diff --git a/support-part-openssl-headers.patch b/0004-support-part-openssl-headers.patch similarity index 100% rename from support-part-openssl-headers.patch rename to 0004-support-part-openssl-headers.patch diff --git a/0005-support-remote-attestation.patch b/0005-support-remote-attestation.patch new file mode 100644 index 0000000000000000000000000000000000000000..b5d1d33a6de6491abce48ed3c030a9772fec9fc7 --- /dev/null +++ b/0005-support-remote-attestation.patch @@ -0,0 +1,19052 @@ +From f2cc71ac472a5131fc146939418d5d3842c23141 Mon Sep 17 00:00:00 2001 +From: houmingyong +Date: Wed, 26 Apr 2023 11:19:11 +0800 +Subject: [PATCH] support remote attestation + +--- + CHANGELOG | 12 +- + README | 20 + + build/cmake/aarch64_toolchain.cmake | 14 + + build/cmake/common.cmake | 54 + + build/mk/common.mk | 39 + + build/pack-Config/Config_pre.py | 284 +++ + build/pack-Config/ReadMe.txt | 18 + + build/pack-Config/config_cert/ReadMe.txt | 2 + + build/pack-Config/config_v2.py | 122 ++ + build/pack-Config/input/configs.xml | 15 + + build/pack-Config/local_sign.sh | 61 + + build/pack-Config/output/ReadMe.txt | 1 + + build/pack-Config/ta_cert/ReadMe.txt | 1 + + build/pack-TA/Readme.txt | 12 + + build/pack-TA/build_ta.sh | 22 + + build/pack-TA/input/Readme.txt | 4 + + build/pack-TA/output/Readme.txt | 1 + + build/signtools/auth_conf_parser.py | 260 +++ + build/signtools/config_cloud.ini | 60 + + build/signtools/config_tee_private_sample.ini | 35 + + build/signtools/dyn_conf_checker.py | 512 ++++++ + build/signtools/dyn_conf_parser.py | 315 ++++ + build/signtools/generate_hash.py | 51 + + build/signtools/generate_signature.py | 69 +- + build/signtools/get_ta_elf_hash.py | 246 +++ + build/signtools/manifest.py | 273 ++- + build/signtools/manifest_tag_parse_dict.csv | 24 + + build/signtools/rsa_public_key_cloud.pem | 11 + + build/signtools/signtool_v3.py | 763 ++++++--- + build/signtools/tag_parse_dict.csv | 120 ++ + build/signtools/xml_trans_manifest.py | 109 ++ + build/tools/srv_entry_check.sh | 13 + + build/tools/ta_entry_check.sh | 52 + + build/tools/ta_link_64.gcc_xom.ld | 226 +++ + build/tools/ta_link_64.ld | 20 +- + build/tools/ta_link_64.smee.ld | 262 +++ + include/CA/tee_client_api.h | 21 +- + include/CA/tee_client_constants.h | 68 +- + include/CA/tee_client_list.h | 39 +- + include/CA/tee_client_log.h | 9 +- + include/CA/tee_client_type.h | 56 +- + include/TA/huawei_ext/crypto_cert_wrapper.h | 87 + + .../TA/huawei_ext/crypto_device_key_wrapper.h | 31 + + include/TA/huawei_ext/crypto_ec_wrapper.h | 149 ++ + .../TA/huawei_ext/crypto_ec_x509_wrapper.h | 53 + + include/TA/huawei_ext/crypto_inner_wrapper.h | 71 + + include/TA/huawei_ext/crypto_rsa_wrapper.h | 154 ++ + include/TA/huawei_ext/crypto_wrapper.h | 583 +------ + include/TA/huawei_ext/crypto_x509_wrapper.h | 169 ++ + include/TA/huawei_ext/permsrv_api_cert.h | 22 + + include/TA/huawei_ext/permsrv_api_legacy.h | 21 + + include/TA/huawei_ext/qsi_data_structure.h | 27 + + include/TA/huawei_ext/tee_crypto_err.h | 42 + + include/TA/huawei_ext/tee_crypto_hal.h | 14 +- + include/TA/huawei_ext/tee_err.h | 31 + + include/TA/huawei_ext/tee_ext_api.h | 67 +- + include/TA/huawei_ext/tee_hw_ext_api_legacy.h | 293 ++++ + include/TA/huawei_ext/tee_log.h | 218 ++- + include/TA/huawei_ext/tee_log_legacy.h | 18 + + include/TA/huawei_ext/tee_openssl_err.h | 500 ++++++ + include/TA/huawei_ext/tee_ra_api.h | 23 + + include/TA/pthread_attr.h | 22 + + include/TA/tee_arith_api.h | 27 +- + include/TA/tee_core_api.h | 8 +- + include/TA/tee_crypto_api.h | 168 +- + include/TA/tee_defines.h | 284 +-- + include/TA/tee_mem_mgmt_api.h | 5 +- + include/TA/tee_object_api.h | 5 +- + include/TA/tee_property_api.h | 7 +- + include/TA/tee_time_api.h | 81 +- + include/TA/tee_trusted_storage_api.h | 309 ++++ + include/TA/tee_uuid.h | 27 + + src/CA/libteec_adaptor.c | 269 +++ + test/CA/cert_manager/Makefile | 27 + + test/CA/cert_manager/cert_common.h | 21 + + test/CA/cert_manager/cert_file.c | 100 ++ + test/CA/cert_manager/cert_file.h | 25 + + test/CA/cert_manager/cert_manager.c | 368 ++++ + test/CA/helloworld/Makefile | 24 + + test/CA/helloworld/ca_demo.c | 17 +- + test/CA/libqca/Makefile | 42 + + test/CA/libqca/include/ra_client_api.h | 22 + + test/CA/libqca/src/ra_log.h | 27 + + test/CA/libqca/src/ra_operate_api.c | 147 ++ + test/CA/libqca/src/ra_operate_api.h | 24 + + test/TA/cert_manager/CMakeLists.txt | 38 + + test/TA/cert_manager/Makefile | 34 + + test/TA/cert_manager/config.cmake | 11 + + test/TA/cert_manager/config.mk | 12 + + test/TA/cert_manager/config.sh | 34 + + test/TA/cert_manager/include/cert_config.h | 63 + + test/TA/cert_manager/manifest.txt | 7 + + test/TA/cert_manager/src/cert_logger.c | 165 ++ + test/TA/cert_manager/src/cert_logger.h | 31 + + test/TA/cert_manager/src/cert_manager.c | 301 ++++ + test/TA/helloworld/CMakeLists.txt | 30 + + test/TA/helloworld/Makefile | 28 + + test/TA/helloworld/ReadMe.txt | 7 +- + test/TA/helloworld/auth_config.xml | 7 + + test/TA/helloworld/config.cmake | 23 + + test/TA/helloworld/config.mk | 19 +- + test/TA/helloworld/config.sh | 34 + + test/TA/helloworld/ta_demo.c | 15 +- + test/TA/qta/CMakeLists.txt | 67 + + test/TA/qta/Makefile | 41 + + test/TA/qta/ReadMe.txt | 12 + + test/TA/qta/config.cmake | 23 + + test/TA/qta/config.mk | 23 + + test/TA/qta/config.sh | 34 + + test/TA/qta/manifest.txt | 7 + + test/TA/qta/src/daa/daa_structure.c | 185 ++ + test/TA/qta/src/daa/daa_structure.h | 64 + + test/TA/qta/src/daa/validate_akcert.c | 191 +++ + test/TA/qta/src/daa/validate_akcert.h | 20 + + test/TA/qta/src/tee_qta.c | 279 +++ + test/TA/qta/src/tee_qta.h | 29 + + .../musl/libc/arch/aarch64/bits/alltypes.h | 251 ++- + .../musl/libc/arch/aarch64/bits/hwcap.h | 12 + + .../musl/libc/arch/aarch64/bits/mman.h | 2 + + .../musl/libc/arch/aarch64/bits/signal.h | 4 +- + .../musl/libc/arch/aarch64/bits/syscall.h | 1144 +++++++------ + .../musl/libc/arch/aarch64/bits/syscall.h.in | 10 + + .../musl/libc/arch/aarch64/bits/user.h | 2 +- + .../musl/libc/arch/aarch64/pthread_arch.h | 9 +- + .../musl/libc/arch/arm/bits/alltypes.h | 252 ++- + .../musl/libc/arch/arm/bits/syscall.h | 1521 +++++++++-------- + .../open_source/musl/libc/arch/arm/crt_arch.h | 27 + + .../musl/libc/arch/generic/bits/fcntl.h | 6 + + .../musl/libc/arch/generic/bits/shm.h | 2 +- + thirdparty/open_source/musl/libc/arpa/inet.h | 5 - + thirdparty/open_source/musl/libc/ctype.h | 7 + + thirdparty/open_source/musl/libc/elf.h | 4 + + thirdparty/open_source/musl/libc/float.h | 52 + + thirdparty/open_source/musl/libc/limits.h | 2 + + thirdparty/open_source/musl/libc/locale.h | 4 +- + thirdparty/open_source/musl/libc/netinet/in.h | 8 +- + .../open_source/musl/libc/netinet/tcp.h | 29 +- + thirdparty/open_source/musl/libc/nl_types.h | 22 + + thirdparty/open_source/musl/libc/pthread.h | 22 + + thirdparty/open_source/musl/libc/sched.h | 1 + + thirdparty/open_source/musl/libc/setjmp.h | 14 +- + thirdparty/open_source/musl/libc/signal.h | 24 +- + thirdparty/open_source/musl/libc/stddef.h | 6 +- + thirdparty/open_source/musl/libc/stdio.h | 4 +- + thirdparty/open_source/musl/libc/stdlib.h | 7 +- + thirdparty/open_source/musl/libc/string.h | 4 +- + thirdparty/open_source/musl/libc/sys/fcntl.h | 2 + + thirdparty/open_source/musl/libc/sys/ioctl.h | 9 +- + thirdparty/open_source/musl/libc/sys/mman.h | 5 +- + thirdparty/open_source/musl/libc/sys/socket.h | 2 + + thirdparty/open_source/musl/libc/time.h | 6 +- + thirdparty/open_source/musl/libc/unistd.h | 8 +- + thirdparty/open_source/musl/libc/wchar.h | 4 +- + .../open_source}/openssl/crypto/asn1.h | 3 - + .../open_source}/openssl/crypto/bn.h | 0 + .../open_source}/openssl/crypto/ec.h | 6 - + .../open_source}/openssl/crypto/err.h | 0 + .../open_source}/openssl/internal/bio.h | 6 - + .../open_source}/openssl/openssl/asn1.h | 7 +- + .../open_source}/openssl/openssl/asn1err.h | 0 + .../open_source}/openssl/openssl/asn1t.h | 17 - + .../open_source}/openssl/openssl/bio.h | 14 +- + .../open_source}/openssl/openssl/bioerr.h | 0 + .../open_source}/openssl/openssl/bn.h | 127 +- + .../open_source}/openssl/openssl/bnerr.h | 0 + .../open_source}/openssl/openssl/buffer.h | 2 + + .../open_source}/openssl/openssl/buffererr.h | 0 + .../open_source}/openssl/openssl/cmac.h | 0 + .../open_source}/openssl/openssl/crypto.h | 60 +- + .../open_source}/openssl/openssl/cryptoerr.h | 0 + .../open_source}/openssl/openssl/dh.h | 8 +- + .../open_source}/openssl/openssl/dsa.h | 6 +- + .../open_source}/openssl/openssl/e_os2.h | 14 +- + .../open_source}/openssl/openssl/ec.h | 3 +- + .../open_source}/openssl/openssl/ecdsa.h | 9 - + .../open_source}/openssl/openssl/ecerr.h | 6 - + .../open_source}/openssl/openssl/err.h | 12 - + .../open_source}/openssl/openssl/evp.h | 19 +- + .../open_source}/openssl/openssl/evperr.h | 2 - + .../open_source}/openssl/openssl/hmac.h | 0 + .../open_source}/openssl/openssl/kdf.h | 1 + + .../open_source}/openssl/openssl/kdferr.h | 0 + .../open_source}/openssl/openssl/lhash.h | 1 + + .../open_source}/openssl/openssl/obj_mac.h | 105 -- + .../open_source}/openssl/openssl/objects.h | 2 + + .../open_source}/openssl/openssl/objectserr.h | 0 + .../openssl/openssl/opensslconf.h | 0 + .../open_source}/openssl/openssl/opensslv.h | 1 + + .../open_source}/openssl/openssl/ossl_typ.h | 3 - + .../open_source}/openssl/openssl/pem.h | 11 - + .../open_source}/openssl/openssl/pemerr.h | 0 + .../open_source}/openssl/openssl/pkcs7.h | 138 -- + .../open_source}/openssl/openssl/pkcs7err.h | 15 - + .../open_source}/openssl/openssl/rand.h | 10 - + .../open_source}/openssl/openssl/randerr.h | 0 + .../open_source}/openssl/openssl/rsa.h | 7 +- + .../open_source}/openssl/openssl/rsaerr.h | 7 - + .../open_source}/openssl/openssl/safestack.h | 0 + .../open_source}/openssl/openssl/sha.h | 3 + + .../open_source}/openssl/openssl/stack.h | 0 + .../open_source}/openssl/openssl/symhacks.h | 0 + .../open_source}/openssl/openssl/x509.h | 19 +- + .../open_source}/openssl/openssl/x509_vfy.h | 5 +- + .../open_source}/openssl/openssl/x509err.h | 5 - + 204 files changed, 11281 insertions(+), 3625 deletions(-) + create mode 100644 README + create mode 100644 build/cmake/aarch64_toolchain.cmake + create mode 100644 build/cmake/common.cmake + create mode 100644 build/mk/common.mk + create mode 100644 build/pack-Config/Config_pre.py + create mode 100644 build/pack-Config/ReadMe.txt + create mode 100644 build/pack-Config/config_cert/ReadMe.txt + create mode 100644 build/pack-Config/config_v2.py + create mode 100644 build/pack-Config/input/configs.xml + create mode 100644 build/pack-Config/local_sign.sh + create mode 100644 build/pack-Config/output/ReadMe.txt + create mode 100644 build/pack-Config/ta_cert/ReadMe.txt + create mode 100644 build/pack-TA/Readme.txt + create mode 100644 build/pack-TA/build_ta.sh + create mode 100644 build/pack-TA/input/Readme.txt + create mode 100644 build/pack-TA/output/Readme.txt + create mode 100644 build/signtools/auth_conf_parser.py + create mode 100644 build/signtools/config_cloud.ini + create mode 100644 build/signtools/config_tee_private_sample.ini + create mode 100644 build/signtools/dyn_conf_checker.py + create mode 100644 build/signtools/dyn_conf_parser.py + create mode 100644 build/signtools/generate_hash.py + create mode 100644 build/signtools/get_ta_elf_hash.py + create mode 100644 build/signtools/manifest_tag_parse_dict.csv + create mode 100644 build/signtools/rsa_public_key_cloud.pem + create mode 100644 build/signtools/tag_parse_dict.csv + create mode 100644 build/signtools/xml_trans_manifest.py + create mode 100644 build/tools/srv_entry_check.sh + create mode 100644 build/tools/ta_entry_check.sh + create mode 100644 build/tools/ta_link_64.gcc_xom.ld + create mode 100644 build/tools/ta_link_64.smee.ld + create mode 100644 include/TA/huawei_ext/crypto_cert_wrapper.h + create mode 100644 include/TA/huawei_ext/crypto_device_key_wrapper.h + create mode 100644 include/TA/huawei_ext/crypto_ec_wrapper.h + create mode 100644 include/TA/huawei_ext/crypto_ec_x509_wrapper.h + create mode 100644 include/TA/huawei_ext/crypto_inner_wrapper.h + create mode 100644 include/TA/huawei_ext/crypto_rsa_wrapper.h + create mode 100644 include/TA/huawei_ext/crypto_x509_wrapper.h + create mode 100644 include/TA/huawei_ext/permsrv_api_cert.h + create mode 100644 include/TA/huawei_ext/permsrv_api_legacy.h + create mode 100644 include/TA/huawei_ext/qsi_data_structure.h + create mode 100644 include/TA/huawei_ext/tee_crypto_err.h + create mode 100644 include/TA/huawei_ext/tee_err.h + create mode 100644 include/TA/huawei_ext/tee_hw_ext_api_legacy.h + create mode 100644 include/TA/huawei_ext/tee_log_legacy.h + create mode 100644 include/TA/huawei_ext/tee_openssl_err.h + create mode 100644 include/TA/huawei_ext/tee_ra_api.h + create mode 100644 include/TA/pthread_attr.h + create mode 100644 include/TA/tee_trusted_storage_api.h + create mode 100644 include/TA/tee_uuid.h + create mode 100644 src/CA/libteec_adaptor.c + create mode 100644 test/CA/cert_manager/Makefile + create mode 100644 test/CA/cert_manager/cert_common.h + create mode 100644 test/CA/cert_manager/cert_file.c + create mode 100644 test/CA/cert_manager/cert_file.h + create mode 100644 test/CA/cert_manager/cert_manager.c + create mode 100644 test/CA/helloworld/Makefile + create mode 100644 test/CA/libqca/Makefile + create mode 100644 test/CA/libqca/include/ra_client_api.h + create mode 100644 test/CA/libqca/src/ra_log.h + create mode 100644 test/CA/libqca/src/ra_operate_api.c + create mode 100644 test/CA/libqca/src/ra_operate_api.h + create mode 100644 test/TA/cert_manager/CMakeLists.txt + create mode 100644 test/TA/cert_manager/Makefile + create mode 100644 test/TA/cert_manager/config.cmake + create mode 100644 test/TA/cert_manager/config.mk + create mode 100644 test/TA/cert_manager/config.sh + create mode 100644 test/TA/cert_manager/include/cert_config.h + create mode 100644 test/TA/cert_manager/manifest.txt + create mode 100644 test/TA/cert_manager/src/cert_logger.c + create mode 100644 test/TA/cert_manager/src/cert_logger.h + create mode 100644 test/TA/cert_manager/src/cert_manager.c + create mode 100644 test/TA/helloworld/CMakeLists.txt + create mode 100644 test/TA/helloworld/Makefile + create mode 100644 test/TA/helloworld/auth_config.xml + create mode 100644 test/TA/helloworld/config.cmake + create mode 100644 test/TA/helloworld/config.sh + create mode 100644 test/TA/qta/CMakeLists.txt + create mode 100644 test/TA/qta/Makefile + create mode 100644 test/TA/qta/ReadMe.txt + create mode 100644 test/TA/qta/config.cmake + create mode 100644 test/TA/qta/config.mk + create mode 100644 test/TA/qta/config.sh + create mode 100644 test/TA/qta/manifest.txt + create mode 100644 test/TA/qta/src/daa/daa_structure.c + create mode 100644 test/TA/qta/src/daa/daa_structure.h + create mode 100644 test/TA/qta/src/daa/validate_akcert.c + create mode 100644 test/TA/qta/src/daa/validate_akcert.h + create mode 100644 test/TA/qta/src/tee_qta.c + create mode 100644 test/TA/qta/src/tee_qta.h + create mode 100644 thirdparty/open_source/musl/libc/arch/aarch64/bits/mman.h + create mode 100644 thirdparty/open_source/musl/libc/arch/arm/crt_arch.h + create mode 100644 thirdparty/open_source/musl/libc/float.h + create mode 100644 thirdparty/open_source/musl/libc/nl_types.h + create mode 100644 thirdparty/open_source/musl/libc/sys/fcntl.h + rename {include/TA => thirdparty/open_source}/openssl/crypto/asn1.h (97%) + rename {include/TA => thirdparty/open_source}/openssl/crypto/bn.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/crypto/ec.h (91%) + rename {include/TA => thirdparty/open_source}/openssl/crypto/err.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/internal/bio.h (82%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/asn1.h (99%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/asn1err.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/asn1t.h (98%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/bio.h (98%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/bioerr.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/bn.h (83%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/bnerr.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/buffer.h (99%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/buffererr.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/cmac.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/crypto.h (90%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/cryptoerr.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/dh.h (98%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/dsa.h (98%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/e_os2.h (95%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/ec.h (99%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/ecdsa.h (68%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/ecerr.h (98%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/err.h (94%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/evp.h (99%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/evperr.h (98%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/hmac.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/kdf.h (99%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/kdferr.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/lhash.h (99%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/obj_mac.h (97%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/objects.h (99%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/objectserr.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/opensslconf.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/opensslv.h (99%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/ossl_typ.h (98%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/pem.h (97%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/pemerr.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/pkcs7.h (64%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/pkcs7err.h (84%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/rand.h (85%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/randerr.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/rsa.h (99%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/rsaerr.h (97%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/safestack.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/sha.h (97%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/stack.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/symhacks.h (100%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/x509.h (98%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/x509_vfy.h (99%) + rename {include/TA => thirdparty/open_source}/openssl/openssl/x509err.h (95%) + +diff --git a/CHANGELOG b/CHANGELOG +index 7e22858..e90d34c 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -1,4 +1,14 @@ +-v0.1.0 (Apr 2, 2020) ++v5.1.2 (Jun 21, 2021) ++====== ++Features: ++--------- ++* add support for cmake ++v5.1.1 (May 21, 2021) ++====== ++Fixes: ++------ ++* The problem of storing the aeskey file is rectified, and the dependency on the pycryptodomex-3.10.1 plug-in package is introduced. ++v5.1.0 (Apr 2, 2020) + ====== + Features: + --------- +diff --git a/README b/README +new file mode 100644 +index 0000000..6811e56 +--- /dev/null ++++ b/README +@@ -0,0 +1,20 @@ ++iTrustee SDK ++============ ++ ++Getting Started ++--------------- ++Before setup your own project, please download libboundscheck software for secure function library. ++Decompress the openeuler-libboundscheck-master.zip package, then put this software to thirdparty/open_source path. ++Ensure that the header file path is thirdparty/open_source/libboundscheck/include. ++This software download address is https://gitee.com/openeuler/libboundscheck. ++ ++build demo project: ++$ cd test/CA/helloworld ++$ make ++$ cd test/TA/helloworld ++$ make ++copy build result CA executable file and TA binary(xxx.sec) to /vendor/bin/ ++#the path "/vendor/bin/" may be changed as your opinion, make sure it consistent with the path defined in your TA's source code ++$ /vendor/bin/demo_hello ++ ++for more details please refor "iTrustee SDKֲ.chm" +diff --git a/build/cmake/aarch64_toolchain.cmake b/build/cmake/aarch64_toolchain.cmake +new file mode 100644 +index 0000000..97dc45d +--- /dev/null ++++ b/build/cmake/aarch64_toolchain.cmake +@@ -0,0 +1,14 @@ ++# Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved. ++# toolchain.cmake ++set(CMAKE_SYSTEM_NAME Linux) ++set(CMAKE_SYSTEM_PROCESSOR aarch64) ++ ++#set(CMAKE_FIND_ROOT_PATH $ENV{TOOLCHAINS_ROOT}) ++ ++set(CMAKE_C_COMPILER cc CACHE PATH "GCC 64 compiler") ++set(CMAKE_LINKER ld CACHE PATH "GCC C64 LD") ++set(CMAKE_OBJCOPY objcopy CACHE PATH "GCC 64 objcopy") ++ ++set(CMAKE_SKIP_BUILD_RPATH TRUE CACHE BOOL "" FORCE) ++set(CMAKE_C_CREATE_SHARED_LIBRARY " -o ") ++ +diff --git a/build/cmake/common.cmake b/build/cmake/common.cmake +new file mode 100644 +index 0000000..f18d3f4 +--- /dev/null ++++ b/build/cmake/common.cmake +@@ -0,0 +1,54 @@ ++# Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved. ++# compile flags ++set(ITRUSTEE_BUILD_PATH $ENV{ITRUSTEE_BUILD_PATH}) ++set(LIBC ${ITRUSTEE_BUILD_PATH}/thirdparty/open_source/musl) ++set(LIBSECURE ${ITRUSTEE_BUILD_PATH}/thirdparty/open_source/libboundscheck) ++ ++set(COMMON_INCLUDES ++ ${COMMON_INCLUDES} ++ ${LIBC}/libc ++ ${LIBC}/libc/arch/aarch64 ++ ${LIBC}/libc/arch/aarch64/bits ++ ${LIBC}/libc/arch/generic ++ ${LIBSECURE}/include ++ ${ITRUSTEE_BUILD_PATH}/include/TA ++ ${ITRUSTEE_BUILD_PATH}/include/TA/huawei_ext ++) ++ ++set(COMMON_CFLAGS ++ ${COMMON_CFLAGS} ++ -W ++ -Wall ++ -Werror ++ -fno-short-enums ++ -fno-omit-frame-pointer ++ -fstack-protector-strong ++ -Wextra ++ -nostdinc ++ -march=armv8-a -Os ++ -fPIC ++ -fno-common ++ -fsigned-char ++) ++ ++set(COMMON_LDFLAGS ++ ${COMMON_LDFLAGS} ++ "-s" ++ "SHELL:-z text" ++ "SHELL:-z now" ++ "SHELL:-z relro" ++ "SHELL:-z noexecstack" ++ "SHELL:-z max-page-size=0x1000" ++ "SHELL:-z common-page-size=0x1000" ++ "-shared" ++) ++ ++if ("${USE_SMEE}" STREQUAL "y") ++ list(APPEND COMMON_LDFLAGS ++ "-T${ITRUSTEE_BUILD_PATH}/build/tools/ta_link_64.smee.ld" ++ ) ++else() ++ List(APPEND COMMON_LDFLAGS ++ "-T${ITRUSTEE_BUILD_PATH}/build/tools/ta_link_64.ld" ++ ) ++endif() +diff --git a/build/mk/common.mk b/build/mk/common.mk +new file mode 100644 +index 0000000..758e92d +--- /dev/null ++++ b/build/mk/common.mk +@@ -0,0 +1,39 @@ ++# Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved. ++CUR_DIR=$(shell pwd) ++ifeq ($(ITRUSTEE_BUILD_PATH), ) ++ ITRUSTEE_BUILD_PATH=${CUR_DIR}/../../.. ++endif ++SIGNTOOL_DIR=${ITRUSTEE_BUILD_PATH}/build/signtools ++ ++LIBC=$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/musl ++LIBSECURE=$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck ++ ++# set compile parameters ++CFLAGS += -W -Wall ++CFLAGS += -Werror ++CFLAGS += -fno-short-enums ++CFLAGS += -fno-omit-frame-pointer ++CFLAGS += -fstack-protector-strong ++CFLAGS += -Wextra -nostdinc ++CFLAGS += -march=armv8-a -Os -fPIC ++CFLAGS += -fno-common -fsigned-char ++ ++# set header directory ++INCLUDEDIR += -I$(LIBC)/libc \ ++ -I$(LIBC)/libc/arch/aarch64 \ ++ -I$(LIBC)/libc/arch/aarch64/bits \ ++ -I$(LIBC)/libc/arch/generic ++ ++INCLUDEDIR += -I$(LIBSECURE)/include ++ ++INCLUDEDIR += -I$(ITRUSTEE_BUILD_PATH)/include/TA/ \ ++ -I$(ITRUSTEE_BUILD_PATH)/include/TA/huawei_ext/ \ ++ ++# set LD flags ++LDFLAGS += -s -z text -z now -z relro -z noexecstack -z max-page-size=0x1000 -z common-page-size=0x1000 -shared ++ ++ifeq ($(USE_SMEE),y) ++ LDFLAGS += -T$(ITRUSTEE_BUILD_PATH)/build/tools/ta_link_64.smee.ld ++else ++ LDFLAGS += -T$(ITRUSTEE_BUILD_PATH)/build/tools/ta_link_64.ld ++endif +diff --git a/build/pack-Config/Config_pre.py b/build/pack-Config/Config_pre.py +new file mode 100644 +index 0000000..39f3309 +--- /dev/null ++++ b/build/pack-Config/Config_pre.py +@@ -0,0 +1,284 @@ ++#!/usr/bin/env python ++# coding=utf-8 ++#---------------------------------------------------------------------------- ++# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++# Licensed under the Mulan PSL v2. ++# You can use this software according to the terms and conditions of the Mulan ++# PSL v2. ++# You may obtain a copy of Mulan PSL v2 at: ++# http://license.coscl.org.cn/MulanPSL2 ++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY ++# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ++# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. ++# See the Mulan PSL v2 for more details. ++# tools for generating data for signing ++#---------------------------------------------------------------------------- ++ ++import struct ++import os ++import stat ++import sys ++import hashlib ++import subprocess ++import re ++import logging ++import shutil ++import xml.etree.ElementTree as ET ++sys.path.append('../signtools') ++from dyn_conf_parser import parser_config_xml ++from dyn_conf_parser import parser_dyn_conf ++ ++CONFIG_VERSION = 2 ++BASE_POLICY_VERSION_TEE = 0b001 ++ ++XML2TLV_PARSE_TOOL_INDEX = 1 ++XML2TLV_PY_VALUE = 1 << XML2TLV_PARSE_TOOL_INDEX ++ ++ ++def get_policy_version(): ++ ''' get policy type ''' ++ policy_ver = BASE_POLICY_VERSION_TEE | XML2TLV_PY_VALUE ++ return policy_ver ++ ++ ++def run_cmd(command): ++ ret = subprocess.run(command, shell=False, check=True) ++ if ret.returncode != 0: ++ logging.error("run command failed.") ++ sys.exit(1) ++ ++ ++def whitelist_check(intput_str): ++ if not re.match(r"^[A-Za-z0-9\/\-_.]+$", intput_str): ++ return 1 ++ return 0 ++ ++ ++class load_config_header: ++ str = struct.Struct('IHHIIIIIIIII') ++ ++ def __init__(self, data): ++ unpacked_data = (load_config_header.str).unpack(data.encode()) ++ self.unpacked_data = unpacked_data ++ self.magic_num = unpacked_data[0] ++ self.version = unpacked_data[1] ++ self.policy_versio = unpacked_data[2] ++ self.context_len = unpacked_data[3] ++ self.ta_cert_len = unpacked_data[4] ++ self.config_len = unpacked_data[5] ++ self.sign_verify_len = unpacked_data[6] ++ self.reserved1 = unpacked_data[7] ++ self.reserved2 = unpacked_data[8] ++ self.reserved3 = unpacked_data[9] ++ self.reserved4 = unpacked_data[10] ++ self.reserved5 = unpacked_data[11] ++ ++ def get_packed_data(self): ++ values = [self.magic_num, ++ self.version, ++ self.policy_version, ++ self.context_len, ++ self.ta_cert_len, ++ self.config_len, ++ self.sign_verify_len, ++ self.reserved1, ++ self.reserved2, ++ self.reserved3, ++ self.reserved4, ++ self.reserved5, ++ ] ++ return (load_config_header.str).pack(*values) ++ ++ ++def pkg_config_header(hdr_len, magic_num, version, policy_version, \ ++ context_len, ta_cert_len, config_len, sign_verify_len): ++ config_hd_len = hdr_len ++ config_hd = load_config_header('\0' * config_hd_len) ++ config_hd.magic_num = magic_num ++ config_hd.version = version ++ config_hd.policy_version = policy_version ++ config_hd.context_len = context_len ++ config_hd.ta_cert_len = ta_cert_len ++ config_hd.config_len = config_len ++ config_hd.sign_verify_len = sign_verify_len ++ return config_hd ++ ++ ++#---------------------------------------------------------------------------- ++# generate hash use SHA256 ++#---------------------------------------------------------------------------- ++def generate_sha256_hash(in_buf): ++ # Initialize a SHA256 object from the Python hash library ++ obj = hashlib.sha256() ++ # Set the input buffer and return the output digest ++ obj.update(in_buf) ++ return obj.digest() ++ ++ ++def check_dyn_perm(xml_config_file, input_path): ++ ''' check_dyn_perm ''' ++ xml_tree = ET.parse(xml_config_file) ++ xml_root = xml_tree.getroot() ++ drv_perm = None ++ for child in xml_root.findall('drv_perm'): ++ if child != '': ++ drv_perm = child ++ if os.path.exists(os.path.join(input_path, 'temp')): ++ out_save_file = os.path.join(input_path, \ ++ 'temp/configs_bak.xml') ++ xml_tree.write(out_save_file, encoding="utf-8") ++ xml_root.remove(child) ++ if drv_perm is not None: ++ newtree = ET.ElementTree(drv_perm) ++ if os.path.exists(os.path.join(input_path, 'temp')): ++ out_file = os.path.join(input_path, 'temp/dyn_perm.xml') ++ newtree.write(out_file, encoding="utf-8") ++ xml_tree.write(xml_config_file) ++ return 1 ++ return 0 ++ ++ ++def creat_temp_folder(input_path_creat): ++ ''' creat temp ''' ++ creat_temp = os.path.join(input_path_creat, 'temp') ++ if os.path.exists(creat_temp): ++ shutil.rmtree(creat_temp) ++ temp_path = os.path.join(input_path_creat, 'temp') ++ cmd = ["mkdir", temp_path] ++ run_cmd(cmd) ++ ++ ++def delete_temp_folder(input_path_delete): ++ ''' delete temp ''' ++ delete_temp = os.path.join(input_path_delete, 'temp') ++ delete_config_tlv = os.path.join(input_path_delete, 'config_tlv') ++ if os.path.exists(delete_temp): ++ shutil.rmtree(delete_temp) ++ if os.path.exists(delete_config_tlv): ++ os.remove(delete_config_tlv) ++ ++ ++def convert_xml2tlv(xml_file, tlv_file, input_path): ++ ''' configs.xml exchange to tlv ''' ++ if (get_policy_version() & (1 << XML2TLV_PARSE_TOOL_INDEX)) == XML2TLV_PY_VALUE: ++ csv_dir = os.path.realpath(os.path.join(os.getcwd(), 'xml2tlv_tools/csv')) ++ tag_parse_dict_file_path = \ ++ os.path.join(csv_dir, 'tag_parse_dict.csv') ++ parser_config_xml(xml_file, tag_parse_dict_file_path, \ ++ tlv_file, input_path) ++ if os.path.isfile(tlv_file): ++ logging.critical("convert xml to tlv success") ++ else: ++ logging.error("convert xml to tlv failed") ++ raise RuntimeError ++ else: ++ logging.error("invlid policy version") ++ raise RuntimeError ++ ++ ++def get_target_type_in_config(config_path, in_path): ++ ''' get target type ''' ++ tree = ET.parse(config_path) ++ flags = os.O_WRONLY | os.O_CREAT | os.O_EXCL ++ modes = stat.S_IRUSR | stat.S_IWUSR ++ drv_target_type = tree.find('./TA_Manifest_Info/target_type') ++ if drv_target_type is not None: ++ if drv_target_type.text == "1": ++ ans = "gpd.ta.dynConf:00000\n" ++ out_tlv = os.path.join(in_path, 'config_tlv') ++ with os.fdopen(os.open(out_tlv, flags, modes), 'w+') as conf: ++ conf.write(ans) ++ ++ ++def gen_data_for_sign(input_path, ta_cert_path, config_cert_path): ++ ''' convert xml to tlv ''' ++ logging.critical(os.getcwd()) ++ creat_temp_folder(input_path) ++ tlv_dynconf_data = os.path.join(input_path, "config_tlv") ++ xml_config_file = os.path.join(input_path, "configs.xml") ++ tlv_config_file = os.path.join(input_path, "temp/configs_tlv") ++ if check_dyn_perm(xml_config_file, input_path) != 0: ++ sys.path.append('../signtools') ++ dyn_conf_xml_file_path = os.path.join(input_path, 'temp/dyn_perm.xml') ++ # may be use abspath ++ csv_dir = os.path.realpath(os.path.join(os.getcwd(), 'xml2tlv_tools/csv')) ++ tag_parse_dict_file_path = \ ++ os.path.join(csv_dir, 'tag_parse_dict.csv') ++ parser_dyn_conf(dyn_conf_xml_file_path, "", tag_parse_dict_file_path, input_path) ++ convert_xml2tlv(xml_config_file, tlv_config_file, input_path) ++ src_file_path = os.path.join(input_path, 'temp/configs_bak.xml') ++ cmd = ["mv", src_file_path, xml_config_file] ++ run_cmd(cmd) ++ else: ++ convert_xml2tlv(xml_config_file, tlv_config_file, input_path) ++ get_target_type_in_config(xml_config_file, input_path) ++ config_cert_size = 0 ++ if os.path.exists(config_cert_path): ++ config_cert_size = os.path.getsize(config_cert_path) ++ ++ if os.path.exists(tlv_dynconf_data): ++ with open(tlv_config_file, 'rb') as tlv_config_fp: ++ tlv_config_buf = \ ++ tlv_config_fp.read(os.path.getsize(tlv_config_file)) ++ with open(tlv_dynconf_data, 'rb') as tlv_dynconf_fp: ++ tlv_config_buf = tlv_config_buf + \ ++ tlv_dynconf_fp.read(os.path.getsize(tlv_dynconf_data)) + b"\n" ++ tlv_data_size = len(tlv_config_buf) ++ else: ++ tlv_data_size = os.path.getsize(tlv_config_file) ++ with open(tlv_config_file, 'rb') as tlv_config_fp: ++ tlv_config_buf = tlv_config_fp.read(tlv_data_size) ++ ++ ta_cert_size = 4 + os.path.getsize(ta_cert_path) ++ with open(ta_cert_path, 'rb') as ta_cert_fp: ++ ta_cert_buf = struct.pack('I', 1) + ta_cert_fp.read(ta_cert_size) ++ ++ sign_data_size = 4 + 4 + 4 + config_cert_size + 512 ++ ++ config_hd_len = 44 ++ context_size = ta_cert_size + tlv_data_size + sign_data_size ++ config_header = pkg_config_header(config_hd_len, 0xABCDABCD, \ ++ CONFIG_VERSION, get_policy_version(), \ ++ context_size, ta_cert_size, tlv_data_size, sign_data_size) ++ ++ logging.critical(os.getcwd()) ++ data_for_sign = os.path.join(input_path, "data_for_sign") ++ fd_sign = os.open(data_for_sign, os.O_WRONLY | os.O_CREAT, \ ++ stat.S_IWUSR | stat.S_IRUSR) ++ data_for_sign_fp = os.fdopen(fd_sign, "wb") ++ data_for_sign_fp.write(config_header.get_packed_data()) ++ data_for_sign_fp.write(ta_cert_buf) ++ data_for_sign_fp.write(tlv_config_buf) ++ data_for_sign_fp.close() ++ delete_temp_folder(input_path) ++ ++ ++def main(): ++ argvs = sys.argv ++ ta_input_path = argvs[1] ++ ta_cert_path = argvs[2] ++ config_cert_path = argvs[3] ++ if not os.path.exists(ta_input_path): ++ logging.error("ta_input_path does not exist.") ++ sys.exit(1) ++ if not os.path.exists(ta_cert_path): ++ logging.error("ta_cert_path does not exist.") ++ sys.exit(1) ++ if not os.path.exists(config_cert_path): ++ # cloud Product Signing Config May Not Have Certificates ++ logging.error("config_cert_path does not exist.") ++ ++ if whitelist_check(ta_input_path): ++ logging.error("ta_input_path is incorrect.") ++ sys.exit(1) ++ if whitelist_check(ta_cert_path): ++ logging.error("ta_cert_path is incorrect.") ++ sys.exit(1) ++ if whitelist_check(config_cert_path): ++ logging.error("config_cert_path is incorrect.") ++ sys.exit(1) ++ gen_data_for_sign(ta_input_path, ta_cert_path, config_cert_path) ++ ++ ++if __name__ == '__main__': ++ main() +diff --git a/build/pack-Config/ReadMe.txt b/build/pack-Config/ReadMe.txt +new file mode 100644 +index 0000000..4eae5ad +--- /dev/null ++++ b/build/pack-Config/ReadMe.txt +@@ -0,0 +1,18 @@ ++使用说明 ++1.taconfig.der(证书)和config_cert_private.key(私钥)放入config_cert文件夹下 ++ =>放置taconfig.der(证书)和config_cert_private.key(私钥)至换当前目录config_cert文件夹下,注意保持文件名一致 ++ =>taconfig.der(证书)为config证书,该证书应由导入证书CA签发(三方TA),证书内保存的公钥对应私钥为taconfig_key.pem ++ =>config_cert_private.key为taconfig.der证书公钥对应私钥,用来对signature段签名 ++2.TA开发者的证书ta_cert.der放至在ta_cert目录 ++ =>ta_cert.der证书应至在ta_cert目录,该证书应由导入证书CA签发(三方TA),证书内保存的公钥用来验签TA ++3.configs.xml文件放至在input目录 ++ =>configs.xml保存TA基础信息 ++4.生成config二进制 ++ =>所需文件:input/configs.xml、config_cert/taconfig.der、config_cert/config_cert_private.key、ta_cert/ta_cert.der ++ =>生成待签名文件data_for_sign: python3 Config_pre.py input/ ${ta_cert_dir}/ta_cert.der ${config_cert_dir}/taconfig.der ++ =>生成签名文件data_for_sign.rsa(仅举例): openssl dgst -sign ${config_cert_dir}/config_cert_private.key -sha256 -out data_for_sign.rsa data_for_sign ++ =>生成config(使用公钥)python3 config_v2.py input/ output/ TYPE_PUBKEY ++ =>生成config(使用证书)cp ${config_cert_dir}/taconfig.der input/ ; python3 config_v2.py input/ output/ TYPE_CERT ++5.config二进制生成在output目录 ++ =>参考local_sign.sh(包含步骤5中流程) ++ +diff --git a/build/pack-Config/config_cert/ReadMe.txt b/build/pack-Config/config_cert/ReadMe.txt +new file mode 100644 +index 0000000..40fde8a +--- /dev/null ++++ b/build/pack-Config/config_cert/ReadMe.txt +@@ -0,0 +1,2 @@ ++1.config cert signed by CA ++2.private key of config cert used for signing TA/DRV configuration +diff --git a/build/pack-Config/config_v2.py b/build/pack-Config/config_v2.py +new file mode 100644 +index 0000000..7c801b4 +--- /dev/null ++++ b/build/pack-Config/config_v2.py +@@ -0,0 +1,122 @@ ++#!/usr/bin/env python ++# coding=utf-8 ++#---------------------------------------------------------------------------- ++# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++# Licensed under the Mulan PSL v2. ++# You can use this software according to the terms and conditions of the Mulan ++# PSL v2. ++# You may obtain a copy of Mulan PSL v2 at: ++# http://license.coscl.org.cn/MulanPSL2 ++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY ++# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ++# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. ++# See the Mulan PSL v2 for more details. ++# tools for generating a signed config ++#---------------------------------------------------------------------------- ++ ++import struct ++import os ++import stat ++import sys ++import re ++import configparser ++import logging ++ ++CONFIG_VERSION = 2 ++ ++ ++class Configuration: ++ ''' Configuration ''' ++ sign_alg = "RSA_PKCS1" ++ ++ def __init__(self, file_name): ++ parser = configparser.ConfigParser() ++ parser.read(file_name) ++ self.sign_alg = parser.get("signConfigPrivateCfg", "configSignAlg") ++ if whitelist_check(self.sign_alg): ++ logging.error("configSignAlg is invalid.") ++ sys.exit(1) ++ ++ ++def whitelist_check(intput_str): ++ if not re.match(r"^[A-Za-z0-9\/\-_.]+$", intput_str): ++ return 1 ++ return 0 ++ ++ ++def gen_config_section(input_path, output_path, verify_type): ++ ''' generate config file section ''' ++ data_for_sign = os.path.join(input_path, "data_for_sign") ++ signature = os.path.join(input_path, "data_for_sign.rsa") ++ signed_config = os.path.join(output_path, "config") ++ config_certpath = os.path.join(input_path, "taconfig.der") ++ ++ config_path = input_path + '/../../signtools' ++ config_file = os.path.join(config_path, "config_tee_private_sample.ini") ++ if not os.path.exists(config_file): ++ logging.critical("config_tee_private_sample.ini is not exist.") ++ sign_conf_alg = 1 ++ else: ++ cfg = Configuration(config_file) ++ if cfg.sign_alg == "RSA_PKCS1": ++ sign_conf_alg = 1 ++ elif cfg.sign_alg == "RSA_PSS": ++ sign_conf_alg = 3 ++ elif cfg.sign_alg == "ECDSA": ++ sign_conf_alg = 2 ++ ++ data_for_sign_size = os.path.getsize(data_for_sign) ++ with open(data_for_sign, 'rb') as data_for_sign_fp: ++ data_for_sign_buf = data_for_sign_fp.read(data_for_sign_size) ++ ++ signature_size = os.path.getsize(signature) ++ with open(signature, 'rb') as signature_fp: ++ signature_buf = signature_fp.read(signature_size) ++ ++ if(verify_type == "TYPE_PUBKEY"): ++ sign_verify_buf = struct.pack('III', 0, sign_conf_alg, 0) + signature_buf ++ elif(verify_type == "TYPE_CERT"): ++ config_cert_size = os.path.getsize(config_certpath) ++ with open(config_certpath, 'rb') as config_cert_fp: ++ config_cert_buf = config_cert_fp.read(config_cert_size) ++ sign_verify_buf = struct.pack('III', 1, sign_conf_alg, config_cert_size) + \ ++ config_cert_buf + signature_buf ++ ++ fd_sign = os.open(signed_config, os.O_WRONLY | os.O_CREAT, \ ++ stat.S_IWUSR | stat.S_IRUSR) ++ signed_config_fp = os.fdopen(fd_sign, "wb") ++ # write data (header + ta cert + tlv config) ++ signed_config_fp.write(data_for_sign_buf) ++ # write config cert ++ signed_config_fp.write(sign_verify_buf) ++ signed_config_fp.close() ++ ++ ++def main(): ++ argvs = sys.argv ++ input_file = argvs[1] ++ output_file = argvs[2] ++ verify_type = argvs[3] ++ if not os.path.exists(input_file): ++ logging.error("input does not exist.") ++ exit() ++ if not os.path.exists(output_file): ++ logging.error("ta_cert_path does not exist.") ++ exit() ++ ++ if whitelist_check(input_file): ++ logging.error("input is incorrect.") ++ exit() ++ if whitelist_check(output_file): ++ logging.error("output is incorrect.") ++ exit() ++ if whitelist_check(verify_type): ++ logging.error("output is incorrect.") ++ exit() ++ ++ gen_config_section(input_file, output_file, verify_type) ++ ++ ++if __name__ == '__main__': ++ main() ++ +diff --git a/build/pack-Config/input/configs.xml b/build/pack-Config/input/configs.xml +new file mode 100644 +index 0000000..631a708 +--- /dev/null ++++ b/build/pack-Config/input/configs.xml +@@ -0,0 +1,15 @@ ++ ++ ++ ++ demo ++ 00000000-0000-0000-0000-000000000000 ++ ++ ++ false ++ 2048 ++ 20480 ++ false ++ true ++ true ++ ++ +diff --git a/build/pack-Config/local_sign.sh b/build/pack-Config/local_sign.sh +new file mode 100644 +index 0000000..a3657e0 +--- /dev/null ++++ b/build/pack-Config/local_sign.sh +@@ -0,0 +1,61 @@ ++#!/bin/bash ++# make config binary ++# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++# Licensed under the Mulan PSL v2. ++# You can use this software according to the terms and conditions of the Mulan ++# PSL v2. ++# You may obtain a copy of Mulan PSL v2 at: ++# http://license.coscl.org.cn/MulanPSL2 ++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY ++# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ++# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. ++# See the Mulan PSL v2 for more details. ++ ++set -e ++# generate and sign the config binary with local private key. ++ ++work_dir=$(pwd) ++input_dir=${work_dir}/"input" ++config_cert_dir=${work_dir}/"config_cert" ++ta_cert_dir=${work_dir}/"ta_cert" ++ ++# prepare data for been signed. ++python3 Config_pre.py input/ ${ta_cert_dir}/ta_cert.der ${config_cert_dir}/taconfig.der ++ ++# begin sign. ++cd ${input_dir} ++if [ ! -f "data_for_sign" ]; then ++ echo "can't find data for sign" ++ echo "sign fail!" ++ exit -1 ++fi ++ ++# config_cert_private.key is the private key of the config certificate. ++openssl dgst -sign ${config_cert_dir}/config_cert_private.key -sha256 -sigopt rsa_padding_mode:pss \ ++ -sigopt rsa_pss_saltlen:-1 -out data_for_sign.rsa data_for_sign ++ ++# generate config binary ++cd ${work_dir} ++ ++if [ -f "${config_cert_dir}/taconfig.der" ]; then ++ echo "make config with config cert" ++ cp ${config_cert_dir}/taconfig.der ${input_dir}/ ++ python3 config_v2.py input/ output/ TYPE_CERT ++else ++ python3 config_v2.py input/ output/ TYPE_PUBKEY ++fi ++ ++# clean ++cd $input_dir ++[ -f "$input_dir"/data_for_sign ] && rm data_for_sign ++[ -f "$input_dir"/data_for_sign.rsa ] && rm data_for_sign.rsa ++[ -f "$input_dir"/configs_tlv ] && rm configs_tlv ++[ -f "$input_dir"/*.der ] && rm *.der ++ ++if [ "$?" == 0 ]; then ++ echo "generate config binary success" ++ exit 0 ++else ++ echo "generate config binary failed" ++ exit 1 ++fi +diff --git a/build/pack-Config/output/ReadMe.txt b/build/pack-Config/output/ReadMe.txt +new file mode 100644 +index 0000000..cbf7ad2 +--- /dev/null ++++ b/build/pack-Config/output/ReadMe.txt +@@ -0,0 +1 @@ ++output the signed perm_config +diff --git a/build/pack-Config/ta_cert/ReadMe.txt b/build/pack-Config/ta_cert/ReadMe.txt +new file mode 100644 +index 0000000..cabddd4 +--- /dev/null ++++ b/build/pack-Config/ta_cert/ReadMe.txt +@@ -0,0 +1 @@ ++TA cert signed by CA to verify the identify of TA +diff --git a/build/pack-TA/Readme.txt b/build/pack-TA/Readme.txt +new file mode 100644 +index 0000000..05a2a56 +--- /dev/null ++++ b/build/pack-TA/Readme.txt +@@ -0,0 +1,12 @@ ++1.TA Signature Packing Preparation Materials, and put these files to build/pack-TA/input folder: ++1).libcombine.so TA compilation product ++2).manifest.txt Basic TA configuration information ++3).config.mk file ++ ++2.Generate rsa key pair by cmd:openssl genrsa -out private_key.pem 4096, ++then put this file to build/signtools/TA_cert/, file name must be private_key.pem. ++ ++3.Apply for the TA config certificate from the Huawei contact person, then put this file to ++build/signtools/signed_config/, file name must be config. ++ ++4.Run build_TA_Linux_release.sh script. Obtain the signed TA product sec file from build/pack-TA/output folder. +\ No newline at end of file +diff --git a/build/pack-TA/build_ta.sh b/build/pack-TA/build_ta.sh +new file mode 100644 +index 0000000..97a6e0a +--- /dev/null ++++ b/build/pack-TA/build_ta.sh +@@ -0,0 +1,22 @@ ++#!/bin/bash ++# Description: preare toolchains and env for build ta. ++# Copyright @ Huawei Technologies Co., Ltd. 2021-2022. All rights reserved. ++# Licensed under the Mulan PSL v2. ++# You can use this software according to the terms and conditions of the Mulan ++# PSL v2. ++# You may obtain a copy of Mulan PSL v2 at: ++# http://license.coscl.org.cn/MulanPSL2 ++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY ++# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ++# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. ++# See the Mulan PSL v2 for more details. ++set -e ++ ++LOCAL_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" ++ ++ITRUSTEE_SDK_PATH=$LOCAL_PATH/../signtools/ ++ ++INPUT_PATH=$LOCAL_PATH/input ++OUTPUT_PATH=$LOCAL_PATH/output ++ ++python3 -B ${ITRUSTEE_SDK_PATH}/signtool_v3.py ${INPUT_PATH} ${OUTPUT_PATH} --privateCfg ${ITRUSTEE_SDK_PATH}/config_cloud.ini +diff --git a/build/pack-TA/input/Readme.txt b/build/pack-TA/input/Readme.txt +new file mode 100644 +index 0000000..28ae7f5 +--- /dev/null ++++ b/build/pack-TA/input/Readme.txt +@@ -0,0 +1,4 @@ ++TA Signature Packing Preparation Materials, and put these files in this folder: ++1).libcombine.so TA compilation product ++2).manifest.txt Basic TA configuration information ++3).config.mk file +\ No newline at end of file +diff --git a/build/pack-TA/output/Readme.txt b/build/pack-TA/output/Readme.txt +new file mode 100644 +index 0000000..da8f565 +--- /dev/null ++++ b/build/pack-TA/output/Readme.txt +@@ -0,0 +1 @@ ++The final TA sec file is generated in this path. +\ No newline at end of file +diff --git a/build/signtools/auth_conf_parser.py b/build/signtools/auth_conf_parser.py +new file mode 100644 +index 0000000..cf525b1 +--- /dev/null ++++ b/build/signtools/auth_conf_parser.py +@@ -0,0 +1,260 @@ ++#!/usr/bin/env python3 ++# coding=utf-8 ++#---------------------------------------------------------------------------- ++# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++# Licensed under the Mulan PSL v2. ++# You can use this software according to the terms and conditions of the Mulan ++# PSL v2. ++# You may obtain a copy of Mulan PSL v2 at: ++# http://license.coscl.org.cn/MulanPSL2 ++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY ++# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ++# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. ++# See the Mulan PSL v2 for more details. ++# tools for parsering the dynamic ca caller infomation ++#---------------------------------------------------------------------------- ++from __future__ import absolute_import ++import os ++import stat ++import logging ++import hashlib ++import struct ++from ctypes import create_string_buffer ++from ctypes import c_uint32 ++from ctypes import sizeof ++from ctypes import memmove ++from ctypes import byref ++from defusedxml import ElementTree as ET ++ ++logging.basicConfig(level=logging.INFO, ++ format='%(asctime)s line:%(lineno)d %(levelname)s:%(name)s:%(message)s', ++ datefmt='%H:%M:%S' ++ ) ++ ++ ++# caller base config ++MAX_CALLER_NUM = 16 ++MAX_CMDLINE_LEN = 256 ++MAX_USERNAME_LEN = 256 ++AUTH_CONFIG_KEY = "gpd.ta.auth:" ++DEFAULT_AUTH_TYPE_UID = True ++ ++ ++# init caller info ++g_caller_num = 0 ++g_caller_enable = 1 ++g_hash_byte_list = bytes("", 'utf-8') ++g_auth_type = True # default auth type: cmdline + uid ++g_big_endian = False ++ ++ ++def print_hash(byte_buf): ++ """ print caller hash """ ++ buf = [hex(int(i)) for i in byte_buf] ++ logging.info(" ".join(buf)) ++ ++ ++def calc_sha256(buf): ++ """ calcuate sha256 """ ++ md = hashlib.sha256() ++ md.update(buf) ++ return md.digest() ++ ++ ++def calc_cmdline_uid_hash(cmdline, uid): ++ """ calcuate cmdline||uid hash """ ++ c_uid = c_uint32(uid) ++ c_str = create_string_buffer(cmdline.encode('utf-8'), len(cmdline) + sizeof(c_uid)) ++ memmove(byref(c_str, len(c_str.value)), byref(c_uid), sizeof(c_uid)) ++ return calc_sha256(c_str) ++ ++ ++def calc_cmdline_username_hash(cmdline, username): ++ """ calcuate cmdline||username hash """ ++ c_str = create_string_buffer((cmdline + username).encode('utf-8'), len(cmdline) + MAX_USERNAME_LEN) ++ return calc_sha256(c_str) ++ ++ ++def check_auth_enable_type(value): ++ """ check auth_enable type """ ++ if len(value) == 0: ++ raise RuntimeError("auth_enable value must be configured") ++ if value != "true" and value != 'false': ++ raise RuntimeError("auth_enable value must be true or false", value) ++ ++ ++def get_auth_enable_value(value): ++ """ check auth_enable value """ ++ global g_caller_enable ++ if value == "false": ++ g_caller_enable = 0 ++ else: ++ g_caller_enable = 1 ++ ++ ++def check_auth_type(value): ++ """ check auth type """ ++ if len(value) == 0: ++ raise RuntimeError("auth_uid_type value must be configured") ++ if value != "true" and value != 'false': ++ raise RuntimeError("auth_uid_type value must be true or false", value) ++ ++ ++def get_auth_type_value(value): ++ """ check auth type value """ ++ global g_auth_type ++ if value == "false": ++ g_auth_type = False ++ else: ++ g_auth_type = True ++ ++ ++def check_item_type(item): ++ """ check item value """ ++ if item.tag != "item" or len(item.attrib) != 2: ++ raise RuntimeError("invaild item attrib", item.tag, item.attrib, len(item.attrib)) ++ ++ ++def check_cmdline_type(value): ++ """ check cmdline type """ ++ if len(value) == 0 or len(value) > MAX_CMDLINE_LEN: ++ raise RuntimeError("invaild cmdline, the cmdline length must be in range (0, {}]".format(MAX_CMDLINE_LEN), \ ++ value, len(value)) ++ ++ ++def check_uid_type(value): ++ """ check uid type """ ++ if int(value, 10) > 0xffffffff or int(value, 10) < 0: ++ raise RuntimeError("invaild uid, the uid value must be in [0, 0xffffffff]", value) ++ ++ ++def check_username_type(value): ++ """ check username type """ ++ if len(value) == 0 or len(value) > MAX_USERNAME_LEN: ++ raise RuntimeError("invaild username, the username length must be in range (0, {}]".format(MAX_USERNAME_LEN), \ ++ value, len(value)) ++ ++ ++def get_item_value(item, auth_type): ++ """ get item value """ ++ cmdline = "" ++ uid = 0 ++ username = "" ++ caller_hash = "" ++ global g_caller_num ++ global g_hash_byte_list ++ ++ if auth_type == DEFAULT_AUTH_TYPE_UID: ++ attr_key = "uid" ++ else: ++ attr_key = "username" ++ ++ for attr in item.attrib: ++ value = item.attrib[attr] ++ if attr == "cmdline": ++ check_cmdline_type(value) ++ cmdline = value ++ elif attr == attr_key: ++ if auth_type == DEFAULT_AUTH_TYPE_UID: ++ check_uid_type(value) ++ uid = int(value, 10) ++ else: ++ check_username_type(value) ++ username = value ++ else: ++ raise RuntimeError("invaild item attr", attr) ++ ++ if auth_type == DEFAULT_AUTH_TYPE_UID: ++ caller_hash = calc_cmdline_uid_hash(cmdline, uid) ++ logging.info("cmdline %s, uid %s", cmdline, uid) ++ else: ++ caller_hash = calc_cmdline_username_hash(cmdline, username) ++ logging.info("cmdline %s, username %s", cmdline, username) ++ print_hash(caller_hash) ++ if g_big_endian is True: ++ pack_format = ">32s" ++ else: ++ pack_format = "32s" ++ g_hash_byte_list = g_hash_byte_list + struct.pack(pack_format, caller_hash) ++ g_caller_num = g_caller_num + 1 ++ if g_caller_num > MAX_CALLER_NUM: ++ raise RuntimeError("Exceed max caller num", MAX_CALLER_NUM) ++ ++ ++def handle_auth_base_info(child): ++ """ handle auth_base_info """ ++ for attr in child.attrib: ++ if attr == "auth_enable": ++ check_auth_enable_type(child.attrib.get(attr)) ++ get_auth_enable_value(child.attrib.get(attr)) ++ elif attr == "auth_type_uid": ++ check_auth_type(child.attrib.get(attr)) ++ get_auth_type_value(child.attrib.get(attr)) ++ else: ++ raise RuntimeError("invaild auth_base_info attrib", attr) ++ ++ ++def handle_auth_item(child, auth_type): ++ """ handle auth item """ ++ for item in child: ++ check_item_type(item) ++ get_item_value(item, auth_type) ++ ++ ++def do_parser_auth_conf(root): ++ """ do parser auth config """ ++ auth_tag = "auth_cmdline_uid" ++ xml_line_num = 0 ++ for child in root: ++ if child.tag == "auth_base_info": ++ if xml_line_num != 0: ++ raise RuntimeError("the auth_base_info must be configured first") ++ handle_auth_base_info(child) ++ if g_auth_type != DEFAULT_AUTH_TYPE_UID: ++ auth_tag = "auth_cmdline_username" ++ elif child.tag == auth_tag: ++ handle_auth_item(child, g_auth_type) ++ else: ++ raise RuntimeError("not support xml tag", child.tag) ++ xml_line_num = xml_line_num + 1 ++ ++ ++def parser_auth_xml(auth_xml_file_path, manifest_ext_path, big_endian=False): ++ """ parser auth xml """ ++ global g_caller_num ++ global g_hash_byte_list ++ global g_big_endian ++ ++ g_big_endian = big_endian ++ ++ if not os.path.exists(auth_xml_file_path): ++ raise RuntimeError("auth_config.xml file doesn't exist") ++ ++ tree = ET.parse(auth_xml_file_path) ++ root = tree.getroot() ++ ++ # parser auth config ++ do_parser_auth_conf(root) ++ ++ # gen auth header ++ if g_caller_enable == 0: ++ g_caller_num = 0 ++ g_hash_byte_list = bytes("", 'utf-8') ++ ++ if g_big_endian is True: ++ pack_format = ">II" ++ else: ++ pack_format = "II" ++ auth_header = struct.pack(pack_format, g_caller_enable, g_caller_num) ++ ++ #write auth to mani_ext ++ if not os.path.exists(manifest_ext_path): ++ fd_ext = os.open(manifest_ext_path, os.O_WRONLY | os.O_CREAT, stat.S_IWUSR | stat.S_IRUSR) ++ else: ++ fd_ext = os.open(manifest_ext_path, os.O_RDWR, 0o600) ++ with os.fdopen(fd_ext, 'ba+') as fp_mani_ext: ++ fp_mani_ext.write(bytes(AUTH_CONFIG_KEY, "utf-8")) ++ fp_mani_ext.write(auth_header) ++ fp_mani_ext.write(g_hash_byte_list) ++ fp_mani_ext.write(bytes("\n", "utf-8")) ++ fp_mani_ext.close() +diff --git a/build/signtools/config_cloud.ini b/build/signtools/config_cloud.ini +new file mode 100644 +index 0000000..b366ad8 +--- /dev/null ++++ b/build/signtools/config_cloud.ini +@@ -0,0 +1,60 @@ ++[signSecPrivateCfg] ++;;; ++;private key length for signing TA: ++;[fixed value] ++;256 ECDSA Alg ++;2048/4096 RSA Alg ++secSignKeyLen = 4096 ++;;; ++;[fixed value] ++;0 means SHA256 hash type ++;1 means SHA512 hash type ++secHashType = 0 ++;;; ++; [fixed value] ++;0 means padding type is pkcs1v15 ++;1 means padding type is PSS ++;[fixed value] ++secPaddingType = 1 ++;;; ++;[fixed value] ++;RSA alg ++;ECDSA alg ++;SM2 alg ++secSignAlg = RSA ++;;; ++;public key for encrypt TA ++secEncryptKey = rsa_public_key_cloud.pem ++;;; ++;public key length ++secEncryptKeyLen = 3072 ++ ++[signSecPublicCfg] ++;;; ++;[fixed value] ++; sec sign key type ++;0 means debug ++;1 means release ++secReleaseType = 1 ++;;; ++;0 means TA not installed by OTRP ++;1 means TA installed by OTRP ++secOtrpFlag = 0 ++;;; ++;0 means not sign ++;1 means signed by local private ++;2 means signed using native sign tool; ++;3 means signed by CI ++;[fixed value] ++secSignType = 1 ++;;; ++;server address for signing TA ++secSignServerIp = ++;;; ++;private key for signing TA ++;[private key owned by yourself] ++secSignKey = TA_cert/private_key.pem ++;;; ++;config file ++;[signed config file by Huawei] ++configPath = signed_config/config +diff --git a/build/signtools/config_tee_private_sample.ini b/build/signtools/config_tee_private_sample.ini +new file mode 100644 +index 0000000..5b2bb9c +--- /dev/null ++++ b/build/signtools/config_tee_private_sample.ini +@@ -0,0 +1,35 @@ ++[signSecPrivateCfg] ++;;; ++;private key length for signing TA ++secSignKeyLen = 4096 ++;;; ++;0 means SHA256 hash type ++;1 means SHA512 hash type ++secHashType = 0 ++;;; ++; Fixed value ++;1 means padding type is PSS ++secPaddingType = 1 ++;;; ++;RSA alg ++;ECDSA alg ++secSignAlg = RSA ++[signConfigPrivateCfg] ++;;; ++; Fixed value ++;0 config证书 ++configVersion = 0 ++;;; ++; Fixed value 1 ++configPolicy = 1 ++;;; ++;RSA_PKCS1 alg ++;RSA_PSS alg ++;ECDSA alg ++configSignAlg = RSA_PSS ++;;; ++;1 means signed by local private ++configSignType = 1 ++;;; ++;private key for signing TA ++configSignKey = taconfig_key.pem +diff --git a/build/signtools/dyn_conf_checker.py b/build/signtools/dyn_conf_checker.py +new file mode 100644 +index 0000000..64eeaf2 +--- /dev/null ++++ b/build/signtools/dyn_conf_checker.py +@@ -0,0 +1,512 @@ ++#!/usr/bin/env python3 ++# coding=utf-8 ++#---------------------------------------------------------------------------- ++# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++# Licensed under the Mulan PSL v2. ++# You can use this software according to the terms and conditions of the Mulan ++# PSL v2. ++# You may obtain a copy of Mulan PSL v2 at: ++# http://license.coscl.org.cn/MulanPSL2 ++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY ++# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ++# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. ++# See the Mulan PSL v2 for more details. ++# tools for generating a trusted application dyn perm checker ++#---------------------------------------------------------------------------- ++ ++ ++import re ++import uuid ++ ++uuid_split_sym_list = ['-'] ++spilt_sym_list = [';', '|', ','] ++unused_sym_list = ['_'] ++unique_list = [] ++permission_unique_dict = {} ++cmd_unique_dict = {} ++ ++ ++def check_csv_sym(value): ++ ++ for sym in value: ++ if sym in unused_sym_list: ++ continue ++ elif sym >= 'A' and sym <= 'Z': ++ continue ++ elif sym >= 'a' and sym <= 'z': ++ continue ++ elif sym >= '0' and sym <= '9': ++ continue ++ else: ++ raise RuntimeError("has invalid sym in csv", value) ++ ++ ++def classify_uuid_list(value): ++ ++ ans = "" ++ uuid_list = value.split(',') ++ for uuid_item in uuid_list: ++ ans = "%s%s," % (ans, str(uuid.UUID(uuid_item))) ++ ++ return ans[:len(ans) - 1].strip() ++ ++ ++def check_context_sym(old_item, attr, value): ++ ++ if len(value) == 0: ++ return -1 ++ ++ for sym in value: ++ if sym in uuid_split_sym_list: ++ continue ++ elif sym in spilt_sym_list: ++ continue ++ elif sym in unused_sym_list: ++ continue ++ elif sym >= 'A' and sym <= 'Z': ++ continue ++ elif sym >= 'a' and sym <= 'z': ++ continue ++ elif sym >= '0' and sym <= '9': ++ continue ++ else: ++ raise RuntimeError("has invalid sym in xml", \ ++ old_item + attr, value) ++ return 0 ++ ++ ++def do_split_and_classify(old_item, attr, split_sym_index, value): ++ ++ ans = "" ++ value_list = value.split(spilt_sym_list[split_sym_index]) ++ for val in value_list: ++ val = val.strip() ++ if len(val) == 0: ++ raise RuntimeError("cannot split empty region", value) ++ if split_sym_index == len(spilt_sym_list) - 1: ++ if check_context_sym(old_item, attr, val) != 0: ++ raise RuntimeError("xml attrib cannot be NULL", \ ++ old_item + attr, value) ++ ans += val + spilt_sym_list[split_sym_index] ++ else: ++ ans += do_split_and_classify(old_item, attr, split_sym_index + 1,\ ++ val) + spilt_sym_list[split_sym_index] ++ ++ return ans[: len(ans) - 1] ++ ++ ++def check_and_classify_attr(old_item, attr, value): ++ ++ if len(value) == 0: ++ raise RuntimeError("tag %s%s is NULL in xml" % (old_item, attr)) ++ ++ value = do_split_and_classify(old_item, attr, 0, value) ++ ++ if attr == "uuid": ++ value = classify_uuid_list(value) ++ ++ return value ++ ++ ++def check_iomap_range(iomap_range): ++ ++ if len(iomap_range) == 0: ++ raise RuntimeError("you must define iomap_range") ++ ++ iomap_range.replace(" ", "") ++ iomap_ranges = iomap_range.split(";") ++ for iomap in iomap_ranges: ++ addrs = iomap.split(",") ++ # check if range is start,end format ++ if len(addrs) == 0: ++ continue ++ ++ if len(addrs) != 2: ++ raise RuntimeError("iomap must be start1,end1;\ ++start2,end2....", addrs) ++ ++ if '0x' not in addrs[0] or '0x' not in addrs[1]: ++ raise RuntimeError("addr must be hex like \ ++0xF8555000", addrs[0], addrs[1]) ++ ++ # check if addr is 4K aligned ++ start = int(addrs[0], 16) ++ end = int(addrs[1], 16) ++ if start > 0xffffffffffffffff or end > 0xffffffffffffffff: ++ raise RuntimeError("addr is so large", addrs[0], addrs[1]) ++ if start % 0x1000 != 0 or end % 0x1000 != 0: ++ raise RuntimeError("addr must be 4K aligned", addrs[0], addrs[1]) ++ if end <= start: ++ raise RuntimeError("iomap range start must \ ++smaller than end ", addrs[0], addrs[1]) ++ ++ return 0 ++ ++ ++def check_thread_limit(value): ++ ++ if len(value) > 0: ++ thread_limit = int(value) ++ if thread_limit > 0xffffffff or thread_limit <= 0: ++ raise RuntimeError("thread_limit is invalid", thread_limit) ++ ++ ++def check_upgrade(value): ++ ++ if len(value) > 0: ++ if value.lower() != 'true' and value.lower() != 'false': ++ raise RuntimeError("upgrade must be true or false", value) ++ ++ ++def check_virt2phys(value): ++ ++ if len(value) > 0: ++ if value.lower() != 'true' and value.lower() != 'false': ++ raise RuntimeError("virt2phys must be true or false", value) ++ ++ ++def check_exception_mode(value): ++ ++ if value != "restart" and value != "syscrash" and value != "ddos": ++ raise RuntimeError("unknown exception mode", value) ++ ++ ++def check_chip_type(attrib, value): ++ ++ if len(value) == 0: ++ raise RuntimeError("chip_type cannot be NULL") ++ ++ if not re.match(r"[A-Za-z0-9_,]*$", value): ++ raise RuntimeError("there has invalid sym in chip type", value) ++ ++ chips = value.split(",") ++ for chip in chips: ++ chip_item = chip.lower().strip() ++ if len(chip_item) > 31: ++ raise RuntimeError("{} length is larger than 31".format(chip_item), chip_item) ++ ++ flag = 0 ++ for attr in attrib: ++ if attr != "chip_type": ++ flag = 1 ++ break ++ if flag == 0: ++ raise RuntimeError("you cannot only set chip_type in item") ++ ++ ++def check_drv_name(value): ++ ++ if len(value) > 31 or len(value) == 0: ++ raise RuntimeError("drv name should not be NULL or \ ++length larger than 31", value) ++ ++ ++def check_irq(value): ++ ++ if len(value) == 0: ++ raise RuntimeError("irq cannot be NULL") ++ ++ if ';' in value or '|' in value: ++ raise RuntimeError("irq can only split by ,", value) ++ ++ irq_list = value.split(',') ++ for irq in irq_list: ++ num = int(irq, 10) ++ if num < 32: ++ raise RuntimeError("irq shoule not smaller than 32", value) ++ ++ ++def check_map_secure_uuid(attrib, value): ++ ++ if len(value) != 36: ++ raise RuntimeError("uuid len is invalid", value) ++ ++ flag = 0 ++ for attr in attrib: ++ if attr == "region": ++ flag = 1 ++ ++ if flag == 0: ++ raise RuntimeError("please set region in map secure item", attrib) ++ ++ ++def check_map_secure_region(attrib, value): ++ ++ if len(value) == 0: ++ raise RuntimeError("region cannot be NULL") ++ ++ flag = 0 ++ for attr in attrib: ++ if attr == "uuid": ++ flag = 1 ++ ++ if flag == 0: ++ raise RuntimeError("please set uuid in map secure item", attrib) ++ ++ check_iomap_range(value) ++ ++ ++def check_drv_cmd_perm_info_item_permission(attrs, perm): ++ ++ if len(perm) == 0: ++ raise RuntimeError("permssion len should not be NULL") ++ ++ if not re.match(r"^[0-9]*$", perm): ++ raise RuntimeError("there has invalid sym in perm", perm) ++ ++ if int(perm, 10) > 64 or int(perm, 10) < 1: ++ raise RuntimeError("perm can only in range 1-64", perm) ++ ++ flag = 0 ++ ++ for attr in attrs: ++ if attr == "cmd" and len(attrs[attr]) != 0: ++ flag = 1 ++ break ++ ++ if flag == 0: ++ raise RuntimeError("you should set cmd while you set cmd permission") ++ ++ ++def check_drv_cmd_perm_info_item_cmd(attrs, dyn_key): ++ ++ if len(dyn_key) == 0: ++ raise RuntimeError("dyn_key len should not be 0") ++ ++ flag = 0 ++ ++ cmd = "" ++ for attr in attrs: ++ if attr == "permission" and len(attrs[attr]) != 0: ++ flag = 1 ++ if attr == "cmd" and len(attrs[attr]) != 0: ++ cmd = attrs[attr] ++ if (dyn_key, attrs[attr]) in unique_list: ++ raise RuntimeError("one cmd can only set \ ++permission once", attrs[attr]) ++ ++ unique_list.append((dyn_key, cmd)) ++ ++ if flag == 0: ++ raise RuntimeError("you should set permission while \ ++you set cmd permission") ++ ++ ++def check_mac_info_item_permission(attrs, perm): ++ ++ if len(perm) == 0: ++ raise RuntimeError("permssion len should not be 0") ++ ++ if ',' in perm or ';' in perm: ++ raise RuntimeError("multi permssion can only split by | ", perm) ++ ++ flag = 0 ++ ++ for attr in attrs: ++ if attr == "uuid" and len(attrs[attr]) != 0: ++ flag = 1 ++ break ++ ++ if flag == 0: ++ raise RuntimeError("you should set uuid while \ ++you set drvcall's permission") ++ ++ for perm_num in perm.split("|"): ++ if int(perm_num, 10) > 64 or int(perm_num, 10) < 1: ++ raise RuntimeError("perm can only in range 1-64", perm) ++ ++ ++def check_mac_info_item_uuid(attrs, dyn_key): ++ ++ if len(dyn_key) == 0: ++ raise RuntimeError("dyn_key len should not be 0") ++ ++ uuid_str = "" ++ for attr in attrs: ++ if attr == "uuid" and len(attrs[attr]) != 0: ++ uuid_str = attrs[attr] ++ if ',' in uuid_str: ++ raise RuntimeError("uuid in mac can only set one", uuid_str) ++ if (dyn_key, uuid_str) in unique_list: ++ raise RuntimeError("uuid can only set once in mac", uuid_str) ++ ++ unique_list.append((dyn_key, uuid_str)) ++ ++ ++def check_permssion_unique(value, origin_value): ++ ++ value_list = value.split("|") ++ origin_value_list = origin_value.split("|") ++ if len(value) == 0 or len(value_list) != len(origin_value_list): ++ RuntimeError("permssion trans by csv failed", value, origin_value) ++ ++ for (i, _) in enumerate(value_list): ++ if value_list[i] in permission_unique_dict.keys() and \ ++ permission_unique_dict.get(value_list[i]) != origin_value_list[i]: ++ raise RuntimeError("different permission set same num in csv",\ ++ value, origin_value) ++ permission_unique_dict[value_list[i]] = origin_value_list[i] ++ ++ ++def check_cmd_unique(value, origin_value): ++ ++ value_list = value.split("|") ++ origin_value_list = origin_value.split("|") ++ if len(value) == 0 or len(value_list) != len(origin_value_list): ++ RuntimeError("cmd trans by csv failed", value, origin_value) ++ ++ for (i, _) in enumerate(value_list): ++ if value_list[i] in cmd_unique_dict.keys() and \ ++ cmd_unique_dict.get(value_list[i]) != origin_value_list[i]: ++ raise RuntimeError("different cmd set same num in csv", \ ++ value, origin_value) ++ cmd_unique_dict[value_list[i]] = origin_value_list[i] ++ ++ ++def check_perm_apply_item(attrs, perm): ++ ++ if len(perm) == 0: ++ raise RuntimeError("permssion len should not be 0") ++ ++ flag = 0 ++ ++ for attr in attrs: ++ if attr == "name" and len(attrs[attr]) != 0: ++ flag = 1 ++ break ++ ++ if flag == 0: ++ raise RuntimeError("you should set drv's name while \ ++you set drv's permission") ++ ++ ++def check_ta_config_service_name(service_name): ++ ++ if len(service_name) == 0 or len(service_name) >= 40: ++ raise Exception("service name is invalid", service_name) ++ ++ ++def check_ta_config_stack_size(stack_size): ++ ++ if int(stack_size, 10) > 0xffffffff or int(stack_size, 10) <= 0: ++ raise Exception("stack size is invalid", stack_size) ++ ++ ++def check_ta_config_heap_size(heap_size): ++ ++ if int(heap_size, 10) > 0xffffffff or int(heap_size, 10) <= 0: ++ raise Exception("heap size is invalid", heap_size) ++ ++ ++def check_ta_config_rpmb_size(rpmb_size): ++ ++ if int(rpmb_size, 10) > 0xffffffff or int(rpmb_size, 10) <= 0: ++ raise Exception("rpmb size is invalid", rpmb_size) ++ ++ ++def check_ta_config_device_id(device_id): ++ ++ if len(device_id) != 64: ++ raise Exception("device_id len is invalid", device_id) ++ ++ for sym in device_id: ++ if sym >= 'A' and sym <= 'Z': ++ continue ++ elif sym >= '0' and sym <= '9': ++ continue ++ else: ++ raise RuntimeError("has invalid sym in device_id", sym, device_id) ++ ++ ++def dyn_perm_check(dyn_key, attrib, value, origin_value): ++ ++ if dyn_key == 'drv_perm/drv_basic_info/thread_limit': ++ check_thread_limit(value) ++ elif dyn_key == 'drv_perm/drv_basic_info/upgrade': ++ check_upgrade(value) ++ elif dyn_key == 'drv_perm/drv_basic_info/virt2phys': ++ check_virt2phys(value) ++ elif dyn_key == 'drv_perm/drv_basic_info/exception_mode': ++ check_exception_mode(value) ++ elif dyn_key == 'drv_perm/drv_io_map/item/chip_type': ++ check_chip_type(attrib, value) ++ elif dyn_key == 'drv_perm/drv_io_map/item/iomap': ++ check_iomap_range(value) ++ elif dyn_key == 'drv_perm/irq/item/irq': ++ check_irq(value) ++ elif dyn_key == 'drv_perm/map_secure/item/chip_type': ++ check_chip_type(attrib, value) ++ elif dyn_key == 'drv_perm/map_secure/item/uuid': ++ check_map_secure_uuid(attrib, value) ++ return ++ elif dyn_key == 'drv_perm/map_secure/item/region': ++ check_map_secure_region(attrib, value) ++ elif dyn_key == 'drv_perm/map_nosecure/item/chip_type': ++ check_chip_type(attrib, value) ++ elif dyn_key == 'drv_perm/map_nosecure/item/uuid': ++ # uuid has been checked in classify_uuid() ++ return ++ elif dyn_key == 'drv_perm/drv_cmd_perm_info/item/cmd': ++ # cmd has been trans by csv, so it must be valied ++ check_drv_cmd_perm_info_item_cmd(attrib, dyn_key) ++ check_cmd_unique(value, origin_value) ++ return ++ elif dyn_key == 'drv_perm/drv_cmd_perm_info/item/permission': ++ check_drv_cmd_perm_info_item_permission(attrib, value) ++ check_permssion_unique(value, origin_value) ++ elif dyn_key == 'drv_perm/drv_mac_info/item/uuid': ++ # uuid has been checked in classify_uuid() ++ check_mac_info_item_uuid(attrib, dyn_key) ++ return ++ elif dyn_key == 'drv_perm/drv_mac_info/item/permission': ++ check_mac_info_item_permission(attrib, value) ++ check_permssion_unique(value, origin_value) ++ elif dyn_key == 'drvcall_conf/drvcall_perm_apply/item/permission': ++ check_perm_apply_item(attrib, value) ++ check_permssion_unique(value, origin_value) ++ elif dyn_key == 'ConfigInfo/TA_Basic_Info/service_name/service_name': ++ check_ta_config_service_name(value) ++ elif dyn_key == 'ConfigInfo/TA_Basic_Info/uuid/uuid': ++ classify_uuid_list(value) ++ elif dyn_key == 'ConfigInfo/TA_Manifest_Info/stack_size/stack_size': ++ check_ta_config_stack_size(value) ++ elif dyn_key == 'ConfigInfo/TA_Manifest_Info/heap_size/heap_size': ++ check_ta_config_heap_size(value) ++ elif dyn_key == 'ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/RPMB_size': ++ check_ta_config_rpmb_size(value) ++ elif dyn_key == \ ++ 'ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/DEBUG_device_id': ++ check_ta_config_device_id(value) ++ else: ++ return ++ ++ ++def check_text_ava(old_item, text): ++ ++ if text is None or len(text.strip()) == 0: ++ raise Exception("text is invalied", old_item) ++ ++ ++ta_config_item_list = [ ++ 'ConfigInfo/TA_Basic_Info/service_name/', ++ 'ConfigInfo/TA_Basic_Info/uuid/', ++ 'ConfigInfo/TA_Manifest_Info/instance_keep_alive/', ++ 'ConfigInfo/TA_Manifest_Info/stack_size/', ++ 'ConfigInfo/TA_Manifest_Info/heap_size/', ++ 'ConfigInfo/TA_Manifest_Info/multi_command/', ++ 'ConfigInfo/TA_Manifest_Info/multi_session/', ++ 'ConfigInfo/TA_Manifest_Info/single_instance/', ++ 'ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/', ++ 'ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/RPMB_general/', ++ 'ConfigInfo/TA_Control_Info/SE_Info/SE_open_session/', ++ 'ConfigInfo/TA_Control_Info/TUI_Info/TUI_general/', ++ 'ConfigInfo/TA_Control_Info/DEBUG_Info/debug_status/', ++ 'ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/'] ++ ++ ++def check_ta_config(old_item, text): ++ ++ if old_item in ta_config_item_list: ++ check_text_ava(old_item, text) ++ ++ return True +diff --git a/build/signtools/dyn_conf_parser.py b/build/signtools/dyn_conf_parser.py +new file mode 100644 +index 0000000..7ecb7f6 +--- /dev/null ++++ b/build/signtools/dyn_conf_parser.py +@@ -0,0 +1,315 @@ ++#!/usr/bin/env python3 ++# coding=utf-8 ++#---------------------------------------------------------------------------- ++# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++# Licensed under the Mulan PSL v2. ++# You can use this software according to the terms and conditions of the Mulan ++# PSL v2. ++# You may obtain a copy of Mulan PSL v2 at: ++# http://license.coscl.org.cn/MulanPSL2 ++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY ++# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ++# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. ++# See the Mulan PSL v2 for more details. ++# tools for generating a trusted application dyn perm parser ++#---------------------------------------------------------------------------- ++ ++import string ++import os ++import stat ++import logging ++from defusedxml import ElementTree as ET ++from dyn_conf_checker import dyn_perm_check ++from dyn_conf_checker import check_and_classify_attr ++from dyn_conf_checker import check_csv_sym ++from dyn_conf_checker import check_ta_config ++ ++ ++type_trans = {"TYPE_NONE": "-1", ++ "TYPE_CLASS": "0", ++ "TYPE_BOOL": "1", ++ "TYPE_INT": "2", ++ "TYPE_CHAR": "3"} ++ ++# the length len in tlv ++DYN_CONF_LEN_LEN = 4 ++ ++tag_dict = {} ++type_dict = {} ++trans_dict = {} ++ ++ ++def get_csv_size(path): ++ ++ with open(path, "r", encoding="utf-8") as csvfile: ++ lines = csvfile.readlines() ++ return len(lines) ++ return 0 ++ ++ ++def get_csv_data(path, lnum, rnum): ++ ++ with open(path, "r", encoding="utf-8") as csvfile: ++ count = 0 ++ lines = csvfile.readlines() ++ for line in lines: ++ if count == lnum: ++ return str(line.split(",")[rnum]).strip() ++ count = count + 1 ++ return "" ++ ++ ++def classify_tag(tag): ++ ++ while len(tag) < 3: ++ tag = "0%s" % (tag) ++ ++ return tag ++ ++ ++# save tag type and trans dict ++def handle_tag_dict(path): ++ ++ for i in range(0, get_csv_size(path)): ++ dyn_sym = get_csv_data(path, i, 0) ++ tag_dict[dyn_sym] = classify_tag(get_csv_data(path, i, 1)) ++ type_dict[dyn_sym] = type_trans.get(get_csv_data(path, i, 2)) ++ trans_dict[dyn_sym] = get_csv_data(path, i, 3) ++ ++ ++def check_target_data_been_found(sym, find_out, path): ++ ++ if find_out == 1: ++ raise RuntimeError(sym + " can only set one time in " + path) ++ ++ ++# trans value sym by trans dict ++def handle_trans(value, path): ++ ++ datas = value.split("|") ++ ++ for i, data in enumerate(datas): ++ find_out = 0 ++ target_data = data ++ for j in range(0, get_csv_size(path)): ++ sym = get_csv_data(path, j, 0) ++ tag = get_csv_data(path, j, 1) ++ check_csv_sym(sym) ++ check_csv_sym(tag) ++ if sym == target_data: ++ # if one sym has been set more than one time in csv ++ check_target_data_been_found(sym, find_out, path) ++ datas[i] = tag ++ find_out = 1 # means we find sym in dict ++ ++ if find_out == 0: ++ raise RuntimeError("cannot find {} in {}".format(datas[i], path)) ++ ++ ans = datas[0] ++ for i in range(1, len(datas)): ++ ans = "%s|%s" % (ans, datas[i]) ++ ++ return ans ++ ++ ++def get_value_by_name_in_config(config_name, in_path): ++ ++ config_file = os.path.join(in_path, config_name) ++ if not os.path.exists(config_file): ++ logging.error("configs.xml file doesn't exist") ++ return "" ++ xml_tree = ET.parse(config_file) ++ drv_perm = xml_tree.find('./TA_Basic_Info/service_name') ++ return drv_perm.text ++ ++ ++def get_value_by_name_in_manifest(manifest_name, in_path): ++ ++ manifest = os.path.join(in_path, "manifest.txt") ++ if not os.path.exists(manifest): ++ name = get_value_by_name_in_config("configs.xml", in_path) ++ if name != "": ++ return name ++ else: ++ with open(manifest, 'r') as mani_fp: ++ for each_line in mani_fp: ++ if each_line.startswith("#") or not each_line.strip(): ++ continue ++ name = each_line.split(":")[0].strip() ++ if "{" + name + "}" == manifest_name: ++ return str(each_line.split(":")[1].strip()) ++ ++ raise RuntimeError("{" + manifest_name + "}" + \ ++ "cannot find in " + manifest) ++ ++ ++def get_value_trans(old_item, value, attrib, key, in_path): ++ ++ # if name contains '.csv' means ++ # we can transform value by {manifest_name}.csv ++ # manifest_name must in manifest.txt ++ if ".csv" in trans_dict.get(key): ++ manifest_name = trans_dict.get(key).split(".csv")[0] ++ manifest_value = get_value_by_name_in_manifest(manifest_name, in_path) ++ trans_file_path = os.path.join(in_path, "{}.csv".format(manifest_value)) ++ return handle_trans(value, trans_file_path) ++ # if name not contains '.csv' means ++ # we can transform value by {attrib[attri]}.csv ++ # attrib[attri] must in xml file ++ for attri in attrib: ++ if old_item + attri == trans_dict.get(key): ++ if len(attrib[attri]) == 0: ++ raise RuntimeError("you should set drv name while \ ++ you set drv permission") ++ trans_file_path = os.path.join(in_path, "{}.csv".format(attrib[attri])) ++ return handle_trans(value, trans_file_path) ++ ++ raise RuntimeError("cannot find second trans file",\ ++ key, trans_dict.get(key)) ++ ++ ++def item_zip(old_item, attr, value, attrib, in_path): ++ ++ dyn_key = old_item + attr ++ dyn_type = type_dict.get(dyn_key) ++ origin_value = value ++ ++ if len(trans_dict.get(dyn_key)) > 0: ++ value = get_value_trans(old_item, value, attrib, dyn_key, in_path) ++ ++ # check the xml is invalid for dyn perm ++ dyn_perm_check(dyn_key, attrib, value, origin_value) ++ ++ if dyn_type == type_trans.get("TYPE_BOOL"): ++ if value.lower() == "true": ++ return "1" ++ elif value.lower() == "false": ++ return "0" ++ else: ++ raise Exception("bool can only be true or false") ++ elif dyn_type == type_trans.get("TYPE_INT"): ++ if '0x' in value: ++ return str(int(value, base=16)) ++ elif '0b' in value: ++ return str(int(value, base=2)) ++ else: ++ return str(int(value, base=10)) ++ elif dyn_type == type_trans.get("TYPE_CHAR"): ++ return value ++ else: ++ raise RuntimeError("unknown type") ++ ++ ++def get_length(value): ++ ++ length = len(value) ++ off = int((DYN_CONF_LEN_LEN / 2 - 1) * 8) ++ ans = "" ++ ++ for _ in range(int(DYN_CONF_LEN_LEN / 2)): ++ tmp = "" ++ dyn_len = (length >> off) & 0xFF; ++ if dyn_len >= 0 and dyn_len <= 0xF: ++ tmp = "0" ++ tmp += str(hex(dyn_len)).split("x")[1] ++ ans += tmp ++ off -= 8 ++ ++ return ans ++ ++ ++def do_parser_dyn_conf(old_item, ele, in_path): ++ ++ attrs = "" ++ if len(ele.attrib) > 0: ++ for attr in ele.attrib: ++ ele.attrib[attr] = check_and_classify_attr(old_item,\ ++ attr, ele.attrib.get(attr)) ++ tag = tag_dict.get(old_item + attr) ++ dyn_type = type_dict.get(old_item + attr) ++ if dyn_type == type_trans.get("TYPE_NONE"): ++ continue ++ ++ value = item_zip(old_item, attr, ele.attrib[attr], ++ ele.attrib, in_path) ++ length = get_length(value) ++ attrs = attrs + tag + dyn_type + length + value ++ else: ++ for child in ele: ++ tmp_attrs = do_parser_dyn_conf(old_item + child.tag + "/", ++ child, in_path) ++ if tmp_attrs == "": ++ continue ++ attrs = attrs + tmp_attrs ++ ++ # handle inner context ++ if check_ta_config(old_item, ele.text) is True and \ ++ ele.text is not None and len(ele.text.strip()) > 0: ++ inner_text = item_zip(old_item + ele.tag, "", ele.text, {}, in_path) ++ attrs = attrs + tag_dict.get(old_item + ele.tag) + \ ++ type_dict.get(old_item + ele.tag) + \ ++ get_length(inner_text) + inner_text ++ ++ if len(tag_dict.get(old_item)) == 0 or attrs == "": ++ return "" ++ ++ return tag_dict.get(old_item) + type_dict.get(old_item) + \ ++ get_length(attrs) + attrs ++ ++ ++def parser_dyn_conf(dyn_conf_xml_file_path, manifest_ext_path, ++ tag_parse_dict_path, in_path): ++ ++ if not os.path.exists(dyn_conf_xml_file_path): ++ logging.error("dyn perm xml file doesn't exist") ++ return ++ ++ if not os.path.exists(tag_parse_dict_path): ++ logging.error("tag_parse_dict.csv file doesn't exist") ++ return ++ ++ handle_tag_dict(tag_parse_dict_path) ++ tree = ET.parse(dyn_conf_xml_file_path) ++ root = tree.getroot() ++ ++ ans = do_parser_dyn_conf(root.tag + "/", root, in_path) ++ if ans == "": ++ ans = "00000" ++ ++ ans = "gpd.ta.dynConf:" + ans + "\n" ++ ++ if not os.path.exists(manifest_ext_path): ++ out_tlv = os.path.join(in_path, "config_tlv") ++ with os.fdopen(os.open(out_tlv, \ ++ os.O_RDWR | os.O_TRUNC | os.O_CREAT, \ ++ stat.S_IWUSR | stat.S_IRUSR), 'w+') as conf: ++ conf.write(ans) ++ else: ++ #write items to mani_ext ++ manifest_ext_path_fd = os.open(manifest_ext_path, os.O_RDWR, 0o600) ++ with os.fdopen(manifest_ext_path_fd, 'a+') as mani_ext_fp: ++ mani_ext_fp.write(ans) ++ ++ ++def parser_config_xml(config_xml_file_path, tag_parse_dict_path, \ ++ out_path, in_path): ++ ++ if not os.path.exists(config_xml_file_path): ++ logging.error("config xml file doesn't exist") ++ return ++ if not os.path.exists(tag_parse_dict_path): ++ logging.error("tag_parse_dict.csv file doesn't exist") ++ return ++ ++ handle_tag_dict(tag_parse_dict_path) ++ tree = ET.parse(config_xml_file_path) ++ root = tree.getroot() ++ ++ ans = do_parser_dyn_conf(root.tag + "/", root, in_path) ++ if ans == "": ++ ans = "00000" ++ ++ # write items to mani_ext ++ config_path_fd = os.open(out_path, os.O_CREAT | os.O_RDWR, 0o600) ++ with os.fdopen(config_path_fd, 'a+') as config_fp: ++ config_fp.write(ans) +diff --git a/build/signtools/generate_hash.py b/build/signtools/generate_hash.py +new file mode 100644 +index 0000000..fd90a01 +--- /dev/null ++++ b/build/signtools/generate_hash.py +@@ -0,0 +1,51 @@ ++#!