMem;
+ operation.params[0].memref.offset = 0;
+ operation.params[0].memref.size = fileSize;
+ result = TEEC_InvokeCommand(session, IPC_IMPORT_CRL, &operation, NULL);
+ if (result != TEEC_SUCCESS)
+ printf_err("ipc failed\n");
+free_sharedMem:
+ TEEC_ReleaseSharedMemory(&sharedMem);
+end:
+ return result;
+}
+
static TEEC_UUID g_taId = {
0x4acaf7c8, 0xc652, 0x4643,
{ 0x9b, 0x7a, 0xcc, 0x07, 0xe7, 0xa3, 0x18, 0x7a }
};
-int main(int argc, char *argv[])
+static TEEC_Result OpenSessionTa(TEEC_Context *context, TEEC_Session *session)
{
- TEEC_Result result;
- TEEC_Context context;
- TEEC_Session session;
TEEC_UUID *uuidp = &g_taId;
TEEC_Operation operation = { 0 };
- /* 1. init context */
+ context->ta_path = (uint8_t *)TA_PATH;
+ operation.started = 1;
+ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE);
+ TEEC_Result result = TEEC_OpenSession(context, session, uuidp, TEEC_LOGIN_IDENTIFY, NULL, &operation, NULL);
+ if (result != TEEC_SUCCESS) {
+ printf_err("teec open session failed,result is 0x%x\n", result);
+ return result;
+ }
+ return TEEC_SUCCESS;
+}
+
+static int32_t GetInputCmd(int argc, char *argv[])
+{
if (argc < CMD_DESTROY_ARGC || argc > CMD_EXPORT_CERT_ARGC) {
printf_err("wrong parameters num \n");
return -1;
}
+ /* 1. process command line */
+ if (memcmp(argv[CMD_NAME], CMD_IMPORT, sizeof(CMD_IMPORT)) == 0 && argc == CMD_IMPORT_ARGC) {
+ /* import */
+ return CERTMANGER_CMD_IMPORT_CERT;
+ } else if (memcmp(argv[CMD_NAME], CMD_IMPORT_CRL, sizeof(CMD_IMPORT_CRL)) == 0 && argc == CMD_IMPORT_CRL_ARGC) {
+ /* import crl */
+ return CERTMANGER_CMD_IMPORT_CRL;
+ } else if (memcmp(argv[CMD_NAME], CMD_EXPORT, sizeof(CMD_EXPORT)) == 0 &&
+ (argc == CMD_EXPORT_CERT_ARGC || argc == CMD_EXPORT_LOG_ARGC)) {
+ /* export */
+ return CERTMANGER_CMD_EXPORT;
+ } else if (memcmp(argv[CMD_NAME], CMD_DESTROY, sizeof(CMD_DESTROY)) == 0 && argc == CMD_DESTROY_ARGC) {
+ /* destroy */
+ return CERTMANGER_CMD_DESTROY;
+ } else {
+ /* undefined */
+ printf("invalid command \n");
+ return -1;
+ }
+}
+
+static TEEC_Result SelectCmd(char *argv[], TEEC_Context *context, TEEC_Session *session, int32_t cmd)
+{
+ switch (cmd) {
+ case CERTMANGER_CMD_IMPORT_CERT:
+ return Import(context, session, argv[CMD_IMPORT_ARG_PATH]);
+ case CERTMANGER_CMD_IMPORT_CRL:
+ return ImportCrl(context, session, argv[CMD_IMPORT_ARG_PATH]);
+ case CERTMANGER_CMD_EXPORT:
+ return Export(context, session, argv[CMD_EXPORT_SUBCMD], argv[CMD_EXPORT_ARG_PATH]);
+ case CERTMANGER_CMD_DESTROY:
+ return Destroy(session);
+ default:
+ printf_err("failed, errno input:%d\n", cmd);
+ return TEEC_ERROR_INVALID_CMD;
+ }
+}
+int main(int argc, char *argv[])
+{
+ int32_t ret = 0;
+ TEEC_Result result;
+ TEEC_Context context;
+ TEEC_Session session;
+
+ /* 1. check input cmd */
+ int32_t cmd = GetInputCmd(argc, argv);
+ if (cmd <= 0) {
+ printf_err("input parameter errno\n");
+ return -1;
+ }
+
+ /* 2. init context */
result = TEEC_InitializeContext(NULL, &context);
if (result != TEEC_SUCCESS) {
printf_err("teec initialize failed\n");
- goto end;
+ return -1;
}
- /* 2. open session */
- context.ta_path = (uint8_t *)TA_PATH;
- operation.started = 1;
- operation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE);
- result = TEEC_OpenSession(&context, &session, uuidp, TEEC_LOGIN_IDENTIFY, NULL, &operation, NULL);
+
+ /* 3. open session */
+ result = OpenSessionTa(&context, &session);
if (result != TEEC_SUCCESS) {
- printf_err("teec open session failed, result is 0x%x\n", result);
- goto finalize;
+ printf_err("teec open session failed\n");
+ goto final;
}
- /* 3. process command line */
- if (memcmp(argv[CMD_NAME], CMD_IMPORT, sizeof(CMD_IMPORT)) == 0) {
- /* import */
- result = (argc == CMD_IMPORT_ARGC) ?