/usr/bin/env python ++# coding=utf-8 ++#---------------------------------------------------------------------------- ++# Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved. ++# Licensed under the Mulan PSL v2. ++# You can use this software according to the terms and conditions of the Mulan ++# PSL v2. ++# You may obtain a copy of Mulan PSL v2 at: ++# http://license.coscl.org.cn/MulanPSL2 ++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY ++# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ++# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. ++# See the Mulan PSL v2 for more details. ++# Description: cal hash for generating a trusted application load image ++#---------------------------------------------------------------------------- ++ ++import struct ++import os ++import hashlib ++import stat ++ ++HASH256 = 0 ++HASH512 = 1 ++ ++ ++def gen_hash(hash_type, in_data, out_file_path): ++ # Initialize a SHA256 object from the Python hash library ++ if int(hash_type) == HASH256: ++ hash_op = hashlib.sha256() ++ elif int(hash_type) == HASH512: ++ hash_op = hashlib.sha512() ++ hash_op.update(in_data) ++ ++ #-----hash file used for ras sign--- ++ fd_hash = os.open(out_file_path, os.O_WRONLY | os.O_CREAT, \ ++ stat.S_IWUSR | stat.S_IRUSR) ++ hash_fp = os.fdopen(fd_hash, "wb") ++ # fixed hash prefix value ++ if int(hash_type) == HASH256: ++ hash_fp.write(struct.pack('B' * 19, 0x30, 0x31, 0x30, 0x0d, 0x06, \ ++ 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, \ ++ 0x05, 0x00, 0x04, 0x20)) ++ elif int(hash_type) == HASH512: ++ hash_fp.write(struct.pack('B' * 19, 0x30, 0x51, 0x30, 0x0d, 0x06, \ ++ 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, \ ++ 0x05, 0x00, 0x04, 0x40)) ++ hash_fp.write(hash_op.digest()) ++ hash_fp.close() ++ return ++ ++ +diff --git a/build/signtools/generate_signature.py b/build/signtools/generate_signature.py +index 382aa91..95657e8 100644 +--- a/build/signtools/generate_signature.py ++++ b/build/signtools/generate_signature.py +@@ -1,8 +1,8 @@ + #!/usr/bin/env python +-# coding:utf-8 ++# coding=utf-8 + #---------------------------------------------------------------------------- + # Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved. +-# iTrustee licensed under the Mulan PSL v2. ++# Licensed under the Mulan PSL v2. + # You can use this software according to the terms and conditions of the Mulan + # PSL v2. + # You may obtain a copy of Mulan PSL v2 at: +@@ -11,44 +11,47 @@ + # KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + # NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + # See the Mulan PSL v2 for more details. ++# Description: tools for generating a trusted application load image + #---------------------------------------------------------------------------- + +-import struct + import os +-import hashlib ++import stat + import subprocess ++import logging + +-HASH256 = 0 +-HASH512 = 1 ++from generate_hash import gen_hash + +-def gen_hash(hash_type, in_file_path, out_file_path): +- in_file_size = os.path.getsize(in_file_path) +- # Initialize a SHA256 object from the Python hash library +- if int(hash_type) == HASH256: +- hash_op = hashlib.sha256() +- elif int(hash_type) == HASH512: +- hash_op = hashlib.sha512() +- # Set the input buffer and return the output digest +- with open(in_file_path, 'rb') as in_file: +- hash_op.update(in_file.read(in_file_size)) + +- #-----hash file used for ras sign--- +- with open(out_file_path, 'wb') as hash_fp: +- # fixed hash prefix value +- hash_fp.write(struct.pack('B'*19, 0x30, 0x31, 0x30, 0x0d, 0x06, \ +- 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, \ +- 0x05, 0x00, 0x04, 0x20)) +- hash_fp.write(hash_op.digest()) +- return ++def gen_ta_signature(cfg, uuid_str, raw_data, raw_data_path, hash_file_path, \ ++ out_file_path, out_path, key_info_data, is_big_ending): ++ msg_file = os.path.join(out_path, "temp", "config_msg") ++ fd_msg = os.open(msg_file, os.O_WRONLY | os.O_CREAT, \ ++ stat.S_IWUSR | stat.S_IRUSR) ++ msg_file_fp = os.fdopen(fd_msg, "wb") ++ msg_file_fp.write(raw_data) ++ msg_file_fp.close() ++ if cfg.sign_type == '1': # signed with local key ++ if cfg.padding_type == '0': ++ gen_hash(cfg.hash_type, raw_data, hash_file_path) ++ cmd = "openssl pkeyutl -sign -inkey {} -in {} -out {}".\ ++ format(cfg.sign_key, hash_file_path, out_file_path) ++ elif cfg.padding_type == '1': ++ if cfg.hash_type == '0': ++ cmd = "openssl dgst -sign {} -sha256 -sigopt \ ++ rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 \ ++ -out {} {}".format(cfg.sign_key, out_file_path, msg_file) ++ else: ++ cmd = "openssl dgst -sign {} -sha512 -sigopt \ ++ rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 \ ++ -out {} {}".format(cfg.sign_key, out_file_path, msg_file) ++ try: ++ subprocess.check_output(cmd.split(), shell=False) ++ except Exception: ++ logging.error("sign operation failed") ++ raise RuntimeError ++ else: ++ logging.error("unhandled signtype %s", cfg.sign_type) + +-def gen_ta_signature(cfg, uuid_str, raw_data_path, hash_file_path, out_file_path): +- gen_hash(cfg.hash_type, raw_data_path, hash_file_path) +- cmd = "openssl rsautl -sign -inkey {} -in {} -out {}".\ +- format(cfg.sign_key, hash_file_path, out_file_path) +- try: +- subprocess.check_output(cmd.split(), shell=False) +- except Exception: +- print("sign operation failed") +- raise RuntimeError + return + ++ +diff --git a/build/signtools/get_ta_elf_hash.py b/build/signtools/get_ta_elf_hash.py +new file mode 100644 +index 0000000..89443e0 +--- /dev/null ++++ b/build/signtools/get_ta_elf_hash.py +@@ -0,0 +1,246 @@ ++#!/usr/bin/env python3 ++# coding=utf-8 ++#---------------------------------------------------------------------------- ++# Copyright @ Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++# Licensed under the Mulan PSL v2. ++# You can use this software according to the terms and conditions of the Mulan ++# PSL v2. ++# You may obtain a copy of Mulan PSL v2 at: ++# http://license.coscl.org.cn/MulanPSL2 ++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY ++# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ++# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. ++# See the Mulan PSL v2 for more details. ++# Calculate the elfhash values of TAs by segment and combine the values. ++#---------------------------------------------------------------------------- ++ ++""" ++calculate the elfhash values of TA ++""" ++ ++from __future__ import print_function ++import os ++import sys ++import hashlib ++import struct ++import logging ++ ++ ++def elf_header_verify_check(elf_header): ++ """ check is elf file """ ++ elfinfo_mag0_index = 0 ++ elfinfo_mag1_index = 1 ++ elfinfo_mag2_index = 2 ++ elfinfo_mag3_index = 3 ++ elfinfo_mag0 = '\x7f' ++ elfinfo_mag1 = 'E' ++ elfinfo_mag2 = 'L' ++ elfinfo_mag3 = 'F' ++ ++ if (elf_header.e_ident[elfinfo_mag0_index] != ord(elfinfo_mag0)) or \ ++ (elf_header.e_ident[elfinfo_mag1_index] != ord(elfinfo_mag1)) or \ ++ (elf_header.e_ident[elfinfo_mag2_index] != ord(elfinfo_mag2)) or \ ++ (elf_header.e_ident[elfinfo_mag3_index] != ord(elfinfo_mag3)): ++ return False ++ return True ++ ++ ++class ElfIdent: ++ """ define elf ident """ ++ s = struct.Struct('4sBBB9s') ++ ++ def __init__(self, data): ++ unpacked_data = (ElfIdent.s).unpack(data) ++ self.unpacked_data = unpacked_data ++ self.ei_magic = unpacked_data[0] ++ self.ei_class = unpacked_data[1] ++ self.ei_data = unpacked_data[2] ++ self.ei_ver = unpacked_data[3] ++ self.ei_pad = unpacked_data[4] ++ ++ ++#---------------------------------------------------------------------------- ++# ELF Header Class ++#---------------------------------------------------------------------------- ++class Elf32Ehdr: ++ """ 32bit elf file header """ ++ s = struct.Struct('16sHHIIIIIHHHHHH') ++ ++ def __init__(self, data): ++ unpacked_data = (Elf32Ehdr.s).unpack(data) ++ self.unpacked_data = unpacked_data ++ self.e_ident = unpacked_data[0] ++ self.e_type = unpacked_data[1] ++ self.e_machine = unpacked_data[2] ++ self.e_version = unpacked_data[3] ++ self.e_entry = unpacked_data[4] ++ self.e_phoff = unpacked_data[5] ++ self.e_shoff = unpacked_data[6] ++ self.e_flags = unpacked_data[7] ++ self.e_ehsize = unpacked_data[8] ++ self.e_phentsize = unpacked_data[9] ++ self.e_phnum = unpacked_data[10] ++ self.e_shentsize = unpacked_data[11] ++ self.e_shnum = unpacked_data[12] ++ self.e_shstrndx = unpacked_data[13] ++ ++ ++class Elf64Ehdr: ++ """ 64bit elf file header """ ++ s = struct.Struct('16sHHIQQQIHHHHHH') ++ ++ def __init__(self, data): ++ unpacked_data = (Elf64Ehdr.s).unpack(data) ++ self.unpacked_data = unpacked_data ++ self.e_ident = unpacked_data[0] ++ self.e_type = unpacked_data[1] ++ self.e_machine = unpacked_data[2] ++ self.e_version = unpacked_data[3] ++ self.e_entry = unpacked_data[4] ++ self.e_phoff = unpacked_data[5] ++ self.e_shoff = unpacked_data[6] ++ self.e_flags = unpacked_data[7] ++ self.e_ehsize = unpacked_data[8] ++ self.e_phentsize = unpacked_data[9] ++ self.e_phnum = unpacked_data[10] ++ self.e_shentsize = unpacked_data[11] ++ self.e_shnum = unpacked_data[12] ++ self.e_shstrndx = unpacked_data[13] ++ ++ ++#---------------------------------------------------------------------------- ++# ELF Header Class ++#---------------------------------------------------------------------------- ++class Elf32Phdr: ++ """ 32bit elf file Phdr """ ++ s = struct.Struct('IIIIIIII') ++ ++ def __init__(self, data): ++ unpacked_data = (Elf32Phdr.s).unpack(data) ++ self.unpacked_data = unpacked_data ++ self.p_type = unpacked_data[0] ++ self.p_offset = unpacked_data[1] ++ self.p_vaddr = unpacked_data[2] ++ self.p_paddr = unpacked_data[3] ++ self.p_filesz = unpacked_data[4] ++ self.p_memsz = unpacked_data[5] ++ self.p_flags = unpacked_data[6] ++ self.p_align = unpacked_data[7] ++ ++ ++class Elf64Phdr: ++ """ 64bit elf file Phdr """ ++ s = struct.Struct('IIQQQQQQ') ++ ++ def __init__(self, data): ++ unpacked_data = (Elf64Phdr.s).unpack(data) ++ self.unpacked_data = unpacked_data ++ self.p_type = unpacked_data[0] ++ self.p_flags = unpacked_data[1] ++ self.p_offset = unpacked_data[2] ++ self.p_vaddr = unpacked_data[3] ++ self.p_paddr = unpacked_data[4] ++ self.p_filesz = unpacked_data[5] ++ self.p_memsz = unpacked_data[6] ++ self.p_align = unpacked_data[7] ++ ++ ++#---------------------------------------------------------------------------- ++# generate hash use SHA256 ++#---------------------------------------------------------------------------- ++def generate_sha256_hash_hex(in_buf): ++ """ initialize a SHA256 object from the Python hash library """ ++ m = hashlib.sha256() ++ # Set the input buffer and return the output digest ++ m.update(in_buf) ++ return m.hexdigest() ++ ++ ++def get_elf_file_hash(file_name): ++ """ get elf file hash """ ++ with open(file_name, 'rb') as elf_file_fp: ++ elf_buf = elf_file_fp.read() ++ return generate_sha256_hash_hex(elf_buf) ++ ++ ++class ElfInfo: ++ """ elf info message """ ++ ++ def __init__(self): ++ self.elf32_phdr_size = 32 ++ self.elf64_phdr_size = 56 ++ self.elf_ident_size = 16 ++ self.elf64_hdr_size = 64 ++ self.elf32_hdr_size = 52 ++ self.elfinfo_class_32 = 1 ++ self.elfinfo_class_64 = 2 ++ self.load_type = 0x1 ++ self.write_flag = 0x2 ++ self.exec_flag = 0x1 ++ ++ ++def get_code_segment_from_elf(elf_file_name, out_hash_file_name, sign_data): ++ """ verify ELF header information """ ++ hash_value_summary = "" ++ elf_info = ElfInfo() ++ ++ with open(elf_file_name, 'rb') as elf_fp: ++ elf_ident_buf = elf_fp.read(elf_info.elf_ident_size) ++ elf_ident = ElfIdent(elf_ident_buf) ++ elf_fp.seek(0) ++ if elf_ident.ei_class == elf_info.elfinfo_class_64: ++ elf_hd_buf = elf_fp.read(elf_info.elf64_hdr_size) ++ elf_header = Elf64Ehdr(elf_hd_buf) ++ elif elf_ident.ei_class == elf_info.elfinfo_class_32: ++ elf_hd_buf = elf_fp.read(elf_info.elf32_hdr_size) ++ elf_header = Elf32Ehdr(elf_hd_buf) ++ else: ++ logging.error("No Support ELFINFO_CLASS") ++ ++ if elf_header_verify_check(elf_header) is False: ++ logging.error("ELF file failed verification: %s", elf_file_name) ++ ++ for i_phd in range(0, elf_header.e_phnum): ++ if elf_ident.ei_class == elf_info.elfinfo_class_64: ++ elf_phd_header = Elf64Phdr(elf_fp.read(elf_info.elf64_phdr_size)) ++ elif elf_ident.ei_class == elf_info.elfinfo_class_32: ++ elf_phd_header = Elf32Phdr(elf_fp.read(elf_info.elf32_phdr_size)) ++ else: ++ logging.error("No Support ELFINFO_CLASS") ++ ++ if (elf_phd_header.p_type != elf_info.load_type) or \ ++ (elf_phd_header.p_flags & elf_info.exec_flag != elf_info.exec_flag) or \ ++ (elf_phd_header.p_flags & elf_info.write_flag == elf_info.write_flag): ++ continue ++ ++ # get segment buf form elf file ++ elf_fp.seek(elf_phd_header.p_offset) ++ elf_segment_buf = elf_fp.read(elf_phd_header.p_memsz) ++ ++ # buf 4k alignment ++ if len(elf_segment_buf) % 4096 != 0: ++ alignment_len = (len(elf_segment_buf) // 4096 + 1) * 4096 ++ elf_segment_buf = elf_segment_buf.ljust(alignment_len, b'\0') ++ # get hash from segment buf ++ hash_value_summary = hash_value_summary + generate_sha256_hash_hex(elf_segment_buf) ++ ++ # move the read pointer of the file to the original position. ++ if elf_ident.ei_class == elf_info.elfinfo_class_64: ++ elf_fp.seek((i_phd + 1) * elf_info.elf64_phdr_size + elf_info.elf64_hdr_size) ++ elif elf_ident.ei_class == elf_info.elfinfo_class_32: ++ elf_fp.seek((i_phd + 1) * elf_info.elf32_phdr_size + elf_info.elf32_hdr_size) ++ ++ elf_fp.seek(0) ++ with os.fdopen(os.open('hash_{}.txt'.format(out_hash_file_name), os.O_RDWR | os.O_CREAT, 0o755), \ ++ "w+", 0o755) as file_ob: ++ file_ob.write("mem_hash : {}\n".format(generate_sha256_hash_hex(bytes.fromhex(hash_value_summary)))) ++ file_ob.write("img_hash : {}".format(generate_sha256_hash_hex(sign_data))) ++ ++ ++def main(): ++ """ main function """ ++ get_code_segment_from_elf(sys.argv[1], "test", sys.argv[3]) ++ ++ ++if __name__ == '__main__': ++ main() +diff --git a/build/signtools/manifest.py b/build/signtools/manifest.py +index 6468190..bd6bf90 100755 +--- a/build/signtools/manifest.py ++++ b/build/signtools/manifest.py +@@ -1,8 +1,8 @@ + #!/usr/bin/env python +-# coding:utf-8 ++# coding=utf-8 + #---------------------------------------------------------------------------- + # Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. +-# iTrustee licensed under the Mulan PSL v2. ++# Licensed under the Mulan PSL v2. + # You can use this software according to the terms and conditions of the Mulan + # PSL v2. + # You may obtain a copy of Mulan PSL v2 at: +@@ -11,33 +11,42 @@ + # KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + # NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + # See the Mulan PSL v2 for more details. ++# Description: tools for generating a trusted application load image + #---------------------------------------------------------------------------- + import string + import struct + import uuid + import os ++import re ++import stat ++import logging + +-PRODUCT_TA_IMAGE = 1 +-PRODUCT_DYN_LIB = 2 +-PRODUCT_SERVICE_IMAGE = 3 ++ ++PRODUCT_TA_IMAGE = 1 ++PRODUCT_DYN_LIB = 2 ++PRODUCT_SERVICE_IMAGE = 3 ++PRODUCT_CLIENT_IMAGE = 4 ++PRODUCT_DRIVER_IMAGE = 5 + + + class PackUuid: + # Structure object to align and package the TEE_UUID + data = struct.Struct('IHH8b') + +- def __init__(self, data): +- unpacked_data = (PackUuid.data).unpack(str.encode(data)) +- self.unpacked_data = unpacked_data +- self.time_low = unpacked_data[0] +- self.time_mid = unpacked_data[1] ++ def __init__(self, data, big_endian=False): ++ unpacked_data = (PackUuid.data).unpack(str.encode(data)) ++ self.unpacked_data = unpacked_data ++ self.time_low = unpacked_data[0] ++ self.time_mid = unpacked_data[1] + self.time_hi_version = unpacked_data[2] +- self.clock_seq_node = unpacked_data[3] ++ self.clock_seq_node = unpacked_data[3] ++ if big_endian: ++ PackUuid.data = struct.Struct('>IHH8b') + + def print_values(self): +- print("ATTRIBUTE / VALUE") ++ logging.critical("ATTRIBUTE / VALUE") + for attr, value in self.__dict__.items(): +- print(attr, value) ++ logging.critical(attr, value) + + def get_pack_data(self): + values = [self.time_low, +@@ -57,20 +66,22 @@ class Manifest: + # Structure object to align and package the Manifest + data = struct.Struct('I' * 6) + +- def __init__(self, data): +- unpacked_data = (Manifest.data).unpack(str.encode(data)) +- self.unpacked_data = unpacked_data ++ def __init__(self, data, big_endian=False): ++ unpacked_data = (Manifest.data).unpack(str.encode(data)) ++ self.unpacked_data = unpacked_data + self.single_instance = unpacked_data[0] +- self.multi_session = unpacked_data[1] +- self.multi_command = unpacked_data[2] +- self.heap_size = unpacked_data[3] +- self.stack_size = unpacked_data[4] ++ self.multi_session = unpacked_data[1] ++ self.multi_command = unpacked_data[2] ++ self.heap_size = unpacked_data[3] ++ self.stack_size = unpacked_data[4] + self.instancekeepalive = unpacked_data[5] ++ if big_endian: ++ Manifest.data = struct.Struct('>' + 'I' * 6) + + def print_values(self): +- print("ATTRIBUTE / VALUE") ++ logging.critical("ATTRIBUTE / VALUE") + for attr, value in self.__dict__.items(): +- print(attr, value) ++ logging.critical(attr, value) + + def get_pack_data(self): + values = [self.single_instance, +@@ -88,20 +99,20 @@ class Manifest: + # verify property name in manifest file + #---------------------------------------------------------------------------- + def verify_property_name(str_line): +- print('verify property name') ++ logging.critical("verify property name") + alphas = string.ascii_letters + string.digits + cont = "".join([alphas, '-', '_', '.']) + if len(str_line) > 1: + if str_line[0] not in alphas: +- print('invalid first letter in property name') ++ logging.error("invalid first letter in property name") + return False + else: + for otherchar in str_line[1:]: + if otherchar not in cont: +- print('invalid char in property name') ++ logging.error("invalid char in property name") + return False + else: +- print('invalid property name') ++ logging.error("invalid property name") + return False + + return True +@@ -111,11 +122,11 @@ def verify_property_name(str_line): + # verify property value in manifest file + #---------------------------------------------------------------------------- + def verify_property_value(str_line): +- print('verify property value') ++ logging.critical("verify property value") + filt_letter = chr(0) + chr(10) + chr(13) + for thechar in str_line: + if thechar in filt_letter: +- print('invalid letter in prop value') ++ logging.error("invalid letter in prop value") + return False + return True + +@@ -124,12 +135,11 @@ def verify_property_value(str_line): + # remove tabs and space in property value + #---------------------------------------------------------------------------- + def trailing_space_tabs(str_line): +- print('trailing space tabs in value head and trail') ++ logging.critical("trailing space tabs in value head and trail") + space_tabs = chr(9) + chr(32) + chr(160) + space_tabs_newlines = space_tabs + chr(10) + chr(13) +- print('tab: {}'.format(space_tabs)) + +- print('str in: {}'.format(str_line)) ++ logging.critical("str in: %s", str_line) + index = 0 + for thechar in str_line: + if thechar in space_tabs: +@@ -148,8 +158,8 @@ def trailing_space_tabs(str_line): + else: + break + +- str_ret = headvalue[0:strlen+1] + chr(10) +- print('str ret: {}'.format(str_ret)) ++ str_ret = headvalue[0:strlen + 1] + chr(10) ++ logging.critical("str ret: %s", str_ret) + + return str_ret + +@@ -157,14 +167,14 @@ def trailing_space_tabs(str_line): + #---------------------------------------------------------------------------- + # verify manifest file, parse manifest file, generate a new manfiest file + #---------------------------------------------------------------------------- +-def parser_manifest(manifest, manifest_data_path, mani_ext): +- print('verify manifest') ++def parser_manifest(manifest, manifest_data_path, mani_ext, big_endian=False): ++ logging.critical("verify manifest") + target_type = PRODUCT_TA_IMAGE + +- uuid_val = PackUuid('\0' * 16) ++ uuid_val = PackUuid('\0' * 16, big_endian) + + #manifest default +- manifest_val = Manifest('\0'*24) ++ manifest_val = Manifest('\0' * 24, big_endian) + + manifest_val.single_instance = 1 + manifest_val.multi_session = 0 +@@ -174,40 +184,46 @@ def parser_manifest(manifest, manifest_data_path, mani_ext): + manifest_val.stack_size = 2048 + + service_name = 'external_service' ++ dyn_conf_target_type = 0 + +- with open(manifest, 'r') as mani_fp, open(mani_ext, 'wb') as mani_ext_fp: ++ with open(manifest, 'r') as mani_fp: ++ fd_ext = os.open(mani_ext, os.O_WRONLY | os.O_CREAT, \ ++ stat.S_IWUSR | stat.S_IRUSR) ++ mani_ext_fp = os.fdopen(fd_ext, "wb") + for each_line in mani_fp: +- print(each_line) +- if each_line.startswith("#") or not len(each_line.strip()): ++ logging.critical(each_line) ++ if each_line.startswith("#") or not each_line.strip(): + continue + index = each_line.find(':', 1, len(each_line)) + + prop_name = each_line[0:index] +- prop_name_t = each_line[0:index+1] +- prop_value_t = each_line[index+1:] +- print('name is: {}; value is: {}'.format(prop_name, prop_value_t)) ++ prop_name_t = each_line[0:index + 1] ++ prop_value_t = each_line[index + 1:] ++ logging.critical("name is: %s; value is: %s", prop_name, prop_value_t) + + prop_value = trailing_space_tabs(prop_value_t) + prop_len = len(prop_value) +- prop_value_v = prop_value[0:prop_len-1] +- print('prop value_v: {}'.format(prop_value_v)) ++ prop_value_v = prop_value[0:prop_len - 1] ++ logging.critical("prop value_v: %s", prop_value_v) + + if verify_property_name(prop_name) is False: +- print('manifest format invalid, please check it') +- return (False, 0) ++ logging.error("manifest format invalid, please check it") ++ mani_ext_fp.close() ++ return (False, 0, 0) + + if verify_property_value(prop_value_v) is False: +- print('manifest format invalid, please check it') +- return (False, 0) ++ logging.error("manifest format invalid, please check it") ++ mani_ext_fp.close() ++ return (False, 0, 0) + + # name:value to lowcase, and parse manifest + prop_name_low = prop_name.lower() +- print("name lower: {}".format(prop_name_low)) ++ logging.critical("name lower: %s", prop_name_low) + if 'gpd.ta.appid' == prop_name_low: +- print("compare name is srv id") ++ logging.critical("compare name is srv id") + uuid_val = uuid.UUID(prop_value_v) +- print('uuid str {}'.format(uuid_val)) +- print('val fields {}'.format(uuid_val.fields)) ++ logging.critical("uuid str %s", uuid_val) ++ logging.critical("val fields %s", uuid_val.fields) + + elif 'gpd.ta.singleinstance' == prop_name_low: + prop_value_low = prop_value_v.lower() +@@ -216,7 +232,7 @@ def parser_manifest(manifest, manifest_data_path, mani_ext): + elif 'false' == prop_value_low: + manifest_val.single_instance = 0 + else: +- print('single_instance value error!') ++ logging.error("single_instance value error!") + + elif 'gpd.ta.multisession' == prop_name_low: + prop_value_low = prop_value_v.lower() +@@ -225,7 +241,7 @@ def parser_manifest(manifest, manifest_data_path, mani_ext): + elif 'false' == prop_value_low: + manifest_val.multi_session = 0 + else: +- print('multi_session value error!') ++ logging.error("multi_session value error!") + + elif 'gpd.ta.multicommand' == prop_name_low: + prop_value_low = prop_value_v.lower() +@@ -234,7 +250,7 @@ def parser_manifest(manifest, manifest_data_path, mani_ext): + elif 'false' == prop_value_low: + manifest_val.multi_command = 0 + else: +- print('multi_command value error!') ++ logging.error("multi_command value error!") + + elif 'gpd.ta.instancekeepalive' == prop_name_low: + prop_value_low = prop_value_v.lower() +@@ -243,77 +259,152 @@ def parser_manifest(manifest, manifest_data_path, mani_ext): + elif 'false' == prop_value_low: + manifest_val.instancekeepalive = 0 + else: +- print('instancekeepalive value error!') ++ logging.error("instancekeepalive value error!") + + elif 'gpd.ta.datasize' == prop_name_low: + manifest_val.heap_size = int(prop_value_v) +- print('b') ++ logging.critical('b') + + elif 'gpd.ta.stacksize' == prop_name_low: + manifest_val.stack_size = int(prop_value_v) +- print('b') ++ logging.critical('b') + + elif 'gpd.ta.service_name' == prop_name_low: + service_name = prop_value_v +- print('b') ++ logging.critical('b') ++ ++ elif 'gpd.ta.dynconf' == prop_name_low: ++ mani_ext_fp.close() ++ logging.error("gpd.ta.dynConf is reserved, cannot set") ++ return (False, 0, 0) + + else: +- print('b') ++ logging.critical('b') + #write have not paresed manifest into sample.manifest file + mani_ext_fp.write(str.encode(prop_name_t)) + mani_ext_fp.write(str.encode(prop_value)) +- if 'gpd.ta.is_tee_service' == prop_name_low: +- prop_value_low = prop_value_v.lower() +- if 'true' == prop_value_low: +- target_type = PRODUCT_SERVICE_IMAGE +- elif 'gpd.ta.is_lib' == prop_name_low: ++ if 'gpd.ta.is_lib' == prop_name_low: + prop_value_low = prop_value_v.lower() + if 'true' == prop_value_low: + target_type = PRODUCT_DYN_LIB +- ++ elif 'gpd.ta.target_type' == prop_name_low: ++ dyn_conf_target_type = int(prop_value_v) ++ if dyn_conf_target_type > 0xFFFF or \ ++ dyn_conf_target_type < 0: ++ mani_ext_fp.close() ++ logging.error("gpd.ta.target_type must \ ++ in range [0, 0xFFFF]") ++ return (False, 0, 0) ++ ++ mani_ext_fp.close() + #write the whole parsed manifest into sample.manifest file + + service_name_len = len(service_name) +- print('service name: {}'.format(service_name)) +- print('service name len: {}'.format(service_name_len)) +- if service_name_len > 64: +- print("service name len exceed MAX value 27") +- raise RuntimeError ++ logging.critical("service name: %s", service_name) ++ logging.critical("service name len: %s", service_name_len) ++ ++ max_service_len = 64 ++ ++ # dyn_conf_target_type is 1 means that is drv ++ if dyn_conf_target_type == 1: ++ max_service_len = 32 ++ target_type = PRODUCT_DRIVER_IMAGE ++ if not re.match(r"^[A-Za-z0-9_]*$", service_name): ++ logging.error("drv's name only can use [A-Z] [a-z] [0-9] and '_'") ++ return (False, 0, 0) ++ ++ if dyn_conf_target_type == 3: ++ max_service_len = 32 ++ target_type = PRODUCT_SERVICE_IMAGE ++ if not re.match(r"^[A-Za-z0-9_]*$", service_name): ++ logging.error("drv's name only can use \ ++ [A-Z] [a-z] [0-9] and '_'") ++ return (False, 0, 0) ++ if dyn_conf_target_type == 4: ++ max_service_len = 32 ++ target_type = PRODUCT_CLIENT_IMAGE ++ if not re.match(r"^[A-Za-z0-9_]*$", service_name): ++ logging.error("drv's name only can use \ ++ [A-Z] [a-z] [0-9] and '_'") ++ return (False, 0, 0) ++ ++ if service_name_len > max_service_len: ++ logging.error("service name len cannot larger than %s", str(max_service_len)) ++ return (False, 0, 0) + + # get manifest string file len + manifest_str_size = os.path.getsize(mani_ext) +- print('manifest str size {}'.format(manifest_str_size)) +- ++ logging.critical('manifest str size %s', manifest_str_size) + # 2> manifest + service_name +- print("bytes len {}".format(len(uuid_val.bytes_le))) +- print("bytes len {}".format(len(manifest_val.get_pack_data()))) +- print("bytes len {}".format(len(service_name))) ++ if big_endian: ++ logging.critical("bytes len %s", len(uuid_val.bytes)) ++ else: ++ logging.critical("bytes len %s", len(uuid_val.bytes_le)) ++ logging.critical("bytes len %s", len(manifest_val.get_pack_data())) ++ logging.critical("bytes len %s", len(service_name)) + + # 3> unparsed manifest, string manifest + with open(mani_ext, 'rb') as string_mani_fp: +- print("read manifest string size {}".format(manifest_str_size)) ++ logging.critical("read manifest string size %s", manifest_str_size) + manifest_string_buf = string_mani_fp.read(manifest_str_size) +- print("manifest strint: {}".format(manifest_string_buf)) ++ logging.critical("manifest strint: %s", manifest_string_buf) + + #---- write manifest parse context to manifest file +- with open(manifest_data_path, 'wb') as out_manifest_fp: ++ fd_out = os.open(manifest_data_path, os.O_WRONLY | os.O_CREAT, \ ++ stat.S_IWUSR | stat.S_IRUSR) ++ out_manifest_fp = os.fdopen(fd_out, "wb") ++ if big_endian: ++ out_manifest_fp.write(uuid_val.bytes) ++ else: + out_manifest_fp.write(uuid_val.bytes_le) +- out_manifest_fp.write(str.encode(service_name)) +- out_manifest_fp.write(manifest_val.get_pack_data()) ++ out_manifest_fp.write(str.encode(service_name)) ++ out_manifest_fp.write(manifest_val.get_pack_data()) ++ out_manifest_fp.close() + ++ uuid_str = str(uuid_val) + product_name = str(uuid_val) + if target_type == PRODUCT_TA_IMAGE: +- print("product type is ta image") +- product_name = "".join([product_name, ".sec"]) ++ logging.critical("product type is ta image") ++ product_name = "".join([uuid_str, ".sec"]) ++ elif target_type == PRODUCT_DRIVER_IMAGE: ++ logging.critical("product type is driver") ++ product_name = "".join([service_name, ".sec"]) + elif target_type == PRODUCT_SERVICE_IMAGE: +- print("product type is service") +- product_name = "".join([product_name, service_name, "_svr.sec"]) ++ logging.critical("product type is service") ++ product_name = "".join([service_name, ".sec"]) ++ elif target_type == PRODUCT_CLIENT_IMAGE: ++ logging.critical("product type is client") ++ product_name = "".join([service_name, ".so.sec"]) + elif target_type == PRODUCT_DYN_LIB: +- print("product type is dyn lib") +- product_name = "".join([product_name, service_name, ".so.sec"]) ++ logging.critical("product type is dyn lib") ++ product_name = "".join([uuid_str, service_name, ".so.sec"]) + else: +- print("invalid product type!") +- raise RuntimeError ++ logging.error("invalid product type!") ++ return (False, 0, 0) ++ ++ return (True, product_name, uuid_str) ++ ++ ++class ManifestInfo: ++ ''' get manifest info ''' ++ def __init__(self, ret, product_name, uuid_str, manifest_txt_exist): ++ self.ret = ret ++ self.product_name = product_name ++ self.uuid_str = uuid_str ++ self.manifest_txt_exist = manifest_txt_exist ++ ++ ++def process_manifest_file(xml_config_path, manifest_path, \ ++ manifest_data_path, mani_ext, big_endian=False): + +- return (True, product_name) ++ manifest_txt_exist = True ++ if not os.path.exists(manifest_path): ++ logging.critical("xml trans manifest cfg") ++ manifest_txt_exist = False ++ from xml_trans_manifest import trans_xml_to_manifest ++ trans_xml_to_manifest(xml_config_path, manifest_path) + ++ ret, product_name, uuid_str = parser_manifest(manifest_path, \ ++ manifest_data_path, mani_ext, big_endian) ++ manifest_info = ManifestInfo(ret, product_name, uuid_str, manifest_txt_exist) ++ return manifest_info +diff --git a/build/signtools/manifest_tag_parse_dict.csv b/build/signtools/manifest_tag_parse_dict.csv +new file mode 100644 +index 0000000..e56a82d +--- /dev/null ++++ b/build/signtools/manifest_tag_parse_dict.csv +@@ -0,0 +1,24 @@ ++ConfigInfo/,0,TYPE_CLASS, ++ConfigInfo/TA_Basic_Info/,1,TYPE_CLASS, ++ConfigInfo/TA_Basic_Info/service_name,2,TYPE_CHAR,gpd.ta.service_name ++ConfigInfo/TA_Basic_Info/uuid,4,TYPE_CHAR,gpd.ta.appID ++ConfigInfo/TA_Manifest_Info/,6,TYPE_CLASS, ++ConfigInfo/TA_Manifest_Info/instance_keep_alive,7,TYPE_CHAR,gpd.ta.instanceKeepAlive ++ConfigInfo/TA_Manifest_Info/stack_size,9,TYPE_CHAR,gpd.ta.stackSize ++ConfigInfo/TA_Manifest_Info/heap_size,11,TYPE_CHAR,gpd.ta.dataSize ++ConfigInfo/TA_Manifest_Info/target_type,13,TYPE_CHAR,gpd.ta.target_type ++ConfigInfo/TA_Manifest_Info/multi_command,15,TYPE_CHAR,gpd.ta.multicommand ++ConfigInfo/TA_Manifest_Info/multi_session,17,TYPE_CHAR,gpd.ta.multiSession ++ConfigInfo/TA_Manifest_Info/single_instance,19,TYPE_CHAR,gpd.ta.singleInstance ++ConfigInfo/TA_Manifest_Info/sdk_version,21,TYPE_CHAR,gpd.sdk.version ++ConfigInfo/TA_Manifest_Info/is_tee_service,23,TYPE_CHAR,gpd.ta.is_tee_service ++ConfigInfo/TA_Manifest_Info/is_lib,25,TYPE_CHAR,gpd.ta.is_lib ++ConfigInfo/TA_Manifest_Info/objectEnumEnable,27,TYPE_CHAR,gpd.ta.objectEnumEnable ++ConfigInfo/TA_Manifest_Info/distribution,29,TYPE_CHAR,gpd.ta.distribution ++ConfigInfo/TA_Manifest_Info/target_version,31,TYPE_CHAR,gpd.elf.target_version ++ConfigInfo/TA_Manifest_Info/mem_page_align,33,TYPE_CHAR,gpd.ta.mem_page_align ++ConfigInfo/TA_Manifest_Info/hardWareType,35,TYPE_CHAR,gpd.ta.hardWareType ++ConfigInfo/TA_Manifest_Info/is_need_release_ta_res,37,TYPE_CHAR,gpd.srv.is_need_release_ta_res ++ConfigInfo/TA_Manifest_Info/srv_crash_callback,39,TYPE_CHAR,gpd.srv.crash_callback ++ConfigInfo/TA_Manifest_Info/srv_is_need_create_msg,41,TYPE_CHAR,gpd.srv.is_need_create_msg ++ConfigInfo/TA_Manifest_Info/srv_is_need_release_msg,43,TYPE_CHAR,gpd.srv.is_need_release_msg +diff --git a/build/signtools/rsa_public_key_cloud.pem b/build/signtools/rsa_public_key_cloud.pem +new file mode 100644 +index 0000000..a321f63 +--- /dev/null ++++ b/build/signtools/rsa_public_key_cloud.pem +@@ -0,0 +1,11 @@ ++-----BEGIN PUBLIC KEY----- ++MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzAPwbnbgBg7JgXERA9Bx ++p7GLI1S3e1zL83RMd2+GXb6kO4yMKUL3NUCE2HhA2BtQYmLyGovx59UUcKnU58is ++Xux++kH+A2shmOPjYvEFuX0Kt8tc19b8M9b/iHsY8ZmKykqia2a5U+IrECRFJo5p ++DWUnl7jrHVtq78BSR1c7iXG1frrEC0AYCuqKJo/fxfmOKL0Y9mENCB3nAwjn9unD ++BsO/OhkqvvB3nkeuMfNKPh4wCqtQPve13eTojbuxjX/3ePijplTI5X2Gr+n6Ximn ++fYRlytQmMgMl/db0ARSKNApq9bmwzVNrnGWWZWJksdRvf6iL7t17Gs4L9AApOuC9 ++WkzxPvwp5ZUqjsGd4oJGWeC6ZE6BTw2vxE+xMFI9uAKHxq9pBKkcGMa0g4fANNNV +++W+8JZGanxEXKB3y/M7BCyQAPCWOHC/RNjmRA1gczLYCPzC4pWu935UZdF1RR6zY ++CD3t+FoOGGET/g4CwWgyhb5qkp65Hs6ayYt/DUAqo+yBAgMBAAE= ++-----END PUBLIC KEY----- +diff --git a/build/signtools/signtool_v3.py b/build/signtools/signtool_v3.py +index 39a719d..b588707 100755 +--- a/build/signtools/signtool_v3.py ++++ b/build/signtools/signtool_v3.py +@@ -1,8 +1,8 @@ + #!/usr/bin/env python +-# coding:utf-8 ++# coding=utf-8 + #---------------------------------------------------------------------------- + # Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. +-# iTrustee licensed under the Mulan PSL v2. ++# Licensed under the Mulan PSL v2. + # You can use this software according to the terms and conditions of the Mulan + # PSL v2. + # You may obtain a copy of Mulan PSL v2 at: +@@ -11,31 +11,32 @@ + # KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + # NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + # See the Mulan PSL v2 for more details. ++# Description: tools for generating a trusted application load image + #---------------------------------------------------------------------------- + + import struct + import os + import stat +-import hashlib + import binascii +-import subprocess + import shutil +-import getpass + import argparse ++import configparser ++import re ++import logging + +-try: +- from configparser import SafeConfigParser +-except ImportError: +- from ConfigParser import SafeConfigParser + +-from manifest import parser_manifest ++from manifest import process_manifest_file + from generate_signature import gen_ta_signature ++from Crypto.Hash import SHA256 ++from Crypto.Cipher import PKCS1_OAEP ++from Crypto.PublicKey import RSA ++from Crypto.Cipher import AES ++from Crypto.Random import get_random_bytes + +-# fixed value, {1, 2} version are abandoned. +-VERSION = 3 +-TA_VERSION = 3 + +-MAX_EXT_PROP_LEN = 152 ++TYPE_PUBKEY = 0 ++TYPE_CERT = 1 ++TYPE_CERT_CHAIN = 2 + + MAGIC1 = 0xA5A55A5A + MAGIC2 = 0x55AA +@@ -63,6 +64,21 @@ ELF_INFO_VERSION_INDEX = 6 + ELF_INFO_VERSION_CURRENT = 1 + ELF_BLOCK_ALIGN = 0x1000 + ++SEC_HEADER_BYTES = 16 ++SING_BIG_ENDIAN = False ++ ++ ++def whitelist_check(intput_str): ++ if not re.match(r"^[A-Za-z0-9\/\-_.]+$", intput_str): ++ return 1 ++ return 0 ++ ++ ++def integer_check(intput_str): ++ if not str(intput_str).isdigit(): ++ return 1 ++ return 0 ++ + + #---------------------------------------------------------------------------- + # Verify ELF header contents from an input ELF file +@@ -70,7 +86,7 @@ ELF_BLOCK_ALIGN = 0x1000 + def verify_elf_header(elf_path): + elf_type = 0 + with open(elf_path, 'rb') as elf: +- elf_data = struct.unpack('B'*16, elf.read(16)) ++ elf_data = struct.unpack('B' * 16, elf.read(16)) + elf_type = elf_data[4] + if ((elf_data[ELF_INFO_MAGIC0_INDEX] != ELF_INFO_MAGIC0) or \ + (elf_data[ELF_INFO_MAGIC1_INDEX] != ELF_INFO_MAGIC1) or \ +@@ -78,7 +94,7 @@ def verify_elf_header(elf_path): + (elf_data[ELF_INFO_MAGIC3_INDEX] != ELF_INFO_MAGIC3) or \ + (elf_data[ELF_INFO_VERSION_INDEX] != \ + ELF_INFO_VERSION_CURRENT)): +- print("invalid elf header info") ++ logging.error("invalid elf header info") + raise RuntimeError + + if ((elf_type == 1 and elf_data[ELF_INFO_CLASS_INDEX] != \ +@@ -86,229 +102,410 @@ def verify_elf_header(elf_path): + (elf_type == 2 and elf_data[ELF_INFO_CLASS_INDEX] != \ + ELF_INFO_CLASS_64) or \ + (elf_type != 1 and elf_type != 2)): +- print("invliad elf format") ++ logging.error("invliad elf format") + raise RuntimeError + return + + +-class Configuration: +- release_type = 0 +- otrp_flag = 0 +- sign_type = 0 ++class AllCfg: ++ release_type = "1" ++ otrp_flag = "0" ++ sign_type = "0" + public_key = "" +- pub_key_len = 0 ++ pub_key_len = "" ++ re_sign_flag = "0" + server_ip = "" + config_path = "" + sign_key = "" +- sign_key_len = 2048 +- hash_type = 0 +- padding_type = 0 ++ sign_key_type = "0" ++ sign_alg = "RSA" ++ ta_cert_chain = "" ++ ta_version = 3 ++ + +- def __init__(self, file_name): +- parser = SafeConfigParser() ++class PublicCfg: ++ def __init__(self, file_name, all_cfg): ++ cfg_section = "signSecPublicCfg" ++ parser = configparser.ConfigParser() + parser.read(file_name) +- self.release_type = parser.get("config", "releaseType") +- self.otrp_flag = parser.get("config", "otrpFlag") +- self.sign_type = parser.get("config", "signType") +- self.public_key = parser.get("config", "encryptKey") +- self.pub_key_len = parser.get("config", "encryptKeyLen") +- self.server_ip = parser.get("config", "serverIp") +- self.config_path = parser.get("config", "configPath") +- self.sign_key = parser.get("config", "signKey") +- self.sign_key_len = parser.get("config", "signKeyLen") +- self.hash_type = parser.get("config", "hashType") +- self.padding_type = parser.get("config", "paddingType") +- +- +-def gen_header(content_len, key_version): +- return struct.pack('IHHII', MAGIC1, MAGIC2, VERSION, content_len, \ +- key_version) +- +- +-def gen_aes_key_info(cfg, iv_file_path, key_file_path, out_file_path): +- rand_iv_cmd = "openssl rand -out {} 16".format(iv_file_path) +- rand_key_cmd = "openssl rand -out {} 32".format(key_file_path) +- try: +- subprocess.check_output(rand_iv_cmd.split(), shell=False) +- subprocess.check_output(rand_key_cmd.split(), shell=False) +- except Exception: +- print("rand operation failed") +- raise RuntimeError + +- os.chmod(iv_file_path, stat.S_IWUSR | stat.S_IRUSR) +- os.chmod(key_file_path, stat.S_IWUSR | stat.S_IRUSR) ++ if parser.has_option(cfg_section, "secReleaseType"): ++ all_cfg.release_type = parser.get(cfg_section, "secReleaseType") ++ if parser.has_option(cfg_section, "secOtrpFlag"): ++ all_cfg.otrp_flag = parser.get(cfg_section, "secOtrpFlag") ++ ++ all_cfg.sign_type = parser.get(cfg_section, "secSignType") ++ if parser.has_option(cfg_section, "secSignServerIp"): ++ all_cfg.server_ip = parser.get(cfg_section, "secSignServerIp") ++ ++ all_cfg.config_path = parser.get(cfg_section, "configPath") ++ all_cfg.sign_key = parser.get(cfg_section, "secSignKey") ++ if parser.has_option(cfg_section, "secTaVersion"): ++ all_cfg.ta_version = int(parser.get(cfg_section, "secTaVersion")) ++ else: ++ all_cfg.ta_version = 3 ++ if parser.has_option(cfg_section, "secSignKeyType"): ++ all_cfg.sign_key_type = parser.get(cfg_section, "secSignKeyType") ++ if parser.has_option(cfg_section, "secTaCertChain"): ++ all_cfg.ta_cert_chain = parser.get(cfg_section, "secTaCertChain") ++ ++ ++class PrivateCfg: ++ def __init__(self, file_name, all_cfg): ++ cfg_section = 'signSecPrivateCfg' ++ parser = configparser.ConfigParser() ++ parser.read(file_name) + ++ if parser.has_option(cfg_section, "secEncryptKey"): ++ all_cfg.public_key = parser.get(cfg_section, "secEncryptKey") ++ ++ if parser.has_option(cfg_section, "secEncryptKeyLen"): ++ all_cfg.pub_key_len = parser.get(cfg_section, "secEncryptKeyLen") ++ ++ if parser.has_option(cfg_section, "secReSignFlag"): ++ all_cfg.re_sign_flag = parser.get(cfg_section, "secReSignFlag") ++ ++ all_cfg.hash_type = parser.get(cfg_section, "secHashType") ++ all_cfg.sign_key_len = parser.get(cfg_section, "secSignKeyLen") ++ all_cfg.padding_type = parser.get(cfg_section, "secPaddingType") ++ ++ if parser.has_option(cfg_section, "secSignAlg"): ++ all_cfg.sign_alg = parser.get(cfg_section, "secSignAlg") ++ ++ ++def check_cfg(cfg): ++ ret = 0 ++ if cfg.release_type != "": ++ if integer_check(cfg.release_type): ++ logging.error("secReleaseType is invalid.") ++ ret = 1 ++ if cfg.otrp_flag != "": ++ if integer_check(cfg.otrp_flag): ++ logging.error("secOtrpFlag is invalid.") ++ ret = 1 ++ if cfg.sign_type != "": ++ if integer_check(cfg.sign_type): ++ logging.error("secSignType is invalid.") ++ ret = 1 ++ if cfg.server_ip != "": ++ if whitelist_check(cfg.server_ip): ++ logging.error("secSignServerIp is invalid.") ++ ret = 1 ++ if cfg.config_path != "": ++ if whitelist_check(cfg.config_path): ++ logging.error("configPath is invalid.") ++ ret = 1 ++ if cfg.sign_key != "": ++ if whitelist_check(cfg.sign_key): ++ logging.error("secSignKey is invalid.") ++ ret = 1 ++ if cfg.public_key != "": ++ if whitelist_check(cfg.public_key): ++ logging.error("secEncryptKey is invalid.") ++ ret = 1 ++ if cfg.pub_key_len != "": ++ if integer_check(cfg.pub_key_len): ++ logging.error("secEncryptKeyLen is invalid.") ++ ret = 1 ++ if cfg.re_sign_flag != "": ++ if integer_check(cfg.re_sign_flag): ++ logging.error("secReSignFlag is invalid.") ++ ret = 1 ++ if cfg.hash_type != "": ++ if integer_check(cfg.hash_type): ++ logging.error("secHashType is invalid.") ++ ret = 1 ++ if cfg.sign_key_len != "": ++ if integer_check(cfg.sign_key_len): ++ logging.error("secSignKeyLen is invalid.") ++ ret = 1 ++ if cfg.padding_type != "": ++ if integer_check(cfg.padding_type): ++ logging.error("secPaddingType is invalid.") ++ ret = 1 ++ if cfg.sign_alg != "": ++ if whitelist_check(cfg.sign_alg): ++ logging.error("secSignAlg is invalid.") ++ ret = 1 ++ return ret ++ ++ ++def gen_header(content_len, key_version, cfg): ++ ''' gen header by endian ''' ++ if SING_BIG_ENDIAN: ++ head_tag = '>IHHII' ++ else: ++ head_tag = 'IHHII' ++ return struct.pack(head_tag, MAGIC1, MAGIC2, cfg.ta_version, content_len, key_version) ++ ++ ++def get_sign_alg(cfg): + sign_alg = 0 + sign_alg = sign_alg | (int(cfg.release_type) << 28) + sign_alg = sign_alg | (int(cfg.padding_type) << 27) + sign_alg = sign_alg | (int(cfg.hash_type) << 26) +- if cfg.sign_key_len == "2048": +- sign_alg = sign_alg | 0x00002048 +- elif cfg.sign_key_len == "4096": +- sign_alg = sign_alg | 0x00004096 ++ if cfg.sign_alg == "RSA": ++ sign_alg = sign_alg | (2 << 20) ++ elif cfg.sign_alg == "ECDSA": ++ sign_alg = sign_alg | (1 << 20) ++ if cfg.sign_type == '4' or cfg.sign_type == '5' or cfg.sign_type == '6' : ++ sign_alg = sign_alg | 0x0000C000 ++ else: ++ if cfg.sign_key_len == "2048": ++ sign_alg = sign_alg | 0x00002048 ++ elif cfg.sign_key_len == "4096": ++ sign_alg = sign_alg | 0x00004096 ++ elif cfg.sign_key_len == "256": ++ sign_alg = sign_alg | 0x00000256 ++ return sign_alg ++ ++ ++def gen_aes_key_info(cfg): ++ iv_data = get_random_bytes(16) ++ key_data = get_random_bytes(32) ++ if SING_BIG_ENDIAN: ++ aes_tag = '>3I' ++ else: ++ aes_tag = '<3I' ++ sign_alg = get_sign_alg(cfg) ++ key_info = struct.pack(aes_tag, 32, 16, sign_alg) ++ key_info += key_data ++ key_info += iv_data ++ return key_data, iv_data, key_info ++ ++ ++def gen_sign_alg_info(cfg, out_file_path): ++ sign_alg = get_sign_alg(cfg) ++ logging.critical("sign_alg value is 0x%x", sign_alg) ++ if SING_BIG_ENDIAN: ++ info_tag = '>I' ++ else: ++ info_tag = 'I' ++ fd_out = os.open(out_file_path, os.O_WRONLY | os.O_CREAT, \ ++ stat.S_IWUSR | stat.S_IRUSR) ++ out_file = os.fdopen(fd_out, "wb") ++ out_file.write(struct.pack(info_tag, 0)) ++ out_file.write(struct.pack(info_tag, 0)) ++ out_file.write(struct.pack(info_tag, sign_alg)) ++ out_file.close() + +- print("sign_alg value is 0x%x" % sign_alg) +- with open(out_file_path, 'wb') as out_file: +- out_file.write(struct.pack('I', 32)) +- out_file.write(struct.pack('I', 16)) +- out_file.write(struct.pack('I', sign_alg)) ++ return + +- with open(key_file_path, 'rb') as key_file: +- out_file.write(key_file.read(32)) + +- with open(iv_file_path, 'rb') as iv_file: +- out_file.write(iv_file.read(16)) ++def encrypt_aes_key(pubkey_path, in_data, out_path): ++ with open(pubkey_path, 'rb') as pubkey_file_fd: ++ pubkey_file = pubkey_file_fd.read(os.path.getsize(pubkey_path)) ++ pubkey = RSA.importKey(pubkey_file) ++ cipher = PKCS1_OAEP.new(pubkey) ++ ciphertext = cipher.encrypt(in_data) + +- os.chmod(out_file_path, stat.S_IWUSR | stat.S_IRUSR) ++ fd_out = os.open(out_path, os.O_WRONLY | os.O_CREAT, \ ++ stat.S_IWUSR | stat.S_IRUSR) ++ out_file = os.fdopen(fd_out, "wb") ++ out_file.write(ciphertext) ++ out_file.close() + return + + +-def encrypt_aes_key(pubkey_path, in_path, out_path): +- cmd = "openssl rsautl -encrypt -pubin -oaep -inkey {} -in {} -out {}". \ +- format(pubkey_path, in_path, out_path) +- try: +- subprocess.check_output(cmd.split(), shell=False) +- except Exception: +- print("RSA encrypt operation failed") +- raise RuntimeError +- os.chmod(out_path, stat.S_IWUSR | stat.S_IRUSR) +- return +- +-def gen_signature(cfg, uuid_str, raw_data_path, hash_file_path, out_file_path): +- gen_ta_signature(cfg, uuid_str, raw_data_path, hash_file_path, out_file_path) ++def gen_signature(cfg, uuid_str, raw_data, raw_data_path, hash_file_path, \ ++ out_file_path, out_path, key_info_data): ++ gen_ta_signature(cfg, uuid_str, raw_data, raw_data_path, \ ++ hash_file_path, out_file_path, out_path, key_info_data, SING_BIG_ENDIAN) + os.chmod(out_file_path, stat.S_IWUSR | stat.S_IRUSR) + return + ++ + def gen_raw_data(manifest_data_path, manifest_ext_path, elf_file_path, \ +- config_path, raw_file_path): ++ config_path, raw_file_path, ta_version): + manifest_size = os.path.getsize(manifest_data_path) + manifest_ext_size = os.path.getsize(manifest_ext_path) + elf_size = os.path.getsize(elf_file_path) + config_size = 0 + +- if manifest_ext_size > MAX_EXT_PROP_LEN: +- print("too much data in \"manifest.txt\" to be handled. \ +- extra string len %d" \ +- % manifest_ext_size) +- raise RuntimeError +- + verify_elf_header(elf_file_path) + +- with open(raw_file_path, 'wb') as file_op: +- header = "" +- if os.path.isfile(config_path): +- config_size = os.path.getsize(config_path) +- header = struct.pack('IIIII', TA_VERSION, manifest_size, \ +- manifest_ext_size, \ +- elf_size, config_size) +- file_op.write(header) +- +- with open(manifest_data_path, 'rb') as manifest_data: +- file_op.write(manifest_data.read(manifest_size)) +- +- with open(manifest_ext_path, 'rb') as manifest_ext: +- file_op.write(manifest_ext.read(manifest_ext_size)) +- +- with open(elf_file_path, 'rb') as elf: +- file_op.write(elf.read(elf_size)) +- if config_size != 0: +- with open(config_path, 'rb') as config: +- file_op.write(config.read(config_size)) ++ fd_op = os.open(raw_file_path, os.O_WRONLY | os.O_CREAT, \ ++ stat.S_IWUSR | stat.S_IRUSR) ++ file_op = os.fdopen(fd_op, "wb") ++ header = "" ++ if os.path.isfile(config_path): ++ config_size = os.path.getsize(config_path) ++ if SING_BIG_ENDIAN: ++ raw_tag = '>IIIII' ++ else: ++ raw_tag = 'IIIII' ++ header = struct.pack(raw_tag, ta_version, manifest_size, \ ++ manifest_ext_size, \ ++ elf_size, config_size) ++ file_op.write(header) ++ ++ with open(manifest_data_path, 'rb') as manifest_data: ++ file_op.write(manifest_data.read(manifest_size)) ++ ++ with open(manifest_ext_path, 'rb') as manifest_ext: ++ file_op.write(manifest_ext.read(manifest_ext_size)) ++ ++ with open(elf_file_path, 'rb') as elf: ++ file_op.write(elf.read(elf_size)) ++ if config_size != 0: ++ with open(config_path, 'rb') as config: ++ file_op.write(config.read(config_size)) ++ file_op.close() + return + + +-def aes_encrypt(key_path, iv_path, in_file_path, out_file_path): +- key_size = os.path.getsize(key_path) +- with open(key_path, 'rb') as key_file: +- key_data = key_file.read(key_size) +- hex_key_str = binascii.b2a_hex(key_data) +- +- iv_size = os.path.getsize(iv_path) +- with open(iv_path, 'rb') as iv_file: +- iv_data = iv_file.read(iv_size) +- hex_iv_str = binascii.b2a_hex(iv_data) +- +- cmd = "openssl enc -aes-256-cbc -in {} -out {} -K {} -iv {}".\ +- format(in_file_path, out_file_path, \ +- bytes.decode(hex_key_str), bytes.decode(hex_iv_str)) +- try: +- subprocess.check_output(cmd.split(), shell=False) +- except Exception: +- print("AES encrypt operation failed") +- raise RuntimeError ++def aes_encrypt(key_data, iv_data, in_file_path, out_file_path): ++ in_size = os.path.getsize(in_file_path) ++ with open(in_file_path, 'rb') as in_file: ++ in_data = in_file.read(in_size) ++ padding = 16 - in_size % 16 ++ in_data += bytes([padding]) * padding ++ ++ cipher = AES.new(key_data, AES.MODE_CBC, iv_data) ++ ciphertext = cipher.encrypt(in_data) ++ ++ fd_out = os.open(out_file_path, os.O_WRONLY | os.O_CREAT, \ ++ stat.S_IWUSR | stat.S_IRUSR) ++ out_file = os.fdopen(fd_out, "wb") ++ out_file.write(ciphertext) ++ out_file.close() + +- os.chmod(out_file_path, stat.S_IWUSR | stat.S_IRUSR) + return + + +-def parser_api_level(compile_config): ++def parser_api_level(mk_compile_cfg, cmake_compile_cfg): + default_api_level = 1 +- if not os.path.exists(compile_config): +- print("TA Make Config doesn't exist, ignore it") ++ compile_cfg_file = '' ++ ++ # The config.mk file is first searched. ++ # The config.cmake file is searched only when the config.mk file does ++ # not exist. If the API_LEVEL macro is not defined in either of the ++ # two files, the default value LEVEL 1 is used. ++ if os.path.exists(mk_compile_cfg): ++ compile_cfg_file = mk_compile_cfg ++ elif os.path.exists(cmake_compile_cfg): ++ compile_cfg_file = cmake_compile_cfg ++ else: ++ logging.error("Build config file doesn't exist, ignore it") + return default_api_level +- with open(compile_config) as file_op: ++ ++ with open(compile_cfg_file) as file_op: + for line in file_op: +- if line.startswith("#") or not "-DAPI_LEVEL" in line: ++ if line.startswith("#") or "-DAPI_LEVEL" not in line: + continue + key, value = line.strip().split("-DAPI_LEVEL=") +- print("key info {}".format(key)) +- print(("ta_api_level = {}".format(value))) +- return value ++ logging.critical("key info %s", key) ++ logging.critical("ta_api_level = %s", value[0]) ++ return value[0] ++ ++ logging.error("Build Config file doesn't define API_LEVEL") + return default_api_level + + +-def update_api_level(compile_config, manifest): ++def update_api_level(mk_compile_cfg, cmake_compile_cfg, manifest): + data = '' + with open(manifest, 'r') as file_op: + for line in file_op: +- if line.startswith("#") or not "gpd.ta.api_level" in line: ++ if line.startswith("#") or "gpd.ta.api_level" not in line: + data += line +- line = "\ngpd.ta.api_level:{}\n".format(parser_api_level(compile_config)) ++ ++ api_level = parser_api_level(mk_compile_cfg, cmake_compile_cfg) ++ line = "\ngpd.ta.api_level:{}\n".format(api_level) + data += line +- with open(manifest, "w") as file_op: +- file_op.writelines(data) ++ fd_op = os.open(manifest, os.O_WRONLY | os.O_CREAT, \ ++ stat.S_IWUSR | stat.S_IRUSR) ++ file_op = os.fdopen(fd_op, "w") ++ file_op.writelines(data) ++ file_op.close() + + + def update_otrp_flag(manifest): + data = '' + with open(manifest, 'r') as file_op: + for line in file_op: +- if line.startswith("#") or not "gpd.ta.otrp_flag" in line: ++ if line.startswith("#") or "gpd.ta.otrp_flag" not in line: + data += line + line = "\ngpd.ta.otrp_flag:{}\n".format('true') + data += line +- with open(manifest, "w") as file_op: +- file_op.writelines(data) ++ fd_op = os.open(manifest, os.O_WRONLY | os.O_CREAT, \ ++ stat.S_IWUSR | stat.S_IRUSR) ++ file_op = os.fdopen(fd_op, "w") ++ file_op.writelines(data) ++ file_op.close() + + +-def gen_data_for_sign(header, key_info, raw_file, data_sign): +- key_info_len = os.path.getsize(key_info) ++def gen_data_for_sign(header, key_data, raw_file): + raw_file_len = os.path.getsize(raw_file) ++ with open(raw_file, 'rb') as raw_fp: ++ raw_data = raw_fp.read(raw_file_len) + +- with open(data_sign, 'wb') as data_fp, \ +- open(key_info, 'rb') as key_fp, open(raw_file, 'rb') as raw_fp: +- data_fp.write(header) +- data_fp.write(key_fp.read(key_info_len)) +- data_fp.write(raw_fp.read(raw_file_len)) ++ data_sign = header ++ data_sign += key_data ++ data_sign += raw_data ++ return data_sign + + + def gen_key_version(cfg): +- if cfg.pub_key_len == '3072': ++ if cfg.pub_key_len == '4096': ++ return int(0x0302) ++ elif cfg.pub_key_len == '3072': + return int(0x0202) +- if cfg.pub_key_len == '2048': ++ elif cfg.pub_key_len == '2048': + return int(0x0002) +- print("unhandled pulic key len %s" % cfg.pub_key_len) ++ elif cfg.pub_key_len == '': ++ return int(0x0000) ++ ++ logging.error("unhandled pulic key len %s", cfg.pub_key_len) + raise RuntimeError + + ++def pack_signature(signature_path, signature_size): ++ add_size = 72 - signature_size ++ with open(signature_path, 'rb+') as signature_file: ++ signature_buf = signature_file.read(signature_size) ++ signature_file.seek(0) ++ for _ in range(0, add_size): ++ signature_file.write(b'\x00') ++ signature_file.write(signature_buf) ++ ++ ++def check_if_is_drv(manifest_path): ++ with open(manifest_path, 'r') as mani_fp: ++ for each_line in mani_fp: ++ if each_line.startswith("#") or not each_line.strip(): ++ continue ++ name = each_line.split(":")[0].strip() ++ if name == "gpd.ta.target_type" and \ ++ str(each_line.split(":")[1].strip()) == "1": ++ return 1 ++ return 0 ++ ++ ++def get_sign_cert_block_buffer(cfg, signature_path, signature_size): ++ ''' get sign and cert buffer ''' ++ with open(signature_path, 'rb') as signature_file: ++ signature_buf = signature_file.read(signature_size) ++ ta_cert_len = 0 ++ if cfg.sign_key_type == TYPE_PUBKEY: ++ sign_verify_buf = struct.pack('II', TYPE_PUBKEY, 0) + signature_buf ++ else: ++ ta_cert_path = cfg.ta_cert_chain ++ ta_cert_len = os.path.getsize(ta_cert_path) ++ with open(ta_cert_path, 'rb') as ta_cert_file: ++ ta_cert_buf = ta_cert_file.read(ta_cert_len) ++ if cfg.sign_key_type == TYPE_CERT: ++ sign_verify_buf = struct.pack('II', TYPE_CERT, ta_cert_len) + ta_cert_buf + signature_buf ++ else: ++ sign_verify_buf = struct.pack('II', TYPE_CERT_CHAIN, ta_cert_len) + ta_cert_buf + signature_buf ++ return sign_verify_buf ++ ++ + def gen_sec_image(in_path, out_path, cfg): + # temporary files +- temp_path = os.path.join(in_path, "temp") ++ temp_path = os.path.join(out_path, "temp") + shutil.rmtree(temp_path, ignore_errors=True) + os.mkdir(temp_path) + os.chmod(temp_path, stat.S_IRWXU) +- iv_file_path = os.path.join(temp_path, "iv.bin") +- key_file_path = os.path.join(temp_path, "aeskey.bin") + key_info_path = os.path.join(temp_path, "KeyInfo") + enc_key_path = os.path.join(temp_path, "KeyInfo.enc") + raw_file_path = os.path.join(temp_path, "rawData") +@@ -322,63 +519,185 @@ def gen_sec_image(in_path, out_path, cfg): + # mandentory input files + manifest_path = os.path.join(in_path, "manifest.txt") + elf_file_path = os.path.join(in_path, "libcombine.so") +- compile_config_path = os.path.join(in_path, "config.mk") +- +- ret, product_name = parser_manifest(manifest_path, \ +- manifest_data_path, manifest_ext_path) +- if ret is False: ++ mk_cfg_path = os.path.join(in_path, "config.mk") ++ cmake_cfg_path = os.path.join(in_path, "config.cmake") ++ dyn_conf_xml_file_path = os.path.join(in_path, "dyn_perm.xml") ++ tag_parse_dict_file_path = os.path.join(os.getcwd(), "tag_parse_dict.csv") ++ xml_config_path = os.path.join(in_path, "configs.xml") ++ auth_xml_file_path = os.path.join(in_path, "auth_config.xml") ++ ++ ta_cert_path = cfg.ta_cert_chain ++ if cfg.ta_version == 5: ++ if cfg.sign_key_type == TYPE_PUBKEY: ++ ta_cert_len = 0 ++ else: ++ ta_cert_len = os.path.getsize(ta_cert_path) ++ ++ is_encrypt_sec = True ++ if cfg.public_key == "" or cfg.pub_key_len == "": ++ is_encrypt_sec = False ++ ++ # 1. parser_manifest ++ manifest_info = process_manifest_file(xml_config_path, \ ++ manifest_path, manifest_data_path, manifest_ext_path, SING_BIG_ENDIAN) ++ uuid_str = manifest_info.uuid_str ++ if manifest_info.ret is False: + raise RuntimeError + +- update_api_level(compile_config_path, manifest_ext_path) ++ # 2. update_api_level ++ update_api_level(mk_cfg_path, cmake_cfg_path, manifest_ext_path) + +- if cfg.otrp_flag == 1: +- print("package otrp sec file\n") ++ # 3. update_otrp_flag ++ if cfg.otrp_flag == "1": ++ logging.critical("package otrp sec file\n") + update_otrp_flag(manifest_ext_path) + ++ # 4. parser_dyn_conf ++ if os.path.exists(dyn_conf_xml_file_path): ++ # V3.1 ta/drv do not need manifest_ext ++ if not os.path.exists(cfg.config_path): ++ from dyn_conf_parser import parser_dyn_conf ++ parser_dyn_conf(dyn_conf_xml_file_path, manifest_ext_path, \ ++ tag_parse_dict_file_path, in_path) ++ else: ++ if check_if_is_drv(manifest_path) == 1: ++ if not os.path.exists(cfg.config_path): ++ ans = "gpd.ta.dynConf:00000\n" ++ manifest_ext_path_fd = os.open(manifest_ext_path, \ ++ os.O_RDWR, 0o600) ++ with os.fdopen(manifest_ext_path_fd, 'a+') as mani_ext_fp: ++ mani_ext_fp.write(ans) ++ ++ # parser auth config xml: the auth info must be packed in the end of manifest_ext. ++ if os.path.exists(auth_xml_file_path): ++ from auth_conf_parser import parser_auth_xml ++ parser_auth_xml(auth_xml_file_path, manifest_ext_path, SING_BIG_ENDIAN) ++ ++ # 5. gen_raw_data + gen_raw_data(manifest_data_path, manifest_ext_path, elf_file_path, \ +- cfg.config_path, raw_file_path) +- +- # generate AES key info to encrypt raw data +- gen_aes_key_info(cfg, iv_file_path, key_file_path, key_info_path) +- encrypt_aes_key(cfg.public_key, key_info_path, enc_key_path) +- +- aes_encrypt(key_file_path, iv_file_path, raw_file_path, enc_raw_path) ++ cfg.config_path, raw_file_path, cfg.ta_version) ++ ++ if cfg.sign_type == '4': ++ sign_len = 9219 ++ elif cfg.sign_type == '5': ++ sign_len = 0 ++ elif cfg.sign_type == '6': ++ sign_len = 9227 ++ else: ++ if int(cfg.sign_key_len) == 256: ++ sign_len = 72 ++ else: ++ sign_len = int(cfg.sign_key_len) / 8 ++ ++ # 6. gen aes key, and encrypt aes key with RSA key, ++ # and encrypt raw data with aes key ++ if is_encrypt_sec is True: ++ # generate AES key info to encrypt raw data ++ key_data, iv_data, key_info_data = gen_aes_key_info(cfg) ++ encrypt_aes_key(cfg.public_key, key_info_data, enc_key_path) ++ aes_encrypt(key_data, iv_data, raw_file_path, enc_raw_path) ++ ++ # generate Main Header ++ if cfg.ta_version == 5: ++ content_len = os.path.getsize(enc_key_path) \ ++ + 4 + 4 + ta_cert_len + sign_len \ ++ + os.path.getsize(enc_raw_path) ++ else: ++ content_len = os.path.getsize(enc_key_path) \ ++ + sign_len \ ++ + os.path.getsize(enc_raw_path) ++ else: ++ gen_sign_alg_info(cfg, key_info_path) ++ # generate Main Header ++ if cfg.ta_version == 5: ++ content_len = os.path.getsize(key_info_path) \ ++ + 4 + 4 + ta_cert_len + sign_len \ ++ + os.path.getsize(raw_file_path) ++ else: ++ content_len = os.path.getsize(key_info_path) \ ++ + sign_len \ ++ + os.path.getsize(raw_file_path) ++ with open(key_info_path, 'rb') as key_info_fp: ++ key_info_data = key_info_fp.read(os.path.getsize(key_info_path)) + +- # generate Main Header +- content_len = os.path.getsize(enc_key_path) + \ +- (int(cfg.sign_key_len) / 8) + \ +- os.path.getsize(enc_raw_path) + key_version = gen_key_version(cfg) +- header = gen_header(int(content_len), key_version) +- +- gen_data_for_sign(header, key_info_path, raw_file_path, data_for_sign_path) +- +- uuid_str = product_name[0:36] +- print('uuid str {}'.format(uuid_str)) +- +- gen_signature(cfg, uuid_str, data_for_sign_path, hash_path, signature_path) +- +- sec_img_path = os.path.join(out_path, product_name) +- with open(sec_img_path, 'wb') as sec_image: +- # write to sec file [1.header info] +- sec_image.write(header) ++ header = gen_header(int(content_len), key_version, cfg) ++ data_for_sign = gen_data_for_sign(header, key_info_data, raw_file_path) ++ ++ uuid_str = uuid_str[0:36] ++ logging.critical("uuid str %s", uuid_str) ++ ++ # 7. gen signature ++ gen_signature(cfg, uuid_str, data_for_sign, data_for_sign_path, \ ++ hash_path, signature_path, out_path, key_info_data) ++ ++ if os.path.exists("get_ta_elf_hash.py"): ++ if os.path.exists(elf_file_path): ++ from get_ta_elf_hash import get_code_segment_from_elf ++ get_code_segment_from_elf(elf_file_path, uuid_str, data_for_sign) ++ ++ # 8. pack sec img: header || key || signature || raw_data ++ signature_size = os.path.getsize(signature_path) ++ if sign_len == 72: ++ if signature_size != 72: ++ pack_signature(signature_path, signature_size) ++ elif sign_len == 0: ++ sign_len = signature_size ++ # generate Main Header ++ if is_encrypt_sec is True: ++ key_data_path = enc_key_path ++ raw_data_path = enc_raw_path ++ else: ++ key_data_path = key_info_path ++ raw_data_path = raw_file_path ++ content_len = os.path.getsize(key_data_path) \ ++ + sign_len \ ++ + os.path.getsize(raw_data_path) ++ header = gen_header(int(content_len), key_version, cfg) ++ ++ sec_img_path = os.path.join(out_path, manifest_info.product_name) ++ fd_image = os.open(sec_img_path, os.O_WRONLY | os.O_CREAT, \ ++ stat.S_IWUSR | stat.S_IRUSR) ++ sec_image = os.fdopen(fd_image, "wb") ++ # write to sec file [1.header info] ++ sec_image.write(header) ++ if is_encrypt_sec is True: + # write to sec file [2.AES key info] + enc_key_size = os.path.getsize(enc_key_path) + with open(enc_key_path, 'rb') as enc_key_info: + sec_image.write(enc_key_info.read(enc_key_size)) +- # write to sec file [3.signature] ++ else: ++ key_info_size = os.path.getsize(key_info_path) ++ with open(key_info_path, 'rb') as key_info_fp: ++ sec_image.write(key_info_fp.read(key_info_size)) ++ # write to sec file [3.signature] ++ if cfg.ta_version == 5: ++ signature_size = os.path.getsize(signature_path) ++ sign_cert_buf = get_sign_cert_block_buffer(cfg, signature_path, signature_size) ++ sec_image.write(sign_cert_buf) ++ else: + signature_size = os.path.getsize(signature_path) + with open(signature_path, 'rb') as signature_file: + sec_image.write(signature_file.read(signature_size)) ++ if is_encrypt_sec is True: + # write to sec file [4.encrypted raw data] + enc_raw_size = os.path.getsize(enc_raw_path) + with open(enc_raw_path, 'rb') as enc_raw_data: + sec_image.write(enc_raw_data.read(enc_raw_size)) ++ else: ++ raw_file_size = os.path.getsize(raw_file_path) ++ with open(raw_file_path, 'rb') as raw_file_data: ++ sec_image.write(raw_file_data.read(raw_file_size)) ++ sec_image.truncate(int(SEC_HEADER_BYTES) + int(content_len)) ++ sec_image.close() + +- print("=========================SUCCESS============================") +- print("generate TA(V3 format) load image success: ") +- print(sec_img_path) +- print("============================================================") ++ logging.critical("=========================SUCCESS============================") ++ logging.critical("generate sec(common format) load image success: ") ++ logging.critical(sec_img_path) ++ logging.critical("============================================================") ++ ++ if manifest_info.manifest_txt_exist is False and os.path.exists(manifest_path): ++ os.remove(manifest_path) + + #remove temp files + shutil.rmtree(temp_path) +@@ -386,23 +705,59 @@ def gen_sec_image(in_path, out_path, cfg): + + + def main(): +- sign_tool_dir = os.path.dirname(os.path.abspath(__file__)) ++ global SING_BIG_ENDIAN ++ sign_tool_dir = os.path.dirname(os.path.realpath(__file__)) + parser = argparse.ArgumentParser() + parser.add_argument("in_path", help="input path of data to be signed. \ + (libcombine.so; manifest.txt; ...", type=str) + parser.add_argument("out_path", help="input path of signed file. \ + (xxx.sec)", type=str) +- parser.add_argument("--config", help="sign configuation file", type=str) ++ parser.add_argument("--publicCfg", \ ++ help="sign cfg for ta developer", type=str) ++ parser.add_argument("--privateCfg", \ ++ help="sign cfg for product developer", type=str) ++ parser.add_argument("--sign_endian", \ ++ help="sign endian (little/big default little)", type=str) + args = parser.parse_args() +- if args.config: +- cfg = Configuration(args.config) ++ cfg = AllCfg() ++ if args.privateCfg: ++ PrivateCfg(args.privateCfg, cfg) + else: +- cfg = Configuration(os.path.join(sign_tool_dir, "config.ini")) ++ logging.error("please config private cfg file") ++ raise RuntimeError + +- in_path = os.path.abspath(args.in_path) +- out_path = os.path.abspath(args.out_path) ++ if args.publicCfg: ++ PublicCfg(args.publicCfg, cfg) ++ else: ++ PublicCfg(args.privateCfg, cfg) ++ ++ if args.sign_endian and args.sign_endian == "big": ++ SING_BIG_ENDIAN = True ++ ++ if check_cfg(cfg): ++ logging.error("the configuration file field is incorrect.") ++ exit() ++ in_path = os.path.realpath(args.in_path) ++ out_path = os.path.realpath(args.out_path) ++ if not os.path.exists(in_path): ++ logging.error("input_path does not exist.") ++ exit() ++ if not os.path.exists(out_path): ++ logging.error("out_path does not exist.") ++ exit() ++ if whitelist_check(in_path): ++ logging.error("input_path is incorrect.") ++ exit() ++ if whitelist_check(out_path): ++ logging.error("out_path is incorrect.") ++ exit() + os.chdir(sign_tool_dir) +- gen_sec_image(in_path, out_path, cfg) ++ ++ if cfg.re_sign_flag == "1": ++ from re_generate_signature import re_sign_sec_img ++ re_sign_sec_img(in_path, out_path, cfg) ++ else: ++ gen_sec_image(in_path, out_path, cfg) + + + if __name__ == '__main__': +diff --git a/build/signtools/tag_parse_dict.csv b/build/signtools/tag_parse_dict.csv +new file mode 100644 +index 0000000..22040ea +--- /dev/null ++++ b/build/signtools/tag_parse_dict.csv +@@ -0,0 +1,120 @@ ++drv_perm/,0,TYPE_CLASS, ++drv_perm/drvcall_perm_apply/,1,TYPE_CLASS, ++drv_perm/drvcall_perm_apply/item/,2,TYPE_CLASS, ++drv_perm/drvcall_perm_apply/item/name,3,TYPE_CHAR, ++drv_perm/drvcall_perm_apply/item/permission,4,TYPE_CHAR,drv_perm/drvcall_perm_apply/item/name ++drv_perm/drv_basic_info/,5,TYPE_CLASS, ++drv_perm/drv_basic_info/thread_limit,6,TYPE_INT, ++drv_perm/drv_basic_info/upgrade,7,TYPE_BOOL, ++drv_perm/drv_basic_info/virt2phys,8,TYPE_BOOL, ++drv_perm/drv_basic_info/exception_mode,9,TYPE_CHAR, ++drv_perm/drv_io_map/,10,TYPE_CLASS, ++drv_perm/drv_io_map/item/,11,TYPE_CLASS, ++drv_perm/drv_io_map/item/chip_type,12,TYPE_CHAR, ++drv_perm/drv_io_map/item/iomap,13,TYPE_CHAR, ++drv_perm/irq/,14,TYPE_CLASS, ++drv_perm/irq/item/,15,TYPE_CLASS, ++drv_perm/irq/item/chip_type,16,TYPE_CHAR, ++drv_perm/irq/item/irq,17,TYPE_CHAR, ++drv_perm/map_secure/,18,TYPE_CLASS, ++drv_perm/map_secure/item/,19,TYPE_CLASS, ++drv_perm/map_secure/item/chip_type,20,TYPE_CHAR, ++drv_perm/map_secure/item/uuid,21,TYPE_CHAR, ++drv_perm/map_secure/item/region,22,TYPE_CHAR, ++drv_perm/map_nosecure/,23,TYPE_CLASS, ++drv_perm/map_nosecure/item/,24,TYPE_CLASS, ++drv_perm/map_nosecure/item/chip_type,25,TYPE_CHAR, ++drv_perm/map_nosecure/item/uuid,26,TYPE_CHAR, ++drv_perm/drv_cmd_perm_info/,27,TYPE_CLASS, ++drv_perm/drv_cmd_perm_info/item/,28,TYPE_CLASS, ++drv_perm/drv_cmd_perm_info/item/cmd,29,TYPE_CHAR,{gpd.ta.service_name}.csv ++drv_perm/drv_cmd_perm_info/item/permission,30,TYPE_CHAR,{gpd.ta.service_name}.csv ++drv_perm/drv_mac_info/,31,TYPE_CLASS, ++drv_perm/drv_mac_info/item/,32,TYPE_CLASS, ++drv_perm/drv_mac_info/item/uuid,33,TYPE_CHAR, ++drv_perm/drv_mac_info/item/permission,34,TYPE_CHAR,{gpd.ta.service_name}.csv ++ConfigInfo/drv_perm/,0,TYPE_CLASS, ++ConfigInfo/drv_perm/drvcall_perm_apply/,1,TYPE_CLASS, ++ConfigInfo/drv_perm/drvcall_perm_apply/item/,2,TYPE_CLASS, ++ConfigInfo/drv_perm/drvcall_perm_apply/item/name,3,TYPE_CHAR, ++ConfigInfo/drv_perm/drvcall_perm_apply/item/permission,4,TYPE_CHAR,ConfigInfo/drv_perm/drvcall_perm_apply/item/name ++ConfigInfo/drv_perm/drv_basic_info/,5,TYPE_CLASS, ++ConfigInfo/drv_perm/drv_basic_info/thread_limit,6,TYPE_INT, ++ConfigInfo/drv_perm/drv_basic_info/upgrade,7,TYPE_BOOL, ++ConfigInfo/drv_perm/drv_basic_info/virt2phys,8,TYPE_BOOL, ++ConfigInfo/drv_perm/drv_basic_info/exception_mode,9,TYPE_CHAR, ++ConfigInfo/drv_perm/drv_io_map/,10,TYPE_CLASS, ++ConfigInfo/drv_perm/drv_io_map/item/,11,TYPE_CLASS, ++ConfigInfo/drv_perm/drv_io_map/item/chip_type,12,TYPE_CHAR, ++ConfigInfo/drv_perm/drv_io_map/item/iomap,13,TYPE_CHAR, ++ConfigInfo/drv_perm/irq/,14,TYPE_CLASS, ++ConfigInfo/drv_perm/irq/item/,15,TYPE_CLASS, ++ConfigInfo/drv_perm/irq/item/chip_type,16,TYPE_CHAR, ++ConfigInfo/drv_perm/irq/item/irq,17,TYPE_CHAR, ++ConfigInfo/drv_perm/map_secure/,18,TYPE_CLASS, ++ConfigInfo/drv_perm/map_secure/item/,19,TYPE_CLASS, ++ConfigInfo/drv_perm/map_secure/item/chip_type,20,TYPE_CHAR, ++ConfigInfo/drv_perm/map_secure/item/uuid,21,TYPE_CHAR, ++ConfigInfo/drv_perm/map_secure/item/region,22,TYPE_CHAR, ++ConfigInfo/drv_perm/map_nosecure/,23,TYPE_CLASS, ++ConfigInfo/drv_perm/map_nosecure/item/,24,TYPE_CLASS, ++ConfigInfo/drv_perm/map_nosecure/item/chip_type,25,TYPE_CHAR, ++ConfigInfo/drv_perm/map_nosecure/item/uuid,26,TYPE_CHAR, ++ConfigInfo/drv_perm/drv_cmd_perm_info/,27,TYPE_CLASS, ++ConfigInfo/drv_perm/drv_cmd_perm_info/item/,28,TYPE_CLASS, ++ConfigInfo/drv_perm/drv_cmd_perm_info/item/cmd,29,TYPE_CHAR,{gpd.ta.service_name}.csv ++ConfigInfo/drv_perm/drv_cmd_perm_info/item/permission,30,TYPE_CHAR,{gpd.ta.service_name}.csv ++ConfigInfo/drv_perm/drv_mac_info/,31,TYPE_CLASS, ++ConfigInfo/drv_perm/drv_mac_info/item/,32,TYPE_CLASS, ++ConfigInfo/drv_perm/drv_mac_info/item/uuid,33,TYPE_CHAR, ++ConfigInfo/drv_perm/drv_mac_info/item/permission,34,TYPE_CHAR,{gpd.ta.service_name}.csv ++ConfigInfo/,0,TYPE_CLASS, ++ConfigInfo/TA_Basic_Info/,1,TYPE_CLASS, ++ConfigInfo/TA_Basic_Info/service_name/,2,TYPE_CLASS, ++ConfigInfo/TA_Basic_Info/service_name/service_name,3,TYPE_CHAR, ++ConfigInfo/TA_Basic_Info/uuid/,4,TYPE_CLASS, ++ConfigInfo/TA_Basic_Info/uuid/uuid,5,TYPE_CHAR, ++ConfigInfo/TA_Manifest_Info/,6,TYPE_CLASS, ++ConfigInfo/TA_Manifest_Info/instance_keep_alive/,7,TYPE_CLASS, ++ConfigInfo/TA_Manifest_Info/instance_keep_alive/instance_keep_alive,8,TYPE_BOOL, ++ConfigInfo/TA_Manifest_Info/stack_size/,9,TYPE_CLASS, ++ConfigInfo/TA_Manifest_Info/stack_size/stack_size,10,TYPE_INT, ++ConfigInfo/TA_Manifest_Info/heap_size/,11,TYPE_CLASS, ++ConfigInfo/TA_Manifest_Info/heap_size/heap_size,12,TYPE_INT, ++ConfigInfo/TA_Manifest_Info/target_type/,13,TYPE_CLASS, ++ConfigInfo/TA_Manifest_Info/target_type/target_type,14,TYPE_INT, ++ConfigInfo/TA_Manifest_Info/multi_command/,15,TYPE_CLASS, ++ConfigInfo/TA_Manifest_Info/multi_command/multi_command,16,TYPE_BOOL, ++ConfigInfo/TA_Manifest_Info/multi_session/,17,TYPE_CLASS, ++ConfigInfo/TA_Manifest_Info/multi_session/multi_session,18,TYPE_BOOL, ++ConfigInfo/TA_Manifest_Info/single_instance/,19,TYPE_CLASS, ++ConfigInfo/TA_Manifest_Info/single_instance/single_instance,20,TYPE_BOOL, ++ConfigInfo/TA_Control_Info/,21,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/RPMB_Info/,22,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/,23,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_size/RPMB_size,24,TYPE_INT, ++ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/,25,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/RPMB_general/,26,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/RPMB_Info/RPMB_Permission/RPMB_general/RPMB_general,27,TYPE_BOOL, ++ConfigInfo/TA_Control_Info/SE_Info/,28,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/SE_Info/SE_open_session/,29,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/SE_Info/SE_open_session/SE_open_session,30,TYPE_BOOL, ++ConfigInfo/TA_Control_Info/TUI_Info/,31,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/TUI_Info/TUI_general/,32,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/TUI_Info/TUI_general/TUI_general,33,TYPE_BOOL, ++ConfigInfo/TA_Control_Info/DEBUG_Info/,34,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/DEBUG_Info/debug_status/,35,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/DEBUG_Info/debug_status/debug_status,36,TYPE_BOOL, ++ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_status/,35,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_status/DEBUG_status,36,TYPE_BOOL, ++ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/,37,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/DEBUG_Info/DEBUG_device_id/DEBUG_device_id,38,TYPE_CHAR, ++ConfigInfo/TA_Manifest_Info/mem_page_align/,39,TYPE_CLASS, ++ConfigInfo/TA_Manifest_Info/mem_page_align/mem_page_align,40,TYPE_BOOL, ++ConfigInfo/TA_Manifest_Info/sys_verify_ta/,41,TYPE_CLASS, ++ConfigInfo/TA_Manifest_Info/sys_verify_ta/sys_verify_ta,42,TYPE_BOOL, ++ConfigInfo/TA_Control_Info/TA_Manager/,43,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/TA_Manager/TA_Manager,44,TYPE_CHAR, ++ConfigInfo/TA_Control_Info/CERT_Info/,45,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/CERT_Info/CERT_Permission/,46,TYPE_CLASS, ++ConfigInfo/TA_Control_Info/CERT_Info/CERT_Permission/CERT_Permission,47,TYPE_BOOL, +diff --git a/build/signtools/xml_trans_manifest.py b/build/signtools/xml_trans_manifest.py +new file mode 100644 +index 0000000..f9eb36a +--- /dev/null ++++ b/build/signtools/xml_trans_manifest.py +@@ -0,0 +1,109 @@ ++#!/usr/bin/env python ++# coding=utf-8 ++#---------------------------------------------------------------------------- ++# Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved. ++# Licensed under the Mulan PSL v2. ++# You can use this software according to the terms and conditions of the Mulan ++# PSL v2. ++# You may obtain a copy of Mulan PSL v2 at: ++# http://license.coscl.org.cn/MulanPSL2 ++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY ++# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ++# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. ++# See the Mulan PSL v2 for more details. ++# Description: tools for xml trans ++#---------------------------------------------------------------------------- ++ ++import os ++import logging ++from defusedxml import ElementTree as ET ++ ++ ++type_trans = {"TYPE_NONE": "-1", ++ "TYPE_CLASS": "0", ++ "TYPE_BOOL": "1", ++ "TYPE_INT": "2", ++ "TYPE_CHAR": "3"} ++ ++type_dict = {} ++manifest_dict = {} ++ ++ ++def get_csv_size(path): ++ ++ with open(path, "r", encoding="utf-8") as csvfile: ++ lines = csvfile.readlines() ++ return len(lines) ++ return 0 ++ ++ ++def get_csv_data(path, lnum, rnum): ++ with open(path, "r", encoding="utf-8") as csvfile: ++ count = 0 ++ lines = csvfile.readlines() ++ for line in lines: ++ if count == lnum: ++ return str(line.split(",")[rnum]).strip() ++ count = count + 1 ++ return "" ++ ++ ++def classify_tag(tag): ++ ++ while len(tag) < 3: ++ tag = "0%s" % (tag) ++ ++ return tag ++ ++ ++# save tag type and manifest item dict ++def handle_manifest_tag_dict(path): ++ for index in range(0, get_csv_size(path)): ++ dyn_sym = get_csv_data(path, index, 0) ++ type_dict[dyn_sym] = type_trans.get(get_csv_data(path, index, 2)) ++ manifest_dict[dyn_sym] = get_csv_data(path, index, 3) ++ ++ ++def process_xml_to_manifest(config_xml_file_path, manifest_path): ++ tree = ET.parse(config_xml_file_path) ++ root = tree.getroot() ++ #Layer 1 node name ++ old_item = root.tag ++ attrs = "" ++ write_data = False ++ ++ #write items to manifest.txt ++ manifest_fd = os.open(manifest_path, os.O_CREAT | os.O_RDWR, 0o600) ++ manifest_fp = os.fdopen(manifest_fd, "wb") ++ ++ #Traversing the second layer of the xml file ++ for child in root: ++ child_item = "{}/{}".format(old_item, child.tag) ++ #Traversing the third layer of the xml file ++ for children in child: ++ children_item = "{}/{}".format(child_item, children.tag) ++ dyn_type = type_dict.get(children_item + attrs) ++ manifest_item_name = manifest_dict.get(children_item + attrs) ++ if dyn_type == type_trans.get("TYPE_CHAR"): ++ value = "{}: {}\n".format(manifest_item_name, children.text) ++ manifest_fp.write(value.encode()) ++ write_data = True ++ ++ #close manifest.txt file ++ manifest_fp.close() ++ if write_data is False: ++ os.remove(manifest_path) ++ ++ ++def trans_xml_to_manifest(config_xml_file_path, manifest_path): ++ if not os.path.exists(config_xml_file_path): ++ logging.error("config xml file doesn't exist") ++ return ++ if not os.path.exists("./manifest_tag_parse_dict.csv"): ++ logging.error("config manifest_tag_parse_dict.csv file doesn't exist") ++ return ++ if os.path.exists(manifest_path): ++ return ++ ++ handle_manifest_tag_dict("./manifest_tag_parse_dict.csv") ++ process_xml_to_manifest(config_xml_file_path, manifest_path) +diff --git a/build/tools/srv_entry_check.sh b/build/tools/srv_entry_check.sh +new file mode 100644 +index 0000000..870076c +--- /dev/null ++++ b/build/tools/srv_entry_check.sh +@@ -0,0 +1,13 @@ ++#!/bin/bash ++# Copyright Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++set -e ++ ++echo "------------- check SRV tee_task_entry begin --------------" ++task_entry=$($1 -s $2 | grep -w tee_task_entry) || true ++if [[ "$task_entry" != "" ]]; then ++ exit 0 ++else ++ echo "----- SRV should define tee_task_entry symbol ---" ++ exit 1 ++fi ++echo "------------- check SRV tee_task_entry succ --------------" +diff --git a/build/tools/ta_entry_check.sh b/build/tools/ta_entry_check.sh +new file mode 100644 +index 0000000..eab72a3 +--- /dev/null ++++ b/build/tools/ta_entry_check.sh +@@ -0,0 +1,52 @@ ++#!/bin/bash ++# Copyright Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++# iTrustee licensed under the Mulan PSL v2. ++# You can use this software according to the terms and conditions of the Mulan ++# PSL v2. ++# You may obtain a copy of Mulan PSL v2 at: ++# http://license.coscl.org.cn/MulanPSL2 ++# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY ++# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ++# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. ++# See the Mulan PSL v2 for more details. ++set -e ++ ++#params: $1-readelf cmd; $2-libcombine.so; $3-USE_ENTRY_BINARY; $4-DYN_LINK; $5-TARGET_IS_ARM64 ++ ++# if USE_ENTRY_BINARY is y, means link elf_main_entry.o ++# no need to check ++if [ "$3" == "y" ]; then ++ echo "------ no need to check task_entry ----" ++ exit 0 ++fi ++ ++# for ta not link elf_main_entry.o ++# should not define tee_task_entry symbol ++echo "------------- check TA tee_task_entry begin --------------" ++task_entry=$($1 -s $2 | grep -w tee_task_entry) || true ++if [[ "$task_entry" != "" ]]; then ++ echo "----- ERROR TA should not define tee_task_entry symbol ---" ++ echo " $task_entry" ++ exit 1 ++fi ++echo "------------- check TA tee_task_entry succ --------------" ++ ++# if TARGET_IS_ARM64 is y, means is aarch64 TA ++# for aarch64 ta no need to compile ta_magic.c ++if [ "$5" == "y" ]; then ++ echo "------- aarch64 TA no need check magic ----" ++ exit 0 ++fi ++ ++# if DYN_LINK is y, means is DYN TA ++# for 32bit dyn ta should compile ta_magic.c ++# since it not link elf_main_entry.o ++task_magic=$($1 -S $2 | grep -w ".magic") || true ++if [ "$4" == "y" ]; then ++ echo "------- check TA magic begin ------" ++ if [[ "$task_magic" == "" ]]; then ++ echo "------ ERROR DYN TA should compile ta_magic.c -----" ++ exit 1 ++ fi; ++ echo "------- check TA magic succ ------" ++fi +diff --git a/build/tools/ta_link_64.gcc_xom.ld b/build/tools/ta_link_64.gcc_xom.ld +new file mode 100644 +index 0000000..3023ed9 +--- /dev/null ++++ b/build/tools/ta_link_64.gcc_xom.ld +@@ -0,0 +1,226 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: Define the link rule of dyn service 64 bits for xom ++ */ ++ ++OUTPUT_FORMAT("elf64-littleaarch64", "elf64-bigaarch64", ++ "elf64-littleaarch64") ++OUTPUT_ARCH(aarch64) ++ENTRY(_start) ++PHDRS ++{ ++ phdr PT_PHDR PHDRS FLAGS (4); ++ rodata PT_LOAD FILEHDR PHDRS FLAGS (4); ++ xtext PT_LOAD FLAGS (1); ++ data PT_LOAD FLAGS (6); ++ dynamic PT_DYNAMIC FLAGS (6); ++ stack PT_GNU_STACK FLAGS (6); ++ relro 0x6474e552 FLAGS (4); ++} ++SEARCH_DIR("=/home/tcwg-buildslave/workspace/tcwg-make-release/builder_arch/amd64/label/tcwg-x86_64-build/target/aarch64-linux-gnu/_build/builds/destdir/x86_64-unknown-linux-gnu/aarch64-linux-gnu/lib64"); SEARCH_DIR("=/usr/local/lib64"); SEARCH_DIR("=/lib64"); SEARCH_DIR("=/usr/lib64"); SEARCH_DIR("=/home/tcwg-buildslave/workspace/tcwg-make-release/builder_arch/amd64/label/tcwg-x86_64-build/target/aarch64-linux-gnu/_build/builds/destdir/x86_64-unknown-linux-gnu/aarch64-linux-gnu/lib"); SEARCH_DIR("=/usr/local/lib"); SEARCH_DIR("=/lib"); SEARCH_DIR("=/usr/lib"); ++SECTIONS ++{ ++ /* Read-only sections, merged into text segment: */ ++ . = SEGMENT_START("text-segment", 0) + SIZEOF_HEADERS; ++ /* This should be the first section after program headers */ ++ .magic : { *(.magic) } : rodata ++ .note.gnu.build-id : { *(.note.gnu.build-id) } ++ .hash : { *(.hash) } ++ .gnu.hash : { *(.gnu.hash) } ++ .dynsym : { *(.dynsym) } ++ .dynstr : { *(.dynstr) } ++ .gnu.version : { *(.gnu.version) } ++ .gnu.version_d : { *(.gnu.version_d) } ++ .gnu.version_r : { *(.gnu.version_r) } ++ .rela.dyn : ++ { ++ *(.rela.init) ++ *(.rela.text .rela.text.* .rela.gnu.linkonce.t.*) ++ *(.rela.fini) ++ *(.rela.rodata .rela.rodata.* .rela.gnu.linkonce.r.*) ++ *(.rela.data .rela.data.* .rela.gnu.linkonce.d.*) ++ *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*) ++ *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*) ++ *(.rela.ctors) ++ *(.rela.dtors) ++ *(.rela.got) ++ *(.rela.bss .rela.bss.* .rela.gnu.linkonce.b.*) ++ *(.rela.ifunc) ++ } ++ .rela.plt : ++ { ++ *(.rela.plt) ++ *(.rela.iplt) ++ } ++ .rodata : { *(.rodata .rodata.* .gnu.linkonce.r.*) } ++ .rodata1 : { *(.rodata1) } ++ .eh_frame_hdr : { *(.eh_frame_hdr) *(.eh_frame_entry .eh_frame_entry.*) } ++ .eh_frame : ONLY_IF_RO { KEEP (*(.eh_frame)) *(.eh_frame.*) } ++ .gcc_except_table : ONLY_IF_RO { *(.gcc_except_table ++ .gcc_except_table.*) } ++ .gnu_extab : ONLY_IF_RO { *(.gnu_extab*) } ++ /* These sections are generated by the Sun/Oracle C++ compiler. */ ++ .exception_ranges : ONLY_IF_RO { *(.exception_ranges ++ .exception_ranges*) } ++ /* Make sure the address of text segment is aligned in 4k for xom */ ++ .init : ++ { ++ KEEP (*(SORT_NONE(.init))) ++ }:text ++ .fini : ++ { ++ KEEP (*(SORT_NONE(.fini))) ++ } ++ . = ALIGN(0x1000); ++ .plt : { *(.plt) } :xtext ++ .iplt : { *(.iplt) } ++ .xtext : ++ { ++ *(.text.unlikely .text.*_unlikely .text.unlikely.*) ++ *(.text.exit .text.exit.*) ++ *(.text.startup .text.startup.*) ++ *(.text.hot .text.hot.*) ++ *(.text .stub .text.* .gnu.linkonce.t.*) ++ /* .gnu.warning sections are handled specially by elf32.em. */ ++ *(.gnu.warning) ++ }:xtext ++ PROVIDE (__etext = .); ++ PROVIDE (_etext = .); ++ PROVIDE (etext = .); ++ /* Adjust the address for the data segment. We want to adjust up to ++ the same address within the page on the next page up. */ ++ . = DATA_SEGMENT_ALIGN (CONSTANT (MAXPAGESIZE), CONSTANT (COMMONPAGESIZE)); ++ /* Exception handling */ ++ /* Thread Local Storage sections */ ++ .tdata : { *(.tdata .tdata.* .gnu.linkonce.td.*) }:data ++ .tbss : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) } ++ .preinit_array : ++ { ++ KEEP (*(.preinit_array)) ++ } ++ .init_array : ++ { ++ PROVIDE_HIDDEN (__init_array_start = .); ++ KEEP (*(SORT_BY_INIT_PRIORITY(.init_array.*) SORT_BY_INIT_PRIORITY(.ctors.*))) ++ KEEP (*(.init_array EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .ctors)) ++ PROVIDE_HIDDEN (__init_array_end = .); ++ } ++ .fini_array : ++ { ++ PROVIDE_HIDDEN (__fini_array_start = .); ++ KEEP (*(SORT_BY_INIT_PRIORITY(.fini_array.*) SORT_BY_INIT_PRIORITY(.dtors.*))) ++ KEEP (*(.fini_array EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .dtors)) ++ PROVIDE_HIDDEN (__fini_array_end = .); ++ } ++ .ctors : ++ { ++ /* gcc uses crtbegin.o to find the start of ++ the constructors, so we make sure it is ++ first. Because this is a wildcard, it ++ doesn't matter if the user does not ++ actually link against crtbegin.o; the ++ linker won't look for a file to match a ++ wildcard. The wildcard also means that it ++ doesn't matter which directory crtbegin.o ++ is in. */ ++ KEEP (*crtbegin.o(.ctors)) ++ KEEP (*crtbegin?.o(.ctors)) ++ /* We don't want to include the .ctor section from ++ the crtend.o file until after the sorted ctors. ++ The .ctor section from the crtend file contains the ++ end of ctors marker and it must be last */ ++ KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .ctors)) ++ KEEP (*(SORT(.ctors.*))) ++ KEEP (*(.ctors)) ++ } ++ .dtors : ++ { ++ KEEP (*crtbegin.o(.dtors)) ++ KEEP (*crtbegin?.o(.dtors)) ++ KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .dtors)) ++ KEEP (*(SORT(.dtors.*))) ++ KEEP (*(.dtors)) ++ } ++ .jcr : { KEEP (*(.jcr)) } ++ .data.rel.ro : { *(.data.rel.ro.local* .gnu.linkonce.d.rel.ro.local.*) *(.data.rel.ro .data.rel.ro.* .gnu.linkonce.d.rel.ro.*) } : data : relro ++ .dynamic : { *(.dynamic) } : data : dynamic : relro ++ .got : { *(.got.plt) *(.igot.plt) *(.got) *(.igot) } : data : relro ++ . = DATA_SEGMENT_RELRO_END (0, .); ++ .data : ++ { ++ PROVIDE (__data_start = .); ++ *(.data .data.* .gnu.linkonce.d.*) ++ SORT(CONSTRUCTORS) ++ }:data ++ .data1 : { *(.data1) } ++ _edata = .; PROVIDE (edata = .); ++ . = .; ++ __bss_start = .; ++ __bss_start__ = .; ++ TA_BSS_START = .; ++ .bss : ++ { ++ *(.dynbss) ++ *(.bss .bss.* .gnu.linkonce.b.*) ++ *(COMMON) ++ . = ALIGN(. != 0 ? 64 / 8 : 1); ++ } ++ TA_BSS_END = .; ++ _bss_end__ = . ; __bss_end__ = . ; ++ . = ALIGN(64 / 8); ++ . = SEGMENT_START("ldata-segment", .); ++ . = ALIGN(64 / 8); ++ __end__ = . ; ++ _end = .; PROVIDE (end = .); ++ . = DATA_SEGMENT_END (.); ++ /* Stabs debugging sections. */ ++ .stab 0 : { *(.stab) } ++ .stabstr 0 : { *(.stabstr) } ++ .stab.excl 0 : { *(.stab.excl) } ++ .stab.exclstr 0 : { *(.stab.exclstr) } ++ .stab.index 0 : { *(.stab.index) } ++ .stab.indexstr 0 : { *(.stab.indexstr) } ++ .comment 0 : { *(.comment) } ++ /* DWARF debug sections. ++ Symbols in the DWARF debugging sections are relative to the beginning ++ of the section so we begin them at 0. */ ++ /* DWARF 1 */ ++ .debug 0 : { *(.debug) } ++ .line 0 : { *(.line) } ++ /* GNU DWARF 1 extensions */ ++ .debug_srcinfo 0 : { *(.debug_srcinfo) } ++ .debug_sfnames 0 : { *(.debug_sfnames) } ++ /* DWARF 1.1 and DWARF 2 */ ++ .debug_aranges 0 : { *(.debug_aranges) } ++ .debug_pubnames 0 : { *(.debug_pubnames) } ++ /* DWARF 2 */ ++ .debug_info 0 : { *(.debug_info .gnu.linkonce.wi.*) } ++ .debug_abbrev 0 : { *(.debug_abbrev) } ++ .debug_line 0 : { *(.debug_line .debug_line.* .debug_line_end ) } ++ .debug_frame 0 : { *(.debug_frame) } ++ .debug_str 0 : { *(.debug_str) } ++ .debug_loc 0 : { *(.debug_loc) } ++ .debug_macinfo 0 : { *(.debug_macinfo) } ++ /* SGI/MIPS DWARF 2 extensions */ ++ .debug_weaknames 0 : { *(.debug_weaknames) } ++ .debug_funcnames 0 : { *(.debug_funcnames) } ++ .debug_typenames 0 : { *(.debug_typenames) } ++ .debug_varnames 0 : { *(.debug_varnames) } ++ /* DWARF 3 */ ++ .debug_pubtypes 0 : { *(.debug_pubtypes) } ++ .debug_ranges 0 : { *(.debug_ranges) } ++ /* DWARF Extension. */ ++ .debug_macro 0 : { *(.debug_macro) } ++ .debug_addr 0 : { *(.debug_addr) } ++ .ARM.attributes 0 : { KEEP (*(.ARM.attributes)) KEEP (*(.gnu.attributes)) } ++ .note.gnu.arm.ident 0 : { KEEP (*(.note.gnu.arm.ident)) } ++ /DISCARD/ : { *(.note.GNU-stack) *(.gnu_debuglink) *(.gnu.lto_*) } ++} +diff --git a/build/tools/ta_link_64.ld b/build/tools/ta_link_64.ld +index 61388e0..a3eb30a 100644 +--- a/build/tools/ta_link_64.ld ++++ b/build/tools/ta_link_64.ld +@@ -8,6 +8,7 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: Describe the link file for 64bits TA + */ + + OUTPUT_FORMAT("elf64-littleaarch64", "elf64-bigaarch64", +@@ -19,6 +20,7 @@ SECTIONS + { + /* Read-only sections, merged into text segment: */ + . = SEGMENT_START("text-segment", 0) + SIZEOF_HEADERS; ++ _start = .; + /* This should be the first section after program headers */ + .magic : { *(.magic) } + .note.gnu.build-id : { *(.note.gnu.build-id) } +@@ -49,7 +51,14 @@ SECTIONS + *(.rela.plt) + *(.rela.iplt) + } +- .rodata : { *(.rodata .rodata.* .gnu.linkonce.r.*) } ++ .rodata : ++ { ++ *(.rodata .rodata.* .gnu.linkonce.r.*) ++ . = ALIGN(16); ++ PROVIDE (__start___llvm_prf_names = .); ++ *(__llvm_prf_names) ++ PROVIDE (__stop___llvm_prf_names = .); ++ } + .rodata1 : { *(.rodata1) } + .eh_frame_hdr : { *(.eh_frame_hdr) *(.eh_frame_entry .eh_frame_entry.*) } + .eh_frame : ONLY_IF_RO { KEEP (*(.eh_frame)) *(.eh_frame.*) } +@@ -150,6 +159,15 @@ SECTIONS + { + PROVIDE (__data_start = .); + *(.data .data.* .gnu.linkonce.d.*) ++ PROVIDE (__start___llvm_prf_cnts = .); ++ *(__llvm_prf_cnts) ++ PROVIDE (__stop___llvm_prf_cnts = .); ++ PROVIDE (__start___llvm_prf_data = .); ++ *(__llvm_prf_data) ++ PROVIDE (__stop___llvm_prf_data = .); ++ PROVIDE (__start___llvm_prf_vnds = .); ++ *(__llvm_prf_vnds); ++ PROVIDE (__stop___llvm_prf_vnds = .); + SORT(CONSTRUCTORS) + } + .data1 : { *(.data1) } +diff --git a/build/tools/ta_link_64.smee.ld b/build/tools/ta_link_64.smee.ld +new file mode 100644 +index 0000000..db72a53 +--- /dev/null ++++ b/build/tools/ta_link_64.smee.ld +@@ -0,0 +1,262 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved. ++ * iTrustee licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: Describe the link file for 64bits TA ++ */ ++ ++OUTPUT_FORMAT("elf64-littleaarch64", "elf64-bigaarch64", ++ "elf64-littleaarch64") ++OUTPUT_ARCH(aarch64) ++ENTRY(_start) ++SEARCH_DIR("=/home/tcwg-buildslave/workspace/tcwg-make-release/builder_arch/amd64/label/tcwg-x86_64-build/target/aarch64-linux-gnu/_build/builds/destdir/x86_64-unknown-linux-gnu/aarch64-linux-gnu/lib64"); SEARCH_DIR("=/usr/local/lib64"); SEARCH_DIR("=/lib64"); SEARCH_DIR("=/usr/lib64"); SEARCH_DIR("=/home/tcwg-buildslave/workspace/tcwg-make-release/builder_arch/amd64/label/tcwg-x86_64-build/target/aarch64-linux-gnu/_build/builds/destdir/x86_64-unknown-linux-gnu/aarch64-linux-gnu/lib"); SEARCH_DIR("=/usr/local/lib"); SEARCH_DIR("=/lib"); SEARCH_DIR("=/usr/lib"); ++ ++PHDRS ++{ ++ phdr PT_PHDR PHDRS FLAGS (4); ++ text PT_LOAD FILEHDR PHDRS FLAGS (5); ++ xtext PT_LOAD FLAGS (1); ++ smee 0x65656d73 AT(smee_start) FLAGS (6); ++ data PT_LOAD FLAGS (6); ++ dynamic PT_DYNAMIC FLAGS (6); ++ relro 0x6474e552 FLAGS (4); ++ stack PT_GNU_STACK FLAGS (6); ++} ++ ++SECTIONS ++{ ++ /* Read-only sections, merged into text segment: */ ++ . = SEGMENT_START("text-segment", 0) + SIZEOF_HEADERS; ++ _start = .; ++ /* This should be the first section after program headers */ ++ .magic : { *(.magic) } : text ++ .note.gnu.build-id : { *(.note.gnu.build-id) } ++ .hash : { *(.hash) } ++ .gnu.hash : { *(.gnu.hash) } ++ .dynsym : { *(.dynsym) } ++ .dynstr : { *(.dynstr) } ++ .gnu.version : { *(.gnu.version) } ++ .gnu.version_d : { *(.gnu.version_d) } ++ .gnu.version_r : { *(.gnu.version_r) } ++ .rela.dyn : ++ { ++ *(.rela.init) ++ *(.rela.text .rela.text.* .rela.gnu.linkonce.t.*) ++ *(.rela.fini) ++ *(.rela.rodata .rela.rodata.* .rela.gnu.linkonce.r.*) ++ *(.rela.data .rela.data.* .rela.gnu.linkonce.d.*) ++ *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*) ++ *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*) ++ *(.rela.ctors) ++ *(.rela.dtors) ++ *(.rela.got) ++ *(.rela.bss .rela.bss.* .rela.gnu.linkonce.b.*) ++ *(.rela.ifunc) ++ } ++ .rela.plt : ++ { ++ *(.rela.plt) ++ *(.rela.iplt) ++ } ++ .rodata : ++ { ++ *(.rodata .rodata.* .gnu.linkonce.r.*) ++ . = ALIGN(16); ++ PROVIDE (__start___llvm_prf_names = .); ++ *(__llvm_prf_names) ++ PROVIDE (__stop___llvm_prf_names = .); ++ } ++ .rodata1 : { *(.rodata1) } ++ .eh_frame_hdr : { *(.eh_frame_hdr) *(.eh_frame_entry .eh_frame_entry.*) } ++ .eh_frame : ONLY_IF_RO { KEEP (*(.eh_frame)) *(.eh_frame.*) } ++ .gcc_except_table : ONLY_IF_RO { *(.gcc_except_table ++ .gcc_except_table.*) } ++ .gnu_extab : ONLY_IF_RO { *(.gnu_extab*) } ++ /* These sections are generated by the Sun/Oracle C++ compiler. */ ++ .exception_ranges : ONLY_IF_RO { *(.exception_ranges ++ .exception_ranges*) } ++ /* Make sure the address of text segment is aligned in 4k for xom */ ++ . = ALIGN(0x1000); ++ .init : ++ { ++ KEEP (*(SORT_NONE(.init))) ++ } : xtext =0 ++ .plt : ALIGN(16) { *(.plt) *(.iplt) } ++ .text : ++ { ++ *(.text.unlikely .text.*_unlikely .text.unlikely.*) ++ *(.text.exit .text.exit.*) ++ *(.text.startup .text.startup.*) ++ *(.text.hot .text.hot.*) ++ *(.text .stub .text.* .gnu.linkonce.t.*) ++ /* .gnu.warning sections are handled specially by elf32.em. */ ++ *(.gnu.warning) ++ } =0 ++ .fini : ++ { ++ KEEP (*(SORT_NONE(.fini))) ++ } =0 ++ PROVIDE (__etext = .); ++ PROVIDE (_etext = .); ++ PROVIDE (etext = .); ++ ++ . = ALIGN(0x1000); ++ PROVIDE_HIDDEN (smee_start = .); ++ .smee : ALIGN(0x1000) ++ { ++ *(sram_protection_section) ++ *(smee* .smee* .*smee) ++ } : smee ++ ++ /* Adjust the address for the data segment. We want to adjust up to ++ the same address within the page on the next page up. */ ++ . = DATA_SEGMENT_ALIGN (CONSTANT (MAXPAGESIZE), CONSTANT (COMMONPAGESIZE)); ++ /* Exception handling */ ++ .eh_frame : ONLY_IF_RW { KEEP (*(.eh_frame)) *(.eh_frame.*) } ++ .gnu_extab : ONLY_IF_RW { *(.gnu_extab) } ++ .gcc_except_table : ONLY_IF_RW { *(.gcc_except_table .gcc_except_table.*) } ++ .exception_ranges : ONLY_IF_RW { *(.exception_ranges .exception_ranges*) } ++ /* Thread Local Storage sections */ ++ .tdata : { *(.tdata .tdata.* .gnu.linkonce.td.*) } ++ .tbss : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) } ++ .preinit_array : ++ { ++ KEEP (*(.preinit_array)) ++ } ++ .init_array : ++ { ++ PROVIDE_HIDDEN (__init_array_start = .); ++ KEEP (*(SORT_BY_INIT_PRIORITY(.init_array.*) SORT_BY_INIT_PRIORITY(.ctors.*))) ++ KEEP (*(.init_array EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .ctors)) ++ PROVIDE_HIDDEN (__init_array_end = .); ++ } ++ .fini_array : ++ { ++ PROVIDE_HIDDEN (__fini_array_start = .); ++ KEEP (*(SORT_BY_INIT_PRIORITY(.fini_array.*) SORT_BY_INIT_PRIORITY(.dtors.*))) ++ KEEP (*(.fini_array EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .dtors)) ++ PROVIDE_HIDDEN (__fini_array_end = .); ++ } ++ .ctors : ++ { ++ /* gcc uses crtbegin.o to find the start of ++ the constructors, so we make sure it is ++ first. Because this is a wildcard, it ++ doesn't matter if the user does not ++ actually link against crtbegin.o; the ++ linker won't look for a file to match a ++ wildcard. The wildcard also means that it ++ doesn't matter which directory crtbegin.o ++ is in. */ ++ KEEP (*crtbegin.o(.ctors)) ++ KEEP (*crtbegin?.o(.ctors)) ++ /* We don't want to include the .ctor section from ++ the crtend.o file until after the sorted ctors. ++ The .ctor section from the crtend file contains the ++ end of ctors marker and it must be last */ ++ KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .ctors)) ++ KEEP (*(SORT(.ctors.*))) ++ KEEP (*(.ctors)) ++ } ++ .dtors : ++ { ++ KEEP (*crtbegin.o(.dtors)) ++ KEEP (*crtbegin?.o(.dtors)) ++ KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .dtors)) ++ KEEP (*(SORT(.dtors.*))) ++ KEEP (*(.dtors)) ++ } ++ .jcr : { KEEP (*(.jcr)) } ++ .data.rel.ro : ++ { ++ *(.data.rel.ro.local* .gnu.linkonce.d.rel.ro.local.*) ++ *(.data.rel.ro .data.rel.ro.* .gnu.linkonce.d.rel.ro.*) ++ } : data : relro ++ .dynamic : { *(.dynamic) } : data : dynamic : relro ++ .got : { *(.got.plt) *(.igot.plt) *(.got) *(.igot) } : data : relro ++ . = DATA_SEGMENT_RELRO_END (0, .); ++ .data : ++ { ++ PROVIDE (__data_start = .); ++ *(.data .data.* .gnu.linkonce.d.*) ++ PROVIDE (__start___llvm_prf_cnts = .); ++ *(__llvm_prf_cnts) ++ PROVIDE (__stop___llvm_prf_cnts = .); ++ PROVIDE (__start___llvm_prf_data = .); ++ *(__llvm_prf_data) ++ PROVIDE (__stop___llvm_prf_data = .); ++ PROVIDE (__start___llvm_prf_vnds = .); ++ *(__llvm_prf_vnds); ++ PROVIDE (__stop___llvm_prf_vnds = .); ++ SORT(CONSTRUCTORS) ++ } : data ++ .data1 : { *(.data1) } ++ _edata = .; PROVIDE (edata = .); ++ . = .; ++ __bss_start = .; ++ __bss_start__ = .; ++ TA_BSS_START = .; ++ .bss : ++ { ++ *(.dynbss) ++ *(.bss .bss.* .gnu.linkonce.b.*) ++ *(COMMON) ++ . = ALIGN(. != 0 ? 64 / 8 : 1); ++ } : data ++ TA_BSS_END = .; ++ _bss_end__ = . ; __bss_end__ = . ; ++ . = ALIGN(64 / 8); ++ . = SEGMENT_START("ldata-segment", .); ++ . = ALIGN(64 / 8); ++ __end__ = . ; ++ _end = .; PROVIDE (end = .); ++ . = DATA_SEGMENT_END (.); ++ /* Stabs debugging sections. */ ++ .stab 0 : { *(.stab) } ++ .stabstr 0 : { *(.stabstr) } ++ .stab.excl 0 : { *(.stab.excl) } ++ .stab.exclstr 0 : { *(.stab.exclstr) } ++ .stab.index 0 : { *(.stab.index) } ++ .stab.indexstr 0 : { *(.stab.indexstr) } ++ .comment 0 : { *(.comment) } ++ /* DWARF debug sections. ++ Symbols in the DWARF debugging sections are relative to the beginning ++ of the section so we begin them at 0. */ ++ /* DWARF 1 */ ++ .debug 0 : { *(.debug) } ++ .line 0 : { *(.line) } ++ /* GNU DWARF 1 extensions */ ++ .debug_srcinfo 0 : { *(.debug_srcinfo) } ++ .debug_sfnames 0 : { *(.debug_sfnames) } ++ /* DWARF 1.1 and DWARF 2 */ ++ .debug_aranges 0 : { *(.debug_aranges) } ++ .debug_pubnames 0 : { *(.debug_pubnames) } ++ /* DWARF 2 */ ++ .debug_info 0 : { *(.debug_info .gnu.linkonce.wi.*) } ++ .debug_abbrev 0 : { *(.debug_abbrev) } ++ .debug_line 0 : { *(.debug_line .debug_line.* .debug_line_end ) } ++ .debug_frame 0 : { *(.debug_frame) } ++ .debug_str 0 : { *(.debug_str) } ++ .debug_loc 0 : { *(.debug_loc) } ++ .debug_macinfo 0 : { *(.debug_macinfo) } ++ /* SGI/MIPS DWARF 2 extensions */ ++ .debug_weaknames 0 : { *(.debug_weaknames) } ++ .debug_funcnames 0 : { *(.debug_funcnames) } ++ .debug_typenames 0 : { *(.debug_typenames) } ++ .debug_varnames 0 : { *(.debug_varnames) } ++ /* DWARF 3 */ ++ .debug_pubtypes 0 : { *(.debug_pubtypes) } ++ .debug_ranges 0 : { *(.debug_ranges) } ++ /* DWARF Extension. */ ++ .debug_macro 0 : { *(.debug_macro) } ++ .debug_addr 0 : { *(.debug_addr) } ++ .ARM.attributes 0 : { KEEP (*(.ARM.attributes)) KEEP (*(.gnu.attributes)) } ++ .note.gnu.arm.ident 0 : { KEEP (*(.note.gnu.arm.ident)) } ++ /DISCARD/ : { *(.note.GNU-stack) *(.gnu_debuglink) *(.gnu.lto_*) } ++} +diff --git a/include/CA/tee_client_api.h b/include/CA/tee_client_api.h +index c139d4d..f9ce68e 100644 +--- a/include/CA/tee_client_api.h ++++ b/include/CA/tee_client_api.h +@@ -1,6 +1,6 @@ + /* +- * Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2013-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,6 +8,7 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: TEE client API definitions + */ + + #ifndef _TEE_CLIENT_API_H_ +@@ -24,7 +25,7 @@ + + #include + #include "tee_client_type.h" +-#include ++#include "tee_client_log.h" + + #ifdef __cplusplus + extern "C" { +@@ -44,7 +45,7 @@ extern "C" { + * initializes a new TEE Context, forming a connection between this Client Application and the TEE + * + * @param name [IN] TEE name (unused) +- * @param context [IN/OUT] pointer to TEEC_Context to be initialized ++ * @param context [OUT] pointer to TEEC_Context to be initialized + * + * @return TEEC_SUCCESS operation success + * @return TEEC_ERROR_BAD_PARAMETERS invalid parameter +@@ -74,11 +75,11 @@ void TEEC_FinalizeContext( + * @param connectionData [IN] any necessary data required to support the connection method + * @param operation [IN/OUT] a pointer to an Operation containing a set of Parameters to exchange with the + * Trusted Application +- * @param returnOrigin [IN/OUT] a pointer to a variable which will contain the return origin, This field may be NULL ++ * @param returnOrigin [OUT] a pointer to a variable which will contain the return origin, This field may be NULL + * if the return origin is not needed + * + * @return TEEC_SUCCESS operation success +- * @return TEEC_ERROR_BAD_PARAMETERS invalid parametercontext or session or destination is NULL ++ * @return TEEC_ERROR_BAD_PARAMETERS invalid parameter, context or session or destination is NULL + * @return TEEC_ERROR_ACCESS_DENIED client Application's connection request is denied + * @return TEEC_ERROR_OUT_OF_MEMORY system resource is out of use + * @return TEEC_ERROR_TRUSTED_APP_LOAD_ERROR load Trusted Application failed +@@ -109,10 +110,10 @@ void TEEC_CloseSession( + * @param session [IN/OUT] the open Session in which the command will be invoked + * @param commandID [IN] the identifier of the Command within the Trusted Application to invoke + * @param operation [IN/OUT] a pointer to a Client Application initialized TEEC_Operation structure +- * @param returnOrigin [IN/OUT] a pointer to a variable which will contain the return origin ++ * @param returnOrigin [OUT] a pointer to a variable which will contain the return origin + * + * @return TEEC_SUCCESS operation success +- * @return TEEC_ERROR_BAD_PARAMETERS invalid parametersession is NULL or operation data invalid ++ * @return TEEC_ERROR_BAD_PARAMETERS invalid parameter, session is NULL or operation data invalid + * @return TEEC_ERROR_ACCESS_DENIED invoke command operation is denied + * @return TEEC_ERROR_OUT_OF_MEMORY system resource is out of use + * @return others refer TEEC_ReturnCode +@@ -155,8 +156,8 @@ TEEC_Result TEEC_AllocateSharedMemory( + + /* + * deregisters or deallocates a previously initialized block of Shared Memory +- * if memory is allocated by TEEC_AllocateSharedMemory, system will free this memory +- * if memory is registered by TEEC_RegisterSharedMemory, system will not free this memory ++ * if memory is allocated by TEEC_AllocateSharedMemory, system will free this memory ++ * if memory is registered by TEEC_RegisterSharedMemory, system will not free this memory + * + * @param sharedMem [IN/OUT] a pointer to a valid Shared Memory structure + * +diff --git a/include/CA/tee_client_constants.h b/include/CA/tee_client_constants.h +index 3b86dcb..896222d 100644 +--- a/include/CA/tee_client_constants.h ++++ b/include/CA/tee_client_constants.h +@@ -1,6 +1,6 @@ + /* +- * Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2013-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,38 +8,39 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: static definitions of client API + */ + + #ifndef _TEE_CLIENT_CONSTANTS_H_ + #define _TEE_CLIENT_CONSTANTS_H_ + + enum TEEC_ReturnCode { +- TEEC_SUCCESS = 0x0, /* success */ +- TEEC_ERROR_INVALID_CMD, /* invalid command */ +- TEEC_ERROR_SERVICE_NOT_EXIST, /* target service is not exist */ +- TEEC_ERROR_SESSION_NOT_EXIST, /* session between client and service is not exist */ +- TEEC_ERROR_SESSION_MAXIMUM, /* exceed max num of sessions */ +- TEEC_ERROR_REGISTER_EXIST_SERVICE, /* cannot register the service which already exist */ +- TEEC_ERROR_TAGET_DEAD_FATAL, /* system error occurs in TEE */ +- TEEC_ERROR_READ_DATA, /* failed to read data in file */ +- TEEC_ERROR_WRITE_DATA, /* failed to write data to file */ +- TEEC_ERROR_TRUNCATE_OBJECT, /* data is truncated */ +- TEEC_ERROR_SEEK_DATA, /* failed to seek data in file */ +- TEEC_ERROR_FSYNC_DATA, /* failed to sync data in file */ +- TEEC_ERROR_RENAME_OBJECT, /* failed to rename file */ +- TEEC_ERROR_TRUSTED_APP_LOAD_ERROR, /* failed to load Trusted Application */ +- TEEC_ERROR_GENERIC = 0xFFFF0000, /* generic error occurs */ +- TEEC_ERROR_ACCESS_DENIED = 0xFFFF0001, /* permission check failed, in initilize context or +- open session or invoke commnad */ +- TEEC_ERROR_CANCEL = 0xFFFF0002, /* operation is already canceled */ ++ TEEC_SUCCESS = 0x0, /* success */ ++ TEEC_ERROR_INVALID_CMD, /* invalid command */ ++ TEEC_ERROR_SERVICE_NOT_EXIST, /* target service is not exist */ ++ TEEC_ERROR_SESSION_NOT_EXIST, /* session between client and service is not exist */ ++ TEEC_ERROR_SESSION_MAXIMUM, /* exceed max num of sessions */ ++ TEEC_ERROR_REGISTER_EXIST_SERVICE, /* cannot register the service which already exist */ ++ TEEC_ERROR_TAGET_DEAD_FATAL, /* system error occurs in TEE */ ++ TEEC_ERROR_READ_DATA, /* failed to read data in file */ ++ TEEC_ERROR_WRITE_DATA, /* failed to write data to file */ ++ TEEC_ERROR_TRUNCATE_OBJECT, /* data is truncated */ ++ TEEC_ERROR_SEEK_DATA, /* failed to seek data in file */ ++ TEEC_ERROR_FSYNC_DATA, /* failed to sync data in file */ ++ TEEC_ERROR_RENAME_OBJECT, /* failed to rename file */ ++ TEEC_ERROR_TRUSTED_APP_LOAD_ERROR, /* failed to load Trusted Application */ ++ TEEC_ERROR_GENERIC = 0xFFFF0000, /* generic error occurs */ ++ TEEC_ERROR_ACCESS_DENIED = 0xFFFF0001, /* permission check failed, in initilize context or ++ open session or invoke commnad */ ++ TEEC_ERROR_CANCEL = 0xFFFF0002, /* operation is already canceled */ + TEEC_ERROR_ACCESS_CONFLICT = 0xFFFF0003, /* confilct occurs in concurrent access to data, + error occurs in file operaions generally */ +- TEEC_ERROR_EXCESS_DATA = 0xFFFF0004, /* exceed max data to be handled by system */ +- TEEC_ERROR_BAD_FORMAT = 0xFFFF0005, /* data format is invalid, Trusted Application cannot +- handle it */ +- TEEC_ERROR_BAD_PARAMETERS = 0xFFFF0006, /* invalid parameters */ +- TEEC_ERROR_BAD_STATE = 0xFFFF0007, /* operation failed in current state, when try to access +- storage without initilize storage service */ ++ TEEC_ERROR_EXCESS_DATA = 0xFFFF0004, /* exceed max data to be handled by system */ ++ TEEC_ERROR_BAD_FORMAT = 0xFFFF0005, /* data format is invalid, Trusted Application cannot ++ handle it */ ++ TEEC_ERROR_BAD_PARAMETERS = 0xFFFF0006, /* invalid parameters */ ++ TEEC_ERROR_BAD_STATE = 0xFFFF0007, /* operation failed in current state, when try to access ++ storage without initilize storage service */ + TEEC_ERROR_ITEM_NOT_FOUND = 0xFFFF0008, /* cannot find target item */ + TEEC_ERROR_NOT_IMPLEMENTED = 0xFFFF0009, /* request operation is not implemented */ + TEEC_ERROR_NOT_SUPPORTED = 0xFFFF000A, /* request operation is not supported */ +@@ -52,7 +53,14 @@ enum TEEC_ReturnCode { + TEEC_ERROR_SHORT_BUFFER = 0xFFFF0010, /* out buffer is not enough for current request */ + TEEC_ERROR_MAC_INVALID = 0xFFFF3071, /* MAC value check failed */ + TEEC_ERROR_TARGET_DEAD = 0xFFFF3024, /* Trusted Application is crashed */ +- TEEC_FAIL = 0xFFFF5002 /* reserved error code */ ++ TEEC_FAIL = 0xFFFF5002, /* common error */ ++ TEEC_ERROR_EXTERNAL_CANCEL = 0xFFFF0011, /* used by adapt only, event caused User Interface operation aborted */ ++ TEEC_ERROR_OVERFLOW = 0xFFFF300F, /* used by adapt only */ ++ TEEC_ERROR_STORAGE_NO_SPACE = 0xFFFF3041, /* used by adapt only */ ++ TEEC_ERROR_SIGNATURE_INVALID = 0xFFFF3072, /* used by adapt only */ ++ TEEC_ERROR_TIME_NOT_SET = 0xFFFF5000, /* used by adapt only */ ++ TEEC_ERROR_TIME_NEEDS_RESET = 0xFFFF5001, /* used by adapt only */ ++ TEEC_ERROR_IPC_OVERFLOW = 0xFFFF9114 /* ipc overflow */ + }; + + enum TEEC_ReturnCodeOrigin { +@@ -66,7 +74,7 @@ enum TEEC_SharedMemCtl { + TEEC_MEM_INPUT = 0x1, /* input type of memroy */ + TEEC_MEM_OUTPUT = 0x2, /* output type of memory */ + TEEC_MEM_INOUT = 0x3, /* memory is used as both input and output */ +- TEEC_MEM_SHARED_INOUT = 0x4, /* no copy shared memory */ ++ TEEC_MEM_SHARED_INOUT = 0x4, /* no copy shared memory */ + }; + + enum TEEC_ParamType { +@@ -80,7 +88,7 @@ enum TEEC_ParamType { + refer TEEC_TempMemoryReference */ + TEEC_ION_INPUT = 0x08, /* input type of icon memory reference, refer TEEC_IonReference */ + TEEC_ION_SGLIST_INPUT = 0x09, /* input type of ion memory block reference, refer TEEC_IonSglistReference */ +- TEEC_MEMREF_SHARED_INOUT = 0xa, /* no copy mem */ ++ TEEC_MEMREF_SHARED_INOUT = 0x0a, /* no copy mem */ + TEEC_MEMREF_WHOLE = 0xc, /* use whole memory block, refer TEEC_RegisteredMemoryReference */ + TEEC_MEMREF_PARTIAL_INPUT = 0xd, /* input type of memory reference, refer TEEC_RegisteredMemoryReference */ + TEEC_MEMREF_PARTIAL_OUTPUT = 0xe, /* output type of memory reference, refer TEEC_RegisteredMemoryReference */ +@@ -105,7 +113,7 @@ enum TEEC_LoginMethod { + TEEC_LOGIN_GROUP_APPLICATION = 0x6, /* Login data about the group running + the Client Application and about the + Client Application itself is provided */ +- TEEC_LOGIN_IDENTIFY = 0x7, /* iTrustee defined login type, Login data is provided by REE system */ ++ TEEC_LOGIN_IDENTIFY = 0x7, /* Login data is provided by REE system */ + }; + enum TST_CMD_ID { + TST_CMD_ID_01 = 1, +diff --git a/include/CA/tee_client_list.h b/include/CA/tee_client_list.h +index 4aa6a53..9f3bb1e 100644 +--- a/include/CA/tee_client_list.h ++++ b/include/CA/tee_client_list.h +@@ -1,6 +1,6 @@ + /* +- * Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2013-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,6 +8,7 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: linked list data types and basic operations + */ + + #ifndef TEE_CLIENT_LIST_H +@@ -19,12 +20,12 @@ struct ListNode { + }; + + #define OFFSET_OF(type, member) (unsigned long)(&(((type *)0)->member)) +-#define CONTAINER_OF(pos, type, member) (type *)(((char *)(pos)) - OFFSET_OF(type, member)) ++#define CONTAINER_OF(pos, type, member) (type *)(uintptr_t)(((char *)(pos)) - OFFSET_OF(type, member)) + + #define LIST_DECLARE(name) \ + struct ListNode name = { \ +- .next = &name, \ +- .prev = &name, \ ++ .next = &(name), \ ++ .prev = &(name), \ + } + + static inline void ListInit(struct ListNode *list) +@@ -80,25 +81,21 @@ static inline struct ListNode *ListRemoveTail(struct ListNode *list) + } + + #define LIST_ENTRY(ptr, type, member) \ +- ((type *)((char *)(ptr)-(unsigned long)(&((type *)0)->member))) ++ ((type *)(((char *)(ptr)) - (unsigned long)(&(((type *)0)->member)))) + + #define LIST_FOR_EACH(pos, list) \ +- for (pos = (list)->next; pos != (list); pos = pos->next) ++ for ((pos) = (list)->next; (pos) != (list); (pos) = (pos)->next) + + #define LIST_FOR_EACH_SAFE(pos, n, list) \ +- for ((pos) = (list)->next, (n) = (pos)->next; \ +- (pos) != (list); \ +- (pos) = (n), (n) = (pos)->next) +- +-#define LIST_FOR_EACH_ENTRY(pos, list, member) \ +- for (pos = LIST_ENTRY((list)->next, typeof(*pos), member); \ +- &pos->member != (list); \ +- pos = LIST_ENTRY(pos->member.next, typeof(*pos), member)) +- +-#define LIST_FOR_EACH_ENTRY_SAFE(pos, n, list, member) \ +- for (pos = LIST_ENTRY((list)->next, typeof(*pos), member), \ +- n = LIST_ENTRY(pos->member.next, typeof(*pos), member); \ +- &pos->member != (list); \ +- pos = n, n = LIST_ENTRY(n->member.next, typeof(*n), member)) ++ for ((pos) = (list)->next, (n) = (pos)->next; (pos) != (list); (pos) = (n), (n) = (pos)->next) ++ ++#define LIST_FOR_EACH_ENTRY(pos, list, member) \ ++ for ((pos) = LIST_ENTRY((list)->next, typeof(*(pos)), member); &(pos)->member != (list); \ ++ (pos) = LIST_ENTRY((pos)->member.next, typeof(*(pos)), member)) ++ ++#define LIST_FOR_EACH_ENTRY_SAFE(pos, n, list, member) \ ++ for ((pos) = LIST_ENTRY((list)->next, typeof(*(pos)), member), \ ++ (n) = LIST_ENTRY((pos)->member.next, typeof(*(pos)), member); \ ++ &(pos)->member != (list); (pos) = (n), (n) = LIST_ENTRY((n)->member.next, typeof(*(n)), member)) + + #endif +diff --git a/include/CA/tee_client_log.h b/include/CA/tee_client_log.h +index e3b7fae..1024015 100644 +--- a/include/CA/tee_client_log.h ++++ b/include/CA/tee_client_log.h +@@ -1,6 +1,6 @@ + /* + * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,19 +8,20 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: TEE client log api + */ + + #ifndef TEE_CLIENT_LOG_H + #define TEE_CLIENT_LOG_H + +-#include ++#include + + #ifdef TEEC_DEBUG +-#define TEEC_Debug(...) syslog(LOG_USER | LOG_INFO, __VA_ARGS__); ++#define TEEC_Debug(fmt, args...) printf("%s: " fmt, __func__, ## args) + #else + #define TEEC_Debug(...) + #endif + +-#define TEEC_Error(...) syslog(LOG_USER | LOG_INFO, __VA_ARGS__); ++#define TEEC_Error(fmt, args...) printf("%s: " fmt, __func__, ## args) + + #endif +diff --git a/include/CA/tee_client_type.h b/include/CA/tee_client_type.h +index c5b97e3..ed70482 100644 +--- a/include/CA/tee_client_type.h ++++ b/include/CA/tee_client_type.h +@@ -1,6 +1,6 @@ + /* + * Copyright (c) Huawei Technologies Co., Ltd. 2013-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,47 +8,20 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: data type and structure definition according to GP + */ + + #ifndef _TEE_CLIENT_TYPE_H_ + #define _TEE_CLIENT_TYPE_H_ + ++#include ++#include + #include + #include + #include + #include "tee_client_list.h" + #include "tee_client_constants.h" + +-typedef unsigned int uint32_t; +- +-typedef signed int int32_t; +- +-typedef unsigned short uint16_t; +- +-typedef signed short int16_t; +- +-typedef unsigned char uint8_t; +- +-typedef signed char int8_t; +- +-#ifndef __cplusplus +-#ifndef bool +-#define bool uint8_t +-#endif +-#endif +- +-#ifndef true +-#define true 1 +-#endif +- +-#ifndef false +-#define false 0 +-#endif +- +-#ifndef NULL +-#define NULL 0 +-#endif +- + typedef enum TEEC_ReturnCode TEEC_Result; + + typedef struct { +@@ -63,17 +36,23 @@ typedef struct { + uint8_t *ta_path; + struct ListNode session_list; + struct ListNode shrd_mem_list; +- struct { +- void *buffer; +- sem_t buffer_barrier; +- } share_buffer; ++ union { ++ struct { ++ void *buffer; ++ sem_t buffer_barrier; ++ } share_buffer; ++ uint64_t imp; /* for adapt */ ++ }; + } TEEC_Context; + + typedef struct { + uint32_t session_id; + TEEC_UUID service_id; + uint32_t ops_cnt; +- struct ListNode head; ++ union { ++ struct ListNode head; ++ uint64_t imp; /* for adapt */ ++ }; + TEEC_Context *context; + } TEEC_Session; + +@@ -83,7 +62,10 @@ typedef struct { + uint32_t flags; /* reference to TEEC_SharedMemCtl */ + uint32_t ops_cnt; + bool is_allocated; /* identify whether the memory is registered or allocated */ +- struct ListNode head; ++ union { ++ struct ListNode head; ++ void* imp; /* for adapt, imp is not used by system CA, only for vendor CA */ ++ }; + TEEC_Context *context; + } TEEC_SharedMemory; + +diff --git a/include/TA/huawei_ext/crypto_cert_wrapper.h b/include/TA/huawei_ext/crypto_cert_wrapper.h +new file mode 100644 +index 0000000..85e5a15 +--- /dev/null ++++ b/include/TA/huawei_ext/crypto_cert_wrapper.h +@@ -0,0 +1,87 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: soft aes engine ++ */ ++#ifndef __CRYPTO_CERT_WRAPPER_H__ ++#define __CRYPTO_CERT_WRAPPER_H__ ++ ++#include ++#include ++#include "crypto_x509_wrapper.h" ++ ++/* ++ * Create attestation certificate with input params. ++ * ++ * @param cert [OUT] The certificate buffer ++ * @param cert_len [IN] The length of certificate buffer ++ * @param valid [IN] The valid date buffer ++ * @param issuer_tlv [IN] The issuer buffer ++ * @param issuer_tlv_len [IN] The length of issuer buffer ++ * @param subject_public_key [IN] The subject public key buffer ++ * @param subject_public_key_len [IN] The length of subject public key buffer ++ * @param attestation_ext [IN] The attestation extrol info buffer ++ * @param attestation_ext_len [IN] The length of attestation extrol info buffer ++ * @param priv_sign [IN] The private key buffer ++ * @param key_usage_sign_bit [IN] The usage sign flag ++ * @param key_usage_encrypt_bit [IN] The usage encrypt flag ++ * @param keytype [IN] The keytype of private key ++ * @param hash [IN] The hash func of digest ++ * ++ * @return -1: Create attestation certificate failed ++ * @return others: The real size of certificate ++ */ ++int32_t create_attestation_cert(uint8_t *cert, uint32_t cert_len, const validity_period_t *valid, ++ const uint8_t *issuer_tlv, uint32_t issuer_tlv_len, ++ const uint8_t *subject_public_key, uint32_t subject_public_key_len, ++ const uint8_t *attestation_ext, uint32_t attestation_ext_len, void *priv_sign, ++ uint32_t key_usage_sign_bit, uint32_t key_usage_encrypt_bit, uint32_t key_type, ++ uint32_t hash); ++ ++/* ++ * Get element number from certificate. ++ * ++ * @param elem [OUT] The element with elem_id ++ * @param elem_id [IN] The index of element ++ * @param cert [IN] The certificate buffer ++ * @param cert_len [IN] The length of certificate buffer ++ * ++ * @return -1: Get element failed ++ * @return others: The length of element ++ */ ++int32_t get_tbs_element(uint8_t **elem, uint32_t elem_id, const uint8_t *cert, uint32_t cert_len); ++ ++/* ++ * verify Cert in tee ++ * ++ * @param cert [IN] data for salt ++ * @param cert_len [IN] salt length ++ * @param parent_key [IN] size of generated key, fix-size 32 bytes ++ * @param parent_key_len [IN] pointer where key is saved ++ * ++ * @return TEE_SUCCESS OK ++ * @return TEE_ERROR_BAD_PARAMETERS illegal parameters ++ * @return TEE_ERROR_GENERIC internal error ++ */ ++TEE_Result tee_verify_dev_cert(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len); ++ ++/* ++ * create cert request in TEE ++ * ++ * @param buf [OUT] cert request output buffer ++ * @param len [OUT] output buffer size ++ * @param key_type [IN] key_type RSA 0; ECC 1 ++ * @param file_name [IN] pointer where key is saved ++ * ++ * @return TEE_SUCCESS operation success ++ * @return TEE_ERROR_BAD_PARAMETERS illegal parameters ++ */ ++TEE_Result tee_create_cert_req(uint8_t *buf, size_t len, uint32_t key_type, uint8_t *file_name); ++#endif +diff --git a/include/TA/huawei_ext/crypto_device_key_wrapper.h b/include/TA/huawei_ext/crypto_device_key_wrapper.h +new file mode 100644 +index 0000000..2c8ba9e +--- /dev/null ++++ b/include/TA/huawei_ext/crypto_device_key_wrapper.h +@@ -0,0 +1,31 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: soft device key engine ++ */ ++#ifndef __CRYPTO_DEVICE_KEY_WRAPPER_H__ ++#define __CRYPTO_DEVICE_KEY_WRAPPER_H__ ++ ++#include ++#include ++ ++/* ++ * Get oem huk. ++ * ++ * @param huk [OUT] The oem huk buffer ++ * @param key [IN] The hmac key buffer ++ * @param key_size [IN] The length of hmac key buffer ++ * ++ * @return 0: Get oem huk success ++ * @return -1: Get oem huk failed ++ */ ++int32_t get_class_oem_huk(uint8_t *huk, const uint8_t *key, uint32_t key_size); ++ ++#endif +diff --git a/include/TA/huawei_ext/crypto_ec_wrapper.h b/include/TA/huawei_ext/crypto_ec_wrapper.h +new file mode 100644 +index 0000000..934fc40 +--- /dev/null ++++ b/include/TA/huawei_ext/crypto_ec_wrapper.h +@@ -0,0 +1,149 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: soft ec engine ++ */ ++#ifndef __CRYPTO_EC_WRAPPER_H__ ++#define __CRYPTO_EC_WRAPPER_H__ ++ ++#include ++#include ++ ++#define ECC_PRIV_LEN 66 ++#define ECC_PUB_LEN 66 ++ ++struct ec_pub_info { ++ uint8_t *x; ++ uint32_t x_len; ++ uint8_t *y; ++ uint32_t y_len; ++}; ++ ++struct ec_priv_info { ++ uint32_t nid; ++ uint8_t *r; ++ uint32_t r_len; ++}; ++ ++typedef struct { ++ uint32_t domain; ++ uint8_t x[ECC_PUB_LEN]; ++ uint32_t x_len; ++ uint8_t y[ECC_PUB_LEN]; ++ uint32_t y_len; ++} ecc_pub_key_t; ++ ++typedef struct { ++ uint32_t domain; ++ uint8_t r[ECC_PRIV_LEN]; ++ uint32_t r_len; ++} ecc_priv_key_t; ++ ++/* ++ * Derive ecc public key from private key. ++ * ++ * @param priv_info [IN] The ecc_priv_key_t structure ++ * @param pub_info [OUT] The ecc_pub_key_t structure ++ * ++ * @return 0: Derive ecc public key success ++ * @return -1: Derive ecc public key failed ++ */ ++int32_t ecc_derive_public_key(ecc_priv_key_t *priv_info, ecc_pub_key_t *pub_info); ++ ++/* ++ * Derive ecc private key from huk. ++ * ++ * @param priv [OUT] The ecc_priv_key_t structure ++ * @param secret [IN] The huk buffer ++ * @param sec_len [IN] The length of huk buffer ++ * ++ * @return 0: Derive ecc private key success ++ * @return -1: Derive ecc private key failed ++ */ ++int32_t derive_ecc_private_key_from_huk(ecc_priv_key_t *priv, const uint8_t *secret, uint32_t sec_len); ++ ++/* ++ * Convert the ecc_pub_key_t structure passed in by the user into ecc public key buffer. ++ * ++ * @param out [OUT] The ecc public key buffer ++ * @param outlen [IN/OUT] The length of ecc public key buffer ++ * @param pub [IN] The ecc public key structure ++ * ++ * @return -1: Export ecc public key failed ++ * @return others: The real size of out buffer ++ */ ++int32_t ecc_export_pub(uint8_t *out, uint32_t out_size, ecc_pub_key_t *pub); ++ ++/* ++ * Convert the ecc public key passed in by the user into the ecc_pub_key_t structure. ++ * ++ * @param pub [OUT] The ecc public key structure ++ * @param in [IN] The ecc public key buffer ++ * @param inlen [IN] The length of ecc public key buffer ++ * ++ * @return 1: Import ecc public key success ++ * @return -1: Import ecc public key failed ++ */ ++int32_t ecc_import_pub(ecc_pub_key_t *pub, const uint8_t *in, uint32_t inlen); ++ ++/* ++ * Convert the ecc private key passed in by the user into the ecc_priv_key_t structure. ++ * ++ * @param priv [OUT] The ecc private key structure ++ * @param in [IN] The ecc private key buffer ++ * @param inlen [IN] The length of ecc private key buffer ++ * ++ * @return -1: Import ecc private key failed ++ * @return others: The width of ecc private key ++ */ ++int32_t ecc_import_priv(ecc_priv_key_t *priv, const uint8_t *in, uint32_t inlen); ++ ++/* ++ * Read next TLV (Type-Length-Value) from ASN1 buffer. ++ * ++ * @param type [OUT] Type of TLV ++ * @param header_len [OUT] Length of TLV ++ * @param buf [IN] Input TLV ++ * @param buf_len [IN] Length of buf in bytes ++ * ++ * @return -1: Get next TLV failed ++ * @return others: Length of next TLV ++ */ ++int32_t get_next_tlv(uint32_t *type, uint32_t *header_len, const uint8_t *buf, uint32_t buf_len); ++ ++/* ++ * Use ECC algorithm to sign user data. ++ * ++ * @param signature [OUT] The signature of input data ++ * @param sig_siz [IN/OUT] The length of signature ++ * @param in [IN] The data to be sign ++ * @param in_len [IN] The length of input data ++ * @param priv [IN] The ecc private key structure ++ * ++ * @return -1: Sign input buffer use ecc failed ++ * @return others: The length of signature ++ */ ++int32_t ecc_sign_digest(uint8_t *signature, uint32_t sig_size, uint8_t *in, uint32_t in_len, ecc_priv_key_t *priv); ++ ++/* ++ * Verify the data with ECC algorithm. ++ * ++ * @param signature [IN] The signature of input data ++ * @param sig_len [IN] The length of signature ++ * @param in [IN] The input data ++ * @param in_len [IN] The length of input data ++ * @param pub [IN] The ecc public key structure ++ * ++ * @return 1: Verify digest success ++ * @return -1: Verify digest failed ++ */ ++int32_t ecc_verify_digest(const uint8_t *signature, uint32_t sig_len, uint8_t *in, uint32_t in_len, ecc_pub_key_t *pub); ++ ++#endif +diff --git a/include/TA/huawei_ext/crypto_ec_x509_wrapper.h b/include/TA/huawei_ext/crypto_ec_x509_wrapper.h +new file mode 100644 +index 0000000..73e2832 +--- /dev/null ++++ b/include/TA/huawei_ext/crypto_ec_x509_wrapper.h +@@ -0,0 +1,53 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: soft ec x509 engine ++ */ ++#ifndef __CRYPTO_EC_X509_WRAPPER_H__ ++#define __CRYPTO_EC_X509_WRAPPER_H__ ++ ++#include ++#include ++#include "crypto_x509_wrapper.h" ++ ++/* ++ * Recover the root certificate. ++ * ++ * @param cert [OUT] The certificate buffer ++ * @param cert_len [IN/OUT] The length of certificate buffer ++ * @param priv [IN] The private key structure ++ * @param keytype [IN] The keytype of private key ++ * ++ * @return -1: Recover root certificate failed ++ * @return others: Recover root certificate success ++ */ ++int32_t recover_root_cert(uint8_t *cert, uint32_t cert_len, const void *priv, uint32_t keytype); ++ ++/* ++ * Sign the pkcs10 certificate. ++ * ++ * @param cert [OUT] The certificate buffer ++ * @param cert_len [IN] The length of certificate buffer ++ * @param csr [IN] The certificate signing request buffer ++ * @param csr_len [IN] The length of certificate signing request buffer ++ * @param valid [IN] The valid date buffer ++ * @param serial_number [IN] The serial number buffer ++ * @param serial_length [IN] The length of serial number buffer ++ * @param priv [IN] The private key structure ++ * @param keytype [IN] The keytype of private key ++ * ++ * @return -1: Sign the pkcs10 certificate failed ++ * @return others: The real size of certificate ++ */ ++int32_t sign_pkcs10(uint8_t *cert, uint32_t cert_len, ++ const uint8_t *csr, uint32_t csr_len, const validity_period_t *valid, ++ const uint8_t *serial_number, uint32_t serial_length, const void *priv, uint32_t keytype); ++ ++#endif +diff --git a/include/TA/huawei_ext/crypto_inner_wrapper.h b/include/TA/huawei_ext/crypto_inner_wrapper.h +new file mode 100644 +index 0000000..01a171f +--- /dev/null ++++ b/include/TA/huawei_ext/crypto_inner_wrapper.h +@@ -0,0 +1,71 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: soft inner engine ++ */ ++#ifndef __CRYPTO_INNER_WRAPPER_H__ ++#define __CRYPTO_INNER_WRAPPER_H__ ++ ++#include ++#include ++ ++/* ++ * Get common name from certificate. ++ * ++ * @param name [OUT] The common name buffer ++ * @param name_size [IN/OUT] The length of common name buffer ++ * @param cert [IN] The certificate buffer ++ * @param cert_len [IN] The length of certificate buffer ++ * ++ * @return -1: Get common name failed ++ * @return others: Get common name success ++ */ ++int32_t get_subject_CN(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len); ++ ++/* ++ * Get organization name from certificate. ++ * ++ * @param name [OUT] The organization name buffer ++ * @param name_size [IN/OUT] The length of organization name buffer ++ * @param cert [IN] The certificate buffer ++ * @param cert_len [IN] The length of certificate buffer ++ * ++ * @return -1: Get organization name failed ++ * @return others: Get organization name success ++ */ ++int32_t get_subject_OU(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len); ++ ++/* ++ * verify Cert in tee ++ * ++ * @param cert [IN] data for salt ++ * @param cert_len [IN] salt length ++ * @param parent_key [IN] size of generated key, fix-size 32 bytes ++ * @param parent_key_len [IN] pointer where key is saved ++ * ++ * @return TEE_SUCCESS OK ++ * @return TEE_ERROR_BAD_PARAMETERS illegal parameters ++ * @return TEE_ERROR_GENERIC internal error ++ */ ++TEE_Result TEE_EXT_verify_dev_cert(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len); ++ ++/* ++ * create cert request in TEE ++ * ++ * @param buf [OUT] cert request output buffer ++ * @param len [OUT] output buffer size ++ * @param key_type [IN] key_type RSA 0; ECC 1 ++ * @param file_name [IN] pointer where key is saved ++ * ++ * @return TEE_SUCCESS operation success ++ * @return TEE_ERROR_BAD_PARAMETERS illegal parameters ++ */ ++TEE_Result TEE_EXT_create_cert_req(uint8_t *buf, size_t len, uint32_t key_type, uint8_t *file_name); ++#endif +diff --git a/include/TA/huawei_ext/crypto_rsa_wrapper.h b/include/TA/huawei_ext/crypto_rsa_wrapper.h +new file mode 100644 +index 0000000..abae90c +--- /dev/null ++++ b/include/TA/huawei_ext/crypto_rsa_wrapper.h +@@ -0,0 +1,154 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: soft rsa engine ++ */ ++#ifndef __CRYPTO_RSA_WRAPPER_H__ ++#define __CRYPTO_RSA_WRAPPER_H__ ++ ++#include ++#include ++ ++#define RSA_PUB_LEN 1024 ++#define RSA_PRIV_LEN 512 ++ ++typedef struct { ++ uint8_t e[RSA_PUB_LEN]; ++ uint32_t e_len; ++ uint8_t n[RSA_PUB_LEN]; ++ uint32_t n_len; ++} rsa_pub_key_t; ++ ++typedef struct { ++ uint8_t e[RSA_PUB_LEN]; ++ uint32_t e_len; ++ uint8_t n[RSA_PUB_LEN]; ++ uint32_t n_len; ++ uint8_t d[RSA_PUB_LEN]; ++ uint32_t d_len; ++ uint8_t p[RSA_PRIV_LEN]; ++ uint32_t p_len; ++ uint8_t q[RSA_PRIV_LEN]; ++ uint32_t q_len; ++ uint8_t dp[RSA_PRIV_LEN]; ++ uint32_t dp_len; ++ uint8_t dq[RSA_PRIV_LEN]; ++ uint32_t dq_len; ++ uint8_t qinv[RSA_PRIV_LEN]; ++ uint32_t qinv_len; ++} rsa_priv_key_t; ++ ++/* ++ * Generate rsa key pair. ++ * @param priv [OUT] The rsa private key structure ++ * @param pub [OUT] The rsa public key structure ++ * @param e [IN] The exponent of rsa key ++ * @param key_size [IN] The size of rsa key ++ * ++ * @return 0: Generate rsa keypair success ++ * @return -1: Generate rsa keypair failed ++ */ ++int32_t rsa_generate_keypair(rsa_priv_key_t *priv, rsa_pub_key_t *pub, uint32_t e, uint32_t key_size); ++ ++/* ++ * Do rsa encryption. ++ * ++ * @param dest_data [OUT] The dest data buffer ++ * @param dest_len [IN/OUT] The length of dest data ++ * @param src_data [IN] The src data buffer ++ * @param src_len [IN] The length of src data ++ * @param pub [IN] The rsa public key structure ++ * @param padding [IN] The padding type of encryption ++ * @param hash_nid [IN] The hash_nid of encryption ++ * ++ * @return 0: Do rsa encryption success ++ * @return -1: Do rsa encryption failed ++ */ ++int32_t rsa_encrypt(uint8_t *dest_data, uint32_t *dest_len, uint8_t *src_data, uint32_t src_len, rsa_pub_key_t *pub, ++ int32_t padding, int32_t hash_nid); ++ ++/* ++ * Do rsa decryption. ++ * ++ * @param dest_data [OUT] The dest data buffer ++ * @param dest_len [IN/OUT] The length of dest data ++ * @param src_data [IN] The src data buffer ++ * @param src_len [IN] The length of src data ++ * @param priv [IN] THE rsa private key structure ++ * @param padding [IN] The padding type of encryption ++ * @param hash_nid [IN] The hash_nid of encryption ++ * ++ * @return 0: Do rsa decryption success ++ * @return -1: Do rsa decryption failed ++ */ ++int32_t rsa_decrypt(uint8_t *dest_data, uint32_t *dest_len, uint8_t *src_data, uint32_t src_len, rsa_priv_key_t *priv, ++ uint32_t padding, int32_t hash_nid); ++ ++/* ++ * Do rsa Sign digest. ++ * ++ * @param signature [OUT] The signature of input data ++ * @param sig_size [IN/OUT] The length of signature ++ * @param in [IN] The input data ++ * @param in_len [IN] The length of input data ++ * @param priv [IN] The rsa private key structure ++ * @param salt_len [IN] The length of salt ++ * @param hash_nid [IN] The hash_nid of encryption ++ * @param padding [IN] The padding type of encryption ++ * ++ * @return 0: Do rsa sign digest success ++ * @return -1: Do rsa Sign digest failed ++ */ ++int32_t rsa_sign_digest(uint8_t *signature, uint32_t *sig_size, uint8_t *in, uint32_t in_len, rsa_priv_key_t *priv, ++ uint32_t salt_len, int32_t hash_nid, int32_t padding); ++ ++/* ++ * Do rsa Verify digest. ++ * ++ * @param signature [IN] The signature of input data ++ * @param sig_size [IN] The length of signature ++ * @param in [IN] The input data ++ * @param in_len [IN] The length of input data ++ * @param pub [IN] The rsa public key structure ++ * @param salt_len [IN] The length of salt ++ * @param hash_nid [IN] The hash_nid of encryption ++ * @param padding [IN] The padding type of encryption ++ * ++ * @return 0: Do rsa verify success ++ * @return -1: Do rsa verify failed ++ */ ++int32_t rsa_verify_digest(uint8_t *signature, uint32_t sig_size, uint8_t *in, uint32_t in_len, const rsa_pub_key_t *pub, ++ uint32_t salt_len, int32_t hash_nid, int32_t padding); ++ ++/* ++ * Convert the rsa private key passed in by the user into the rsa_priv_key_t structure. ++ * ++ * @param priv [OUT] The rsa private key structure ++ * @param in [IN] The rsa private key buffer ++ * @param inlen [IN] The length of rsa private key buffer ++ * ++ * @return -1: Import rsa private key failed ++ * @return 0: Import rsa private key success ++ */ ++int32_t rsa_import_priv(rsa_priv_key_t *priv, const uint8_t *in, uint32_t in_len); ++ ++/* ++ * Convert the rsa_pub_key_t structure passed in by the user into rsa public key buffer. ++ * ++ * @param out [OUT] The rsa public key buffer ++ * @param outlen [IN] The length of rsa public key buffer ++ * @param pub [IN] The rsa public key structure ++ * ++ * @return -1: Export rsa public key failed ++ * @return others: The real size of out buffer ++ */ ++int32_t rsa_export_pub_sp(uint8_t *out, uint32_t out_size, rsa_pub_key_t *pub); ++ ++#endif +diff --git a/include/TA/huawei_ext/crypto_wrapper.h b/include/TA/huawei_ext/crypto_wrapper.h +index e05e90b..aba36c2 100755 +--- a/include/TA/huawei_ext/crypto_wrapper.h ++++ b/include/TA/huawei_ext/crypto_wrapper.h +@@ -1,6 +1,6 @@ + /* + * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,63 +8,65 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: soft engine in boringssl + */ + #ifndef __CRYPTO_WRAPPER_H__ + #define __CRYPTO_WRAPPER_H__ + +-#include ++#include + #include +-#include +- +-#define SHA256_LEN 32 +-#define OEM_KEY_LEN 16 +- ++#include "crypto_cert_wrapper.h" ++#include "crypto_device_key_wrapper.h" ++#include "crypto_ec_wrapper.h" ++#include "crypto_ec_x509_wrapper.h" ++#include "crypto_rsa_wrapper.h" ++#include "crypto_x509_wrapper.h" ++#include "crypto_inner_wrapper.h" ++ ++#define SHA256_LEN 32 ++#define OEM_KEY_LEN 16 + #define ECC_P256_PRIV_LEN 64 + #define ECC_P256_PUB_LEN 32 +-#define RSA_PUB_LEN 1024 +-#define RSA_PRIV_LEN 512 + #define ATTEST_TBS_MAXSIZE 512 + #define ATTESTATION_KEY_USAGE_OFFSET 16 + #define EC_FIX_BUFFER_LEN 66 + #define SHA256_HASH_LEN 32 +-#define ECC_PRIV_LEN 66 +-#define ECC_PUB_LEN 66 + + /* macro in tomcrypto start */ + /* ECC domain id */ +-#define NIST_P192 0 +-#define NIST_P224 1 +-#define NIST_P256 2 +-#define NIST_P384 3 +-#define NIST_P521 4 +- +-#define SHA1_HASH 1 +-#define SHA224_HASH 2 +-#define SHA256_HASH 3 +-#define SHA384_HASH 4 +-#define SHA512_HASH 5 ++#define NIST_P192 0 ++#define NIST_P224 1 ++#define NIST_P256 2 ++#define NIST_P384 3 ++#define NIST_P521 4 ++ ++#define SHA1_HASH 1 ++#define SHA224_HASH 2 ++#define SHA256_HASH 3 ++#define SHA384_HASH 4 ++#define SHA512_HASH 5 + /* Algorithm id */ +-#define RSA_ALG 0 +-#define ECC_ALG 1 ++#define RSA_ALG 0 ++#define ECC_ALG 1 + /* macro in tomcrypto end */ +-#define DIR_ENC 0 +-#define DIR_DEC 1 +- +-#define CRYPTO_NUMBER_TWO 2 +-#define CRYPTO_NUMBER_THREE 3 +-#define CRYPTO_NUMBER_FOUR 4 +-#define CRYPTO_NUMBER_FIVE 5 +-#define CRYPTO_NUMBER_SIX 6 +-#define CRYPTO_NUMBER_SEVEN 7 +-#define CRYPTO_NUMBER_EIGHT 8 +-#define VALIDITY_TIME_SIZE 13 +-#define SECRET_KEY_MAX_LEN 64 +-#define CER_PUBLIC_KEY_MAX_LEN 300 +-#define VALIDITY_FIX_LEN 32 +-#define KEY_USAGE_FIX_LEN 41 +-#define ITEM_THREE_ADD_LEN 12 +-#define ITEM_THREE_MOVE_LEN 27 +-#define ITEM_TWO_ADD_LEN 23 ++#define DIR_ENC 0 ++#define DIR_DEC 1 ++ ++#define CRYPTO_NUMBER_TWO 2 ++#define CRYPTO_NUMBER_THREE 3 ++#define CRYPTO_NUMBER_FOUR 4 ++#define CRYPTO_NUMBER_FIVE 5 ++#define CRYPTO_NUMBER_SIX 6 ++#define CRYPTO_NUMBER_SEVEN 7 ++#define CRYPTO_NUMBER_EIGHT 8 ++#define VALIDITY_TIME_SIZE 13 ++#define SECRET_KEY_MAX_LEN 64 ++#define CER_PUBLIC_KEY_MAX_LEN 300 ++#define VALIDITY_FIX_LEN 32 ++#define KEY_USAGE_FIX_LEN 41 ++#define ITEM_THREE_ADD_LEN 12 ++#define ITEM_THREE_MOVE_LEN 27 ++#define ITEM_TWO_ADD_LEN 23 + + /* table struct for match convert */ + typedef struct { +@@ -72,52 +74,6 @@ typedef struct { + uint32_t dest; + } crypto_u2u; + +-#define VALIDITY_TIME_SIZE 13 +-typedef struct { +- uint8_t start[VALIDITY_TIME_SIZE]; +- uint8_t end[VALIDITY_TIME_SIZE]; +-} validity_period_t; +- +-typedef struct { +- uint32_t domain; +- uint8_t x[ECC_PUB_LEN]; +- uint32_t x_len; +- uint8_t y[ECC_PUB_LEN]; +- uint32_t y_len; +-} ecc_pub_key_t; +- +-typedef struct { +- uint32_t domain; +- uint8_t r[ECC_PRIV_LEN]; +- uint32_t r_len; +-} ecc_priv_key_t; +- +-typedef struct { +- uint8_t e[RSA_PUB_LEN]; +- uint32_t e_len; +- uint8_t n[RSA_PUB_LEN]; +- uint32_t n_len; +-} rsa_pub_key_t; +- +-typedef struct { +- uint8_t e[RSA_PUB_LEN]; +- uint32_t e_len; +- uint8_t n[RSA_PUB_LEN]; +- uint32_t n_len; +- uint8_t d[RSA_PUB_LEN]; +- uint32_t d_len; +- uint8_t p[RSA_PRIV_LEN]; +- uint32_t p_len; +- uint8_t q[RSA_PRIV_LEN]; +- uint32_t q_len; +- uint8_t dp[RSA_PRIV_LEN]; +- uint32_t dp_len; +- uint8_t dq[RSA_PRIV_LEN]; +- uint32_t dq_len; +- uint8_t qinv[RSA_PRIV_LEN]; +- uint32_t qinv_len; +-} rsa_priv_key_t; +- + typedef struct { + unsigned char *ou; + unsigned char *o; +@@ -125,455 +81,4 @@ typedef struct { + unsigned char *cn; + } dn_name_t; + +-struct ec_pub_info { +- uint8_t *x; +- uint32_t x_len; +- uint8_t *y; +- uint32_t y_len; +-}; +- +-struct ec_priv_info { +- uint32_t nid; +- uint8_t *r; +- uint32_t r_len; +-}; +- +-/* +- * Convert the ecc public key passed in by the user into the ecc_pub_key_t structure. +- * +- * @param pub [OUT] The ecc public key structure +- * @param in [IN] The ecc public key buffer +- * @param inlen [IN] The length of ecc public key buffer +- * +- * @return 1: Import ecc public key success +- * @return -1: Import ecc public key failed +- */ +-int32_t ecc_import_pub(ecc_pub_key_t *pub, const uint8_t *in, uint32_t inlen); +- +-/* +- * Convert the ecc_pub_key_t structure passed in by the user into ecc public key buffer. +- * +- * @param out [OUT] The ecc public key buffer +- * @param outlen [IN/OUT] The length of ecc public key buffer +- * @param pub [IN] The ecc public key structure +- * +- * @return -1: Export ecc public key failed +- * @return others: The real size of out buffer +- */ +-int32_t ecc_export_pub(uint8_t *out, uint32_t out_size, ecc_pub_key_t *pub); +- +-/* +- * Read next TLV (Type-Length-Value) from ASN1 buffer. +- * +- * @param type [OUT] Type of TLV +- * @param header_len [OUT] Length of TLV +- * @param buf [IN] Input TLV +- * @param buf_len [IN] Length of buf in bytes +- * +- * @return -1: Get next TLV failed +- * @return others: Length of next TLV +- */ +-int32_t get_next_tlv(uint32_t *type, uint32_t *header_len, const uint8_t *buf, uint32_t buf_len); +- +-/* +- * Convert the ecc private key passed in by the user into the ecc_priv_key_t structure. +- * +- * @param priv [OUT] The ecc private key structure +- * @param in [IN] The ecc private key buffer +- * @param inlen [IN] The length of ecc private key buffer +- * +- * @return -1: Import ecc private key failed +- * @return others: The width of ecc private key +- */ +-int32_t ecc_import_priv(ecc_priv_key_t *priv, const uint8_t *in, uint32_t inlen); +- +-/* +- * Use ECC algorithm to sign user data. +- * +- * @param signature [OUT] The signature of input data +- * @param sig_siz [IN/OUT] The length of signature +- * @param in [IN] The data to be sign +- * @param in_len [IN] The length of input data +- * @param priv [IN] The ecc private key structure +- * +- * @return -1: Sign input buffer use ecc failed +- * @return others: The length of signature +- */ +-int32_t ecc_sign_digest(uint8_t *signature, uint32_t sig_size, uint8_t *in, uint32_t in_len, ecc_priv_key_t *priv); +- +-/* +- * Verify the data with ECC algorithm. +- * +- * @param signature [IN] The signature of input data +- * @param sig_len [IN] The length of signature +- * @param in [IN] The input data +- * @param in_len [IN] The length of input data +- * @param pub [IN] The ecc public key structure +- * +- * @return 1: Verify digest success +- * @return -1: Verify digest failed +- */ +-int32_t ecc_verify_digest(const uint8_t *signature, uint32_t sig_len, uint8_t *in, uint32_t in_len, ecc_pub_key_t *pub); +- +-/* +- * Generate rsa key pair. +- * @param priv [OUT] The rsa private key structure +- * @param pub [OUT] The rsa public key structure +- * @param e [IN] The exponent of rsa key +- * @param key_size [IN] The size of rsa key +- * +- * @return 0: Generate rsa keypair success +- * @return -1: Generate rsa keypair failed +- */ +-int32_t rsa_generate_keypair(rsa_priv_key_t *priv, rsa_pub_key_t *pub, uint32_t e, uint32_t key_size); +- +-/* +- * Do rsa encryption. +- * +- * @param dest_data [OUT] The dest data buffer +- * @param dest_len [IN/OUT] The length of dest data +- * @param src_data [IN] The src data buffer +- * @param src_len [IN] The length of src data +- * @param pub [IN] The rsa public key structure +- * @param padding [IN] The padding type of encryption +- * @param hash_nid [IN] The hash_nid of encryption +- * +- * @return 0: Do rsa encryption success +- * @return -1: Do rsa encryption failed +- */ +-int32_t rsa_encrypt(uint8_t *dest_data, uint32_t *dest_len, uint8_t *src_data, uint32_t src_len, rsa_pub_key_t *pub, +- int32_t padding, int32_t hash_nid); +- +-/* +- * Do rsa decryption. +- * +- * @param dest_data [OUT] The dest data buffer +- * @param dest_len [IN/OUT] The length of dest data +- * @param src_data [IN] The src data buffer +- * @param src_len [IN] The length of src data +- * @param priv [IN] THE rsa private key structure +- * @param padding [IN] The padding type of encryption +- * @param hash_nid [IN] The hash_nid of encryption +- * +- * @return 0: Do rsa decryption success +- * @return -1: Do rsa decryption failed +- */ +-int32_t rsa_decrypt(uint8_t *dest_data, uint32_t *dest_len, uint8_t *src_data, uint32_t src_len, rsa_priv_key_t *priv, +- uint32_t padding, int32_t hash_nid); +- +-/* +- * Do rsa Sign digest. +- * +- * @param signature [OUT] The signature of input data +- * @param sig_size [IN/OUT] The length of signature +- * @param in [IN] The input data +- * @param in_len [IN] The length of input data +- * @param priv [IN] The rsa private key structure +- * @param salt_len [IN] The length of salt +- * @param hash_nid [IN] The hash_nid of encryption +- * @param padding [IN] The padding type of encryption +- * +- * @return 0: Do rsa sign digest success +- * @return -1: Do rsa Sign digest failed +- */ +-int32_t rsa_sign_digest(uint8_t *signature, uint32_t *sig_size, uint8_t *in, uint32_t in_len, rsa_priv_key_t *priv, +- uint32_t salt_len, int32_t hash_nid, int32_t padding); +- +-/* +- * Do rsa Verify digest. +- * +- * @param signature [IN] The signature of input data +- * @param sig_size [IN] The length of signature +- * @param in [IN] The input data +- * @param in_len [IN] The length of input data +- * @param pub [IN] The rsa public key structure +- * @param salt_len [IN] The length of salt +- * @param hash_nid [IN] The hash_nid of encryption +- * @param padding [IN] The padding type of encryption +- * +- * @return 0: Do rsa verify success +- * @return -1: Do rsa verify failed +- */ +-int32_t rsa_verify_digest(uint8_t *signature, uint32_t sig_size, uint8_t *in, uint32_t in_len, const rsa_pub_key_t *pub, +- uint32_t salt_len, int32_t hash_nid, int32_t padding); +- +-/* +- * Convert the rsa private key passed in by the user into the rsa_priv_key_t structure. +- * +- * @param priv [OUT] The rsa private key structure +- * @param in [IN] The rsa private key buffer +- * @param inlen [IN] The length of rsa private key buffer +- * +- * @return -1: Import rsa private key failed +- * @return 0: Import rsa private key success +- */ +-int rsa_import_priv(rsa_priv_key_t *priv, const uint8_t *in, uint32_t in_len); +- +-/* +- * Check the certificate revocation list. +- * +- * @param cert [IN] The crl buffer +- * @param cert_len [IN] The length of crl buffer +- * @param parent_key [IN] The public key to verify the crl +- * @param parent_key_len [IN] The length of public key +- * +- * @return 1: Check the crl success +- * @return others: Check the crl failed +- */ +-int x509_crl_validate(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len); +- +-/* +- * Check the x509 certificate. +- * +- * @param cert [IN] The certificate buffer +- * @param cert_len [IN] The length of certificate buffer +- * @param parent_key [IN] The public key to verify the crl +- * @param parent_key_len [IN] The length of public key +- * +- * @return 1: Check the cert success +- * @return others: Check the cert failed +- */ +-int x509_cert_validate(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len); +- +-/* +- * Get public key from certificate. +- * +- * @param pub [OUT] The public key struct +- * @param in [IN] The certificate buffer +- * @param inlen [IN] The length of certificate buffer +- * +- * @return 0: Get public key success +- * @return -1: Get public key failed +- */ +-int import_pub_from_sp(void *pub, const uint8_t *in, uint32_t inlen); +- +-/* +- * Get public key from certificate. +- * +- * @param pub [OUT] The public key buffer +- * @param cert [IN] The certificate buffer +- * @param cert_len [IN] The length of certificate buffer +- * +- * @return -1: Get public key failed +- * @return others: The length of public key buffer +- */ +-int get_subject_public_key(uint8_t *pub, const uint8_t *cert, uint32_t cert_len); +- +-/* +- * Get public key from certificate. +- * +- * @param pub [OUT] The public key buffer +- * @param pub_size [IN/OUT] The length of public key buffer +- * @param cert [IN] The certificate buffer +- * @param cert_len [IN] The length of certificate buffer +- * +- * @return -1: Get public key failed +- * @return others: The length of public key buffer +- */ +-int get_subject_public_key_new(uint8_t *pub, uint32_t pub_size, const uint8_t *cert, uint32_t cert_len); +- +-/* +- * Get valid date from certificate. +- * +- * @param vd [OUT] The valid data structure +- * @param cert [IN] The certificate buffer +- * @param cert_len [IN] The length of certificate buffer +- * +- * @return 0: Get valid date success +- * @return -1: Get valid data failed +- */ +-int get_validity_from_cert(validity_period_t *vd, uint8_t *cert, uint32_t cert_len); +- +-/* +- * Get common name from certificate. +- * +- * @param name [OUT] The common name buffer +- * @param name_size [IN/OUT] The length of common name buffer +- * @param cert [IN] The certificate buffer +- * @param cert_len [IN] The length of certificate buffer +- * +- * @return -1: Get common name failed +- * @return others: Get common name success +- */ +-int get_subject_CN(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len); +- +-/* +- * Get organization name from certificate. +- * +- * @param name [OUT] The organization name buffer +- * @param name_size [IN/OUT] The length of organization name buffer +- * @param cert [IN] The certificate buffer +- * @param cert_len [IN] The length of certificate buffer +- * +- * @return -1: Get organization name failed +- * @return others: Get organization name success +- */ +-int get_subject_OU(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len); +- +-/* +- * Get serial number from certificate. +- * +- * @param serial_number [OUT] The serial number buffer +- * @param serial_number_size [IN/OUT] The length of serial number buffer +- * @param cert [IN] The certificate buffer +- * @param cert_len [IN] The length of certificate buffer +- * +- * @return -1: Get serial number failed +- * @return others: Get serial number success +- */ +-int get_serial_number_from_cert(uint8_t *serial_number, uint32_t serial_number_size, uint8_t *cert, uint32_t cert_len); +- +-/* +- * Get issuer from certificate. +- * +- * @param issuer [OUT] The issuer buffer +- * @param issuer_size [IN/OUT] The length of issuer buffer +- * @param cert [IN] The certificate buffer +- * @param cert_len [IN] The length of certificate buffer +- * +- * @return -1: Get serial number failed +- * @return others: Get serial number success +- */ +-int get_issuer_from_cert(uint8_t *issuer, uint32_t issuer_size, uint8_t *crl, uint32_t crl_len); +- +-/* +- * Get element number from certificate. +- * +- * @param elem [OUT] The element with elem_id +- * @param elem_id [IN] The index of element +- * @param cert [IN] The certificate buffer +- * @param cert_len [IN] The length of certificate buffer +- * +- * @return -1: Get element failed +- * @return others: The length of element +- */ +-int32_t get_tbs_element(uint8_t **elem, uint32_t elem_id, const uint8_t *cert, uint32_t cert_len); +- +-/* +- * Recover the root certificate. +- * +- * @param cert [OUT] The certificate buffer +- * @param cert_len [IN/OUT] The length of certificate buffer +- * @param priv [IN] The private key structure +- * @param keytype [IN] The keytype of private key +- * +- * @return -1: Recover root certificate failed +- * @return others: Recover root certificate success +- */ +-int32_t