- Import(&context, &session, argv[CMD_IMPORT_ARG_PATH]) :
- TEEC_ERROR_BAD_PARAMETERS;
- } else if (memcmp(argv[CMD_NAME], CMD_EXPORT, sizeof(CMD_EXPORT)) == 0) {
- /* export */
- result = (argc == CMD_EXPORT_CERT_ARGC || argc == CMD_EXPORT_LOG_ARGC) ?
- Export(&context, &session, argv[CMD_EXPORT_SUBCMD], argv[CMD_EXPORT_ARG_PATH]) :
- TEEC_ERROR_BAD_PARAMETERS;
- } else if (memcmp(argv[CMD_NAME], CMD_DESTROY, sizeof(CMD_DESTROY)) == 0) {
- /* destroy */
- result = (argc == CMD_DESTROY_ARGC) ? Destroy(&session) : TEEC_ERROR_BAD_PARAMETERS;
- } else {
- /* undefined */
- result = TEEC_ERROR_INVALID_CMD;
- printf("invalid command 0x%x\n", result);
+
+ /* 4. select cmd */
+ result = SelectCmd(argv, &context, &session, cmd);
+ switch (result) {
+ case TEEC_SUCCESS:
+ printf("success\n");
+ break;
+ case TEEC_ERROR_ITEM_NOT_FOUND:
+ printf_err("ssa log is not exist\n");
+ ret = -1;
+ goto close;
+ default:
+ printf_err("certmanger error: %d\n", result);
+ ret = -1;
+ goto close;
}
close:
TEEC_CloseSession(&session);
-finalize:
+final:
TEEC_FinalizeContext(&context);
-end:
- if (result != TEEC_SUCCESS) {
- printf_err("failed, errno: 0x%x\n", result);
- return -1;
- } else {
- printf_err("success\n");
- return 0;
- }
+ return ret;
}
diff --git a/test/CA/helloworld/ca_demo.c b/test/CA/helloworld/ca_demo.c
index a5910eacc2b6e3a6a98fc4e37f149489c2459773..630ce84eaabb27c808cc2fecbbcf72fe685cf847 100755
--- a/test/CA/helloworld/ca_demo.c
+++ b/test/CA/helloworld/ca_demo.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
- * iTrustee licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
diff --git a/test/CA/libqca/Makefile b/test/CA/libqca/Makefile
index 841c91a76f57f8ad282b5599e721ea37f2869e3f..51d51122f804e4fb82e7be698a59743c0bd5df31 100644
--- a/test/CA/libqca/Makefile
+++ b/test/CA/libqca/Makefile
@@ -38,5 +38,5 @@ $(TARGET_LIB): $(TARGET_LIB_BOUNDSCHECK) $(LIB_SOURCES)
clean:
$(MAKE) -C $(LIB_BOUNDSCHECK_DIR) clean
- rm -rf $(TARGET_DIR)
rm -rf $(LIB_OBJECTS)
+ rm -rf $(TARGET_DIR)
diff --git a/test/CA/libqca/include/ra_client_api.h b/test/CA/libqca/include/ra_client_api.h
index 8f39136b74d4ee3561291735c7d192bf245efff9..dd793a33ff59086bf5192e3ea8524e719fb54544 100644
--- a/test/CA/libqca/include/ra_client_api.h
+++ b/test/CA/libqca/include/ra_client_api.h
@@ -1,6 +1,6 @@
/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
- * licensed under the Mulan PSL v2.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -13,75 +13,10 @@
#define LIBQCA_H
#include
-#define KEY_TAG_TYPE_MOVE_BITS 28
-#define RA_INTEGER (1 << KEY_TAG_TYPE_MOVE_BITS)
-#define RA_BYTES (2 << KEY_TAG_TYPE_MOVE_BITS)
-
-/* scenario number */
-#define RA_SCENARIO_NO_AS 0
-#define RA_SCENARIO_AS_NO_DAA 1
-#define RA_SCENARIO_AS_WITH_DAA 2
-
-enum ra_alg_types {
- RA_ALG_RSA_3072 = 0x20000,
- RA_ALG_RSA_4096 = 0x20001,
- RA_ALG_SHA_256 = 0x20002,
- RA_ALG_SHA_384 = 0x20003,
- RA_ALG_SHA_512 = 0x20004,
- RA_ALG_ECDSA = 0x20005,
- RA_ALG_ED25519 = 0x20006,
- RA_ALG_SM2_DSA_SM3 = 0x20007,
- RA_ALG_SM3 = 0x20008,
-};
-
-enum ra_tags {
- RA_TAG_SIGN_TYPE = RA_INTEGER | 0,
- RA_TAG_HASH_TYPE = RA_INTEGER | 1,
- RA_TAG_QTA_IMG_HASH = RA_BYTES | 0,
- RA_TAG_TA_IMG_HASH = RA_BYTES | 1,
- RA_TAG_QTA_MEM_HASH = RA_BYTES | 2,
- RA_TAG_TA_MEM_HASH = RA_BYTES | 3,
- RA_TAG_RESERVED = RA_BYTES | 4,
- RA_TAG_AK_PUB = RA_BYTES | 5,
- RA_TAG_SIGN_DRK = RA_BYTES | 6,
- RA_TAG_SIGN_AK = RA_BYTES | 7,
- RA_TAG_CERT_DRK = RA_BYTES | 8,
- RA_TAG_CERT_AK = RA_BYTES | 9,
-};
-
struct ra_buffer_data {
uint32_t size;
uint8_t *buf;
};
-struct ra_data_offset {
- uint32_t data_len;
- uint32_t data_offset;
-};
-
-struct ra_params {
- uint32_t tags;
- union {
- uint32_t integer;
- struct ra_data_offset blob;
- } data;
-} __attribute__((__packed__));
-
-struct ra_params_set_t {
- uint32_t param_count;
- struct ra_params params[0];
-}__attribute__((__packed__));
-
-TEEC_Result RemoteAttestProvision(uint32_t scenario,