recover_root_cert(uint8_t *cert, uint32_t cert_len, const void *priv, uint32_t keytype); +- +-/* +- * Convert the rsa_pub_key_t structure passed in by the user into rsa public key buffer. +- * +- * @param out [OUT] The rsa public key buffer +- * @param outlen [IN] The length of rsa public key buffer +- * @param pub [IN] The rsa public key structure +- * +- * @return -1: Export rsa public key failed +- * @return others: The real size of out buffer +- */ +-int32_t rsa_export_pub_sp(uint8_t *out, uint32_t out_size, rsa_pub_key_t *pub); +- +-/* +- * Sign the pkcs10 certificate. +- * +- * @param cert [OUT] The certificate buffer +- * @param cert_len [IN] The length of certificate buffer +- * @param csr [IN] The certificate signing request buffer +- * @param csr_len [IN] The length of certificate signing request buffer +- * @param valid [IN] The valid date buffer +- * @param serial_number [IN] The serial number buffer +- * @param serial_length [IN] The length of serial number buffer +- * @param priv [IN] The private key structure +- * @param keytype [IN] The keytype of private key +- * +- * @return -1: Sign the pkcs10 certificate failed +- * @return others: The real size of certificate +- */ +-int32_t sign_pkcs10(uint8_t *cert, uint32_t cert_len, +- const uint8_t *csr, uint32_t csr_len, const validity_period_t *valid, +- const uint8_t *serial_number, uint32_t serial_length, const void *priv, uint32_t keytype); +- +-/* +- * Create attestation certificate with input params. +- * +- * @param cert [OUT] The certificate buffer +- * @param cert_len [IN] The length of certificate buffer +- * @param valid [IN] The valid date buffer +- * @param issuer_tlv [IN] The issuer buffer +- * @param issuer_tlv_len [IN] The length of issuer buffer +- * @param subject_public_key [IN] The subject public key buffer +- * @param subject_public_key_len [IN] The length of subject public key buffer +- * @param attestation_ext [IN] The attestation extrol infor buffer +- * @param attestation_ext_len [IN] The length of attestation extrol infor buffer +- * @param priv_sign [IN] The private key buffer +- * @param key_usage_sign_bit [IN] The usage sign falg +- * @param key_usage_encrypt_bit [IN] The usage encrypt flag +- * @param keytype [IN] The keytype of private key +- * @param hash [IN] The hash func of digest +- * +- * @return -1: Create attestation certificate failed +- * @return others: The real size of certificate +- */ +-int32_t create_attestation_cert(uint8_t *cert, uint32_t cert_len, const validity_period_t *valid, +- const uint8_t *issuer_tlv, uint32_t issuer_tlv_len, +- const uint8_t *subject_public_key, uint32_t subject_public_key_len, +- const uint8_t *attestation_ext, uint32_t attestation_ext_len, void *priv_sign, +- uint32_t key_usage_sign_bit, uint32_t key_usage_encrypt_bit, uint32_t key_type, +- uint32_t hash); +- +-/* +- * Get oem huk. +- * +- * @param huk [OUT] The oem huk buffer +- * @param key [IN] The hmac key buffer +- * @param key_size [IN] The length of hmac key buffer +- * +- * @return 0: Get oem huk success +- * @return -1: Get oem huk failed +- */ +-int get_class_oem_huk(uint8_t *huk, const uint8_t *key, uint32_t key_size); +- +-/* +- * Derive ecc public key from private key. +- * +- * @param priv_info [IN] The ecc_priv_key_t structure +- * @param pub_info [OUT] The ecc_pub_key_t structure +- * +- * @return 0: Derive ecc public key success +- * @return -1: Derive ecc public key failed +- */ +-int ecc_derive_public_key(ecc_priv_key_t *priv_info, ecc_pub_key_t *pub_info); +- +-/* +- * Derive ecc private key from huk. +- * +- * @param priv [OUT] The ecc_priv_key_t structure +- * @param secret [IN] The huk buffer +- * @param sec_len [IN] The length of huk buffer +- * +- * @return 0: Derive ecc private key success +- * @return -1: Derive ecc private key failed +- */ +-int derive_ecc_private_key_from_huk(ecc_priv_key_t *priv, const uint8_t *secret, uint32_t sec_len); +- +-/* +- * Do aes key wrap operation. +- * @param params [IN/OUT] The cdrm_params structure contains key/iv/input/output info +- * +- * @return TEE_SUCCESS: Do aes key wrap operation success +- * @return others: Do aes key wrap operation failed +- */ +-TEE_Result aes_key_wrap(struct cdrm_params *params); +- +-/* +- * Do aes key unwrap operation. +- * +- * @param params [IN/OUT] The cdrm_params structure contains key/iv/input/output info +- * +- * @return TEE_SUCCESS: Do aes key unwrap operation success +- * @return others: Do aes key unwrap operation failed +- */ +-TEE_Result aes_key_unwrap(struct cdrm_params *params); +- + #endif +diff --git a/include/TA/huawei_ext/crypto_x509_wrapper.h b/include/TA/huawei_ext/crypto_x509_wrapper.h +new file mode 100644 +index 0000000..830e7dc +--- /dev/null ++++ b/include/TA/huawei_ext/crypto_x509_wrapper.h +@@ -0,0 +1,169 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: soft ec x509 engine ++ */ ++#ifndef __CRYPTO_X509_WRAPPER_H__ ++#define __CRYPTO_X509_WRAPPER_H__ ++ ++#include ++#include ++ ++#define VALIDITY_TIME_SIZE 13 ++typedef struct { ++ uint8_t start[VALIDITY_TIME_SIZE]; ++ uint8_t end[VALIDITY_TIME_SIZE]; ++} validity_period_t; ++ ++/* ++ * Check the certificate revocation list. ++ * ++ * @param cert [IN] The crl buffer ++ * @param cert_len [IN] The length of crl buffer ++ * @param parent_key [IN] The public key to verify the crl ++ * @param parent_key_len [IN] The length of public key ++ * ++ * @return 1: Check the crl success ++ * @return others: Check the crl failed ++ */ ++int32_t x509_crl_validate(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len); ++ ++/* ++ * Check the x509 certificate. ++ * ++ * @param cert [IN] The certificate buffer ++ * @param cert_len [IN] The length of certificate buffer ++ * @param parent_key [IN] The public key to verify the crl ++ * @param parent_key_len [IN] The length of public key ++ * ++ * @return 1: Check the cert success ++ * @return others: Check the cert failed ++ */ ++int32_t x509_cert_validate(uint8_t *cert, uint32_t cert_len, uint8_t *parent_key, uint32_t parent_key_len); ++ ++/* ++ * Get public key from certificate. ++ * ++ * @param pub [OUT] The public key struct ++ * @param in [IN] The certificate buffer ++ * @param inlen [IN] The length of certificate buffer ++ * ++ * @return 0: Get public key success ++ * @return -1: Get public key failed ++ */ ++int32_t import_pub_from_sp(void *pub, const uint8_t *in, uint32_t inlen); ++ ++/* ++ * Get public key from certificate. ++ * ++ * @param pub [OUT] The public key buffer ++ * @param cert [IN] The certificate buffer ++ * @param cert_len [IN] The length of certificate buffer ++ * ++ * @return -1: Get public key failed ++ * @return others: The length of public key buffer ++ */ ++int32_t get_subject_public_key(uint8_t *pub, const uint8_t *cert, uint32_t cert_len); ++ ++/* ++ * Get public key from certificate. ++ * ++ * @param pub [OUT] The public key buffer ++ * @param pub_size [IN/OUT] The length of public key buffer ++ * @param cert [IN] The certificate buffer ++ * @param cert_len [IN] The length of certificate buffer ++ * ++ * @return -1: Get public key failed ++ * @return others: The length of public key buffer ++ */ ++int32_t get_subject_public_key_new(uint8_t *pub, uint32_t pub_size, const uint8_t *cert, uint32_t cert_len); ++ ++/* ++ * Get valid date from certificate. ++ * ++ * @param vd [OUT] The valid date structure ++ * @param cert [IN] The certificate buffer ++ * @param cert_len [IN] The length of certificate buffer ++ * ++ * @return 0: Get valid date success ++ * @return -1: Get valid date failed ++ */ ++int32_t get_validity_from_cert(validity_period_t *vd, uint8_t *cert, uint32_t cert_len); ++ ++/* ++ * Get common name from certificate. ++ * ++ * @param name [OUT] The common name buffer ++ * @param name_size [IN/OUT] The length of common name buffer ++ * @param cert [IN] The certificate buffer ++ * @param cert_len [IN] The length of certificate buffer ++ * ++ * @return -1: Get common name failed ++ * @return others: Get common name success ++ */ ++int32_t get_subject_x509_cn(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len); ++ ++/* ++ * Get organization name from certificate. ++ * ++ * @param name [OUT] The organization name buffer ++ * @param name_size [IN/OUT] The length of organization name buffer ++ * @param cert [IN] The certificate buffer ++ * @param cert_len [IN] The length of certificate buffer ++ * ++ * @return -1: Get organization name failed ++ * @return others: Get organization name success ++ */ ++int32_t get_subject_x509_ou(uint8_t *name, uint32_t name_size, const uint8_t *cert, uint32_t cert_len); ++ ++/* ++ * Get serial number from certificate. ++ * ++ * @param serial_number [OUT] The serial number buffer ++ * @param serial_number_size [IN/OUT] The length of serial number buffer ++ * @param cert [IN] The certificate buffer ++ * @param cert_len [IN] The length of certificate buffer ++ * ++ * @return -1: Get serial number failed ++ * @return others: Get serial number success ++ */ ++int32_t get_serial_number_from_cert(uint8_t *serial_number, uint32_t serial_number_size, ++ uint8_t *cert, uint32_t cert_len); ++ ++/* ++ * Get issuer from certificate. ++ * ++ * @param issuer [OUT] The issuer buffer ++ * @param issuer_size [IN/OUT] The length of issuer buffer ++ * @param cert [IN] The certificate buffer ++ * @param cert_len [IN] The length of certificate buffer ++ * ++ * @return -1: Get serial number failed ++ * @return others: Get serial number success ++ */ ++int32_t get_issuer_from_cert(uint8_t *issuer, uint32_t issuer_size, uint8_t *crl, uint32_t crl_len); ++ ++/* ++ * Check cert chain valid. ++ * ++ * @param root_cert [IN] root ca cert presave ++ * @param root_cert_len [IN] The length of root ca cert ++ * @param second_cert [IN] secondary ca cert buffer ++ * @param second_cert_len [IN] The length of secondary ca cert ++ * @param leaf_cert [IN] leaf ca cert ++ * @param leaf_cert_len [IN] The length of leaf ca cert ++ * ++ * @return -1: failed ++ * @return >0: check success ++ */ ++int x509_cert_chain_validate(uint8_t *root_cert, uint32_t root_cert_len, ++ uint8_t *second_cert, uint32_t second_cert_len, ++ uint8_t *leaf_cert, uint32_t leaf_cert_len); ++#endif +diff --git a/include/TA/huawei_ext/permsrv_api_cert.h b/include/TA/huawei_ext/permsrv_api_cert.h +new file mode 100644 +index 0000000..8be86b1 +--- /dev/null ++++ b/include/TA/huawei_ext/permsrv_api_cert.h +@@ -0,0 +1,22 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: permsrv cert api interface head file ++ */ ++ ++#ifndef PEMRSRV_API_CERT_H ++#define PEMRSRV_API_CERT_H ++ ++#include "tee_defines.h" ++ ++TEE_Result ta_signing_cert_import(const char *cert_buf, uint32_t cert_size, const char *pub_key_buf, uint32_t pub_size); ++TEE_Result ta_signing_cert_export(uint8_t *dst, uint32_t *len, uint32_t limit); ++TEE_Result ta_signing_cert_destroy(void); ++#endif +diff --git a/include/TA/huawei_ext/permsrv_api_legacy.h b/include/TA/huawei_ext/permsrv_api_legacy.h +new file mode 100644 +index 0000000..e76f5b5 +--- /dev/null ++++ b/include/TA/huawei_ext/permsrv_api_legacy.h +@@ -0,0 +1,21 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: Functions in this header file are deprecated. Do not use ++ */ ++ ++#ifndef PERMSRV_API_LEGACY_H ++#define PERMSRV_API_LEGACY_H ++ ++#include "tee_defines.h" ++ ++TEE_Result TEE_EXT_crl_cert_process(const char *crl_cert, uint32_t crl_cert_size); ++TEE_Result TEE_EXT_ta_ctrl_list_process(const char *ctrl_list, uint32_t ctrl_list_size); ++#endif +diff --git a/include/TA/huawei_ext/qsi_data_structure.h b/include/TA/huawei_ext/qsi_data_structure.h +new file mode 100644 +index 0000000..2ffedf2 +--- /dev/null ++++ b/include/TA/huawei_ext/qsi_data_structure.h +@@ -0,0 +1,27 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: Data Structure Definations of QSI. ++ */ ++#ifndef QSI_DATA_STRUCTURE_H ++#define QSI_DATA_STRUCTURE_H ++#include ++ ++enum seal_operation { ++ SEAL, ++ UNSEAL ++}; ++ ++struct ra_buffer_data { ++ uint32_t length; ++ uint8_t *buffer; ++}; ++ ++#endif +diff --git a/include/TA/huawei_ext/tee_crypto_err.h b/include/TA/huawei_ext/tee_crypto_err.h +new file mode 100644 +index 0000000..6d019b7 +--- /dev/null ++++ b/include/TA/huawei_ext/tee_crypto_err.h +@@ -0,0 +1,42 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: tee crypto err definitions ++ */ ++ ++#ifndef TEE_CRYPTO_ERR_H ++#define TEE_CRYPTO_ERR_H ++ ++#include ++ ++#define MAX_COMMON_CRYPTO_ENGINE_ERR 99 ++/* ++ * notes: all extension tee error rule is TEE_EXT_ERROR_BASE | CRYPTO_MODULE_ERR_ID | ALG_ERR_ID | base_error_value, ++ * For example, the crypto module extension error codes are prefixed with 0x8002, ++ * and base_error_value is opensoure lib err. ++ */ ++enum soft_algthorm_err_id { ++ SM2_LIB_ERR_ID = 0x0000, /* GMSSL common err and ec err */ ++ SM4_LIB_ERR_ID = 0x1000, /* GMSSL evp err */ ++ /* as below: for openssl opensource lib */ ++ COMM_LIB_ERR_ID = 0x2000, ++ BN_LIB_ERR_ID = 0x3000, ++ RSA_LIB_ERR_ID = 0x4000, ++ EVP_LIB_ERR_ID = 0x5000, ++ PEM_LIB_ERR_ID = 0x6000, ++ X509_LIB_ERR_ID = 0x7000, ++ ASN1_LIB_ERR_ID = 0x8000, ++ CRYPTO_LIB_ERR_ID = 0x9000, ++ EC_LIB_ERR_ID = 0xa000, ++ PKCS7_LIB_ERR_ID = 0xb000, ++ OTHER_LIB_ERR_ID = 0xc000, ++}; ++ ++#endif +diff --git a/include/TA/huawei_ext/tee_crypto_hal.h b/include/TA/huawei_ext/tee_crypto_hal.h +index 7444618..bfc0be5 100755 +--- a/include/TA/huawei_ext/tee_crypto_hal.h ++++ b/include/TA/huawei_ext/tee_crypto_hal.h +@@ -1,6 +1,6 @@ + /* + * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,17 +8,18 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: crypto hal info function + */ + + #ifndef TEE_CRYPTO_HAL_H + #define TEE_CRYPTO_HAL_H + #include "tee_crypto_api.h" + enum CRYPTO_ENGINE { +- DX_CRYPTO, +- EPS_CRYPTO, +- SOFT_CRYPTO, +- SEC_CRYPTO, +- CRYPTO_ENGINE_MAX, ++ DX_CRYPTO = 0, ++ EPS_CRYPTO = 1, ++ SOFT_CRYPTO = 2, ++ SEC_CRYPTO = 3, ++ CRYPTO_ENGINE_MAX = 1024, + }; + + /* +@@ -42,4 +43,5 @@ TEE_Result TEE_SetCryptoFlag(TEE_OperationHandle operation, uint32_t crypto); + * @retval TEE_ERROR_BAD_PARAMETERS: Operation is NULLi or crypto is invalid + */ + TEE_Result TEE_SetObjectFlag(TEE_ObjectHandle object, uint32_t crypto); ++ + #endif +diff --git a/include/TA/huawei_ext/tee_err.h b/include/TA/huawei_ext/tee_err.h +new file mode 100644 +index 0000000..4b2b17c +--- /dev/null ++++ b/include/TA/huawei_ext/tee_err.h +@@ -0,0 +1,31 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: Reference of TEE error definitions ++ */ ++ ++#ifndef TEE_ERROR_H ++#define TEE_ERROR_H ++ ++#include ++ ++/* ++ * notes: all extension tee error rule is TEE_EXT_ERROR_BASE | xx_MODULE_ERR_ID | base_error_value, ++ * For example, the crypto module extension error codes are prefixed with 0x8002. ++ */ ++#define TEE_EXT_ERROR_BASE 0x80000000 ++ ++enum ext_error_module { ++ OTRP_MODULE_ERR_ID = 0x000000, ++ SSA_MODULE_ERR_ID = 0x010000, ++ CRYPTO_MODULE_ERR_ID = 0x020000, ++}; ++ ++#endif +diff --git a/include/TA/huawei_ext/tee_ext_api.h b/include/TA/huawei_ext/tee_ext_api.h +index d74c749..309abe3 100644 +--- a/include/TA/huawei_ext/tee_ext_api.h ++++ b/include/TA/huawei_ext/tee_ext_api.h +@@ -1,6 +1,6 @@ + /* + * Copyright (c) Huawei Technologies Co., Ltd. 2012-2019. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,13 +8,14 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: Tee ext api header file + */ + + #ifndef TEE_EXT_API_H + #define TEE_EXT_API_H + + #include "tee_defines.h" +-#include "tee_core_api.h" ++#include "tee_hw_ext_api_legacy.h" + + #ifdef __cplusplus + #if __cplusplus +@@ -35,14 +36,18 @@ extern "C" { + #define TEE_GET_REEINFO_SUCCESS 0 + #define TEE_GET_REEINFO_FAILED 1 + ++#define TEE_SMC_FROM_USR 0 ++#define TEE_SMC_FROM_KERNEL 1 ++ + #define RESERVED_BUF_SIZE 32 +-typedef struct __caller_info { ++typedef struct ta_caller_info { + uint32_t session_type; + union { + TEE_UUID caller_uuid; + uint8_t ca_info[RESERVED_BUF_SIZE]; + } caller_identity; +- uint8_t reserved[RESERVED_BUF_SIZE]; ++ uint8_t smc_from_kernel_mode; ++ uint8_t reserved[RESERVED_BUF_SIZE - 1]; + } caller_info; + + /* +@@ -54,7 +59,7 @@ typedef struct __caller_info { + * return TEE_SUCCESS operation success + * return others failed to get caller info + */ +-TEE_Result TEE_EXT_GetCallerInfo(caller_info *caller_info_data, uint32_t length); ++TEE_Result tee_ext_get_caller_info(caller_info *caller_info_data, uint32_t length); + + /* + * verify TA's caller's identify +@@ -70,6 +75,32 @@ TEE_Result TEE_EXT_GetCallerInfo(caller_info *caller_info_data, uint32_t length) + */ + TEE_Result addcaller_ca_exec(const char *ca_name, const char *user_name); + ++/* ++ * verify TA's caller's identify ++ * TA can call this API to add caller's info, ++ * which is allowed to call this TA. ++ * this API is for CA in form of JAR or binary-excuteble file. ++ * ++ * @param ca_name [IN] CA caller's process name ++ * @param user_name [IN] CA caller's username ++ * ++ * return TEE_SUCCESS operation ++ * return others failed to add caller info for target CA ++ */ ++ ++TEE_Result AddCaller_CA_user(const char *ca_name, const char *user_name); ++ ++/* ++ * TA can call this API to add caller's info, ++ * which is allowed to call this CA. ++ * this API is for CA in form of native ca and APK. ++ * ++ * @param cainfo_hash [IN] CA callerinfo's sha256 value ++ * ++ * return TEE_SUCCESS operation ++ */ ++TEE_Result AddCaller_CA(const uint8_t *cainfo_hash, uint32_t length); ++ + /* + * TA call this API allow others TA open session with itself + * +@@ -86,8 +117,32 @@ TEE_Result AddCaller_TA_all(void); + * + * @return session type of current session + */ +-uint32_t TEE_GetSessionType(void); ++uint32_t tee_get_session_type(void); + ++/* ++ * Check CA params during CA Authentication ++ * ++ * @param param_types [IN] CA caller's param types ++ * @param params[TEE_PARAMS_NUM] [IN] CA caller's params ++ * ++ * return TEE_SUCCESS ++ */ ++TEE_Result TEE_EXT_CheckClientPerm(uint32_t param_types, const TEE_Param params[TEE_PARAMS_NUM]); ++ ++/* ++ * derive key from platform key ++ * ++ * @param object [IN/OUT] input data in ObjectInfo->keytype, output keys in Attributes. ++ * @param keySize [IN] key size in bits, it desides the ecc curve type too. ++ * @param params [IN] unused ++ * @param paramCount [IN] unused ++ * @param exinfo [IN] user info as derive slat. ++ * @param exinfo_size [IN] size of user info, Max is 64bytes, must bigger than 0. ++ * ++ * @return TEE_SUCCESS means success, others means failed. ++ */ ++TEE_Result tee_ext_derive_ta_platfrom_keys(TEE_ObjectHandle object, uint32_t key_size, const TEE_Attribute *params, ++ uint32_t param_count, const uint8_t *exinfo, uint32_t exinfo_size); + #ifdef __cplusplus + #if __cplusplus + } +diff --git a/include/TA/huawei_ext/tee_hw_ext_api_legacy.h b/include/TA/huawei_ext/tee_hw_ext_api_legacy.h +new file mode 100644 +index 0000000..34e480a +--- /dev/null ++++ b/include/TA/huawei_ext/tee_hw_ext_api_legacy.h +@@ -0,0 +1,293 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: Functions in this header file are deprecated. Do not use ++ */ ++ ++#ifndef __TEE_HW_EXT_API_LEGACY_H__ ++#define __TEE_HW_EXT_API_LEGACY_H__ ++ ++#include "tee_defines.h" ++#include "tee_crypto_api.h" ++ ++/* ++ * ta version anti rollback api ++ * ++ * @param ta_version [IN] version to be checked ++ * ++ * @return TEE_SUCCESS check result is OK ++ * @return others check ta version failed ++ */ ++TEE_Result TEE_EXT_TA_version_check(uint32_t ta_version); ++ ++/* ++ * check wheather target TA(uuid) has permission to invoke target command ++ * this feature is only supported by TA with certificate ++ * ++ * @param [IN] uuid of caller TA ++ * @param [IN] cmd id of request ++ * ++ * @return TEE_SUCCESS target TA has the permission to invoke target command ++ * @return TEE_ERROR_ACCESS_DENIED target TA don't has permission to invoke target command ++ */ ++TEE_Result TEE_EXT_CheckInvokePermission(const TEE_UUID *uuid, uint32_t cmd); ++ ++/* ++ * get sharemem of verify boot information ++ * ++ * @param buffer [OUT] the address to save verify boot info ++ * @param size [IN] length of buffer ++ * ++ * @return 0 means success, others means failed ++ */ ++TEE_Result TEE_EXT_GetVerifyBootInfo(char *buffer, uint32_t size); ++ ++/* ++ * derive key from device rootkey and UUID of the current task ++ * ++ * @param salt [IN] data for salt ++ * @param size [IN] salt length ++ * @param key [OUT] pointer where key is saved ++ * @param key_size [IN] key_size must be integer times of 16 ++ * ++ * @return TEE_SUCCESS OK ++ * @return TEE_ERROR_BAD_PARAMETERS illegal parameters ++ * @return TEE_ERROR_GENERIC internal error ++ */ ++TEE_Result TEE_EXT_DeriveTARootKey(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t key_size); ++ ++/* ++ * get rot key for multiple platforms ++ * ++ * @param enc_key [IN] encrypted rot key or NULL ++ * @param en_key_size [IN] encrypted rot key buff len or zero ++ * @param key [OUT]rot key buff pointer ++ * @param key_size [IN/OUT] rot key buffer length ++ * ++ * @return 0 get rot key success ++ * @return -1 get rot key failed ++ */ ++int32_t TEE_EXT_GetRoT(const uint8_t *enc_key, uint32_t en_key_size, uint8_t *key, uint32_t *key_size); ++ ++/* ++ * get device unique id in TEE ++ * ++ * @param device_unique_id [OUT] buffer to store the result ++ * @param length [IN/OUT] buffer length of device ID ++ * ++ * return TEE_SUCCESS operation success ++ * return others operation failed ++ */ ++TEE_Result TEE_EXT_GetDeviceUniqueId(uint8_t *device_unique_id, uint32_t *length); ++ ++TEE_Result TEE_EXT_GetSeCapability(const TEE_UUID *uuid, uint64_t *result); ++ ++/* ++ * @ingroup TEE_EXT_API ++ * @brief get shared memory infomation of SecFlash ++ * ++ * @param buffer [OUT] the address to save SecFlash shared memory info ++ * @param length [IN] length of buffer ++ * ++ * @retval NA ++ */ ++TEE_Result TEE_EXT_GetSecFlashShareMem(char *buffer, uint32_t size); ++ ++/* ++ * @ingroup share memory ++ * @brief get sharemem of verify boot information ++ * ++ * @par ++ * @param buffer [OUT] the address to save verify boot info ++ * @param size [IN] length of buffer ++ * ++ * @retval NA ++ * ++ * @par dependence: ++ * @li tee_ext_api.h ++ * @see ++ * @since V100R008C00 ++ */ ++TEE_Result TEE_EXT_GetTrustBootImgInfo(char *buffer, uint32_t size); ++ ++/* ++ * @ingroup derive key for keymaster ++ * @brief using root key to derive key for keymaster ++ * ++ * @par ++ * @param buffer [IN] input secret ++ * @param size [IN] input secret size ++ * @param buffer [OUT] derived key ++ * @param size [OUT] derived key size ++ * ++ * @retval NA ++ * ++ * @par dependence: ++ * @li tee_ext_api.h ++ * @see ++ * @since V100R007C00 ++ */ ++TEE_Result TEE_EXT_ROOT_DeriveKey2(const uint8_t *secret, uint32_t secret_len, uint8_t *key, uint32_t key_len); ++ ++/* ++ * @ingroup ROOT_UuidDeriveKey ++ * @brief derive key from device rootkey and UUID of the current task ++ * ++ * @attention ++ * @param salt [IN] data for salt ++ * @param size [IN] salt length ++ * @param key_size [OUT] size of generated key, fix-size 32 bytes ++ * @param key [OUT] pointer where key is saved ++ * ++ * @retval #TEE_SUCCESS OK ++ * @retval #TEE_ERROR_BAD_PARAMETERS illegal parameters ++ * @retval #TEE_ERROR_GENERIC internal error ++ * ++ * @par dependence: ++ * @li tee_ext_api.h ++ * @see ++ * @since V100R007C00 ++ */ ++TEE_Result TEE_EXT_ROOT_UuidDeriveKey(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t *key_size); ++ ++/* ++ * @ingroup crypto ++ * @brief AES encryption and decryption integration mode. ++ * ++ * @attention: Now this api only support algorithm: AES_CBC_NOPAD/ AES_ECB_PKCS5, ++ * and input key can derive by root key. ++ * @param db [IN] Whether to derive the key with the input key and root key. ++ * @param iv [IN] input iv ++ * @param mode [IN] 0:encrypt; 1:decrypt ++ * @param alg [IN] AES algorithm: TEE_CRYPTO_ALGORITHM_ID ++ * @param key [IN] input key ++ * @param key_len [IN] input key len ++ * @param cyp_src [IN] input data ++ * @param dst [OUT] ouput data ++ * @param src_len [IN] input data len ++ * @param dst_len [OUT] ouput data len ++ * ++ * @retval #TEE_SUCCESS success ++ * @retval #TEE_ERROR_BAD_PARAMETERS illegal parameters ++ * @retval #TEE_ERROR_OUT_OF_MEMORY alloc memory fail ++ * ++ * @par dependence: ++ * @li crypto ++ * @li tee_ext_api.h ++ * @see TEE_CipherInit | TEE_CipherUpdate | TEE_CipherDoFinal ++ * @since V100R005C00 ++ */ ++TEE_Result TEE_EXT_AES_CRYPTO(bool db, const uint8_t *iv, bool mode, uint32_t alg, const uint8_t *key, uint32_t key_len, ++ const uint8_t *cyp_src, uint8_t *dst, uint32_t src_len, uint32_t *dst_len); ++ ++/* ++ * @ingroup crypto ++ * @brief calculate hash. ++ * ++ * @attention ++ * @param algorithm [IN] hash algorithm: like SHA1, SHA256 ++ * @param ptr [IN] input data ++ * @param size [IN] input data length ++ * @param hash_result [OUT] hash result: SHA1 20bytes; SHA256 32bytes ++ * ++ * @retval #TEE_SUCCESS success ++ * @retval #TEE_ERROR_BAD_PARAMETERS illegal parameters ++ * @retval #TEE_ERROR_GENERIC error ++ * ++ * @par dependence: ++ * @li crypto ++ * @li tee_ext_api.h ++ * @since V100R005C00 ++ */ ++TEE_Result TEE_EXT_HASH(tee_crypto_algorithm_id algorithm, const uint8_t *ptr, uint32_t size, uint8_t *hash_result); ++ ++/* ++ * @ingroup TEE_HWI_IPC_MESSAGE ++ * @brief Wait for registered messages from IRQs ++ * ++ * @param hwi [IN] IRQ number to register ++ */ ++TEE_Result TEE_EXT_HwiMsgRegister(uint32_t hwi); ++ ++/* ++ * @ingroup TEE_HWI_IPC_MESSAGE ++ * @brief Unregister to receive message for HWI number ++ * ++ * @param hwi [IN] IRQ number to unregister for ++ */ ++TEE_Result TEE_EXT_HwiMsgDeregister(uint32_t hwi); ++ ++/* ++ * @ingroup TEE_HWI_IPC_MESSAGE ++ * @brief Wait for registered messages from IRQs ++ * ++ * @param NULL ++ * ++ * @retval received message id ++ */ ++uint32_t TEE_EXT_HwiMsgWait(void); ++ ++/* ++ * @ingroup TEE_HW_EXT_API ++ * @brief check wheather device rooted 1:rooted, 0:unrooted ++ * ++ * @param NULL ++ * ++ * @retval true means device is rooted ++ */ ++bool TEE_EXT_IsDeviceRooted(void); ++ ++#ifdef __cplusplus ++#if __cplusplus ++extern "C" { ++#endif /* __cpluscplus */ ++#endif /* __cpluscplus */ ++ ++struct ta_caller_info; ++ ++/* ++ * Get caller info of current session, refer caller_info struct for more details ++ * ++ * @param caller_info_data [OUT] caller info to be returned ++ * @param length [IN] sizeof struct caller_info ++ * ++ * return TEE_SUCCESS operation success ++ * return others failed to get caller info ++ */ ++TEE_Result TEE_EXT_GetCallerInfo(struct ta_caller_info *caller_info_data, uint32_t length); ++ ++/* ++ * get cruurent session type ++ * ++ * @return session type of current session ++ */ ++uint32_t TEE_GetSessionType(void); ++ ++/* ++ * derive key from platform key ++ * ++ * @param object [IN/OUT] input data in ObjectInfo->keytype, output keys in Attributes. ++ * @param keySize [IN] key size in bits, it desides the ecc curve type too. ++ * @param params [IN] unused ++ * @param paramCount [IN] unused ++ * @param exinfo [IN] user info as derive slat. ++ * @param exinfo_size [IN] size of user info, Max is 64bytes, must bigger than 0. ++ * ++ * @return TEE_SUCCESS means success, others means failed. ++ */ ++TEE_Result TEE_EXT_DeriveTAPlatfromKeys(TEE_ObjectHandle object, uint32_t key_size, const TEE_Attribute *params, ++ uint32_t param_count, const uint8_t *exinfo, uint32_t exinfo_size); ++#ifdef __cplusplus ++#if __cplusplus ++} ++#endif /* __cpluscplus */ ++#endif /* __cpluscplus */ ++ ++#endif +diff --git a/include/TA/huawei_ext/tee_log.h b/include/TA/huawei_ext/tee_log.h +index dc213da..37317ca 100644 +--- a/include/TA/huawei_ext/tee_log.h ++++ b/include/TA/huawei_ext/tee_log.h +@@ -1,6 +1,6 @@ + /* + * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,21 +8,26 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: Reference of TEE log api and internal definitions + */ + + #ifndef __TEE_LOG_H + #define __TEE_LOG_H + + #include "tee_defines.h" ++#include "tee_log_legacy.h" + +-#define DEBUG_TAG "[debug]" +-#define INFO_TAG "[info]" +-#define WARNING_TAG "[warning]" +-#define ERROR_TAG "[error]" ++#define TA_LOG_LEVEL_ERROR 0 ++#define TA_LOG_LEVEL_WARNING 1 ++#define TA_LOG_LEVEL_INFO 2 ++#define TA_LOG_LEVEL_DEBUG 3 ++#define TA_LOG_LEVEL_VERBO 4 + +-#define LEVEL_DEBUG 2 +-#define LEVEL_WARNING 1 +-#define LEVEL_ERROR 0 ++#define TA_LOG_LEVEL_DEFAULT TA_LOG_LEVEL_INFO ++// TA_LOG_LEVEL can be redefined by TA developers ++#ifndef TA_LOG_LEVEL ++#define TA_LOG_LEVEL TA_LOG_LEVEL_DEFAULT ++#endif + + #define TAG_VERB "[verb]" + #define TAG_DEBUG "[debug]" +@@ -30,6 +35,10 @@ + #define TAG_WARN "[warn]" + #define TAG_ERROR "[error]" + ++#define DEBUG_TAG "[debug]" ++#define INFO_TAG "[info]" ++#define WARNING_TAG "[warning]" ++#define ERROR_TAG "[error]" + typedef enum { + LOG_LEVEL_ERROR = 0, + LOG_LEVEL_WARN = 1, +@@ -46,84 +55,138 @@ void tee_print(LOG_LEVEL log_level, const char *fmt, ...); + void tee_print_driver(LOG_LEVEL log_level, const char *log_tag, const char *fmt, ...); + extern const char *g_debug_prefix; + +-#define TEE_LogPrintf(fmt, args...) SLog(fmt, ##args) +-#ifdef LOG_ON ++/* tlogv */ ++#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO) + #ifdef DRIVER_LOG_TAG + #define tlogv(fmt, args...) \ + tee_print_driver(LOG_LEVEL_VERBO, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_VERB, __LINE__, ##args) +-#define tlogd(fmt, args...) \ +- tee_print_driver(LOG_LEVEL_DEBUG, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args) +-#define tlogi(fmt, args...) \ +- tee_print_driver(LOG_LEVEL_INFO, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args) +-#define tlogw(fmt, args...) \ +- tee_print_driver(LOG_LEVEL_WARN, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args) + #else + #define tlogv(fmt, args...) tee_print(LOG_LEVEL_VERBO, "%s %d:" fmt "", TAG_VERB, __LINE__, ##args) +-#define tlogd(fmt, args...) tee_print(LOG_LEVEL_DEBUG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args) +-#define tlogi(fmt, args...) tee_print(LOG_LEVEL_INFO, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args) +-#define tlogw(fmt, args...) tee_print(LOG_LEVEL_WARN, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args) +-#endif ++#endif /* DRIVER_LOG_TAG */ + #else + #define tlogv(fmt, args...) \ + do { \ + } while (0) ++#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO */ ++ ++/* tlogd */ ++#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG) ++#ifdef DRIVER_LOG_TAG ++#define tlogd(fmt, args...) \ ++ tee_print_driver(LOG_LEVEL_DEBUG, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args) ++#else ++#define tlogd(fmt, args...) tee_print(LOG_LEVEL_DEBUG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args) ++#endif /* DRIVER_LOG_TAG */ ++#else + #define tlogd(fmt, args...) \ + do { \ + } while (0) ++#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG */ ++ ++/* tlogi */ ++#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO) ++#ifdef DRIVER_LOG_TAG ++#define tlogi(fmt, args...) \ ++ tee_print_driver(LOG_LEVEL_INFO, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args) ++#else ++#define tlogi(fmt, args...) tee_print(LOG_LEVEL_INFO, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args) ++#endif /* DRIVER_LOG_TAG */ ++#else + #define tlogi(fmt, args...) \ + do { \ + } while (0) ++#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO */ ++ ++/* tlogw */ ++#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING) ++#ifdef DRIVER_LOG_TAG ++#define tlogw(fmt, args...) \ ++ tee_print_driver(LOG_LEVEL_WARN, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args) ++#else ++#define tlogw(fmt, args...) tee_print(LOG_LEVEL_WARN, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args) ++#endif /* DRIVER_LOG_TAG */ ++#else + #define tlogw(fmt, args...) \ + do { \ + } while (0) +-#endif /* ENG_VERSION */ ++#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING */ + ++/* tloge */ ++#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR) // Always meet this condition + #ifndef TLOGE_NO_TIMESTAMP + #ifdef DRIVER_LOG_TAG + #define tloge(fmt, args...) \ + tee_print_driver(LOG_LEVEL_ERROR, DRIVER_LOG_TAG, "%s %d:" fmt " ", TAG_ERROR, __LINE__, ##args) + #else + #define tloge(fmt, args...) tee_print(LOG_LEVEL_ERROR, "%s %d:" fmt " ", TAG_ERROR, __LINE__, ##args) +-#endif ++#endif /* DRIVER_LOG_TAG */ + #else + #define tloge(fmt, args...) printf("[%s] %s %d:" fmt " ", g_debug_prefix, TAG_ERROR, __LINE__, ##args) +-#endif ++#endif /* TLOGE_NO_TIMESTAMP */ ++#else ++#define tloge(fmt, args...) \ ++ do { \ ++ } while (0) ++#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR */ + + void ta_print(LOG_LEVEL log_level, const char *fmt, ...); + +-#ifdef LOG_ON ++/* ta_logv */ ++#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO) + #define ta_logv(fmt, args...) ta_print(LOG_LEVEL_VERBO, "%s %d: " fmt "\n", TAG_VERB, __LINE__, ##args) +-#define ta_logd(fmt, args...) ta_print(LOG_LEVEL_DEBUG, "%s %d: " fmt "\n", TAG_DEBUG, __LINE__, ##args) +-#define ta_logi(fmt, args...) ta_print(LOG_LEVEL_INFO, "%s %d: " fmt "\n", TAG_INFO, __LINE__, ##args) +-#define ta_logw(fmt, args...) ta_print(LOG_LEVEL_WARN, "%s %d: " fmt "\n", TAG_WARN, __LINE__, ##args) + #else + #define ta_logv(fmt, args...) \ + do { \ + } while (0) ++#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO */ ++ ++/* ta_logd */ ++#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG) ++#define ta_logd(fmt, args...) ta_print(LOG_LEVEL_DEBUG, "%s %d: " fmt "\n", TAG_DEBUG, __LINE__, ##args) ++#else + #define ta_logd(fmt, args...) \ + do { \ + } while (0) ++#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG */ ++ ++/* ta_logi */ ++#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO) ++#define ta_logi(fmt, args...) ta_print(LOG_LEVEL_INFO, "%s %d: " fmt "\n", TAG_INFO, __LINE__, ##args) ++#else + #define ta_logi(fmt, args...) \ + do { \ + } while (0) ++#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO */ ++ ++/* ta_logw */ ++#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING) ++#define ta_logw(fmt, args...) ta_print(LOG_LEVEL_WARN, "%s %d: " fmt "\n", TAG_WARN, __LINE__, ##args) ++#else + #define ta_logw(fmt, args...) \ + do { \ + } while (0) +-#endif ++#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING */ ++ ++/* ta_loge */ ++#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR) // Always meet this condition + #define ta_loge(fmt, args...) ta_print(LOG_LEVEL_ERROR, "%s %d: " fmt "\n", TAG_ERROR, __LINE__, ##args) ++#else ++#define ta_loge(fmt, args...) \ ++ do { \ ++ } while (0) ++#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR */ + +-/* in debug version users can dynamically modify the loglevel ,in release version, users have to modify the level by +- * compile */ ++/* ++in debug version, users can dynamically modify the loglevel, ++in release version, users have to modify the level by compile ++*/ + #ifndef DEBUG_VERSION +- + #ifdef TA_DEBUG + #define ta_debug(fmt, args...) uart_printf_func("%s %s: " fmt "", DEBUG_TAG, __FUNCTION__, ##args) + #else + #define ta_debug(fmt, args...) +-#endif +- ++#endif /* TA_DEBUG */ + #else +- + #define ta_debug(fmt, args...) \ + do { \ + uint32_t level; \ +@@ -142,67 +205,61 @@ void ta_print(LOG_LEVEL log_level, const char *fmt, ...); + } \ + } while (0) + +-#endif ++#endif /* DEBUG_VERSION */ + + #define ta_info(fmt, args...) uart_printf_func("%s: " fmt "", INFO_TAG, ##args) + #define ta_error(fmt, args...) uart_printf_func("%s: " fmt " ", ERROR_TAG, ##args) +-#define TA_LOG +-#ifdef TA_LOG + ++/* Log level for SLogx */ + #define TRACE_S "[Trace]" + #define WARNING_S "[Warning]" + #define ERROR_S "[Error]" + +-/* +- * Print trace level's log. +- * +- * @param fmt [IN] assert condition. +- * @param args [IN] params for format config. +- * +- * @return void +- */ +-#define SLogTrace(fmt, args...) SLog("%s: " fmt "\n", TRACE_S, ##args) ++#define TA_SLOG_LEVEL_ERROR 0 ++#define TA_SLOG_LEVEL_WARNING 1 ++#define TA_SLOG_LEVEL_TRACE 2 + +-/* +- * Print warning level's log. +- * +- * @param fmt [IN] assert condition. +- * @param args [IN] params for format config. +- * +- * @return void +- */ +-#define SLogWarning(fmt, args...) SLog("%s: " fmt "\n", WARNING_S, ##args) ++#define TA_SLOG_LEVEL_DEFAULT TA_SLOG_LEVEL_WARNING ++// TA_SLOG_LEVEL can be redefined by TA developers ++#ifndef TA_SLOG_LEVEL ++#define TA_SLOG_LEVEL TA_SLOG_LEVEL_DEFAULT ++#endif + +-/* +- * Print error level's log. +- * +- * @param fmt [IN] assert condition. +- * @param args [IN] params for format config. +- * +- * @return void +- */ +-#define SLogError(fmt, args...) SLog("%s: " fmt "\n", ERROR_S, ##args) ++/* SLogTrace */ ++#if (TA_SLOG_LEVEL >= TA_SLOG_LEVEL_TRACE) ++#define SLogTrace(fmt, args...) tee_print(LOG_LEVEL_DEBUG, "%s: " fmt "\n", TRACE_S, ##args) ++#else ++#define SLogTrace(fmt, args...) \ ++ do { \ ++ } while (0) ++#endif + +-/* +- * Assert api for tee log, note: should call Panic to deal, here just return +- * +- * @param exp [IN] Printf log's format config style. +- * +- * @return void +- */ ++/* SLogWarning */ ++#if (TA_SLOG_LEVEL >= TA_SLOG_LEVEL_WARNING) ++#define SLogWarning(fmt, args...) tee_print(LOG_LEVEL_WARN, "%s: " fmt "\n", WARNING_S, ##args) ++#else ++#define SLogWarning(fmt, args...) \ ++ do { \ ++ } while (0) ++#endif ++ ++/* SLogError */ ++#if (TA_SLOG_LEVEL >= TA_SLOG_LEVEL_ERROR) ++#define SLogError(fmt, args...) tee_print(LOG_LEVEL_ERROR, "%s: " fmt "\n", ERROR_S, ##args) ++#else ++#define SLogError(fmt, args...) \ ++ do { \ ++ } while (0) ++#endif ++ ++/* SAssert, Assert api for tee log, note: should call Panic to deal, here just return */ + #define SAssert(exp) \ + do { \ + if (!(exp)) { \ +- SLog("Assertion [ %s ] Failed: File %s, Line %d\n", #exp, "__FILE__", __LINE__); \ ++ tee_print(LOG_LEVEL_ERROR, "Assertion [%s] Failed: File %s, Line %d\n", #exp, __FILE__, __LINE__); \ + return 0xFFFF0001; \ + } \ + } while (0); +-#else +-#define SLogTrace(fmt, args...) ((void)0) +-#define SLogWarning(fmt, args...) ((void)0) +-#define SLogError(fmt, args...) ((void)0) +-#define SAssert(exp) ((void)0) +-#endif + + /* + * Output log to tee log file. +@@ -211,6 +268,7 @@ void ta_print(LOG_LEVEL log_level, const char *fmt, ...); + * + * @return void + */ +-void SLog(const char *fmt, ...); ++void slog(const char *fmt, ...); + uint32_t get_value(void); +-#endif ++#define TEE_LogPrintf(fmt, args...) slog(fmt, ##args) ++#endif /* __TEE_LOG_H */ +diff --git a/include/TA/huawei_ext/tee_log_legacy.h b/include/TA/huawei_ext/tee_log_legacy.h +new file mode 100644 +index 0000000..ffedcdc +--- /dev/null ++++ b/include/TA/huawei_ext/tee_log_legacy.h +@@ -0,0 +1,18 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: Reference of TEE log api and internal definitions ++ */ ++ ++#ifndef __TEE_LOG_LEGACY_H__ ++#define __TEE_LOG_LEGACY_H__ ++ ++void SLog(const char *fmt, ...); ++#endif /* __TEE_LOG_LEGACY_H__ */ +diff --git a/include/TA/huawei_ext/tee_openssl_err.h b/include/TA/huawei_ext/tee_openssl_err.h +new file mode 100644 +index 0000000..a9245a3 +--- /dev/null ++++ b/include/TA/huawei_ext/tee_openssl_err.h +@@ -0,0 +1,500 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: tee crypto err definitions ++ */ ++ ++#ifndef TEE_OPENSSL_ERR_H ++#define TEE_OPENSSL_ERR_H ++ ++/* ++ * define openssl lib reasons err code: ++ * Delete the prefix TEE_ERR_, which is the error code name in the open-source library. ++ */ ++/* for common lib err */ ++#define TEE_ERR_R_MALLOC_FAILURE 0x80022041 ++#define TEE_ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED 0x80022042 ++#define TEE_ERR_R_PASSED_NULL_PARAMETER 0x80022043 ++#define TEE_ERR_R_INTERNAL_ERROR 0x80022044 ++#define TEE_ERR_R_DISABLED 0x80022045 ++#define TEE_ERR_R_INIT_FAIL 0x80022046 ++#define TEE_ERR_R_PASSED_INVALID_ARGUMENT 0x80022007 ++#define TEE_ERR_R_OPERATION_FAIL 0x80022048 ++ ++/* for bn lib err */ ++#define TEE_ERR_BN_R_ARG2_LT_ARG3 0x80023064 ++#define TEE_ERR_BN_R_BAD_RECIPROCAL 0x80023065 ++#define TEE_ERR_BN_R_BIGNUM_TOO_LONG 0x80023072 ++#define TEE_ERR_BN_R_BITS_TOO_SMALL 0x80023076 ++#define TEE_ERR_BN_R_CALLED_WITH_EVEN_MODULUS 0x80023066 ++#define TEE_ERR_BN_R_DIV_BY_ZERO 0x80023067 ++#define TEE_ERR_BN_R_ENCODING_ERROR 0x80023068 ++#define TEE_ERR_BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 0x80023069 ++#define TEE_ERR_BN_R_INPUT_NOT_REDUCED 0x8002306e ++#define TEE_ERR_BN_R_INVALID_LENGTH 0x8002306a ++#define TEE_ERR_BN_R_INVALID_RANGE 0x80023073 ++#define TEE_ERR_BN_R_INVALID_SHIFT 0x80023077 ++#define TEE_ERR_BN_R_NOT_A_SQUARE 0x8002306f ++#define TEE_ERR_BN_R_NOT_INITIALIZED 0x8002306b ++#define TEE_ERR_BN_R_NO_INVERSE 0x8002306c ++#define TEE_ERR_BN_R_NO_SOLUTION 0x80023074 ++#define TEE_ERR_BN_R_PRIVATE_KEY_TOO_LARGE 0x80023075 ++#define TEE_ERR_BN_R_P_IS_NOT_PRIME 0x80023070 ++#define TEE_ERR_BN_R_TOO_MANY_ITERATIONS 0x80023071 ++#define TEE_ERR_BN_R_TOO_MANY_TEMPORARY_VARIABLES 0x8002306d ++ ++/* for rsa lib err */ ++#define TEE_ERR_RSA_R_ALGORITHM_MISMATCH 0x80024064 ++#define TEE_ERR_RSA_R_BAD_E_VALUE 0x80024065 ++#define TEE_ERR_RSA_R_BAD_FIXED_HEADER_DECRYPT 0x80024066 ++#define TEE_ERR_RSA_R_BAD_PAD_BYTE_COUNT 0x80024067 ++#define TEE_ERR_RSA_R_BAD_SIGNATURE 0x80024068 ++#define TEE_ERR_RSA_R_BLOCK_TYPE_IS_NOT_01 0x8002406a ++#define TEE_ERR_RSA_R_BLOCK_TYPE_IS_NOT_02 0x8002406b ++#define TEE_ERR_RSA_R_DATA_GREATER_THAN_MOD_LEN 0x8002406c ++#define TEE_ERR_RSA_R_DATA_TOO_LARGE 0x8002406d ++#define TEE_ERR_RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 0x8002406e ++#define TEE_ERR_RSA_R_DATA_TOO_LARGE_FOR_MODULUS 0x80024084 ++#define TEE_ERR_RSA_R_DATA_TOO_SMALL 0x8002406f ++#define TEE_ERR_RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 0x8002407a ++#define TEE_ERR_RSA_R_DIGEST_DOES_NOT_MATCH 0x8002409e ++#define TEE_ERR_RSA_R_DIGEST_NOT_ALLOWED 0x80024091 ++#define TEE_ERR_RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 0x80024070 ++#define TEE_ERR_RSA_R_DMP1_NOT_CONGRUENT_TO_D 0x8002407c ++#define TEE_ERR_RSA_R_DMQ1_NOT_CONGRUENT_TO_D 0x8002407d ++#define TEE_ERR_RSA_R_D_E_NOT_CONGRUENT_TO_1 0x8002407b ++#define TEE_ERR_RSA_R_FIRST_OCTET_INVALID 0x80024085 ++#define TEE_ERR_RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 0x80024090 ++#define TEE_ERR_RSA_R_INVALID_DIGEST 0x8002409d ++#define TEE_ERR_RSA_R_INVALID_DIGEST_LENGTH 0x8002408f ++#define TEE_ERR_RSA_R_INVALID_HEADER 0x80024089 ++#define TEE_ERR_RSA_R_INVALID_LABEL 0x800240a0 ++#define TEE_ERR_RSA_R_INVALID_MESSAGE_LENGTH 0x80024083 ++#define TEE_ERR_RSA_R_INVALID_MGF1_MD 0x8002409c ++#define TEE_ERR_RSA_R_INVALID_MULTI_PRIME_KEY 0x800240a7 ++#define TEE_ERR_RSA_R_INVALID_OAEP_PARAMETERS 0x800240a1 ++#define TEE_ERR_RSA_R_INVALID_PADDING 0x8002408a ++#define TEE_ERR_RSA_R_INVALID_PADDING_MODE 0x8002408d ++#define TEE_ERR_RSA_R_INVALID_PSS_PARAMETERS 0x80024095 ++#define TEE_ERR_RSA_R_INVALID_PSS_SALTLEN 0x80024092 ++#define TEE_ERR_RSA_R_INVALID_SALT_LENGTH 0x80024096 ++#define TEE_ERR_RSA_R_INVALID_TRAILER 0x8002408b ++#define TEE_ERR_RSA_R_INVALID_X931_DIGEST 0x8002408e ++#define TEE_ERR_RSA_R_IQMP_NOT_INVERSE_OF_Q 0x8002407e ++#define TEE_ERR_RSA_R_KEY_PRIME_NUM_INVALID 0x800240a5 ++#define TEE_ERR_RSA_R_KEY_SIZE_TOO_SMALL 0x80024078 ++#define TEE_ERR_RSA_R_LAST_OCTET_INVALID 0x80024086 ++#define TEE_ERR_RSA_R_MISSING_PRIVATE_KEY 0x800240b3 ++#define TEE_ERR_RSA_R_MGF1_DIGEST_NOT_ALLOWED 0x80024098 ++#define TEE_ERR_RSA_R_MODULUS_TOO_LARGE 0x80024069 ++#define TEE_ERR_RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 0x800240a8 ++#define TEE_ERR_RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 0x800240a9 ++#define TEE_ERR_RSA_R_MP_R_NOT_PRIME 0x800240aa ++#define TEE_ERR_RSA_R_NO_PUBLIC_EXPONENT 0x8002408c ++#define TEE_ERR_RSA_R_NULL_BEFORE_BLOCK_MISSING 0x80024071 ++#define TEE_ERR_RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 0x800240ac ++#define TEE_ERR_RSA_R_N_DOES_NOT_EQUAL_P_Q 0x8002407f ++#define TEE_ERR_RSA_R_OAEP_DECODING_ERROR 0x80024079 ++#define TEE_ERR_RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 0x80024094 ++#define TEE_ERR_RSA_R_PADDING_CHECK_FAILED 0x80024072 ++#define TEE_ERR_RSA_R_PKCS_DECODING_ERROR 0x8002409f ++#define TEE_ERR_RSA_R_PSS_SALTLEN_TOO_SMALL 0x800240a4 ++#define TEE_ERR_RSA_R_P_NOT_PRIME 0x80024080 ++#define TEE_ERR_RSA_R_Q_NOT_PRIME 0x80024081 ++#define TEE_ERR_RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 0x80024082 ++#define TEE_ERR_RSA_R_SLEN_CHECK_FAILED 0x80024088 ++#define TEE_ERR_RSA_R_SLEN_RECOVERY_FAILED 0x80024087 ++#define TEE_ERR_RSA_R_SSLV3_ROLLBACK_ATTACK 0x80024073 ++#define TEE_ERR_RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 0x80024074 ++#define TEE_ERR_RSA_R_UNKNOWN_ALGORITHM_TYPE 0x80024075 ++#define TEE_ERR_RSA_R_UNKNOWN_DIGEST 0x800240a6 ++#define TEE_ERR_RSA_R_UNKNOWN_MASK_DIGEST 0x80024097 ++#define TEE_ERR_RSA_R_UNKNOWN_PADDING_TYPE 0x80024076 ++#define TEE_ERR_RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 0x800240a2 ++#define TEE_ERR_RSA_R_UNSUPPORTED_LABEL_SOURCE 0x800240a3 ++#define TEE_ERR_RSA_R_UNSUPPORTED_MASK_ALGORITHM 0x80024099 ++#define TEE_ERR_RSA_R_UNSUPPORTED_MASK_PARAMETER 0x8002409a ++#define TEE_ERR_RSA_R_UNSUPPORTED_SIGNATURE_TYPE 0x8002409b ++#define TEE_ERR_RSA_R_VALUE_MISSING 0x80024093 ++#define TEE_ERR_RSA_R_WRONG_SIGNATURE_LENGTH 0x80024077 ++ ++/* for evp lib err */ ++#define TEE_ERR_EVP_R_AES_KEY_SETUP_FAILED 0x8002508f ++#define TEE_ERR_EVP_R_ARIA_KEY_SETUP_FAILED 0x800250b0 ++#define TEE_ERR_EVP_R_BAD_DECRYPT 0x80025064 ++#define TEE_ERR_EVP_R_BAD_KEY_LENGTH 0x800250c3 ++#define TEE_ERR_EVP_R_BUFFER_TOO_SMALL 0x8002509b ++#define TEE_ERR_EVP_R_CAMELLIA_KEY_SETUP_FAILED 0x8002509d ++#define TEE_ERR_EVP_R_CIPHER_PARAMETER_ERROR 0x8002507a ++#define TEE_ERR_EVP_R_COMMAND_NOT_SUPPORTED 0x80025093 ++#define TEE_ERR_EVP_R_COPY_ERROR 0x800250ad ++#define TEE_ERR_EVP_R_CTRL_NOT_IMPLEMENTED 0x80025084 ++#define TEE_ERR_EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 0x80025085 ++#define TEE_ERR_EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 0x8002508a ++#define TEE_ERR_EVP_R_DECODE_ERROR 0x80025072 ++#define TEE_ERR_EVP_R_DIFFERENT_KEY_TYPES 0x80025065 ++#define TEE_ERR_EVP_R_DIFFERENT_PARAMETERS 0x80025099 ++#define TEE_ERR_EVP_R_ERROR_LOADING_SECTION 0x800250a5 ++#define TEE_ERR_EVP_R_ERROR_SETTING_FIPS_MODE 0x800250a6 ++#define TEE_ERR_EVP_R_EXPECTING_AN_HMAC_KEY 0x800250ae ++#define TEE_ERR_EVP_R_EXPECTING_AN_RSA_KEY 0x8002507f ++#define TEE_ERR_EVP_R_EXPECTING_A_DH_KEY 0x80025080 ++#define TEE_ERR_EVP_R_EXPECTING_A_DSA_KEY 0x80025081 ++#define TEE_ERR_EVP_R_EXPECTING_A_EC_KEY 0x8002508e ++#define TEE_ERR_EVP_R_EXPECTING_A_POLY1305_KEY 0x800250a4 ++#define TEE_ERR_EVP_R_EXPECTING_A_SIPHASH_KEY 0x800250af ++#define TEE_ERR_EVP_R_FIPS_MODE_NOT_SUPPORTED 0x800250a7 ++#define TEE_ERR_EVP_R_GET_RAW_KEY_FAILED 0x800250b6 ++#define TEE_ERR_EVP_R_ILLEGAL_SCRYPT_PARAMETERS 0x800250ab ++#define TEE_ERR_EVP_R_INITIALIZATION_ERROR 0x80025086 ++#define TEE_ERR_EVP_R_INPUT_NOT_INITIALIZED 0x8002506f ++#define TEE_ERR_EVP_R_INVALID_DIGEST 0x80025098 ++#define TEE_ERR_EVP_R_INVALID_FIPS_MODE 0x800250a8 ++#define TEE_ERR_EVP_R_INVALID_IV_LENGTH 0x800250c2 ++#define TEE_ERR_EVP_R_INVALID_KEY 0x800250a3 ++#define TEE_ERR_EVP_R_INVALID_KEY_LENGTH 0x80025082 ++#define TEE_ERR_EVP_R_INVALID_OPERATION 0x80025094 ++#define TEE_ERR_EVP_R_KEYGEN_FAILURE 0x80025078 ++#define TEE_ERR_EVP_R_KEY_SETUP_FAILED 0x800250b4 ++#define TEE_ERR_EVP_R_MEMORY_LIMIT_EXCEEDED 0x800250ac ++#define TEE_ERR_EVP_R_MESSAGE_DIGEST_IS_NULL 0x8002509f ++#define TEE_ERR_EVP_R_METHOD_NOT_SUPPORTED 0x80025090 ++#define TEE_ERR_EVP_R_MISSING_PARAMETERS 0x80025067 ++#define TEE_ERR_EVP_R_NOT_XOF_OR_INVALID_LENGTH 0x800250b2 ++#define TEE_ERR_EVP_R_NO_CIPHER_SET 0x80025083 ++#define TEE_ERR_EVP_R_NO_DEFAULT_DIGEST 0x8002509e ++#define TEE_ERR_EVP_R_NO_DIGEST_SET 0x8002508b ++#define TEE_ERR_EVP_R_NO_KEY_SET 0x8002509a ++#define TEE_ERR_EVP_R_NO_OPERATION_SET 0x80025095 ++#define TEE_ERR_EVP_R_ONLY_ONESHOT_SUPPORTED 0x800250b1 ++#define TEE_ERR_EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 0x80025096 ++#define TEE_ERR_EVP_R_OPERATON_NOT_INITIALIZED 0x80025097 ++#define TEE_ERR_EVP_R_PARTIALLY_OVERLAPPING 0x800250a2 ++#define TEE_ERR_EVP_R_PBKDF2_ERROR 0x800250b5 ++#define TEE_ERR_EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 0x800250b3 ++#define TEE_ERR_EVP_R_PRIVATE_KEY_DECODE_ERROR 0x80025091 ++#define TEE_ERR_EVP_R_PRIVATE_KEY_ENCODE_ERROR 0x80025092 ++#define TEE_ERR_EVP_R_PUBLIC_KEY_NOT_RSA 0x8002506a ++#define TEE_ERR_EVP_R_UNKNOWN_CIPHER 0x800250a0 ++#define TEE_ERR_EVP_R_UNKNOWN_DIGEST 0x800250a1 ++#define TEE_ERR_EVP_R_UNKNOWN_OPTION 0x800250a9 ++#define TEE_ERR_EVP_R_UNKNOWN_PBE_ALGORITHM 0x80025079 ++#define TEE_ERR_EVP_R_UNSUPPORTED_ALGORITHM 0x8002509c ++#define TEE_ERR_EVP_R_UNSUPPORTED_CIPHER 0x8002506b ++#define TEE_ERR_EVP_R_UNSUPPORTED_KEYLENGTH 0x8002507b ++#define TEE_ERR_EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 0x8002507c ++#define TEE_ERR_EVP_R_UNSUPPORTED_KEY_SIZE 0x8002506c ++#define TEE_ERR_EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 0x80025087 ++#define TEE_ERR_EVP_R_UNSUPPORTED_PRF 0x8002507d ++#define TEE_ERR_EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 0x80025076 ++#define TEE_ERR_EVP_R_UNSUPPORTED_SALT_TYPE 0x8002507e ++#define TEE_ERR_EVP_R_WRAP_MODE_NOT_ALLOWED 0x800250aa ++#define TEE_ERR_EVP_R_WRONG_FINAL_BLOCK_LENGTH 0x8002506d ++#define TEE_ERR_EVP_R_XTS_DUPLICATED_KEYS 0x800250b7 ++ ++/* for pem lib err */ ++#define TEE_ERR_PEM_R_BAD_BASE64_DECODE 0x80026064 ++#define TEE_ERR_PEM_R_BAD_DECRYPT 0x80026065 ++#define TEE_ERR_PEM_R_BAD_END_LINE 0x80026066 ++#define TEE_ERR_PEM_R_BAD_IV_CHARS 0x80026067 ++#define TEE_ERR_PEM_R_BAD_MAGIC_NUMBER 0x80026074 ++#define TEE_ERR_PEM_R_BAD_PASSWORD_READ 0x80026068 ++#define TEE_ERR_PEM_R_BAD_VERSION_NUMBER 0x80026075 ++#define TEE_ERR_PEM_R_BIO_WRITE_FAILURE 0x80026076 ++#define TEE_ERR_PEM_R_CIPHER_IS_NULL 0x8002607f ++#define TEE_ERR_PEM_R_ERROR_CONVERTING_PRIVATE_KEY 0x80026073 ++#define TEE_ERR_PEM_R_EXPECTING_PRIVATE_KEY_BLOB 0x80026077 ++#define TEE_ERR_PEM_R_EXPECTING_PUBLIC_KEY_BLOB 0x80026078 ++#define TEE_ERR_PEM_R_HEADER_TOO_LONG 0x80026080 ++#define TEE_ERR_PEM_R_INCONSISTENT_HEADER 0x80026079 ++#define TEE_ERR_PEM_R_KEYBLOB_HEADER_PARSE_ERROR 0x8002607a ++#define TEE_ERR_PEM_R_KEYBLOB_TOO_SHORT 0x8002607b ++#define TEE_ERR_PEM_R_MISSING_DEK_IV 0x80026081 ++#define TEE_ERR_PEM_R_NOT_DEK_INFO 0x80026069 ++#define TEE_ERR_PEM_R_NOT_ENCRYPTED 0x8002606a ++#define TEE_ERR_PEM_R_NOT_PROC_TYPE 0x8002606b ++#define TEE_ERR_PEM_R_NO_START_LINE 0x8002606c ++#define TEE_ERR_PEM_R_PROBLEMS_GETTING_PASSWORD 0x8002606d ++#define TEE_ERR_PEM_R_PVK_DATA_TOO_SHORT 0x8002607c ++#define TEE_ERR_PEM_R_PVK_TOO_SHORT 0x8002607d ++#define TEE_ERR_PEM_R_READ_KEY 0x8002606f ++#define TEE_ERR_PEM_R_SHORT_HEADER 0x80026070 ++#define TEE_ERR_PEM_R_UNEXPECTED_DEK_IV 0x80026082 ++#define TEE_ERR_PEM_R_UNSUPPORTED_CIPHER 0x80026071 ++#define TEE_ERR_PEM_R_UNSUPPORTED_ENCRYPTION 0x80026072 ++#define TEE_ERR_PEM_R_UNSUPPORTED_KEY_COMPONENTS 0x8002607e ++ ++/* for x509 lib err */ ++#define TEE_ERR_X509_R_AKID_MISMATCH 0x8002706e ++#define TEE_ERR_X509_R_BAD_SELECTOR 0x80027085 ++#define TEE_ERR_X509_R_BAD_X509_FILETYPE 0x80027064 ++#define TEE_ERR_X509_R_BASE64_DECODE_ERROR 0x80027076 ++#define TEE_ERR_X509_R_CANT_CHECK_DH_KEY 0x80027072 ++#define TEE_ERR_X509_R_CERT_ALREADY_IN_HASH_TABLE 0x80027065 ++#define TEE_ERR_X509_R_CRL_ALREADY_DELTA 0x8002707f ++#define TEE_ERR_X509_R_CRL_VERIFY_FAILURE 0x80027083 ++#define TEE_ERR_X509_R_IDP_MISMATCH 0x80027080 ++#define TEE_ERR_X509_R_INVALID_ATTRIBUTES 0x8002708a ++#define TEE_ERR_X509_R_INVALID_DIRECTORY 0x80027071 ++#define TEE_ERR_X509_R_INVALID_FIELD_NAME 0x80027077 ++#define TEE_ERR_X509_R_INVALID_TRUST 0x8002707b ++#define TEE_ERR_X509_R_ISSUER_MISMATCH 0x80027081 ++#define TEE_ERR_X509_R_KEY_TYPE_MISMATCH 0x80027073 ++#define TEE_ERR_X509_R_KEY_VALUES_MISMATCH 0x80027074 ++#define TEE_ERR_X509_R_LOADING_CERT_DIR 0x80027067 ++#define TEE_ERR_X509_R_LOADING_DEFAULTS 0x80027068 ++#define TEE_ERR_X509_R_METHOD_NOT_SUPPORTED 0x8002707c ++#define TEE_ERR_X509_R_NAME_TOO_LONG 0x80027086 ++#define TEE_ERR_X509_R_NEWER_CRL_NOT_NEWER 0x80027084 ++#define TEE_ERR_X509_R_NO_CERTIFICATE_FOUND 0x80027087 ++#define TEE_ERR_X509_R_NO_CERTIFICATE_OR_CRL_FOUND 0x80027088 ++#define TEE_ERR_X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 0x80027069 ++#define TEE_ERR_X509_R_NO_CRL_FOUND 0x80027089 ++#define TEE_ERR_X509_R_NO_CRL_NUMBER 0x80027082 ++#define TEE_ERR_X509_R_PUBLIC_KEY_DECODE_ERROR 0x8002707d ++#define TEE_ERR_X509_R_PUBLIC_KEY_ENCODE_ERROR 0x8002707e ++#define TEE_ERR_X509_R_SHOULD_RETRY 0x8002706a ++#define TEE_ERR_X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 0x8002706b ++#define TEE_ERR_X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 0x8002706c ++#define TEE_ERR_X509_R_UNKNOWN_KEY_TYPE 0x80027075 ++#define TEE_ERR_X509_R_UNKNOWN_NID 0x8002706d ++#define TEE_ERR_X509_R_UNKNOWN_PURPOSE_ID 0x80027079 ++#define TEE_ERR_X509_R_UNKNOWN_TRUST_ID 0x80027078 ++#define TEE_ERR_X509_R_UNSUPPORTED_ALGORITHM 0x8002706f ++#define TEE_ERR_X509_R_WRONG_LOOKUP_TYPE 0x80027070 ++#define TEE_ERR_X509_R_WRONG_TYPE 0x8002707a ++ ++/* for asn1 lib err */ ++#define TEE_ERR_ASN1_R_ADDING_OBJECT 0x800280ab ++#define TEE_ERR_ASN1_R_ASN1_PARSE_ERROR 0x800280cb ++#define TEE_ERR_ASN1_R_ASN1_SIG_PARSE_ERROR 0x800280cc ++#define TEE_ERR_ASN1_R_AUX_ERROR 0x80028064 ++#define TEE_ERR_ASN1_R_BAD_OBJECT_HEADER 0x80028066 ++#define TEE_ERR_ASN1_R_BMPSTRING_IS_WRONG_LENGTH 0x800280d6 ++#define TEE_ERR_ASN1_R_BN_LIB 0x80028069 ++#define TEE_ERR_ASN1_R_BOOLEAN_IS_WRONG_LENGTH 0x8002806a ++#define TEE_ERR_ASN1_R_BUFFER_TOO_SMALL 0x8002806b ++#define TEE_ERR_ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 0x8002806c ++#define TEE_ERR_ASN1_R_CONTEXT_NOT_INITIALISED 0x800280d9 ++#define TEE_ERR_ASN1_R_DATA_IS_WRONG 0x8002806d ++#define TEE_ERR_ASN1_R_DECODE_ERROR 0x8002806e ++#define TEE_ERR_ASN1_R_DEPTH_EXCEEDED 0x800280ae ++#define TEE_ERR_ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 0x800280c6 ++#define TEE_ERR_ASN1_R_ENCODE_ERROR 0x80028070 ++#define TEE_ERR_ASN1_R_ERROR_GETTING_TIME 0x800280ad ++#define TEE_ERR_ASN1_R_ERROR_LOADING_SECTION 0x800280ac ++#define TEE_ERR_ASN1_R_ERROR_SETTING_CIPHER_PARAMS 0x80028072 ++#define TEE_ERR_ASN1_R_EXPECTING_AN_INTEGER 0x80028073 ++#define TEE_ERR_ASN1_R_EXPECTING_AN_OBJECT 0x80028074 ++#define TEE_ERR_ASN1_R_EXPLICIT_LENGTH_MISMATCH 0x80028077 ++#define TEE_ERR_ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 0x80028078 ++#define TEE_ERR_ASN1_R_FIELD_MISSING 0x80028079 ++#define TEE_ERR_ASN1_R_FIRST_NUM_TOO_LARGE 0x8002807a ++#define TEE_ERR_ASN1_R_HEADER_TOO_LONG 0x8002807b ++#define TEE_ERR_ASN1_R_ILLEGAL_BITSTRING_FORMAT 0x800280af ++#define TEE_ERR_ASN1_R_ILLEGAL_BOOLEAN 0x800280b0 ++#define TEE_ERR_ASN1_R_ILLEGAL_CHARACTERS 0x8002807c ++#define TEE_ERR_ASN1_R_ILLEGAL_FORMAT 0x800280b1 ++#define TEE_ERR_ASN1_R_ILLEGAL_HEX 0x800280b2 ++#define TEE_ERR_ASN1_R_ILLEGAL_IMPLICIT_TAG 0x800280b3 ++#define TEE_ERR_ASN1_R_ILLEGAL_INTEGER 0x800280b4 ++#define TEE_ERR_ASN1_R_ILLEGAL_NEGATIVE_VALUE 0x800280e2 ++#define TEE_ERR_ASN1_R_ILLEGAL_NESTED_TAGGING 0x800280b5 ++#define TEE_ERR_ASN1_R_ILLEGAL_NULL 0x8002807d ++#define TEE_ERR_ASN1_R_ILLEGAL_NULL_VALUE 0x800280b6 ++#define TEE_ERR_ASN1_R_ILLEGAL_OBJECT 0x800280b7 ++#define TEE_ERR_ASN1_R_ILLEGAL_OPTIONAL_ANY 0x8002807e ++#define TEE_ERR_ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 0x800280aa ++#define TEE_ERR_ASN1_R_ILLEGAL_PADDING 0x800280dd ++#define TEE_ERR_ASN1_R_ILLEGAL_TAGGED_ANY 0x8002807f ++#define TEE_ERR_ASN1_R_ILLEGAL_TIME_VALUE 0x800280b8 ++#define TEE_ERR_ASN1_R_ILLEGAL_ZERO_CONTENT 0x800280de ++#define TEE_ERR_ASN1_R_INTEGER_NOT_ASCII_FORMAT 0x800280b9 ++#define TEE_ERR_ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 0x80028080 ++#define TEE_ERR_ASN1_R_INVALID_BIT_STRING_BITS_LEFT 0x800280dc ++#define TEE_ERR_ASN1_R_INVALID_BMPSTRING_LENGTH 0x80028081 ++#define TEE_ERR_ASN1_R_INVALID_DIGIT 0x80028082 ++#define TEE_ERR_ASN1_R_INVALID_MIME_TYPE 0x800280cd ++#define TEE_ERR_ASN1_R_INVALID_MODIFIER 0x800280ba ++#define TEE_ERR_ASN1_R_INVALID_NUMBER 0x800280bb ++#define TEE_ERR_ASN1_R_INVALID_OBJECT_ENCODING 0x800280d8 ++#define TEE_ERR_ASN1_R_INVALID_SCRYPT_PARAMETERS 0x800280e3 ++#define TEE_ERR_ASN1_R_INVALID_SEPARATOR 0x80028083 ++#define TEE_ERR_ASN1_R_INVALID_STRING_TABLE_VALUE 0x800280da ++#define TEE_ERR_ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 0x80028085 ++#define TEE_ERR_ASN1_R_INVALID_UTF8STRING 0x80028086 ++#define TEE_ERR_ASN1_R_INVALID_VALUE 0x800280db ++#define TEE_ERR_ASN1_R_LIST_ERROR 0x800280bc ++#define TEE_ERR_ASN1_R_MIME_NO_CONTENT_TYPE 0x800280ce ++#define TEE_ERR_ASN1_R_MIME_PARSE_ERROR 0x800280cf ++#define TEE_ERR_ASN1_R_MIME_SIG_PARSE_ERROR 0x800280d0 ++#define TEE_ERR_ASN1_R_MISSING_EOC 0x80028089 ++#define TEE_ERR_ASN1_R_MISSING_SECOND_NUMBER 0x8002808a ++#define TEE_ERR_ASN1_R_MISSING_VALUE 0x800280bd ++#define TEE_ERR_ASN1_R_MSTRING_NOT_UNIVERSAL 0x8002808b ++#define TEE_ERR_ASN1_R_MSTRING_WRONG_TAG 0x8002808c ++#define TEE_ERR_ASN1_R_NESTED_ASN1_STRING 0x800280c5 ++#define TEE_ERR_ASN1_R_NESTED_TOO_DEEP 0x800280c9 ++#define TEE_ERR_ASN1_R_NON_HEX_CHARACTERS 0x8002808d ++#define TEE_ERR_ASN1_R_NOT_ASCII_FORMAT 0x800280be ++#define TEE_ERR_ASN1_R_NOT_ENOUGH_DATA 0x8002808e ++#define TEE_ERR_ASN1_R_NO_CONTENT_TYPE 0x800280d1 ++#define TEE_ERR_ASN1_R_NO_MATCHING_CHOICE_TYPE 0x8002808f ++#define TEE_ERR_ASN1_R_NO_MULTIPART_BODY_FAILURE 0x800280d2 ++#define TEE_ERR_ASN1_R_NO_MULTIPART_BOUNDARY 0x800280d3 ++#define TEE_ERR_ASN1_R_NO_SIG_CONTENT_TYPE 0x800280d4 ++#define TEE_ERR_ASN1_R_NULL_IS_WRONG_LENGTH 0x80028090 ++#define TEE_ERR_ASN1_R_OBJECT_NOT_ASCII_FORMAT 0x800280bf ++#define TEE_ERR_ASN1_R_ODD_NUMBER_OF_CHARS 0x80028091 ++#define TEE_ERR_ASN1_R_SECOND_NUMBER_TOO_LARGE 0x80028093 ++#define TEE_ERR_ASN1_R_SEQUENCE_LENGTH_MISMATCH 0x80028094 ++#define TEE_ERR_ASN1_R_SEQUENCE_NOT_CONSTRUCTED 0x80028095 ++#define TEE_ERR_ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 0x800280c0 ++#define TEE_ERR_ASN1_R_SHORT_LINE 0x80028096 ++#define TEE_ERR_ASN1_R_SIG_INVALID_MIME_TYPE 0x800280d5 ++#define TEE_ERR_ASN1_R_STREAMING_NOT_SUPPORTED 0x800280ca ++#define TEE_ERR_ASN1_R_STRING_TOO_LONG 0x80028097 ++#define TEE_ERR_ASN1_R_STRING_TOO_SHORT 0x80028098 ++#define TEE_ERR_ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 0x8002809a ++#define TEE_ERR_ASN1_R_TIME_NOT_ASCII_FORMAT 0x800280c1 ++#define TEE_ERR_ASN1_R_TOO_LARGE 0x800280df ++#define TEE_ERR_ASN1_R_TOO_LONG 0x8002809b ++#define TEE_ERR_ASN1_R_TOO_SMALL 0x800280e0 ++#define TEE_ERR_ASN1_R_TYPE_NOT_CONSTRUCTED 0x8002809c ++#define TEE_ERR_ASN1_R_TYPE_NOT_PRIMITIVE 0x800280c3 ++#define TEE_ERR_ASN1_R_UNEXPECTED_EOC 0x8002809f ++#define TEE_ERR_ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 0x800280d7 ++#define TEE_ERR_ASN1_R_UNKNOWN_FORMAT 0x800280a0 ++#define TEE_ERR_ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 0x800280a1 ++#define TEE_ERR_ASN1_R_UNKNOWN_OBJECT_TYPE 0x800280a2 ++#define TEE_ERR_ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 0x800280a3 ++#define TEE_ERR_ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 0x800280c7 ++#define TEE_ERR_ASN1_R_UNKNOWN_TAG 0x800280c2 ++#define TEE_ERR_ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 0x800280a4 ++#define TEE_ERR_ASN1_R_UNSUPPORTED_CIPHER 0x800280e4 ++#define TEE_ERR_ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 0x800280a7 ++#define TEE_ERR_ASN1_R_UNSUPPORTED_TYPE 0x800280c4 ++#define TEE_ERR_ASN1_R_WRONG_INTEGER_TYPE 0x800280e1 ++#define TEE_ERR_ASN1_R_WRONG_PUBLIC_KEY_TYPE 0x800280c8 ++#define TEE_ERR_ASN1_R_WRONG_TAG 0x800280a8 ++ ++/* for crypto lib err */ ++#define TEE_ERR_CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 0x80029065 ++#define TEE_ERR_CRYPTO_R_ILLEGAL_HEX_DIGIT 0x80029066 ++#define TEE_ERR_CRYPTO_R_ODD_NUMBER_OF_DIGITS 0x80029067 ++ ++/* for ec lib err */ ++#define TEE_ERR_EC_R_ASN1_ERROR 0x8002a073 ++#define TEE_ERR_EC_R_BAD_SIGNATURE 0x8002a09c ++#define TEE_ERR_EC_R_BIGNUM_OUT_OF_RANGE 0x8002a090 ++#define TEE_ERR_EC_R_BUFFER_TOO_SMALL 0x8002a064 ++#define TEE_ERR_EC_R_CANNOT_INVERT 0x8002a0a5 ++#define TEE_ERR_EC_R_COORDINATES_OUT_OF_RANGE 0x8002a092 ++#define TEE_ERR_EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 0x8002a0a0 ++#define TEE_ERR_EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 0x8002a09f ++#define TEE_ERR_EC_R_D2I_ECPKPARAMETERS_FAILURE 0x8002a075 ++#define TEE_ERR_EC_R_DECODE_ERROR 0x8002a08e ++#define TEE_ERR_EC_R_DISCRIMINANT_IS_ZERO 0x8002a076 ++#define TEE_ERR_EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 0x8002a077 ++#define TEE_ERR_EC_R_FIELD_TOO_LARGE 0x8002a08f ++#define TEE_ERR_EC_R_GF2M_NOT_SUPPORTED 0x8002a093 ++#define TEE_ERR_EC_R_GROUP2PKPARAMETERS_FAILURE 0x8002a078 ++#define TEE_ERR_EC_R_I2D_ECPKPARAMETERS_FAILURE 0x8002a079 ++#define TEE_ERR_EC_R_INCOMPATIBLE_OBJECTS 0x8002a065 ++#define TEE_ERR_EC_R_INVALID_ARGUMENT 0x8002a070 ++#define TEE_ERR_EC_R_INVALID_COMPRESSED_POINT 0x8002a06e ++#define TEE_ERR_EC_R_INVALID_COMPRESSION_BIT 0x8002a06d ++#define TEE_ERR_EC_R_INVALID_CURVE 0x8002a08d ++#define TEE_ERR_EC_R_INVALID_DIGEST 0x8002a097 ++#define TEE_ERR_EC_R_INVALID_DIGEST_TYPE 0x8002a08a ++#define TEE_ERR_EC_R_INVALID_ENCODING 0x8002a066 ++#define TEE_ERR_EC_R_INVALID_FIELD 0x8002a067 ++#define TEE_ERR_EC_R_INVALID_FORM 0x8002a068 ++#define TEE_ERR_EC_R_INVALID_GROUP_ORDER 0x8002a07a ++#define TEE_ERR_EC_R_INVALID_KEY 0x8002a074 ++#define TEE_ERR_EC_R_INVALID_OUTPUT_LENGTH 0x8002a0a1 ++#define TEE_ERR_EC_R_INVALID_PEER_KEY 0x8002a085 ++#define TEE_ERR_EC_R_INVALID_PENTANOMIAL_BASIS 0x8002a084 ++#define TEE_ERR_EC_R_INVALID_PRIVATE_KEY 0x8002a07b ++#define TEE_ERR_EC_R_INVALID_TRINOMIAL_BASIS 0x8002a089 ++#define TEE_ERR_EC_R_KDF_PARAMETER_ERROR 0x8002a094 ++#define TEE_ERR_EC_R_KEYS_NOT_SET 0x8002a08c ++#define TEE_ERR_EC_R_LADDER_POST_FAILURE 0x8002a088 ++#define TEE_ERR_EC_R_LADDER_PRE_FAILURE 0x8002a099 ++#define TEE_ERR_EC_R_LADDER_STEP_FAILURE 0x8002a0a2 ++#define TEE_ERR_EC_R_MISSING_PARAMETERS 0x8002a07c ++#define TEE_ERR_EC_R_MISSING_PRIVATE_KEY 0x8002a07d ++#define TEE_ERR_EC_R_NEED_NEW_SETUP_VALUES 0x8002a09d ++#define TEE_ERR_EC_R_NOT_A_NIST_PRIME 0x8002a087 ++#define TEE_ERR_EC_R_NOT_IMPLEMENTED 0x8002a07e ++#define TEE_ERR_EC_R_NOT_INITIALIZED 0x8002a06f ++#define TEE_ERR_EC_R_NO_PARAMETERS_SET 0x8002a08b ++#define TEE_ERR_EC_R_NO_PRIVATE_VALUE 0x8002a09a ++#define TEE_ERR_EC_R_OPERATION_NOT_SUPPORTED 0x8002a098 ++#define TEE_ERR_EC_R_PASSED_NULL_PARAMETER 0x8002a086 ++#define TEE_ERR_EC_R_PEER_KEY_ERROR 0x8002a095 ++#define TEE_ERR_EC_R_PKPARAMETERS2GROUP_FAILURE 0x8002a07f ++#define TEE_ERR_EC_R_POINT_ARITHMETIC_FAILURE 0x8002a09b ++#define TEE_ERR_EC_R_POINT_AT_INFINITY 0x8002a06a ++#define TEE_ERR_EC_R_POINT_COORDINATES_BLIND_FAILURE 0x8002a0a3 ++#define TEE_ERR_EC_R_POINT_IS_NOT_ON_CURVE 0x8002a06b ++#define TEE_ERR_EC_R_RANDOM_NUMBER_GENERATION_FAILED 0x8002a09e ++#define TEE_ERR_EC_R_SHARED_INFO_ERROR 0x8002a096 ++#define TEE_ERR_EC_R_SLOT_FULL 0x8002a06c ++#define TEE_ERR_EC_R_UNDEFINED_GENERATOR 0x8002a071 ++#define TEE_ERR_EC_R_UNDEFINED_ORDER 0x8002a080 ++#define TEE_ERR_EC_R_UNKNOWN_COFACTOR 0x8002a0a4 ++#define TEE_ERR_EC_R_UNKNOWN_GROUP 0x8002a081 ++#define TEE_ERR_EC_R_UNKNOWN_ORDER 0x8002a072 ++#define TEE_ERR_EC_R_UNSUPPORTED_FIELD 0x8002a083 ++#define TEE_ERR_EC_R_WRONG_CURVE_PARAMETERS 0x8002a091 ++#define TEE_ERR_EC_R_WRONG_ORDER 0x8002a082 ++ ++/* for pkcs7 lib err */ ++#define TEE_ERR_PKCS7_R_CERTIFICATE_VERIFY_ERROR 0x8002b075 ++#define TEE_ERR_PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 0x8002b090 ++#define TEE_ERR_PKCS7_R_CIPHER_NOT_INITIALIZED 0x8002b074 ++#define TEE_ERR_PKCS7_R_CONTENT_AND_DATA_PRESENT 0x8002b076 ++#define TEE_ERR_PKCS7_R_CTRL_ERROR 0x8002b098 ++#define TEE_ERR_PKCS7_R_DECRYPT_ERROR 0x8002b077 ++#define TEE_ERR_PKCS7_R_DIGEST_FAILURE 0x8002b065 ++#define TEE_ERR_PKCS7_R_ENCRYPTION_CTRL_FAILURE 0x8002b095 ++#define TEE_ERR_PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 0x8002b096 ++#define TEE_ERR_PKCS7_R_ERROR_ADDING_RECIPIENT 0x8002b078 ++#define TEE_ERR_PKCS7_R_ERROR_SETTING_CIPHER 0x8002b079 ++#define TEE_ERR_PKCS7_R_INVALID_NULL_POINTER 0x8002b08f ++#define TEE_ERR_PKCS7_R_INVALID_SIGNED_DATA_TYPE 0x8002b09b ++#define TEE_ERR_PKCS7_R_NO_CONTENT 0x8002b07a ++#define TEE_ERR_PKCS7_R_NO_DEFAULT_DIGEST 0x8002b097 ++#define TEE_ERR_PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 0x8002b09a ++#define TEE_ERR_PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 0x8002b073 ++#define TEE_ERR_PKCS7_R_NO_SIGNATURES_ON_DATA 0x8002b07b ++#define TEE_ERR_PKCS7_R_NO_SIGNERS 0x8002b08e ++#define TEE_ERR_PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 0x8002b068 ++#define TEE_ERR_PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 0x8002b07c ++#define TEE_ERR_PKCS7_R_PKCS7_ADD_SIGNER_ERROR 0x8002b099 ++#define TEE_ERR_PKCS7_R_PKCS7_DATASIGN 0x8002b091 ++#define TEE_ERR_PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 0x8002b07f ++#define TEE_ERR_PKCS7_R_SIGNATURE_FAILURE 0x8002b069 ++#define TEE_ERR_PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 0x8002b080 ++#define TEE_ERR_PKCS7_R_SIGNING_CTRL_FAILURE 0x8002b093 ++#define TEE_ERR_PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 0x8002b094 ++#define TEE_ERR_PKCS7_R_SMIME_TEXT_ERROR 0x8002b081 ++#define TEE_ERR_PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 0x8002b06a ++#define TEE_ERR_PKCS7_R_UNABLE_TO_FIND_MEM_BIO 0x8002b06b ++#define TEE_ERR_PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 0x8002b06c ++#define TEE_ERR_PKCS7_R_UNKNOWN_DIGEST_TYPE 0x8002b06d ++#define TEE_ERR_PKCS7_R_UNKNOWN_OPERATION 0x8002b06e ++#define TEE_ERR_PKCS7_R_UNSUPPORTED_CIPHER_TYPE 0x8002b06f ++#define TEE_ERR_PKCS7_R_UNSUPPORTED_CONTENT_TYPE 0x8002b070 ++#define TEE_ERR_PKCS7_R_WRONG_CONTENT_TYPE 0x8002b071 ++#define TEE_ERR_PKCS7_R_WRONG_PKCS7_TYPE 0x8002b072 ++ ++#endif +diff --git a/include/TA/huawei_ext/tee_ra_api.h b/include/TA/huawei_ext/tee_ra_api.h +new file mode 100644 +index 0000000..85c56dc +--- /dev/null ++++ b/include/TA/huawei_ext/tee_ra_api.h +@@ -0,0 +1,23 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: API of TCMGR service. ++ */ ++#ifndef TCMGR_SERVICE_TEE_RA_API_H ++#define TCMGR_SERVICE_TEE_RA_API_H ++#include ++#include "qsi_data_structure.h" ++ ++TEE_Result ra_seal(uint8_t *data, size_t in_size, uint8_t *cipher_data, size_t *cipher_size, uint32_t alg); ++TEE_Result ra_unseal(uint8_t *cipher_data, size_t cipher_size, uint8_t *data, size_t *out_size, uint32_t alg); ++TEE_Result ra_local_report(struct ra_buffer_data *in, struct ra_buffer_data *out); ++TEE_Result ra_qsi_invoke(struct ra_buffer_data *in, struct ra_buffer_data *out); ++ ++#endif +diff --git a/include/TA/pthread_attr.h b/include/TA/pthread_attr.h +new file mode 100644 +index 0000000..90ac946 +--- /dev/null ++++ b/include/TA/pthread_attr.h +@@ -0,0 +1,22 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: phtread attribution declared ++ */ ++#ifndef PTHREAD_ATTR_H ++#define PTHREAD_ATTR_H ++ ++#define TEESMP_THREAD_ATTR_CA_WILDCARD 0 ++#define TEESMP_THREAD_ATTR_CA_INHERIT (-1U) ++#define TEESMP_THREAD_ATTR_TASK_ID_INHERIT (-1U) ++#define TEESMP_THREAD_ATTR_HAS_SHADOW 0x1 ++#define TEESMP_THREAD_ATTR_NO_SHADOW 0x0 ++ ++#endif +diff --git a/include/TA/tee_arith_api.h b/include/TA/tee_arith_api.h +index 76ca0b0..313359a 100755 +--- a/include/TA/tee_arith_api.h ++++ b/include/TA/tee_arith_api.h +@@ -1,6 +1,6 @@ + /* + * Copyright (c) Huawei Technologies Co., Ltd. 2012-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,16 +8,13 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: tee crypto definitions + */ + + #ifndef TEE_ARITH_API_H + #define TEE_ARITH_API_H + +-#include "tee_defines.h" +- +-#ifndef API_LEVEL +-#define API_LEVEL API_LEVEL1_0 +-#endif ++#include + + /* + * below definitions are defined by Global Platform +@@ -69,7 +66,7 @@ void TEE_BigIntInit(TEE_BigInt *bigInt, size_t len); + */ + void TEE_BigIntInitFMMContext(TEE_BigIntFMMContext *context, size_t len, const TEE_BigInt *modulus); + +-#if (API_LEVEL >= API_LEVEL1_1_1) ++#if defined(API_LEVEL) && defined(API_LEVEL1_1_1) && (API_LEVEL >= API_LEVEL1_1_1) + + /* + * calculates the necessary prerequisites for the fast modular multiplication and stores them in a context. +@@ -82,7 +79,7 @@ void TEE_BigIntInitFMMContext(TEE_BigIntFMMContext *context, size_t len, const T + * @return other failed + */ + TEE_Result TEE_BigIntInitFMMContext1(TEE_BigIntFMMContext *context, size_t len, const TEE_BigInt *modulus); +-#endif // API_LEVEL ++#endif /* API_LEVEL */ + + /* + * initializes bigIntFMM and sets its represented value to zero. +@@ -194,7 +191,7 @@ bool TEE_BigIntGetBit(const TEE_BigInt *src, uint32_t bitIndex); + */ + uint32_t TEE_BigIntGetBitCount(const TEE_BigInt *src); + +-#if (API_LEVEL >= API_LEVEL1_2) ++#if defined(API_LEVEL) && defined(API_LEVEL1_2) && (API_LEVEL >= API_LEVEL1_2) + /* + * sets the bitIndexth bit of the natural binary representation of |op| to 1 or 0 + * +@@ -228,7 +225,7 @@ TEE_Result TEE_BigIntAssign(TEE_BigInt *dest, const TEE_BigInt *src); + * @return #TEE_ERROR_OVERFLOW In case the dest operand cannot hold the value of |src| + */ + TEE_Result TEE_BigIntAbs(TEE_BigInt *dest, const TEE_BigInt *src); +-#endif // API_LEVEL ++#endif /* API_LEVEL */ + + /* + * computes dest = op1 + op2 +@@ -253,14 +250,14 @@ void TEE_BigIntAdd(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op + void TEE_BigIntSub(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2); + + /* +- * negates an operand: dest = -op ++ * negates an operand: dest = -src + * +- * @param dest [OUT] PPointer to TEE_BigInt to store the result -op ++ * @param dest [OUT] PPointer to TEE_BigInt to store the result -src + * @param op [IN] Pointer to the operand to be negated + * + * @return void + */ +-void TEE_BigIntNeg(TEE_BigInt *dest, const TEE_BigInt *op); ++void TEE_BigIntNeg(TEE_BigInt *dest, const TEE_BigInt *src); + + /* + * computes dest = op1 * op2 +@@ -441,7 +438,7 @@ void TEE_BigIntConvertFromFMM(TEE_BigInt *dest, const TEE_BigIntFMM *src, const + void TEE_BigIntComputeFMM(TEE_BigIntFMM *dest, const TEE_BigIntFMM *op1, const TEE_BigIntFMM *op2, const TEE_BigInt *n, + const TEE_BigIntFMMContext *context); + +-#if (API_LEVEL >= API_LEVEL1_1_1) ++#if defined(API_LEVEL) && defined(API_LEVEL1_1_1) && (API_LEVEL >= API_LEVEL1_1_1) + /* + * computes dest = (op1 ^ op2) (mod n). + * +@@ -456,7 +453,7 @@ void TEE_BigIntComputeFMM(TEE_BigIntFMM *dest, const TEE_BigIntFMM *op1, const T + */ + TEE_Result TEE_BigIntExpMod(TEE_BigInt *des, TEE_BigInt *op1, const TEE_BigInt *op2, const TEE_BigInt *n, + TEE_BigIntFMMContext *context); +-#endif // API_LEVEL ++#endif /* API_LEVEL */ + + /* + * check whether n exists to make dest = (op1 ^ op2) (mod n). +diff --git a/include/TA/tee_core_api.h b/include/TA/tee_core_api.h +index c07be0b..eabf2ec 100644 +--- a/include/TA/tee_core_api.h ++++ b/include/TA/tee_core_api.h +@@ -1,6 +1,6 @@ + /* + * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,13 +8,14 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: tee core api definitions + */ + #ifndef __TEE_CORE_API_H + #define __TEE_CORE_API_H + + #include "tee_defines.h" +-#ifndef _TEE_TA_SESSION_HANDLE +-#define _TEE_TA_SESSION_HANDLE ++#ifndef TEE_TA_SESSION_HANDLE ++#define TEE_TA_SESSION_HANDLE + typedef uint32_t TEE_TASessionHandle; + #endif + +@@ -79,4 +80,5 @@ bool TEE_UnmaskCancellation(void); + + /* not supported */ + bool TEE_MaskCancellation(void); ++ + #endif +diff --git a/include/TA/tee_crypto_api.h b/include/TA/tee_crypto_api.h +index c711d30..5abedf2 100644 +--- a/include/TA/tee_crypto_api.h ++++ b/include/TA/tee_crypto_api.h +@@ -1,6 +1,6 @@ + /* + * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,23 +8,24 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: tee crypto definitions + */ + + #ifndef TEE_CRYPTO_API_H + #define TEE_CRYPTO_API_H + +-#include "pthread.h" // pthread_mutex_t +-#include "tee_defines.h" +-#include "tee_mem_mgmt_api.h" ++#include /* pthread_mutex_t */ ++#include ++#include + + #ifndef NULL + #define NULL ((void *)0) + #endif + +-#define TEE_MAX_KEY_SIZE_IN_BITS (1024 * 8) +- +-#define SW_RSA_KEYLEN 1024 ++#define TEE_MAX_KEY_SIZE_IN_BITS (1024 * 8) ++#define SW_RSA_KEYLEN 1024 + #define TEE_DH_MAX_SIZE_OF_OTHER_INFO 64 /* bytes */ ++#define TEE_PARAM_COUNT_MAX 9 + + enum __TEE_Operation_Constants { + TEE_OPERATION_CIPHER = 0x1, +@@ -82,54 +83,59 @@ enum __tee_crypto_algorithm_id { + TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384 = 0x60213230, + TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512 = 0x60214230, + #endif +- TEE_ALG_RSA_NOPAD = 0x60000030, +- TEE_ALG_DSA_SHA1 = 0x70002131, +- TEE_ALG_DSA_SHA224 = 0x70003131, +- TEE_ALG_DSA_SHA256 = 0x70004131, +- TEE_ALG_DH_DERIVE_SHARED_SECRET = 0x80000032, +- TEE_ALG_MD5 = 0x50000001, +- TEE_ALG_SHA1 = 0x50000002, +- TEE_ALG_SHA224 = 0x50000003, +- TEE_ALG_SHA256 = 0x50000004, +- TEE_ALG_SHA384 = 0x50000005, +- TEE_ALG_SHA512 = 0x50000006, +- TEE_ALG_HMAC_MD5 = 0x30000001, +- TEE_ALG_HMAC_SHA1 = 0x30000002, +- TEE_ALG_HMAC_SHA224 = 0x30000003, +- TEE_ALG_HMAC_SHA256 = 0x30000004, +- TEE_ALG_HMAC_SHA384 = 0x30000005, +- TEE_ALG_HMAC_SHA512 = 0x30000006, +- TEE_ALG_HMAC_SM3 = 0x30000007, +- TEE_ALG_AES_ECB_PKCS5 = 0x10000020, +- TEE_ALG_AES_CBC_PKCS5 = 0x10000220, +- TEE_ALG_ECDSA_SHA1 = 0x70001042, +- TEE_ALG_ECDSA_SHA224 = 0x70002042, +- TEE_ALG_ECDSA_SHA256 = 0x70003042, +- TEE_ALG_ECDSA_SHA384 = 0x70004042, +- TEE_ALG_ECDSA_SHA512 = 0x70005042, +- TEE_ALG_ED25519 = 0x70005043, +- TEE_ALG_ECDH_DERIVE_SHARED_SECRET = 0x80000042, +- TEE_ALG_X25519 = 0x80000044, +- TEE_ALG_ECC = 0x80000001, +- TEE_ALG_ECDSA_P192 = 0x70001042, +- TEE_ALG_ECDSA_P224 = 0x70002042, +- TEE_ALG_ECDSA_P256 = 0x70003042, +- TEE_ALG_ECDSA_P384 = 0x70004042, +- TEE_ALG_ECDSA_P521 = 0x70005042, +- TEE_ALG_ECDH_P192 = 0x80001042, +- TEE_ALG_ECDH_P224 = 0x80002042, +- TEE_ALG_ECDH_P256 = 0x80003042, +- TEE_ALG_ECDH_P384 = 0x80004042, +- TEE_ALG_ECDH_P521 = 0x80005042, +- TEE_ALG_SM2_DSA_SM3 = 0x70006045, +- TEE_ALG_SM2_PKE = 0x80000045, +- TEE_ALG_SM3 = 0x50000007, +- TEE_ALG_SM4_ECB_NOPAD = 0x10000014, +- TEE_ALG_SM4_CBC_NOPAD = 0x10000114, +- TEE_ALG_SM4_CTR = 0x10000214, +- TEE_ALG_SM4_XTS = 0x10000414, +- TEE_ALG_SM4_OFB = 0x10000514, +- TEE_ALG_AES_OFB = 0x10000510, ++ TEE_ALG_RSA_NOPAD = 0x60000030, ++ TEE_ALG_DSA_SHA1 = 0x70002131, ++ TEE_ALG_DSA_SHA224 = 0x70003131, ++ TEE_ALG_DSA_SHA256 = 0x70004131, ++ TEE_ALG_DH_DERIVE_SHARED_SECRET = 0x80000032, ++ TEE_ALG_MD5 = 0x50000001, ++ TEE_ALG_SHA1 = 0x50000002, ++ TEE_ALG_SHA224 = 0x50000003, ++ TEE_ALG_SHA256 = 0x50000004, ++ TEE_ALG_SHA384 = 0x50000005, ++ TEE_ALG_SHA512 = 0x50000006, ++ TEE_ALG_HMAC_MD5 = 0x30000001, ++ TEE_ALG_HMAC_SHA1 = 0x30000002, ++ TEE_ALG_HMAC_SHA224 = 0x30000003, ++ TEE_ALG_HMAC_SHA256 = 0x30000004, ++ TEE_ALG_HMAC_SHA384 = 0x30000005, ++ TEE_ALG_HMAC_SHA512 = 0x30000006, ++ TEE_ALG_HMAC_SM3 = 0x30000007, ++ TEE_ALG_AES_ECB_PKCS5 = 0x10000020, ++ TEE_ALG_AES_CBC_PKCS5 = 0x10000220, ++ TEE_ALG_ECDSA_SHA1 = 0x70001042, ++ TEE_ALG_ECDSA_SHA224 = 0x70002042, ++ TEE_ALG_ECDSA_SHA256 = 0x70003042, ++ TEE_ALG_ECDSA_SHA384 = 0x70004042, ++ TEE_ALG_ECDSA_SHA512 = 0x70005042, ++ TEE_ALG_ED25519 = 0x70005043, ++ TEE_ALG_ECDH_DERIVE_SHARED_SECRET = 0x80000042, ++ TEE_ALG_X25519 = 0x80000044, ++ TEE_ALG_ECC = 0x80000001, ++ TEE_ALG_ECDSA_P192 = 0x70001042, ++ TEE_ALG_ECDSA_P224 = 0x70002042, ++ TEE_ALG_ECDSA_P256 = 0x70003042, ++ TEE_ALG_ECDSA_P384 = 0x70004042, ++ TEE_ALG_ECDSA_P521 = 0x70005042, ++ TEE_ALG_ECDH_P192 = 0x80001042, ++ TEE_ALG_ECDH_P224 = 0x80002042, ++ TEE_ALG_ECDH_P256 = 0x80003042, ++ TEE_ALG_ECDH_P384 = 0x80004042, ++ TEE_ALG_ECDH_P521 = 0x80005042, ++ TEE_ALG_SIP_HASH = 0xF0000002, ++ TEE_ALG_SM2_DSA_SM3 = 0x70006045, ++ TEE_ALG_SM2_PKE = 0x80000045, ++ TEE_ALG_SM3 = 0x50000007, ++ TEE_ALG_SM4_ECB_NOPAD = 0x10000014, ++ TEE_ALG_SM4_ECB_PKCS7 = 0x10000024, ++ TEE_ALG_SM4_CBC_NOPAD = 0x10000114, ++ TEE_ALG_SM4_CBC_PKCS7 = 0xF0000003, ++ TEE_ALG_SM4_CTR = 0x10000214, ++ TEE_ALG_SM4_CFB128 = 0xF0000000, ++ TEE_ALG_SM4_XTS = 0x10000414, ++ TEE_ALG_SM4_OFB = 0x10000514, ++ TEE_ALG_AES_OFB = 0x10000510, ++ TEE_ALG_SM4_GCM = 0xF0000005, + }; + + typedef enum __tee_crypto_algorithm_id tee_crypto_algorithm_id; +@@ -162,13 +168,13 @@ typedef enum { + } TEE_DH_OpMode_t; + + typedef enum { +- TEE_DH_ASN1_DerivMode = 0, /* *< ASN1_DerivMode */ +- TEE_DH_ConcatDerivMode = 1, /* *< ConcatDerivMode */ +- TEE_DH_X963_DerivMode = TEE_DH_ConcatDerivMode, /* *< X963_DerivMode */ +- TEE_DH_OMADRM_DerivMode = 2, /* *< OMADRM_DerivMode */ +- TEE_DH_ISO18033_KDF1_DerivMode = 3, /* *< ISO18033_KDF1_DerivMode */ +- TEE_DH_ISO18033_KDF2_DerivMode = 4, /* *< ISO18033_KDF2_DerivMode */ +- TEE_DH_DerivFunc_NumOfModes, /* *< num of modes */ ++ TEE_DH_ASN1_DerivMode = 0, /* ASN1_DerivMode */ ++ TEE_DH_ConcatDerivMode = 1, /* ConcatDerivMode */ ++ TEE_DH_X963_DerivMode = TEE_DH_ConcatDerivMode, /* X963_DerivMode */ ++ TEE_DH_OMADRM_DerivMode = 2, /* OMADRM_DerivMode */ ++ TEE_DH_ISO18033_KDF1_DerivMode = 3, /* ISO18033_KDF1_DerivMode */ ++ TEE_DH_ISO18033_KDF2_DerivMode = 4, /* ISO18033_KDF2_DerivMode */ ++ TEE_DH_DerivFunc_NumOfModes, /* num of modes */ + } TEE_DH_DerivFuncMode; + + enum __TEE_DK_ObjectAttribute { +@@ -242,9 +248,9 @@ typedef struct { + } TEE_OperationInfoMultiple; + + struct __TEE_OperationHandle { +- uint32_t algorithm; /* *< #__TEE_CRYPTO_ALGORITHM_ID */ +- uint32_t operationClass; /* *< #__TEE_Operation_Constants */ +- uint32_t mode; /* *< #__TEE_OperationMode */ ++ uint32_t algorithm; /* #__TEE_CRYPTO_ALGORITHM_ID */ ++ uint32_t operationClass; /* #__TEE_Operation_Constants */ ++ uint32_t mode; /* #__TEE_OperationMode */ + uint32_t digestLength; + uint32_t maxKeySize; + uint32_t keySize; +@@ -261,12 +267,12 @@ struct __TEE_OperationHandle { + void *privateKey; + uint32_t privateKeyLen; + uint32_t IVLen; +- // start of DH ++ /* start of DH */ + TEE_DH_OtherInfo *dh_otherinfo; /* #TEE_DH_OtherInfo */ + uint32_t dh_hash_mode; /* #TEE_DH_HASH_Mode */ + uint32_t dh_derive_func; /* #TEE_DH_DerivFuncMode */ + uint32_t dh_op_mode; /* #TEE_DH_OpMode_t */ +- // end of DH ++ /* end of DH */ + pthread_mutex_t operation_lock; + void *hal_info; + }; +@@ -306,7 +312,7 @@ typedef struct __TEE_ObjectHandle TEE_ObjectHandleVar; + * @param operation [IN/OUT] #TEE_OperationHandle + * @param algorithm [IN] #TEE_CRYPTO_ALGORITHM_ID + * @param mode [IN] #TEE_OperationMode +- * @param maxKeySize [IN] The max key size ++ * @param max_key_size [IN] The max key size + * + * @return TEE_SUCCESS succss + * @return TEE_ERROR_OUT_OF_MEMORY #TEE_OperationHandle malloc failed +@@ -314,7 +320,7 @@ typedef struct __TEE_ObjectHandle TEE_ObjectHandleVar; + * @return TEE_ERROR_GENERIC other failed + */ + TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, uint32_t algorithm, uint32_t mode, +- uint32_t maxKeySize); ++ uint32_t max_key_size); + /* + * free Operation handle + * +@@ -370,12 +376,12 @@ TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, const TEE_ObjectH + /* + * copy src operation to dest operation + * +- * @param dstOperation [IN/OUT] #TEE_OperationHandle +- * @param srcOperation [IN/OUT] #TEE_OperationHandle ++ * @param dst_operation [IN/OUT] #TEE_OperationHandle ++ * @param src_operation [IN/OUT] #TEE_OperationHandle + * + * @return void + */ +-void TEE_CopyOperation(TEE_OperationHandle dstOperation, const TEE_OperationHandle srcOperation); ++void TEE_CopyOperation(TEE_OperationHandle dst_operation, const TEE_OperationHandle src_operation); + + /* + * init cipher context +@@ -430,11 +436,11 @@ TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, const void *srcData, + */ + #ifndef GP_SUPPORT + +-#if (API_LEVEL >= 2) ++#if defined(API_LEVEL) && (API_LEVEL >= 2) + void TEE_DigestUpdate(TEE_OperationHandle operation, const void *chunk, size_t chunkSize); + #else + TEE_Result TEE_DigestUpdate(TEE_OperationHandle operation, const void *chunk, size_t chunkSize); +-#endif // API_LEVEL ++#endif /* API_LEVEL */ + + #else + void TEE_DigestUpdate(TEE_OperationHandle operation, const void *chunk, size_t chunkSize); +@@ -506,13 +512,13 @@ TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, const void *messag + */ + #ifndef GP_SUPPORT + +-#if (API_LEVEL >= 2) ++#if defined(API_LEVEL) && (API_LEVEL >= 2) + TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, const void *message, size_t messageLen, const void *mac, + const size_t macLen); + #else + TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, const void *message, size_t messageLen, const void *mac, + const size_t *macLen); +-#endif // API_LEVEL ++#endif /* API_LEVEL */ + + #else + TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, const void *message, size_t messageLen, const void *mac, +@@ -687,7 +693,7 @@ TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, const TEE_Att + TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, const TEE_Attribute *params, uint32_t paramCount, + void *digest, size_t digestLen, void *signature, size_t signatureLen); + +-#if (API_LEVEL >= 2) ++#if defined(API_LEVEL) && (API_LEVEL >= 2) + + /* + * Get Operation Info multiple +@@ -702,9 +708,9 @@ TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, const TEE_A + */ + TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, TEE_OperationInfoMultiple *operationInfoMultiple, + const size_t *operationSize); +-#endif // API_LEVEL ++#endif /* API_LEVEL */ + +-#if (API_LEVEL >= 3) ++#if defined(API_LEVEL) && (API_LEVEL >= 2) + + /* + * check whether the algorithm is sopported +@@ -716,6 +722,8 @@ TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, TEE_Opera + * @return TEE_ERROR_NOT_SUPPORTED not support + */ + TEE_Result TEE_IsAlgorithmSupported(uint32_t algId, uint32_t element); +-#endif // API_LEVEL ++ ++TEE_Result TEE_IsHardWareSupportAlgorithm(uint32_t alg_type); ++#endif /* API_LEVEL */ + + #endif +diff --git a/include/TA/tee_defines.h b/include/TA/tee_defines.h +index 8fa7ada..6b24ff2 100755 +--- a/include/TA/tee_defines.h ++++ b/include/TA/tee_defines.h +@@ -1,6 +1,6 @@ + /* + * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,6 +8,7 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: Reference of TEE internal api and internal definitions + */ + + #ifndef __TEE_DEFINES_H +@@ -16,6 +17,7 @@ + #include + #include + #include ++#include + + #ifndef TA_EXPORT + #define TA_EXPORT +@@ -28,17 +30,8 @@ typedef int *tee_mutex_handle; + #define API_LEVEL1_2 3 + + #define TEE_PARAMS_NUM 4 +-#undef true +-#define true 1 + +-#undef false +-#define false 0 +- +-#ifndef NULL +-#define NULL ((void *)0) +-#endif +- +-#define PARAM_NOT_USED(val) ((void)val) ++#define PARAM_NOT_USED(val) ((void)(val)) + + typedef union { + struct { +@@ -85,6 +78,9 @@ enum TEE_ParamType { + TEE_PARAM_TYPE_ION_INPUT = 0x8, + TEE_PARAM_TYPE_ION_SGLIST_INPUT = 0x9, + TEE_PARAM_TYPE_MEMREF_SHARED_INOUT = 0xa, ++ TEE_PARAM_TYPE_RESMEM_INPUT = 0xc, ++ TEE_PARAM_TYPE_RESMEM_OUTPUT = 0xd, ++ TEE_PARAM_TYPE_RESMEM_INOUT = 0xe, + }; + + #define S_VAR_NOT_USED(variable) \ +@@ -150,6 +146,9 @@ enum TEE_ObjectAttribute { + TEE_ATTR_ED25519_PH = 0xF0000543, + TEE_ATTR_X25519_PUBLIC_VALUE = 0xD0000944, + TEE_ATTR_X25519_PRIVATE_VALUE = 0xC0000A44, ++ TEE_ATTR_PBKDF2_HMAC_PASSWORD = 0xD0000133, ++ TEE_ATTR_PBKDF2_HMAC_SALT = 0xD0000134, ++ TEE_ATTR_PBKDF2_HMAC_DIGEST = 0xF0000135, + }; + + enum TEE_ObjectType { +@@ -186,6 +185,8 @@ enum TEE_ObjectType { + TEE_TYPE_SM2_PKE_KEYPAIR = 0xA1000047, + TEE_TYPE_HMAC_SM3 = 0xA0000007, + TEE_TYPE_SM4 = 0xA0000014, ++ TEE_TYPE_SIP_HASH = 0xF0000002, ++ TEE_TYPE_PBKDF2_HMAC = 0xF0000004, + + TEE_TYPE_CORRUPTED_OBJECT = 0xA00000BE, + }; +@@ -206,130 +207,116 @@ struct __TEE_ObjectHandle { + }; + typedef struct __TEE_ObjectHandle *TEE_ObjectHandle; + +-#define NODE_LEN 8 +-typedef struct tee_uuid { +- uint32_t timeLow; +- uint16_t timeMid; +- uint16_t timeHiAndVersion; +- uint8_t clockSeqAndNode[NODE_LEN]; +-} TEE_UUID; +- +-typedef struct spawn_uuid { +- uint64_t uuid_valid; +- TEE_UUID uuid; +-} spawn_uuid_t; +- + enum TEE_Result_Value { +- TEE_SUCCESS = 0x0, /* success */ +- TEE_ERROR_INVALID_CMD, /* command is invalid */ +- TEE_ERROR_SERVICE_NOT_EXIST, /* service is not exist */ +- TEE_ERROR_SESSION_NOT_EXIST, /* session is not exist */ +- TEE_ERROR_SESSION_MAXIMUM, /* exceeds max session count */ +- TEE_ERROR_REGISTER_EXIST_SERVICE, /* service already registered */ +- TEE_ERROR_TARGET_DEAD_FATAL, /* internal error occurs */ +- TEE_ERROR_READ_DATA, /* read data failed */ +- TEE_ERROR_WRITE_DATA, /* write data failed */ +- TEE_ERROR_TRUNCATE_OBJECT, /* truncate data failed */ +- TEE_ERROR_SEEK_DATA, /* seek data failed */ +- TEE_ERROR_SYNC_DATA, /* sync data failed */ +- TEE_ERROR_RENAME_OBJECT, /* rename file failed */ +- TEE_ERROR_TRUSTED_APP_LOAD_ERROR, /* error occurs when loading TA */ +- TEE_ERROR_OTRP_LOAD_NOT_MATCHED = 0x80000100, /* TA type is inconsistent with the loading mode. */ +- TEE_ERROR_OTRP_LOAD_EXCEED = 0x80000101, /* the not open session's otrp service num exceeds */ +- TEE_ERROR_OTRP_ACCESS_DENIED = 0x80000102, /* uuid of load cmd is not inconsistent with the sec file */ +- TEE_ERROR_OTRP_SERVICE_AGED = 0x80000103, /* otrp service is aged */ +- TEE_ERROR_STORAGE_EIO = 0x80001001, /* I/O error occurs in storage operation */ +- TEE_ERROR_STORAGE_EAGAIN = 0x80001002, /* storage section is unavailable */ +- TEE_ERROR_STORAGE_ENOTDIR = 0x80001003, /* operation target is not directory */ +- TEE_ERROR_STORAGE_EISDIR = 0x80001004, /* cannot do this operation on directory */ +- TEE_ERROR_STORAGE_ENFILE = 0x80001005, /* opened files exceed max count in system */ +- TEE_ERROR_STORAGE_EMFILE = 0x80001006, /* opened files exceed max count for this process */ +- TEE_ERROR_STORAGE_EROFS = 0x80001007, /* stroage section is read only */ +- TEE_ERROR_STORAGE_INSE_NOTSUPPORT = 0x80001008, /* SFS inse mode is not supported */ +- TEE_ERROR_STORAGE_INSE_ERROR = 0x80001009, /* SFS inse encrypto/decrypto error occurs */ +- TEE_ERROR_STORAGE_PATH_WRONG = 0x8000100A, /* File path error */ +- TEE_ERROR_MSG_QUEUE_OVERFLOW = 0x8000100B, /* sevice msg queue overflow */ +- TEE_ERROR_CORRUPT_OBJECT = 0xF0100001, /* file object has been damaged */ +- TEE_ERROR_STORAGE_NOT_AVAILABLE = 0xF0100003, /* storage section is unavailable */ +- TEE_ERROR_CIPHERTEXT_INVALID = 0xF0100006, /* cipher text is incorrect */ +- TEE_ISOCKET_ERROR_PROTOCOL = 0xF1007001, /* protocol error in socket connection */ +- TEE_ISOCKET_ERROR_REMOTE_CLOSED = 0xF1007002, /* socket is closed by remote */ +- TEE_ISOCKET_ERROR_TIMEOUT = 0xF1007003, /* socket connection is timeout */ +- TEE_ISOCKET_ERROR_OUT_OF_RESOURCES = 0xF1007004, /* no resource avaliable for socket connection */ +- TEE_ISOCKET_ERROR_LARGE_BUFFER = 0xF1007005, /* buffer is too large in socket connection */ +- TEE_ISOCKET_WARNING_PROTOCOL = 0xF1007006, /* warnning occurs in socket connection */ +- TEE_ERROR_GENERIC = 0xFFFF0000, /* generic error */ +- TEE_ERROR_ACCESS_DENIED = 0xFFFF0001, /* access is denied */ +- TEE_ERROR_CANCEL = 0xFFFF0002, /* operation has been canceled */ +- TEE_ERROR_ACCESS_CONFLICT = 0xFFFF0003, /* conflict access error occurs */ +- TEE_ERROR_EXCESS_DATA = 0xFFFF0004, /* exceeds max data size */ +- TEE_ERROR_BAD_FORMAT = 0xFFFF0005, /* incorrect data format */ +- TEE_ERROR_BAD_PARAMETERS = 0xFFFF0006, /* incorrect parameters */ +- TEE_ERROR_BAD_STATE = 0xFFFF0007, /* operation is not allowed in current state */ +- TEE_ERROR_ITEM_NOT_FOUND = 0xFFFF0008, /* cannot find target item */ +- TEE_ERROR_NOT_IMPLEMENTED = 0xFFFF0009, /* api is not implemented */ +- TEE_ERROR_NOT_SUPPORTED = 0xFFFF000A, /* api is not supported */ +- TEE_ERROR_NO_DATA = 0xFFFF000B, /* no data avaliable for this operation */ +- TEE_ERROR_OUT_OF_MEMORY = 0xFFFF000C, /* not memory avaliable for this operation */ +- TEE_ERROR_BUSY = 0xFFFF000D, /* system busy to handle this operation */ +- TEE_ERROR_COMMUNICATION = 0xFFFF000E, /* communication error with target */ +- TEE_ERROR_SECURITY = 0xFFFF000F, /* security error occurs */ +- TEE_ERROR_SHORT_BUFFER = 0xFFFF0010, /* buffer is too short for this operation */ +- TEE_ERROR_EXTERNAL_CANCEL = 0xFFFF0011, /* operation is canceled */ +- TEE_PENDING = 0xFFFF2000, /* service is in pending state(in asynchronous state) */ +- TEE_PENDING2 = 0xFFFF2001, /* service is in pending state() */ +- TEE_PENDING3 = 0xFFFF2002, /* reserved error definition */ +- TEE_ERROR_TIMEOUT = 0xFFFF3001, /* operation is timeout */ +- TEE_ERROR_OVERFLOW = 0xFFFF300f, /* operation overflow */ +- TEE_ERROR_TARGET_DEAD = 0xFFFF3024, /* TA is crashed */ +- TEE_ERROR_STORAGE_NO_SPACE = 0xFFFF3041, /* no enough space to store data */ +- TEE_ERROR_MAC_INVALID = 0xFFFF3071, /* MAC operation failed */ +- TEE_ERROR_SIGNATURE_INVALID = 0xFFFF3072, /* signature check failed */ +- TEE_CLIENT_INTR = 0xFFFF4000, /* Interrupted by CFC. Broken control flow is detected. */ +- TEE_ERROR_TIME_NOT_SET = 0xFFFF5000, /* time is not set */ +- TEE_ERROR_TIME_NEEDS_RESET = 0xFFFF5001, /* time need to be reset */ +- TEE_FAIL = 0xFFFF5002, /* system error */ +- TEE_ERROR_TIMER = 0xFFFF6000, /* base value of timer error codes */ +- TEE_ERROR_TIMER_CREATE_FAILED, /* failed to create timer */ +- TEE_ERROR_TIMER_DESTORY_FAILED, /* failed to destory timer */ +- TEE_ERROR_TIMER_NOT_FOUND, /* timer not found */ +- TEE_ERROR_RPMB_BASE = 0xFFFF7000, /* base value of RPMB error codes */ +- TEE_ERROR_RPMB_GENERIC = 0xFFFF7001, /* generic error of RPMB operations */ +- TEE_ERROR_RPMB_MAC_FAIL, /* verify MAC failed in RPMB operations */ +- TEE_ERROR_RPMB_COUNTER_FAIL, /* invalid counter in RPMB operations */ +- TEE_ERROR_RPMB_ADDR_FAIL, /* addresss check failed in RPMB operations */ +- TEE_ERROR_RPMB_WRITE_FAIL, /* failed to write data to RPMB */ +- TEE_ERROR_RPMB_READ_FAIL, /* failed to read data in RPMB */ +- TEE_ERROR_RPMB_KEY_NOT_PROGRAM, /* key is not provisioned in RPMB */ +- TEE_ERROR_RPMB_RESP_UNEXPECT_MSGTYPE = 0xFFFF7100, /* incorrect message type in RPMB response */ +- TEE_ERROR_RPMB_RESP_UNEXPECT_BLKCNT, /* incorrect message data block count in RPMB response */ +- TEE_ERROR_RPMB_RESP_UNEXPECT_BLKIDX, /* incorrect message data block index in RPMB response */ +- TEE_ERROR_RPMB_RESP_UNEXPECT_WRCNT, /* incorrect message data counter in RPMB response */ +- TEE_ERROR_RPMB_RESP_UNEXPECT_NONCE, /* incorrect message data nonce in RPMB response */ +- TEE_ERROR_RPMB_RESP_UNEXPECT_MAC, /* incorrect message data MAC in RPMB response */ +- TEE_ERROR_RPMB_FILE_NOT_FOUND, /* file not found in RPMB */ +- TEE_ERROR_RPMB_NOSPC, /* not space left for RPMB operations */ +- TEE_ERROR_RPMB_SPC_CONFLICT, /* exceeds max space of RPMB for this TA */ +- TEE_ERROR_RPMB_NOT_AVAILABLE, /* RPMB service not ready */ +- TEE_ERROR_RPMB_DAMAGED, /* RPMB partition is damaged */ +- TEE_ERROR_TUI_IN_USE = 0xFFFF7110, +- TEE_ERROR_TUI_SWITCH_CHANNAL, +- TEE_ERROR_TUI_CFG_DRIVER, +- TEE_ERROR_TUI_INVALID_EVENT, +- TEE_ERROR_TUI_POLL_EVENT, +- TEE_ERROR_TUI_CANCELED, +- TEE_ERROR_TUI_EXIT, +- TEE_ERROR_TUI_NOT_AVAILABLE, +- TEE_ERROR_SEC_FLASH_NOT_AVAILABLE, +- TEE_ERROR_SESRV_NOT_AVAILABLE, +- TEE_ERROR_BIOSRV_NOT_AVAILABLE, +- TEE_ERROR_ROTSRV_NOT_AVAILABLE, +- TEE_ERROR_ARTSRV_NOT_AVAILABLE, +- TEE_ERROR_HSMSRV_NOT_AVAILABLE, +- TEE_ERROR_ANTIROOT_RSP_FAIL = 0xFFFF9110, +- TEE_ERROR_ANTIROOT_INVOKE_ERROR = 0xFFFF9111, +- TEE_ERROR_AUDIT_FAIL = 0xFFFF9112, +- TEE_FAIL2 ++ TEE_SUCCESS = 0x00000000, /* success */ ++ TEE_ERROR_INVALID_CMD = 0x00000001, /* command is invalid */ ++ TEE_ERROR_SERVICE_NOT_EXIST = 0x00000002, /* service is not exist */ ++ TEE_ERROR_SESSION_NOT_EXIST = 0x00000003, /* session is not exist */ ++ TEE_ERROR_SESSION_MAXIMUM = 0x00000004, /* exceeds max session count */ ++ TEE_ERROR_REGISTER_EXIST_SERVICE = 0x00000005, /* service already registered */ ++ TEE_ERROR_TARGET_DEAD_FATAL = 0x00000006, /* internal error occurs */ ++ TEE_ERROR_READ_DATA = 0x00000007, /* read data failed */ ++ TEE_ERROR_WRITE_DATA = 0x00000008, /* write data failed */ ++ TEE_ERROR_TRUNCATE_OBJECT = 0x00000009, /* truncate data failed */ ++ TEE_ERROR_SEEK_DATA = 0x0000000A, /* seek data failed */ ++ TEE_ERROR_SYNC_DATA = 0x0000000B, /* sync data failed */ ++ TEE_ERROR_RENAME_OBJECT = 0x0000000C, /* rename file failed */ ++ TEE_ERROR_TRUSTED_APP_LOAD_ERROR = 0x0000000D, /* error occurs when loading TA */ ++ TEE_ERROR_OTRP_LOAD_NOT_MATCHED = 0x80000100, /* TA type is inconsistent with the loading mode. */ ++ TEE_ERROR_OTRP_LOAD_EXCEED = 0x80000101, /* the not open session's otrp service num exceeds */ ++ TEE_ERROR_OTRP_ACCESS_DENIED = 0x80000102, /* uuid of load cmd is not inconsistent with the sec file */ ++ TEE_ERROR_OTRP_SERVICE_AGED = 0x80000103, /* otrp service is aged */ ++ TEE_ERROR_STORAGE_EIO = 0x80001001, /* I/O error occurs in storage operation */ ++ TEE_ERROR_STORAGE_EAGAIN = 0x80001002, /* storage section is unavailable */ ++ TEE_ERROR_STORAGE_ENOTDIR = 0x80001003, /* operation target is not directory */ ++ TEE_ERROR_STORAGE_EISDIR = 0x80001004, /* cannot do this operation on directory */ ++ TEE_ERROR_STORAGE_ENFILE = 0x80001005, /* opened files exceed max count in system */ ++ TEE_ERROR_STORAGE_EMFILE = 0x80001006, /* opened files exceed max count for this process */ ++ TEE_ERROR_STORAGE_EROFS = 0x80001007, /* stroage section is read only */ ++ TEE_ERROR_STORAGE_PATH_WRONG = 0x8000100A, /* File path error */ ++ TEE_ERROR_MSG_QUEUE_OVERFLOW = 0x8000100B, /* sevice msg queue overflow */ ++ TEE_ERROR_CORRUPT_OBJECT = 0xF0100001, /* file object has been damaged */ ++ TEE_ERROR_STORAGE_NOT_AVAILABLE = 0xF0100003, /* storage section is unavailable */ ++ TEE_ERROR_CIPHERTEXT_INVALID = 0xF0100006, /* cipher text is incorrect */ ++ TEE_ISOCKET_ERROR_PROTOCOL = 0xF1007001, /* protocol error in socket connection */ ++ TEE_ISOCKET_ERROR_REMOTE_CLOSED = 0xF1007002, /* socket is closed by remote */ ++ TEE_ISOCKET_ERROR_TIMEOUT = 0xF1007003, /* socket connection is timeout */ ++ TEE_ISOCKET_ERROR_OUT_OF_RESOURCES = 0xF1007004, /* no resource avaliable for socket connection */ ++ TEE_ISOCKET_ERROR_LARGE_BUFFER = 0xF1007005, /* buffer is too large in socket connection */ ++ TEE_ISOCKET_WARNING_PROTOCOL = 0xF1007006, /* warnning occurs in socket connection */ ++ TEE_ERROR_GENERIC = 0xFFFF0000, /* generic error */ ++ TEE_ERROR_ACCESS_DENIED = 0xFFFF0001, /* access is denied */ ++ TEE_ERROR_CANCEL = 0xFFFF0002, /* operation has been canceled */ ++ TEE_ERROR_ACCESS_CONFLICT = 0xFFFF0003, /* conflict access error occurs */ ++ TEE_ERROR_EXCESS_DATA = 0xFFFF0004, /* exceeds max data size */ ++ TEE_ERROR_BAD_FORMAT = 0xFFFF0005, /* incorrect data format */ ++ TEE_ERROR_BAD_PARAMETERS = 0xFFFF0006, /* incorrect parameters */ ++ TEE_ERROR_BAD_STATE = 0xFFFF0007, /* operation is not allowed in current state */ ++ TEE_ERROR_ITEM_NOT_FOUND = 0xFFFF0008, /* cannot find target item */ ++ TEE_ERROR_NOT_IMPLEMENTED = 0xFFFF0009, /* api is not implemented */ ++ TEE_ERROR_NOT_SUPPORTED = 0xFFFF000A, /* api is not supported */ ++ TEE_ERROR_NO_DATA = 0xFFFF000B, /* no data avaliable for this operation */ ++ TEE_ERROR_OUT_OF_MEMORY = 0xFFFF000C, /* not memory avaliable for this operation */ ++ TEE_ERROR_BUSY = 0xFFFF000D, /* system busy to handle this operation */ ++ TEE_ERROR_COMMUNICATION = 0xFFFF000E, /* communication error with target */ ++ TEE_ERROR_SECURITY = 0xFFFF000F, /* security error occurs */ ++ TEE_ERROR_SHORT_BUFFER = 0xFFFF0010, /* buffer is too short for this operation */ ++ TEE_ERROR_EXTERNAL_CANCEL = 0xFFFF0011, /* operation is canceled */ ++ TEE_PENDING = 0xFFFF2000, /* service is in pending state(in asynchronous state) */ ++ TEE_PENDING2 = 0xFFFF2001, /* service is in pending state() */ ++ TEE_PENDING3 = 0xFFFF2002, /* reserved error definition */ ++ TEE_ERROR_TIMEOUT = 0xFFFF3001, /* operation is timeout */ ++ TEE_ERROR_OVERFLOW = 0xFFFF300f, /* operation overflow */ ++ TEE_ERROR_TARGET_DEAD = 0xFFFF3024, /* TA is crashed */ ++ TEE_ERROR_STORAGE_NO_SPACE = 0xFFFF3041, /* no enough space to store data */ ++ TEE_ERROR_MAC_INVALID = 0xFFFF3071, /* MAC operation failed */ ++ TEE_ERROR_SIGNATURE_INVALID = 0xFFFF3072, /* signature check failed */ ++ TEE_CLIENT_INTR = 0xFFFF4000, /* Interrupted by CFC. Broken control flow is detected. */ ++ TEE_ERROR_TIME_NOT_SET = 0xFFFF5000, /* time is not set */ ++ TEE_ERROR_TIME_NEEDS_RESET = 0xFFFF5001, /* time need to be reset */ ++ TEE_FAIL = 0xFFFF5002, /* system error */ ++ TEE_ERROR_TIMER = 0xFFFF6000, /* base value of timer error codes */ ++ TEE_ERROR_TIMER_CREATE_FAILED = 0xFFFF6001, /* failed to create timer */ ++ TEE_ERROR_TIMER_DESTROY_FAILED = 0xFFFF6002, /* failed to destroy timer */ ++ TEE_ERROR_TIMER_NOT_FOUND = 0xFFFF6003, /* timer not found */ ++ TEE_ERROR_RPMB_BASE = 0xFFFF7000, /* base value of RPMB error codes */ ++ TEE_ERROR_RPMB_GENERIC = 0xFFFF7001, /* generic error of RPMB operations */ ++ TEE_ERROR_RPMB_MAC_FAIL = 0xFFFF7002, /* verify MAC failed in RPMB operations */ ++ TEE_ERROR_RPMB_COUNTER_FAIL = 0xFFFF7003, /* invalid counter in RPMB operations */ ++ TEE_ERROR_RPMB_ADDR_FAIL = 0xFFFF7004, /* addresss check failed in RPMB operations */ ++ TEE_ERROR_RPMB_WRITE_FAIL = 0xFFFF7005, /* failed to write data to RPMB */ ++ TEE_ERROR_RPMB_READ_FAIL = 0xFFFF7006, /* failed to read data in RPMB */ ++ TEE_ERROR_RPMB_KEY_NOT_PROGRAM = 0xFFFF7007, /* key is not provisioned in RPMB */ ++ TEE_ERROR_RPMB_RESP_UNEXPECT_MSGTYPE = 0xFFFF7100, /* incorrect message type in RPMB response */ ++ TEE_ERROR_RPMB_RESP_UNEXPECT_BLKCNT = 0xFFFF7101, /* incorrect message data block count in RPMB response */ ++ TEE_ERROR_RPMB_RESP_UNEXPECT_BLKIDX = 0xFFFF7102, /* incorrect message data block index in RPMB response */ ++ TEE_ERROR_RPMB_RESP_UNEXPECT_WRCNT = 0xFFFF7103, /* incorrect message data counter in RPMB response */ ++ TEE_ERROR_RPMB_RESP_UNEXPECT_NONCE = 0xFFFF7104, /* incorrect message data nonce in RPMB response */ ++ TEE_ERROR_RPMB_RESP_UNEXPECT_MAC = 0xFFFF7105, /* incorrect message data MAC in RPMB response */ ++ TEE_ERROR_RPMB_FILE_NOT_FOUND = 0xFFFF7106, /* file not found in RPMB */ ++ TEE_ERROR_RPMB_NOSPC = 0xFFFF7107, /* not space left for RPMB operations */ ++ TEE_ERROR_RPMB_SPC_CONFLICT = 0xFFFF7108, /* exceeds max space of RPMB for this TA */ ++ TEE_ERROR_RPMB_NOT_AVAILABLE = 0xFFFF7109, /* RPMB service not ready */ ++ TEE_ERROR_RPMB_DAMAGED = 0xFFFF710A, /* RPMB partition is damaged */ ++ TEE_ERROR_TUI_IN_USE = 0xFFFF7110, /* TUI is being used */ ++ TEE_ERROR_TUI_SWITCH_CHANNAL = 0xFFFF7111, /* incorrect message switch channal in TUI response */ ++ TEE_ERROR_TUI_CFG_DRIVER = 0xFFFF7112, /* incorrect message configurator driver in TUI response */ ++ TEE_ERROR_TUI_INVALID_EVENT = 0xFFFF7113, /* invalid TUI event */ ++ TEE_ERROR_TUI_POLL_EVENT = 0xFFFF7114, /* incorrect message polling events in TUI response */ ++ TEE_ERROR_TUI_CANCELED = 0xFFFF7115, /* TUI is cancelled */ ++ TEE_ERROR_TUI_EXIT = 0xFFFF7116, /* TUI is exited */ ++ TEE_ERROR_TUI_NOT_AVAILABLE = 0xFFFF7117, /* TUI unavailable */ ++ TEE_ERROR_SEC_FLASH_NOT_AVAILABLE = 0xFFFF7118, /* sec flash is not available */ ++ TEE_ERROR_SESRV_NOT_AVAILABLE = 0xFFFF7119, /* SE service has crashed or not enabled */ ++ TEE_ERROR_BIOSRV_NOT_AVAILABLE = 0xFFFF711A, /* BIO service is not available */ ++ TEE_ERROR_ROTSRV_NOT_AVAILABLE = 0xFFFF711B, /* ROT service is not available */ ++ TEE_ERROR_ARTSRV_NOT_AVAILABLE = 0xFFFF711C, /* ART service is not available */ ++ TEE_ERROR_HSMSRV_NOT_AVAILABLE = 0xFFFF711D, /* HSM service is not available */ ++ TEE_ERROR_ANTIROOT_RSP_FAIL = 0xFFFF9110, /* AntiRoot Response verify failed */ ++ TEE_ERROR_ANTIROOT_INVOKE_ERROR = 0xFFFF9111, /* AntiRoot ERROR during invokecmd */ ++ TEE_ERROR_AUDIT_FAIL = 0xFFFF9112, /* audit failed */ ++ TEE_FAIL2 = 0xFFFF9113, /* unused */ ++ TEE_ERROR_IPC_OVERFLOW = 0xFFFF9114 /* IPC Channel overflow error */ + }; + + /* +@@ -343,6 +330,7 @@ enum TEE_LoginMethod { + TEE_LOGIN_USER_APPLICATION = 0x5, + TEE_LOGIN_GROUP_APPLICATION = 0x6, + TEE_LOGIN_IDENTIFY = 0x7, /* iTrustee defined Lognin type */ ++ TEEK_LOGIN_IDENTIFY = 0x80000001, /* iTrustee defined lognin type from linux kernel */ + }; + + typedef struct { +@@ -356,8 +344,8 @@ typedef TEE_Result TEEC_Result; + #define TEE_ORIGIN_TEE 0x00000003 + #define TEE_ORIGIN_TRUSTED_APP 0x00000004 + +-#ifndef _TEE_TA_SESSION_HANDLE +-#define _TEE_TA_SESSION_HANDLE ++#ifndef TEE_TA_SESSION_HANDLE ++#define TEE_TA_SESSION_HANDLE + typedef uint32_t TEE_TASessionHandle; + #endif + +@@ -365,4 +353,28 @@ typedef struct __TEE_ObjectHandle *TEE_ObjectHandle; + typedef struct __TEE_ObjectEnumHandle *TEE_ObjectEnumHandle; + typedef struct __TEE_OperationHandle *TEE_OperationHandle; + ++#define TEE_TIMEOUT_INFINITE (0xFFFFFFFF) ++ ++typedef struct { ++ uint32_t seconds; ++ uint32_t millis; ++} TEE_Time; ++ ++typedef struct { ++ int32_t seconds; ++ int32_t millis; ++ int32_t min; ++ int32_t hour; ++ int32_t day; ++ int32_t month; ++ int32_t year; ++} TEE_Date_Time; ++ ++typedef struct { ++ uint32_t type; ++ uint32_t timer_id; ++ uint32_t timer_class; ++ uint32_t reserved2; ++} TEE_timer_property; ++ + #endif +diff --git a/include/TA/tee_mem_mgmt_api.h b/include/TA/tee_mem_mgmt_api.h +index 5b91566..48f9888 100644 +--- a/include/TA/tee_mem_mgmt_api.h ++++ b/include/TA/tee_mem_mgmt_api.h +@@ -1,6 +1,6 @@ + /* + * Copyright (c) Huawei Technologies Co., Ltd. 2012-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,6 +8,7 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: Header file of memory management api + */ + + #ifndef TEE_MEM_MGMT_API_H +@@ -61,7 +62,7 @@ enum MALLOC_HINT { + * + * @return void + */ +-#if (API_LEVEL >= API_LEVEL1_2) ++#if defined(API_LEVEL) && defined(API_LEVEL1_2) && (API_LEVEL >= API_LEVEL1_2) + void TEE_MemFill(void *buffer, uint8_t x, size_t size); + #else + void TEE_MemFill(void *buffer, uint32_t x, size_t size); +diff --git a/include/TA/tee_object_api.h b/include/TA/tee_object_api.h +index c8200e5..a62f68f 100644 +--- a/include/TA/tee_object_api.h ++++ b/include/TA/tee_object_api.h +@@ -1,6 +1,6 @@ + /* + * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,6 +8,7 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: Reference of TEE object api definitions + */ + + #ifndef __TEE_OBJECT_API_H +@@ -237,7 +238,7 @@ TEE_Result TEE_GenerateKey(TEE_ObjectHandle object, uint32_t keySize, TEE_Attrib + */ + TEE_Result TEE_InfoObjectData(TEE_ObjectHandle object, uint32_t *pos, uint32_t *len); + +-#if (API_LEVEL >= 2) ++#if defined(API_LEVEL) && (API_LEVEL >= 2) + + /* + * Obtain the TEE_ObjectInfo of the object and copy it to the space pointed +diff --git a/include/TA/tee_property_api.h b/include/TA/tee_property_api.h +index fb00a96..2d8b567 100644 +--- a/include/TA/tee_property_api.h ++++ b/include/TA/tee_property_api.h +@@ -1,6 +1,6 @@ + /* + * Copyright (c) Huawei Technologies Co., Ltd. 2012-2019. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,6 +8,7 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: TEE property implementation header file + */ + + #ifndef TEE_PROPERTY_API_H +@@ -69,7 +70,7 @@ TEE_Result TEE_GetPropertyAsBool(TEE_PropSetHandle propsetOrEnumerator, const ch + */ + TEE_Result TEE_GetPropertyAsU32(TEE_PropSetHandle propsetOrEnumerator, const char *name, uint32_t *value); + +-#if (API_LEVEL >= API_LEVEL1_2) ++#if defined(API_LEVEL) && defined(API_LEVEL1_2) && (API_LEVEL >= API_LEVEL1_2) + /* + * retrieves a single property in a property set and converts its value to a 64-bit unsigned integer + * +@@ -120,7 +121,7 @@ TEE_Result TEE_GetPropertyAsUUID(TEE_PropSetHandle propsetOrEnumerator, const ch + * @return TEE_SUCCESS operation success + * @return TEE_ERROR_ITEM_NOT_FOUND cannot find target property + */ +-TEE_Result TEE_GetPropertyAsIdentity(TEE_PropSetHandle propsetOrEnumerator, const char *name, TEE_Identity *value); ++TEE_Result TEE_GetPropertyAsIdentity(TEE_PropSetHandle propsetOrEnumerator, const char *name, TEE_Identity *identity); + + /* + * allocates a property enumerator object +diff --git a/include/TA/tee_time_api.h b/include/TA/tee_time_api.h +index 31cc5f8..fa97c31 100644 +--- a/include/TA/tee_time_api.h ++++ b/include/TA/tee_time_api.h +@@ -1,6 +1,6 @@ + /* + * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,6 +8,7 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: Reference of TEE time api definitions + */ + + #ifndef __TEE_TIME_API_H +@@ -15,34 +16,6 @@ + + #include "tee_defines.h" + +-#define TEE_TIMEOUT_INFINITE (0xFFFFFFFF) +- +-typedef struct { +- uint32_t seconds; +- uint32_t millis; +-} TEE_Time; +- +-typedef struct { +- int32_t seconds; +- int32_t millis; +- int32_t min; +- int32_t hour; +- int32_t day; +- int32_t month; +- int32_t year; +-} TEE_Date_Time; +- +-typedef struct { +- uint32_t type; +- uint32_t timer_id; +- uint32_t timer_class; +- uint32_t reserved2; +-} TEE_timer_property; +- +-typedef enum { +- ANTI_ROOT_TIMER = 1, +-} TEE_Anti_Root_Timer_Type; +- + /* + * Get current TEE system rtc time + * +@@ -111,54 +84,4 @@ void TEE_GetREETime(TEE_Time *time); + * @return void + */ + void TEE_GetREETimeStr(char *time_str, uint32_t time_str_len); +- +-/* +- * Create rtc timer event +- * +- * @param time_seconds [IN] specified number of seconds +- * @param timer_property [IN] specified property of timer +- * +- * @return TEE_SUCCESS success +- * @return TEE_ERROR_GENERIC create timer fail +- */ +-TEE_Result TEE_EXT_CreateTimer(uint32_t time_seconds, TEE_timer_property *timer_property); +- +-/* +- * Destory rtc timer event +- * +- * @param timer_property [IN] specified property of timer +- * +- * @return TEE_SUCCESS success +- * @return TEE_ERROR_GENERIC destroy timer fail +- */ +-TEE_Result TEE_EXT_DestoryTimer(TEE_timer_property *timer_property); +- +-/* +- * Get expire time of rtc timer event +- * +- * @param timer_property [IN] specified property of timer +- * @param time_seconds [OUT] expire time of rtc timer event +- * +- * @return TEE_SUCCESS success +- * @return TEE_ERROR_GENERIC get expire time fail +- */ +-TEE_Result TEE_EXT_GetTimerExpire(TEE_timer_property *timer_property, uint32_t *time_seconds); +- +-/* +- * Get remain time of rtc timer event +- * +- * @param timer_property [IN] specified property of timer +- * @param time_seconds [OUT] remain time of rtc timer event +- * +- * @return TEE_SUCCESS success +- * @return TEE_ERROR_GENERIC get remain time fail +- */ +-TEE_Result TEE_EXT_GetTimerRemain(TEE_timer_property *timer_property, uint32_t *time_seconds); +- +-/* +- * Get secure rtc time +- * +- * @return current rtc seconds +- */ +-unsigned int __get_secure_rtc_time(void); + #endif +diff --git a/include/TA/tee_trusted_storage_api.h b/include/TA/tee_trusted_storage_api.h +new file mode 100644 +index 0000000..cfe7554 +--- /dev/null ++++ b/include/TA/tee_trusted_storage_api.h +@@ -0,0 +1,309 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: Reference of TEE trusted storage definitions ++ */ ++ ++#ifndef __TEE_TRUSTED_STORAGE_API_H ++#define __TEE_TRUSTED_STORAGE_API_H ++ ++#include "tee_defines.h" ++#include "tee_object_api.h" ++ ++/* ++ * Data stream positioning start position option, used in TEE_SeekObjectData function ++ */ ++enum __TEE_Whence { ++ TEE_DATA_SEEK_SET = 0, /* Position the starting position as the beginning of the data stream */ ++ TEE_DATA_SEEK_CUR, /* Position the starting position as the current data stream position */ ++ TEE_DATA_SEEK_END /* Position the starting position at the end of the data stream */ ++}; ++ ++struct __TEE_ObjectEnumHandle; ++typedef struct __TEE_ObjectEnumHandle *TEE_ObjectEnumHandle; ++ ++typedef uint32_t TEE_Whence; ++ ++/* ++ * Storage ID, which defines the storage space of the corresponding application ++ */ ++enum Object_Storage_Constants { ++ TEE_OBJECT_STORAGE_PRIVATE = 0x00000001, /* Separate private storage space for each application */ ++}; ++ ++/* ++ * System resource constraints, such as the maximum value that the data stream position indicator can take ++ */ ++enum Miscellaneous_Constants { ++ TEE_DATA_MAX_POSITION = 0xFFFFFFFF, /* The maximum length that the position indicator of the data stream can take */ ++ TEE_OBJECT_ID_MAX_LEN = 64, /* The maximum length of objectID, which actually extends to 128 bytes */ ++}; ++ ++/* ++ * The maximum number of bytes of data that the data stream can store ++ */ ++enum TEE_DATA_Size { ++ TEE_DATA_OBJECT_MAX_SIZE = 0xFFFFFFFF /* The maximum bytes of data that the object data stream can store */ ++}; ++ ++/* ++ * The handleFlags of TEE_ObjectHandle determines the access authority of ++ * the TEE_ObjectHandle to the object data stream ++ */ ++enum Data_Flag_Constants { ++ /* Have read permission to the data stream, and can read */ ++ TEE_DATA_FLAG_ACCESS_READ = 0x00000001, ++ /* Have write permission to the data stream, and can write and truncate */ ++ TEE_DATA_FLAG_ACCESS_WRITE = 0x00000002, ++ /* Have WRITE_META permission for data stream, and can delete and rename operation */ ++ TEE_DATA_FLAG_ACCESS_WRITE_META = 0x00000004, ++ /* ++ * Have shared read permissions on the data stream, you can open multiple ++ * TEE_ObjectHandles for concurrent reading ++ */ ++ TEE_DATA_FLAG_SHARE_READ = 0x00000010, ++ /* ++ * Have shared write permissions for the data stream, and multiple TEE_ObjectHandles ++ * can be opened for concurrent writing ++ */ ++ TEE_DATA_FLAG_SHARE_WRITE = 0x00000020, ++ /* Unused */ ++ TEE_DATA_FLAG_CREATE = 0x00000200, ++ /* ++ * Protect an existing file with the same name. If the file with the same name does not exist, ++ * create a new data file; if the file with the same name exists, an error will be reported ++ */ ++ TEE_DATA_FLAG_EXCLUSIVE = 0x00000400, ++ /* ++ * Protect an existing file with the same name. If the file with the same name does not exist, ++ * create a new data file; if the file with the same name exists, an error will be reported ++ */ ++ TEE_DATA_FLAG_OVERWRITE = 0x00000400, ++ /* ++ * If the bit27 is set to 1, it means deriving the 32-bytes TA root key at one time, ++ * if it is 0, it means deriving two 16-bytes TA root keys and combined them together ++ */ ++ TEE_DATA_FLAG_DERIVE_32BYTES_KEY_ONCE = 0x08000000, ++ /* If bit28 is set to 1, it means AES256, if it is 0, it means AES128 */ ++ TEE_DATA_FLAG_AES256 = 0x10000000, ++ /* If bit29 is set to 1, it means that the lower version will be opened first */ ++ TEE_DATA_FLAG_OPEN_AESC = 0x20000000, ++}; ++ ++/* ++ * Create a new persistent object, you can directly initialize the data stream and TEE_Attribute, ++ * the user can use the returned handle to access the object's TEE_Attribute and data stream ++ * ++ * @param storageID [IN] Corresponding to a separate storage space for each application, ++ * the value is Object_Storage_Constants ++ * @param objectID [IN] Object identifier, the name of the object to be created ++ * @param objectIDLen [IN] The length of the object identifier by byte, no more than 128 bytes ++ * @param flags [IN] Flags after object creation, the value can be one or more of Data_Flag_Constants ++ * or Handle_Flag_Constants ++ * @param attributes [IN] The TEE_ObjectHandle of the transient object, used to initialize the ++ * TEE_Attribute of the object, can be TEE_HANDLE_NULL ++ * @param initialData [IN] Initial data, used to initialize data stream data ++ * @param initialDataLen [IN] InitialData length in byte ++ * @param object [OUT] TEE_ObjectHandle returned after the function is successfully executed ++ * ++ * @return TEE_SUCCESS Indicates that the function was executed successfully ++ * @return TEE_ERROR_ITEM_NOT_FOUND: The storageID does not exist ++ * @return TEE_ERROR_ACCESS_CONFLICT Access conflict ++ * @return TEE_ERROR_OUT_OF_MEMORY Insufficient memory to complete the operation ++ * @return TEE_ERROR_STORAGE_NO_SPACE There is not enough space to create the object ++ */ ++TEE_Result TEE_CreatePersistentObject(uint32_t storageID, const void *ojbectID, size_t objectIDLen, uint32_t flags, ++ TEE_ObjectHandle attributes, const void *initialData, size_t initialDataLen, ++ TEE_ObjectHandle *object); ++ ++/* ++ * Open an existing permanent object, the returned handle can be used by the user to access ++ * the object's TEE_Attribute and data stream ++ * ++ * @param storageID [IN] orresponding to a separate storage space for each application, ++ * the value is Object_Storage_Constants ++ * @param objectID [IN] object identifier, the name of the object to be opened ++ * @param objectIDLen [IN] The length of the object identifier by byte, no more than 128 bytes ++ * @param flags [IN] Flags after object opened, the value can be one or more of ++ * Data_Flag_Constants or Handle_Flag_Constants ++ * @param object [OUT] TEE_ObjectHandle returned after the function is successfully executed ++ * ++ * @return TEE_SUCCESS Indicates that the function was executed successfully ++ * @return TEE_ERROR_ITEM_NOT_FOUND: The storageID does not exist or cannot find object identifier ++ * @return TEE_ERROR_ACCESS_CONFLICT Access conflict ++ * @return TEE_ERROR_OUT_OF_MEMORY Insufficient memory to complete the operation ++ */ ++TEE_Result TEE_OpenPersistentObject(uint32_t storageID, const void *ojbectID, size_t objectIDLen, uint32_t flags, ++ TEE_ObjectHandle *object); ++ ++/* ++ * Read size bytes of data from the object's data stream to the buffer, ++ * the TEE_ObjectHandle must have been opened with TEE_DATA_FLAG_ACCESS_READ permission ++ * ++ * @param objbect [IN] The TEE_ObjectHandle to be read ++ * @param buffer [OUT] Buffer for storing read data ++ * @param size [IN] Size of data to be read by byte ++ * @param count [OUT] Size of data actually read by byte ++ * ++ * @return TEE_SUCCESS Indicates that the function was executed successfully ++ * @return TEE_ERROR_OUT_OF_MEMORY Insufficient memory to complete the operation ++ */ ++TEE_Result TEE_ReadObjectData(TEE_ObjectHandle ojbect, void *buffer, size_t size, uint32_t *count); ++ ++/* ++ * Write size bytes of data from the buffer to the data stream of the object. ++ * TEE_ObjectHandle must have been opened with TEE_DATA_FLAG_ACCESS_WRITE permission ++ * ++ * @param ojbect [IN] The TEE_ObjectHandle to be write ++ * @param buffer [IN] Store the data to be written ++ * @param size [IN] The length of the data to be written, the size does not exceed 4096 bytes ++ * ++ * @return TEE_SUCCESS Indicates that the function was executed successfully ++ * @return TEE_ERROR_OUT_OF_MEMORY Insufficient memory to complete the operation ++ * @return TEE_ERROR_STORAGE_NO_SPACE There is not enough space to perform the operation ++ */ ++TEE_Result TEE_WriteObjectData(TEE_ObjectHandle ojbect, const void *buffer, size_t size); ++ ++/* ++ * This function changes the size of the data stream. If the size is smaller than the size of ++ * the current data stream, delete all excess bytes. If size is greater than the size of the ++ * current data stream, use '0' to expand ++ * TEE_ObjectHandle must be opened with TEE_DATA_FLAG_ACCESS_WRITE permission ++ * ++ * @param object [IN] TEE_ObjectHandle to be truncated ++ * @param size [IN] The new length of the data stream, the size does not exceed 4096 bytes ++ * ++ * @return TEE_SUCCESS Indicates that the function was executed successfully ++ * @return TEE_ERROR_STORAGE_NO_SPACE There is not enough space to perform the operation ++ */ ++TEE_Result TEE_TruncateObjectData(TEE_ObjectHandle object, size_t size); ++ ++/* ++ * Set the data stream position pointed to by TEE_ObjectHandle, and set the data stream position to: ++ * start position + offset ++ * The parameter whence controls the starting position of the offset, the value can choose in TEE_Whence, ++ * and the meaning is as follows: ++ * TEE_DATA_SEEK_SET, the starting position of the data stream offset is the file header, which is 0 ++ * TEE_DATA_SEEK_CUR, the starting position of the data stream offset is the current position ++ * TEE_DATA_SEEK_END, the starting position of the data stream offset is the end of the file ++ * When the parameter offset is a positive number, it is offset backward, and when it is negative, it is offset forward. ++ * ++ * @param object [IN] TEE_ObjectHandle to be set ++ * @param offset [IN] The size of the data stream position movement, the size does not exceed 4096 bytes ++ * @param whence [IN] The initial position of the data stream offset ++ * ++ * @return TEE_SUCCESS Indicates that the function was executed successfully ++ * @return TEE_ERROR_OVERFLOW The operation causes the value of the position indicator to exceed its ++ * system limit TEE_DATA_MAX_POSITION ++ */ ++TEE_Result TEE_SeekObjectData(TEE_ObjectHandle object, int32_t offset, TEE_Whence whence); ++ ++/* ++ * Close the opened TEE_ObjectHandle and delete the object. The object must be a persistent object ++ * and must have been opened with TEE_DATA_FLAG_ACCESS_WRITE_META permission ++ * ++ * @param object [IN] TEE_ObjectHandle to be closed and deleted ++ * ++ * @return void ++ */ ++void TEE_CloseAndDeletePersistentObject(TEE_ObjectHandle object); ++ ++/* ++ * Synchronize the opened TEE_ObjectHandle, and synchronize the corresponding security attribute files to the disk ++ * ++ * @param object [IN] TEE_ObjectHandle to be synchronized ++ * ++ * @return TEE_SUCCESS Indicates that the function was executed successfully ++ */ ++TEE_Result TEE_SyncPersistentObject(TEE_ObjectHandle object); ++ ++/* ++ * Change the object identifier, the TEE_ObjectHandle must be opened with TEE_DATA_FLAG_ACCESS_WRITE_META permission ++ * ++ * @param ojbect [IN/OUT] The object handle to be modified ++ * @param newObjectID [IN] New object identifier ++ * @param newObjectIDLen [IN] New object identifier length ++ * ++ * @return TEE_SUCCESS Indicates that the function was executed successfully ++ */ ++TEE_Result TEE_RenamePersistentObject(TEE_ObjectHandle object, void *newObjectID, size_t newObjectIDLen); ++ ++/* ++ * Allocate the handle of an uninitialized object enumerator ++ * ++ * @param object [OUT] Pointer to the handle of the newly created object enumerator ++ * ++ * @return TEE_SUCCESS Indicates that the function was executed successfully ++ * @return TEE_ERROR_OUT_OF_MEMORY No enough memory to allocate ++ */ ++TEE_Result TEE_AllocatePersistentObjectEnumerator(TEE_ObjectEnumHandle *obj_enumerator); ++ ++/* ++ * Release a object enumerator handle that has allocated. The handle becomes invalid after the function is called, ++ * and all allocated are released. Use it in pair with TEE_AllocatePersistentObjectEnumerator ++ * ++ * @param object [IN] TEE_ObjectEnumHandle to be released ++ * ++ * @return void ++ */ ++void TEE_FreePersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator); ++ ++/* ++ * Reset the temporary object enumerator to its initial state, that is, the state just after the allocate ++ * ++ * @param object [IN] TEE_ObjectEnumHandle of the object enumerator to be reset ++ * ++ * @return void ++ */ ++void TEE_ResetPersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator); ++ ++/* ++ * Start enumerating all objects in a given storage space, the information of the object can be obtained ++ * through the TEE_GetNextPersistentObject function ++ * ++ * @param object [IN] TEE_ObjectEnumHandle of the allocated object enumerator ++ * @param storageID [IN] Correspond to a separate storage space for each application, the value is ++ * Object_Storage_Constants, currently only supports TEE_STORAGE_PRIVATE ++ * ++ * @return TEE_SUCCESS Indicates that the function was executed successfully ++ * @return TEE_ITEM_NOT_FOUND storageID is not TEE_STORAGE_PRIVATE or there is no object in the storage space ++ */ ++TEE_Result TEE_StartPersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator, uint32_t storage_id); ++ ++/* ++ * Get the next object in the object enumerator, and return the object's TEE_ObjectInfo, objectID, ++ * objectIDLen information ++ * ++ * @param object [IN] TEE_ObjectEnumHandle of the initialized object enumerator ++ * @param objectInfo [OUT] Pointer to the structure used to store the obtained TEE_ObjectInfo ++ * @param objectInfo [OUT] Pointer to a buffer, used to store the obtained objectID ++ * @param objectInfo [OUT] Used to store the obtained objectIDLen ++ * ++ * @return TEE_SUCCESS Indicates that the function was executed successfully ++ * @return TEE_ITEM_NOT_FOUND The enumerator has no object or the enumerator has not been initialized ++ */ ++TEE_Result TEE_GetNextPersistentObject(TEE_ObjectEnumHandle obj_enumerator, ++ TEE_ObjectInfo *object_info, void *object_id, size_t *object_id_len); ++ ++#if defined(API_LEVEL) && (API_LEVEL >= 2) ++ ++/* ++ * Close the opened TEE_ObjectHandle and delete the object. The object must be a persistent object ++ * and must have been opened with TEE_DATA_FLAG_ACCESS_WRITE_META permission ++ * ++ * @param object [IN] TEE_ObjectHandle to be closed and deleted ++ * ++ * @return TEE_SUCCESS Indicates that the function was executed successfully ++ * @return TEE_ERROR_STORAGE_NOT_AVAILABLE Cannot access the storage area where the file is located ++ */ ++TEE_Result TEE_CloseAndDeletePersistentObject1(TEE_ObjectHandle object); ++ ++#endif // API_LEVEL ++#endif +diff --git a/include/TA/tee_uuid.h b/include/TA/tee_uuid.h +new file mode 100644 +index 0000000..51fb298 +--- /dev/null ++++ b/include/TA/tee_uuid.h +@@ -0,0 +1,27 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: Defines of GP TEE_UUID ++ */ ++ ++#ifndef TEE_UUID_H ++#define TEE_UUID_H ++ ++#include ++ ++#define NODE_LEN 8 ++typedef struct tee_uuid { ++ uint32_t timeLow; ++ uint16_t timeMid; ++ uint16_t timeHiAndVersion; ++ uint8_t clockSeqAndNode[NODE_LEN]; ++} TEE_UUID; ++ ++#endif +diff --git a/src/CA/libteec_adaptor.c b/src/CA/libteec_adaptor.c +new file mode 100644 +index 0000000..9fd2042 +--- /dev/null ++++ b/src/CA/libteec_adaptor.c +@@ -0,0 +1,269 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: this file is used for adapting interfaces in libteec.so ++ */ ++ ++#include ++#include ++ ++#include "tee_client_api.h" ++ ++#ifdef LOG_TAG ++#undef LOG_TAG ++#endif ++#define LOG_TAG "libteec_adaptor" ++ ++#define LIBTEEC_PATH "/usr/lib64/libteec.so" ++ ++/* ++ * these Function pointers are consistent with those defined in "tee_client_api.h" ++ * if you want to call the new interface in "tee_client_api.h", ++ * you should add a new definition here ++ */ ++typedef TEEC_Result (*initializeContext_f)(const char *name, TEEC_Context *context); ++typedef void (*finalizeContext_f)(TEEC_Context *context); ++typedef TEEC_Result (*openSession_f)(TEEC_Context *context, TEEC_Session *session, ++ const TEEC_UUID *destination, uint32_t connectionMethod, const void *connectionData, ++ TEEC_Operation *operation, uint32_t *returnOrigin); ++typedef void (*closeSession_f)(TEEC_Session *session); ++typedef TEEC_Result (*invokeCommand_f)(TEEC_Session *session, uint32_t commandID, ++ TEEC_Operation *operation, uint32_t *returnOrigin); ++typedef TEEC_Result (*registerSharedMemory_f)(TEEC_Context *context, ++ TEEC_SharedMemory *sharedMem); ++typedef TEEC_Result (*allocateSharedMemory_f)(TEEC_Context *context, ++ TEEC_SharedMemory *sharedMem); ++typedef void (*releaseSharedMemory_f)(TEEC_SharedMemory *sharedMem); ++typedef void (*requestCancellation_f)(TEEC_Operation *operation); ++ ++typedef struct { ++ initializeContext_f initializeContextFn; ++ finalizeContext_f finalizeContextFn; ++ openSession_f openSessionFn; ++ closeSession_f closeSessionFn; ++ invokeCommand_f invokeCommandFn; ++ registerSharedMemory_f registerSharedMemoryFn; ++ allocateSharedMemory_f allocateSharedMemoryFn; ++ releaseSharedMemory_f releaseSharedMemoryFn; ++ requestCancellation_f requestCancellationFn; ++} TeecApiTable; ++ ++static TeecApiTable g_teecApiTable; ++static void *g_libTeecHandle = NULL; ++static pthread_mutex_t g_libTeecHandleLock = PTHREAD_MUTEX_INITIALIZER; ++ ++static TEEC_Result GetBasicApiSymbol(TeecApiTable *teecApiTable) ++{ ++ teecApiTable->initializeContextFn = ++ (initializeContext_f)(dlsym(g_libTeecHandle, "TEEC_InitializeContext")); ++ if (teecApiTable->initializeContextFn == NULL) { ++ TEEC_Error("get symbol TEEC_InitializeContext failed\n"); ++ return TEEC_ERROR_GENERIC; ++ } ++ ++ teecApiTable->finalizeContextFn = ++ (finalizeContext_f)(dlsym(g_libTeecHandle, "TEEC_FinalizeContext")); ++ if (teecApiTable->finalizeContextFn == NULL) { ++ TEEC_Error("get symbol TEEC_FinalizeContext failed\n"); ++ return TEEC_ERROR_GENERIC; ++ } ++ ++ teecApiTable->openSessionFn = ++ (openSession_f)(dlsym(g_libTeecHandle, "TEEC_OpenSession")); ++ if (teecApiTable->openSessionFn == NULL) { ++ TEEC_Error("get symbol TEEC_OpenSession failed\n"); ++ return TEEC_ERROR_GENERIC; ++ } ++ ++ teecApiTable->closeSessionFn = ++ (closeSession_f)(dlsym(g_libTeecHandle, "TEEC_CloseSession")); ++ if (teecApiTable->closeSessionFn == NULL) { ++ TEEC_Error("get symbol TEEC_CloseSession failed\n"); ++ return TEEC_ERROR_GENERIC; ++ } ++ ++ teecApiTable->invokeCommandFn = ++ (invokeCommand_f)(dlsym(g_libTeecHandle, "TEEC_InvokeCommand")); ++ if (teecApiTable->invokeCommandFn == NULL) { ++ TEEC_Error("get symbol TEEC_InvokeCommand failed\n"); ++ return TEEC_ERROR_GENERIC; ++ } ++ ++ return TEEC_SUCCESS; ++} ++ ++static TEEC_Result GetMemApiSymbol(TeecApiTable *teecApiTable) ++{ ++ teecApiTable->registerSharedMemoryFn = ++ (registerSharedMemory_f)(dlsym(g_libTeecHandle, "TEEC_RegisterSharedMemory")); ++ if (teecApiTable->registerSharedMemoryFn == NULL) { ++ TEEC_Error("get symbol TEEC_RegisterSharedMemory failed\n"); ++ return TEEC_ERROR_GENERIC; ++ } ++ ++ teecApiTable->allocateSharedMemoryFn = ++ (allocateSharedMemory_f)(dlsym(g_libTeecHandle, "TEEC_AllocateSharedMemory")); ++ if (teecApiTable->allocateSharedMemoryFn == NULL) { ++ TEEC_Error("get symbol TEEC_AllocateSharedMemory failed\n"); ++ return TEEC_ERROR_GENERIC; ++ } ++ ++ teecApiTable->releaseSharedMemoryFn = ++ (releaseSharedMemory_f)(dlsym(g_libTeecHandle, "TEEC_ReleaseSharedMemory")); ++ if (teecApiTable->releaseSharedMemoryFn == NULL) { ++ TEEC_Error("get symbol TEEC_ReleaseSharedMemory failed\n"); ++ return TEEC_ERROR_GENERIC; ++ } ++ ++ teecApiTable->requestCancellationFn = ++ (requestCancellation_f)(dlsym(g_libTeecHandle, "TEEC_RequestCancellation")); ++ if (teecApiTable->requestCancellationFn == NULL) { ++ TEEC_Error("get symbol TEEC_RequestCancellation failed\n"); ++ return TEEC_ERROR_GENERIC; ++ } ++ ++ return TEEC_SUCCESS; ++} ++ ++static TEEC_Result GetTeecApiSymbol() ++{ ++ TeecApiTable teecApiTable = {0}; ++ (void)pthread_mutex_lock(&g_libTeecHandleLock); ++ ++ if (g_libTeecHandle != NULL) { ++ (void)pthread_mutex_unlock(&g_libTeecHandleLock); ++ return TEEC_SUCCESS; ++ } ++ ++ g_libTeecHandle = dlopen(LIBTEEC_PATH, RTLD_LAZY); ++ if (g_libTeecHandle == NULL) { ++ TEEC_Error("dlopen libteec failed\n"); ++ (void)pthread_mutex_unlock(&g_libTeecHandleLock); ++ return TEEC_ERROR_GENERIC; ++ } ++ ++ if (GetBasicApiSymbol(&teecApiTable) != TEEC_SUCCESS || ++ GetMemApiSymbol(&teecApiTable) != TEEC_SUCCESS) { ++ TEEC_Error("get symbol failed\n"); ++ goto ERROR; ++ } ++ ++ g_teecApiTable = teecApiTable; ++ (void)pthread_mutex_unlock(&g_libTeecHandleLock); ++ return TEEC_SUCCESS; ++ ++ERROR: ++ dlclose(g_libTeecHandle); ++ g_libTeecHandle = NULL; ++ (void)pthread_mutex_unlock(&g_libTeecHandleLock); ++ return TEEC_ERROR_GENERIC; ++} ++ ++/* ++ * The following are Interfaces for CA application, ++ * In these interfaces, you should make sure the function pointer in g_teecApiTable is not NULL ++ */ ++TEEC_Result TEEC_InitializeContext(const char *name, TEEC_Context *context) ++{ ++ TEEC_Result ret = GetTeecApiSymbol(); ++ if (ret != TEEC_SUCCESS) { ++ TEEC_Error("get teec api symbol failed!\n"); ++ return TEEC_ERROR_GENERIC; ++ } ++ ++ return g_teecApiTable.initializeContextFn(name, context); ++} ++ ++void TEEC_FinalizeContext(TEEC_Context *context) ++{ ++ if (g_teecApiTable.finalizeContextFn == NULL) { ++ TEEC_Error("finalizeContextFn is null!\n"); ++ return; ++ } ++ ++ g_teecApiTable.finalizeContextFn(context); ++} ++ ++TEEC_Result TEEC_OpenSession(TEEC_Context *context, TEEC_Session *session, ++ const TEEC_UUID *destination, uint32_t connectionMethod, ++ const void *connectionData, TEEC_Operation *operation, ++ uint32_t *returnOrigin) ++{ ++ if (g_teecApiTable.openSessionFn == NULL) { ++ TEEC_Error("openSessionFn is null!\n"); ++ return TEEC_ERROR_GENERIC; ++ } ++ ++ return g_teecApiTable.openSessionFn(context, session, destination, ++ connectionMethod, connectionData, operation, returnOrigin); ++} ++ ++void TEEC_CloseSession(TEEC_Session *session) ++{ ++ if (g_teecApiTable.closeSessionFn == NULL) { ++ TEEC_Error("closeSessionFn is null!\n"); ++ return; ++ } ++ ++ g_teecApiTable.closeSessionFn(session); ++} ++ ++TEEC_Result TEEC_InvokeCommand(TEEC_Session *session, uint32_t commandID, ++ TEEC_Operation *operation, uint32_t *returnOrigin) ++{ ++ if (g_teecApiTable.invokeCommandFn == NULL) { ++ TEEC_Error("invokeCommandFn is null!\n"); ++ return TEEC_ERROR_GENERIC; ++ } ++ ++ return g_teecApiTable.invokeCommandFn(session, commandID, operation, returnOrigin); ++} ++ ++TEEC_Result TEEC_RegisterSharedMemory(TEEC_Context *context, ++ TEEC_SharedMemory *sharedMem) ++{ ++ if (g_teecApiTable.registerSharedMemoryFn == NULL) { ++ TEEC_Error("registerSharedMemoryFn is null!\n"); ++ return TEEC_ERROR_GENERIC; ++ } ++ ++ return g_teecApiTable.registerSharedMemoryFn(context, sharedMem); ++} ++ ++TEEC_Result TEEC_AllocateSharedMemory(TEEC_Context *context, ++ TEEC_SharedMemory *sharedMem) ++{ ++ if (g_teecApiTable.allocateSharedMemoryFn == NULL) { ++ TEEC_Error("allocateSharedMemoryFn is null!\n"); ++ return TEEC_ERROR_GENERIC; ++ } ++ ++ return g_teecApiTable.allocateSharedMemoryFn(context, sharedMem); ++} ++ ++void TEEC_ReleaseSharedMemory(TEEC_SharedMemory *sharedMem) ++{ ++ if (g_teecApiTable.releaseSharedMemoryFn == NULL) { ++ TEEC_Error("releaseSharedMemoryFn is null!\n"); ++ return; ++ } ++ ++ g_teecApiTable.releaseSharedMemoryFn(sharedMem); ++} ++ ++void TEEC_RequestCancellation(TEEC_Operation *operation) ++{ ++ if (g_teecApiTable.requestCancellationFn == NULL) { ++ TEEC_Error("requestCancellationFn is null!\n"); ++ return; ++ } ++ ++ g_teecApiTable.requestCancellationFn(operation); ++} +diff --git a/test/CA/cert_manager/Makefile b/test/CA/cert_manager/Makefile +new file mode 100644 +index 0000000..589ac63 +--- /dev/null ++++ b/test/CA/cert_manager/Makefile +@@ -0,0 +1,27 @@ ++# Copyright (c) Huawei Technologies Co., Ltd. 2021-2022. All rights reserved. ++ ++CUR_DIR=$(shell pwd) ++ITRUSTEE_BUILD_PATH=${CUR_DIR}/../../../ ++ ++TARGET_APP := certmanager ++ ++APP_SOURCES := ./cert_file.c ++APP_SOURCES += ./cert_manager.c ++ ++APP_SOURCES += $(ITRUSTEE_BUILD_PATH)/src/CA/libteec_adaptor.c ++ ++APP_CFLAGS += -fstack-protector-strong -fPIC ++ ++APP_CFLAGS += -I$(ITRUSTEE_BUILD_PATH)/include/CA \ ++ -I$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck/include ++ ++APP_LDFLAGS += -ldl -lpthread -lboundscheck ++ ++APP_LDFLAGS += -z text -z now -z relro -z noexecstack -pie -s ++ ++APP_OBJECTS := $(APP_SOURCES:.c=.o) ++$(TARGET_APP): $(APP_SOURCES) ++ $(CC) $(APP_CFLAGS) -o $@ $(APP_SOURCES) $(APP_LDFLAGS) ++ ++clean: ++ @rm -f *.o $(TARGET_APP) +diff --git a/test/CA/cert_manager/cert_common.h b/test/CA/cert_manager/cert_common.h +new file mode 100644 +index 0000000..c485e0f +--- /dev/null ++++ b/test/CA/cert_manager/cert_common.h +@@ -0,0 +1,21 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: CA for certification management. ++ */ ++#ifndef CERT_COMMON_H ++#define CERT_COMMON_H ++ ++#define printf_err(msg, ...) fprintf(stderr, msg, ##__VA_ARGS__) ++#define MAX_BUFFER_LEN 8192 ++#define MAX_LOG_BUFFER_LEN 10000 ++ ++#endif ++ +diff --git a/test/CA/cert_manager/cert_file.c b/test/CA/cert_manager/cert_file.c +new file mode 100644 +index 0000000..87b62e1 +--- /dev/null ++++ b/test/CA/cert_manager/cert_file.c +@@ -0,0 +1,100 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: CA for certification management. ++ */ ++#include "cert_file.h" ++ ++#include ++#include ++#include ++#include ++#include ++ ++#include "cert_common.h" ++ ++bool IsFileExist(const char *path) ++{ ++ return access(path, F_OK) == 0; ++} ++ ++static int32_t GetFileSize(const char *path, long *size) ++{ ++ int32_t ret; ++ struct stat buf; ++ ret = stat(path, &buf); ++ if (ret != 0) ++ printf_err("file stat failed: %s\n", path); ++ else ++ *size = buf.st_size; ++ return ret; ++} ++ ++int32_t LoadFromFs(void *buffer, size_t size, const char *filePath, size_t *fileSize) ++{ ++ int32_t ret; ++ /* check file name */ ++ if (strstr(filePath, ".der") == NULL && strstr(filePath, ".crl") == NULL) { ++ ret = errno; ++ printf_err("only support der or crl file\n"); ++ goto end; ++ } ++ /* get file length */ ++ ret = GetFileSize(filePath, fileSize); ++ if (ret != 0) { ++ printf_err("get file length failed: %s\n", filePath); ++ goto end; ++ } ++ /* check file content overflow */ ++ if (*fileSize > size) { ++ printf_err("file is too long: %s\n", filePath); ++ ret = errno; ++ goto end; ++ } ++ /* read contents from file into buffer */ ++ FILE *fp = fopen(filePath, "r"); ++ if (fp == NULL) { ++ ret = errno; ++ printf_err("open file failed: %s\n", filePath); ++ goto end; ++ } ++ size_t readLen = fread(buffer, 1, size, fp); ++ if (readLen != *fileSize) { ++ ret = errno; ++ printf_err("read file failed: %s\n", filePath); ++ } ++ (void)fclose(fp); ++end: ++ return ret; ++} ++ ++int32_t StoreToFs(const void *buffer, uint32_t size, const char *filePath) ++{ ++ int32_t ret = 0; ++ if (buffer == NULL || size == 0 || filePath == NULL) { ++ printf_err("store to fs bad parameters\n"); ++ return errno; ++ } ++ /* write size of buffer into file */ ++ FILE *fp = fopen(filePath, "w"); ++ if (fp == NULL) { ++ ret = errno; ++ printf_err("open file failed: %s\n", filePath); ++ goto end; ++ } ++ size_t writeLen = fwrite(buffer, 1, size, fp); ++ if (writeLen != size) { ++ ret = errno; ++ printf_err("write file failed: %s\n", filePath); ++ } ++ (void)fclose(fp); ++end: ++ return ret; ++} +diff --git a/test/CA/cert_manager/cert_file.h b/test/CA/cert_manager/cert_file.h +new file mode 100644 +index 0000000..7d68f40 +--- /dev/null ++++ b/test/CA/cert_manager/cert_file.h +@@ -0,0 +1,25 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: CA for certification management. ++ */ ++#ifndef CERT_FILE_H ++#define CERT_FILE_H ++ ++#include ++#include ++#include ++#include ++ ++bool IsFileExist(const char *path); ++int32_t LoadFromFs(void *buffer, size_t size, const char *filePath, size_t* fileSize); ++int32_t StoreToFs(const void *buffer, uint32_t size, const char *filePath); ++ ++#endif +diff --git a/test/CA/cert_manager/cert_manager.c b/test/CA/cert_manager/cert_manager.c +new file mode 100644 +index 0000000..da24c8f +--- /dev/null ++++ b/test/CA/cert_manager/cert_manager.c +@@ -0,0 +1,368 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: CA for certification management. ++ */ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "cert_file.h" ++#include "cert_common.h" ++ ++#define TA_PATH "/usr/bin/4acaf7c8-c652-4643-9b7a-cc07e7a3187a.sec" ++ ++/* commands */ ++#define CMD_DESTROY "destroy" ++#define CMD_IMPORT "import" ++#define CMD_IMPORT_CRL "import_crl" ++#define CMD_EXPORT "export" ++/* sub commands of export */ ++#define CMD_EXPORT_CERT "cert" ++#define CMD_EXPORT_LOG "log" ++ ++/* number of command arguments */ ++#define CMD_IMPORT_ARGC 3 ++#define CMD_EXPORT_CERT_ARGC 4 ++#define CMD_EXPORT_LOG_ARGC 3 ++#define CMD_DESTROY_ARGC 2 ++#define CMD_IMPORT_CRL_ARGC 3 ++ ++/* index of command parameters */ ++#define CMD_NAME 1 ++#define CMD_IMPORT_ARG_PATH 2 ++#define CMD_EXPORT_SUBCMD 2 ++#define CMD_EXPORT_ARG_PATH 3 ++ ++enum { ++ IPC_IMPORT_CERT = 1, ++ IPC_EXPORT_CERT = 2, ++ IPC_DESTROY_CERT = 3, ++ IPC_EXPORT_LOG = 4, ++ IPC_IMPORT_CRL = 5 ++}; ++ ++enum { ++ CERTMANGER_CMD_IMPORT_CERT = 1, ++ CERTMANGER_CMD_EXPORT = 2, ++ CERTMANGER_CMD_DESTROY = 3, ++ CERTMANGER_CMD_IMPORT_CRL = 4 ++}; ++ ++static TEEC_Result Destroy(TEEC_Session *session) ++{ ++ TEEC_Result result; ++ /* invoke ipc command */ ++ TEEC_Operation operation = { 0 }; ++ operation.started = 1; ++ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE); ++ result = TEEC_InvokeCommand(session, IPC_DESTROY_CERT, &operation, NULL); ++ if (result != TEEC_SUCCESS) ++ printf_err("ipc failed\n"); ++ return result; ++} ++ ++static TEEC_Result ProcessExportResult(TEEC_SharedMemory *sharedMem, uint32_t len, const char *certPath) ++{ ++ TEEC_Result result = TEEC_SUCCESS; ++ uint8_t *outbuf = (uint8_t *)malloc(sharedMem->size); ++ if (outbuf == NULL) { ++ printf_err("memory allocate failed\n"); ++ result = TEEC_ERROR_OUT_OF_MEMORY; ++ goto end; ++ } ++ if (len == 0) ++ printf_err("warning: empty content\n"); ++ /* replaced with memcpy(outbuf, sharedMem->buffer, len) when memcpy_s is not supported */ ++ if (memcpy_s(outbuf, sharedMem->size, sharedMem->buffer, len) != EOK) { ++ result = TEEC_ERROR_OUT_OF_MEMORY; ++ printf_err("memcpy_s failed\n"); ++ goto end; ++ } ++ if (certPath != NULL) { ++ if (StoreToFs(outbuf, len, certPath) != 0) { ++ result = TEEC_ERROR_WRITE_DATA; ++ printf_err("write to file failed: %s\n", certPath); ++ } ++ } else { ++ printf("%s\n", outbuf); ++ } ++end: ++ if (outbuf != NULL) { ++ free(outbuf); ++ outbuf = NULL; ++ } ++ return result; ++} ++ ++static TEEC_Result Export(TEEC_Context *context, TEEC_Session *session, const char *cmdLine, const char *certPath) ++{ ++ TEEC_Result result; ++ char realPath[PATH_MAX]; ++ /* 1. parse sub-command */ ++ uint32_t cmd; ++ if (memcmp(cmdLine, CMD_EXPORT_CERT, sizeof(CMD_EXPORT_CERT)) == 0) { ++ /* check Legality of certPath */ ++ if (realpath(certPath, realPath) == NULL) { ++ result = errno; ++ printf_err("illegal certification path: %s\n", certPath); ++ goto end; ++ } ++ cmd = IPC_EXPORT_CERT; ++ } else if (memcmp(cmdLine, CMD_EXPORT_LOG, sizeof(CMD_EXPORT_LOG)) == 0) { ++ cmd = IPC_EXPORT_LOG; ++ } else { ++ result = TEEC_ERROR_INVALID_CMD; ++ printf_err("unknown sub-command: %s\n", cmdLine); ++ goto end; ++ } ++ /* 2. allocate shared memory */ ++ TEEC_SharedMemory sharedMem; ++ sharedMem.size = (cmd == IPC_EXPORT_LOG) ? MAX_LOG_BUFFER_LEN : MAX_BUFFER_LEN; ++ sharedMem.flags = TEEC_MEM_OUTPUT | TEEC_MEM_INPUT; ++ result = TEEC_AllocateSharedMemory(context, &sharedMem); ++ if (result != TEEC_SUCCESS) { ++ printf_err("allocate shared memory failed\n"); ++ goto end; ++ } ++ /* 3. invoke ipc command */ ++ TEEC_Operation operation = { 0 }; ++ operation.started = 1; ++ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INOUT, TEEC_NONE, TEEC_NONE, TEEC_NONE); ++ operation.params[0].memref.parent = &sharedMem; ++ operation.params[0].memref.offset = 0; ++ operation.params[0].memref.size = sharedMem.size; ++ result = TEEC_InvokeCommand(session, cmd, &operation, NULL); ++ if (result != TEEC_SUCCESS) { ++ printf_err("ipc failed\n"); ++ goto free_sharedMem; ++ } ++ /* 4. process ipc result */ ++ const char *path = cmd == IPC_EXPORT_CERT ? realPath : NULL; ++ result = ProcessExportResult(&sharedMem, operation.params[0].memref.size, path); ++free_sharedMem: ++ TEEC_ReleaseSharedMemory(&sharedMem); ++end: ++ return result; ++} ++ ++static TEEC_Result Import(TEEC_Context *context, TEEC_Session *session, const char *certPath) ++{ ++ TEEC_Result result; ++ char realPath[PATH_MAX]; ++ /* 1. allocate shared memory */ ++ TEEC_SharedMemory sharedMem; ++ sharedMem.size = MAX_BUFFER_LEN; ++ sharedMem.flags = TEEC_MEM_OUTPUT | TEEC_MEM_INPUT; ++ result = TEEC_AllocateSharedMemory(context, &sharedMem); ++ if (result != TEEC_SUCCESS) { ++ printf_err("allocate shared memory failed\n"); ++ goto end; ++ } ++ /* 2. check certPath legality */ ++ if (realpath(certPath, realPath) == NULL) { ++ printf_err("illegal certification path:%s\n", certPath); ++ result = errno; ++ goto free_sharedMem; ++ } ++ if (!IsFileExist(realPath)) { ++ printf_err("certification not exist:%s\n", certPath); ++ result = TEEC_ERROR_BAD_PARAMETERS; ++ goto free_sharedMem; ++ } ++ /* 3. read cert from filesystem to shared memory */ ++ size_t fileSize = 0; ++ if (LoadFromFs(sharedMem.buffer, sharedMem.size, certPath, &fileSize) != 0) { ++ result = TEEC_ERROR_READ_DATA; ++ printf_err("load certification failed\n"); ++ goto free_sharedMem; ++ } ++ /* 4. invoke ipc command */ ++ TEEC_Operation operation = { 0 }; ++ operation.started = 1; ++ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INPUT, TEEC_NONE, TEEC_NONE, TEEC_NONE); ++ operation.params[0].memref.parent = &sharedMem; ++ operation.params[0].memref.offset = 0; ++ operation.params[0].memref.size = fileSize; ++ result = TEEC_InvokeCommand(session, IPC_IMPORT_CERT, &operation, NULL); ++ if (result != TEEC_SUCCESS) ++ printf_err("ipc failed\n"); ++free_sharedMem: ++ TEEC_ReleaseSharedMemory(&sharedMem); ++end: ++ return result; ++} ++ ++static TEEC_Result ImportCrl(TEEC_Context *context, TEEC_Session *session, const char *certPath) ++{ ++ TEEC_Result result; ++ char realPath[PATH_MAX]; ++ /* 1. allocate shared memory */ ++ TEEC_SharedMemory sharedMem; ++ sharedMem.size = MAX_BUFFER_LEN; ++ sharedMem.flags = TEEC_MEM_OUTPUT | TEEC_MEM_INPUT; ++ result = TEEC_AllocateSharedMemory(context, &sharedMem); ++ if (result != TEEC_SUCCESS) { ++ printf_err("allocate crl shared memory failed\n"); ++ goto end; ++ } ++ /* 2. check certPath legality */ ++ if (realpath(certPath, realPath) == NULL) { ++ printf_err("illegal certification path:%s\n", certPath); ++ result = errno; ++ goto free_sharedMem; ++ } ++ if (!IsFileExist(realPath)) { ++ printf_err("certification not exist:%s\n", certPath); ++ result = TEEC_ERROR_BAD_PARAMETERS; ++ goto free_sharedMem; ++ } ++ /* 3. read cert from filesystem to shared memory */ ++ size_t fileSize = 0; ++ if (LoadFromFs(sharedMem.buffer, sharedMem.size, certPath, &fileSize) != 0) { ++ result = TEEC_ERROR_READ_DATA; ++ printf_err("load crl failed\n"); ++ goto free_sharedMem; ++ } ++ /* 4. invoke ipc command */ ++ TEEC_Operation operation = { 0 }; ++ operation.started = 1; ++ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INPUT, TEEC_NONE, TEEC_NONE, TEEC_NONE); ++ operation.params[0].memref.parent = &sharedMem; ++ operation.params[0].memref.offset = 0; ++ operation.params[0].memref.size = fileSize; ++ result = TEEC_InvokeCommand(session, IPC_IMPORT_CRL, &operation, NULL); ++ if (result != TEEC_SUCCESS) ++ printf_err("ipc failed\n"); ++free_sharedMem: ++ TEEC_ReleaseSharedMemory(&sharedMem); ++end: ++ return result; ++} ++ ++static TEEC_UUID g_taId = { ++ 0x4acaf7c8, 0xc652, 0x4643, ++ { 0x9b, 0x7a, 0xcc, 0x07, 0xe7, 0xa3, 0x18, 0x7a } ++}; ++ ++static TEEC_Result OpenSessionTa(TEEC_Context *context, TEEC_Session *session) ++{ ++ TEEC_UUID *uuidp = &g_taId; ++ TEEC_Operation operation = { 0 }; ++ context->ta_path = (uint8_t *)TA_PATH; ++ operation.started = 1; ++ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE); ++ TEEC_Result result = TEEC_OpenSession(context, session, uuidp, TEEC_LOGIN_IDENTIFY, NULL, &operation, NULL); ++ if (result != TEEC_SUCCESS) { ++ printf_err("teec open session failed,result is 0x%x\n", result); ++ return result; ++ } ++ return TEEC_SUCCESS; ++} ++ ++static int32_t GetInputCmd(int argc, char *argv[]) ++{ ++ if (argc < CMD_DESTROY_ARGC || argc > CMD_EXPORT_CERT_ARGC) { ++ printf_err("wrong parameters num \n"); ++ return -1; ++ } ++ /* 1. process command line */ ++ if (memcmp(argv[CMD_NAME], CMD_IMPORT, sizeof(CMD_IMPORT)) == 0 && argc == CMD_IMPORT_ARGC) { ++ /* import */ ++ return CERTMANGER_CMD_IMPORT_CERT; ++ } else if (memcmp(argv[CMD_NAME], CMD_IMPORT_CRL, sizeof(CMD_IMPORT_CRL)) == 0 && argc == CMD_IMPORT_CRL_ARGC) { ++ /* import crl */ ++ return CERTMANGER_CMD_IMPORT_CRL; ++ } else if (memcmp(argv[CMD_NAME], CMD_EXPORT, sizeof(CMD_EXPORT)) == 0 && ++ (argc == CMD_EXPORT_CERT_ARGC || argc == CMD_EXPORT_LOG_ARGC)) { ++ /* export */ ++ return CERTMANGER_CMD_EXPORT; ++ } else if (memcmp(argv[CMD_NAME], CMD_DESTROY, sizeof(CMD_DESTROY)) == 0 && argc == CMD_DESTROY_ARGC) { ++ /* destroy */ ++ return CERTMANGER_CMD_DESTROY; ++ } else { ++ /* undefined */ ++ printf("invalid command \n"); ++ return -1; ++ } ++} ++ ++static TEEC_Result SelectCmd(char *argv[], TEEC_Context *context, TEEC_Session *session, int32_t cmd) ++{ ++ switch (cmd) { ++ case CERTMANGER_CMD_IMPORT_CERT: ++ return Import(context, session, argv[CMD_IMPORT_ARG_PATH]); ++ case CERTMANGER_CMD_IMPORT_CRL: ++ return ImportCrl(context, session, argv[CMD_IMPORT_ARG_PATH]); ++ case CERTMANGER_CMD_EXPORT: ++ return Export(context, session, argv[CMD_EXPORT_SUBCMD], argv[CMD_EXPORT_ARG_PATH]); ++ case CERTMANGER_CMD_DESTROY: ++ return Destroy(session); ++ default: ++ printf_err("failed, errno input:%d\n", cmd); ++ return TEEC_ERROR_INVALID_CMD; ++ } ++} ++ ++int main(int argc, char *argv[]) ++{ ++ int32_t ret = 0; ++ TEEC_Result result; ++ TEEC_Context context; ++ TEEC_Session session; ++ ++ /* 1. check input cmd */ ++ int32_t cmd = GetInputCmd(argc, argv); ++ if (cmd <= 0) { ++ printf_err("input parameter errno\n"); ++ return -1; ++ } ++ ++ /* 2. init context */ ++ result = TEEC_InitializeContext(NULL, &context); ++ if (result != TEEC_SUCCESS) { ++ printf_err("teec initialize failed\n"); ++ return -1; ++ } ++ ++ /* 3. open session */ ++ result = OpenSessionTa(&context, &session); ++ if (result != TEEC_SUCCESS) { ++ printf_err("teec open session failed\n"); ++ goto final; ++ } ++ ++ /* 4. select cmd */ ++ result = SelectCmd(argv, &context, &session, cmd); ++ switch (result) { ++ case TEEC_SUCCESS: ++ printf("success\n"); ++ break; ++ case TEEC_ERROR_ITEM_NOT_FOUND: ++ printf_err("ssa log is not exist\n"); ++ ret = -1; ++ goto close; ++ default: ++ printf_err("certmanger error: %d\n", result); ++ ret = -1; ++ goto close; ++ } ++close: ++ TEEC_CloseSession(&session); ++final: ++ TEEC_FinalizeContext(&context); ++ return ret; ++} +diff --git a/test/CA/helloworld/Makefile b/test/CA/helloworld/Makefile +new file mode 100644 +index 0000000..d4392da +--- /dev/null ++++ b/test/CA/helloworld/Makefile +@@ -0,0 +1,24 @@ ++# Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved. ++CUR_DIR=$(shell pwd) ++ITRUSTEE_BUILD_PATH=${CUR_DIR}/../../../ ++ ++TARGET_APP := demo_hello ++ ++APP_SOURCES := ./ca_demo.c ++ ++APP_SOURCES += $(ITRUSTEE_BUILD_PATH)/src/CA/libteec_adaptor.c ++ ++APP_CFLAGS += -fstack-protector-strong -fPIC ++ ++APP_CFLAGS += -I$(ITRUSTEE_BUILD_PATH)/include/CA \ ++ ++APP_LDFLAGS += -ldl -lpthread ++ ++APP_LDFLAGS += -z text -z now -z relro -z noexecstack -pie -s ++ ++APP_OBJECTS := $(APP_SOURCES:.c=.o) ++$(TARGET_APP): $(APP_SOURCES) ++ @$(CC) $(APP_CFLAGS) -o $@ $(APP_SOURCES) $(APP_LDFLAGS) ++ ++clean: ++ rm -f *.o $(TARGET_APP) +diff --git a/test/CA/helloworld/ca_demo.c b/test/CA/helloworld/ca_demo.c +index 57c0e35..630ce84 100755 +--- a/test/CA/helloworld/ca_demo.c ++++ b/test/CA/helloworld/ca_demo.c +@@ -1,6 +1,6 @@ + /* + * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,6 +8,7 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: C file template for CA + */ + + #include +@@ -25,10 +26,8 @@ + #define OPERATION_START_FLAG 1 + #define OUT_BUFF_INDEX 3 + +-static const TEEC_UUID DEMO_TEMPLATE_UUID = +-{ +- 0xe3d37f4a, 0xf24c, 0x48d0, +- { 0x88, 0x84, 0x3b, 0xdd, 0x6c, 0x44, 0xe9, 0x88 } ++static const TEEC_UUID g_demoTemplateUuid = { ++ 0xe3d37f4a, 0xf24c, 0x48d0, { 0x88, 0x84, 0x3b, 0xdd, 0x6c, 0x44, 0xe9, 0x88 } + }; + + enum { +@@ -57,16 +56,14 @@ int main(void) + operation.paramTypes = TEEC_PARAM_TYPES( + TEEC_NONE, + TEEC_NONE, +- TEEC_MEMREF_TEMP_INPUT, +- TEEC_MEMREF_TEMP_INPUT); ++ TEEC_NONE, ++ TEEC_NONE); + + result = TEEC_OpenSession( +- &context, &session, &DEMO_TEMPLATE_UUID, TEEC_LOGIN_IDENTIFY, NULL, &operation, &origin); ++ &context, &session, &g_demoTemplateUuid, TEEC_LOGIN_IDENTIFY, NULL, &operation, &origin); + if (result != TEEC_SUCCESS) { + printf("teec open session failed"); + goto cleanup_2; +- } else { +- TEEC_Debug("teec open session successed"); + } + + operation.started = OPERATION_START_FLAG; +diff --git a/test/CA/libqca/Makefile b/test/CA/libqca/Makefile +new file mode 100644 +index 0000000..51d5112 +--- /dev/null ++++ b/test/CA/libqca/Makefile +@@ -0,0 +1,42 @@ ++# Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved. ++CUR_DIR=$(shell pwd) ++ITRUSTEE_BUILD_PATH=${CUR_DIR}/../../../ ++ ++TARGET_LIB := libqca.so ++TARGET_DIR := output ++TARGET_LIB_BOUNDSCHECK := libboundscheck.so ++ ++LIB_SOURCES := src/ra_operate_api.c ++ ++LIB_SOURCES += $(ITRUSTEE_BUILD_PATH)/src/CA/libteec_adaptor.c ++ ++LIB_CFLAGS += -Werror -Wall -Wextra -fstack-protector-strong -Wl,-z,relro,-z,now,-z,noexecstack -s -fPIC -D_FORTIFY_SOURCE=2 -O2 ++ ++LIB_CFLAGS += -I$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck/include ++LIB_CFLAGS += -I$(ITRUSTEE_BUILD_PATH)/include/CA ++LIB_CFLAGS += -I./include ++ ++LIB_LDFLAGS += -ldl -lpthread ++LIB_LDFLAGS += -lboundscheck -L$(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck/lib/ ++ ++LIB_OBJECTS := $(LIB_SOURCES:.c=.o) ++ ++all: $(TARGET_LIB_BOUNDSCHECK) $(TARGET_LIB) ++ ++LIB_BOUNDSCHECK_DIR := $(ITRUSTEE_BUILD_PATH)/thirdparty/open_source/libboundscheck/ ++$(TARGET_LIB_BOUNDSCHECK): ++ @echo "compile libboundscheck start" ++ @$(MAKE) -C $(LIB_BOUNDSCHECK_DIR) ++ @echo "compile libboundscheck finish" ++ ++$(TARGET_LIB): $(TARGET_LIB_BOUNDSCHECK) $(LIB_SOURCES) ++ @echo "start compile libqca.so ......" ++ @$(CC) -shared $(LIB_CFLAGS) -o $@ $(LIB_SOURCES) $(LIB_LDFLAGS) ++ @mkdir -p $(TARGET_DIR) ++ @mv $(TARGET_LIB) $(TARGET_DIR) ++ @echo "compile libqca.so done!" ++ ++clean: ++ $(MAKE) -C $(LIB_BOUNDSCHECK_DIR) clean ++ rm -rf $(LIB_OBJECTS) ++ rm -rf $(TARGET_DIR) +diff --git a/test/CA/libqca/include/ra_client_api.h b/test/CA/libqca/include/ra_client_api.h +new file mode 100644 +index 0000000..dd793a3 +--- /dev/null ++++ b/test/CA/libqca/include/ra_client_api.h +@@ -0,0 +1,22 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ */ ++#ifndef LIBQCA_H ++#define LIBQCA_H ++#include ++ ++struct ra_buffer_data { ++ uint32_t size; ++ uint8_t *buf; ++}; ++ ++TEEC_Result RemoteAttest(struct ra_buffer_data *in, struct ra_buffer_data *out); ++#endif +diff --git a/test/CA/libqca/src/ra_log.h b/test/CA/libqca/src/ra_log.h +new file mode 100644 +index 0000000..1cb9d38 +--- /dev/null ++++ b/test/CA/libqca/src/ra_log.h +@@ -0,0 +1,27 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ */ ++#ifndef LIBQCA_RA_LOG_H ++#define LIBQCA_RA_LOG_H ++ ++#define TAG_WARN "[warn]" ++#define TAG_INFO "[info]" ++#define TAG_ERROR "[error]" ++#define TAG_DEBUG "[debug]" ++ ++#define LIBQCA_PREFIX "libqca" ++ ++#define tloge(fmt, args...) printf("[%s] %s %d:" fmt " ", LIBQCA_PREFIX, TAG_ERROR, __LINE__, ##args) ++#define tlogd(fmt, args...) printf("[%s] %s %d:" fmt " ", LIBQCA_PREFIX, TAG_DEBUG, __LINE__, ##args) ++#define tlogi(fmt, args...) printf("[%s] %s %d:" fmt " ", LIBQCA_PREFIX, TAG_INFO, __LINE__, ##args) ++#define tlogw(fmt, args...) printf("[%s] %s %d:" fmt " ", LIBQCA_PREFIX, TAG_WARN, __LINE__, ##args) ++ ++#endif +diff --git a/test/CA/libqca/src/ra_operate_api.c b/test/CA/libqca/src/ra_operate_api.c +new file mode 100644 +index 0000000..810f11f +--- /dev/null ++++ b/test/CA/libqca/src/ra_operate_api.c +@@ -0,0 +1,147 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ */ ++#include "ra_operate_api.h" ++#include ++#include ++#include "tee_client_api.h" ++#include "securec.h" ++#include "ra_log.h" ++#include "ra_client_api.h" ++ ++static const TEEC_UUID g_tee_qta_uuid = { ++ 0xe08f7eca, 0xe875, 0x440e, { ++ 0x9a, 0xb0, 0x5f, 0x38, 0x11, 0x36, 0xc6, 0x00 ++ } ++}; ++ ++static TEEC_Result set_remote_attest_out_data(TEEC_SharedMemory *shared_out, uint32_t out_size, ++ struct ra_buffer_data *out) ++{ ++ if (out == NULL || out->buf == NULL) { ++ return TEEC_SUCCESS; ++ } ++ if (out_size == 0) { ++ out->size = out_size; ++ return TEEC_SUCCESS; ++ } else if (out_size > out->size) { ++ tloge("out size is too short\n"); ++ return TEEC_ERROR_SHORT_BUFFER; ++ } ++ if (memcpy_s(out->buf, out->size, shared_out->buffer, out_size) != EOK) { ++ tloge("memcpy shared out buffer failed\n"); ++ return TEEC_ERROR_GENERIC; ++ } ++ out->size = out_size; ++ return TEEC_SUCCESS; ++} ++ ++static TEEC_Result handle_remote_attest(TEEC_Context *context, TEEC_Session *session, struct ra_buffer_data *in, ++ struct ra_buffer_data *out) ++{ ++ uint32_t origin; ++ TEEC_Operation operation = {0}; ++ operation.started = 1; ++ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_PARTIAL_INPUT, TEEC_MEMREF_PARTIAL_OUTPUT, ++ TEEC_VALUE_OUTPUT, TEEC_NONE); ++ ++ TEEC_SharedMemory shared_in; ++ (void)memset_s(&shared_in, sizeof(shared_in), 0, sizeof(shared_in)); ++ shared_in.size = in->size; ++ shared_in.flags = TEEC_MEM_INPUT; ++ TEEC_Result result = TEEC_AllocateSharedMemory(context, &shared_in); ++ if (result != TEEC_SUCCESS) { ++ tloge("allocate shared input failed, result = 0x%x.