- struct ra_buffer_data *param_set,
- struct ra_buffer_data *out_data);
-
-TEEC_Result RemoteAttestReport(TEEC_UUID ta_uuid,
- struct ra_buffer_data *usr_data,
- struct ra_buffer_data *param_set,
- struct ra_buffer_data *report,
- bool with_tcb);
-
-TEEC_Result RemoteAttestSaveAKCert(struct ra_buffer_data *akcert);
-
+TEEC_Result RemoteAttest(struct ra_buffer_data *in, struct ra_buffer_data *out);
#endif
diff --git a/test/CA/libqca/src/ra_log.h b/test/CA/libqca/src/ra_log.h
index 7e400beb2c55ccc47573c0fddc2ab495a51220d1..1cb9d3863181e03de7a83352331db72a506fee3e 100644
--- a/test/CA/libqca/src/ra_log.h
+++ b/test/CA/libqca/src/ra_log.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
- * licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -9,12 +9,11 @@
* PURPOSE.
* See the Mulan PSL v2 for more details.
*/
-
#ifndef LIBQCA_RA_LOG_H
#define LIBQCA_RA_LOG_H
-#define TAG_WARN "[warn]"
-#define TAG_INFO "[info]"
+#define TAG_WARN "[warn]"
+#define TAG_INFO "[info]"
#define TAG_ERROR "[error]"
#define TAG_DEBUG "[debug]"
diff --git a/test/CA/libqca/src/ra_operate_api.c b/test/CA/libqca/src/ra_operate_api.c
index 6fd208b1fcde41975c5bee6e418971b9752d9a92..810f11fe9b576e884ec2f4df0630d849ac481882 100644
--- a/test/CA/libqca/src/ra_operate_api.c
+++ b/test/CA/libqca/src/ra_operate_api.c
@@ -1,6 +1,6 @@
/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
- * licensed under the Mulan PSL v2.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -23,272 +23,125 @@ static const TEEC_UUID g_tee_qta_uuid = {
}
};
-static const enum ra_tags g_tag_white_list [] = {
- RA_TAG_HASH_TYPE,
-};
-
-static bool check_provision_scenario_invalid(uint32_t scenario)
-{
- if (scenario == RA_SCENARIO_NO_AS || scenario == RA_SCENARIO_AS_NO_DAA)
- return false;
- return true;
-}
-
-#define WHITE_LIST_TAG_COUNT (sizeof(g_tag_white_list) / sizeof(g_tag_white_list[0]))
-
-static bool check_tag_is_valid(uint32_t tag)
+static TEEC_Result set_remote_attest_out_data(TEEC_SharedMemory *shared_out, uint32_t out_size,
+ struct ra_buffer_data *out)
{
- uint32_t index = 0;
- for (index = 0; index < WHITE_LIST_TAG_COUNT; ++index) {
- if (tag == g_tag_white_list[index])
- return true;
+ if (out == NULL || out->buf == NULL) {
+ return TEEC_SUCCESS;
+ }
+ if (out_size == 0) {
+ out->size = out_size;
+ return TEEC_SUCCESS;
+ } else if (out_size > out->size) {
+ tloge("out size is too short\n");
+ return TEEC_ERROR_SHORT_BUFFER;
+ }
+ if (memcpy_s(out->buf, out->size, shared_out->buffer, out_size) != EOK) {
+ tloge("memcpy shared out buffer failed\n");
+ return TEEC_ERROR_GENERIC;
}
- return false;
+ out->size = out_size;
+ return TEEC_SUCCESS;
}
-static bool check_input_paramset_invalid(struct ra_buffer_data *param_set)
+static TEEC_Result handle_remote_attest(TEEC_Context *context, TEEC_Session *session, struct ra_buffer_data *in,
+ struct ra_buffer_data *out)
{
- uint32_t length = param_set->size;
- struct ra_params_set_t *ra_param_set = (struct ra_params_set_t *)param_set->buf;
- uint32_t param_count = ra_param_set->param_count;
- if (length != sizeof(uint32_t) + param_count * sizeof(struct ra_params) || length > SHAREMEM_LIMIT) {
- tloge("invalid param length\n");
- return true;
+ uint32_t origin;
+ TEEC_Operation operation = {0};
+ operation.started = 1;
+ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INPUT, TEEC_MEMREF_PARTIAL_OUTPUT,
+ TEEC_VALUE_OUTPUT, TEEC_NONE);
+
+ TEEC_SharedMemory shared_in;
+ (void)memset_s(&shared_in, sizeof(shared_in), 0, sizeof(shared_in));
+ shared_in.size = in->size;
+ shared_in.flags = TEEC_MEM_INPUT;
+ TEEC_Result result = TEEC_AllocateSharedMemory(context, &shared_in);
+ if (result != TEEC_SUCCESS) {
+ tloge("allocate shared input failed, result = 0x%x.\n", result);
+ return result;
}
- struct ra_params *param = NULL;
- for (uint32_t index = 0; index < param_count; ++index) {
- param = &(ra_param_set->params[index]);