\n", result); ++ return result; ++ } ++ operation.params[0].memref.parent = &shared_in; ++ operation.params[0].memref.size = shared_in.size; ++ operation.params[0].memref.offset = 0; ++ (void)memcpy_s(shared_in.buffer, in->size, in->buf, in->size); ++ ++ TEEC_SharedMemory shared_out; ++ (void)memset_s(&shared_out, sizeof(shared_out), 0, sizeof(shared_out)); ++ shared_out.flags = TEEC_MEM_OUTPUT; ++ if (out != NULL && out->buf != NULL) { ++ shared_out.size = out->size; ++ result = TEEC_AllocateSharedMemory(context, &shared_out); ++ if (result != TEEC_SUCCESS) { ++ tloge("allocate shared output failed, result = 0x%x.\n", result); ++ goto clear1; ++ } ++ (void)memset_s(out->buf, out->size, 0, out->size); ++ (void)memset_s(shared_out.buffer, shared_out.size, 0, shared_out.size); ++ } ++ operation.params[1].memref.parent = &shared_out; ++ operation.params[1].memref.size = shared_out.size; ++ operation.params[1].memref.offset = 0; ++ ++ result = TEEC_InvokeCommand(session, REMOTE_ATTEST_CMD, &operation, &origin); ++ if (result != TEEC_SUCCESS) { ++ tloge("invoke command failed, result = 0x%x\n", result); ++ goto clear2; ++ } ++ ++ result = set_remote_attest_out_data(&shared_out, operation.params[2].value.a, out); ++clear2: ++ if (out != NULL && out->buf != NULL) ++ TEEC_ReleaseSharedMemory(&shared_out); ++clear1: ++ TEEC_ReleaseSharedMemory(&shared_in); ++ return result; ++} ++ ++TEEC_Result RemoteAttest(struct ra_buffer_data *in, struct ra_buffer_data *out) ++{ ++ if (in == NULL || in->buf == NULL || in->size == 0 || in->size > PARAMS_RESERVED_SIZE) { ++ tloge("check input failed\n"); ++ return TEEC_ERROR_BAD_PARAMETERS; ++ } ++ ++ if (out != NULL) { ++ if (out->size > SHAREMEM_LIMIT || (out->buf == NULL && out->size > 0) || ++ (out->buf != NULL && out->size < OUT_DATA_RESERVED_SIZE)) { ++ tloge("check output failed\n"); ++ return TEEC_ERROR_BAD_PARAMETERS; ++ } ++ } ++ ++ TEEC_Context context = {0}; ++ TEEC_Session session = {0}; ++ TEEC_Operation operation = {0}; ++ TEEC_UUID uuid = g_tee_qta_uuid; ++ ++ TEEC_Result result = TEEC_InitializeContext(NULL, &context); ++ if (result != TEEC_SUCCESS) { ++ tloge("init context is failed, result is 0x%x\n", result); ++ return result; ++ } ++ ++ operation.started = 1; ++ operation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE); ++ result = TEEC_OpenSession(&context, &session, &uuid, TEEC_LOGIN_IDENTIFY, NULL, &operation, NULL); ++ if (result != TEEC_SUCCESS) { ++ tloge("open session is failed, result is 0x%x\n", result); ++ goto cleanup_1; ++ } ++ ++ result = handle_remote_attest(&context, &session, in, out); ++ if (result != TEEC_SUCCESS) { ++ tloge("handle remote attest failed, result is 0x%x\n", result); ++ goto cleanup_2; ++ } ++ ++cleanup_2: ++ TEEC_CloseSession(&session); ++cleanup_1: ++ TEEC_FinalizeContext(&context); ++ return result; ++} +diff --git a/test/CA/libqca/src/ra_operate_api.h b/test/CA/libqca/src/ra_operate_api.h +new file mode 100644 +index 0000000..0269712 +--- /dev/null ++++ b/test/CA/libqca/src/ra_operate_api.h +@@ -0,0 +1,24 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ */ ++#ifndef LIBQCA_RA_OPERATE_H ++#define LIBQCA_RA_OPERATE_H ++ ++#include ++#include "tee_client_api.h" ++#include "ra_client_api.h" ++ ++#define SHAREMEM_LIMIT (0x100000) /* 1 MB */ ++#define PARAMS_RESERVED_SIZE (0x2000) ++#define OUT_DATA_RESERVED_SIZE (0x3000) ++#define REMOTE_ATTEST_CMD (0x1001) ++ ++#endif +diff --git a/test/TA/cert_manager/CMakeLists.txt b/test/TA/cert_manager/CMakeLists.txt +new file mode 100644 +index 0000000..47a92b9 +--- /dev/null ++++ b/test/TA/cert_manager/CMakeLists.txt +@@ -0,0 +1,38 @@ ++# sdk cmake. ++# Copyright (c) Huawei Technologies Co., Ltd. 2021-2022. All rights reserved. ++cmake_minimum_required(VERSION 3.16 FATAL_ERROR) ++project(tee_sdk C) ++ ++if (PROJECT_SOURCE_DIR STREQUAL PROJECT_BINARY_DIR) ++ message(FATAL_ERROR "Forbid compiling in the source tree") ++endif() ++ ++include(${CMAKE_CURRENT_SOURCE_DIR}/config.cmake) ++include($ENV{ITRUSTEE_BUILD_PATH}/build/cmake/common.cmake) ++ ++set(LIBRARY_OUTPUT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) ++set(CURRENT_TARGET_SO "combine") ++ ++set(SDK_C_SOURCES ++ ${SDK_C_SOURCES} ++ src/cert_logger.c ++ src/cert_manager.c ++) ++ ++set(COMMON_INCLUDES ++ ${COMMON_INCLUDES} ++ ${CMAKE_CURRENT_SOURCE_DIR}/include ++ ${CMAKE_CURRENT_SOURCE_DIR}/src ++ ${CMAKE_CURRENT_SOURCE_DIR}/../../../include/TA ++) ++ ++add_library(${CURRENT_TARGET_SO} SHARED ${SDK_C_SOURCES}) ++target_include_directories(${CURRENT_TARGET_SO} PUBLIC ${COMMON_INCLUDES}) ++target_compile_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_CFLAGS}) ++target_link_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_LDFLAGS}) ++ ++add_custom_command( ++ TARGET ${CURRENT_TARGET_SO} POST_BUILD ++ COMMAND sh $ENV{ITRUSTEE_BUILD_PATH}/build/tools/ta_entry_check.sh ${CMAKE_READELF} ${CMAKE_CURRENT_SOURCE_DIR}/libcombine.so n y ${TARGET_IS_ARM64} ++ COMMAND python3 -B $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/signtool_v3.py ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR} --privateCfg $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/config_cloud.ini ++) +diff --git a/test/TA/cert_manager/Makefile b/test/TA/cert_manager/Makefile +new file mode 100644 +index 0000000..19ef02c +--- /dev/null ++++ b/test/TA/cert_manager/Makefile +@@ -0,0 +1,34 @@ ++# Copyright (c) Huawei Technologies Co., Ltd. 2021-2022. All rights reserved. ++include ./config.mk ++include ../../../build/mk/common.mk ++ ++# set the compilation tool chain example : export CC=path_to_gcc ; export LD=path_to_ld ++ ++SRC += $(wildcard src/*.c) ++ ++# set header directory ++INCLUDEDIR += -I${CUR_DIR}/include ++INCLUDEDIR += -I${CUR_DIR}/src ++INCLUDEDIR += -I${CUR_DIR}/../../../include/TA ++ ++#set libhwsecurec path example : INCLUDEDIR += -Ipath_to_libhwsecurec ++ ++# set target ++COBJS := $(SRC:%.c=%.o) ++TARGET = $(COBJS) ++ ++sec_binary:combine ++ python3 -B ${SIGNTOOL_DIR}/signtool_v3.py ${CUR_DIR} ${CUR_DIR} --privateCfg ${SIGNTOOL_DIR}/config_cloud.ini ++ ++combine: $(TARGET) ++ $(LD) $(LDFLAGS) $(TARGET) $(EXTRAO) -o libcombine.so ++ bash $(ITRUSTEE_BUILD_PATH)/build/tools/ta_entry_check.sh $(READELF) $(shell pwd)/libcombine.so n y $(TARGET_IS_ARM64) ++ ++src/%.o: ./src/%.c ++ $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@ ++ ++%.o: %.c ++ $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@ ++ ++clean: ++ rm -f $(COBJS) *.so *.sec +diff --git a/test/TA/cert_manager/config.cmake b/test/TA/cert_manager/config.cmake +new file mode 100644 +index 0000000..933d051 +--- /dev/null ++++ b/test/TA/cert_manager/config.cmake +@@ -0,0 +1,11 @@ ++# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++# ++# API_LEVEL which indicates the GP API version of TA ++# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee ++# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner ++# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support ++# If no API_LEVEL is specified, API of GP 1.0 will be taken ++set(COMMON_CFLAGS -DAPI_LEVEL=1) ++if ("${TARGET_IS_ARM64}" STREQUAL "") ++ set(TARGET_IS_ARM64 y) ++endif() +\ No newline at end of file +diff --git a/test/TA/cert_manager/config.mk b/test/TA/cert_manager/config.mk +new file mode 100644 +index 0000000..5e4ccfa +--- /dev/null ++++ b/test/TA/cert_manager/config.mk +@@ -0,0 +1,12 @@ ++# ++# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++# ++# API_LEVEL which indicates the GP API version of TA ++# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee ++# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner ++# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support ++# If no API_LEVEL is specified, API of GP 1.0 will be taken ++CFLAGS += -DAPI_LEVEL=1 ++ifeq ($(TARGET_IS_ARM64),) ++ TARGET_IS_ARM64 = y ++endif +\ No newline at end of file +diff --git a/test/TA/cert_manager/config.sh b/test/TA/cert_manager/config.sh +new file mode 100644 +index 0000000..ad3c822 +--- /dev/null ++++ b/test/TA/cert_manager/config.sh +@@ -0,0 +1,34 @@ ++#!/bin/bash ++# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++# This script is used to compile the demo sdk. ++set -e ++ ++export SOURCE_PATH=$(dirname $0) ++export ABS_SOURCE_PATH=$(cd ${SOURCE_PATH};pwd) ++export ITRUSTEE_BUILD_PATH=${ABS_SOURCE_PATH}/../../.. ++ ++#clean ++if [ "$#" -eq 1 ] && [ "$1"x = "clean"x ]; then ++ rm -f *.o *.so *.sec ++ if [ -d "cmake_build" ]; then ++ rm -rf cmake_build ++ echo "rm -rf cmake_build" ++ fi ++ exit 0 ++fi ++ ++echo "Cmake compile TA begin" ++if [ -d "cmake_build" ]; then ++ rm -rf cmake_build ++ echo "rm -rf cmake_build" ++fi ++mkdir -p cmake_build ++echo "mkdir cmake_build" ++cd cmake_build/ ++ ++cmake -DCMAKE_TOOLCHAIN_FILE=${ITRUSTEE_BUILD_PATH}/build/cmake/aarch64_toolchain.cmake .. ++ ++make VERBOSE=1 ++ ++cd .. ++rm -rf cmake_build +\ No newline at end of file +diff --git a/test/TA/cert_manager/include/cert_config.h b/test/TA/cert_manager/include/cert_config.h +new file mode 100644 +index 0000000..dee55d0 +--- /dev/null ++++ b/test/TA/cert_manager/include/cert_config.h +@@ -0,0 +1,63 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: declaration of logger tool interfaces. ++ */ ++#ifndef CERT_CONFIG_H ++#define CERT_CONFIG_H ++ ++#define CERT_MANAGER_DEPLOY_PATH "/usr/bin/certmanager" ++#define CERT_MANAGER_DEPLOY_USER "root" ++ ++/* ++ * defines the public key for verifying the imported certification. ++ */ ++const char g_root_public_key[] = { ++/* add public_key len 550*/ ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ++}; ++ ++#endif +diff --git a/test/TA/cert_manager/manifest.txt b/test/TA/cert_manager/manifest.txt +new file mode 100644 +index 0000000..c3f9b41 +--- /dev/null ++++ b/test/TA/cert_manager/manifest.txt +@@ -0,0 +1,7 @@ ++gpd.ta.appID: 4acaf7c8-c652-4643-9b7a-cc07e7a3187a ++gpd.ta.service_name: certmanager ++gpd.ta.singleInstance: true ++gpd.ta.multiSession: true ++gpd.ta.instanceKeepAlive: false ++gpd.ta.dataSize: 2097152 ++gpd.ta.stackSize: 32768 +\ No newline at end of file +diff --git a/test/TA/cert_manager/src/cert_logger.c b/test/TA/cert_manager/src/cert_logger.c +new file mode 100644 +index 0000000..99b1dfb +--- /dev/null ++++ b/test/TA/cert_manager/src/cert_logger.c +@@ -0,0 +1,165 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: logger tool implementations. ++ */ ++#include "cert_logger.h" ++ ++#include ++#include ++#include ++#include ++#include ++ ++static const char *g_log_path = "dyn_crt_op.log"; ++ ++static TEE_Result log_open(TEE_ObjectHandle *obj, uint32_t flag) ++{ ++ uint32_t storage_id = TEE_OBJECT_STORAGE_PRIVATE; ++ uint32_t create_flag = TEE_DATA_FLAG_ACCESS_WRITE | ++ TEE_DATA_FLAG_ACCESS_WRITE_META | ++ TEE_DATA_FLAG_ACCESS_READ; ++ /* open log file */ ++ TEE_Result ret = TEE_OpenPersistentObject(storage_id, g_log_path, strlen(g_log_path), flag, obj); ++ if (ret == TEE_ERROR_ITEM_NOT_FOUND && ++ (((flag & TEE_DATA_FLAG_ACCESS_WRITE) != 0) || ((flag & TEE_DATA_FLAG_ACCESS_WRITE_META) != 0) || ++ ((flag & TEE_DATA_FLAG_SHARE_WRITE) != 0))) { ++ /* create it if file is not exist when writing or changing metadata */ ++ tlogi("file not exist, creating: %s\n", g_log_path); ++ ret = TEE_CreatePersistentObject(storage_id, g_log_path, strlen(g_log_path), ++ create_flag, TEE_HANDLE_NULL, ++ NULL, 0, obj); ++ if (ret != TEE_SUCCESS) ++ tloge("create file failed: %s\n", g_log_path); ++ } ++ return ret; ++} ++ ++/* truncate if the file beyonds MAX_LOG_LINE_NUM */ ++static TEE_Result log_truncate(TEE_ObjectHandle obj) ++{ ++ TEE_Result ret; ++ char buf[MAX_LOG_SIZE] = { 0 }; ++ uint32_t len = 0; ++ /* 1. read all content in the log file into memory buf */ ++ ret = TEE_SeekObjectData(obj, 0, TEE_DATA_SEEK_SET); ++ if (ret != TEE_SUCCESS) { ++ tloge("seek file failed: %s\n", g_log_path); ++ goto end; ++ } ++ ret = TEE_ReadObjectData(obj, buf, sizeof(buf), &len); ++ if (ret != TEE_SUCCESS) { ++ tloge("read file failed: %s\n", g_log_path); ++ goto end; ++ } ++ /* 2. statistic line-breaks for counting lines */ ++ int line_cnt = 0; ++ for (uint32_t i = 0; i < len; ++i) { ++ if (buf[i] == '\n') ++ line_cnt += 1; ++ } ++ /* 3. if the line number is overflow, remove the first (line_cnt - MAX_LOG_LINE_NUM) lines */ ++ if (line_cnt > MAX_LOG_LINE_NUM) { ++ /* line break */ ++ uint32_t line_break_idx = 0; ++ uint32_t remain = line_cnt - MAX_LOG_LINE_NUM; ++ for (uint32_t i = 0; remain > 0; ++i) { ++ if (buf[i] == '\n') { ++ line_break_idx = i; ++ remain--; ++ } ++ } ++ /* 3.1 override the first (line_cnt - MAX_LOG_LINE_NUM) lines */ ++ uint32_t resize_to = len - line_break_idx - 1; ++ if (memmove_s(buf, sizeof(buf), buf + line_break_idx + 1, resize_to) != EOK) { ++ tloge("memory movement failed\n"); ++ ret = TEE_ERROR_OUT_OF_MEMORY; ++ goto end; ++ } ++ /* 3.2 write back to the start of file */ ++ ret = TEE_SeekObjectData(obj, 0, TEE_DATA_SEEK_SET); ++ if (ret != TEE_SUCCESS) { ++ tloge("seek file failed: %s\n", g_log_path); ++ goto end; ++ } ++ ret = TEE_WriteObjectData(obj, buf, resize_to); ++ if (ret != TEE_SUCCESS) ++ tloge("write file failed: %s\n", g_log_path); ++ /* 3.3 truncate to correct size */ ++ ret = TEE_TruncateObjectData(obj, resize_to); ++ if (ret != TEE_SUCCESS) ++ tloge("truncate file failed: %s\n", g_log_path); ++ } ++end: ++ return ret; ++} ++ ++/* write a NULL-terminated string into log */ ++TEE_Result cert_log_write(char *log_info) ++{ ++ TEE_Result ret; ++ TEE_ObjectHandle obj; ++ if (log_info == NULL) ++ return TEE_ERROR_BAD_PARAMETERS; ++ /* 1. open log file */ ++ uint32_t open_flag = TEE_DATA_FLAG_ACCESS_WRITE | ++ TEE_DATA_FLAG_SHARE_WRITE | ++ TEE_DATA_FLAG_SHARE_READ | ++ TEE_DATA_FLAG_ACCESS_READ; ++ ret = log_open(&obj, open_flag); ++ if (ret != TEE_SUCCESS) { ++ tloge("open file failed: %s\n", g_log_path); ++ goto end; ++ } ++ /* 2. append log to the end */ ++ ret = TEE_SeekObjectData(obj, 0, TEE_DATA_SEEK_END); ++ if (ret != TEE_SUCCESS) { ++ tloge("seek file failed: %s\n", g_log_path); ++ goto close; ++ } ++ ret = TEE_WriteObjectData(obj, log_info, strlen(log_info)); ++ if (ret != TEE_SUCCESS) { ++ tloge("write file failed: %s\n", g_log_path); ++ goto close; ++ } ++ /* 3. truncate the file for keeping the number of lines MAX_LOG_LINE_NUM */ ++ ret = log_truncate(obj); ++ if (ret != TEE_SUCCESS) { ++ tloge("roll back file failed: %s\n", g_log_path); ++ goto close; ++ } ++close: ++ (void)TEE_SyncPersistentObject(obj); ++ TEE_CloseObject(obj); ++end: ++ return ret; ++} ++ ++TEE_Result cert_log_read(char *dst, uint64_t dst_len, uint32_t *read_len) ++{ ++ TEE_Result ret; ++ TEE_ObjectHandle obj; ++ if (dst == NULL || read_len == NULL) ++ return TEE_ERROR_BAD_PARAMETERS; ++ /* 1. open log file */ ++ uint32_t open_flag = TEE_DATA_FLAG_ACCESS_READ | TEE_DATA_FLAG_SHARE_READ; ++ ret = log_open(&obj, open_flag); ++ if (ret != TEE_SUCCESS) { ++ tloge("open file failed: %s\n", g_log_path); ++ goto end; ++ } ++ /* 2. read log file */ ++ ret = TEE_ReadObjectData(obj, dst, dst_len, read_len); ++ if (ret != TEE_SUCCESS) ++ tloge("read file failed: %s\n", g_log_path); ++ TEE_CloseObject(obj); ++end: ++ return ret; ++} +diff --git a/test/TA/cert_manager/src/cert_logger.h b/test/TA/cert_manager/src/cert_logger.h +new file mode 100644 +index 0000000..ec8ebeb +--- /dev/null ++++ b/test/TA/cert_manager/src/cert_logger.h +@@ -0,0 +1,31 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: declaration of logger tool interfaces. ++ */ ++#ifndef CERT_LOGGER_H ++#define CERT_LOGGER_H ++ ++#include ++ ++/* ++ * MAX_LOG_LINE_NUM: defines the max line numbers of which the operation log records. ++ * MAX_LOG_LINE_LEN: defines the max length of each operation log entry. ++ * MAX_LOG_SIZE: defines the max size of the operation log file. ++ * Notice: MAX_LOG_LINE_NUM * MAX_LOG_LINE_LEN <= MAX_LOG_SIZE ++ */ ++#define MAX_LOG_LINE_NUM 60 ++#define MAX_LOG_LINE_LEN 150 ++#define MAX_LOG_SIZE 10000 ++ ++TEE_Result cert_log_write(char *log_info); ++TEE_Result cert_log_read(char *dst, uint64_t dst_len, uint32_t *read_len); ++ ++#endif +diff --git a/test/TA/cert_manager/src/cert_manager.c b/test/TA/cert_manager/src/cert_manager.c +new file mode 100644 +index 0000000..7764af8 +--- /dev/null ++++ b/test/TA/cert_manager/src/cert_manager.c +@@ -0,0 +1,301 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Description: do cert management on kunpeng. ++ */ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "cert_logger.h" ++ ++enum { ++ SAVE_CERT_CMD = 1, ++ SEARCH_CERT_CMD = 2, ++ DEL_CERT_CMD = 3, ++ SEARCH_LOG_CMD = 4, ++ SEND_CRL_CMD = 5 ++}; ++ ++#define ACTION_CRT_EXPORT "export" ++#define ACTION_CRT_IMPORT "cert_import" ++#define ACTION_CRL_IMPORT "crl_import" ++#define ACTION_CRT_REMOVE "remove" ++#define ACTION_CRT_UNDEFINED "undefined" ++#define MAX_BUFFER_LEN 8192 ++#define MAX_LOG_BUFFER_LEN 10000 ++#define BASE_YEAR 1900 ++#define BASE_MON 1 ++ ++static void log_action(const char *action, TEE_Result result) ++{ ++ /* format result */ ++ char *suc = result == TEE_SUCCESS ? "true" : "false"; ++ /* get system time */ ++ struct timespec time; ++ clock_gettime(CLOCK_REALTIME, &time); ++ struct tm *lt = localtime(&time.tv_sec); ++ if (lt == NULL) { ++ tloge("get UTC time failed\n"); ++ return; ++ } ++ /* format log entry: "[yyyy/mm/dd HH:MM:SS] ACTION: xxx, SUCCESS: true/false " */ ++ char buf[MAX_LOG_LINE_LEN]; ++ if (snprintf_s(buf, sizeof(buf), sizeof(buf) - 1, ++ "[UTC:%04d/%02d/%02d %02d:%02d:%02d] ACTION: %s, SUCCESS: %s.\n", ++ lt->tm_year + BASE_YEAR, lt->tm_mon + BASE_MON, lt->tm_mday, lt->tm_hour, lt->tm_min, lt->tm_sec, ++ action, suc) < 0) { ++ tloge("format log entry failed\n"); ++ return; ++ } ++ /* write into log file on ssa */ ++ if (cert_log_write(buf) != TEE_SUCCESS) ++ tloge("write to log failed\n"); ++} ++ ++/* ---------------------------------------------------------------------------- ++ * Trusted Application Entry Points ++ * ---------------------------------------------------------------------------- ++ */ ++ ++static TEE_Result cert_verify_and_send(uint32_t param_types, TEE_Param params[4]) ++{ ++ TEE_Result ret; ++ const char *pubkey = g_root_public_key; ++ uint32_t pubkey_len = sizeof(g_root_public_key) / sizeof(char); ++ if (!check_param_type(param_types, ++ TEE_PARAM_TYPE_MEMREF_INPUT, ++ TEE_PARAM_TYPE_NONE, ++ TEE_PARAM_TYPE_NONE, ++ TEE_PARAM_TYPE_NONE)) { ++ tloge("Bad expected parameter types, 0x%x.\n", param_types); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ if (params[0].memref.size == 0 || params[0].memref.size > MAX_BUFFER_LEN || params[0].memref.buffer == NULL) { ++ tloge("Bad expected parameter.\n"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ ret = ta_signing_cert_import(params[0].memref.buffer, params[0].memref.size, pubkey, pubkey_len); ++ if (ret != TEE_SUCCESS) ++ tloge("cert store failed\n"); ++ return ret; ++} ++ ++static TEE_Result crl_send_service(uint32_t param_types, TEE_Param params[4]) ++{ ++ TEE_Result ret; ++ if (!check_param_type(param_types, ++ TEE_PARAM_TYPE_MEMREF_INPUT, ++ TEE_PARAM_TYPE_NONE, ++ TEE_PARAM_TYPE_NONE, ++ TEE_PARAM_TYPE_NONE)) { ++ tloge("Bad expected parameter types, 0x%x.\n", param_types); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ if (params[0].memref.size == 0 || params[0].memref.size > MAX_BUFFER_LEN || params[0].memref.buffer == NULL) { ++ tloge("Bad expected parameter.\n"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ ret = TEE_EXT_crl_cert_process(params[0].memref.buffer, params[0].memref.size); ++ if (ret != TEE_SUCCESS) ++ tloge("crl send failed\n"); ++ return ret; ++} ++ ++static TEE_Result cert_search_service(uint32_t param_types, uint32_t cmd_id, TEE_Param params[4]) ++{ ++ TEE_Result ret = TEE_SUCCESS; ++ uint32_t limit = params[0].memref.size; ++ uint32_t len = 0; ++ uint8_t *dst = NULL; ++ if (!check_param_type(param_types, ++ TEE_PARAM_TYPE_MEMREF_INOUT, ++ TEE_PARAM_TYPE_NONE, ++ TEE_PARAM_TYPE_NONE, ++ TEE_PARAM_TYPE_NONE)) { ++ tloge("Bad expected parameter types, 0x%x.\n", param_types); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ if (params[0].memref.size == 0 || params[0].memref.size > MAX_LOG_BUFFER_LEN || params[0].memref.buffer == NULL) { ++ tloge("Bad expected parameter.\n"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ dst = (uint8_t *)malloc(params[0].memref.size); ++ if (dst == NULL) { ++ tloge("malloc failed"); ++ return TEE_ERROR_OUT_OF_MEMORY; ++ } ++ ++ switch (cmd_id) { ++ case SEARCH_CERT_CMD: ++ ret = ta_signing_cert_export((uint8_t *)dst, &len, limit); ++ break; ++ case SEARCH_LOG_CMD: ++ ret = cert_log_read((char *)dst, limit, &len); ++ if (len < limit) { ++ dst[len++] = '\0'; ++ } else { ++ dst[limit - 1] = '\0'; ++ len = limit; ++ } ++ break; ++ default: ++ break; ++ } ++ if (memcpy_s(params[0].memref.buffer, limit, dst, len) != EOK) { ++ free(dst); ++ dst = NULL; ++ return TEE_ERROR_SECURITY; ++ } ++ ++ params[0].memref.size = len; ++ if (ret != TEE_SUCCESS) ++ tloge("cert search failed\n"); ++ free(dst); ++ dst = NULL; ++ return ret; ++} ++ ++static TEE_Result cert_delete_service(uint32_t param_types) ++{ ++ TEE_Result ret; ++ if (!check_param_type(param_types, ++ TEE_PARAM_TYPE_NONE, ++ TEE_PARAM_TYPE_NONE, ++ TEE_PARAM_TYPE_NONE, ++ TEE_PARAM_TYPE_NONE)) { ++ tloge("Bad expected parameter types, 0x%x.\n", param_types); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ret = ta_signing_cert_destroy(); ++ if (ret != TEE_SUCCESS) ++ tloge("cert delete failed\n"); ++ return ret; ++} ++ ++/** ++ * Function TA_CreateEntryPoint ++ * Description: ++ * The function TA_CreateEntryPoint is the Trusted Application's constructor, ++ * which the Framework calls when it creates a new instance of the Trusted Application. ++ */ ++TEE_Result TA_CreateEntryPoint(void) ++{ ++ TEE_Result ret = addcaller_ca_exec(CERT_MANAGER_DEPLOY_PATH, CERT_MANAGER_DEPLOY_USER); ++ if (ret != TEE_SUCCESS) ++ tloge("TA_CreateEntryPoint: AddCaller_CA_exec failed.\n"); ++ return ret; ++} ++ ++/** ++ * Function TA_OpenSessionEntryPoint ++ * Description: ++ * The Framework calls the function TA_OpenSessionEntryPoint ++ * when a client requests to open a session with the Trusted Application. ++ * The open session request may result in a new Trusted Application instance ++ * being created. ++ */ ++TEE_Result TA_OpenSessionEntryPoint(uint32_t paramTypes, ++ TEE_Param params[4], void** sessionContext) ++{ ++ /* -Wunused-parameter */ ++ (void)paramTypes; ++ /* -Wunused-parameter */ ++ (void)params; ++ /* -Wunused-parameter */ ++ (void)sessionContext; ++ SLogTrace("---- TA_OpenSessionEntryPoint -------- "); ++ return TEE_SUCCESS; ++} ++ ++/** ++ * Function TA_InvokeCommandEntryPoint ++ * Description: ++ * The Framework calls this function when the client invokes a command ++ * within the given session. ++ */ ++TEE_Result TA_InvokeCommandEntryPoint(void* sessionContext, uint32_t cmd_id, ++ uint32_t paramTypes, TEE_Param params[4]) ++{ ++ /* -Wunused-parameter */ ++ (void)sessionContext; ++ TEE_Result ret; ++ char *action = NULL; ++ switch (cmd_id) { ++ case SAVE_CERT_CMD: ++ action = ACTION_CRT_IMPORT; ++ ret = cert_verify_and_send(paramTypes, params); ++ if (ret != TEE_SUCCESS) ++ tloge("certificate restoring failed\n"); ++ break; ++ case SEND_CRL_CMD: ++ action = ACTION_CRL_IMPORT; ++ ret = crl_send_service(paramTypes, params); ++ if (ret != TEE_SUCCESS) ++ tloge("crl restoring failed\n"); ++ break; ++ case SEARCH_CERT_CMD: ++ /* fall through: to be handled with the same function as SEARCH_LOG_CMD case */ ++ case SEARCH_LOG_CMD: ++ action = ACTION_CRT_EXPORT; ++ ret = cert_search_service(paramTypes, cmd_id, params); ++ if (ret != TEE_SUCCESS) ++ tloge("certificate searching failed\n"); ++ break; ++ case DEL_CERT_CMD: ++ action = ACTION_CRT_REMOVE; ++ ret = cert_delete_service(paramTypes); ++ if (ret != TEE_SUCCESS) ++ tloge("certificate delete failed\n"); ++ break; ++ default: ++ action = ACTION_CRT_UNDEFINED; ++ ret = TEE_ERROR_BAD_PARAMETERS; ++ break; ++ } ++ log_action(action, ret); ++ return ret; ++} ++ ++/** ++ * Function TA_CloseSessionEntryPoint ++ * Description: ++ * The Framework calls this function to close a client session. ++ * During the call to this function the implementation can use ++ * any session functions. ++ */ ++void TA_CloseSessionEntryPoint(void* sessionContext) ++{ ++ /* -Wunused-parameter */ ++ (void)sessionContext; ++ SLogTrace("---- TA_CloseSessionEntryPoint ----- "); ++} ++ ++/** ++ * Function TA_DestroyEntryPoint ++ * Description: ++ * The function TA_DestroyEntryPoint is the Trusted Application's destructor, ++ * which the Framework calls when the instance is being destroyed. ++ */ ++void TA_DestroyEntryPoint(void) ++{ ++ SLogTrace("---- TA_DestroyEntryPoint ---- "); ++} +diff --git a/test/TA/helloworld/CMakeLists.txt b/test/TA/helloworld/CMakeLists.txt +new file mode 100644 +index 0000000..45334da +--- /dev/null ++++ b/test/TA/helloworld/CMakeLists.txt +@@ -0,0 +1,30 @@ ++# sdk cmake. ++# Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved. ++cmake_minimum_required(VERSION 3.16 FATAL_ERROR) ++project(tee_sdk C) ++ ++if (PROJECT_SOURCE_DIR STREQUAL PROJECT_BINARY_DIR) ++ message(FATAL_ERROR "Forbid compiling in the source tree") ++endif() ++ ++include(${CMAKE_CURRENT_SOURCE_DIR}/config.cmake) ++include($ENV{ITRUSTEE_BUILD_PATH}/build/cmake/common.cmake) ++ ++set(LIBRARY_OUTPUT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) ++set(CURRENT_TARGET_SO "combine") ++ ++set(SDK_C_SOURCES ++ ${SDK_C_SOURCES} ++ ta_demo.c ++) ++ ++add_library(${CURRENT_TARGET_SO} SHARED ${SDK_C_SOURCES}) ++target_include_directories(${CURRENT_TARGET_SO} PUBLIC ${COMMON_INCLUDES}) ++target_compile_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_CFLAGS}) ++target_link_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_LDFLAGS}) ++ ++add_custom_command( ++ TARGET ${CURRENT_TARGET_SO} POST_BUILD ++ COMMAND ${CMAKE_OBJCOPY} ${CMAKE_CURRENT_SOURCE_DIR}/libcombine.so ++ COMMAND python3 -B $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/signtool_v3.py ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR} --privateCfg $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/config_cloud.ini ++) +diff --git a/test/TA/helloworld/Makefile b/test/TA/helloworld/Makefile +new file mode 100644 +index 0000000..1a659b2 +--- /dev/null ++++ b/test/TA/helloworld/Makefile +@@ -0,0 +1,28 @@ ++# Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved. ++include ./config.mk ++include ../../../build/mk/common.mk ++ ++SRC += $(wildcard ./*.c) ++ ++# set header directory ++INCLUDEDIR += -I./include ++ ++# set target ++COBJS := $(SRC:%.c=%.o) ++TARGET = $(COBJS) ++ ++sec_binary:combine ++ python3 -B ${SIGNTOOL_DIR}/signtool_v3.py ${CUR_DIR} ${CUR_DIR} --privateCfg ${SIGNTOOL_DIR}/config_cloud.ini ++ ++combine: $(TARGET) ++ $(LD) $(LDFLAGS) $(TARGET) $(EXTRAO) -o libcombine.so ++ objcopy libcombine.so ++ ++src/%.o: ./src/%.c ++ $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@ ++ ++%.o: %.c ++ $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@ ++ ++clean: ++ rm -f $(COBJS) *.so *.sec +diff --git a/test/TA/helloworld/ReadMe.txt b/test/TA/helloworld/ReadMe.txt +index e10f8b8..0802d8b 100755 +--- a/test/TA/helloworld/ReadMe.txt ++++ b/test/TA/helloworld/ReadMe.txt +@@ -1,2 +1,5 @@ +-Makefile is located in different folder for different product +-please switch to target folder and execute "make" command to build TA binary for target product ++You need to install the pycryptodome library of python and run the make command to compile the binary of ta. ++ ++If TA wants to regist driver's permission, you must have dynamic permission file and driver's excel ++The name of the dynamic permission file must be 'dyn_perm.xml', the driver's excel's name can be 'driver name'.xlsx, and you can get it from driver's developer. ++You must install the xlrd-1.2.0 and defusedxml-0.7.1 library of python and run the make command to sign the binary of ta. +\ No newline at end of file +diff --git a/test/TA/helloworld/auth_config.xml b/test/TA/helloworld/auth_config.xml +new file mode 100644 +index 0000000..d71581d +--- /dev/null ++++ b/test/TA/helloworld/auth_config.xml +@@ -0,0 +1,7 @@ ++ ++ ++ ++ ++ ++ ++ +diff --git a/test/TA/helloworld/config.cmake b/test/TA/helloworld/config.cmake +new file mode 100644 +index 0000000..929328b +--- /dev/null ++++ b/test/TA/helloworld/config.cmake +@@ -0,0 +1,23 @@ ++# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++# ++# API_LEVEL which indicates the GP API version of TA ++# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee ++# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner ++# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support ++# If no API_LEVEL is specified, API of GP 1.0 will be taken ++ ++# TEE flags ++set(COMMON_CFLAGS -DAPI_LEVEL=1) ++if ("${TARGET_IS_ARM64}" STREQUAL "") ++ set(TARGET_IS_ARM64 y) ++endif() ++ ++# USE_SMEE which indicates the feature of sram memory encryption ++# set(USE_SMEE y) indicates the feature of sram memory encryption will be enabled ++# If no USE_SMEE is specified, smee feature will be disabled ++# If USE_SMEE is specified and a section is custimized, ++# explicitly specify the segment to which the section belongs in the link script(ta_link_64.smee.ld) ++set(USE_SMEE n) ++if ("${USE_SMEE}" STREQUAL "") ++ set(USE_SMEE n) ++endif() +diff --git a/test/TA/helloworld/config.mk b/test/TA/helloworld/config.mk +index ebdbd8c..7a405a3 100644 +--- a/test/TA/helloworld/config.mk ++++ b/test/TA/helloworld/config.mk +@@ -1,10 +1,23 @@ + # +-# Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. ++# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. + # + # API_LEVEL which indicates the GP API version of TA + # API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee + # API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner + # API_LEVEL=3 indicates GP 1.2 which is the version we both going to support +-# If no API_LEVEL is specified, API of GP 1.0 will be taked ++# If no API_LEVEL is specified, API of GP 1.0 will be taken ++# ++# USE_SMEE which indicates the feature of sram memory encryption ++# USE_SMEE=y indicates the feature of sram memory encryption will be enabled ++# If no USE_SMEE is specified, smee feature will not be disabled ++# If USE_SMEE is specified and a section is custimized, ++# explicitly specify the segment to which the section belongs in the link script(ta_link_64.smee.ld) ++ + CFLAGS += -DAPI_LEVEL=1 +-TARGET_IS_ARM64 = y ++USE_SMEE = n ++ifeq ($(TARGET_IS_ARM64),) ++ TARGET_IS_ARM64 = y ++endif ++ifeq ($(USE_SMEE),) ++ USE_SMEE = n ++endif +diff --git a/test/TA/helloworld/config.sh b/test/TA/helloworld/config.sh +new file mode 100644 +index 0000000..f1170b9 +--- /dev/null ++++ b/test/TA/helloworld/config.sh +@@ -0,0 +1,34 @@ ++#!/bin/bash ++# Copyright Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++# This script is used to compile the demo sdk. ++set -e ++ ++export SOURCE_PATH=$(dirname $0) ++export ABS_SOURCE_PATH=$(cd ${SOURCE_PATH};pwd) ++export ITRUSTEE_BUILD_PATH=${ABS_SOURCE_PATH}/../../.. ++ ++#clean ++if [ "$#" -eq 1 ] && [ "$1"x = "clean"x ]; then ++ rm -f *.o *.so *.sec ++ if [ -d "cmake_build" ]; then ++ rm -rf cmake_build ++ echo "rm -rf cmake_build" ++ fi ++ exit 0 ++fi ++ ++echo "Cmake compile TA begin" ++if [ -d "cmake_build" ]; then ++ rm -rf cmake_build ++ echo "rm -rf cmake_build" ++fi ++mkdir -p cmake_build ++echo "mkdir cmake_build" ++cd cmake_build/ ++ ++cmake -DCMAKE_TOOLCHAIN_FILE=${ITRUSTEE_BUILD_PATH}/build/cmake/aarch64_toolchain.cmake .. ++ ++make VERBOSE=1 ++ ++cd .. ++rm -rf cmake_build +diff --git a/test/TA/helloworld/ta_demo.c b/test/TA/helloworld/ta_demo.c +index ec17d6d..5c1f6b6 100755 +--- a/test/TA/helloworld/ta_demo.c ++++ b/test/TA/helloworld/ta_demo.c +@@ -1,6 +1,6 @@ + /* +- * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved. +- * iTrustee licensed under the Mulan PSL v2. ++ * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 +@@ -8,6 +8,7 @@ + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. ++ * Description: TA template code for reference + */ + + #include +@@ -24,7 +25,7 @@ enum { + + static TEE_Result get_ta_version(char* buffer, size_t *buf_len) + { +- char *version = TA_TEMPLATE_VERSION; ++ const char *version = TA_TEMPLATE_VERSION; + + if (*buf_len < strlen(version) + 1) { + tloge("buffer is too short for storing result"); +@@ -49,14 +50,12 @@ static TEE_Result get_ta_version(char* buffer, size_t *buf_len) + */ + TEE_Result TA_CreateEntryPoint(void) + { +- TEE_Result ret = TEE_ERROR_GENERIC; ++ TEE_Result ret; + + tlogd("----- TA entry point ----- "); + tlogd("TA version: %s", TA_TEMPLATE_VERSION); + +-#ifdef CONFIG_AUTH_CLOUD +- ret = addcaller_ca_exec("/vendor/bin/teec_hello", "root"); +-#endif ++ ret = addcaller_ca_exec("/vendor/bin/demo_hello", "root"); + if (ret == TEE_SUCCESS) { + tlogd("TA entry point: add ca whitelist success"); + } else { +@@ -149,5 +148,5 @@ void TA_CloseSessionEntryPoint(void* session_context) + */ + void TA_DestroyEntryPoint(void) + { +- tlogd("---- destory TA ---- "); ++ tlogd("---- destroy TA ---- "); + } +diff --git a/test/TA/qta/CMakeLists.txt b/test/TA/qta/CMakeLists.txt +new file mode 100644 +index 0000000..e39ca5e +--- /dev/null ++++ b/test/TA/qta/CMakeLists.txt +@@ -0,0 +1,67 @@ ++# sdk cmake. ++# Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved. ++cmake_minimum_required(VERSION 3.16 FATAL_ERROR) ++project(tee_sdk C) ++ ++if (PROJECT_SOURCE_DIR STREQUAL PROJECT_BINARY_DIR) ++ message(FATAL_ERROR "Forbid compiling in the source tree") ++endif() ++ ++include(${CMAKE_CURRENT_SOURCE_DIR}/config.cmake) ++include($ENV{ITRUSTEE_BUILD_PATH}/build/cmake/common.cmake) ++ ++set(LIBRARY_OUTPUT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) ++set(CURRENT_TARGET_SO "combine") ++ ++# enable check daa pairing using MIRACAL library ++# you should download the opensource library: miracl/core, copy its dir c/ into src/, and compile core.a ++# for instance: ++# cd src; ln -s $MIRACL_DIR/c miracl-c ++# cd miracl-c; export CC=xxx CFLAGS=-fPIC; python3 config64.py -o 33; unset CC CFLAGS ++set(ENABLE_DAA_PAIR_MIRACL n) ++if ("${ENABLE_DAA_PAIR_MIRACL}" STREQUAL "y") ++ set(DAA_PAIR_MIRACL_C_DIR ${CMAKE_CURRENT_SOURCE_DIR}/src/miracl-c) ++ set(DAA_PAIR_MIRACL_C_INC ${DAA_PAIR_MIRACL_C_DIR}/) ++ set(DAA_PAIR_MIRACL_C_LIB ${DAA_PAIR_MIRACL_C_DIR}/core.a) ++ set(DAA_PAIR_MIRACL_C_SRC ++ src/daa/validate_akcert.c ++ src/daa/daa_structure.c ++ ) ++else() ++ set(DAA_PAIR_MIRACL_C_INC "") ++ set(DAA_PAIR_MIRACL_C_SRC "") ++endif() ++ ++# qta need cjson, so you can download cjson and rename cJSON to put it src directory ++set(CJSON_INC ${CMAKE_CURRENT_SOURCE_DIR}/src/cJSON) ++set(CJSON_SRC ${CMAKE_CURRENT_SOURCE_DIR}/src/cJSON/cJSON.c) ++ ++set(SDK_C_SOURCES ++ ${SDK_C_SOURCES} ++ src/tee_qta.c ++ ${CJSON_SRC} ++ ${DAA_PAIR_MIRACL_C_SRC} ++) ++ ++set(COMMON_INCLUDES ++ ${COMMON_INCLUDES} ++ ${CMAKE_CURRENT_SOURCE_DIR}/src/. ++ ${CJSON_INC} ++ ${DAA_PAIR_MIRACL_C_INC} ++) ++ ++add_library(${CURRENT_TARGET_SO} SHARED ${SDK_C_SOURCES}) ++target_include_directories(${CURRENT_TARGET_SO} PUBLIC ${COMMON_INCLUDES}) ++target_compile_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_CFLAGS}) ++target_link_options(${CURRENT_TARGET_SO} PRIVATE ${COMMON_LDFLAGS}) ++ ++if ("${ENABLE_DAA_PAIR_MIRACL}" STREQUAL "y") ++ add_definitions(-DENABLE_DAA_PAIR_MIRACL) ++ target_link_libraries(${CURRENT_TARGET_SO} PUBLIC ${DAA_PAIR_MIRACL_C_LIB}) ++endif() ++ ++add_custom_command( ++ TARGET ${CURRENT_TARGET_SO} POST_BUILD ++ COMMAND ${CMAKE_OBJCOPY} ${CMAKE_CURRENT_SOURCE_DIR}/libcombine.so ++ COMMAND python3 -B $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/signtool_v3.py ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR} --privateCfg $ENV{ITRUSTEE_BUILD_PATH}/build/signtools/config_cloud.ini ++) +diff --git a/test/TA/qta/Makefile b/test/TA/qta/Makefile +new file mode 100644 +index 0000000..cefce06 +--- /dev/null ++++ b/test/TA/qta/Makefile +@@ -0,0 +1,41 @@ ++# Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved. ++include ./config.mk ++include ../../../build/mk/common.mk ++ ++SRC += $(wildcard ./src/*.c) ++ ++# set header directory ++INCLUDEDIR += -I./src ++ ++# qta need cJSON code, so download it and put it into src ++SRC += ./src/cJSON/cJSON.c ++INCLUDEDIR += -I./src/cJSON/ ++ ++# if enable daa, so need to download pair_miracl lib ++ifeq ($(ENABLE_DAA_PAIR_MIRACL), true) ++INCLUDEDIR += -I./src/miracl-c ++CFLAGS += -DENABLE_DAA_PAIR_MIRACL ++LDFLFAGS += -lcore -L./src/miracl-c ++SRC += ./src/daa/validate_akcert.c \ ++ ./src/daa/daa_structure.c ++endif ++ ++# set target ++COBJS := $(SRC:%.c=%.o) ++TARGET = $(COBJS) ++ ++sec_binary:combine ++ python3 -B ${SIGNTOOL_DIR}/signtool_v3.py ${CUR_DIR} ${CUR_DIR} --privateCfg ${SIGNTOOL_DIR}/config_cloud.ini ++ ++combine: $(TARGET) ++ $(LD) $(LDFLAGS) $(TARGET) $(EXTRAO) -o libcombine.so ++ objcopy libcombine.so ++ ++src/%.o: ./src/%.c ++ $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@ ++ ++%.o: %.c ++ $(CC) $(CFLAGS) $(INCLUDEDIR) -c $< -o $@ ++ ++clean: ++ rm -f $(COBJS) *.so *.sec +diff --git a/test/TA/qta/ReadMe.txt b/test/TA/qta/ReadMe.txt +new file mode 100644 +index 0000000..7cc8b88 +--- /dev/null ++++ b/test/TA/qta/ReadMe.txt +@@ -0,0 +1,12 @@ ++You need to install the pycryptodome library of python and run the make command to compile the binary of ta. ++ ++qta is trusted application for remote attestion, when compile it, some libraries and tools are depended on. ++ ++1. cjson: download it, put it to "src" directory, rename it into cJSON ++2. miracl core: when you enable DAA feture in makefile or cmakelist, download it and execute follow cmd: ++ 2.1 copy c directory in miracl into src, example copy miracl/c ./src/miracl-c ++ 2.2 cd ./src/miracl-c; ++ 2.3 export CC=gcc CFLAGS=-fPIC; python3 config64.py -o 33;unset CC CFLAGS ++ 2.4 cp core.a libcore.a ++3. make for make cmd; or sh config.sh for cmake cmd ++ +diff --git a/test/TA/qta/config.cmake b/test/TA/qta/config.cmake +new file mode 100644 +index 0000000..b7323b6 +--- /dev/null ++++ b/test/TA/qta/config.cmake +@@ -0,0 +1,23 @@ ++# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++# ++# API_LEVEL which indicates the GP API version of TA ++# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee ++# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner ++# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support ++# If no API_LEVEL is specified, API of GP 1.0 will be taken ++# ++# USE_SMEE which indicates the feature of sram memory encryption ++# set(USE_SMEE y) indicates the feature of sram memory encryption will be enabled ++# If no USE_SMEE is specified, smee feature will be disabled ++# If USE_SMEE is specified and a section is custimized, ++# explicitly specify the segment to which the section belongs in the link script(ta_link_64.smee.ld) ++ ++# TEE flags ++set(COMMON_CFLAGS -DAPI_LEVEL=1) ++set(USE_SMEE n) ++if ("${TARGET_IS_ARM64}" STREQUAL "") ++ set(TARGET_IS_ARM64 y) ++endif() ++if ("${USE_SMEE}" STREQUAL "") ++ set(USE_SMEE n) ++endif() +diff --git a/test/TA/qta/config.mk b/test/TA/qta/config.mk +new file mode 100644 +index 0000000..7a405a3 +--- /dev/null ++++ b/test/TA/qta/config.mk +@@ -0,0 +1,23 @@ ++# ++# Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++# ++# API_LEVEL which indicates the GP API version of TA ++# API_LEVEL=1 indicates GP 1.0 which is the current version of itrustee ++# API_LEVEL=2 indicates GP 1.1.1 which is the current version of the partner ++# API_LEVEL=3 indicates GP 1.2 which is the version we both going to support ++# If no API_LEVEL is specified, API of GP 1.0 will be taken ++# ++# USE_SMEE which indicates the feature of sram memory encryption ++# USE_SMEE=y indicates the feature of sram memory encryption will be enabled ++# If no USE_SMEE is specified, smee feature will not be disabled ++# If USE_SMEE is specified and a section is custimized, ++# explicitly specify the segment to which the section belongs in the link script(ta_link_64.smee.ld) ++ ++CFLAGS += -DAPI_LEVEL=1 ++USE_SMEE = n ++ifeq ($(TARGET_IS_ARM64),) ++ TARGET_IS_ARM64 = y ++endif ++ifeq ($(USE_SMEE),) ++ USE_SMEE = n ++endif +diff --git a/test/TA/qta/config.sh b/test/TA/qta/config.sh +new file mode 100644 +index 0000000..f1170b9 +--- /dev/null ++++ b/test/TA/qta/config.sh +@@ -0,0 +1,34 @@ ++#!/bin/bash ++# Copyright Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++# This script is used to compile the demo sdk. ++set -e ++ ++export SOURCE_PATH=$(dirname $0) ++export ABS_SOURCE_PATH=$(cd ${SOURCE_PATH};pwd) ++export ITRUSTEE_BUILD_PATH=${ABS_SOURCE_PATH}/../../.. ++ ++#clean ++if [ "$#" -eq 1 ] && [ "$1"x = "clean"x ]; then ++ rm -f *.o *.so *.sec ++ if [ -d "cmake_build" ]; then ++ rm -rf cmake_build ++ echo "rm -rf cmake_build" ++ fi ++ exit 0 ++fi ++ ++echo "Cmake compile TA begin" ++if [ -d "cmake_build" ]; then ++ rm -rf cmake_build ++ echo "rm -rf cmake_build" ++fi ++mkdir -p cmake_build ++echo "mkdir cmake_build" ++cd cmake_build/ ++ ++cmake -DCMAKE_TOOLCHAIN_FILE=${ITRUSTEE_BUILD_PATH}/build/cmake/aarch64_toolchain.cmake .. ++ ++make VERBOSE=1 ++ ++cd .. ++rm -rf cmake_build +diff --git a/test/TA/qta/manifest.txt b/test/TA/qta/manifest.txt +new file mode 100644 +index 0000000..72c7d8c +--- /dev/null ++++ b/test/TA/qta/manifest.txt +@@ -0,0 +1,7 @@ ++gpd.ta.appID: e08f7eca-e875-440e-9ab0-5f381136c600 ++gpd.ta.service_name: tee_qta ++gpd.ta.singleInstance: true ++gpd.ta.multiSession: true ++gpd.ta.instanceKeepAlive: false ++gpd.ta.dataSize: 304857 ++gpd.ta.stackSize: 64768 +diff --git a/test/TA/qta/src/daa/daa_structure.c b/test/TA/qta/src/daa/daa_structure.c +new file mode 100644 +index 0000000..cde248a +--- /dev/null ++++ b/test/TA/qta/src/daa/daa_structure.c +@@ -0,0 +1,185 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ */ ++#include "daa_structure.h" ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define HEX_STR_SIZE_PER_CHAR 2 ++#define BIT_4 4 ++#define BYTE_HIGH_BIT_4 0xF0 ++#define BYTE_LOW_BIT_4 0xF ++#define BYTE_CONVERT_ERROR 0xFF ++#define is_between_value(value, min, max) (((value) >= (min)) && ((value) <= (max))) ++#define cal_char_value(value, min, inc) ((value) - (min) + (inc)) ++static uint8_t hex2ch(uint8_t c) ++{ ++ if (is_between_value(c, '0', '9')) { ++ return cal_char_value(c, '0', 0); ++ } else if (is_between_value(c, 'a', 'f')) { ++ return cal_char_value(c, 'a', 10); ++ } else if (is_between_value(c, 'A', 'F')) { ++ return cal_char_value(c, 'A', 10); ++ } else { ++ tloge("hex2ch: Error! Input is not a hex value!"); ++ return BYTE_CONVERT_ERROR; ++ } ++} ++ ++void free_daa_grp_pubkey(struct daa_grp_pubkey *pubkey) ++{ ++ if (pubkey == NULL || pubkey->pt_size == 0 || pubkey->pt_size > DAA_ECC_PT_MAX_SIZE) ++ return; ++ for (uint32_t i = 0; i < DAA_GRP_PUBKEY_DIMS; i++) { ++ if (pubkey->pt_buf[i]) { ++ free(pubkey->pt_buf[i]); ++ pubkey->pt_buf[i] = NULL; ++ } ++ } ++ pubkey->pt_size = 0; ++} ++ ++static TEE_Result hex_array2ch_array(uint8_t *hex_cert, uint8_t *cert, uint32_t cert_size) ++{ ++ uint8_t ch_high, ch_low; ++ for (uint32_t j = 0; j < cert_size; j++) { ++ ch_high = hex2ch(hex_cert[HEX_STR_SIZE_PER_CHAR * j]); ++ ch_low = hex2ch(hex_cert[HEX_STR_SIZE_PER_CHAR * j + 1]); ++ if (ch_high == BYTE_CONVERT_ERROR || ch_low == BYTE_CONVERT_ERROR) { ++ tloge("bad hex string, j %u\n", j); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ cert[j] = ((ch_high << BIT_4) & BYTE_HIGH_BIT_4) + ch_low; ++ } ++ return TEE_SUCCESS; ++} ++ ++TEE_Result alloc_daa_grp_pubkey(uint8_t *hex_array[DAA_GRP_PUBKEY_DIMS], uint32_t hex_pt_size, ++ struct daa_grp_pubkey *pubkey) ++{ ++ tlogi("TA request to convert daa group key\n"); ++ if (hex_array == NULL || hex_pt_size == 0 || hex_pt_size > DAA_ECC_PT_MAX_SIZE || pubkey == NULL) { ++ tloge("bad params to convert daa grp pubkeys\n"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ TEE_Result ret; ++ pubkey->pt_size = hex_pt_size / HEX_STR_SIZE_PER_CHAR; ++ for (uint32_t i = 0; i < DAA_GRP_PUBKEY_DIMS; i++) { ++ pubkey->pt_buf[i] = (uint8_t*)malloc(pubkey->pt_size); ++ if (pubkey->pt_buf[i] == NULL) { ++ tloge("alloc pubkey failed\n"); ++ ret = TEE_ERROR_OUT_OF_MEMORY; ++ goto err; ++ } ++ } ++ ++ /* copy data */ ++ for (uint32_t i = 0; i < DAA_GRP_PUBKEY_DIMS; i++) { ++ ret = hex_array2ch_array(hex_array[i], pubkey->pt_buf[i], pubkey->pt_size); ++ if (ret != TEE_SUCCESS) { ++ tloge("bad hex string, i %u\n", i); ++ goto err; ++ } ++ } ++ ++ tlogi("convert daa group key succeed!\n"); ++ return TEE_SUCCESS; ++err: ++ free_daa_grp_pubkey(pubkey); ++ pubkey = NULL; ++ return ret; ++} ++ ++static TEE_Result get_akcert_one_field(struct daa_ak_cert *cert, uint32_t idx, uint8_t *field_buf, uint32_t field_size) ++{ ++ uint32_t pos = 0; ++ uint32_t x_size = 0; ++ uint32_t y_size = 0; ++ ++ /* get x field */ ++ if (memcpy_s(&x_size, sizeof(uint32_t), field_buf + pos, sizeof(uint32_t)) != 0) ++ return TEE_ERROR_GENERIC; ++ pos += (uint32_t)sizeof(uint32_t); ++ if (x_size > field_size || pos > field_size - x_size) ++ return TEE_ERROR_BAD_PARAMETERS; ++ cert->pt_buf[(idx << 1)] = field_buf + pos; ++ ++ if (cert->pt_size != 0 && cert->pt_size != x_size) { ++ tloge("the pt_size for all extract data do not match! %u vs. %u\n", x_size, cert->pt_size); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ cert->pt_size = x_size; ++ pos += x_size; ++ ++ /* get y field */ ++ if (pos > field_size - sizeof(uint32_t)) ++ return TEE_ERROR_BAD_PARAMETERS; ++ if (memcpy_s(&y_size, sizeof(uint32_t), field_buf + pos, sizeof(uint32_t)) != 0) ++ return TEE_ERROR_GENERIC; ++ pos += (uint32_t)sizeof(uint32_t); ++ if (y_size > field_size || pos > field_size - y_size) ++ return TEE_ERROR_BAD_PARAMETERS; ++ cert->pt_buf[(idx << 1) + 1] = field_buf + pos; ++ if (cert->pt_size != y_size) { ++ tloge("the pt_size for all extract data do not match! %u vs. %u\n", y_size, cert->pt_size); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ return TEE_SUCCESS; ++} ++ ++TEE_Result convert_daa_ak_cert(struct daa_ak_cert *cert, uint8_t *akcert, uint32_t akcert_size) ++{ ++ if (cert == NULL || akcert == NULL || akcert_size < (uint32_t)sizeof(uint32_t) || ++ akcert_size > DAA_SAVE_AKCERT_MAX_SIZE) ++ return TEE_ERROR_BAD_PARAMETERS; ++ ++ uint32_t pos = 0; ++ TEE_Result ret; ++ uint32_t field_size = 0; ++ uint8_t *field_buf = NULL; ++ for (uint32_t i = 0; i < (DAA_AK_CERT_DIMS >> 1); i++) { ++ if (pos > akcert_size - (uint32_t)sizeof(uint32_t)) ++ return TEE_ERROR_BAD_PARAMETERS; ++ ++ if (memcpy_s(&field_size, sizeof(uint32_t), akcert + pos, sizeof(uint32_t)) != 0) ++ return TEE_ERROR_GENERIC; ++ ++ pos += (uint32_t)sizeof(uint32_t); ++ field_buf = akcert + pos; ++ ++ ret = get_akcert_one_field(cert, i, field_buf, field_size); ++ if (ret != TEE_SUCCESS) { ++ tloge("get one field[%u] from akcert failed\n", i); ++ return ret; ++ } ++ ++ pos += field_size; ++ } ++ tlogi("convert daa_ak_cert succeed!\n"); ++ return TEE_SUCCESS; ++} ++ ++TEE_Result load_daa_hex_akcert(uint8_t *hex_cert, uint32_t hex_cert_size, uint8_t *cert, uint32_t cert_size) ++{ ++ if (hex_cert == NULL || cert == NULL || hex_cert_size == 0 || ++ hex_cert_size / HEX_STR_SIZE_PER_CHAR != cert_size) { ++ tloge("cannot convert hex to raw, bad params\n"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ return hex_array2ch_array(hex_cert, cert, cert_size); ++} +diff --git a/test/TA/qta/src/daa/daa_structure.h b/test/TA/qta/src/daa/daa_structure.h +new file mode 100644 +index 0000000..3e07b3b +--- /dev/null ++++ b/test/TA/qta/src/daa/daa_structure.h +@@ -0,0 +1,64 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ */ ++#ifndef TEE_QTA_DAA_STRUCTURE_H ++#define TEE_QTA_DAA_STRUCTURE_H ++#include ++ ++#define DAA_ECC_PT_MAX_SIZE 256 ++#define DAA_SAVE_AKCERT_MAX_SIZE 0x1000 ++ ++enum { ++ DAA_GRP_PK_X_X0 = 0, ++ DAA_GRP_PK_X_Y0, ++ DAA_GRP_PK_X_X1, ++ DAA_GRP_PK_X_Y1, ++ DAA_GRP_PK_Y_X0, ++ DAA_GRP_PK_Y_Y0, ++ DAA_GRP_PK_Y_X1, ++ DAA_GRP_PK_Y_Y1, ++ DAA_GRP_PUBKEY_DIMS ++}; ++struct daa_grp_pubkey { ++ uint8_t *pt_buf[DAA_GRP_PUBKEY_DIMS]; ++ uint32_t pt_size; /* size of all uint8_t* is pt_size */ ++}; ++ ++enum { ++ DAA_AK_CERT_A_X = 0, ++ DAA_AK_CERT_A_Y, ++ DAA_AK_CERT_B_X, ++ DAA_AK_CERT_B_Y, ++ DAA_AK_CERT_C_X, ++ DAA_AK_CERT_C_Y, ++ DAA_AK_CERT_D_X, ++ DAA_AK_CERT_D_Y, ++ DAA_AK_CERT_DIMS ++}; ++struct daa_ak_cert { ++ uint8_t *pt_buf[DAA_AK_CERT_DIMS]; ++ uint32_t pt_size; /* size of all uint8_t* is pt_size */ ++}; ++ ++/* ++ * utils for validate_akcert before invoking ECC's pairing functions. ++ * These functions does not invoke tcmgr service. They runs in libtcmgr only. ++ */ ++ ++/* ++ * convert @hex_array to @pubkey ++ */ ++TEE_Result alloc_daa_grp_pubkey(uint8_t *hex_array[DAA_GRP_PUBKEY_DIMS], uint32_t hex_pt_size, ++ struct daa_grp_pubkey *pubkey); ++void free_daa_grp_pubkey(struct daa_grp_pubkey *pubkey); ++TEE_Result convert_daa_ak_cert(struct daa_ak_cert *cert, uint8_t *akcert, uint32_t akcert_size); ++TEE_Result load_daa_hex_akcert(uint8_t *hex_cert, uint32_t hex_cert_size, uint8_t *cert, uint32_t cert_size); ++#endif +diff --git a/test/TA/qta/src/daa/validate_akcert.c b/test/TA/qta/src/daa/validate_akcert.c +new file mode 100644 +index 0000000..2c55320 +--- /dev/null ++++ b/test/TA/qta/src/daa/validate_akcert.c +@@ -0,0 +1,191 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ */ ++#include "validate_akcert.h" ++#include ++#include ++#include ++ ++#include ++#include "daa_structure.h" ++ ++#define DAA_GRP_KEY_PK_X_X0 "0cb2c846b963556d3651f89a490a0257039637dfee774caedb32513eccec6789" \ ++ "e29269aa054814000227a6d34bb29c67fe399ebe1dd6c9f6b33604d5b990912c" ++#define DAA_GRP_KEY_PK_X_X1 "7be073749d20ff1a57131f66c0271f219b8b767f924b8ab187fc480bfbf84ff2" \ ++ "6ce81aa42549fb100b851d9867c5e12baa5362417c4d2b5f3726ad1f5bf9b98b" ++#define DAA_GRP_KEY_PK_X_Y0 "a4523e489bd2245a5ee92255b3e54dd0a90fd1f0f4712514dce6ab85397bba3a" \ ++ "7a2921956f14fc2207495ecb7a2442df36092254fbb29bbab2fed41ff198d0ae" ++#define DAA_GRP_KEY_PK_X_Y1 "7daf3d8855ed007da8d41d143ae8a086c5a63ae665856ecff09af7fe9eecf066" \ ++ "5f8527de27a0cd606ffe7ca18a6988c4830a28d0f9ece0f1f08dbc4ea526c36f" ++ ++#define DAA_GRP_KEY_PK_Y_X0 "d2c6994dee1b5dc071d5d547f26471bcd6aef7c2dc2ce112b9475bdecc0e85a7" \ ++ "2015841f85a8de39506396cec11c520975f6d985b262c6f97413d2632f899896" ++#define DAA_GRP_KEY_PK_Y_X1 "e391d2d0cf2703b327ffb88615bfe6d7a9c5715007c9bfa91ff6b01210000a8e" \ ++ "ddff2a310a2af6e042135b399989b7f54833ea96d5cbc93ae5da61ee63669941" ++#define DAA_GRP_KEY_PK_Y_Y0 "ffbde64729b2f8a212bfe2eef22c7b62edd77a78bc5e7f3c6782bcd839d26e0c" \ ++ "7cea338240874edc3654bd3293974a7581ec168bfaee35bb093a8302bce9ac90" ++#define DAA_GRP_KEY_PK_Y_Y1 "03836c48550cf1c9dc5c455201e248acccf7a5395f9d4cc477734fdbaf8330d9" \ ++ "7386aa451893824994cbedfdde7f9a8b8b7baad4b0b4dca8201135392b4910d4" ++ ++#define DAA_GRP_KEY_PK_LEN (sizeof(DAA_GRP_KEY_PK_X_X0)) ++ ++#define DAA_GRP_PK_ELE_NUM 2 ++#define DAA_GRP_AK_CERT_ELE_NUM 4 ++ ++#define GRP_PK_EACH_ELE_DIM 4 /* ((uint32_t)DAA_GRP_PUBKEY_DIMS / (uint32_t)DAA_GRP_PK_ELE_NUM) */ ++#define GRP_PK_EACH_ELE_IDX2 2 ++#define GRP_PK_EACH_ELE_IDX3 3 ++static TEE_Result daa_grp_pk_to_ecp(struct daa_grp_pubkey *grp_pk, ECP2_FP512BN *ecp2[DAA_GRP_PK_ELE_NUM]) ++{ ++ for (uint32_t i = 0; i < DAA_GRP_PK_ELE_NUM; i++) { ++ FP2_FP512BN fp2_bn_x, fp2_bn_y; ++ BIG_512_60 bn_x0, bn_y0, bn_x1, bn_y1; ++ BIG_512_60_fromBytes(bn_x0, (char*)(uintptr_t)(grp_pk->pt_buf[GRP_PK_EACH_ELE_DIM * i + 0])); ++ BIG_512_60_fromBytes(bn_y0, (char*)(uintptr_t)(grp_pk->pt_buf[GRP_PK_EACH_ELE_DIM * i + 1])); ++ BIG_512_60_fromBytes(bn_x1, ++ (char*)(uintptr_t)(grp_pk->pt_buf[GRP_PK_EACH_ELE_DIM * i + GRP_PK_EACH_ELE_IDX2])); ++ BIG_512_60_fromBytes(bn_y1, ++ (char*)(uintptr_t)(grp_pk->pt_buf[GRP_PK_EACH_ELE_DIM * i + GRP_PK_EACH_ELE_IDX3])); ++ FP2_FP512BN_from_BIGs(&fp2_bn_x, bn_x0, bn_y0); ++ FP2_FP512BN_from_BIGs(&fp2_bn_y, bn_x1, bn_y1); ++ if (ECP2_FP512BN_set(ecp2[i], &fp2_bn_x, &fp2_bn_y) == 0) { ++ tloge("bad point[%u] when converting DAA pubkey to ECP2\n", i); ++ return TEE_ERROR_GENERIC; ++ } ++ } ++ return TEE_SUCCESS; ++} ++ ++#define AK_CERT_EACH_ELE_DIM 2 /* ((uint32_t)DAA_AK_CERT_DIMS / (uint32_t)DAA_GRP_AK_CERT_ELE_NUM) */ ++static TEE_Result daa_ak_cert_to_ecp(struct daa_ak_cert *ak_cert, ECP_FP512BN *ecp[DAA_GRP_AK_CERT_ELE_NUM]) ++{ ++ for (uint32_t i = 0; i < DAA_GRP_AK_CERT_ELE_NUM; i++) { ++ BIG_512_60 big_x, big_y; ++ BIG_512_60_fromBytes(big_x, (char*)(uintptr_t)(ak_cert->pt_buf[AK_CERT_EACH_ELE_DIM * i])); ++ BIG_512_60_fromBytes(big_y, (char*)(uintptr_t)(ak_cert->pt_buf[AK_CERT_EACH_ELE_DIM * i + 1])); ++ if (ECP_FP512BN_set(ecp[i], big_x, big_y) == 0) { ++ tloge("bad point[%u] when converting DAA ak cert to ECP\n", i); ++ return TEE_ERROR_GENERIC; ++ } ++ } ++ return TEE_SUCCESS; ++} ++ ++struct validate_daa_pair_context { ++ ECP_FP512BN a, b, c, d; ++ ECP2_FP512BN ecp2_x, ecp2_y; ++ FP12_FP512BN pair_lhs, pair_rhs; ++ ECP2_FP512BN p2; ++}; ++ ++static TEE_Result validate_daa_pairs(struct daa_grp_pubkey *grp_pk, struct daa_ak_cert *ak_cert) ++{ ++ TEE_Result pairings_ok; ++ tlogi("qta begins to validate daa pairs\n"); ++ struct validate_daa_pair_context context; ++ (void)memset_s(&context, sizeof(context), 0, sizeof(context)); ++ ++ if (ECP2_FP512BN_generator(&context.p2) == 0) { ++ tloge("bad point when getting P2\n"); ++ return TEE_ERROR_GENERIC; ++ } ++ ++ ECP2_FP512BN *ecp2[DAA_GRP_PK_ELE_NUM] = { &context.ecp2_x, &context.ecp2_y }; ++ pairings_ok = daa_grp_pk_to_ecp(grp_pk, ecp2); ++ if (pairings_ok != TEE_SUCCESS) { ++ tloge("convert group pubkey to ECP2_FP512BN failed\n"); ++ return pairings_ok; ++ } ++ ++ ECP_FP512BN *ecp[DAA_GRP_AK_CERT_ELE_NUM] = { &context.a, &context.b, &context.c, &context.d }; ++ pairings_ok = daa_ak_cert_to_ecp(ak_cert, ecp); ++ if (pairings_ok != TEE_SUCCESS) { ++ tloge("convert DAA ak cert to ECP_FP512BN failed\n"); ++ return pairings_ok; ++ } ++ ++ PAIR_FP512BN_ate(&context.pair_lhs, &context.ecp2_y, &context.a); ++ PAIR_FP512BN_fexp(&context.pair_lhs); ++ ++ PAIR_FP512BN_ate(&context.pair_rhs, &context.p2, &context.b); ++ PAIR_FP512BN_fexp(&context.pair_rhs); ++ if (FP12_FP512BN_equals(&context.pair_lhs, &context.pair_rhs) == 0) { ++ tloge("validate DAA pair[0] failed\n"); ++ return TEE_ERROR_GENERIC; ++ } ++ ECP_FP512BN_add(&context.d, &context.a); ++ ++ PAIR_FP512BN_ate(&context.pair_lhs, &context.ecp2_x, &context.d); ++ PAIR_FP512BN_fexp(&context.pair_lhs); ++ ++ PAIR_FP512BN_ate(&context.pair_rhs, &context.p2, &context.c); ++ PAIR_FP512BN_fexp(&context.pair_rhs); ++ ++ if (FP12_FP512BN_equals(&context.pair_lhs, &context.pair_rhs) == 0) { ++ tloge("validate DAA pair[1] failed\n"); ++ return TEE_ERROR_GENERIC; ++ } ++ tlogi("qta finishes check daa pair: pairings_ok = %u, expect value = %u\n", pairings_ok, TEE_SUCCESS); ++ return pairings_ok; ++} ++ ++TEE_Result validate_akcert(char *hex_input, uint32_t hex_input_size) ++{ ++ if (hex_input == NULL || hex_input_size == 0 || hex_input_size > DAA_SAVE_AKCERT_MAX_SIZE) ++ return TEE_ERROR_BAD_PARAMETERS; ++ ++ TEE_Result ret; ++ ++ tlogi("prepare to init daa group pubkeys\n"); ++ struct daa_grp_pubkey grp_pk; ++ (void)memset_s(&grp_pk, sizeof(grp_pk), 0, sizeof(grp_pk)); ++ uint8_t* array[] = { (uint8_t*)DAA_GRP_KEY_PK_X_X0, (uint8_t*)DAA_GRP_KEY_PK_X_X1, (uint8_t*)DAA_GRP_KEY_PK_X_Y0, ++ (uint8_t*)DAA_GRP_KEY_PK_X_Y1, (uint8_t*)DAA_GRP_KEY_PK_Y_X0, (uint8_t*)DAA_GRP_KEY_PK_Y_X1, ++ (uint8_t*)DAA_GRP_KEY_PK_Y_Y0, (uint8_t*)DAA_GRP_KEY_PK_Y_Y1 }; ++ ret = alloc_daa_grp_pubkey(array, DAA_GRP_KEY_PK_LEN, &grp_pk); ++ if (ret != TEE_SUCCESS) { ++ tloge("validate akcert: alloc daa group keys failed, ret 0x%x\n", ret); ++ return ret; ++ } ++ ++ tlogi("prepare to load daa ak_cert\n"); ++ uint32_t input_size = hex_input_size >> 1; ++ uint8_t *input = TEE_Malloc(input_size, 0); ++ if (input == NULL) { ++ tloge("validate akcert: alloc input buffer failed, ret 0x%x\n", ret); ++ ret = TEE_ERROR_OUT_OF_MEMORY; ++ goto clear; ++ } ++ ret = load_daa_hex_akcert((uint8_t*)(uintptr_t)hex_input, hex_input_size, input, input_size); ++ if (ret != TEE_SUCCESS) { ++ tloge("validate akcert: convert hex str to raw failed, ret 0x%x\n", ret); ++ goto clear; ++ } ++ ++ struct daa_ak_cert ak_cert; ++ (void)memset_s(&ak_cert, sizeof(ak_cert), 0, sizeof(ak_cert)); ++ ret = convert_daa_ak_cert(&ak_cert, input, input_size); ++ if (ret != TEE_SUCCESS) { ++ tloge("validate akcert: validate daa pairs failed, ret 0x%x\n", ret); ++ goto clear; ++ } ++ ++ ret = validate_daa_pairs(&grp_pk, &ak_cert); ++ if (ret != TEE_SUCCESS) { ++ tloge("validate akcert: validate daa pairs failed, ret 0x%x\n", ret); ++ goto clear; ++ } ++clear: ++ if (input) ++ TEE_Free(input); ++ free_daa_grp_pubkey(&grp_pk); ++ return ret; ++} +diff --git a/test/TA/qta/src/daa/validate_akcert.h b/test/TA/qta/src/daa/validate_akcert.h +new file mode 100644 +index 0000000..bce08d3 +--- /dev/null ++++ b/test/TA/qta/src/daa/validate_akcert.h +@@ -0,0 +1,20 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ */ ++#ifndef TEE_QTA_VALIDATE_AKCERT_H ++#define TEE_QTA_VALIDATE_AKCERT_H ++#include ++#include ++ ++TEE_Result validate_akcert(char *akcert, uint32_t akcert_size); ++ ++#endif ++ +diff --git a/test/TA/qta/src/tee_qta.c b/test/TA/qta/src/tee_qta.c +new file mode 100644 +index 0000000..8dff8a6 +--- /dev/null ++++ b/test/TA/qta/src/tee_qta.c +@@ -0,0 +1,279 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ */ ++#include "tee_qta.h" ++#include ++#include ++#include "tee_ra_api.h" ++#include "securec.h" ++#include ++ ++#ifdef ENABLE_DAA_PAIR_MIRACL ++#include "daa/validate_akcert.h" ++#endif ++ ++TEE_Result TA_CreateEntryPoint(void) ++{ ++ TEE_Result ret; ++ /* TA auth CA */ ++ ++ /* TA auth TA */ ++ ret = AddCaller_TA_all(); ++ if (ret != TEE_SUCCESS) ++ return ret; ++ ++ tlogi("tee_qta: CreateEntryPoint success.\n"); ++ return ret; ++} ++ ++TEE_Result TA_OpenSessionEntryPoint(uint32_t param_types, TEE_Param params[PARAM_NUM], void **session_context) ++{ ++ (void)param_types; ++ (void)params; ++ (void)session_context; ++ tlogi("tee_qta: OpenSessionEntryPoint success.\n"); ++ return TEE_SUCCESS; ++} ++ ++static bool check_akcert_params_valid(struct ra_buffer_data *akcert) ++{ ++ bool result = false; ++ if (akcert == NULL || akcert->buffer == NULL || akcert->length == 0 || akcert->length > SHAREMEM_LIMIT) { ++ tloge("akcert params is invalid\n"); ++ return result; ++ } ++ ++ char *akcert_buf = REINTERPRET_CAST(char *, uint8_t *, akcert->buffer); ++ cJSON *json = cJSON_Parse(akcert_buf); ++ if (json == NULL) { ++ tloge("check akcert json failed\n"); ++ return result; ++ } ++ ++ char *handler = cJSON_GetStringValue(cJSON_GetObjectItem(json, "handler")); ++ if (handler == NULL || strcmp(handler, "saveakcert-output") != 0) { ++ tloge("check akcert handler failed\n"); ++ goto clear; ++ } ++ ++ cJSON *payload = cJSON_GetObjectItem(json, "payload"); ++ if (payload == NULL) { ++ tloge("check akcert payload failed\n"); ++ goto clear; ++ } ++ ++ char *version = cJSON_GetStringValue(cJSON_GetObjectItem(payload, "version")); ++ if (version == NULL || strcmp(version, "TEE.RA.1.0") != 0) { ++ tloge("check akcert version failed\n"); ++ goto clear; ++ } ++ ++ char *scenario = cJSON_GetStringValue(cJSON_GetObjectItem(payload, "scenario")); ++ if (scenario == NULL || strcmp(scenario, "sce_as_with_daa") != 0) { ++ tloge("check akcert scenario failed\n"); ++ goto clear; ++ } ++#ifdef ENABLE_DAA_PAIR_MIRACL ++ char *hex_akcert = cJSON_GetStringValue(cJSON_GetObjectItem(payload, "hex_akcert")); ++ if (validate_akcert(hex_akcert, strlen(hex_akcert)) != TEE_SUCCESS) { ++ tloge("check akcert using pairing failed\n"); ++ goto clear; ++ } ++#endif ++ result = true; ++clear: ++ cJSON_Delete(json); ++ return result; ++} ++ ++static TEE_Result qta_validate_akcert(struct ra_buffer_data *akcert) ++{ ++ TEE_Result result = TEE_ERROR_GENERIC; ++ if (!check_akcert_params_valid(akcert)) { ++ tloge("qta validate akcert: check params invalid\n"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ char *akcert_buf = REINTERPRET_CAST(char *, uint8_t *, akcert->buffer); ++ cJSON *json = cJSON_Parse(akcert_buf); ++ cJSON *handler = cJSON_CreateString("validateakcert-input"); ++ if (handler == NULL) { ++ tloge("qta validate akcert: handler is null\n"); ++ goto clear1; ++ } ++ if (!cJSON_ReplaceItemInObject(json, "handler", handler)) { ++ tloge("qta validate akcert: replace handler in json failed\n"); ++ cJSON_Delete(handler); ++ goto clear1; ++ } ++ ++ char *json_buf = cJSON_Print(json); ++ if (json_buf == NULL) { ++ tloge("json buf is null"); ++ goto clear1; ++ } ++ ++ if (strlen(json_buf) > IN_RESERVED_SIZE) { ++ tloge("qta validate akcert: json size is invalid\n"); ++ result = TEE_ERROR_BAD_PARAMETERS; ++ goto clear2; ++ } ++ ++ uint32_t in_size = strlen(json_buf); ++ uint8_t *in_buf = REINTERPRET_CAST(uint8_t *, char *, json_buf); ++ struct ra_buffer_data in = {in_size, in_buf}; ++ result = ra_qsi_invoke(&in, NULL); ++ if (result != TEE_SUCCESS) ++ tloge("qta validate akcert failed\n"); ++clear2: ++ cJSON_free(json_buf); ++clear1: ++ cJSON_Delete(json); ++ return result; ++} ++ ++static TEE_Result local_attest(struct ra_buffer_data *in, struct ra_buffer_data *out) ++{ ++ TEE_Result result; ++ char *buf = REINTERPRET_CAST(char *, uint8_t *, in->buffer); ++ cJSON *json = cJSON_Parse(buf); ++ if (json == NULL) { ++ tloge("check local attest json failed\n"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ char *handler = cJSON_GetStringValue(cJSON_GetObjectItem(json, "handler")); ++ if (handler == NULL) { ++ tloge("handler is null\n"); ++ result = TEE_ERROR_BAD_PARAMETERS; ++ goto clear; ++ } ++ if (strcmp(handler, "report-input") != 0) { ++ tloge("check local attest handler failed\n"); ++ result = TEE_ERROR_BAD_PARAMETERS; ++ goto clear; ++ } ++ result = ra_qsi_invoke(in, out); ++clear: ++ cJSON_Delete(json); ++ return result; ++} ++ ++static TEE_Result qta_local_attest(uint32_t param_types, TEE_Param *params) ++{ ++ bool ret = check_param_type(param_types, TEE_PARAM_TYPE_MEMREF_INPUT, TEE_PARAM_TYPE_MEMREF_OUTPUT, ++ TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_NONE); ++ if (!ret || params == NULL) { ++ tloge("qta local attest: bad params\n"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ if (params[0].memref.buffer == NULL || params[0].memref.size == 0 || ++ params[0].memref.size > IN_RESERVED_SIZE || params[1].memref.buffer == NULL || ++ params[1].memref.size < OUT_RESERVED_SIZE || params[1].memref.size > SHAREMEM_LIMIT) { ++ tloge("qta local attest: invalid memref info\n"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ struct ra_buffer_data in; ++ struct ra_buffer_data out; ++ in.buffer = params[0].memref.buffer; ++ in.length = params[0].memref.size; ++ out.buffer = params[1].memref.buffer; ++ out.length = params[1].memref.size; ++ ++ TEE_Result result = local_attest(&in, &out); ++ if (result != TEE_SUCCESS) { ++ tloge("local attest failed\n"); ++ return result; ++ } ++ params[PARAM_TWO].value.a = out.length; ++ return result; ++} ++ ++static TEE_Result qta_remote_attest(uint32_t param_types, TEE_Param *params) ++{ ++ bool ret = check_param_type(param_types, TEE_PARAM_TYPE_MEMREF_INPUT, TEE_PARAM_TYPE_MEMREF_OUTPUT, ++ TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_NONE); ++ if (!ret || params == NULL) { ++ tloge("qta remote attest: bad params\n"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ if (params[0].memref.buffer == NULL || params[0].memref.size == 0 || ++ params[0].memref.size > IN_RESERVED_SIZE || params[1].memref.size > SHAREMEM_LIMIT || ++ (params[1].memref.buffer != NULL && params[1].memref.size < OUT_RESERVED_SIZE) || ++ (params[1].memref.buffer == NULL && params[1].memref.size > 0)) { ++ tloge("qta remote attest: invalid memref info\n"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ struct ra_buffer_data in; ++ struct ra_buffer_data out; ++ in.buffer = params[0].memref.buffer; ++ in.length = params[0].memref.size; ++ out.buffer = params[1].memref.buffer; ++ out.length = params[1].memref.size; ++ TEE_Result result = ra_qsi_invoke(&in, &out); ++ if (result == TEE_PENDING) { ++ return qta_validate_akcert(&out); ++ } else if (result == TEE_SUCCESS) { ++ params[PARAM_TWO].value.a = out.length; ++ return result; ++ } ++ tloge("ra qsi invoke failed\n"); ++ return result; ++} ++ ++TEE_Result TA_InvokeCommandEntryPoint(void *session_context, uint32_t cmd_id, ++ uint32_t param_types, TEE_Param params[PARAM_NUM]) ++{ ++ tlogi("tee_qta: Enter TA_InvokeCommandEntryPoint.\n"); ++ (void)session_context; ++ if (cmd_id != REMOTE_ATTEST_CMD) { ++ tloge("tee_qta: InvokeCommandEntryPoint failed, cmd: 0x%x.\n", cmd_id); ++ return TEE_ERROR_INVALID_CMD; ++ } ++ ++ caller_info cinfo; ++ (void)memset_s(&cinfo, sizeof(cinfo), 0, sizeof(cinfo)); ++ TEE_Result ret = TEE_EXT_GetCallerInfo(&cinfo, sizeof(cinfo)); ++ if (ret != TEE_SUCCESS) { ++ tloge("tee_qta: Get call info failed.\n"); ++ return ret; ++ } ++ if (cinfo.session_type == SESSION_FROM_TA) { ++ ret = qta_local_attest(param_types, params); ++ if (ret != TEE_SUCCESS) ++ tloge("tee_qta: local attest failed, cmd: 0x%x, ret: 0x%x.\n", cmd_id, ret); ++ else ++ tlogi("tee_qta: InvokeCommandEntryPoint success.\n"); ++ return ret; ++ } ++ ++ ret = qta_remote_attest(param_types, params); ++ if (ret != TEE_SUCCESS) ++ tloge("tee_qta: remote attest failed, cmd: 0x%x, ret: 0x%x.\n", cmd_id, ret); ++ else ++ tlogi("tee_qta: InvokeCommandEntryPoint success.\n"); ++ return ret; ++} ++ ++void TA_CloseSessionEntryPoint(void *session_context) ++{ ++ (void)session_context; ++ tlogi("tee_qta: CloseSessionEntryPoint success.\n"); ++} ++ ++void TA_DestroyEntryPoint(void) ++{ ++ tlogi("tee_qta: DestroyEntryPoint success.\n"); ++} +diff --git a/test/TA/qta/src/tee_qta.h b/test/TA/qta/src/tee_qta.h +new file mode 100644 +index 0000000..0dfb1d5 +--- /dev/null ++++ b/test/TA/qta/src/tee_qta.h +@@ -0,0 +1,29 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved. ++ * Licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ */ ++#ifndef TEE_QTA_H ++#define TEE_QTA_H ++#include ++#include ++ ++#define PARAM_TWO 2 ++#define PARAM_THREE 3 ++#define PARAM_NUM 4 ++#define SHAREMEM_LIMIT 0x100000 ++#define IN_RESERVED_SIZE 0x2000 ++#define OUT_RESERVED_SIZE 0x3000 ++#define REMOTE_ATTEST_CMD 0x1001 ++ ++#define REINTERPRET_CAST(dest_type, source_type, temp) \ ++ ((__extension__(union { source_type source; dest_type dest; })(temp)).dest) ++ ++#endif ++ +diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/alltypes.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/alltypes.h +index a0309c0..04d8c0b 100644 +--- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/alltypes.h ++++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/alltypes.h +@@ -1,35 +1,15 @@ + #define _Addr long +-#ifdef __LP64__ + #define _Int64 long +-#else +-#define _Int64 long long +-#endif + #define _Reg long + +-#define __LITTLE_ENDIAN 1234 +-#define __BIG_ENDIAN 4321 +-#define __USE_TIME_BITS64 1 +- +-#ifndef __BYTE_ORDER + #if __AARCH64EB__ + #define __BYTE_ORDER 4321 + #else + #define __BYTE_ORDER 1234 + #endif +-#endif + + #define __LONG_MAX 0x7fffffffffffffffL + +-#if defined(__NEED_va_list) && !defined(__DEFINED_va_list) +-typedef __builtin_va_list va_list; +-#define __DEFINED_va_list +-#endif +- +-#if defined(__NEED___isoc_va_list) && !defined(__DEFINED___isoc_va_list) +-typedef __builtin_va_list __isoc_va_list; +-#define __DEFINED___isoc_va_list +-#endif +- + #ifndef __cplusplus + #if defined(__NEED_wchar_t) && !defined(__DEFINED_wchar_t) + typedef unsigned wchar_t; +@@ -42,6 +22,7 @@ typedef unsigned wint_t; + #define __DEFINED_wint_t + #endif + ++ + #if defined(__NEED_blksize_t) && !defined(__DEFINED_blksize_t) + typedef int blksize_t; + #define __DEFINED_blksize_t +@@ -52,6 +33,7 @@ typedef unsigned int nlink_t; + #define __DEFINED_nlink_t + #endif + ++ + #if defined(__NEED_float_t) && !defined(__DEFINED_float_t) + typedef float float_t; + #define __DEFINED_float_t +@@ -62,100 +44,15 @@ typedef double double_t; + #define __DEFINED_double_t + #endif + ++ + #if defined(__NEED_max_align_t) && !defined(__DEFINED_max_align_t) +-typedef struct { +- long long __ll; +- long double __ld; +-} max_align_t; ++typedef struct { long long __ll; long double __ld; } max_align_t; + #define __DEFINED_max_align_t + #endif + +-#if defined(__NEED_time_t) && !defined(__DEFINED_time_t) +-typedef long time_t; +-#define __DEFINED_time_t +-#endif +- +-#if defined(__NEED_suseconds_t) && !defined(__DEFINED_suseconds_t) +-typedef long suseconds_t; +-#define __DEFINED_suseconds_t +-#endif +- +-#if defined(__NEED_pthread_attr_t) && !defined(__DEFINED_pthread_attr_t) +-typedef struct { +- union { +- int __i[14]; +- volatile int __vi[14]; +- unsigned long __s[7]; +- } __u; +-} pthread_attr_t; +-#define __DEFINED_pthread_attr_t +-#endif +- +-#if defined(__NEED_pthread_mutex_t) && !defined(__DEFINED_pthread_mutex_t) +-typedef struct { +- union { +- int __i[10]; +- volatile int __vi[10]; +- volatile void *volatile __p[5]; +- } __u; +-} pthread_mutex_t; +-#define __DEFINED_pthread_mutex_t +-#endif +- +-#if defined(__NEED_mtx_t) && !defined(__DEFINED_mtx_t) +-typedef struct { +- union { +- int __i[10]; +- volatile int __vi[10]; +- volatile void *volatile __p[5]; +- } __u; +-} mtx_t; +-#define __DEFINED_mtx_t +-#endif +- +-#if defined(__NEED_pthread_cond_t) && !defined(__DEFINED_pthread_cond_t) +-typedef struct { +- union { +- int __i[12]; +- volatile int __vi[12]; +- void *__p[6]; +- } __u; +-} pthread_cond_t; +-#define __DEFINED_pthread_cond_t +-#endif +- +-#if defined(__NEED_cnd_t) && !defined(__DEFINED_cnd_t) +-typedef struct { +- union { +- int __i[12]; +- volatile int __vi[12]; +- void *__p[6]; +- } __u; +-} cnd_t; +-#define __DEFINED_cnd_t +-#endif +- +-#if defined(__NEED_pthread_rwlock_t) && !defined(__DEFINED_pthread_rwlock_t) +-typedef struct { +- union { +- int __i[14]; +- volatile int __vi[14]; +- void *__p[7]; +- } __u; +-} pthread_rwlock_t; +-#define __DEFINED_pthread_rwlock_t +-#endif +- +-#if defined(__NEED_pthread_barrier_t) && !defined(__DEFINED_pthread_barrier_t) +-typedef struct { +- union { +- int __i[8]; +- volatile int __vi[8]; +- void *__p[4]; +- } __u; +-} pthread_barrier_t; +-#define __DEFINED_pthread_barrier_t +-#endif ++#define __LITTLE_ENDIAN 1234 ++#define __BIG_ENDIAN 4321 ++#define __USE_TIME_BITS64 1 + + #if defined(__NEED_size_t) && !defined(__DEFINED_size_t) + typedef unsigned _Addr size_t; +@@ -192,28 +89,39 @@ typedef _Reg register_t; + #define __DEFINED_register_t + #endif + ++#if defined(__NEED_time_t) && !defined(__DEFINED_time_t) ++typedef _Int64 time_t; ++#define __DEFINED_time_t ++#endif ++ ++#if defined(__NEED_suseconds_t) && !defined(__DEFINED_suseconds_t) ++typedef _Int64 suseconds_t; ++#define __DEFINED_suseconds_t ++#endif ++ ++ + #if defined(__NEED_int8_t) && !defined(__DEFINED_int8_t) + typedef signed char int8_t; + #define __DEFINED_int8_t + #endif + + #if defined(__NEED_int16_t) && !defined(__DEFINED_int16_t) +-typedef short int16_t; ++typedef signed short int16_t; + #define __DEFINED_int16_t + #endif + + #if defined(__NEED_int32_t) && !defined(__DEFINED_int32_t) +-typedef int int32_t; ++typedef signed int int32_t; + #define __DEFINED_int32_t + #endif + + #if defined(__NEED_int64_t) && !defined(__DEFINED_int64_t) +-typedef _Int64 int64_t; ++typedef signed _Int64 int64_t; + #define __DEFINED_int64_t + #endif + + #if defined(__NEED_intmax_t) && !defined(__DEFINED_intmax_t) +-typedef _Int64 intmax_t; ++typedef signed _Int64 intmax_t; + #define __DEFINED_intmax_t + #endif + +@@ -247,6 +155,7 @@ typedef unsigned _Int64 uintmax_t; + #define __DEFINED_uintmax_t + #endif + ++ + #if defined(__NEED_mode_t) && !defined(__DEFINED_mode_t) + typedef unsigned mode_t; + #define __DEFINED_mode_t +@@ -292,6 +201,7 @@ typedef unsigned _Int64 fsfilcnt_t; + #define __DEFINED_fsfilcnt_t + #endif + ++ + #if defined(__NEED_wint_t) && !defined(__DEFINED_wint_t) + typedef unsigned wint_t; + #define __DEFINED_wint_t +@@ -302,8 +212,9 @@ typedef unsigned long wctype_t; + #define __DEFINED_wctype_t + #endif + ++ + #if defined(__NEED_timer_t) && !defined(__DEFINED_timer_t) +-typedef void *timer_t; ++typedef void * timer_t; + #define __DEFINED_timer_t + #endif + +@@ -318,21 +229,16 @@ typedef long clock_t; + #endif + + #if defined(__NEED_struct_timeval) && !defined(__DEFINED_struct_timeval) +-struct timeval { +- time_t tv_sec; +- suseconds_t tv_usec; +-}; ++struct timeval { time_t tv_sec; suseconds_t tv_usec; }; + #define __DEFINED_struct_timeval + #endif + + #if defined(__NEED_struct_timespec) && !defined(__DEFINED_struct_timespec) +-struct timespec { +- time_t tv_sec; +- long tv_nsec; +-}; ++struct timespec { time_t tv_sec; int :8*(sizeof(time_t)-sizeof(long))*(__BYTE_ORDER==4321); long tv_nsec; int :8*(sizeof(time_t)-sizeof(long))*(__BYTE_ORDER!=4321); }; + #define __DEFINED_struct_timespec + #endif + ++ + #if defined(__NEED_pid_t) && !defined(__DEFINED_pid_t) + typedef int pid_t; + #define __DEFINED_pid_t +@@ -363,6 +269,7 @@ typedef unsigned useconds_t; + #define __DEFINED_useconds_t + #endif + ++ + #ifdef __cplusplus + #if defined(__NEED_pthread_t) && !defined(__DEFINED_pthread_t) + typedef unsigned long pthread_t; +@@ -371,7 +278,7 @@ typedef unsigned long pthread_t; + + #else + #if defined(__NEED_pthread_t) && !defined(__DEFINED_pthread_t) +-typedef struct __pthread *pthread_t; ++typedef struct __pthread * pthread_t; + #define __DEFINED_pthread_t + #endif + +@@ -392,65 +299,78 @@ typedef int pthread_spinlock_t; + #endif + + #if defined(__NEED_pthread_mutexattr_t) && !defined(__DEFINED_pthread_mutexattr_t) +-typedef struct { +- unsigned __attr; +-} pthread_mutexattr_t; ++typedef struct { unsigned __attr; } pthread_mutexattr_t; + #define __DEFINED_pthread_mutexattr_t + #endif + + #if defined(__NEED_pthread_condattr_t) && !defined(__DEFINED_pthread_condattr_t) +-typedef struct { +- unsigned __attr; +-} pthread_condattr_t; ++typedef struct { unsigned __attr; } pthread_condattr_t; + #define __DEFINED_pthread_condattr_t + #endif + + #if defined(__NEED_pthread_barrierattr_t) && !defined(__DEFINED_pthread_barrierattr_t) +-typedef struct { +- unsigned __attr; +-} pthread_barrierattr_t; ++typedef struct { unsigned __attr; } pthread_barrierattr_t; + #define __DEFINED_pthread_barrierattr_t + #endif + + #if defined(__NEED_pthread_rwlockattr_t) && !defined(__DEFINED_pthread_rwlockattr_t) +-typedef struct { +- unsigned __attr[2]; +-} pthread_rwlockattr_t; ++typedef struct { unsigned __attr[2]; } pthread_rwlockattr_t; + #define __DEFINED_pthread_rwlockattr_t + #endif + ++ ++#if defined(__NEED_struct__IO_FILE) && !defined(__DEFINED_struct__IO_FILE) ++struct _IO_FILE { char __x; }; ++#define __DEFINED_struct__IO_FILE ++#endif ++ + #if defined(__NEED_FILE) && !defined(__DEFINED_FILE) + typedef struct _IO_FILE FILE; + #define __DEFINED_FILE + #endif + ++ ++#if defined(__NEED_va_list) && !defined(__DEFINED_va_list) ++typedef __builtin_va_list va_list; ++#define __DEFINED_va_list ++#endif ++ ++#if defined(__NEED___isoc_va_list) && !defined(__DEFINED___isoc_va_list) ++typedef __builtin_va_list __isoc_va_list; ++#define __DEFINED___isoc_va_list ++#endif ++ ++ + #if defined(__NEED_mbstate_t) && !defined(__DEFINED_mbstate_t) +-typedef struct __mbstate_t { +- unsigned __opaque1, __opaque2; +-} mbstate_t; ++typedef struct __mbstate_t { unsigned __opaque1, __opaque2; } mbstate_t; + #define __DEFINED_mbstate_t + #endif + ++ + #if defined(__NEED_locale_t) && !defined(__DEFINED_locale_t) +-typedef struct __locale_struct *locale_t; ++typedef struct __locale_struct * locale_t; + #define __DEFINED_locale_t + #endif + ++ + #if defined(__NEED_sigset_t) && !defined(__DEFINED_sigset_t) +-typedef struct __sigset_t { +- unsigned long __bits[128 / sizeof(long)]; +-} sigset_t; ++typedef struct __sigset_t { unsigned long __bits[128/sizeof(long)]; } sigset_t; + #define __DEFINED_sigset_t + #endif + ++ + #if defined(__NEED_struct_iovec) && !defined(__DEFINED_struct_iovec) +-struct iovec { +- void *iov_base; +- size_t iov_len; +-}; ++struct iovec { void *iov_base; size_t iov_len; }; + #define __DEFINED_struct_iovec + #endif + ++ ++#if defined(__NEED_struct_winsize) && !defined(__DEFINED_struct_winsize) ++struct winsize { unsigned short ws_row, ws_col, ws_xpixel, ws_ypixel; }; ++#define __DEFINED_struct_winsize ++#endif ++ ++ + #if defined(__NEED_socklen_t) && !defined(__DEFINED_socklen_t) + typedef unsigned socklen_t; + #define __DEFINED_socklen_t +@@ -461,6 +381,43 @@ typedef unsigned short sa_family_t; + #define __DEFINED_sa_family_t + #endif + ++ ++#if defined(__NEED_pthread_attr_t) && !defined(__DEFINED_pthread_attr_t) ++typedef struct { union { int __i[sizeof(long)==8?14:9]; volatile int __vi[sizeof(long)==8?14:9]; unsigned long __s[sizeof(long)==8?7:9]; } __u; } pthread_attr_t; ++#define __DEFINED_pthread_attr_t ++#endif ++ ++#if defined(__NEED_pthread_mutex_t) && !defined(__DEFINED_pthread_mutex_t) ++typedef struct { union { int __i[sizeof(long)==8?10:6]; volatile int __vi[sizeof(long)==8?10:6]; volatile void *volatile __p[sizeof(long)==8?5:6]; } __u; } pthread_mutex_t; ++#define __DEFINED_pthread_mutex_t ++#endif ++ ++#if defined(__NEED_mtx_t) && !defined(__DEFINED_mtx_t) ++typedef struct { union { int __i[sizeof(long)==8?10:6]; volatile int __vi[sizeof(long)==8?10:6]; volatile void *volatile __p[sizeof(long)==8?5:6]; } __u; } mtx_t; ++#define __DEFINED_mtx_t ++#endif ++ ++#if defined(__NEED_pthread_cond_t) && !defined(__DEFINED_pthread_cond_t) ++typedef struct { union { int __i[12]; volatile int __vi[12]; void *__p[12*sizeof(int)/sizeof(void*)]; } __u; } pthread_cond_t; ++#define __DEFINED_pthread_cond_t ++#endif ++ ++#if defined(__NEED_cnd_t) && !defined(__DEFINED_cnd_t) ++typedef struct { union { int __i[12]; volatile int __vi[12]; void *__p[12*sizeof(int)/sizeof(void*)]; } __u; } cnd_t; ++#define __DEFINED_cnd_t ++#endif ++ ++#if defined(__NEED_pthread_rwlock_t) && !defined(__DEFINED_pthread_rwlock_t) ++typedef struct { union { int __i[sizeof(long)==8?14:8]; volatile int __vi[sizeof(long)==8?14:8]; void *__p[sizeof(long)==8?7:8]; } __u; } pthread_rwlock_t; ++#define __DEFINED_pthread_rwlock_t ++#endif ++ ++#if defined(__NEED_pthread_barrier_t) && !defined(__DEFINED_pthread_barrier_t) ++typedef struct { union { int __i[sizeof(long)==8?8:5]; volatile int __vi[sizeof(long)==8?8:5]; void *__p[sizeof(long)==8?4:5]; } __u; } pthread_barrier_t; ++#define __DEFINED_pthread_barrier_t ++#endif ++ ++ + #undef _Addr + #undef _Int64 + #undef _Reg +diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/hwcap.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/hwcap.h +index a748402..424cc4d 100644 +--- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/hwcap.h ++++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/hwcap.h +@@ -38,3 +38,15 @@ + #define HWCAP2_SVEBITPERM (1 << 4) + #define HWCAP2_SVESHA3 (1 << 5) + #define HWCAP2_SVESM4 (1 << 6) ++#define HWCAP2_FLAGM2 (1 << 7) ++#define HWCAP2_FRINT (1 << 8) ++#define HWCAP2_SVEI8MM (1 << 9) ++#define HWCAP2_SVEF32MM (1 << 10) ++#define HWCAP2_SVEF64MM (1 << 11) ++#define HWCAP2_SVEBF16 (1 << 12) ++#define HWCAP2_I8MM (1 << 13) ++#define HWCAP2_BF16 (1 << 14) ++#define HWCAP2_DGH (1 << 15) ++#define HWCAP2_RNG (1 << 16) ++#define HWCAP2_BTI (1 << 17) ++#define HWCAP2_MTE (1 << 18) +diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/mman.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/mman.h +new file mode 100644 +index 0000000..8fad5ce +--- /dev/null ++++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/mman.h +@@ -0,0 +1,2 @@ ++#define PROT_BTI 0x10 ++#define PROT_MTE 0x20 +diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/signal.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/signal.h +index b71261f..5098c73 100644 +--- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/signal.h ++++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/signal.h +@@ -11,7 +11,7 @@ typedef unsigned long greg_t; + typedef unsigned long gregset_t[34]; + + typedef struct { +- long double vregs[32]; ++ __uint128_t vregs[32]; + unsigned int fpsr; + unsigned int fpcr; + } fpregset_t; +@@ -34,7 +34,7 @@ struct fpsimd_context { + struct _aarch64_ctx head; + unsigned int fpsr; + unsigned int fpcr; +- long double vregs[32]; ++ __uint128_t vregs[32]; + }; + struct esr_context { + struct _aarch64_ctx head; +diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h +index d57a091..24b5438 100644 +--- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h ++++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h +@@ -1,551 +1,603 @@ +-#define __NR_io_setup 0 +-#define __NR_io_destroy 1 +-#define __NR_io_submit 2 +-#define __NR_io_cancel 3 +-#define __NR_io_getevents 4 +-#define __NR_setxattr 5 +-#define __NR_lsetxattr 6 +-#define __NR_fsetxattr 7 +-#define __NR_getxattr 8 +-#define __NR_lgetxattr 9 +-#define __NR_fgetxattr 10 +-#define __NR_listxattr 11 +-#define __NR_llistxattr 12 +-#define __NR_flistxattr 13 +-#define __NR_removexattr 14 +-#define __NR_lremovexattr 15 +-#define __NR_fremovexattr 16 +-#define __NR_getcwd 17 +-#define __NR_lookup_dcookie 18 +-#define __NR_eventfd2 19 +-#define __NR_epoll_create1 20 +-#define __NR_epoll_ctl 21 +-#define __NR_epoll_pwait 22 +-#define __NR_dup 23 +-#define __NR_dup3 24 +-#define __NR_fcntl 25 +-#define __NR_inotify_init1 26 +-#define __NR_inotify_add_watch 27 +-#define __NR_inotify_rm_watch 28 +-#define __NR_ioctl 29 +-#define __NR_ioprio_set 30 +-#define __NR_ioprio_get 31 +-#define __NR_flock 32 +-#define __NR_mknodat 33 +-#define __NR_mkdirat 34 +-#define __NR_unlinkat 35 +-#define __NR_symlinkat 36 +-#define __NR_linkat 37 +-#define __NR_renameat 38 +-#define __NR_umount2 39 +-#define __NR_mount 40 +-#define __NR_pivot_root 41 +-#define __NR_nfsservctl 42 +-#define __NR_statfs 43 +-#define __NR_fstatfs 44 +-#define __NR_truncate 45 +-#define __NR_ftruncate 46 +-#define __NR_fallocate 47 +-#define __NR_faccessat 48 +-#define __NR_chdir 49 +-#define __NR_fchdir 50 +-#define __NR_chroot 51 +-#define __NR_fchmod 52 +-#define __NR_fchmodat 53 +-#define __NR_fchownat 54 +-#define __NR_fchown 55 +-#define __NR_openat 56 +-#define __NR_close 57 +-#define __NR_vhangup 58 +-#define __NR_pipe2 59 +-#define __NR_quotactl 60 +-#define __NR_getdents64 61 +-#define __NR_lseek 62 +-#define __NR_read 63 +-#define __NR_write 64 +-#define __NR_readv 65 +-#define __NR_writev 66 +-#define __NR_pread64 67 +-#define __NR_pwrite64 68 +-#define __NR_preadv 69 +-#define __NR_pwritev 70 +-#define __NR_sendfile 71 +-#define __NR_pselect6 72 +-#define __NR_ppoll 73 +-#define __NR_signalfd4 74 +-#define __NR_vmsplice 75 +-#define __NR_splice 76 +-#define __NR_tee 77 +-#define __NR_readlinkat 78 +-#define __NR_newfstatat 79 +-#define __NR_fstat 80 +-#define __NR_sync 81 +-#define __NR_fsync 82 +-#define __NR_fdatasync 83 +-#define __NR_sync_file_range 84 +-#define __NR_timerfd_create 85 +-#define __NR_timerfd_settime 86 +-#define __NR_timerfd_gettime 87 +-#define __NR_utimensat 88 +-#define __NR_acct 89 +-#define __NR_capget 90 +-#define __NR_capset 91 +-#define __NR_personality 92 +-#define __NR_exit 93 +-#define __NR_exit_group 94 +-#define __NR_waitid 95 +-#define __NR_set_tid_address 96 +-#define __NR_unshare 97 +-#define __NR_futex 98 +-#define __NR_set_robust_list 99 +-#define __NR_get_robust_list 100 +-#define __NR_nanosleep 101 +-#define __NR_getitimer 102 +-#define __NR_setitimer 103 +-#define __NR_kexec_load 104 +-#define __NR_init_module 105 +-#define __NR_delete_module 106 +-#define __NR_timer_create 107 +-#define __NR_timer_gettime 108 +-#define __NR_timer_getoverrun 109 +-#define __NR_timer_settime 110 +-#define __NR_timer_delete 111 +-#define __NR_clock_settime 112 +-#define __NR_clock_gettime 113 +-#define __NR_clock_getres 114 +-#define __NR_clock_nanosleep 115 +-#define __NR_syslog 116 +-#define __NR_ptrace 117 +-#define __NR_sched_setparam 118 +-#define __NR_sched_setscheduler 119 +-#define __NR_sched_getscheduler 120 +-#define __NR_sched_getparam 121 +-#define __NR_sched_setaffinity 122 +-#define __NR_sched_getaffinity 123 +-#define __NR_sched_yield 124 ++#define __NR_io_setup 0 ++#define __NR_io_destroy 1 ++#define __NR_io_submit 2 ++#define __NR_io_cancel 3 ++#define __NR_io_getevents 4 ++#define __NR_setxattr 5 ++#define __NR_lsetxattr 6 ++#define __NR_fsetxattr 7 ++#define __NR_getxattr 8 ++#define __NR_lgetxattr 9 ++#define __NR_fgetxattr 10 ++#define __NR_listxattr 11 ++#define __NR_llistxattr 12 ++#define __NR_flistxattr 13 ++#define __NR_removexattr 14 ++#define __NR_lremovexattr 15 ++#define __NR_fremovexattr 16 ++#define __NR_getcwd 17 ++#define __NR_lookup_dcookie 18 ++#define __NR_eventfd2 19 ++#define __NR_epoll_create1 20 ++#define __NR_epoll_ctl 21 ++#define __NR_epoll_pwait 22 ++#define __NR_dup 23 ++#define __NR_dup3 24 ++#define __NR_fcntl 25 ++#define __NR_inotify_init1 26 ++#define __NR_inotify_add_watch 27 ++#define __NR_inotify_rm_watch 28 ++#define __NR_ioctl 29 ++#define __NR_ioprio_set 30 ++#define __NR_ioprio_get 31 ++#define __NR_flock 32 ++#define __NR_mknodat 33 ++#define __NR_mkdirat 34 ++#define __NR_unlinkat 35 ++#define __NR_symlinkat 36 ++#define __NR_linkat 37 ++#define __NR_renameat 38 ++#define __NR_umount2 39 ++#define __NR_mount 40 ++#define __NR_pivot_root 41 ++#define __NR_nfsservctl 42 ++#define __NR_statfs 43 ++#define __NR_fstatfs 44 ++#define __NR_truncate 45 ++#define __NR_ftruncate 46 ++#define __NR_fallocate 47 ++#define __NR_faccessat 48 ++#define __NR_chdir 49 ++#define __NR_fchdir 50 ++#define __NR_chroot 51 ++#define __NR_fchmod 52 ++#define __NR_fchmodat 53 ++#define __NR_fchownat 54 ++#define __NR_fchown 55 ++#define __NR_openat 56 ++#define __NR_close 57 ++#define __NR_vhangup 58 ++#define __NR_pipe2 59 ++#define __NR_quotactl 60 ++#define __NR_getdents64 61 ++#define __NR_lseek 62 ++#define __NR_read 63 ++#define __NR_write 64 ++#define __NR_readv 65 ++#define __NR_writev 66 ++#define __NR_pread64 67 ++#define __NR_pwrite64 68 ++#define __NR_preadv 69 ++#define __NR_pwritev 70 ++#define __NR_sendfile 71 ++#define __NR_pselect6 72 ++#define __NR_ppoll 73 ++#define __NR_signalfd4 74 ++#define __NR_vmsplice 75 ++#define __NR_splice 76 ++#define __NR_tee 77 ++#define __NR_readlinkat 78 ++#define __NR_newfstatat 79 ++#define __NR_fstat 80 ++#define __NR_sync 81 ++#define __NR_fsync 82 ++#define __NR_fdatasync 83 ++#define __NR_sync_file_range 84 ++#define __NR_timerfd_create 85 ++#define __NR_timerfd_settime 86 ++#define __NR_timerfd_gettime 87 ++#define __NR_utimensat 88 ++#define __NR_acct 89 ++#define __NR_capget 90 ++#define __NR_capset 91 ++#define __NR_personality 92 ++#define __NR_exit 93 ++#define __NR_exit_group 94 ++#define __NR_waitid 95 ++#define __NR_set_tid_address 96 ++#define __NR_unshare 97 ++#define __NR_futex 98 ++#define __NR_set_robust_list 99 ++#define __NR_get_robust_list 100 ++#define __NR_nanosleep 101 ++#define __NR_getitimer 102 ++#define __NR_setitimer 103 ++#define __NR_kexec_load 104 ++#define __NR_init_module 105 ++#define __NR_delete_module 106 ++#define __NR_timer_create 107 ++#define __NR_timer_gettime 108 ++#define __NR_timer_getoverrun 109 ++#define __NR_timer_settime 110 ++#define __NR_timer_delete 111 ++#define __NR_clock_settime 112 ++#define __NR_clock_gettime 113 ++#define __NR_clock_getres 114 ++#define __NR_clock_nanosleep 115 ++#define __NR_syslog 116 ++#define __NR_ptrace 117 ++#define __NR_sched_setparam 118 ++#define __NR_sched_setscheduler 119 ++#define __NR_sched_getscheduler 120 ++#define __NR_sched_getparam 121 ++#define __NR_sched_setaffinity 122 ++#define __NR_sched_getaffinity 123 ++#define __NR_sched_yield 124 + #define __NR_sched_get_priority_max 125 + #define __NR_sched_get_priority_min 126 +-#define __NR_sched_rr_get_interval 127 +-#define __NR_restart_syscall 128 +-#define __NR_kill 129 +-#define __NR_tkill 130 +-#define __NR_tgkill 131 +-#define __NR_sigaltstack 132 +-#define __NR_rt_sigsuspend 133 +-#define __NR_rt_sigaction 134 +-#define __NR_rt_sigprocmask 135 +-#define __NR_rt_sigpending 136 +-#define __NR_rt_sigtimedwait 137 +-#define __NR_rt_sigqueueinfo 138 +-#define __NR_rt_sigreturn 139 +-#define __NR_setpriority 140 +-#define __NR_getpriority 141 +-#define __NR_reboot 142 +-#define __NR_setregid 143 +-#define __NR_setgid 144 +-#define __NR_setreuid 145 +-#define __NR_setuid 146 +-#define __NR_setresuid 147 +-#define __NR_getresuid 148 +-#define __NR_setresgid 149 +-#define __NR_getresgid 150 +-#define __NR_setfsuid 151 +-#define __NR_setfsgid 152 +-#define __NR_times 153 +-#define __NR_setpgid 154 +-#define __NR_getpgid 155 +-#define __NR_getsid 156 +-#define __NR_setsid 157 +-#define __NR_getgroups 158 +-#define __NR_setgroups 159 +-#define __NR_uname 160 +-#define __NR_sethostname 161 +-#define __NR_setdomainname 162 +-#define __NR_getrlimit 163 +-#define __NR_setrlimit 164 +-#define __NR_getrusage 165 +-#define __NR_umask 166 +-#define __NR_prctl 167 +-#define __NR_getcpu 168 +-#define __NR_gettimeofday 169 +-#define __NR_settimeofday 170 +-#define __NR_adjtimex 171 +-#define __NR_getpid 172 +-#define __NR_getppid 173 +-#define __NR_getuid 174 +-#define __NR_geteuid 175 +-#define __NR_getgid 176 +-#define __NR_getegid 177 +-#define __NR_gettid 178 +-#define __NR_sysinfo 179 +-#define __NR_mq_open 180 +-#define __NR_mq_unlink 181 +-#define __NR_mq_timedsend 182 +-#define __NR_mq_timedreceive 183 +-#define __NR_mq_notify 184 +-#define __NR_mq_getsetattr 185 +-#define __NR_msgget 186 +-#define __NR_msgctl 187 +-#define __NR_msgrcv 188 +-#define __NR_msgsnd 189 +-#define __NR_semget 190 +-#define __NR_semctl 191 +-#define __NR_semtimedop 192 +-#define __NR_semop 193 +-#define __NR_shmget 194 +-#define __NR_shmctl 195 +-#define __NR_shmat 196 +-#define __NR_shmdt 197 +-#define __NR_socket 198 +-#define __NR_socketpair 199 +-#define __NR_bind 200 +-#define __NR_listen 201 +-#define __NR_accept 202 +-#define __NR_connect 203 +-#define __NR_getsockname 204 +-#define __NR_getpeername 205 +-#define __NR_sendto 206 +-#define __NR_recvfrom 207 +-#define __NR_setsockopt 208 +-#define __NR_getsockopt 209 +-#define __NR_shutdown 210 +-#define __NR_sendmsg 211 +-#define __NR_recvmsg 212 +-#define __NR_readahead 213 +-#define __NR_brk 214 +-#define __NR_munmap 215 +-#define __NR_mremap 216 +-#define __NR_add_key 217 +-#define __NR_request_key 218 +-#define __NR_keyctl 219 +-#define __NR_clone 220 +-#define __NR_execve 221 +-#define __NR_mmap 222 +-#define __NR_fadvise64 223 +-#define __NR_swapon 224 +-#define __NR_swapoff 225 +-#define __NR_mprotect 226 +-#define __NR_msync 227 +-#define __NR_mlock 228 +-#define __NR_munlock 229 +-#define __NR_mlockall 230 +-#define __NR_munlockall 231 +-#define __NR_mincore 232 +-#define __NR_madvise 233 +-#define __NR_remap_file_pages 234 +-#define __NR_mbind 235 +-#define __NR_get_mempolicy 236 +-#define __NR_set_mempolicy 237 +-#define __NR_migrate_pages 238 +-#define __NR_move_pages 239 +-#define __NR_rt_tgsigqueueinfo 240 +-#define __NR_perf_event_open 241 +-#define __NR_accept4 242 +-#define __NR_recvmmsg 243 +-#define __NR_wait4 260 +-#define __NR_prlimit64 261 +-#define __NR_fanotify_init 262 +-#define __NR_fanotify_mark 263 +-#define __NR_name_to_handle_at 264 +-#define __NR_open_by_handle_at 265 +-#define __NR_clock_adjtime 266 +-#define __NR_syncfs 267 +-#define __NR_setns 268 +-#define __NR_sendmmsg 269 +-#define __NR_process_vm_readv 270 +-#define __NR_process_vm_writev 271 +-#define __NR_kcmp 272 +-#define __NR_finit_module 273 +-#define __NR_sched_setattr 274 +-#define __NR_sched_getattr 275 +-#define __NR_renameat2 276 +-#define __NR_seccomp 277 +-#define __NR_getrandom 278 +-#define __NR_memfd_create 279 +-#define __NR_bpf 280 +-#define __NR_execveat 281 +-#define __NR_userfaultfd 282 +-#define __NR_membarrier 283 +-#define __NR_mlock2 284 +-#define __NR_copy_file_range 285 +-#define __NR_preadv2 286 +-#define __NR_pwritev2 287 +-#define __NR_pkey_mprotect 288 +-#define __NR_pkey_alloc 289 +-#define __NR_pkey_free 290 ++#define __NR_sched_rr_get_interval 127 ++#define __NR_restart_syscall 128 ++#define __NR_kill 129 ++#define __NR_tkill 130 ++#define __NR_tgkill 131 ++#define __NR_sigaltstack 132 ++#define __NR_rt_sigsuspend 133 ++#define __NR_rt_sigaction 134 ++#define __NR_rt_sigprocmask 135 ++#define __NR_rt_sigpending 136 ++#define __NR_rt_sigtimedwait 137 ++#define __NR_rt_sigqueueinfo 138 ++#define __NR_rt_sigreturn 139 ++#define __NR_setpriority 140 ++#define __NR_getpriority 141 ++#define __NR_reboot 142 ++#define __NR_setregid 143 ++#define __NR_setgid 144 ++#define __NR_setreuid 145 ++#define __NR_setuid 146 ++#define __NR_setresuid 147 ++#define __NR_getresuid 148 ++#define __NR_setresgid 149 ++#define __NR_getresgid 150 ++#define __NR_setfsuid 151 ++#define __NR_setfsgid 152 ++#define __NR_times 153 ++#define __NR_setpgid 154 ++#define __NR_getpgid 155 ++#define __NR_getsid 156 ++#define __NR_setsid 157 ++#define __NR_getgroups 158 ++#define __NR_setgroups 159 ++#define __NR_uname 160 ++#define __NR_sethostname 161 ++#define __NR_setdomainname 162 ++#define __NR_getrlimit 163 ++#define __NR_setrlimit 164 ++#define __NR_getrusage 165 ++#define __NR_umask 166 ++#define __NR_prctl 167 ++#define __NR_getcpu 168 ++#define __NR_gettimeofday 169 ++#define __NR_settimeofday 170 ++#define __NR_adjtimex 171 ++#define __NR_getpid 172 ++#define __NR_getppid 173 ++#define __NR_getuid 174 ++#define __NR_geteuid 175 ++#define __NR_getgid 176 ++#define __NR_getegid 177 ++#define __NR_gettid 178 ++#define __NR_sysinfo 179 ++#define __NR_mq_open 180 ++#define __NR_mq_unlink 181 ++#define __NR_mq_timedsend 182 ++#define __NR_mq_timedreceive 183 ++#define __NR_mq_notify 184 ++#define __NR_mq_getsetattr 185 ++#define __NR_msgget 186 ++#define __NR_msgctl 187 ++#define __NR_msgrcv 188 ++#define __NR_msgsnd 189 ++#define __NR_semget 190 ++#define __NR_semctl 191 ++#define __NR_semtimedop 192 ++#define __NR_semop 193 ++#define __NR_shmget 194 ++#define __NR_shmctl 195 ++#define __NR_shmat 196 ++#define __NR_shmdt 197 ++#define __NR_socket 198 ++#define __NR_socketpair 199 ++#define __NR_bind 200 ++#define __NR_listen 201 ++#define __NR_accept 202 ++#define __NR_connect 203 ++#define __NR_getsockname 204 ++#define __NR_getpeername 205 ++#define __NR_sendto 206 ++#define __NR_recvfrom 207 ++#define __NR_setsockopt 208 ++#define __NR_getsockopt 209 ++#define __NR_shutdown 210 ++#define __NR_sendmsg 211 ++#define __NR_recvmsg 212 ++#define __NR_readahead 213 ++#define __NR_brk 214 ++#define __NR_munmap 215 ++#define __NR_mremap 216 ++#define __NR_add_key 217 ++#define __NR_request_key 218 ++#define __NR_keyctl 219 ++#define __NR_clone 220 ++#define __NR_execve 221 ++#define __NR_mmap 222 ++#define __NR_fadvise64 223 ++#define __NR_swapon 224 ++#define __NR_swapoff 225 ++#define __NR_mprotect 226 ++#define __NR_msync 227 ++#define __NR_mlock 228 ++#define __NR_munlock 229 ++#define __NR_mlockall 230 ++#define __NR_munlockall 231 ++#define __NR_mincore 232 ++#define __NR_madvise 233 ++#define __NR_remap_file_pages 234 ++#define __NR_mbind 235 ++#define __NR_get_mempolicy 236 ++#define __NR_set_mempolicy 237 ++#define __NR_migrate_pages 238 ++#define __NR_move_pages 239 ++#define __NR_rt_tgsigqueueinfo 240 ++#define __NR_perf_event_open 241 ++#define __NR_accept4 242 ++#define __NR_recvmmsg 243 ++#define __NR_wait4 260 ++#define __NR_prlimit64 261 ++#define __NR_fanotify_init 262 ++#define __NR_fanotify_mark 263 ++#define __NR_name_to_handle_at 264 ++#define __NR_open_by_handle_at 265 ++#define __NR_clock_adjtime 266 ++#define __NR_syncfs 267 ++#define __NR_setns 268 ++#define __NR_sendmmsg 269 ++#define __NR_process_vm_readv 270 ++#define __NR_process_vm_writev 271 ++#define __NR_kcmp 272 ++#define __NR_finit_module 273 ++#define __NR_sched_setattr 274 ++#define __NR_sched_getattr 275 ++#define __NR_renameat2 276 ++#define __NR_seccomp 277 ++#define __NR_getrandom 278 ++#define __NR_memfd_create 279 ++#define __NR_bpf 280 ++#define __NR_execveat 281 ++#define __NR_userfaultfd 282 ++#define __NR_membarrier 283 ++#define __NR_mlock2 284 ++#define __NR_copy_file_range 285 ++#define __NR_preadv2 286 ++#define __NR_pwritev2 287 ++#define __NR_pkey_mprotect 288 ++#define __NR_pkey_alloc 289 ++#define __NR_pkey_free 290 ++#define __NR_statx 291 ++#define __NR_io_pgetevents 292 ++#define __NR_rseq 293 ++#define __NR_kexec_file_load 294 ++#define __NR_pidfd_send_signal 424 ++#define __NR_io_uring_setup 425 ++#define __NR_io_uring_enter 426 ++#define __NR_io_uring_register 427 ++#define __NR_open_tree 428 ++#define __NR_move_mount 429 ++#define __NR_fsopen 430 ++#define __NR_fsconfig 431 ++#define __NR_fsmount 432 ++#define __NR_fspick 433 ++#define __NR_pidfd_open 434 ++#define __NR_clone3 435 ++#define __NR_close_range 436 ++#define __NR_openat2 437 ++#define __NR_pidfd_getfd 438 ++#define __NR_faccessat2 439 ++#define __NR_process_madvise 440 ++#define __NR_epoll_pwait2 441 ++#define __NR_mount_setattr 442 ++#define __NR_landlock_create_ruleset 444 ++#define __NR_landlock_add_rule 445 ++#define __NR_landlock_restrict_self 446 + +-#define SYS_io_setup 0 +-#define SYS_io_destroy 1 +-#define SYS_io_submit 2 +-#define SYS_io_cancel 3 +-#define SYS_io_getevents 4 +-#define SYS_setxattr 5 +-#define SYS_lsetxattr 6 +-#define SYS_fsetxattr 7 +-#define SYS_getxattr 8 +-#define SYS_lgetxattr 9 +-#define SYS_fgetxattr 10 +-#define SYS_listxattr 11 +-#define SYS_llistxattr 12 +-#define SYS_flistxattr 13 +-#define SYS_removexattr 14 +-#define SYS_lremovexattr 15 +-#define SYS_fremovexattr 16 +-#define SYS_getcwd 17 +-#define SYS_lookup_dcookie 18 +-#define SYS_eventfd2 19 +-#define SYS_epoll_create1 20 +-#define SYS_epoll_ctl 21 +-#define SYS_epoll_pwait 22 +-#define SYS_dup 23 +-#define SYS_dup3 24 +-#define SYS_fcntl 25 +-#define SYS_inotify_init1 26 +-#define SYS_inotify_add_watch 27 +-#define SYS_inotify_rm_watch 28 +-#define SYS_ioctl 29 +-#define SYS_ioprio_set 30 +-#define SYS_ioprio_get 31 +-#define SYS_flock 32 +-#define SYS_mknodat 33 +-#define SYS_mkdirat 34 +-#define SYS_unlinkat 35 +-#define SYS_symlinkat 36 +-#define SYS_linkat 37 +-#define SYS_renameat 38 +-#define SYS_umount2 39 +-#define SYS_mount 40 +-#define SYS_pivot_root 41 +-#define SYS_nfsservctl 42 +-#define SYS_statfs 43 +-#define SYS_fstatfs 44 +-#define SYS_truncate 45 +-#define SYS_ftruncate 46 +-#define SYS_fallocate 47 +-#define SYS_faccessat 48 +-#define SYS_chdir 49 +-#define SYS_fchdir 50 +-#define SYS_chroot 51 +-#define SYS_fchmod 52 +-#define SYS_fchmodat 53 +-#define SYS_fchownat 54 +-#define SYS_fchown 55 +-#define SYS_openat 56 +-#define SYS_close 57 +-#define SYS_vhangup 58 +-#define SYS_pipe2 59 +-#define SYS_quotactl 60 +-#define SYS_getdents64 61 +-#define SYS_lseek 62 +-#define SYS_read 63 +-#define SYS_write 64 +-#define SYS_readv 65 +-#define SYS_writev 66 +-#define SYS_pread64 67 +-#define SYS_pwrite64 68 +-#define SYS_preadv 69 +-#define SYS_pwritev 70 +-#define SYS_sendfile 71 +-#define SYS_pselect6 72 +-#define SYS_ppoll 73 +-#define SYS_signalfd4 74 +-#define SYS_vmsplice 75 +-#define SYS_splice 76 +-#define SYS_tee 77 +-#define SYS_readlinkat 78 +-#define SYS_newfstatat 79 +-#define SYS_fstat 80 +-#define SYS_sync 81 +-#define SYS_fsync 82 +-#define SYS_fdatasync 83 +-#define SYS_sync_file_range 84 +-#define SYS_timerfd_create 85 +-#define SYS_timerfd_settime 86 +-#define SYS_timerfd_gettime 87 +-#define SYS_utimensat 88 +-#define SYS_acct 89 +-#define SYS_capget 90 +-#define SYS_capset 91 +-#define SYS_personality 92 +-#define SYS_exit 93 +-#define SYS_exit_group 94 +-#define SYS_waitid 95 +-#define SYS_set_tid_address 96 +-#define SYS_unshare 97 +-#define SYS_futex 98 +-#define SYS_set_robust_list 99 +-#define SYS_get_robust_list 100 +-#define SYS_nanosleep 101 +-#define SYS_getitimer 102 +-#define SYS_setitimer 103 +-#define SYS_kexec_load 104 +-#define SYS_init_module 105 +-#define SYS_delete_module 106 +-#define SYS_timer_create 107 +-#define SYS_timer_gettime 108 +-#define SYS_timer_getoverrun 109 +-#define SYS_timer_settime 110 +-#define SYS_timer_delete 111 +-#define SYS_clock_settime 112 +-#define SYS_clock_gettime 113 +-#define SYS_clock_getres 114 +-#define SYS_clock_nanosleep 115 +-#define SYS_syslog 116 +-#define SYS_ptrace 117 +-#define SYS_sched_setparam 118 +-#define SYS_sched_setscheduler 119 +-#define SYS_sched_getscheduler 120 +-#define SYS_sched_getparam 121 +-#define SYS_sched_setaffinity 122 +-#define SYS_sched_getaffinity 123 +-#define SYS_sched_yield 124 ++#define SYS_io_setup 0 ++#define SYS_io_destroy 1 ++#define SYS_io_submit 2 ++#define SYS_io_cancel 3 ++#define SYS_io_getevents 4 ++#define SYS_setxattr 5 ++#define SYS_lsetxattr 6 ++#define SYS_fsetxattr 7 ++#define SYS_getxattr 8 ++#define SYS_lgetxattr 9 ++#define SYS_fgetxattr 10 ++#define SYS_listxattr 11 ++#define SYS_llistxattr 12 ++#define SYS_flistxattr 13 ++#define SYS_removexattr 14 ++#define SYS_lremovexattr 15 ++#define SYS_fremovexattr 16 ++#define SYS_getcwd 17 ++#define SYS_lookup_dcookie 18 ++#define SYS_eventfd2 19 ++#define SYS_epoll_create1 20 ++#define SYS_epoll_ctl 21 ++#define SYS_epoll_pwait 22 ++#define SYS_dup 23 ++#define SYS_dup3 24 ++#define SYS_fcntl 25 ++#define SYS_inotify_init1 26 ++#define SYS_inotify_add_watch 27 ++#define SYS_inotify_rm_watch 28 ++#define SYS_ioctl 29 ++#define SYS_ioprio_set 30 ++#define SYS_ioprio_get 31 ++#define SYS_flock 32 ++#define SYS_mknodat 33 ++#define SYS_mkdirat 34 ++#define SYS_unlinkat 35 ++#define SYS_symlinkat 36 ++#define SYS_linkat 37 ++#define SYS_renameat 38 ++#define SYS_umount2 39 ++#define SYS_mount 40 ++#define SYS_pivot_root 41 ++#define SYS_nfsservctl 42 ++#define SYS_statfs 43 ++#define SYS_fstatfs 44 ++#define SYS_truncate 45 ++#define SYS_ftruncate 46 ++#define SYS_fallocate 47 ++#define SYS_faccessat 48 ++#define SYS_chdir 49 ++#define SYS_fchdir 50 ++#define SYS_chroot 51 ++#define SYS_fchmod 52 ++#define SYS_fchmodat 53 ++#define SYS_fchownat 54 ++#define SYS_fchown 55 ++#define SYS_openat 56 ++#define SYS_close 57 ++#define SYS_vhangup 58 ++#define SYS_pipe2 59 ++#define SYS_quotactl 60 ++#define SYS_getdents64 61 ++#define SYS_lseek 62 ++#define SYS_read 63 ++#define SYS_write 64 ++#define SYS_readv 65 ++#define SYS_writev 66 ++#define SYS_pread64 67 ++#define SYS_pwrite64 68 ++#define SYS_preadv 69 ++#define SYS_pwritev 70 ++#define SYS_sendfile 71 ++#define SYS_pselect6 72 ++#define SYS_ppoll 73 ++#define SYS_signalfd4 74 ++#define SYS_vmsplice 75 ++#define SYS_splice 76 ++#define SYS_tee 77 ++#define SYS_readlinkat 78 ++#define SYS_newfstatat 79 ++#define SYS_fstat 80 ++#define SYS_sync 81 ++#define SYS_fsync 82 ++#define SYS_fdatasync 83 ++#define SYS_sync_file_range 84 ++#define SYS_timerfd_create 85 ++#define SYS_timerfd_settime 86 ++#define SYS_timerfd_gettime 87 ++#define SYS_utimensat 88 ++#define SYS_acct 89 ++#define SYS_capget 90 ++#define SYS_capset 91 ++#define SYS_personality 92 ++#define SYS_exit 93 ++#define SYS_exit_group 94 ++#define SYS_waitid 95 ++#define SYS_set_tid_address 96 ++#define SYS_unshare 97 ++#define SYS_futex 98 ++#define SYS_set_robust_list 99 ++#define SYS_get_robust_list 100 ++#define SYS_nanosleep 101 ++#define SYS_getitimer 102 ++#define SYS_setitimer 103 ++#define SYS_kexec_load 104 ++#define SYS_init_module 105 ++#define SYS_delete_module 106 ++#define SYS_timer_create 107 ++#define SYS_timer_gettime 108 ++#define SYS_timer_getoverrun 109 ++#define SYS_timer_settime 110 ++#define SYS_timer_delete 111 ++#define SYS_clock_settime 112 ++#define SYS_clock_gettime 113 ++#define SYS_clock_getres 114 ++#define SYS_clock_nanosleep 115 ++#define SYS_syslog 116 ++#define SYS_ptrace 117 ++#define SYS_sched_setparam 118 ++#define SYS_sched_setscheduler 119 ++#define SYS_sched_getscheduler 120 ++#define SYS_sched_getparam 121 ++#define SYS_sched_setaffinity 122 ++#define SYS_sched_getaffinity 123 ++#define SYS_sched_yield 124 + #define SYS_sched_get_priority_max 125 + #define SYS_sched_get_priority_min 126 +-#define SYS_sched_rr_get_interval 127 +-#define SYS_restart_syscall 128 +-#define SYS_kill 129 +-#define SYS_tkill 130 +-#define SYS_tgkill 131 +-#define SYS_sigaltstack 132 +-#define SYS_rt_sigsuspend 133 +-#define SYS_rt_sigaction 134 +-#define SYS_rt_sigprocmask 135 +-#define SYS_rt_sigpending 136 +-#define SYS_rt_sigtimedwait 137 +-#define SYS_rt_sigqueueinfo 138 +-#define SYS_rt_sigreturn 139 +-#define SYS_setpriority 140 +-#define SYS_getpriority 141 +-#define SYS_reboot 142 +-#define SYS_setregid 143 +-#define SYS_setgid 144 +-#define SYS_setreuid 145 +-#define SYS_setuid 146 +-#define SYS_setresuid 147 +-#define SYS_getresuid 148 +-#define SYS_setresgid 149 +-#define SYS_getresgid 150 +-#define SYS_setfsuid 151 +-#define SYS_setfsgid 152 +-#define SYS_times 153 +-#define SYS_setpgid 154 +-#define SYS_getpgid 155 +-#define SYS_getsid 156 +-#define SYS_setsid 157 +-#define SYS_getgroups 158 +-#define SYS_setgroups 159 +-#define SYS_uname 160 +-#define SYS_sethostname 161 +-#define SYS_setdomainname 162 +-#define SYS_getrlimit 163 +-#define SYS_setrlimit 164 +-#define SYS_getrusage 165 +-#define SYS_umask 166 +-#define SYS_prctl 167 +-#define SYS_getcpu 168 +-#define SYS_gettimeofday 169 +-#define SYS_settimeofday 170 +-#define SYS_adjtimex 171 +-#define SYS_getpid 172 +-#define SYS_getppid 173 +-#define SYS_getuid 174 +-#define SYS_geteuid 175 +-#define SYS_getgid 176 +-#define SYS_getegid 177 +-#define SYS_gettid 178 +-#define SYS_sysinfo 179 +-#define SYS_mq_open 180 +-#define SYS_mq_unlink 181 +-#define SYS_mq_timedsend 182 +-#define SYS_mq_timedreceive 183 +-#define SYS_mq_notify 184 +-#define SYS_mq_getsetattr 185 +-#define SYS_msgget 186 +-#define SYS_msgctl 187 +-#define SYS_msgrcv 188 +-#define SYS_msgsnd 189 +-#define SYS_semget 190 +-#define SYS_semctl 191 +-#define SYS_semtimedop 192 +-#define SYS_semop 193 +-#define SYS_shmget 194 +-#define SYS_shmctl 195 +-#define SYS_shmat 196 +-#define SYS_shmdt 197 +-#define SYS_socket 198 +-#define SYS_socketpair 199 +-#define SYS_bind 200 +-#define SYS_listen 201 +-#define SYS_accept 202 +-#define SYS_connect 203 +-#define SYS_getsockname 204 +-#define SYS_getpeername 205 +-#define SYS_sendto 206 +-#define SYS_recvfrom 207 +-#define SYS_setsockopt 208 +-#define SYS_getsockopt 209 +-#define SYS_shutdown 210 +-#define SYS_sendmsg 211 +-#define SYS_recvmsg 212 +-#define SYS_readahead 213 +-#define SYS_brk 214 +-#define SYS_munmap 215 +-#define SYS_mremap 216 +-#define SYS_add_key 217 +-#define SYS_request_key 218 +-#define SYS_keyctl 219 +-#define SYS_clone 220 +-#define SYS_execve 221 +-#define SYS_mmap 222 +-#define SYS_fadvise64 223 +-#define SYS_swapon 224 +-#define SYS_swapoff 225 +-#define SYS_mprotect 226 +-#define SYS_msync 227 +-#define SYS_mlock 228 +-#define SYS_munlock 229 +-#define SYS_mlockall 230 +-#define SYS_munlockall 231 +-#define SYS_mincore 232 +-#define SYS_madvise 233 +-#define SYS_remap_file_pages 234 +-#define SYS_mbind 235 +-#define SYS_get_mempolicy 236 +-#define SYS_set_mempolicy 237 +-#define SYS_migrate_pages 238 +-#define SYS_move_pages 239 +-#define SYS_rt_tgsigqueueinfo 240 +-#define SYS_perf_event_open 241 +-#define SYS_accept4 242 +-#define SYS_recvmmsg 243 +-#define SYS_wait4 260 +-#define SYS_prlimit64 261 +-#define SYS_fanotify_init 262 +-#define SYS_fanotify_mark 263 +-#define SYS_name_to_handle_at 264 +-#define SYS_open_by_handle_at 265 +-#define SYS_clock_adjtime 266 +-#define SYS_syncfs 267 +-#define SYS_setns 268 +-#define SYS_sendmmsg 269 +-#define SYS_process_vm_readv 270 +-#define SYS_process_vm_writev 271 +-#define SYS_kcmp 272 +-#define SYS_finit_module 273 +-#define SYS_sched_setattr 274 +-#define SYS_sched_getattr 275 +-#define SYS_renameat2 276 +-#define SYS_seccomp 277 +-#define SYS_getrandom 278 +-#define SYS_memfd_create 279 +-#define SYS_bpf 280 +-#define SYS_execveat 281 +-#define SYS_userfaultfd 282 +-#define SYS_membarrier 283 +-#define SYS_mlock2 284 +-#define SYS_copy_file_range 285 +-#define SYS_preadv2 286 +-#define SYS_pwritev2 287 +-#define SYS_pkey_mprotect 288 +-#define SYS_pkey_alloc 289 +-#define SYS_pkey_free 290 ++#define SYS_sched_rr_get_interval 127 ++#define SYS_restart_syscall 128 ++#define SYS_kill 129 ++#define SYS_tkill 130 ++#define SYS_tgkill 131 ++#define SYS_sigaltstack 132 ++#define SYS_rt_sigsuspend 133 ++#define SYS_rt_sigaction 134 ++#define SYS_rt_sigprocmask 135 ++#define SYS_rt_sigpending 136 ++#define SYS_rt_sigtimedwait 137 ++#define SYS_rt_sigqueueinfo 138 ++#define SYS_rt_sigreturn 139 ++#define SYS_setpriority 140 ++#define SYS_getpriority 141 ++#define SYS_reboot 142 ++#define SYS_setregid 143 ++#define SYS_setgid 144 ++#define SYS_setreuid 145 ++#define SYS_setuid 146 ++#define SYS_setresuid 147 ++#define SYS_getresuid 148 ++#define SYS_setresgid 149 ++#define SYS_getresgid 150 ++#define SYS_setfsuid 151 ++#define SYS_setfsgid 152 ++#define SYS_times 153 ++#define SYS_setpgid 154 ++#define SYS_getpgid 155 ++#define SYS_getsid 156 ++#define SYS_setsid 157 ++#define SYS_getgroups 158 ++#define SYS_setgroups 159 ++#define SYS_uname 160 ++#define SYS_sethostname 161 ++#define SYS_setdomainname 162 ++#define SYS_getrlimit 163 ++#define SYS_setrlimit 164 ++#define SYS_getrusage 165 ++#define SYS_umask 166 ++#define SYS_prctl 167 ++#define SYS_getcpu 168 ++#define SYS_gettimeofday 169 ++#define SYS_settimeofday 170 ++#define SYS_adjtimex 171 ++#define SYS_getpid 172 ++#define SYS_getppid 173 ++#define SYS_getuid 174 ++#define SYS_geteuid 175 ++#define SYS_getgid 176 ++#define SYS_getegid 177 ++#define SYS_gettid 178 ++#define SYS_sysinfo 179 ++#define SYS_mq_open 180 ++#define SYS_mq_unlink 181 ++#define SYS_mq_timedsend 182 ++#define SYS_mq_timedreceive 183 ++#define SYS_mq_notify 184 ++#define SYS_mq_getsetattr 185 ++#define SYS_msgget 186 ++#define SYS_msgctl 187 ++#define SYS_msgrcv 188 ++#define SYS_msgsnd 189 ++#define SYS_semget 190 ++#define SYS_semctl 191 ++#define SYS_semtimedop 192 ++#define SYS_semop 193 ++#define SYS_shmget 194 ++#define SYS_shmctl 195 ++#define SYS_shmat 196 ++#define SYS_shmdt 197 ++#define SYS_socket 198 ++#define SYS_socketpair 199 ++#define SYS_bind 200 ++#define SYS_listen 201 ++#define SYS_accept 202 ++#define SYS_connect 203 ++#define SYS_getsockname 204 ++#define SYS_getpeername 205 ++#define SYS_sendto 206 ++#define SYS_recvfrom 207 ++#define SYS_setsockopt 208 ++#define SYS_getsockopt 209 ++#define SYS_shutdown 210 ++#define SYS_sendmsg 211 ++#define SYS_recvmsg 212 ++#define SYS_readahead 213 ++#define SYS_brk 214 ++#define SYS_munmap 215 ++#define SYS_mremap 216 ++#define SYS_add_key 217 ++#define SYS_request_key 218 ++#define SYS_keyctl 219 ++#define SYS_clone 220 ++#define SYS_execve 221 ++#define SYS_mmap 222 ++#define SYS_fadvise64 223 ++#define SYS_swapon 224 ++#define SYS_swapoff 225 ++#define SYS_mprotect 226 ++#define SYS_msync 227 ++#define SYS_mlock 228 ++#define SYS_munlock 229 ++#define SYS_mlockall 230 ++#define SYS_munlockall 231 ++#define SYS_mincore 232 ++#define SYS_madvise 233 ++#define SYS_remap_file_pages 234 ++#define SYS_mbind 235 ++#define SYS_get_mempolicy 236 ++#define SYS_set_mempolicy 237 ++#define SYS_migrate_pages 238 ++#define SYS_move_pages 239 ++#define SYS_rt_tgsigqueueinfo 240 ++#define SYS_perf_event_open 241 ++#define SYS_accept4 242 ++#define SYS_recvmmsg 243 ++#define SYS_wait4 260 ++#define SYS_prlimit64 261 ++#define SYS_fanotify_init 262 ++#define SYS_fanotify_mark 263 ++#define SYS_name_to_handle_at 264 ++#define SYS_open_by_handle_at 265 ++#define SYS_clock_adjtime 266 ++#define SYS_syncfs 267 ++#define SYS_setns 268 ++#define SYS_sendmmsg 269 ++#define SYS_process_vm_readv 270 ++#define SYS_process_vm_writev 271 ++#define SYS_kcmp 272 ++#define SYS_finit_module 273 ++#define SYS_sched_setattr 274 ++#define SYS_sched_getattr 275 ++#define SYS_renameat2 276 ++#define SYS_seccomp 277 ++#define SYS_getrandom 278 ++#define SYS_memfd_create 279 ++#define SYS_bpf 280 ++#define SYS_execveat 281 ++#define SYS_userfaultfd 282 ++#define SYS_membarrier 283 ++#define SYS_mlock2 284 ++#define SYS_copy_file_range 285 ++#define SYS_preadv2 286 ++#define SYS_pwritev2 287 ++#define SYS_pkey_mprotect 288 ++#define SYS_pkey_alloc 289 ++#define SYS_pkey_free 290 ++#define SYS_statx 291 ++#define SYS_io_pgetevents 292 ++#define SYS_rseq 293 ++#define SYS_kexec_file_load 294 ++#define SYS_pidfd_send_signal 424 ++#define SYS_io_uring_setup 425 ++#define SYS_io_uring_enter 426 ++#define SYS_io_uring_register 427 ++#define SYS_open_tree 428 ++#define SYS_move_mount 429 ++#define SYS_fsopen 430 ++#define SYS_fsconfig 431 ++#define SYS_fsmount 432 ++#define SYS_fspick 433 ++#define SYS_pidfd_open 434 ++#define SYS_clone3 435 ++#define SYS_close_range 436 ++#define SYS_openat2 437 ++#define SYS_pidfd_getfd 438 ++#define SYS_faccessat2 439 ++#define SYS_process_madvise 440 ++#define SYS_epoll_pwait2 441 ++#define SYS_mount_setattr 442 ++#define SYS_landlock_create_ruleset 444 ++#define SYS_landlock_add_rule 445 ++#define SYS_landlock_restrict_self 446 +diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h.in b/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h.in +index 93648af..5f420e6 100644 +--- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h.in ++++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/syscall.h.in +@@ -289,4 +289,14 @@ + #define __NR_fspick 433 + #define __NR_pidfd_open 434 + #define __NR_clone3 435 ++#define __NR_close_range 436 ++#define __NR_openat2 437 ++#define __NR_pidfd_getfd 438 ++#define __NR_faccessat2 439 ++#define __NR_process_madvise 440 ++#define __NR_epoll_pwait2 441 ++#define __NR_mount_setattr 442 ++#define __NR_landlock_create_ruleset 444 ++#define __NR_landlock_add_rule 445 ++#define __NR_landlock_restrict_self 446 + +diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/bits/user.h b/thirdparty/open_source/musl/libc/arch/aarch64/bits/user.h +index d12cdf7..8a1002a 100644 +--- a/thirdparty/open_source/musl/libc/arch/aarch64/bits/user.h ++++ b/thirdparty/open_source/musl/libc/arch/aarch64/bits/user.h +@@ -6,7 +6,7 @@ struct user_regs_struct { + }; + + struct user_fpsimd_struct { +- long double vregs[32]; ++ __uint128_t vregs[32]; + unsigned int fpsr; + unsigned int fpcr; + }; +diff --git a/thirdparty/open_source/musl/libc/arch/aarch64/pthread_arch.h b/thirdparty/open_source/musl/libc/arch/aarch64/pthread_arch.h +index e64b126..3909616 100644 +--- a/thirdparty/open_source/musl/libc/arch/aarch64/pthread_arch.h ++++ b/thirdparty/open_source/musl/libc/arch/aarch64/pthread_arch.h +@@ -1,12 +1,11 @@ +-static inline struct pthread *__pthread_self() ++static inline uintptr_t __get_tp() + { +- char *self; +- __asm__ ("mrs %0,tpidr_el0" : "=r"(self)); +- return (void*)(self - sizeof(struct pthread)); ++ uintptr_t tp; ++ __asm__ ("mrs %0,tpidr_el0" : "=r"(tp)); ++ return tp; + } + + #define TLS_ABOVE_TP + #define GAP_ABOVE_TP 16 +-#define TP_ADJ(p) ((char *)(p) + sizeof(struct pthread)) + + #define MC_PC pc +diff --git a/thirdparty/open_source/musl/libc/arch/arm/bits/alltypes.h b/thirdparty/open_source/musl/libc/arch/arm/bits/alltypes.h +index 41b4204..8121b75 100644 +--- a/thirdparty/open_source/musl/libc/arch/arm/bits/alltypes.h ++++ b/thirdparty/open_source/musl/libc/arch/arm/bits/alltypes.h +@@ -1,31 +1,16 @@ +-#define _Addr int ++#define _REDIR_TIME64 0 ++#define _Addr int + #define _Int64 long long +-#define _Reg int ++#define _Reg int + +-#define __LITTLE_ENDIAN 1234 +-#define __BIG_ENDIAN 4321 +-#define __USE_TIME_BITS64 1 +- +-#ifndef __BYTE_ORDER +-#if __AARCH64EB__ ++#if __ARMEB__ + #define __BYTE_ORDER 4321 + #else + #define __BYTE_ORDER 1234 + #endif +-#endif + + #define __LONG_MAX 0x7fffffffL + +-#if defined(__NEED_va_list) && !defined(__DEFINED_va_list) +-typedef __builtin_va_list va_list; +-#define __DEFINED_va_list +-#endif +- +-#if defined(__NEED___isoc_va_list) && !defined(__DEFINED___isoc_va_list) +-typedef __builtin_va_list __isoc_va_list; +-#define __DEFINED___isoc_va_list +-#endif +- + #ifndef __cplusplus + #if defined(__NEED_wchar_t) && !defined(__DEFINED_wchar_t) + typedef unsigned wchar_t; +@@ -44,100 +29,15 @@ typedef double double_t; + #define __DEFINED_double_t + #endif + ++ + #if defined(__NEED_max_align_t) && !defined(__DEFINED_max_align_t) +-typedef struct { +- long long __ll; +- long double __ld; +-} max_align_t; ++typedef struct { long long __ll; long double __ld; } max_align_t; + #define __DEFINED_max_align_t + #endif + +-#if defined(__NEED_time_t) && !defined(__DEFINED_time_t) +-typedef long time_t; +-#define __DEFINED_time_t +-#endif +- +-#if defined(__NEED_suseconds_t) && !defined(__DEFINED_suseconds_t) +-typedef long suseconds_t; +-#define __DEFINED_suseconds_t +-#endif +- +-#if defined(__NEED_pthread_attr_t) && !defined(__DEFINED_pthread_attr_t) +-typedef struct { +- union { +- int __i[9]; +- volatile int __vi[9]; +- unsigned __s[9]; +- } __u; +-} pthread_attr_t; +-#define __DEFINED_pthread_attr_t +-#endif +- +-#if defined(__NEED_pthread_mutex_t) && !defined(__DEFINED_pthread_mutex_t) +-typedef struct { +- union { +- int __i[6]; +- volatile int __vi[6]; +- volatile void *volatile __p[6]; +- } __u; +-} pthread_mutex_t; +-#define __DEFINED_pthread_mutex_t +-#endif +- +-#if defined(__NEED_mtx_t) && !defined(__DEFINED_mtx_t) +-typedef struct { +- union { +- int __i[6]; +- volatile int __vi[6]; +- volatile void *volatile __p[6]; +- } __u; +-} mtx_t; +-#define __DEFINED_mtx_t +-#endif +- +-#if defined(__NEED_pthread_cond_t) && !defined(__DEFINED_pthread_cond_t) +-typedef struct { +- union { +- int __i[12]; +- volatile int __vi[12]; +- void *__p[12]; +- } __u; +-} pthread_cond_t; +-#define __DEFINED_pthread_cond_t +-#endif +- +-#if defined(__NEED_cnd_t) && !defined(__DEFINED_cnd_t) +-typedef struct { +- union { +- int __i[12]; +- volatile int __vi[12]; +- void *__p[12]; +- } __u; +-} cnd_t; +-#define __DEFINED_cnd_t +-#endif +- +-#if defined(__NEED_pthread_rwlock_t) && !defined(__DEFINED_pthread_rwlock_t) +-typedef struct { +- union { +- int __i[8]; +- volatile int __vi[8]; +- void *__p[8]; +- } __u; +-} pthread_rwlock_t; +-#define __DEFINED_pthread_rwlock_t +-#endif +- +-#if defined(__NEED_pthread_barrier_t) && !defined(__DEFINED_pthread_barrier_t) +-typedef struct { +- union { +- int __i[5]; +- volatile int __vi[5]; +- void *__p[5]; +- } __u; +-} pthread_barrier_t; +-#define __DEFINED_pthread_barrier_t +-#endif ++#define __LITTLE_ENDIAN 1234 ++#define __BIG_ENDIAN 4321 ++#define __USE_TIME_BITS64 1 + + #if defined(__NEED_size_t) && !defined(__DEFINED_size_t) + typedef unsigned _Addr size_t; +@@ -174,28 +74,39 @@ typedef _Reg register_t; + #define __DEFINED_register_t + #endif + ++#if defined(__NEED_time_t) && !defined(__DEFINED_time_t) ++typedef long time_t; ++#define __DEFINED_time_t ++#endif ++ ++#if defined(__NEED_suseconds_t) && !defined(__DEFINED_suseconds_t) ++typedef long suseconds_t; ++#define __DEFINED_suseconds_t ++#endif ++ ++ + #if defined(__NEED_int8_t) && !defined(__DEFINED_int8_t) + typedef signed char int8_t; + #define __DEFINED_int8_t + #endif + + #if defined(__NEED_int16_t) && !defined(__DEFINED_int16_t) +-typedef short int16_t; ++typedef signed short int16_t; + #define __DEFINED_int16_t + #endif + + #if defined(__NEED_int32_t) && !defined(__DEFINED_int32_t) +-typedef int int32_t; ++typedef signed int int32_t; + #define __DEFINED_int32_t + #endif + + #if defined(__NEED_int64_t) && !defined(__DEFINED_int64_t) +-typedef _Int64 int64_t; ++typedef signed _Int64 int64_t; + #define __DEFINED_int64_t + #endif + + #if defined(__NEED_intmax_t) && !defined(__DEFINED_intmax_t) +-typedef _Int64 intmax_t; ++typedef signed _Int64 intmax_t; + #define __DEFINED_intmax_t + #endif + +@@ -229,6 +140,7 @@ typedef unsigned _Int64 uintmax_t; + #define __DEFINED_uintmax_t + #endif + ++ + #if defined(__NEED_mode_t) && !defined(__DEFINED_mode_t) + typedef unsigned mode_t; + #define __DEFINED_mode_t +@@ -274,6 +186,7 @@ typedef unsigned _Int64 fsfilcnt_t; + #define __DEFINED_fsfilcnt_t + #endif + ++ + #if defined(__NEED_wint_t) && !defined(__DEFINED_wint_t) + typedef unsigned wint_t; + #define __DEFINED_wint_t +@@ -284,8 +197,9 @@ typedef unsigned long wctype_t; + #define __DEFINED_wctype_t + #endif + ++ + #if defined(__NEED_timer_t) && !defined(__DEFINED_timer_t) +-typedef void *timer_t; ++typedef void * timer_t; + #define __DEFINED_timer_t + #endif + +@@ -300,21 +214,16 @@ typedef long clock_t; + #endif + + #if defined(__NEED_struct_timeval) && !defined(__DEFINED_struct_timeval) +-struct timeval { +- time_t tv_sec; +- suseconds_t tv_usec; +-}; ++struct timeval { time_t tv_sec; suseconds_t tv_usec; }; + #define __DEFINED_struct_timeval + #endif + + #if defined(__NEED_struct_timespec) && !defined(__DEFINED_struct_timespec) +-struct timespec { +- time_t tv_sec; +- long tv_nsec; +-}; ++struct timespec { time_t tv_sec; long tv_nsec; }; + #define __DEFINED_struct_timespec + #endif + ++ + #if defined(__NEED_pid_t) && !defined(__DEFINED_pid_t) + typedef int pid_t; + #define __DEFINED_pid_t +@@ -345,6 +254,7 @@ typedef unsigned useconds_t; + #define __DEFINED_useconds_t + #endif + ++ + #ifdef __cplusplus + #if defined(__NEED_pthread_t) && !defined(__DEFINED_pthread_t) + typedef unsigned long pthread_t; +@@ -353,7 +263,7 @@ typedef unsigned long pthread_t; + + #else + #if defined(__NEED_pthread_t) && !defined(__DEFINED_pthread_t) +-typedef struct __pthread *pthread_t; ++typedef struct __pthread * pthread_t; + #define __DEFINED_pthread_t + #endif + +@@ -374,65 +284,78 @@ typedef int pthread_spinlock_t; + #endif + + #if defined(__NEED_pthread_mutexattr_t) && !defined(__DEFINED_pthread_mutexattr_t) +-typedef struct { +- unsigned __attr; +-} pthread_mutexattr_t; ++typedef struct { unsigned __attr; } pthread_mutexattr_t; + #define __DEFINED_pthread_mutexattr_t + #endif + + #if defined(__NEED_pthread_condattr_t) && !defined(__DEFINED_pthread_condattr_t) +-typedef struct { +- unsigned __attr; +-} pthread_condattr_t; ++typedef struct { unsigned __attr; } pthread_condattr_t; + #define __DEFINED_pthread_condattr_t + #endif + + #if defined(__NEED_pthread_barrierattr_t) && !defined(__DEFINED_pthread_barrierattr_t) +-typedef struct { +- unsigned __attr; +-} pthread_barrierattr_t; ++typedef struct { unsigned __attr; } pthread_barrierattr_t; + #define __DEFINED_pthread_barrierattr_t + #endif + + #if defined(__NEED_pthread_rwlockattr_t) && !defined(__DEFINED_pthread_rwlockattr_t) +-typedef struct { +- unsigned __attr[2]; +-} pthread_rwlockattr_t; ++typedef struct { unsigned __attr[2]; } pthread_rwlockattr_t; + #define __DEFINED_pthread_rwlockattr_t + #endif + ++ ++#if defined(__NEED_struct__IO_FILE) && !defined(__DEFINED_struct__IO_FILE) ++struct _IO_FILE { char __x; }; ++#define __DEFINED_struct__IO_FILE ++#endif ++ + #if defined(__NEED_FILE) && !defined(__DEFINED_FILE) + typedef struct _IO_FILE FILE; + #define __DEFINED_FILE + #endif + ++ ++#if defined(__NEED_va_list) && !defined(__DEFINED_va_list) ++typedef __builtin_va_list va_list; ++#define __DEFINED_va_list ++#endif ++ ++#if defined(__NEED___isoc_va_list) && !defined(__DEFINED___isoc_va_list) ++typedef __builtin_va_list __isoc_va_list; ++#define __DEFINED___isoc_va_list ++#endif ++ ++ + #if defined(__NEED_mbstate_t) && !defined(__DEFINED_mbstate_t) +-typedef struct __mbstate_t { +- unsigned __opaque1, __opaque2; +-} mbstate_t; ++typedef struct __mbstate_t { unsigned __opaque1, __opaque2; } mbstate_t; + #define __DEFINED_mbstate_t + #endif + ++ + #if defined(__NEED_locale_t) && !defined(__DEFINED_locale_t) +-typedef struct __locale_struct *locale_t; ++typedef struct __locale_struct * locale_t; + #define __DEFINED_locale_t + #endif + ++ + #if defined(__NEED_sigset_t) && !defined(__DEFINED_sigset_t) +-typedef struct __sigset_t { +- unsigned long __bits[128 / sizeof(long)]; +-} sigset_t; ++typedef struct __sigset_t { unsigned long __bits[128/sizeof(long)]; } sigset_t; + #define __DEFINED_sigset_t + #endif + ++ + #if defined(__NEED_struct_iovec) && !defined(__DEFINED_struct_iovec) +-struct iovec { +- void *iov_base; +- size_t iov_len; +-}; ++struct iovec { void *iov_base; size_t iov_len; }; + #define __DEFINED_struct_iovec + #endif + ++ ++#if defined(__NEED_struct_winsize) && !defined(__DEFINED_struct_winsize) ++struct winsize { unsigned short ws_row, ws_col, ws_xpixel, ws_ypixel; }; ++#define __DEFINED_struct_winsize ++#endif ++ ++ + #if defined(__NEED_socklen_t) && !defined(__DEFINED_socklen_t) + typedef unsigned socklen_t; + #define __DEFINED_socklen_t +@@ -443,6 +366,43 @@ typedef unsigned short sa_family_t; + #define __DEFINED_sa_family_t + #endif + ++ ++#if defined(__NEED_pthread_attr_t) && !defined(__DEFINED_pthread_attr_t) ++typedef struct { union { int __i[sizeof(long)==8?14:9]; volatile int __vi[sizeof(long)==8?14:9]; unsigned long __s[sizeof(long)==8?7:9]; } __u; } pthread_attr_t; ++#define __DEFINED_pthread_attr_t ++#endif ++ ++#if defined(__NEED_pthread_mutex_t) && !defined(__DEFINED_pthread_mutex_t) ++typedef struct { union { int __i[sizeof(long)==8?10:6]; volatile int __vi[sizeof(long)==8?10:6]; volatile void *volatile __p[sizeof(long)==8?5:6]; } __u; } pthread_mutex_t; ++#define __DEFINED_pthread_mutex_t ++#endif ++ ++#if defined(__NEED_mtx_t) && !defined(__DEFINED_mtx_t) ++typedef struct { union { int __i[sizeof(long)==8?10:6]; volatile int __vi[sizeof(long)==8?10:6]; volatile void *volatile __p[sizeof(long)==8?5:6]; } __u; } mtx_t; ++#define __DEFINED_mtx_t ++#endif ++ ++#if defined(__NEED_pthread_cond_t) && !defined(__DEFINED_pthread_cond_t) ++typedef struct { union { int __i[12]; volatile int __vi[12]; void *__p[12*sizeof(int)/sizeof(void*)]; } __u; } pthread_cond_t; ++#define __DEFINED_pthread_cond_t ++#endif ++ ++#if defined(__NEED_cnd_t) && !defined(__DEFINED_cnd_t) ++typedef struct { union { int __i[12]; volatile int __vi[12]; void *__p[12*sizeof(int)/sizeof(void*)]; } __u; } cnd_t; ++#define __DEFINED_cnd_t ++#endif ++ ++#if defined(__NEED_pthread_rwlock_t) && !defined(__DEFINED_pthread_rwlock_t) ++typedef struct { union { int __i[sizeof(long)==8?14:8]; volatile int __vi[sizeof(long)==8?14:8]; void *__p[sizeof(long)==8?7:8]; } __u; } pthread_rwlock_t; ++#define __DEFINED_pthread_rwlock_t ++#endif ++ ++#if defined(__NEED_pthread_barrier_t) && !defined(__DEFINED_pthread_barrier_t) ++typedef struct { union { int __i[sizeof(long)==8?8:5]; volatile int __vi[sizeof(long)==8?8:5]; void *__p[sizeof(long)==8?4:5]; } __u; } pthread_barrier_t; ++#define __DEFINED_pthread_barrier_t ++#endif ++ ++ + #undef _Addr + #undef _Int64 + #undef _Reg +diff --git a/thirdparty/open_source/musl/libc/arch/arm/bits/syscall.h b/thirdparty/open_source/musl/libc/arch/arm/bits/syscall.h +index 6b128e5..2131e1e 100644 +--- a/thirdparty/open_source/musl/libc/arch/arm/bits/syscall.h ++++ b/thirdparty/open_source/musl/libc/arch/arm/bits/syscall.h +@@ -1,715 +1,810 @@ +-#define __NR_restart_syscall 0 +-#define __NR_exit 1 +-#define __NR_fork 2 +-#define __NR_read 3 +-#define __NR_write 4 +-#define __NR_open 5 +-#define __NR_close 6 +-#define __NR_creat 8 +-#define __NR_link 9 +-#define __NR_unlink 10 +-#define __NR_execve 11 +-#define __NR_chdir 12 +-#define __NR_mknod 14 +-#define __NR_chmod 15 +-#define __NR_lchown 16 +-#define __NR_lseek 19 +-#define __NR_getpid 20 +-#define __NR_mount 21 +-#define __NR_setuid 23 +-#define __NR_getuid 24 +-#define __NR_ptrace 26 +-#define __NR_pause 29 +-#define __NR_access 33 +-#define __NR_nice 34 +-#define __NR_sync 36 +-#define __NR_kill 37 +-#define __NR_rename 38 +-#define __NR_mkdir 39 +-#define __NR_rmdir 40 +-#define __NR_dup 41 +-#define __NR_pipe 42 +-#define __NR_times 43 +-#define __NR_brk 45 +-#define __NR_setgid 46 +-#define __NR_getgid 47 +-#define __NR_geteuid 49 +-#define __NR_getegid 50 +-#define __NR_acct 51 +-#define __NR_umount2 52 +-#define __NR_ioctl 54 +-#define __NR_fcntl 55 +-#define __NR_setpgid 57 +-#define __NR_umask 60 +-#define __NR_chroot 61 +-#define __NR_ustat 62 +-#define __NR_dup2 63 +-#define __NR_getppid 64 +-#define __NR_getpgrp 65 +-#define __NR_setsid 66 +-#define __NR_sigaction 67 +-#define __NR_setreuid 70 +-#define __NR_setregid 71 +-#define __NR_sigsuspend 72 +-#define __NR_sigpending 73 +-#define __NR_sethostname 74 +-#define __NR_setrlimit 75 +-#define __NR_getrusage 77 +-#define __NR_gettimeofday 78 +-#define __NR_settimeofday 79 +-#define __NR_getgroups 80 +-#define __NR_setgroups 81 +-#define __NR_symlink 83 +-#define __NR_readlink 85 +-#define __NR_uselib 86 +-#define __NR_swapon 87 +-#define __NR_reboot 88 +-#define __NR_munmap 91 +-#define __NR_truncate 92 +-#define __NR_ftruncate 93 +-#define __NR_fchmod 94 +-#define __NR_fchown 95 +-#define __NR_getpriority 96 +-#define __NR_setpriority 97 +-#define __NR_statfs 99 +-#define __NR_fstatfs 100 +-#define __NR_syslog 103 +-#define __NR_setitimer 104 +-#define __NR_getitimer 105 +-#define __NR_stat 106 +-#define __NR_lstat 107 +-#define __NR_fstat 108 +-#define __NR_vhangup 111 +-#define __NR_wait4 114 +-#define __NR_swapoff 115 +-#define __NR_sysinfo 116 +-#define __NR_fsync 118 +-#define __NR_sigreturn 119 +-#define __NR_clone 120 +-#define __NR_setdomainname 121 +-#define __NR_uname 122 +-#define __NR_adjtimex 124 +-#define __NR_mprotect 125 +-#define __NR_sigprocmask 126 +-#define __NR_init_module 128 +-#define __NR_delete_module 129 +-#define __NR_quotactl 131 +-#define __NR_getpgid 132 +-#define __NR_fchdir 133 +-#define __NR_bdflush 134 +-#define __NR_sysfs 135 +-#define __NR_personality 136 +-#define __NR_setfsuid 138 +-#define __NR_setfsgid 139 +-#define __NR__llseek 140 +-#define __NR_getdents 141 +-#define __NR__newselect 142 +-#define __NR_flock 143 +-#define __NR_msync 144 +-#define __NR_readv 145 +-#define __NR_writev 146 +-#define __NR_getsid 147 +-#define __NR_fdatasync 148 +-#define __NR__sysctl 149 +-#define __NR_mlock 150 +-#define __NR_munlock 151 +-#define __NR_mlockall 152 +-#define __NR_munlockall 153 +-#define __NR_sched_setparam 154 +-#define __NR_sched_getparam 155 +-#define __NR_sched_setscheduler 156 +-#define __NR_sched_getscheduler 157 +-#define __NR_sched_yield 158 +-#define __NR_sched_get_priority_max 159 +-#define __NR_sched_get_priority_min 160 +-#define __NR_sched_rr_get_interval 161 +-#define __NR_nanosleep 162 +-#define __NR_mremap 163 +-#define __NR_setresuid 164 +-#define __NR_getresuid 165 +-#define __NR_poll 168 +-#define __NR_nfsservctl 169 +-#define __NR_setresgid 170 +-#define __NR_getresgid 171 +-#define __NR_prctl 172 +-#define __NR_rt_sigreturn 173 +-#define __NR_rt_sigaction 174 +-#define __NR_rt_sigprocmask 175 +-#define __NR_rt_sigpending 176 +-#define __NR_rt_sigtimedwait 177 +-#define __NR_rt_sigqueueinfo 178 +-#define __NR_rt_sigsuspend 179 +-#define __NR_pread64 180 +-#define __NR_pwrite64 181 +-#define __NR_chown 182 +-#define __NR_getcwd 183 +-#define __NR_capget 184 +-#define __NR_capset 185 +-#define __NR_sigaltstack 186 +-#define __NR_sendfile 187 +-#define __NR_vfork 190 +-#define __NR_ugetrlimit 191 +-#define __NR_mmap2 192 +-#define __NR_truncate64 193 +-#define __NR_ftruncate64 194 +-#define __NR_stat64 195 +-#define __NR_lstat64 196 +-#define __NR_fstat64 197 +-#define __NR_lchown32 198 +-#define __NR_getuid32 199 +-#define __NR_getgid32 200 +-#define __NR_geteuid32 201 +-#define __NR_getegid32 202 +-#define __NR_setreuid32 203 +-#define __NR_setregid32 204 +-#define __NR_getgroups32 205 +-#define __NR_setgroups32 206 +-#define __NR_fchown32 207 +-#define __NR_setresuid32 208 +-#define __NR_getresuid32 209 +-#define __NR_setresgid32 210 +-#define __NR_getresgid32 211 +-#define __NR_chown32 212 +-#define __NR_setuid32 213 +-#define __NR_setgid32 214 +-#define __NR_setfsuid32 215 +-#define __NR_setfsgid32 216 +-#define __NR_getdents64 217 +-#define __NR_pivot_root 218 +-#define __NR_mincore 219 +-#define __NR_madvise 220 +-#define __NR_fcntl64 221 +-#define __NR_gettid 224 +-#define __NR_readahead 225 +-#define __NR_setxattr 226 +-#define __NR_lsetxattr 227 +-#define __NR_fsetxattr 228 +-#define __NR_getxattr 229 +-#define __NR_lgetxattr 230 +-#define __NR_fgetxattr 231 +-#define __NR_listxattr 232 +-#define __NR_llistxattr 233 +-#define __NR_flistxattr 234 +-#define __NR_removexattr 235 +-#define __NR_lremovexattr 236 +-#define __NR_fremovexattr 237 +-#define __NR_tkill 238 +-#define __NR_sendfile64 239 +-#define __NR_futex 240 +-#define __NR_sched_setaffinity 241 +-#define __NR_sched_getaffinity 242 +-#define __NR_io_setup 243 +-#define __NR_io_destroy 244 +-#define __NR_io_getevents 245 +-#define __NR_io_submit 246 +-#define __NR_io_cancel 247 +-#define __NR_exit_group 248 +-#define __NR_lookup_dcookie 249 +-#define __NR_epoll_create 250 +-#define __NR_epoll_ctl 251 +-#define __NR_epoll_wait 252 +-#define __NR_remap_file_pages 253 +-#define __NR_set_tid_address 256 +-#define __NR_timer_create 257 +-#define __NR_timer_settime 258 +-#define __NR_timer_gettime 259 +-#define __NR_timer_getoverrun 260 +-#define __NR_timer_delete 261 +-#define __NR_clock_settime 262 +-#define __NR_clock_gettime 263 +-#define __NR_clock_getres 264 +-#define __NR_clock_nanosleep 265 +-#define __NR_statfs64 266 +-#define __NR_fstatfs64 267 +-#define __NR_tgkill 268 +-#define __NR_utimes 269 +-#define __NR_fadvise64_64 270 +-#define __NR_arm_fadvise64_64 270 +-#define __NR_pciconfig_iobase 271 +-#define __NR_pciconfig_read 272 +-#define __NR_pciconfig_write 273 +-#define __NR_mq_open 274 +-#define __NR_mq_unlink 275 +-#define __NR_mq_timedsend 276 +-#define __NR_mq_timedreceive 277 +-#define __NR_mq_notify 278 +-#define __NR_mq_getsetattr 279 +-#define __NR_waitid 280 +-#define __NR_socket 281 +-#define __NR_bind 282 +-#define __NR_connect 283 +-#define __NR_listen 284 +-#define __NR_accept 285 +-#define __NR_getsockname 286 +-#define __NR_getpeername 287 +-#define __NR_socketpair 288 +-#define __NR_send 289 +-#define __NR_sendto 290 +-#define __NR_recv 291 +-#define __NR_recvfrom 292 +-#define __NR_shutdown 293 +-#define __NR_setsockopt 294 +-#define __NR_getsockopt 295 +-#define __NR_sendmsg 296 +-#define __NR_recvmsg 297 +-#define __NR_semop 298 +-#define __NR_semget 299 +-#define __NR_semctl 300 +-#define __NR_msgsnd 301 +-#define __NR_msgrcv 302 +-#define __NR_msgget 303 +-#define __NR_msgctl 304 +-#define __NR_shmat 305 +-#define __NR_shmdt 306 +-#define __NR_shmget 307 +-#define __NR_shmctl 308 +-#define __NR_add_key 309 +-#define __NR_request_key 310 +-#define __NR_keyctl 311 +-#define __NR_semtimedop 312 +-#define __NR_vserver 313 +-#define __NR_ioprio_set 314 +-#define __NR_ioprio_get 315 +-#define __NR_inotify_init 316 +-#define __NR_inotify_add_watch 317 +-#define __NR_inotify_rm_watch 318 +-#define __NR_mbind 319 +-#define __NR_get_mempolicy 320 +-#define __NR_set_mempolicy 321 +-#define __NR_openat 322 +-#define __NR_mkdirat 323 +-#define __NR_mknodat 324 +-#define __NR_fchownat 325 +-#define __NR_futimesat 326 +-#define __NR_fstatat64 327 +-#define __NR_unlinkat 328 +-#define __NR_renameat 329 +-#define __NR_linkat 330 +-#define __NR_symlinkat 331 +-#define __NR_readlinkat 332 +-#define __NR_fchmodat 333 +-#define __NR_faccessat 334 +-#define __NR_pselect6 335 +-#define __NR_ppoll 336 +-#define __NR_unshare 337 +-#define __NR_set_robust_list 338 +-#define __NR_get_robust_list 339 +-#define __NR_splice 340 +-#define __NR_sync_file_range2 341 +-#define __NR_arm_sync_file_range 341 +-#define __NR_tee 342 +-#define __NR_vmsplice 343 +-#define __NR_move_pages 344 +-#define __NR_getcpu 345 +-#define __NR_epoll_pwait 346 +-#define __NR_kexec_load 347 +-#define __NR_utimensat 348 +-#define __NR_signalfd 349 +-#define __NR_timerfd_create 350 +-#define __NR_eventfd 351 +-#define __NR_fallocate 352 +-#define __NR_timerfd_settime 353 +-#define __NR_timerfd_gettime 354 +-#define __NR_signalfd4 355 +-#define __NR_eventfd2 356 +-#define __NR_epoll_create1 357 +-#define __NR_dup3 358 +-#define __NR_pipe2 359 +-#define __NR_inotify_init1 360 +-#define __NR_preadv 361 +-#define __NR_pwritev 362 +-#define __NR_rt_tgsigqueueinfo 363 +-#define __NR_perf_event_open 364 +-#define __NR_recvmmsg 365 +-#define __NR_accept4 366 +-#define __NR_fanotify_init 367 +-#define __NR_fanotify_mark 368 +-#define __NR_prlimit64 369 +-#define __NR_name_to_handle_at 370 +-#define __NR_open_by_handle_at 371 +-#define __NR_clock_adjtime 372 +-#define __NR_syncfs 373 +-#define __NR_sendmmsg 374 +-#define __NR_setns 375 +-#define __NR_process_vm_readv 376 +-#define __NR_process_vm_writev 377 +-#define __NR_kcmp 378 +-#define __NR_finit_module 379 +-#define __NR_sched_setattr 380 +-#define __NR_sched_getattr 381 +-#define __NR_renameat2 382 +-#define __NR_seccomp 383 +-#define __NR_getrandom 384 +-#define __NR_memfd_create 385 +-#define __NR_bpf 386 +-#define __NR_execveat 387 +-#define __NR_userfaultfd 388 +-#define __NR_membarrier 389 +-#define __NR_mlock2 390 +-#define __NR_copy_file_range 391 +-#define __NR_preadv2 392 +-#define __NR_pwritev2 393 +-#define __NR_pkey_mprotect 394 +-#define __NR_pkey_alloc 395 +-#define __NR_pkey_free 396 ++#define __NR_restart_syscall 0 ++#define __NR_exit 1 ++#define __NR_fork 2 ++#define __NR_read 3 ++#define __NR_write 4 ++#define __NR_open 5 ++#define __NR_close 6 ++#define __NR_creat 8 ++#define __NR_link 9 ++#define __NR_unlink 10 ++#define __NR_execve 11 ++#define __NR_chdir 12 ++#define __NR_mknod 14 ++#define __NR_chmod 15 ++#define __NR_lchown 16 ++#define __NR_lseek 19 ++#define __NR_getpid 20 ++#define __NR_mount 21 ++#define __NR_setuid 23 ++#define __NR_getuid 24 ++#define __NR_ptrace 26 ++#define __NR_pause 29 ++#define __NR_access 33 ++#define __NR_nice 34 ++#define __NR_sync 36 ++#define __NR_kill 37 ++#define __NR_rename 38 ++#define __NR_mkdir 39 ++#define __NR_rmdir 40 ++#define __NR_dup 41 ++#define __NR_pipe 42 ++#define __NR_times 43 ++#define __NR_brk 45 ++#define __NR_setgid 46 ++#define __NR_getgid 47 ++#define __NR_geteuid 49 ++#define __NR_getegid 50 ++#define __NR_acct 51 ++#define __NR_umount2 52 ++#define __NR_ioctl 54 ++#define __NR_fcntl 55 ++#define __NR_setpgid 57 ++#define __NR_umask 60 ++#define __NR_chroot 61 ++#define __NR_ustat 62 ++#define __NR_dup2 63 ++#define __NR_getppid 64 ++#define __NR_getpgrp 65 ++#define __NR_setsid 66 ++#define __NR_sigaction 67 ++#define __NR_setreuid 70 ++#define __NR_setregid 71 ++#define __NR_sigsuspend 72 ++#define __NR_sigpending 73 ++#define __NR_sethostname 74 ++#define __NR_setrlimit 75 ++#define __NR_getrusage 77 ++#define __NR_gettimeofday_time32 78 ++#define __NR_settimeofday_time32 79 ++#define __NR_getgroups 80 ++#define __NR_setgroups 81 ++#define __NR_symlink 83 ++#define __NR_readlink 85 ++#define __NR_uselib 86 ++#define __NR_swapon 87 ++#define __NR_reboot 88 ++#define __NR_munmap 91 ++#define __NR_truncate 92 ++#define __NR_ftruncate 93 ++#define __NR_fchmod 94 ++#define __NR_fchown 95 ++#define __NR_getpriority 96 ++#define __NR_setpriority 97 ++#define __NR_statfs 99 ++#define __NR_fstatfs 100 ++#define __NR_syslog 103 ++#define __NR_setitimer 104 ++#define __NR_getitimer 105 ++#define __NR_stat 106 ++#define __NR_lstat 107 ++#define __NR_fstat 108 ++#define __NR_vhangup 111 ++#define __NR_wait4 114 ++#define __NR_swapoff 115 ++#define __NR_sysinfo 116 ++#define __NR_fsync 118 ++#define __NR_sigreturn 119 ++#define __NR_clone 120 ++#define __NR_setdomainname 121 ++#define __NR_uname 122 ++#define __NR_adjtimex 124 ++#define __NR_mprotect 125 ++#define __NR_sigprocmask 126 ++#define __NR_init_module 128 ++#define __NR_delete_module 129 ++#define __NR_quotactl 131 ++#define __NR_getpgid 132 ++#define __NR_fchdir 133 ++#define __NR_bdflush 134 ++#define __NR_sysfs 135 ++#define __NR_personality 136 ++#define __NR_setfsuid 138 ++#define __NR_setfsgid 139 ++#define __NR__llseek 140 ++#define __NR_getdents 141 ++#define __NR__newselect 142 ++#define __NR_flock 143 ++#define __NR_msync 144 ++#define __NR_readv 145 ++#define __NR_writev 146 ++#define __NR_getsid 147 ++#define __NR_fdatasync 148 ++#define __NR__sysctl 149 ++#define __NR_mlock 150 ++#define __NR_munlock 151 ++#define __NR_mlockall 152 ++#define __NR_munlockall 153 ++#define __NR_sched_setparam 154 ++#define __NR_sched_getparam 155 ++#define __NR_sched_setscheduler 156 ++#define __NR_sched_getscheduler 157 ++#define __NR_sched_yield 158 ++#define __NR_sched_get_priority_max 159 ++#define __NR_sched_get_priority_min 160 ++#define __NR_sched_rr_get_interval 161 ++#define __NR_nanosleep 162 ++#define __NR_mremap 163 ++#define __NR_setresuid 164 ++#define __NR_getresuid 165 ++#define __NR_poll 168 ++#define __NR_nfsservctl 169 ++#define __NR_setresgid 170 ++#define __NR_getresgid 171 ++#define __NR_prctl 172 ++#define __NR_rt_sigreturn 173 ++#define __NR_rt_sigaction 174 ++#define __NR_rt_sigprocmask 175 ++#define __NR_rt_sigpending 176 ++#define __NR_rt_sigtimedwait 177 ++#define __NR_rt_sigqueueinfo 178 ++#define __NR_rt_sigsuspend 179 ++#define __NR_pread64 180 ++#define __NR_pwrite64 181 ++#define __NR_chown 182 ++#define __NR_getcwd 183 ++#define __NR_capget 184 ++#define __NR_capset 185 ++#define __NR_sigaltstack 186 ++#define __NR_sendfile 187 ++#define __NR_vfork 190 ++#define __NR_ugetrlimit 191 ++#define __NR_mmap2 192 ++#define __NR_truncate64 193 ++#define __NR_ftruncate64 194 ++#define __NR_stat64 195 ++#define __NR_lstat64 196 ++#define __NR_fstat64 197 ++#define __NR_lchown32 198 ++#define __NR_getuid32 199 ++#define __NR_getgid32 200 ++#define __NR_geteuid32 201 ++#define __NR_getegid32 202 ++#define __NR_setreuid32 203 ++#define __NR_setregid32 204 ++#define __NR_getgroups32 205 ++#define __NR_setgroups32 206 ++#define __NR_fchown32 207 ++#define __NR_setresuid32 208 ++#define __NR_getresuid32 209 ++#define __NR_setresgid32 210 ++#define __NR_getresgid32 211 ++#define __NR_chown32 212 ++#define __NR_setuid32 213 ++#define __NR_setgid32 214 ++#define __NR_setfsuid32 215 ++#define __NR_setfsgid32 216 ++#define __NR_getdents64 217 ++#define __NR_pivot_root 218 ++#define __NR_mincore 219 ++#define __NR_madvise 220 ++#define __NR_fcntl64 221 ++#define __NR_gettid 224 ++#define __NR_readahead 225 ++#define __NR_setxattr 226 ++#define __NR_lsetxattr 227 ++#define __NR_fsetxattr 228 ++#define __NR_getxattr 229 ++#define __NR_lgetxattr 230 ++#define __NR_fgetxattr 231 ++#define __NR_listxattr 232 ++#define __NR_llistxattr 233 ++#define __NR_flistxattr 234 ++#define __NR_removexattr 235 ++#define __NR_lremovexattr 236 ++#define __NR_fremovexattr 237 ++#define __NR_tkill 238 ++#define __NR_sendfile64 239 ++#define __NR_futex 240 ++#define __NR_sched_setaffinity 241 ++#define __NR_sched_getaffinity 242 ++#define __NR_io_setup 243 ++#define __NR_io_destroy 244 ++#define __NR_io_getevents 245 ++#define __NR_io_submit 246 ++#define __NR_io_cancel 247 ++#define __NR_exit_group 248 ++#define __NR_lookup_dcookie 249 ++#define __NR_epoll_create 250 ++#define __NR_epoll_ctl 251 ++#define __NR_epoll_wait 252 ++#define __NR_remap_file_pages 253 ++#define __NR_set_tid_address 256 ++#define __NR_timer_create 257 ++#define __NR_timer_settime32 258 ++#define __NR_timer_gettime32 259 ++#define __NR_timer_getoverrun 260 ++#define __NR_timer_delete 261 ++#define __NR_clock_settime32 262 ++#define __NR_clock_gettime32 263 ++#define __NR_clock_getres_time32 264 ++#define __NR_clock_nanosleep_time32 265 ++#define __NR_statfs64 266 ++#define __NR_fstatfs64 267 ++#define __NR_tgkill 268 ++#define __NR_utimes 269 ++#define __NR_fadvise64_64 270 ++#define __NR_arm_fadvise64_64 270 ++#define __NR_pciconfig_iobase 271 ++#define __NR_pciconfig_read 272 ++#define __NR_pciconfig_write 273 ++#define __NR_mq_open 274 ++#define __NR_mq_unlink 275 ++#define __NR_mq_timedsend 276 ++#define __NR_mq_timedreceive 277 ++#define __NR_mq_notify 278 ++#define __NR_mq_getsetattr 279 ++#define __NR_waitid 280 ++#define __NR_socket 281 ++#define __NR_bind 282 ++#define __NR_connect 283 ++#define __NR_listen 284 ++#define __NR_accept 285 ++#define __NR_getsockname 286 ++#define __NR_getpeername 287 ++#define __NR_socketpair 288 ++#define __NR_send 289 ++#define __NR_sendto 290 ++#define __NR_recv 291 ++#define __NR_recvfrom 292 ++#define __NR_shutdown 293 ++#define __NR_setsockopt 294 ++#define __NR_getsockopt 295 ++#define __NR_sendmsg 296 ++#define __NR_recvmsg 297 ++#define __NR_semop 298 ++#define __NR_semget 299 ++#define __NR_semctl 300 ++#define __NR_msgsnd 301 ++#define __NR_msgrcv 302 ++#define __NR_msgget 303 ++#define __NR_msgctl 304 ++#define __NR_shmat 305 ++#define __NR_shmdt 306 ++#define __NR_shmget 307 ++#define __NR_shmctl 308 ++#define __NR_add_key 309 ++#define __NR_request_key 310 ++#define __NR_keyctl 311 ++#define __NR_semtimedop 312 ++#define __NR_vserver 313 ++#define __NR_ioprio_set 314 ++#define __NR_ioprio_get 315 ++#define __NR_inotify_init 316 ++#define __NR_inotify_add_watch 317 ++#define __NR_inotify_rm_watch 318 ++#define __NR_mbind 319 ++#define __NR_get_mempolicy 320 ++#define __NR_set_mempolicy 321 ++#define __NR_openat 322 ++#define __NR_mkdirat 323 ++#define __NR_mknodat 324 ++#define __NR_fchownat 325 ++#define __NR_futimesat 326 ++#define __NR_fstatat64 327 ++#define __NR_unlinkat 328 ++#define __NR_renameat 329 ++#define __NR_linkat 330 ++#define __NR_symlinkat 331 ++#define __NR_readlinkat 332 ++#define __NR_fchmodat 333 ++#define __NR_faccessat 334 ++#define __NR_pselect6 335 ++#define __NR_ppoll 336 ++#define __NR_unshare 337 ++#define __NR_set_robust_list 338 ++#define __NR_get_robust_list 339 ++#define __NR_splice 340 ++#define __NR_sync_file_range2 341 ++#define __NR_arm_sync_file_range 341 ++#define __NR_tee 342 ++#define __NR_vmsplice 343 ++#define __NR_move_pages 344 ++#define __NR_getcpu 345 ++#define __NR_epoll_pwait 346 ++#define __NR_kexec_load 347 ++#define __NR_utimensat 348 ++#define __NR_signalfd 349 ++#define __NR_timerfd_create 350 ++#define __NR_eventfd 351 ++#define __NR_fallocate 352 ++#define __NR_timerfd_settime32 353 ++#define __NR_timerfd_gettime32 354 ++#define __NR_signalfd4 355 ++#define __NR_eventfd2 356 ++#define __NR_epoll_create1 357 ++#define __NR_dup3 358 ++#define __NR_pipe2 359 ++#define __NR_inotify_init1 360 ++#define __NR_preadv 361 ++#define __NR_pwritev 362 ++#define __NR_rt_tgsigqueueinfo 363 ++#define __NR_perf_event_open 364 ++#define __NR_recvmmsg 365 ++#define __NR_accept4 366 ++#define __NR_fanotify_init 367 ++#define __NR_fanotify_mark 368 ++#define __NR_prlimit64 369 ++#define __NR_name_to_handle_at 370 ++#define __NR_open_by_handle_at 371 ++#define __NR_clock_adjtime 372 ++#define __NR_syncfs 373 ++#define __NR_sendmmsg 374 ++#define __NR_setns 375 ++#define __NR_process_vm_readv 376 ++#define __NR_process_vm_writev 377 ++#define __NR_kcmp 378 ++#define __NR_finit_module 379 ++#define __NR_sched_setattr 380 ++#define __NR_sched_getattr 381 ++#define __NR_renameat2 382 ++#define __NR_seccomp 383 ++#define __NR_getrandom 384 ++#define __NR_memfd_create 385 ++#define __NR_bpf 386 ++#define __NR_execveat 387 ++#define __NR_userfaultfd 388 ++#define __NR_membarrier 389 ++#define __NR_mlock2 390 ++#define __NR_copy_file_range 391 ++#define __NR_preadv2 392 ++#define __NR_pwritev2 393 ++#define __NR_pkey_mprotect 394 ++#define __NR_pkey_alloc 395 ++#define __NR_pkey_free 396 ++#define __NR_statx 397 ++#define __NR_rseq 398 ++#define __NR_io_pgetevents 399 ++#define __NR_migrate_pages 400 ++#define __NR_kexec_file_load 401 ++#define __NR_clock_gettime64 403 ++#define __NR_clock_settime64 404 ++#define __NR_clock_adjtime64 405 ++#define __NR_clock_getres_time64 406 ++#define __NR_clock_nanosleep_time64 407 ++#define __NR_timer_gettime64 408 ++#define __NR_timer_settime64 409 ++#define __NR_timerfd_gettime64 410 ++#define __NR_timerfd_settime64 411 ++#define __NR_utimensat_time64 412 ++#define __NR_pselect6_time64 413 ++#define __NR_ppoll_time64 414 ++#define __NR_io_pgetevents_time64 416 ++#define __NR_recvmmsg_time64 417 ++#define __NR_mq_timedsend_time64 418 ++#define __NR_mq_timedreceive_time64 419 ++#define __NR_semtimedop_time64 420 ++#define __NR_rt_sigtimedwait_time64 421 ++#define __NR_futex_time64 422 ++#define __NR_sched_rr_get_interval_time64 423 ++#define __NR_pidfd_send_signal 424 ++#define __NR_io_uring_setup 425 ++#define __NR_io_uring_enter 426 ++#define __NR_io_uring_register 427 ++#define __NR_open_tree 428 ++#define __NR_move_mount 429 ++#define __NR_fsopen 430 ++#define __NR_fsconfig 431 ++#define __NR_fsmount 432 ++#define __NR_fspick 433 ++#define __NR_pidfd_open 434 ++#define __NR_clone3 435 ++#define __NR_close_range 436 ++#define __NR_openat2 437 ++#define __NR_pidfd_getfd 438 ++#define __NR_faccessat2 439 ++#define __NR_process_madvise 440 ++#define __NR_epoll_pwait2 441 ++#define __NR_mount_setattr 442 ++#define __NR_landlock_create_ruleset 444 ++#define __NR_landlock_add_rule 445 ++#define __NR_landlock_restrict_self 446 + +-#define __ARM_NR_breakpoint 0x0f0001 +-#define __ARM_NR_cacheflush 0x0f0002 +-#define __ARM_NR_usr26 0x0f0003 +-#define __ARM_NR_usr32 0x0f0004 +-#define __ARM_NR_set_tls 0x0f0005 ++#define __ARM_NR_breakpoint 0x0f0001 ++#define __ARM_NR_cacheflush 0x0f0002 ++#define __ARM_NR_usr26 0x0f0003 ++#define __ARM_NR_usr32 0x0f0004 ++#define __ARM_NR_set_tls 0x0f0005 ++#define __ARM_NR_get_tls 0x0f0006 + +-#define SYS_restart_syscall 0 +-#define SYS_exit 1 +-#define SYS_fork 2 +-#define SYS_read 3 +-#define SYS_write 4 +-#define SYS_open 5 +-#define SYS_close 6 +-#define SYS_creat 8 +-#define SYS_link 9 +-#define SYS_unlink 10 +-#define SYS_execve 11 +-#define SYS_chdir 12 +-#define SYS_mknod 14 +-#define SYS_chmod 15 +-#define SYS_lchown 16 +-#define SYS_lseek 19 +-#define SYS_getpid 20 +-#define SYS_mount 21 +-#define SYS_setuid 23 +-#define SYS_getuid 24 +-#define SYS_ptrace 26 +-#define SYS_pause 29 +-#define SYS_access 33 +-#define SYS_nice 34 +-#define SYS_sync 36 +-#define SYS_kill 37 +-#define SYS_rename 38 +-#define SYS_mkdir 39 +-#define SYS_rmdir 40 +-#define SYS_dup 41 +-#define SYS_pipe 42 +-#define SYS_times 43 +-#define SYS_brk 45 +-#define