- if (check_tag_is_valid(param->tags) == false) {
- tloge("invalid param tag\n");
- return true;
+ operation.params[0].memref.parent = &shared_in;
+ operation.params[0].memref.size = shared_in.size;
+ operation.params[0].memref.offset = 0;
+ (void)memcpy_s(shared_in.buffer, in->size, in->buf, in->size);
+
+ TEEC_SharedMemory shared_out;
+ (void)memset_s(&shared_out, sizeof(shared_out), 0, sizeof(shared_out));
+ shared_out.flags = TEEC_MEM_OUTPUT;
+ if (out != NULL && out->buf != NULL) {
+ shared_out.size = out->size;
+ result = TEEC_AllocateSharedMemory(context, &shared_out);
+ if (result != TEEC_SUCCESS) {
+ tloge("allocate shared output failed, result = 0x%x.\n", result);
+ goto clear1;
}
+ (void)memset_s(out->buf, out->size, 0, out->size);
+ (void)memset_s(shared_out.buffer, shared_out.size, 0, shared_out.size);
}
- return false;
-}
+ operation.params[1].memref.parent = &shared_out;
+ operation.params[1].memref.size = shared_out.size;
+ operation.params[1].memref.offset = 0;
-static int32_t init_opera_and_shared_mem(TEEC_Context *context, TEEC_SharedMemory *shared_mem,
- TEEC_Operation *operation, struct ra_buffer_data *rsp, struct ra_buffer_data *msg)
-{
- TEEC_Result result;
- (void)memset_s(operation, sizeof(TEEC_Operation), 0, sizeof(TEEC_Operation));
- (*operation).started = 1;
- (*operation).paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_WHOLE, TEEC_VALUE_OUTPUT, TEEC_NONE, TEEC_NONE);
- shared_mem->size = (rsp == NULL ? msg->size : rsp->size);
- shared_mem->flags = TEEC_MEM_OUTPUT | TEEC_MEM_INPUT;
- if (shared_mem->size > SHAREMEM_LIMIT) {
- tloge("too large shared mem size to be allocated\n");
- return -1;
- }
- result = TEEC_AllocateSharedMemory(context, shared_mem);
+ result = TEEC_InvokeCommand(session, REMOTE_ATTEST_CMD, &operation, &origin);
if (result != TEEC_SUCCESS) {
- tloge("allocate shared memory failed, result = 0x%x\n", result);
- return -1;
+ tloge("invoke command failed, result = 0x%x\n", result);
+ goto clear2;
}
- (*operation).params[0].memref.parent = shared_mem;
- (*operation).params[0].memref.size = shared_mem->size;
- (*operation).params[0].memref.offset = 0;
- return 0;
+
+ result = set_remote_attest_out_data(&shared_out, operation.params[2].value.a, out);
+clear2:
+ if (out != NULL && out->buf != NULL)
+ TEEC_ReleaseSharedMemory(&shared_out);
+clear1:
+ TEEC_ReleaseSharedMemory(&shared_in);
+ return result;
}
-static int32_t handle_cmd_id(uint32_t cmd_id, TEEC_SharedMemory *shared_mem, struct ra_buffer_data *msg)
+TEEC_Result RemoteAttest(struct ra_buffer_data *in, struct ra_buffer_data *out)
{
- int32_t ret = 0;
- if (cmd_id == INIT_PROVISION || cmd_id == REQUEST_REPORT || cmd_id == SAVE_AKCERT) {
- if (memcpy_s((void *)shared_mem->buffer, shared_mem->size, msg->buf, msg->size) != EOK) {
- tloge("memcpy buffer failed\n");
- ret = -1;
+ if (in == NULL || in->buf == NULL || in->size == 0 || in->size > PARAMS_RESERVED_SIZE) {
+ tloge("check input failed\n");
+ return TEEC_ERROR_BAD_PARAMETERS;
+ }
+
+ if (out != NULL) {
+ if (out->size > SHAREMEM_LIMIT || (out->buf == NULL && out->size > 0) ||
+ (out->buf != NULL && out->size < OUT_DATA_RESERVED_SIZE)) {
+ tloge("check output failed\n");
+ return TEEC_ERROR_BAD_PARAMETERS;
}
- } else {
- tloge("cmd id invalid!\n");
- return -1;
}
- return ret;
-}
-static TEEC_Result handle_cmd(uint32_t cmd_id, struct ra_buffer_data *msg, struct ra_buffer_data *rsp)
-{
TEEC_Context context = {0};
TEEC_Session session = {0};
TEEC_Operation operation = {0};
- TEEC_Result result;
- uint32_t origin;
TEEC_UUID uuid = g_tee_qta_uuid;
- result = TEEC_InitializeContext(NULL, &context);
+ TEEC_Result result = TEEC_InitializeContext(NULL, &context);
if (result != TEEC_SUCCESS) {
- tloge("init context is failed! result is 0x%x\n", result);
- return TEEC_ERROR_GENERIC;
+ tloge("init context is failed, result is 0x%x\n", result);
+ return result;
}
- (void)memset_s(&operation, sizeof(TEEC_Operation), 0, sizeof(TEEC_Operation));
operation.started = 1;
operation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE);
result = TEEC_OpenSession(&context, &session, &uuid, TEEC_LOGIN_IDENTIFY, NULL, &operation, NULL);
if (result != TEEC_SUCCESS) {
- tloge("open session is failed! result is 0x%x\n", result);
- goto cleanup_0;
+ tloge("open session is failed, result is 0x%x\n", result);
+ goto cleanup_1;
}
- TEEC_SharedMemory shared_mem;
- result = init_opera_and_shared_mem(&context, &shared_mem, &operation, rsp, msg);
- if (result != 0)
- goto cleanup_1;
- result = handle_cmd_id(cmd_id, &shared_mem, msg);
- if (result != 0)
- goto cleanup_2;
-
- result = TEEC_InvokeCommand(&session, cmd_id, &operation, &origin);
+ result = handle_remote_attest(&context, &session, in, out);
if (result != TEEC_SUCCESS) {
- tloge("invoke cmd 0x%x failed, result = 0x%x, origin = 0x%x\n", cmd_id, result, origin);
+ tloge("handle remote attest failed, result is 0x%x\n", result);
goto cleanup_2;
}
- if (rsp != NULL) {
- rsp->size = operation.params[1].value.a;
- if (memcpy_s(rsp->buf, rsp->size, (void *)shared_mem.buffer, rsp->size) != EOK) {
- tloge("memcpy buffer failed\n");
- result = TEEC_ERROR_GENERIC;
- goto cleanup_2;
- }
- }
+
cleanup_2:
- TEEC_ReleaseSharedMemory(&shared_mem);
-cleanup_1:
TEEC_CloseSession(&session);
-cleanup_0:
- TEEC_FinalizeContext(&context);
- return result;
-}
-
-TEEC_Result RemoteAttestSaveAKCert(struct ra_buffer_data *akcert)
-{
- if (akcert == NULL || akcert->buf == NULL || akcert->size == 0 || akcert->size > SAVE_AKCERT_RESERVED_SIZE) {
- tloge("bad input params\n");
- return TEEC_ERROR_BAD_PARAMETERS;
- }
- TEEC_Result result = TEEC_SUCCESS;
- struct ra_buffer_data msg;
- msg.buf = akcert->buf;
- msg.size = akcert->size;
-
- tlogi("Try to call save AK cert.\n");
- result = handle_cmd(SAVE_AKCERT, &msg, NULL);
- if (result != TEEC_SUCCESS) {
- tloge("Call Save AK Cert Failed, result = 0x%x\n", result);
- return result;
- }
- tlogi("Call Save AK Cert success.\n");
-
- return result;
-}
-
-TEEC_Result RemoteAttestProvision(uint32_t scenario, struct ra_buffer_data *param_set, struct ra_buffer_data *out_data)
-{
- if (param_set == NULL || param_set->buf == NULL || out_data == NULL || out_data->size == 0 ||
- out_data->size < PROVISION_RESERVED_SIZE || out_data->size > SHAREMEM_LIMIT) {
- tloge("bad input params or short out data size\n");
- return TEEC_ERROR_BAD_PARAMETERS;
- }
- if (check_provision_scenario_invalid(scenario) == true || check_input_paramset_invalid(param_set) == true) {
- tloge("invalid scenario number or input alg param\n");
- return TEEC_ERROR_BAD_PARAMETERS;
- }
- struct provision_input_params *ra_input = malloc(sizeof(uint32_t) + param_set->size);
- if (ra_input == NULL) {
- tloge("malloc provision input param failed\n");
- return TEEC_ERROR_OUT_OF_MEMORY;
- }
- ra_input->scenario = scenario;
- (void)memcpy_s(&(ra_input->param_count), param_set->size, param_set->buf, param_set->size);
-
- TEEC_Result ret = TEEC_SUCCESS;
- struct ra_buffer_data msg = {0};
- struct ra_buffer_data rsp;
-
- msg.buf = (uint8_t *)ra_input;
- msg.size = param_set->size + sizeof(uint32_t);
-
- rsp.buf = malloc(out_data->size);
- if (rsp.buf == NULL) {
- tloge("malloc out data buffer failed\n");
- ret = TEEC_ERROR_OUT_OF_MEMORY;
- goto cleanup_0;
- }
- rsp.size = out_data->size;
- ret = handle_cmd(INIT_PROVISION, &msg, &rsp);
- if (ret != TEEC_SUCCESS) {
- tloge("Call Provision Failed, ret = 0x%x\n", ret);
- goto cleanup_1;
- }
- /* handle out data buffer and size according to scenario number */
- if (scenario == RA_SCENARIO_NO_AS) {
- out_data->size = 0;
- } else {
- out_data->size = rsp.size;
- (void)memcpy_s(out_data->buf, out_data->size, rsp.buf, rsp.size);
- }
- tlogi("Call Provision success.\n");
-
-cleanup_1:
- free(rsp.buf);
-cleanup_0:
- free(ra_input);
- return ret;
-}
-
-TEEC_Result RemoteAttestReport(TEEC_UUID ta_uuid, struct ra_buffer_data *usr_data, struct ra_buffer_data *param_set,
- struct ra_buffer_data *report, bool with_tcb)
-{
- if (usr_data == NULL || usr_data->buf == NULL || usr_data->size == 0 || usr_data->size > USER_DATA_SIZE ||
- report == NULL || report->buf == NULL || report->size < REPORT_RESERVED_SIZE ||
- report->size > SHAREMEM_LIMIT || with_tcb != false) {
- tloge("bad input params\n");
- return TEEC_ERROR_BAD_PARAMETERS;
- }
- if (check_input_paramset_invalid(param_set) == true) {
- tloge("invalid input alg param\n");
- return TEEC_ERROR_BAD_PARAMETERS;
- }
- TEEC_Result result = TEEC_SUCCESS;
- struct ra_buffer_data msg;
- struct ra_buffer_data rsp;
- struct report_input_params *ra_input = malloc(sizeof(struct report_input_params) + param_set->size);
- if (ra_input == NULL) {
- tloge("malloc report input param failed\n");
- return TEEC_ERROR_OUT_OF_MEMORY;
- }
- (void)memset_s(ra_input, sizeof(struct report_input_params), 0, sizeof(struct report_input_params));
- /* init struct report_input_params */
- ra_input->uuid = ta_uuid;
- ra_input->with_tcb = with_tcb;
- (void)memcpy_s(ra_input->user_data, USER_DATA_SIZE, usr_data->buf, usr_data->size);
- ra_input->user_size = usr_data->size;
- (void)memcpy_s(&(ra_input->param_count), param_set->size, param_set->buf, param_set->size);
-
- msg.buf = (uint8_t *)ra_input;
- msg.size = sizeof(struct report_input_params) + param_set->size;
-
- rsp.buf = malloc(report->size);
- if (rsp.buf == NULL) {
- tloge("malloc report buffer failed\n");
- result = TEEC_ERROR_OUT_OF_MEMORY;
- goto cleanup_0;
- }
- rsp.size = report->size;
- tlogi("Try to call Attestation Report.\n");
-
- result = handle_cmd(REQUEST_REPORT, &msg, &rsp);
- if (result != TEEC_SUCCESS) {
- tloge("Call Attestation Report Failed, result = 0x%x\n", result);
- goto cleanup_1;
- }
- report->size = rsp.size;
- (void)memcpy_s(report->buf, report->size, rsp.buf, rsp.size);
- tlogi("Call Attestation Report success, report size = %u\n", report->size);
-
cleanup_1:
- free(rsp.buf);
-cleanup_0:
- free(ra_input);
+ TEEC_FinalizeContext(&context);
return result;
}
-
diff --git a/test/CA/libqca/src/ra_operate_api.h b/test/CA/libqca/src/ra_operate_api.h
index b60dd913632399a43a80782843f9b62d1568aa88..0269712a1c5cd721486ea5859196b2cd5948bd6e 100644
--- a/test/CA/libqca/src/ra_operate_api.h
+++ b/test/CA/libqca/src/ra_operate_api.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
- * licensed under the Mulan PSL v2.
+ * Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
@@ -16,36 +16,9 @@
#include "tee_client_api.h"
#include "ra_client_api.h"
-#define SHAREMEM_LIMIT 0x100000 /* 1MB */
-#define PROVISION_RESERVED_SIZE (0x1000)
-#define SAVE_AKCERT_RESERVED_SIZE (0x2000)
-#define REPORT_RESERVED_SIZE (0x3000)
-
-#define USER_DATA_SIZE 64
-/* scenario number */
-#define RA_SCENARIO_NO_AS 0
-#define RA_SCENARIO_AS_NO_DAA 1
-#define RA_SCENARIO_AS_WITH_DAA 2
-
-enum qca_commands_id {
- INIT_PROVISION = 0x1001,
- REQUEST_REPORT = 0x1002,
- SAVE_AKCERT = 0x1003,
-};
-
-struct report_input_params {
- TEEC_UUID uuid;
- uint8_t user_data[USER_DATA_SIZE];
- uint32_t user_size;
- bool with_tcb;
- uint32_t param_count;
- struct ra_params params[0];
-} __attribute__((__packed__));
-
-struct provision_input_params {
- uint32_t scenario;
- uint32_t param_count;
- struct ra_params params[0];
-} __attribute__((__packed__));
+#define SHAREMEM_LIMIT (0x100000) /* 1 MB */
+#define PARAMS_RESERVED_SIZE (0x2000)
+#define OUT_DATA_RESERVED_SIZE (0x3000)
+#define REMOTE_ATTEST_CMD (0x1001)
#endif
diff --git a/test/TA/cert_manager/include/cert_config.h b/test/TA/cert_manager/include/cert_config.h
index d6af54522fe2cfafd4c780c46fa688dd5d4322b1..dee55d04c34ab33a31c969c758b819d50865d903 100644
--- a/test/TA/cert_manager/include/cert_config.h
+++ b/test/TA/cert_manager/include/cert_config.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved.
* Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
diff --git a/test/TA/cert_manager/src/cert_logger.c b/test/TA/cert_manager/src/cert_logger.c
index 3692d6952b8028fea73d2fddb16cdd555fe8c779..99b1dfbcf4cb70b4cf639b5b15348ddbf5868268 100644
--- a/test/TA/cert_manager/src/cert_logger.c
+++ b/test/TA/cert_manager/src/cert_logger.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
* Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
@@ -23,14 +23,18 @@ static const char *g_log_path = "dyn_crt_op.log";
static TEE_Result log_open(TEE_ObjectHandle *obj, uint32_t flag)
{
uint32_t storage_id = TEE_OBJECT_STORAGE_PRIVATE;
+ uint32_t create_flag = TEE_DATA_FLAG_ACCESS_WRITE |
+ TEE_DATA_FLAG_ACCESS_WRITE_META |
+ TEE_DATA_FLAG_ACCESS_READ;
/* open log file */
TEE_Result ret = TEE_OpenPersistentObject(storage_id, g_log_path, strlen(g_log_path), flag, obj);
if (ret == TEE_ERROR_ITEM_NOT_FOUND &&
- ((flag & TEE_DATA_FLAG_ACCESS_WRITE != 0) || (flag & TEE_DATA_FLAG_ACCESS_WRITE_META != 0))) {
+ (((flag & TEE_DATA_FLAG_ACCESS_WRITE) != 0) || ((flag & TEE_DATA_FLAG_ACCESS_WRITE_META) != 0) ||
+ ((flag & TEE_DATA_FLAG_SHARE_WRITE) != 0))) {
/* create it if file is not exist when writing or changing metadata */
tlogi("file not exist, creating: %s\n", g_log_path);
ret = TEE_CreatePersistentObject(storage_id, g_log_path, strlen(g_log_path),
- flag, TEE_HANDLE_NULL,
+ create_flag, TEE_HANDLE_NULL,
NULL, 0, obj);
if (ret != TEE_SUCCESS)
tloge("create file failed: %s\n", g_log_path);
@@ -102,9 +106,12 @@ TEE_Result cert_log_write(char *log_info)
{
TEE_Result ret;
TEE_ObjectHandle obj;
+ if (log_info == NULL)
+ return TEE_ERROR_BAD_PARAMETERS;
/* 1. open log file */
uint32_t open_flag = TEE_DATA_FLAG_ACCESS_WRITE |
- TEE_DATA_FLAG_ACCESS_WRITE_META |
+ TEE_DATA_FLAG_SHARE_WRITE |
+ TEE_DATA_FLAG_SHARE_READ |
TEE_DATA_FLAG_ACCESS_READ;
ret = log_open(&obj, open_flag);
if (ret != TEE_SUCCESS) {
@@ -128,7 +135,6 @@ TEE_Result cert_log_write(char *log_info)
tloge("roll back file failed: %s\n", g_log_path);
goto close;
}
-
close:
(void)TEE_SyncPersistentObject(obj);
TEE_CloseObject(obj);
@@ -140,8 +146,10 @@ TEE_Result cert_log_read(char *dst, uint64_t dst_len, uint32_t *read_len)
{
TEE_Result ret;
TEE_ObjectHandle obj;
+ if (dst == NULL || read_len == NULL)
+ return TEE_ERROR_BAD_PARAMETERS;
/* 1. open log file */
- uint32_t open_flag = TEE_DATA_FLAG_ACCESS_READ;
+ uint32_t open_flag = TEE_DATA_FLAG_ACCESS_READ | TEE_DATA_FLAG_SHARE_READ;
ret = log_open(&obj, open_flag);
if (ret != TEE_SUCCESS) {
tloge("open file failed: %s\n", g_log_path);
diff --git a/test/TA/cert_manager/src/cert_manager.c b/test/TA/cert_manager/src/cert_manager.c
index 1daff60032c37aba502c95d5c91af94936c3cbb7..7764af8c904c2b09a62ae05eb43c64517c324aeb 100644
--- a/test/TA/cert_manager/src/cert_manager.c
+++ b/test/TA/cert_manager/src/cert_manager.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved.
* Licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
@@ -13,6 +13,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -24,11 +25,13 @@ enum {
SAVE_CERT_CMD = 1,
SEARCH_CERT_CMD = 2,
DEL_CERT_CMD = 3,
- SEARCH_LOG_CMD = 4
+ SEARCH_LOG_CMD = 4,
+ SEND_CRL_CMD = 5
};
#define ACTION_CRT_EXPORT "export"
-#define ACTION_CRT_IMPORT "import"
+#define ACTION_CRT_IMPORT "cert_import"
+#define ACTION_CRL_IMPORT "crl_import"
#define ACTION_CRT_REMOVE "remove"
#define ACTION_CRT_UNDEFINED "undefined"
#define MAX_BUFFER_LEN 8192
@@ -92,6 +95,29 @@ static TEE_Result cert_verify_and_send(uint32_t param_types, TEE_Param params[4]
return ret;
}
+static TEE_Result crl_send_service(uint32_t param_types, TEE_Param params[4])
+{
+ TEE_Result ret;
+ if (!check_param_type(param_types,
+ TEE_PARAM_TYPE_MEMREF_INPUT,
+ TEE_PARAM_TYPE_NONE,
+ TEE_PARAM_TYPE_NONE,
+ TEE_PARAM_TYPE_NONE)) {
+ tloge("Bad expected parameter types, 0x%x.\n", param_types);
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ if (params[0].memref.size == 0 || params[0].memref.size > MAX_BUFFER_LEN || params[0].memref.buffer == NULL) {
+ tloge("Bad expected parameter.\n");
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
+ ret = TEE_EXT_crl_cert_process(params[0].memref.buffer, params[0].memref.size);
+ if (ret != TEE_SUCCESS)
+ tloge("crl send failed\n");
+ return ret;
+}
+
static TEE_Result cert_search_service(uint32_t param_types, uint32_t cmd_id, TEE_Param params[4])
{
TEE_Result ret = TEE_SUCCESS;
@@ -114,7 +140,7 @@ static TEE_Result cert_search_service(uint32_t param_types, uint32_t cmd_id, TEE
dst = (uint8_t *)malloc(params[0].memref.size);
if (dst == NULL) {
- tloge("malloc failed\n");
+ tloge("malloc failed");
return TEE_ERROR_OUT_OF_MEMORY;
}
@@ -166,10 +192,10 @@ static TEE_Result cert_delete_service(uint32_t param_types)
}
/**
- * Function TA_CreateEntryPoint
- * Description:
- * The function TA_CreateEntryPoint is the Trusted Application's constructor,
- * which the Framework calls when it creates a new instance of the Trusted Application.
+ * Function TA_CreateEntryPoint
+ * Description:
+ * The function TA_CreateEntryPoint is the Trusted Application's constructor,
+ * which the Framework calls when it creates a new instance of the Trusted Application.
*/
TEE_Result TA_CreateEntryPoint(void)
{
@@ -180,12 +206,12 @@ TEE_Result TA_CreateEntryPoint(void)
}
/**
- * Function TA_OpenSessionEntryPoint
- * Description:
- * The Framework calls the function TA_OpenSessionEntryPoint
- * when a client requests to open a session with the Trusted Application.
- * The open session request may result in a new Trusted Application instance
- * being created.
+ * Function TA_OpenSessionEntryPoint
+ * Description:
+ * The Framework calls the function TA_OpenSessionEntryPoint
+ * when a client requests to open a session with the Trusted Application.
+ * The open session request may result in a new Trusted Application instance
+ * being created.
*/
TEE_Result TA_OpenSessionEntryPoint(uint32_t paramTypes,
TEE_Param params[4], void** sessionContext)
@@ -201,10 +227,10 @@ TEE_Result TA_OpenSessionEntryPoint(uint32_t paramTypes,
}
/**
- * Function TA_InvokeCommandEntryPoint
- * Description:
- * The Framework calls this function when the client invokes a command
- * within the given session.
+ * Function TA_InvokeCommandEntryPoint
+ * Description:
+ * The Framework calls this function when the client invokes a command
+ * within the given session.
*/
TEE_Result TA_InvokeCommandEntryPoint(void* sessionContext, uint32_t cmd_id,
uint32_t paramTypes, TEE_Param params[4])
@@ -220,6 +246,12 @@ TEE_Result TA_InvokeCommandEntryPoint(void* sessionContext, uint32_t cmd_id,
if (ret != TEE_SUCCESS)
tloge("certificate restoring failed\n");
break;
+ case SEND_CRL_CMD:
+ action = ACTION_CRL_IMPORT;
+ ret = crl_send_service(paramTypes, params);
+ if (ret != TEE_SUCCESS)
+ tloge("crl restoring failed\n");
+ break;
case SEARCH_CERT_CMD:
/* fall through: to be handled with the same function as SEARCH_LOG_CMD case */
case SEARCH_LOG_CMD:
@@ -244,11 +276,11 @@ TEE_Result TA_InvokeCommandEntryPoint(void* sessionContext, uint32_t cmd_id,
}
/**
- * Function TA_CloseSessionEntryPoint
- * Description:
- * The Framework calls this function to close a client session.
- * During the call to this function the implementation can use
- * any session functions.
+ * Function TA_CloseSessionEntryPoint
+ * Description:
+ * The Framework calls this function to close a client session.
+ * During the call to this function the implementation can use
+ * any session functions.
*/
void TA_CloseSessionEntryPoint(void* sessionContext)
{
@@ -258,10 +290,10 @@ void TA_CloseSessionEntryPoint(void* sessionContext)
}
/**
- * Function TA_DestroyEntryPoint
- * Description:
- * The function TA_DestroyEntryPoint is the Trusted Application's destructor,
- * which the Framework calls when the instance is being destroyed.
+ * Function TA_DestroyEntryPoint
+ * Description:
+ * The function TA_DestroyEntryPoint is the Trusted Application's destructor,
+ * which the Framework calls when the instance is being destroyed.
*/
void TA_DestroyEntryPoint(void)
{
diff --git a/test/TA/helloworld/auth_config.xml b/test/TA/helloworld/auth_config.xml
new file mode 100644
index 0000000000000000000000000000000000000000..d71581ddec412629f80b184cc7bb764ce7fa163e
--- /dev/null
+++ b/test/TA/helloworld/auth_config.xml
@@ -0,0 +1,7 @@
+
+
+
+