SYS_setgid 46 +-#define SYS_getgid 47 +-#define SYS_geteuid 49 +-#define SYS_getegid 50 +-#define SYS_acct 51 +-#define SYS_umount2 52 +-#define SYS_ioctl 54 +-#define SYS_fcntl 55 +-#define SYS_setpgid 57 +-#define SYS_umask 60 +-#define SYS_chroot 61 +-#define SYS_ustat 62 +-#define SYS_dup2 63 +-#define SYS_getppid 64 +-#define SYS_getpgrp 65 +-#define SYS_setsid 66 +-#define SYS_sigaction 67 +-#define SYS_setreuid 70 +-#define SYS_setregid 71 +-#define SYS_sigsuspend 72 +-#define SYS_sigpending 73 +-#define SYS_sethostname 74 +-#define SYS_setrlimit 75 +-#define SYS_getrusage 77 +-#define SYS_gettimeofday 78 +-#define SYS_settimeofday 79 +-#define SYS_getgroups 80 +-#define SYS_setgroups 81 +-#define SYS_symlink 83 +-#define SYS_readlink 85 +-#define SYS_uselib 86 +-#define SYS_swapon 87 +-#define SYS_reboot 88 +-#define SYS_munmap 91 +-#define SYS_truncate 92 +-#define SYS_ftruncate 93 +-#define SYS_fchmod 94 +-#define SYS_fchown 95 +-#define SYS_getpriority 96 +-#define SYS_setpriority 97 +-#define SYS_statfs 99 +-#define SYS_fstatfs 100 +-#define SYS_syslog 103 +-#define SYS_setitimer 104 +-#define SYS_getitimer 105 +-#define SYS_stat 106 +-#define SYS_lstat 107 +-#define SYS_fstat 108 +-#define SYS_vhangup 111 +-#define SYS_wait4 114 +-#define SYS_swapoff 115 +-#define SYS_sysinfo 116 +-#define SYS_fsync 118 +-#define SYS_sigreturn 119 +-#define SYS_clone 120 +-#define SYS_setdomainname 121 +-#define SYS_uname 122 +-#define SYS_adjtimex 124 +-#define SYS_mprotect 125 +-#define SYS_sigprocmask 126 +-#define SYS_init_module 128 +-#define SYS_delete_module 129 +-#define SYS_quotactl 131 +-#define SYS_getpgid 132 +-#define SYS_fchdir 133 +-#define SYS_bdflush 134 +-#define SYS_sysfs 135 +-#define SYS_personality 136 +-#define SYS_setfsuid 138 +-#define SYS_setfsgid 139 +-#define SYS__llseek 140 +-#define SYS_getdents 141 +-#define SYS__newselect 142 +-#define SYS_flock 143 +-#define SYS_msync 144 +-#define SYS_readv 145 +-#define SYS_writev 146 +-#define SYS_getsid 147 +-#define SYS_fdatasync 148 +-#define SYS__sysctl 149 +-#define SYS_mlock 150 +-#define SYS_munlock 151 +-#define SYS_mlockall 152 +-#define SYS_munlockall 153 +-#define SYS_sched_setparam 154 +-#define SYS_sched_getparam 155 +-#define SYS_sched_setscheduler 156 +-#define SYS_sched_getscheduler 157 +-#define SYS_sched_yield 158 +-#define SYS_sched_get_priority_max 159 +-#define SYS_sched_get_priority_min 160 +-#define SYS_sched_rr_get_interval 161 +-#define SYS_nanosleep 162 +-#define SYS_mremap 163 +-#define SYS_setresuid 164 +-#define SYS_getresuid 165 +-#define SYS_poll 168 +-#define SYS_nfsservctl 169 +-#define SYS_setresgid 170 +-#define SYS_getresgid 171 +-#define SYS_prctl 172 +-#define SYS_rt_sigreturn 173 +-#define SYS_rt_sigaction 174 +-#define SYS_rt_sigprocmask 175 +-#define SYS_rt_sigpending 176 +-#define SYS_rt_sigtimedwait 177 +-#define SYS_rt_sigqueueinfo 178 +-#define SYS_rt_sigsuspend 179 +-#define SYS_pread64 180 +-#define SYS_pwrite64 181 +-#define SYS_chown 182 +-#define SYS_getcwd 183 +-#define SYS_capget 184 +-#define SYS_capset 185 +-#define SYS_sigaltstack 186 +-#define SYS_sendfile 187 +-#define SYS_vfork 190 +-#define SYS_ugetrlimit 191 +-#define SYS_mmap2 192 +-#define SYS_truncate64 193 +-#define SYS_ftruncate64 194 +-#define SYS_stat64 195 +-#define SYS_lstat64 196 +-#define SYS_fstat64 197 +-#define SYS_lchown32 198 +-#define SYS_getuid32 199 +-#define SYS_getgid32 200 +-#define SYS_geteuid32 201 +-#define SYS_getegid32 202 +-#define SYS_setreuid32 203 +-#define SYS_setregid32 204 +-#define SYS_getgroups32 205 +-#define SYS_setgroups32 206 +-#define SYS_fchown32 207 +-#define SYS_setresuid32 208 +-#define SYS_getresuid32 209 +-#define SYS_setresgid32 210 +-#define SYS_getresgid32 211 +-#define SYS_chown32 212 +-#define SYS_setuid32 213 +-#define SYS_setgid32 214 +-#define SYS_setfsuid32 215 +-#define SYS_setfsgid32 216 +-#define SYS_getdents64 217 +-#define SYS_pivot_root 218 +-#define SYS_mincore 219 +-#define SYS_madvise 220 +-#define SYS_fcntl64 221 +-#define SYS_gettid 224 +-#define SYS_readahead 225 +-#define SYS_setxattr 226 +-#define SYS_lsetxattr 227 +-#define SYS_fsetxattr 228 +-#define SYS_getxattr 229 +-#define SYS_lgetxattr 230 +-#define SYS_fgetxattr 231 +-#define SYS_listxattr 232 +-#define SYS_llistxattr 233 +-#define SYS_flistxattr 234 +-#define SYS_removexattr 235 +-#define SYS_lremovexattr 236 +-#define SYS_fremovexattr 237 +-#define SYS_tkill 238 +-#define SYS_sendfile64 239 +-#define SYS_futex 240 +-#define SYS_sched_setaffinity 241 +-#define SYS_sched_getaffinity 242 +-#define SYS_io_setup 243 +-#define SYS_io_destroy 244 +-#define SYS_io_getevents 245 +-#define SYS_io_submit 246 +-#define SYS_io_cancel 247 +-#define SYS_exit_group 248 +-#define SYS_lookup_dcookie 249 +-#define SYS_epoll_create 250 +-#define SYS_epoll_ctl 251 +-#define SYS_epoll_wait 252 +-#define SYS_remap_file_pages 253 +-#define SYS_set_tid_address 256 +-#define SYS_timer_create 257 +-#define SYS_timer_settime 258 +-#define SYS_timer_gettime 259 +-#define SYS_timer_getoverrun 260 +-#define SYS_timer_delete 261 +-#define SYS_clock_settime 262 +-#define SYS_clock_gettime 263 +-#define SYS_clock_getres 264 +-#define SYS_clock_nanosleep 265 +-#define SYS_statfs64 266 +-#define SYS_fstatfs64 267 +-#define SYS_tgkill 268 +-#define SYS_utimes 269 +-#define SYS_fadvise64_64 270 +-#define SYS_arm_fadvise64_64 270 +-#define SYS_pciconfig_iobase 271 +-#define SYS_pciconfig_read 272 +-#define SYS_pciconfig_write 273 +-#define SYS_mq_open 274 +-#define SYS_mq_unlink 275 +-#define SYS_mq_timedsend 276 +-#define SYS_mq_timedreceive 277 +-#define SYS_mq_notify 278 +-#define SYS_mq_getsetattr 279 +-#define SYS_waitid 280 +-#define SYS_socket 281 +-#define SYS_bind 282 +-#define SYS_connect 283 +-#define SYS_listen 284 +-#define SYS_accept 285 +-#define SYS_getsockname 286 +-#define SYS_getpeername 287 +-#define SYS_socketpair 288 +-#define SYS_send 289 +-#define SYS_sendto 290 +-#define SYS_recv 291 +-#define SYS_recvfrom 292 +-#define SYS_shutdown 293 +-#define SYS_setsockopt 294 +-#define SYS_getsockopt 295 +-#define SYS_sendmsg 296 +-#define SYS_recvmsg 297 +-#define SYS_semop 298 +-#define SYS_semget 299 +-#define SYS_semctl 300 +-#define SYS_msgsnd 301 +-#define SYS_msgrcv 302 +-#define SYS_msgget 303 +-#define SYS_msgctl 304 +-#define SYS_shmat 305 +-#define SYS_shmdt 306 +-#define SYS_shmget 307 +-#define SYS_shmctl 308 +-#define SYS_add_key 309 +-#define SYS_request_key 310 +-#define SYS_keyctl 311 +-#define SYS_semtimedop 312 +-#define SYS_vserver 313 +-#define SYS_ioprio_set 314 +-#define SYS_ioprio_get 315 +-#define SYS_inotify_init 316 +-#define SYS_inotify_add_watch 317 +-#define SYS_inotify_rm_watch 318 +-#define SYS_mbind 319 +-#define SYS_get_mempolicy 320 +-#define SYS_set_mempolicy 321 +-#define SYS_openat 322 +-#define SYS_mkdirat 323 +-#define SYS_mknodat 324 +-#define SYS_fchownat 325 +-#define SYS_futimesat 326 +-#define SYS_fstatat64 327 +-#define SYS_unlinkat 328 +-#define SYS_renameat 329 +-#define SYS_linkat 330 +-#define SYS_symlinkat 331 +-#define SYS_readlinkat 332 +-#define SYS_fchmodat 333 +-#define SYS_faccessat 334 +-#define SYS_pselect6 335 +-#define SYS_ppoll 336 +-#define SYS_unshare 337 +-#define SYS_set_robust_list 338 +-#define SYS_get_robust_list 339 +-#define SYS_splice 340 +-#define SYS_sync_file_range2 341 +-#define SYS_arm_sync_file_range 341 +-#define SYS_tee 342 +-#define SYS_vmsplice 343 +-#define SYS_move_pages 344 +-#define SYS_getcpu 345 +-#define SYS_epoll_pwait 346 +-#define SYS_kexec_load 347 +-#define SYS_utimensat 348 +-#define SYS_signalfd 349 +-#define SYS_timerfd_create 350 +-#define SYS_eventfd 351 +-#define SYS_fallocate 352 +-#define SYS_timerfd_settime 353 +-#define SYS_timerfd_gettime 354 +-#define SYS_signalfd4 355 +-#define SYS_eventfd2 356 +-#define SYS_epoll_create1 357 +-#define SYS_dup3 358 +-#define SYS_pipe2 359 +-#define SYS_inotify_init1 360 +-#define SYS_preadv 361 +-#define SYS_pwritev 362 +-#define SYS_rt_tgsigqueueinfo 363 +-#define SYS_perf_event_open 364 +-#define SYS_recvmmsg 365 +-#define SYS_accept4 366 +-#define SYS_fanotify_init 367 +-#define SYS_fanotify_mark 368 +-#define SYS_prlimit64 369 +-#define SYS_name_to_handle_at 370 +-#define SYS_open_by_handle_at 371 +-#define SYS_clock_adjtime 372 +-#define SYS_syncfs 373 +-#define SYS_sendmmsg 374 +-#define SYS_setns 375 +-#define SYS_process_vm_readv 376 +-#define SYS_process_vm_writev 377 +-#define SYS_kcmp 378 +-#define SYS_finit_module 379 +-#define SYS_sched_setattr 380 +-#define SYS_sched_getattr 381 +-#define SYS_renameat2 382 +-#define SYS_seccomp 383 +-#define SYS_getrandom 384 +-#define SYS_memfd_create 385 +-#define SYS_bpf 386 +-#define SYS_execveat 387 +-#define SYS_userfaultfd 388 +-#define SYS_membarrier 389 +-#define SYS_mlock2 390 +-#define SYS_copy_file_range 391 +-#define SYS_preadv2 392 +-#define SYS_pwritev2 393 +-#define SYS_pkey_mprotect 394 +-#define SYS_pkey_alloc 395 +-#define SYS_pkey_free 396 ++#define SYS_restart_syscall 0 ++#define SYS_exit 1 ++#define SYS_fork 2 ++#define SYS_read 3 ++#define SYS_write 4 ++#define SYS_open 5 ++#define SYS_close 6 ++#define SYS_creat 8 ++#define SYS_link 9 ++#define SYS_unlink 10 ++#define SYS_execve 11 ++#define SYS_chdir 12 ++#define SYS_mknod 14 ++#define SYS_chmod 15 ++#define SYS_lchown 16 ++#define SYS_lseek 19 ++#define SYS_getpid 20 ++#define SYS_mount 21 ++#define SYS_setuid 23 ++#define SYS_getuid 24 ++#define SYS_ptrace 26 ++#define SYS_pause 29 ++#define SYS_access 33 ++#define SYS_nice 34 ++#define SYS_sync 36 ++#define SYS_kill 37 ++#define SYS_rename 38 ++#define SYS_mkdir 39 ++#define SYS_rmdir 40 ++#define SYS_dup 41 ++#define SYS_pipe 42 ++#define SYS_times 43 ++#define SYS_brk 45 ++#define SYS_setgid 46 ++#define SYS_getgid 47 ++#define SYS_geteuid 49 ++#define SYS_getegid 50 ++#define SYS_acct 51 ++#define SYS_umount2 52 ++#define SYS_ioctl 54 ++#define SYS_fcntl 55 ++#define SYS_setpgid 57 ++#define SYS_umask 60 ++#define SYS_chroot 61 ++#define SYS_ustat 62 ++#define SYS_dup2 63 ++#define SYS_getppid 64 ++#define SYS_getpgrp 65 ++#define SYS_setsid 66 ++#define SYS_sigaction 67 ++#define SYS_setreuid 70 ++#define SYS_setregid 71 ++#define SYS_sigsuspend 72 ++#define SYS_sigpending 73 ++#define SYS_sethostname 74 ++#define SYS_setrlimit 75 ++#define SYS_getrusage 77 ++#define SYS_gettimeofday_time32 78 ++#define SYS_settimeofday_time32 79 ++#define SYS_getgroups 80 ++#define SYS_setgroups 81 ++#define SYS_symlink 83 ++#define SYS_readlink 85 ++#define SYS_uselib 86 ++#define SYS_swapon 87 ++#define SYS_reboot 88 ++#define SYS_munmap 91 ++#define SYS_truncate 92 ++#define SYS_ftruncate 93 ++#define SYS_fchmod 94 ++#define SYS_fchown 95 ++#define SYS_getpriority 96 ++#define SYS_setpriority 97 ++#define SYS_statfs 99 ++#define SYS_fstatfs 100 ++#define SYS_syslog 103 ++#define SYS_setitimer 104 ++#define SYS_getitimer 105 ++#define SYS_stat 106 ++#define SYS_lstat 107 ++#define SYS_fstat 108 ++#define SYS_vhangup 111 ++#define SYS_wait4 114 ++#define SYS_swapoff 115 ++#define SYS_sysinfo 116 ++#define SYS_fsync 118 ++#define SYS_sigreturn 119 ++#define SYS_clone 120 ++#define SYS_setdomainname 121 ++#define SYS_uname 122 ++#define SYS_adjtimex 124 ++#define SYS_mprotect 125 ++#define SYS_sigprocmask 126 ++#define SYS_init_module 128 ++#define SYS_delete_module 129 ++#define SYS_quotactl 131 ++#define SYS_getpgid 132 ++#define SYS_fchdir 133 ++#define SYS_bdflush 134 ++#define SYS_sysfs 135 ++#define SYS_personality 136 ++#define SYS_setfsuid 138 ++#define SYS_setfsgid 139 ++#define SYS__llseek 140 ++#define SYS_getdents 141 ++#define SYS__newselect 142 ++#define SYS_flock 143 ++#define SYS_msync 144 ++#define SYS_readv 145 ++#define SYS_writev 146 ++#define SYS_getsid 147 ++#define SYS_fdatasync 148 ++#define SYS__sysctl 149 ++#define SYS_mlock 150 ++#define SYS_munlock 151 ++#define SYS_mlockall 152 ++#define SYS_munlockall 153 ++#define SYS_sched_setparam 154 ++#define SYS_sched_getparam 155 ++#define SYS_sched_setscheduler 156 ++#define SYS_sched_getscheduler 157 ++#define SYS_sched_yield 158 ++#define SYS_sched_get_priority_max 159 ++#define SYS_sched_get_priority_min 160 ++#define SYS_sched_rr_get_interval 161 ++#define SYS_nanosleep 162 ++#define SYS_mremap 163 ++#define SYS_setresuid 164 ++#define SYS_getresuid 165 ++#define SYS_poll 168 ++#define SYS_nfsservctl 169 ++#define SYS_setresgid 170 ++#define SYS_getresgid 171 ++#define SYS_prctl 172 ++#define SYS_rt_sigreturn 173 ++#define SYS_rt_sigaction 174 ++#define SYS_rt_sigprocmask 175 ++#define SYS_rt_sigpending 176 ++#define SYS_rt_sigtimedwait 177 ++#define SYS_rt_sigqueueinfo 178 ++#define SYS_rt_sigsuspend 179 ++#define SYS_pread64 180 ++#define SYS_pwrite64 181 ++#define SYS_chown 182 ++#define SYS_getcwd 183 ++#define SYS_capget 184 ++#define SYS_capset 185 ++#define SYS_sigaltstack 186 ++#define SYS_sendfile 187 ++#define SYS_vfork 190 ++#define SYS_ugetrlimit 191 ++#define SYS_mmap2 192 ++#define SYS_truncate64 193 ++#define SYS_ftruncate64 194 ++#define SYS_stat64 195 ++#define SYS_lstat64 196 ++#define SYS_fstat64 197 ++#define SYS_lchown32 198 ++#define SYS_getuid32 199 ++#define SYS_getgid32 200 ++#define SYS_geteuid32 201 ++#define SYS_getegid32 202 ++#define SYS_setreuid32 203 ++#define SYS_setregid32 204 ++#define SYS_getgroups32 205 ++#define SYS_setgroups32 206 ++#define SYS_fchown32 207 ++#define SYS_setresuid32 208 ++#define SYS_getresuid32 209 ++#define SYS_setresgid32 210 ++#define SYS_getresgid32 211 ++#define SYS_chown32 212 ++#define SYS_setuid32 213 ++#define SYS_setgid32 214 ++#define SYS_setfsuid32 215 ++#define SYS_setfsgid32 216 ++#define SYS_getdents64 217 ++#define SYS_pivot_root 218 ++#define SYS_mincore 219 ++#define SYS_madvise 220 ++#define SYS_fcntl64 221 ++#define SYS_gettid 224 ++#define SYS_readahead 225 ++#define SYS_setxattr 226 ++#define SYS_lsetxattr 227 ++#define SYS_fsetxattr 228 ++#define SYS_getxattr 229 ++#define SYS_lgetxattr 230 ++#define SYS_fgetxattr 231 ++#define SYS_listxattr 232 ++#define SYS_llistxattr 233 ++#define SYS_flistxattr 234 ++#define SYS_removexattr 235 ++#define SYS_lremovexattr 236 ++#define SYS_fremovexattr 237 ++#define SYS_tkill 238 ++#define SYS_sendfile64 239 ++#define SYS_futex 240 ++#define SYS_sched_setaffinity 241 ++#define SYS_sched_getaffinity 242 ++#define SYS_io_setup 243 ++#define SYS_io_destroy 244 ++#define SYS_io_getevents 245 ++#define SYS_io_submit 246 ++#define SYS_io_cancel 247 ++#define SYS_exit_group 248 ++#define SYS_lookup_dcookie 249 ++#define SYS_epoll_create 250 ++#define SYS_epoll_ctl 251 ++#define SYS_epoll_wait 252 ++#define SYS_remap_file_pages 253 ++#define SYS_set_tid_address 256 ++#define SYS_timer_create 257 ++#define SYS_timer_settime32 258 ++#define SYS_timer_gettime32 259 ++#define SYS_timer_getoverrun 260 ++#define SYS_timer_delete 261 ++#define SYS_clock_settime32 262 ++#define SYS_clock_gettime32 263 ++#define SYS_clock_getres_time32 264 ++#define SYS_clock_nanosleep_time32 265 ++#define SYS_statfs64 266 ++#define SYS_fstatfs64 267 ++#define SYS_tgkill 268 ++#define SYS_utimes 269 ++#define SYS_fadvise64_64 270 ++#define SYS_arm_fadvise64_64 270 ++#define SYS_pciconfig_iobase 271 ++#define SYS_pciconfig_read 272 ++#define SYS_pciconfig_write 273 ++#define SYS_mq_open 274 ++#define SYS_mq_unlink 275 ++#define SYS_mq_timedsend 276 ++#define SYS_mq_timedreceive 277 ++#define SYS_mq_notify 278 ++#define SYS_mq_getsetattr 279 ++#define SYS_waitid 280 ++#define SYS_socket 281 ++#define SYS_bind 282 ++#define SYS_connect 283 ++#define SYS_listen 284 ++#define SYS_accept 285 ++#define SYS_getsockname 286 ++#define SYS_getpeername 287 ++#define SYS_socketpair 288 ++#define SYS_send 289 ++#define SYS_sendto 290 ++#define SYS_recv 291 ++#define SYS_recvfrom 292 ++#define SYS_shutdown 293 ++#define SYS_setsockopt 294 ++#define SYS_getsockopt 295 ++#define SYS_sendmsg 296 ++#define SYS_recvmsg 297 ++#define SYS_semop 298 ++#define SYS_semget 299 ++#define SYS_semctl 300 ++#define SYS_msgsnd 301 ++#define SYS_msgrcv 302 ++#define SYS_msgget 303 ++#define SYS_msgctl 304 ++#define SYS_shmat 305 ++#define SYS_shmdt 306 ++#define SYS_shmget 307 ++#define SYS_shmctl 308 ++#define SYS_add_key 309 ++#define SYS_request_key 310 ++#define SYS_keyctl 311 ++#define SYS_semtimedop 312 ++#define SYS_vserver 313 ++#define SYS_ioprio_set 314 ++#define SYS_ioprio_get 315 ++#define SYS_inotify_init 316 ++#define SYS_inotify_add_watch 317 ++#define SYS_inotify_rm_watch 318 ++#define SYS_mbind 319 ++#define SYS_get_mempolicy 320 ++#define SYS_set_mempolicy 321 ++#define SYS_openat 322 ++#define SYS_mkdirat 323 ++#define SYS_mknodat 324 ++#define SYS_fchownat 325 ++#define SYS_futimesat 326 ++#define SYS_fstatat64 327 ++#define SYS_unlinkat 328 ++#define SYS_renameat 329 ++#define SYS_linkat 330 ++#define SYS_symlinkat 331 ++#define SYS_readlinkat 332 ++#define SYS_fchmodat 333 ++#define SYS_faccessat 334 ++#define SYS_pselect6 335 ++#define SYS_ppoll 336 ++#define SYS_unshare 337 ++#define SYS_set_robust_list 338 ++#define SYS_get_robust_list 339 ++#define SYS_splice 340 ++#define SYS_sync_file_range2 341 ++#define SYS_arm_sync_file_range 341 ++#define SYS_tee 342 ++#define SYS_vmsplice 343 ++#define SYS_move_pages 344 ++#define SYS_getcpu 345 ++#define SYS_epoll_pwait 346 ++#define SYS_kexec_load 347 ++#define SYS_utimensat 348 ++#define SYS_signalfd 349 ++#define SYS_timerfd_create 350 ++#define SYS_eventfd 351 ++#define SYS_fallocate 352 ++#define SYS_timerfd_settime32 353 ++#define SYS_timerfd_gettime32 354 ++#define SYS_signalfd4 355 ++#define SYS_eventfd2 356 ++#define SYS_epoll_create1 357 ++#define SYS_dup3 358 ++#define SYS_pipe2 359 ++#define SYS_inotify_init1 360 ++#define SYS_preadv 361 ++#define SYS_pwritev 362 ++#define SYS_rt_tgsigqueueinfo 363 ++#define SYS_perf_event_open 364 ++#define SYS_recvmmsg 365 ++#define SYS_accept4 366 ++#define SYS_fanotify_init 367 ++#define SYS_fanotify_mark 368 ++#define SYS_prlimit64 369 ++#define SYS_name_to_handle_at 370 ++#define SYS_open_by_handle_at 371 ++#define SYS_clock_adjtime 372 ++#define SYS_syncfs 373 ++#define SYS_sendmmsg 374 ++#define SYS_setns 375 ++#define SYS_process_vm_readv 376 ++#define SYS_process_vm_writev 377 ++#define SYS_kcmp 378 ++#define SYS_finit_module 379 ++#define SYS_sched_setattr 380 ++#define SYS_sched_getattr 381 ++#define SYS_renameat2 382 ++#define SYS_seccomp 383 ++#define SYS_getrandom 384 ++#define SYS_memfd_create 385 ++#define SYS_bpf 386 ++#define SYS_execveat 387 ++#define SYS_userfaultfd 388 ++#define SYS_membarrier 389 ++#define SYS_mlock2 390 ++#define SYS_copy_file_range 391 ++#define SYS_preadv2 392 ++#define SYS_pwritev2 393 ++#define SYS_pkey_mprotect 394 ++#define SYS_pkey_alloc 395 ++#define SYS_pkey_free 396 ++#define SYS_statx 397 ++#define SYS_rseq 398 ++#define SYS_io_pgetevents 399 ++#define SYS_migrate_pages 400 ++#define SYS_kexec_file_load 401 ++#define SYS_clock_gettime64 403 ++#define SYS_clock_settime64 404 ++#define SYS_clock_adjtime64 405 ++#define SYS_clock_getres_time64 406 ++#define SYS_clock_nanosleep_time64 407 ++#define SYS_timer_gettime64 408 ++#define SYS_timer_settime64 409 ++#define SYS_timerfd_gettime64 410 ++#define SYS_timerfd_settime64 411 ++#define SYS_utimensat_time64 412 ++#define SYS_pselect6_time64 413 ++#define SYS_ppoll_time64 414 ++#define SYS_io_pgetevents_time64 416 ++#define SYS_recvmmsg_time64 417 ++#define SYS_mq_timedsend_time64 418 ++#define SYS_mq_timedreceive_time64 419 ++#define SYS_semtimedop_time64 420 ++#define SYS_rt_sigtimedwait_time64 421 ++#define SYS_futex_time64 422 ++#define SYS_sched_rr_get_interval_time64 423 ++#define SYS_pidfd_send_signal 424 ++#define SYS_io_uring_setup 425 ++#define SYS_io_uring_enter 426 ++#define SYS_io_uring_register 427 ++#define SYS_open_tree 428 ++#define SYS_move_mount 429 ++#define SYS_fsopen 430 ++#define SYS_fsconfig 431 ++#define SYS_fsmount 432 ++#define SYS_fspick 433 ++#define SYS_pidfd_open 434 ++#define SYS_clone3 435 ++#define SYS_close_range 436 ++#define SYS_openat2 437 ++#define SYS_pidfd_getfd 438 ++#define SYS_faccessat2 439 ++#define SYS_process_madvise 440 ++#define SYS_epoll_pwait2 441 ++#define SYS_mount_setattr 442 ++#define SYS_landlock_create_ruleset 444 ++#define SYS_landlock_add_rule 445 ++#define SYS_landlock_restrict_self 446 +diff --git a/thirdparty/open_source/musl/libc/arch/arm/crt_arch.h b/thirdparty/open_source/musl/libc/arch/arm/crt_arch.h +new file mode 100644 +index 0000000..42e9a26 +--- /dev/null ++++ b/thirdparty/open_source/musl/libc/arch/arm/crt_arch.h +@@ -0,0 +1,27 @@ ++#ifndef ARM_CRT_ARCH_H ++#define ARM_CRT_ARCH_H ++ ++__asm__( ++".text\n" ++".global " START "\n" ++".type " START ",%function\n" ++START ": \n" ++" mov fp, #0\n" ++" mov lr, #0\n" ++" ldr r5, [r0, #8]\n" /* paratbl */ ++/* Little-endian */ ++" str r1, [r5, #20]\n" /* PT_ZERO1 */ ++" str r2, [r5, #24]\n" /* PT_ZERO2 */ ++" ldr r1, 1f\n" ++" add r1, pc, r1\n" ++" mov r5, sp\n" ++"2: and r5, r5, #-16\n" ++" mov sp, r5\n" ++" bl " START "_c\n" ++".weak _DYNAMIC\n" ++".hidden _DYNAMIC\n" ++".align 2\n" ++"1: .word _DYNAMIC-2b\n" ++); ++ ++#endif +\ No newline at end of file +diff --git a/thirdparty/open_source/musl/libc/arch/generic/bits/fcntl.h b/thirdparty/open_source/musl/libc/arch/generic/bits/fcntl.h +index ae233cc..730a98c 100644 +--- a/thirdparty/open_source/musl/libc/arch/generic/bits/fcntl.h ++++ b/thirdparty/open_source/musl/libc/arch/generic/bits/fcntl.h +@@ -30,9 +30,15 @@ + #define F_SETSIG 10 + #define F_GETSIG 11 + ++#if __LONG_MAX == 0x7fffffffL + #define F_GETLK 12 + #define F_SETLK 13 + #define F_SETLKW 14 ++#else ++#define F_GETLK 5 ++#define F_SETLK 6 ++#define F_SETLKW 7 ++#endif + + #define F_SETOWN_EX 15 + #define F_GETOWN_EX 16 +diff --git a/thirdparty/open_source/musl/libc/arch/generic/bits/shm.h b/thirdparty/open_source/musl/libc/arch/generic/bits/shm.h +index 8d19378..da07a2a 100644 +--- a/thirdparty/open_source/musl/libc/arch/generic/bits/shm.h ++++ b/thirdparty/open_source/musl/libc/arch/generic/bits/shm.h +@@ -1,4 +1,4 @@ +-#define SHMLBA 4096 ++#define SHMLBA (4*4096) + + struct shmid_ds { + struct ipc_perm shm_perm; +diff --git a/thirdparty/open_source/musl/libc/arpa/inet.h b/thirdparty/open_source/musl/libc/arpa/inet.h +index 37f8c11..9d20a15 100644 +--- a/thirdparty/open_source/musl/libc/arpa/inet.h ++++ b/thirdparty/open_source/musl/libc/arpa/inet.h +@@ -24,11 +24,6 @@ struct in_addr inet_makeaddr(in_addr_t, in_addr_t); + in_addr_t inet_lnaof(struct in_addr); + in_addr_t inet_netof(struct in_addr); + +-#undef INET_ADDRSTRLEN +-#undef INET6_ADDRSTRLEN +-#define INET_ADDRSTRLEN 16 +-#define INET6_ADDRSTRLEN 46 +- + #ifdef __cplusplus + } + #endif +diff --git a/thirdparty/open_source/musl/libc/ctype.h b/thirdparty/open_source/musl/libc/ctype.h +index 7936536..fe72b3f 100644 +--- a/thirdparty/open_source/musl/libc/ctype.h ++++ b/thirdparty/open_source/musl/libc/ctype.h +@@ -64,7 +64,14 @@ int isascii(int); + int toascii(int); + #define _tolower(a) ((a)|0x20) + #define _toupper(a) ((a)&0x5f) ++#ifndef __cplusplus + #define isascii(a) (0 ? isascii(a) : (unsigned)(a) < 128) ++#endif ++ ++#include ++ ++const int32_t **__ctype_tolower_loc(void); ++const int32_t **__ctype_toupper_loc(void); + + #endif + +diff --git a/thirdparty/open_source/musl/libc/elf.h b/thirdparty/open_source/musl/libc/elf.h +index 549f92c..86e2f0b 100644 +--- a/thirdparty/open_source/musl/libc/elf.h ++++ b/thirdparty/open_source/musl/libc/elf.h +@@ -603,6 +603,7 @@ typedef struct { + #define PT_GNU_EH_FRAME 0x6474e550 + #define PT_GNU_STACK 0x6474e551 + #define PT_GNU_RELRO 0x6474e552 ++#define PT_GNU_PROPERTY 0x6474e553 + #define PT_LOSUNW 0x6ffffffa + #define PT_SUNWBSS 0x6ffffffa + #define PT_SUNWSTACK 0x6ffffffb +@@ -685,6 +686,8 @@ typedef struct { + #define NT_ARM_PAC_MASK 0x406 + #define NT_ARM_PACA_KEYS 0x407 + #define NT_ARM_PACG_KEYS 0x408 ++#define NT_ARM_TAGGED_ADDR_CTRL 0x409 ++#define NT_ARM_PAC_ENABLED_KEYS 0x40a + #define NT_METAG_CBUF 0x500 + #define NT_METAG_RPIPE 0x501 + #define NT_METAG_TLS 0x502 +@@ -1085,6 +1088,7 @@ typedef struct { + + #define NT_GNU_BUILD_ID 3 + #define NT_GNU_GOLD_VERSION 4 ++#define NT_GNU_PROPERTY_TYPE_0 5 + + + +diff --git a/thirdparty/open_source/musl/libc/float.h b/thirdparty/open_source/musl/libc/float.h +new file mode 100644 +index 0000000..713aadb +--- /dev/null ++++ b/thirdparty/open_source/musl/libc/float.h +@@ -0,0 +1,52 @@ ++#ifndef _FLOAT_H ++#define _FLOAT_H ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++int __flt_rounds(void); ++#define FLT_ROUNDS (__flt_rounds()) ++ ++#define FLT_RADIX 2 ++ ++#define FLT_TRUE_MIN 1.40129846432481707092e-45F ++#define FLT_MIN 1.17549435082228750797e-38F ++#define FLT_MAX 3.40282346638528859812e+38F ++#define FLT_EPSILON 1.1920928955078125e-07F ++ ++#define FLT_MANT_DIG 24 ++#define FLT_MIN_EXP (-125) ++#define FLT_MAX_EXP 128 ++#define FLT_HAS_SUBNORM 1 ++ ++#define FLT_DIG 6 ++#define FLT_DECIMAL_DIG 9 ++#define FLT_MIN_10_EXP (-37) ++#define FLT_MAX_10_EXP 38 ++ ++#define DBL_TRUE_MIN 4.94065645841246544177e-324 ++#define DBL_MIN 2.22507385850720138309e-308 ++#define DBL_MAX 1.79769313486231570815e+308 ++#define DBL_EPSILON 2.22044604925031308085e-16 ++ ++#define DBL_MANT_DIG 53 ++#define DBL_MIN_EXP (-1021) ++#define DBL_MAX_EXP 1024 ++#define DBL_HAS_SUBNORM 1 ++ ++#define DBL_DIG 15 ++#define DBL_DECIMAL_DIG 17 ++#define DBL_MIN_10_EXP (-307) ++#define DBL_MAX_10_EXP 308 ++ ++#define LDBL_HAS_SUBNORM 1 ++#define LDBL_DECIMAL_DIG DECIMAL_DIG ++ ++#include ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif +diff --git a/thirdparty/open_source/musl/libc/limits.h b/thirdparty/open_source/musl/libc/limits.h +index c9794bb..53a27b9 100644 +--- a/thirdparty/open_source/musl/libc/limits.h ++++ b/thirdparty/open_source/musl/libc/limits.h +@@ -37,6 +37,8 @@ + #if defined(_POSIX_SOURCE) || defined(_POSIX_C_SOURCE) \ + || defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) || defined(_BSD_SOURCE) + ++#include ++ + #define PIPE_BUF 4096 + #define FILESIZEBITS 64 + #ifndef NAME_MAX +diff --git a/thirdparty/open_source/musl/libc/locale.h b/thirdparty/open_source/musl/libc/locale.h +index ce38438..11106fe 100644 +--- a/thirdparty/open_source/musl/libc/locale.h ++++ b/thirdparty/open_source/musl/libc/locale.h +@@ -7,7 +7,9 @@ extern "C" { + + #include + +-#ifdef __cplusplus ++#if __cplusplus >= 201103L ++#define NULL nullptr ++#elif defined(__cplusplus) + #define NULL 0L + #else + #define NULL ((void*)0) +diff --git a/thirdparty/open_source/musl/libc/netinet/in.h b/thirdparty/open_source/musl/libc/netinet/in.h +index 5b8b21e..fb628b6 100644 +--- a/thirdparty/open_source/musl/libc/netinet/in.h ++++ b/thirdparty/open_source/musl/libc/netinet/in.h +@@ -48,6 +48,7 @@ struct ipv6_mreq { + #define INADDR_BROADCAST ((in_addr_t) 0xffffffff) + #define INADDR_NONE ((in_addr_t) 0xffffffff) + #define INADDR_LOOPBACK ((in_addr_t) 0x7f000001) ++#define INADDR_DUMMY ((in_addr_t) 0xc0000008) + + #define INADDR_UNSPEC_GROUP ((in_addr_t) 0xe0000000) + #define INADDR_ALLHOSTS_GROUP ((in_addr_t) 0xe0000001) +@@ -60,8 +61,6 @@ struct ipv6_mreq { + + extern const struct in6_addr in6addr_any, in6addr_loopback; + +-#undef INET_ADDRSTRLEN +-#undef INET6_ADDRSTRLEN + #define INET_ADDRSTRLEN 16 + #define INET6_ADDRSTRLEN 46 + +@@ -103,8 +102,10 @@ uint16_t ntohs(uint16_t); + #define IPPROTO_MH 135 + #define IPPROTO_UDPLITE 136 + #define IPPROTO_MPLS 137 ++#define IPPROTO_ETHERNET 143 + #define IPPROTO_RAW 255 +-#define IPPROTO_MAX 256 ++#define IPPROTO_MPTCP 262 ++#define IPPROTO_MAX 263 + + #define IN6_IS_ADDR_UNSPECIFIED(a) \ + (((uint32_t *) (a))[0] == 0 && ((uint32_t *) (a))[1] == 0 && \ +@@ -202,6 +203,7 @@ uint16_t ntohs(uint16_t); + #define IP_CHECKSUM 23 + #define IP_BIND_ADDRESS_NO_PORT 24 + #define IP_RECVFRAGSIZE 25 ++#define IP_RECVERR_RFC4884 26 + #define IP_MULTICAST_IF 32 + #define IP_MULTICAST_TTL 33 + #define IP_MULTICAST_LOOP 34 +diff --git a/thirdparty/open_source/musl/libc/netinet/tcp.h b/thirdparty/open_source/musl/libc/netinet/tcp.h +index 44a007a..fad1d84 100644 +--- a/thirdparty/open_source/musl/libc/netinet/tcp.h ++++ b/thirdparty/open_source/musl/libc/netinet/tcp.h +@@ -78,6 +78,10 @@ enum { + TCP_NLA_DSACK_DUPS, + TCP_NLA_REORD_SEEN, + TCP_NLA_SRTT, ++ TCP_NLA_TIMEOUT_REHASH, ++ TCP_NLA_BYTES_NOTSENT, ++ TCP_NLA_EDT, ++ TCP_NLA_TTL, + }; + + #if defined(_GNU_SOURCE) || defined(_BSD_SOURCE) +@@ -181,6 +185,13 @@ struct tcphdr { + #define TCP_CA_Recovery 3 + #define TCP_CA_Loss 4 + ++enum tcp_fastopen_client_fail { ++ TFO_STATUS_UNSPEC, ++ TFO_COOKIE_UNAVAILABLE, ++ TFO_DATA_NOT_ACKED, ++ TFO_SYN_RETRANSMITTED, ++}; ++ + struct tcp_info { + uint8_t tcpi_state; + uint8_t tcpi_ca_state; +@@ -189,7 +200,7 @@ struct tcp_info { + uint8_t tcpi_backoff; + uint8_t tcpi_options; + uint8_t tcpi_snd_wscale : 4, tcpi_rcv_wscale : 4; +- uint8_t tcpi_delivery_rate_app_limited : 1; ++ uint8_t tcpi_delivery_rate_app_limited : 1, tcpi_fastopen_client_fail : 2; + uint32_t tcpi_rto; + uint32_t tcpi_ato; + uint32_t tcpi_snd_mss; +@@ -240,14 +251,15 @@ struct tcp_info { + + #define TCP_MD5SIG_MAXKEYLEN 80 + +-#define TCP_MD5SIG_FLAG_PREFIX 1 ++#define TCP_MD5SIG_FLAG_PREFIX 0x1 ++#define TCP_MD5SIG_FLAG_IFINDEX 0x2 + + struct tcp_md5sig { + struct sockaddr_storage tcpm_addr; + uint8_t tcpm_flags; + uint8_t tcpm_prefixlen; + uint16_t tcpm_keylen; +- uint32_t __tcpm_pad; ++ int tcpm_ifindex; + uint8_t tcpm_key[TCP_MD5SIG_MAXKEYLEN]; + }; + +@@ -271,10 +283,21 @@ struct tcp_repair_window { + uint32_t rcv_wup; + }; + ++#define TCP_RECEIVE_ZEROCOPY_FLAG_TLB_CLEAN_HINT 0x1 ++ + struct tcp_zerocopy_receive { + uint64_t address; + uint32_t length; + uint32_t recv_skip_hint; ++ uint32_t inq; ++ int32_t err; ++ uint64_t copybuf_address; ++ int32_t copybuf_len; ++ uint32_t flags; ++ uint64_t msg_control; ++ uint64_t msg_controllen; ++ uint32_t msg_flags; ++ uint32_t reserved; + }; + + #endif +diff --git a/thirdparty/open_source/musl/libc/nl_types.h b/thirdparty/open_source/musl/libc/nl_types.h +new file mode 100644 +index 0000000..7c2d48e +--- /dev/null ++++ b/thirdparty/open_source/musl/libc/nl_types.h +@@ -0,0 +1,22 @@ ++#ifndef _NL_TYPES_H ++#define _NL_TYPES_H ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++#define NL_SETD 1 ++#define NL_CAT_LOCALE 1 ++ ++typedef int nl_item; ++typedef void *nl_catd; ++ ++nl_catd catopen (const char *, int); ++char *catgets (nl_catd, int, int, const char *); ++int catclose (nl_catd); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif +diff --git a/thirdparty/open_source/musl/libc/pthread.h b/thirdparty/open_source/musl/libc/pthread.h +index 22120b0..77f0017 100644 +--- a/thirdparty/open_source/musl/libc/pthread.h ++++ b/thirdparty/open_source/musl/libc/pthread.h +@@ -6,6 +6,24 @@ extern "C" { + + #include + ++/* Musl did not provide the "owner" marco directly, ++ * so users can not access the mutex-owner-ID. ++ * Thus we added this macro for getting the owner-ID ++ * of the mutex. */ ++#define MUTEX_OWNER (__u.__vi[1] & 0x7fffffff) ++ ++/* These macros provides macros for accessing inner ++ * attributes of the pthread_mutex_t struct. ++ * It is intened for solving the compiling failure ++ * of Dopra codes which claims that .__data.* realm ++ * can not be found in pthread_mutex_t. */ ++#define MUTEX_TYPE __u.__i[0] ++#define MUTEX_LOCK __u.__vi[1] ++#define MUTEX_WAITERS __u.__vi[2] ++#define MUTEX_PREV __u.__p[3] ++#define MUTEX_NEXT __u.__p[4] ++#define MUTEX_COUNT __u.__i[5] ++ + #define __NEED_time_t + #define __NEED_clockid_t + #define __NEED_struct_timespec +@@ -76,6 +94,9 @@ extern "C" { + #define PTHREAD_BARRIER_SERIAL_THREAD (-1) + + ++#define PTHREAD_NULL ((pthread_t)0) ++ ++ + int pthread_create(pthread_t *__restrict, const pthread_attr_t *__restrict, void *(*)(void *), void *__restrict); + int pthread_detach(pthread_t); + _Noreturn void pthread_exit(void *); +@@ -221,6 +242,7 @@ int pthread_getaffinity_np(pthread_t, size_t, struct cpu_set_t *); + int pthread_setaffinity_np(pthread_t, size_t, const struct cpu_set_t *); + int pthread_getattr_np(pthread_t, pthread_attr_t *); + int pthread_setname_np(pthread_t, const char *); ++int pthread_getname_np(pthread_t, char *, size_t); + int pthread_getattr_default_np(pthread_attr_t *); + int pthread_setattr_default_np(const pthread_attr_t *); + int pthread_tryjoin_np(pthread_t, void **); +diff --git a/thirdparty/open_source/musl/libc/sched.h b/thirdparty/open_source/musl/libc/sched.h +index 822f464..fda4b48 100644 +--- a/thirdparty/open_source/musl/libc/sched.h ++++ b/thirdparty/open_source/musl/libc/sched.h +@@ -49,6 +49,7 @@ int sched_yield(void); + + #ifdef _GNU_SOURCE + #define CSIGNAL 0x000000ff ++#define CLONE_NEWTIME 0x00000080 + #define CLONE_VM 0x00000100 + #define CLONE_FS 0x00000200 + #define CLONE_FILES 0x00000400 +diff --git a/thirdparty/open_source/musl/libc/setjmp.h b/thirdparty/open_source/musl/libc/setjmp.h +index 2d43abf..1976af2 100644 +--- a/thirdparty/open_source/musl/libc/setjmp.h ++++ b/thirdparty/open_source/musl/libc/setjmp.h +@@ -15,25 +15,33 @@ typedef struct __jmp_buf_tag { + unsigned long __ss[128/sizeof(long)]; + } jmp_buf[1]; + ++#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 1) ++#define __setjmp_attr __attribute__((__returns_twice__)) ++#else ++#define __setjmp_attr ++#endif ++ + #if defined(_POSIX_SOURCE) || defined(_POSIX_C_SOURCE) \ + || defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) \ + || defined(_BSD_SOURCE) + typedef jmp_buf sigjmp_buf; +-int sigsetjmp (sigjmp_buf, int); ++int sigsetjmp (sigjmp_buf, int) __setjmp_attr; + _Noreturn void siglongjmp (sigjmp_buf, int); + #endif + + #if defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) \ + || defined(_BSD_SOURCE) +-int _setjmp (jmp_buf); ++int _setjmp (jmp_buf) __setjmp_attr; + _Noreturn void _longjmp (jmp_buf, int); + #endif + +-int setjmp (jmp_buf); ++int setjmp (jmp_buf) __setjmp_attr; + _Noreturn void longjmp (jmp_buf, int); + + #define setjmp setjmp + ++#undef __setjmp_attr ++ + #ifdef __cplusplus + } + #endif +diff --git a/thirdparty/open_source/musl/libc/signal.h b/thirdparty/open_source/musl/libc/signal.h +index fbdf667..c347f86 100644 +--- a/thirdparty/open_source/musl/libc/signal.h ++++ b/thirdparty/open_source/musl/libc/signal.h +@@ -75,6 +75,8 @@ typedef struct sigaltstack stack_t; + #define SEGV_ACCERR 2 + #define SEGV_BNDERR 3 + #define SEGV_PKUERR 4 ++#define SEGV_MTEAERR 8 ++#define SEGV_MTESERR 9 + + #define BUS_ADRALN 1 + #define BUS_ADRERR 2 +@@ -176,18 +178,31 @@ struct sigaction { + #define sa_handler __sa_handler.sa_handler + #define sa_sigaction __sa_handler.sa_sigaction + ++#define SA_UNSUPPORTED 0x00000400 ++#define SA_EXPOSE_TAGBITS 0x00000800 ++ + struct sigevent { + union sigval sigev_value; + int sigev_signo; + int sigev_notify; +- void (*sigev_notify_function)(union sigval); +- pthread_attr_t *sigev_notify_attributes; +- char __pad[56-3*sizeof(long)]; ++ union { ++ char __pad[64 - 2*sizeof(int) - sizeof(union sigval)]; ++ pid_t sigev_notify_thread_id; ++ struct { ++ void (*sigev_notify_function)(union sigval); ++ pthread_attr_t *sigev_notify_attributes; ++ } __sev_thread; ++ } __sev_fields; + }; + ++#define sigev_notify_thread_id __sev_fields.sigev_notify_thread_id ++#define sigev_notify_function __sev_fields.__sev_thread.sigev_notify_function ++#define sigev_notify_attributes __sev_fields.__sev_thread.sigev_notify_attributes ++ + #define SIGEV_SIGNAL 0 + #define SIGEV_NONE 1 + #define SIGEV_THREAD 2 ++#define SIGEV_THREAD_ID 4 + + int __libc_current_sigrtmin(void); + int __libc_current_sigrtmax(void); +@@ -249,6 +264,9 @@ void (*sigset(int, void (*)(int)))(int); + #if defined(_BSD_SOURCE) || defined(_GNU_SOURCE) + #define NSIG _NSIG + typedef void (*sig_t)(int); ++ ++#define SYS_SECCOMP 1 ++#define SYS_USER_DISPATCH 2 + #endif + + #ifdef _GNU_SOURCE +diff --git a/thirdparty/open_source/musl/libc/stddef.h b/thirdparty/open_source/musl/libc/stddef.h +index 4a914ee..f25b863 100644 +--- a/thirdparty/open_source/musl/libc/stddef.h ++++ b/thirdparty/open_source/musl/libc/stddef.h +@@ -1,13 +1,13 @@ + #ifndef _STDDEF_H + #define _STDDEF_H + +-#ifndef NULL +-#ifdef __cplusplus ++#if __cplusplus >= 201103L ++#define NULL nullptr ++#elif defined(__cplusplus) + #define NULL 0L + #else + #define NULL ((void*)0) + #endif +-#endif + + #define __NEED_ptrdiff_t + #define __NEED_size_t +diff --git a/thirdparty/open_source/musl/libc/stdio.h b/thirdparty/open_source/musl/libc/stdio.h +index 3604198..d1ed01f 100644 +--- a/thirdparty/open_source/musl/libc/stdio.h ++++ b/thirdparty/open_source/musl/libc/stdio.h +@@ -25,7 +25,9 @@ extern "C" { + + #include + +-#ifdef __cplusplus ++#if __cplusplus >= 201103L ++#define NULL nullptr ++#elif defined(__cplusplus) + #define NULL 0L + #else + #define NULL ((void*)0) +diff --git a/thirdparty/open_source/musl/libc/stdlib.h b/thirdparty/open_source/musl/libc/stdlib.h +index 194c203..622002d 100644 +--- a/thirdparty/open_source/musl/libc/stdlib.h ++++ b/thirdparty/open_source/musl/libc/stdlib.h +@@ -7,7 +7,9 @@ extern "C" { + + #include + +-#ifdef __cplusplus ++#if __cplusplus >= 201103L ++#define NULL nullptr ++#elif defined(__cplusplus) + #define NULL 0L + #else + #define NULL ((void*)0) +@@ -36,6 +38,7 @@ int rand (void); + void srand (unsigned); + + void *malloc (size_t); ++void *malloc_coherent(size_t n); + void *calloc (size_t, size_t); + void *realloc (void *, size_t); + void free (void *); +@@ -145,6 +148,8 @@ int getloadavg(double *, int); + int clearenv(void); + #define WCOREDUMP(s) ((s) & 0x80) + #define WIFCONTINUED(s) ((s) == 0xffff) ++void *reallocarray (void *, size_t, size_t); ++void qsort_r (void *, size_t, size_t, int (*)(const void *, const void *, void *), void *); + #endif + + #ifdef _GNU_SOURCE +diff --git a/thirdparty/open_source/musl/libc/string.h b/thirdparty/open_source/musl/libc/string.h +index 795a2ab..43ad094 100644 +--- a/thirdparty/open_source/musl/libc/string.h ++++ b/thirdparty/open_source/musl/libc/string.h +@@ -7,7 +7,9 @@ extern "C" { + + #include + +-#ifdef __cplusplus ++#if __cplusplus >= 201103L ++#define NULL nullptr ++#elif defined(__cplusplus) + #define NULL 0L + #else + #define NULL ((void*)0) +diff --git a/thirdparty/open_source/musl/libc/sys/fcntl.h b/thirdparty/open_source/musl/libc/sys/fcntl.h +new file mode 100644 +index 0000000..3dd928e +--- /dev/null ++++ b/thirdparty/open_source/musl/libc/sys/fcntl.h +@@ -0,0 +1,2 @@ ++#warning redirecting incorrect #include to ++#include +diff --git a/thirdparty/open_source/musl/libc/sys/ioctl.h b/thirdparty/open_source/musl/libc/sys/ioctl.h +index c2ce3b4..a9a2346 100644 +--- a/thirdparty/open_source/musl/libc/sys/ioctl.h ++++ b/thirdparty/open_source/musl/libc/sys/ioctl.h +@@ -4,6 +4,8 @@ + extern "C" { + #endif + ++#define __NEED_struct_winsize ++ + #include + #include + +@@ -47,13 +49,6 @@ extern "C" { + + #define TIOCSER_TEMT 1 + +-struct winsize { +- unsigned short ws_row; +- unsigned short ws_col; +- unsigned short ws_xpixel; +- unsigned short ws_ypixel; +-}; +- + #define SIOCADDRT 0x890B + #define SIOCDELRT 0x890C + #define SIOCRTMSG 0x890D +diff --git a/thirdparty/open_source/musl/libc/sys/mman.h b/thirdparty/open_source/musl/libc/sys/mman.h +index 105af9d..80a3baa 100644 +--- a/thirdparty/open_source/musl/libc/sys/mman.h ++++ b/thirdparty/open_source/musl/libc/sys/mman.h +@@ -20,7 +20,6 @@ extern "C" { + + #define MAP_SHARED 0x01 + #define MAP_PRIVATE 0x02 +-#define MAP_RESERVE 0x04 + #define MAP_SHARED_VALIDATE 0x03 + #define MAP_TYPE 0x0f + #define MAP_FIXED 0x10 +@@ -41,6 +40,7 @@ extern "C" { + + #define MAP_HUGE_SHIFT 26 + #define MAP_HUGE_MASK 0x3f ++#define MAP_HUGE_16KB (14 << 26) + #define MAP_HUGE_64KB (16 << 26) + #define MAP_HUGE_512KB (19 << 26) + #define MAP_HUGE_1MB (20 << 26) +@@ -102,6 +102,7 @@ extern "C" { + #ifdef _GNU_SOURCE + #define MREMAP_MAYMOVE 1 + #define MREMAP_FIXED 2 ++#define MREMAP_DONTUNMAP 4 + + #define MLOCK_ONFAULT 0x01 + +@@ -113,7 +114,7 @@ extern "C" { + #include + + void *mmap (void *, size_t, int, int, int, off_t); +-int munmap (const void *, size_t); ++int munmap (void *, size_t); + + int mprotect (void *, size_t, int); + int msync (void *, size_t, int); +diff --git a/thirdparty/open_source/musl/libc/sys/socket.h b/thirdparty/open_source/musl/libc/sys/socket.h +index 38f5bb1..6dc1e40 100644 +--- a/thirdparty/open_source/musl/libc/sys/socket.h ++++ b/thirdparty/open_source/musl/libc/sys/socket.h +@@ -289,6 +289,8 @@ struct linger { + #define SCM_TXTIME SO_TXTIME + #define SO_BINDTOIFINDEX 62 + #define SO_DETACH_REUSEPORT_BPF 68 ++#define SO_PREFER_BUSY_POLL 69 ++#define SO_BUSY_POLL_BUDGET 70 + + #ifndef SOL_SOCKET + #define SOL_SOCKET 1 +diff --git a/thirdparty/open_source/musl/libc/time.h b/thirdparty/open_source/musl/libc/time.h +index 1b18024..3d94837 100644 +--- a/thirdparty/open_source/musl/libc/time.h ++++ b/thirdparty/open_source/musl/libc/time.h +@@ -7,13 +7,13 @@ extern "C" { + + #include + +-#ifndef NULL +-#ifdef __cplusplus ++#if __cplusplus >= 201103L ++#define NULL nullptr ++#elif defined(__cplusplus) + #define NULL 0L + #else + #define NULL ((void*)0) + #endif +-#endif + + + #define __NEED_size_t +diff --git a/thirdparty/open_source/musl/libc/unistd.h b/thirdparty/open_source/musl/libc/unistd.h +index 7bcbff9..212263a 100644 +--- a/thirdparty/open_source/musl/libc/unistd.h ++++ b/thirdparty/open_source/musl/libc/unistd.h +@@ -14,8 +14,12 @@ extern "C" { + #define SEEK_SET 0 + #define SEEK_CUR 1 + #define SEEK_END 2 ++#define SEEK_DATA 3 ++#define SEEK_HOLE 4 + +-#ifdef __cplusplus ++#if __cplusplus >= 201103L ++#define NULL nullptr ++#elif defined(__cplusplus) + #define NULL 0L + #else + #define NULL ((void*)0) +@@ -82,6 +86,7 @@ unsigned sleep(unsigned); + int pause(void); + + pid_t fork(void); ++pid_t _Fork(void); + int execve(const char *, char *const [], char *const []); + int execv(const char *, char *const []); + int execle(const char *, const char *, ...); +@@ -190,6 +195,7 @@ int syncfs(int); + int euidaccess(const char *, int); + int eaccess(const char *, int); + ssize_t copy_file_range(int, off_t *, int, off_t *, size_t, unsigned); ++pid_t gettid(void); + #endif + + #if defined(_LARGEFILE64_SOURCE) || defined(_GNU_SOURCE) +diff --git a/thirdparty/open_source/musl/libc/wchar.h b/thirdparty/open_source/musl/libc/wchar.h +index 88eb55b..ed5d774 100644 +--- a/thirdparty/open_source/musl/libc/wchar.h ++++ b/thirdparty/open_source/musl/libc/wchar.h +@@ -38,7 +38,9 @@ extern "C" { + #define WCHAR_MIN (-1-0x7fffffff+L'\0') + #endif + +-#ifdef __cplusplus ++#if __cplusplus >= 201103L ++#define NULL nullptr ++#elif defined(__cplusplus) + #define NULL 0L + #else + #define NULL ((void*)0) +diff --git a/include/TA/openssl/crypto/asn1.h b/thirdparty/open_source/openssl/crypto/asn1.h +similarity index 97% +rename from include/TA/openssl/crypto/asn1.h +rename to thirdparty/open_source/openssl/crypto/asn1.h +index 9c28a7d..9c9b4d8 100644 +--- a/include/TA/openssl/crypto/asn1.h ++++ b/thirdparty/open_source/openssl/crypto/asn1.h +@@ -92,9 +92,6 @@ extern const EVP_PKEY_ASN1_METHOD siphash_asn1_meth; + # define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ + # define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ + # define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ +-#ifndef OPENSSL_NO_CRL_MEMPOOL +-# define ASN1_OBJECT_FLAG_MEMPOOL 0x1000/* internal use*/ +-#endif + struct asn1_object_st { + const char *sn, *ln; + int nid; +diff --git a/include/TA/openssl/crypto/bn.h b/thirdparty/open_source/openssl/crypto/bn.h +similarity index 100% +rename from include/TA/openssl/crypto/bn.h +rename to thirdparty/open_source/openssl/crypto/bn.h +diff --git a/include/TA/openssl/crypto/ec.h b/thirdparty/open_source/openssl/crypto/ec.h +similarity index 91% +rename from include/TA/openssl/crypto/ec.h +rename to thirdparty/open_source/openssl/crypto/ec.h +index 184c5c1..fe52ae7 100644 +--- a/include/TA/openssl/crypto/ec.h ++++ b/thirdparty/open_source/openssl/crypto/ec.h +@@ -49,11 +49,5 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md); + +-/*- +- * Checking for Elliptic Curve types that do not support signatures for fips 140-3 +- */ +-#ifndef OPENSSL_NO_FIPS +-int fips_check_ecdsa_curve_type(int nid); +-#endif + # endif /* OPENSSL_NO_EC */ + #endif +diff --git a/include/TA/openssl/crypto/err.h b/thirdparty/open_source/openssl/crypto/err.h +similarity index 100% +rename from include/TA/openssl/crypto/err.h +rename to thirdparty/open_source/openssl/crypto/err.h +diff --git a/include/TA/openssl/internal/bio.h b/thirdparty/open_source/openssl/internal/bio.h +similarity index 82% +rename from include/TA/openssl/internal/bio.h +rename to thirdparty/open_source/openssl/internal/bio.h +index 51b991d..c343b27 100644 +--- a/include/TA/openssl/internal/bio.h ++++ b/thirdparty/open_source/openssl/internal/bio.h +@@ -27,13 +27,7 @@ struct bio_method_st { + void bio_free_ex_data(BIO *bio); + void bio_cleanup(void); + +-#ifndef OPENSSL_NO_DTO +-#define BIO_set_dto_key(b, keyblob, type) \ +- BIO_ctrl(b, BIO_CTRL_SET_DTO_KEY, type, keyblob) + +-#define BIO_set_dto_epoch_sequence(b, keyblob) \ +- BIO_ctrl(b, BIO_CTRL_SET_DTO_EPOCH_SEQUENCE, 0, keyblob) +-#endif + /* Old style to new style BIO_METHOD conversion functions */ + int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written); + int bread_conv(BIO *bio, char *data, size_t datal, size_t *read); +diff --git a/include/TA/openssl/openssl/asn1.h b/thirdparty/open_source/openssl/openssl/asn1.h +similarity index 99% +rename from include/TA/openssl/openssl/asn1.h +rename to thirdparty/open_source/openssl/openssl/asn1.h +index fbf8373..9522eec 100644 +--- a/include/TA/openssl/openssl/asn1.h ++++ b/thirdparty/open_source/openssl/openssl/asn1.h +@@ -248,12 +248,6 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; + type *name##_new(void); \ + void name##_free(type *a); + +-# define DECLARE_ASN1_DUP_FUNCTION(type) \ +- DECLARE_ASN1_DUP_FUNCTION_name(type, type) +- +-# define DECLARE_ASN1_DUP_FUNCTION_name(type, name) \ +- type *name##_dup(type *a); +- + # define DECLARE_ASN1_PRINT_FUNCTION(stname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) + +@@ -668,6 +662,7 @@ BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); + int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); + int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); + ++ + int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); + long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); + ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +diff --git a/include/TA/openssl/openssl/asn1err.h b/thirdparty/open_source/openssl/openssl/asn1err.h +similarity index 100% +rename from include/TA/openssl/openssl/asn1err.h +rename to thirdparty/open_source/openssl/openssl/asn1err.h +diff --git a/include/TA/openssl/openssl/asn1t.h b/thirdparty/open_source/openssl/openssl/asn1t.h +similarity index 98% +rename from include/TA/openssl/openssl/asn1t.h +rename to thirdparty/open_source/openssl/openssl/asn1t.h +index 4c326ea..a450ba0 100644 +--- a/include/TA/openssl/openssl/asn1t.h ++++ b/thirdparty/open_source/openssl/openssl/asn1t.h +@@ -860,23 +860,6 @@ typedef struct ASN1_STREAM_ARG_st { + ASN1_ITEM_rptr(stname)); \ + } + +-#ifndef OPENSSL_NO_TTO +-# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS(stname) \ +- static int i2d_##stname(stname *a, unsigned char **out) \ +- { \ +- return ASN1_item_i2d((ASN1_VALUE *)a, out, \ +- ASN1_ITEM_rptr(stname)); \ +- } +- +-# define IMPLEMENT_ASN1_DECODE_FUNCTIONS(stname) \ +- static stname *d2i_##stname(stname **a, \ +- const unsigned char **in, long len) \ +- { \ +- return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ +- ASN1_ITEM_rptr(stname)); \ +- } +-#endif +- + /* + * This includes evil casts to remove const: they will go away when full ASN1 + * constification is done. +diff --git a/include/TA/openssl/openssl/bio.h b/thirdparty/open_source/openssl/openssl/bio.h +similarity index 98% +rename from include/TA/openssl/openssl/bio.h +rename to thirdparty/open_source/openssl/openssl/bio.h +index 3f68687..ae559a5 100644 +--- a/include/TA/openssl/openssl/bio.h ++++ b/thirdparty/open_source/openssl/openssl/bio.h +@@ -140,17 +140,6 @@ extern "C" { + # endif + + # define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 +-# define BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY 77 +-# define BIO_CTRL_DGRAM_SCTP_MSG_WAITING 78 +- +-/* Negotiate with the SE (Chen Shengqi) to reserve the value before 1000 for the open-source community, +- * and use the value after 1000 for Huawei-developed features. */ +-#ifndef OPENSSL_NO_DTO +-/* Export DTLS1.2 key information and epoch commands used by the BIO_set_dto macro */ +-#define BIO_CTRL_SET_DTO_KEY 1001 +-#define BIO_CTRL_SET_DTO_EPOCH_SEQUENCE 1002 +- +-#endif + + /* modifiers */ + # define BIO_FP_READ 0x02 +@@ -563,8 +552,6 @@ void BIO_set_data(BIO *a, void *ptr); + void *BIO_get_data(BIO *a); + void BIO_set_init(BIO *a, int init); + int BIO_get_init(BIO *a); +-void BIO_set_num(BIO *a, int num); +-int BIO_get_num(BIO *a); + void BIO_set_shutdown(BIO *a, int shut); + int BIO_get_shutdown(BIO *a); + void BIO_vfree(BIO *a); +@@ -773,6 +760,7 @@ ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); + # undef ossl_bio__attr__ + # undef ossl_bio__printf__ + ++ + BIO_METHOD *BIO_meth_new(int type, const char *name); + void BIO_meth_free(BIO_METHOD *biom); + int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); +diff --git a/include/TA/openssl/openssl/bioerr.h b/thirdparty/open_source/openssl/openssl/bioerr.h +similarity index 100% +rename from include/TA/openssl/openssl/bioerr.h +rename to thirdparty/open_source/openssl/openssl/bioerr.h +diff --git a/include/TA/openssl/openssl/bn.h b/thirdparty/open_source/openssl/openssl/bn.h +similarity index 83% +rename from include/TA/openssl/openssl/bn.h +rename to thirdparty/open_source/openssl/openssl/bn.h +index 51fff4a..d877660 100644 +--- a/include/TA/openssl/openssl/bn.h ++++ b/thirdparty/open_source/openssl/openssl/bn.h +@@ -11,7 +11,6 @@ + #ifndef HEADER_BN_H + # define HEADER_BN_H + +-#ifndef VPP_HICRYPTO_COMPILE + # include + # ifndef OPENSSL_NO_STDIO + # include +@@ -20,35 +19,11 @@ + # include + # include + # include +-#else +-#include +-#include +-#include +- +-#ifndef OPENSSL_API_COMPAT +-#define OPENSSL_API_COMPAT 0x10100000L +-#endif +- +-/* Only one for the following should be defined */ +-#cmakedefine SIXTY_FOUR_BIT_LONG +-#cmakedefine SIXTY_FOUR_BIT +-#cmakedefine THIRTY_TWO_BIT +- +-typedef struct bignum_st BIGNUM; +-typedef struct bignum_ctx BN_CTX; +-typedef struct bn_blinding_st BN_BLINDING; +-typedef struct bn_mont_ctx_st BN_MONT_CTX; +-typedef struct bn_recp_ctx_st BN_RECP_CTX; +-typedef struct bn_gencb_st BN_GENCB; +-#endif + + #ifdef __cplusplus + extern "C" { + #endif + +-#ifdef VPP_HICRYPTO_COMPILE +-# pragma GCC visibility push(default) +-#endif + /* + * 64-bit processor with LP64 ABI + */ +@@ -319,12 +294,10 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); + + int BN_mask_bits(BIGNUM *a, int n); +-#ifndef VPP_HICRYPTO_COMPILE + # ifndef OPENSSL_NO_STDIO + int BN_print_fp(FILE *fp, const BIGNUM *a); + # endif + int BN_print(BIO *bio, const BIGNUM *a); +-#endif + int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); + int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); + int BN_rshift1(BIGNUM *r, const BIGNUM *a); +@@ -349,7 +322,6 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret, + + void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + +-#ifndef VPP_HICRYPTO_COMPILE + /* Deprecated versions */ + DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, +@@ -366,7 +338,7 @@ DEPRECATEDIN_0_9_8(int + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg, + int do_trial_division)) +-#endif ++ + /* Newer versions */ + int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +@@ -394,13 +366,9 @@ int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + void BN_MONT_CTX_free(BN_MONT_CTX *mont); + int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); + BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +-#ifndef VPP_HICRYPTO_COMPILE + BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, + const BIGNUM *mod, BN_CTX *ctx); +-#else +-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRPT_THREAD_MUTEX *lock, +- const BIGNUM *mod, BN_CTX *ctx); +-#endif ++ + /* BN_BLINDING flags */ + # define BN_BLINDING_NO_UPDATE 0x00000001 + # define BN_BLINDING_NO_RECREATE 0x00000002 +@@ -430,11 +398,11 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); +-#ifndef VPP_HICRYPTO_COMPILE ++ + DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont)) + DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3 + * mont */ +-#endif ++ + BN_RECP_CTX *BN_RECP_CTX_new(void); + void BN_RECP_CTX_free(BN_RECP_CTX *recp); + int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); +@@ -564,93 +532,6 @@ BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); + + int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); + +-#ifdef VPP_HICRYPTO_COMPILE +-/** Internal APIs */ +-BIGNUM *bn_wexpand(BIGNUM *a, int words); +-BIGNUM *bn_expand2(BIGNUM *a, int words); +- +-void bn_correct_top(BIGNUM *a); +- +-int bn_get_top(const BIGNUM *a); +- +-int bn_get_dmax(const BIGNUM *a); +- +-/* Set all words to zero */ +-void bn_set_all_zero(BIGNUM *a); +- +-/* +- * Copy the internal BIGNUM words into out which holds size elements (and size +- * must be bigger than top) +- */ +-int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size); +- +-BN_ULONG *bn_get_words(const BIGNUM *a); +- +-/* +- * Set the internal data words in a to point to words which contains size +- * elements. The BN_FLG_STATIC_DATA flag is set +- */ +-void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size); +- +-/* +- * Copy words into the BIGNUM |a|, reallocating space as necessary. +- * The negative flag of |a| is not modified. +- * Returns 1 on success and 0 on failure. +- */ +-/* +- * |num_words| is int because bn_expand2 takes an int. This is an internal +- * function so we simply trust callers not to pass negative values. +- */ +-int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); +- +-/* +- * Some BIGNUM functions assume most significant limb to be non-zero, which +- * is customarily arranged by bn_correct_top. Output from below functions +- * is not processed with bn_correct_top, and for this reason it may not be +- * returned out of public API. It may only be passed internally into other +- * functions known to support non-minimal or zero-padded BIGNUMs. Even +- * though the goal is to facilitate constant-time-ness, not each subroutine +- * is constant-time by itself. They all have pre-conditions, consult source +- * code... +- */ +-int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx); +-int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx); +-int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx); +-int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +-int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +-int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +-int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +-int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); +-int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); +-int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +- +-/* +- * BN reason codes. +- */ +-#define BN_R_ARG2_LT_ARG3 100 +-#define BN_R_BAD_RECIPROCAL 101 +-#define BN_R_BIGNUM_TOO_LONG 114 +-#define BN_R_BITS_TOO_SMALL 118 +-#define BN_R_CALLED_WITH_EVEN_MODULUS 102 +-#define BN_R_DIV_BY_ZERO 103 +-#define BN_R_ENCODING_ERROR 104 +-#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +-#define BN_R_INPUT_NOT_REDUCED 110 +-#define BN_R_INVALID_LENGTH 106 +-#define BN_R_INVALID_RANGE 115 +-#define BN_R_INVALID_SHIFT 119 +-#define BN_R_NOT_A_SQUARE 111 +-#define BN_R_NOT_INITIALIZED 107 +-#define BN_R_NO_INVERSE 108 +-#define BN_R_NO_SOLUTION 116 +-#define BN_R_NO_SUITABLE_DIGEST 120 +-#define BN_R_PRIVATE_KEY_TOO_LARGE 117 +-#define BN_R_P_IS_NOT_PRIME 112 +-#define BN_R_TOO_MANY_ITERATIONS 113 +-#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 +- +-#pragma GCC visibility pop +-#endif + + # ifdef __cplusplus + } +diff --git a/include/TA/openssl/openssl/bnerr.h b/thirdparty/open_source/openssl/openssl/bnerr.h +similarity index 100% +rename from include/TA/openssl/openssl/bnerr.h +rename to thirdparty/open_source/openssl/openssl/bnerr.h +diff --git a/include/TA/openssl/openssl/buffer.h b/thirdparty/open_source/openssl/openssl/buffer.h +similarity index 99% +rename from include/TA/openssl/openssl/buffer.h +rename to thirdparty/open_source/openssl/openssl/buffer.h +index 35a8503..d276576 100644 +--- a/include/TA/openssl/openssl/buffer.h ++++ b/thirdparty/open_source/openssl/openssl/buffer.h +@@ -16,6 +16,7 @@ + # endif + # include + ++ + #ifdef __cplusplus + extern "C" { + #endif +@@ -50,6 +51,7 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len); + size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); + void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); + ++ + # ifdef __cplusplus + } + # endif +diff --git a/include/TA/openssl/openssl/buffererr.h b/thirdparty/open_source/openssl/openssl/buffererr.h +similarity index 100% +rename from include/TA/openssl/openssl/buffererr.h +rename to thirdparty/open_source/openssl/openssl/buffererr.h +diff --git a/include/TA/openssl/openssl/cmac.h b/thirdparty/open_source/openssl/openssl/cmac.h +similarity index 100% +rename from include/TA/openssl/openssl/cmac.h +rename to thirdparty/open_source/openssl/openssl/cmac.h +diff --git a/include/TA/openssl/openssl/crypto.h b/thirdparty/open_source/openssl/openssl/crypto.h +similarity index 90% +rename from include/TA/openssl/openssl/crypto.h +rename to thirdparty/open_source/openssl/openssl/crypto.h +index 2b5c52a..7d0b526 100644 +--- a/include/TA/openssl/openssl/crypto.h ++++ b/thirdparty/open_source/openssl/openssl/crypto.h +@@ -107,8 +107,7 @@ DEFINE_STACK_OF(void) + # define CRYPTO_EX_INDEX_APP 13 + # define CRYPTO_EX_INDEX_UI_METHOD 14 + # define CRYPTO_EX_INDEX_DRBG 15 +-# define CRYPTO_EX_INDEX_SM9_KEY 16 +-# define CRYPTO_EX_INDEX__COUNT 17 ++# define CRYPTO_EX_INDEX__COUNT 16 + + /* No longer needed, so this is a no-op */ + #define OPENSSL_malloc_init() while(0) continue +@@ -319,10 +318,6 @@ int CRYPTO_mem_leaks_fp(FILE *); + int CRYPTO_mem_leaks(BIO *bio); + # endif + +-#ifndef OPENSSL_NO_CRL_MEMPOOL +-int CRYPT_init_memory_pool(int pool_size, int max_no_pool); +-#endif +- + /* die if we have to */ + ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); + # if OPENSSL_API_COMPAT < 0x10100000L +@@ -331,31 +326,11 @@ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line + # define OPENSSL_assert(e) \ + (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1)) + +-#if defined(OPENSSL_SYS_VXWORKS) && defined(OPENSSL_SYS_VXWORKS55) +-int CRYPTO_strncasecmp(unsigned char *a, unsigned char *b, size_t len); +-int CRYPTO_strcasecmp(unsigned char *a, unsigned char *b); +- +-#define strncasecmp(a,b,len) CRYPTO_strncasecmp((a), (b), (len)) +-#define strcasecmp(a,b) CRYPTO_strcasecmp((a), (b)) +-#endif +- +-#if !defined(OPENSSL_NO_NDCPP) +-#define NDCPP_MODE_OFF 0 +-#define NDCPP_MODE_ON 1 +- +-int NDCPP_mode(void); +-int NDCPP_mode_set(int r); +-#endif +- + int OPENSSL_isservice(void); + + int FIPS_mode(void); + int FIPS_mode_set(int r); + +-#ifndef OPENSSL_NO_FIPS +-int FIPS_selftest_result(int result); +-#endif +- + void OPENSSL_init(void); + # ifdef OPENSSL_SYS_UNIX + void OPENSSL_fork_prepare(void); +@@ -407,6 +382,7 @@ int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); + | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ + OPENSSL_INIT_ENGINE_PADLOCK) + ++ + /* Library initialisation functions */ + void OPENSSL_cleanup(void); + int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +@@ -462,38 +438,6 @@ int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key); + CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void); + int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b); + +-#ifndef OPENSSL_NO_ALT_MEMORY +-int CRYPTO_set_mem_functions_alt( +- void *(*m) (size_t, const char *, int), +- void *(*r) (void *, size_t, const char *, int), +- void (*f) (void *, const char *, int)); +- +-void *CRYPTO_malloc_alt(size_t num, const char *file, int line); +-void *CRYPTO_zalloc_alt(size_t num, const char *file, int line); +-void *CRYPTO_realloc_alt(void *addr, size_t num, const char *file, int line); +-void CRYPTO_free_alt(void *ptr, const char *file, int line); +- +-#define OPENSSL_malloc_alt(num) \ +- CRYPTO_malloc_alt((num), OPENSSL_FILE, OPENSSL_LINE) +- +-#define OPENSSL_realloc_alt(num) \ +- CRYPTO_realloc_alt((num), OPENSSL_FILE, OPENSSL_LINE) +- +-#define OPENSSL_free_alt(num) \ +- CRYPTO_free_alt((num), OPENSSL_FILE, OPENSSL_LINE) +- +-#define OPENSSL_zalloc_alt(num) \ +- CRYPTO_zalloc_alt(num, OPENSSL_FILE, OPENSSL_LINE) +- +-#define SSLBUF_malloc(num) OPENSSL_malloc_alt(num) +-#define SSLBUF_free(num) OPENSSL_free_alt(num) +- +-#else +- +-#define SSLBUF_malloc(num) OPENSSL_malloc(num) +-#define SSLBUF_free(num) OPENSSL_free(num) +- +-#endif + + # ifdef __cplusplus + } +diff --git a/include/TA/openssl/openssl/cryptoerr.h b/thirdparty/open_source/openssl/openssl/cryptoerr.h +similarity index 100% +rename from include/TA/openssl/openssl/cryptoerr.h +rename to thirdparty/open_source/openssl/openssl/cryptoerr.h +diff --git a/include/TA/openssl/openssl/dh.h b/thirdparty/open_source/openssl/openssl/dh.h +similarity index 98% +rename from include/TA/openssl/openssl/dh.h +rename to thirdparty/open_source/openssl/openssl/dh.h +index 352b37a..3527540 100644 +--- a/include/TA/openssl/openssl/dh.h ++++ b/thirdparty/open_source/openssl/openssl/dh.h +@@ -30,11 +30,7 @@ extern "C" { + # define OPENSSL_DH_MAX_MODULUS_BITS 10000 + # endif + +-# ifndef OPENSSL_NO_FIPS +- # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 2048 +-#else +- # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 +-#endif ++# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + + # define DH_FLAG_CACHE_MONT_P 0x01 + +@@ -229,6 +225,7 @@ int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) + int DH_meth_set_generate_params(DH_METHOD *dhm, + int (*generate_params) (DH *, int, int, BN_GENCB *)); + ++ + # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) +@@ -335,6 +332,7 @@ int DH_meth_set_generate_params(DH_METHOD *dhm, + # define EVP_PKEY_DH_KDF_X9_42 2 + # endif + ++ + # ifdef __cplusplus + } + # endif +diff --git a/include/TA/openssl/openssl/dsa.h b/thirdparty/open_source/openssl/openssl/dsa.h +similarity index 98% +rename from include/TA/openssl/openssl/dsa.h +rename to thirdparty/open_source/openssl/openssl/dsa.h +index 741fd4f..6d8a18a 100644 +--- a/include/TA/openssl/openssl/dsa.h ++++ b/thirdparty/open_source/openssl/openssl/dsa.h +@@ -30,12 +30,7 @@ extern "C" { + # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 + # endif + +-#ifndef OPENSSL_NO_FIPS +-# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 2048 +-# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_verify 512 +-#else + # define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 +-#endif + + # define DSA_FLAG_CACHE_MONT_P 0x01 + # if OPENSSL_API_COMPAT < 0x10100000L +@@ -241,6 +236,7 @@ int DSA_meth_set_paramgen(DSA_METHOD *dsam, + int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *); + int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)); + ++ + # ifdef __cplusplus + } + # endif +diff --git a/include/TA/openssl/openssl/e_os2.h b/thirdparty/open_source/openssl/openssl/e_os2.h +similarity index 95% +rename from include/TA/openssl/openssl/e_os2.h +rename to thirdparty/open_source/openssl/openssl/e_os2.h +index 86c201e..5c88e51 100644 +--- a/include/TA/openssl/openssl/e_os2.h ++++ b/thirdparty/open_source/openssl/openssl/e_os2.h +@@ -42,7 +42,7 @@ extern "C" { + * UEFI lives here because it might be built with a Microsoft toolchain and + * we need to avoid the false positive match on Windows. + */ +-# if defined(OPENSSL_SYS_UEFI) || defined(__UBOOT__) ++# if defined(OPENSSL_SYS_UEFI) + # undef OPENSSL_SYS_UNIX + # elif defined(OPENSSL_SYS_UWIN) + # undef OPENSSL_SYS_UNIX +@@ -212,7 +212,7 @@ extern "C" { + + # ifndef ossl_ssize_t + # define ossl_ssize_t ssize_t +-# if defined(SSIZE_MAX) && !defined(OPENSSL_SYS_VXWORKS) ++# if defined(SSIZE_MAX) + # define OSSL_SSIZE_MAX SSIZE_MAX + # elif defined(_POSIX_SSIZE_MAX) + # define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX +@@ -237,9 +237,9 @@ typedef INT32 int32_t; + typedef UINT32 uint32_t; + typedef INT64 int64_t; + typedef UINT64 uint64_t; +-# elif !defined(OPENSSL_SYS_VXWORKS) && ((defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ ++# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ + defined(__osf__) || defined(__sgi) || defined(__hpux) || \ +- defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)) ++ defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) + # include + # elif defined(_MSC_VER) && _MSC_VER<1600 + /* +@@ -254,15 +254,9 @@ typedef int int32_t; + typedef unsigned int uint32_t; + typedef __int64 int64_t; + typedef unsigned __int64 uint64_t; +-# elif defined(OPENSSL_SYS_VXWORKS) && !defined(VPP_CRYPTO_COMPILE) +-# define UINT16_MAX 0xffff +-# define INT16_MAX 0x7fff +-# include + # else +-# ifndef __NO_STDINTH__ + # include + # endif +-# endif + + /* ossl_inline: portable inline definition usable in public headers */ + # if !defined(inline) && !defined(__cplusplus) +diff --git a/include/TA/openssl/openssl/ec.h b/thirdparty/open_source/openssl/openssl/ec.h +similarity index 99% +rename from include/TA/openssl/openssl/ec.h +rename to thirdparty/open_source/openssl/openssl/ec.h +index 0c830ab..24baf53 100644 +--- a/include/TA/openssl/openssl/ec.h ++++ b/thirdparty/open_source/openssl/openssl/ec.h +@@ -1104,7 +1104,7 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + + # endif +-const EC_KEY_METHOD *EC_KEY_get_iso_15946_2_method(void); ++ + const EC_KEY_METHOD *EC_KEY_OpenSSL(void); + const EC_KEY_METHOD *EC_KEY_get_default_method(void); + void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); +@@ -1476,6 +1476,7 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, + */ + # define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 + ++ + # ifdef __cplusplus + } + # endif +diff --git a/include/TA/openssl/openssl/ecdsa.h b/thirdparty/open_source/openssl/openssl/ecdsa.h +similarity index 68% +rename from include/TA/openssl/openssl/ecdsa.h +rename to thirdparty/open_source/openssl/openssl/ecdsa.h +index a9aeb7c..681f3d5 100644 +--- a/include/TA/openssl/openssl/ecdsa.h ++++ b/thirdparty/open_source/openssl/openssl/ecdsa.h +@@ -7,13 +7,4 @@ + * https://www.openssl.org/source/license.html + */ + +-#ifndef ECDSA_H +-# define ECDSA_H + #include +- +-#ifndef OPENSSL_NO_FIPS +-#define ECDSA_VERIFY_SIG_MIN_KEY_SIZE 160 +-#define ECDSA_SIGN_SIG_MIN_KEY_SIZE 224 +-#endif +- +-#endif // ECDSA_H +diff --git a/include/TA/openssl/openssl/ecerr.h b/thirdparty/open_source/openssl/openssl/ecerr.h +similarity index 98% +rename from include/TA/openssl/openssl/ecerr.h +rename to thirdparty/open_source/openssl/openssl/ecerr.h +index a796d22..5173811 100644 +--- a/include/TA/openssl/openssl/ecerr.h ++++ b/thirdparty/open_source/openssl/openssl/ecerr.h +@@ -187,8 +187,6 @@ int ERR_load_EC_strings(void); + # define EC_F_OSSL_ECDH_COMPUTE_KEY 247 + # define EC_F_OSSL_ECDSA_SIGN_SIG 249 + # define EC_F_OSSL_ECDSA_VERIFY_SIG 250 +-# define EC_F_OSSL_ECDSA_SIGN_SIG_ISO_15946_2 300 +-# define EC_F_OSSL_ECDSA_VERIFY_SIG_ISO_15946_2 301 + # define EC_F_PKEY_ECD_CTRL 271 + # define EC_F_PKEY_ECD_DIGESTSIGN 272 + # define EC_F_PKEY_ECD_DIGESTSIGN25519 276 +@@ -202,7 +200,6 @@ int ERR_load_EC_strings(void); + # define EC_F_PKEY_EC_KEYGEN 199 + # define EC_F_PKEY_EC_PARAMGEN 219 + # define EC_F_PKEY_EC_SIGN 218 +-# define EC_F_PKEY_EC_SM2DH_DERIVE 299 + # define EC_F_VALIDATE_ECX_DERIVE 278 + + /* +@@ -274,9 +271,6 @@ int ERR_load_EC_strings(void); + # define EC_R_UNSUPPORTED_FIELD 131 + # define EC_R_WRONG_CURVE_PARAMETERS 145 + # define EC_R_WRONG_ORDER 130 +-#ifndef OPENSSL_NO_FIPS +-# define EC_R_KEY_SIZE_INVALID 166 +-#endif + + # endif + #endif +diff --git a/include/TA/openssl/openssl/err.h b/thirdparty/open_source/openssl/openssl/err.h +similarity index 94% +rename from include/TA/openssl/openssl/err.h +rename to thirdparty/open_source/openssl/openssl/err.h +index cd219c7..b49f881 100644 +--- a/include/TA/openssl/openssl/err.h ++++ b/thirdparty/open_source/openssl/openssl/err.h +@@ -95,11 +95,6 @@ typedef struct err_state_st { + # define ERR_LIB_ASYNC 51 + # define ERR_LIB_KDF 52 + # define ERR_LIB_SM2 53 +-# define ERR_LIB_CRMF 56 +-# define ERR_LIB_CMP 57 +-# define ERR_LIB_SM9 58 +-# define ERR_LIB_PQC 59 +-# define ERR_LIB_PQC_HYBRID 60 + + # define ERR_LIB_USER 128 + +@@ -133,17 +128,12 @@ typedef struct err_state_st { + # define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + # define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + # define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +-# define CRMFerr(f,r) ERR_PUT_error(ERR_LIB_CRMF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +-# define CMPerr(f,r) ERR_PUT_error(ERR_LIB_CMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + # define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + # define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + # define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + # define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + # define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + # define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +-# define SM9err(f,r) ERR_PUT_error(ERR_LIB_SM9,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +-# define PQCerr(f,r) ERR_PUT_error(ERR_LIB_SM9,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +-# define PQC_HYBRIDerr(f,r) ERR_PUT_error(ERR_LIB_SM9,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + + # define ERR_PACK(l,f,r) ( \ + (((unsigned int)(l) & 0x0FF) << 24L) | \ +@@ -200,8 +190,6 @@ typedef struct err_state_st { + # define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ + # define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ + # define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */ +-# define ERR_R_SM9_LIB ERR_LIB_SM9/* 58 */ +-# define ERR_R_PQC_HYBRID_LIB ERR_LIB_PQC_HYBRID/* 60 */ + + # define ERR_R_NESTED_ASN1_ERROR 58 + # define ERR_R_MISSING_ASN1_EOS 63 +diff --git a/include/TA/openssl/openssl/evp.h b/thirdparty/open_source/openssl/openssl/evp.h +similarity index 99% +rename from include/TA/openssl/openssl/evp.h +rename to thirdparty/open_source/openssl/openssl/evp.h +index d6c7292..a411f3f 100644 +--- a/include/TA/openssl/openssl/evp.h ++++ b/thirdparty/open_source/openssl/openssl/evp.h +@@ -352,10 +352,6 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + # define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 + + # define EVP_CTRL_GET_IVLEN 0x25 +-#ifndef OPENSSL_NO_TTO +-/* Set the input buffer lengths to use for a pipelined operation in case of TTO */ +-# define EVP_CTRL_GCM_SET_IV_INV_TTO 0x99 +-#endif + + /* Padding modes */ + #define EVP_PADDING_PKCS7 1 +@@ -402,6 +398,7 @@ typedef struct evp_cipher_info_st { + unsigned char iv[EVP_MAX_IV_LENGTH]; + } EVP_CIPHER_INFO; + ++ + /* Password based encryption function */ + typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, +@@ -940,10 +937,6 @@ const EVP_CIPHER *EVP_sm4_cfb128(void); + # define EVP_sm4_cfb EVP_sm4_cfb128 + const EVP_CIPHER *EVP_sm4_ofb(void); + const EVP_CIPHER *EVP_sm4_ctr(void); +-const EVP_CIPHER *EVP_sm4_gcm(void); +-#ifndef OPENSSL_NO_SM4_XTS +-const EVP_CIPHER *EVP_sm4_xts(void); +-# endif + # endif + + # if OPENSSL_API_COMPAT < 0x10100000L +@@ -1344,13 +1337,6 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); + + EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); + EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +-#ifndef OPENSSL_NO_GMTLS +-EVP_PKEY_CTX *EVP_PKEY_CTX_new_pkey_id(EVP_PKEY *pkey, int id, ENGINE *e); +-int EVP_PKEY_CTX_set_sm2_param(EVP_PKEY_CTX *pctx, EVP_MD *md, int server, +- unsigned char *peer_id, int peerid_len, +- unsigned char *self_id, int selfid_len, +- EC_KEY *peer_ecdhe_key, EC_KEY *self_ecdhe_key); +-#endif + EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); + void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +@@ -1673,9 +1659,6 @@ void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, + EVP_MD_CTX *mctx)); + void EVP_add_alg_module(void); + +-#ifndef OPENSSL_NO_SM2 +-int EVP_PKEY_is_sm2(EVP_PKEY *pkey); +-#endif + + # ifdef __cplusplus + } +diff --git a/include/TA/openssl/openssl/evperr.h b/thirdparty/open_source/openssl/openssl/evperr.h +similarity index 98% +rename from include/TA/openssl/openssl/evperr.h +rename to thirdparty/open_source/openssl/openssl/evperr.h +index daabe9b..b4ea90a 100644 +--- a/include/TA/openssl/openssl/evperr.h ++++ b/thirdparty/open_source/openssl/openssl/evperr.h +@@ -123,8 +123,6 @@ int ERR_load_EVP_strings(void); + # define EVP_F_R_32_12_16_INIT_KEY 242 + # define EVP_F_S390X_AES_GCM_CTRL 201 + # define EVP_F_UPDATE 173 +-# define EVP_F_SM4_GCM_CTRL 231 +-# define EVP_F_SM4_XTS_INIT_KEY 232 + + /* + * EVP reason codes. +diff --git a/include/TA/openssl/openssl/hmac.h b/thirdparty/open_source/openssl/openssl/hmac.h +similarity index 100% +rename from include/TA/openssl/openssl/hmac.h +rename to thirdparty/open_source/openssl/openssl/hmac.h +diff --git a/include/TA/openssl/openssl/kdf.h b/thirdparty/open_source/openssl/openssl/kdf.h +similarity index 99% +rename from include/TA/openssl/openssl/kdf.h +rename to thirdparty/open_source/openssl/openssl/kdf.h +index 01e5448..5abd4c3 100644 +--- a/include/TA/openssl/openssl/kdf.h ++++ b/thirdparty/open_source/openssl/openssl/kdf.h +@@ -90,6 +90,7 @@ extern "C" { + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes) + ++ + # ifdef __cplusplus + } + # endif +diff --git a/include/TA/openssl/openssl/kdferr.h b/thirdparty/open_source/openssl/openssl/kdferr.h +similarity index 100% +rename from include/TA/openssl/openssl/kdferr.h +rename to thirdparty/open_source/openssl/openssl/kdferr.h +diff --git a/include/TA/openssl/openssl/lhash.h b/thirdparty/open_source/openssl/openssl/lhash.h +similarity index 99% +rename from include/TA/openssl/openssl/lhash.h +rename to thirdparty/open_source/openssl/openssl/lhash.h +index 84cfab0..2e42d72 100644 +--- a/include/TA/openssl/openssl/lhash.h ++++ b/thirdparty/open_source/openssl/openssl/lhash.h +@@ -66,6 +66,7 @@ typedef struct lhash_st OPENSSL_LHASH; + name##_doall_arg(a, b); } + # define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + ++ + # define LH_LOAD_MULT 256 + + int OPENSSL_LH_error(OPENSSL_LHASH *lh); +diff --git a/include/TA/openssl/openssl/obj_mac.h b/thirdparty/open_source/openssl/openssl/obj_mac.h +similarity index 97% +rename from include/TA/openssl/openssl/obj_mac.h +rename to thirdparty/open_source/openssl/openssl/obj_mac.h +index 66ec330..53516a0 100644 +--- a/include/TA/openssl/openssl/obj_mac.h ++++ b/thirdparty/open_source/openssl/openssl/obj_mac.h +@@ -77,11 +77,6 @@ + #define NID_international_organizations 647 + #define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + +-#define SN_subject_key_attestation_evidence "subject-key-attestation-evidence" +-#define LN_subject_key_attestation_evidence "Subject Key Attestation Evidence" +-#define NID_subject_key_attestation_evidence 1195 +-#define OBJ_subject_key_attestation_evidence OBJ_international_organizations,133L,6L,1L,1L +- + #define SN_wap "wap" + #define NID_wap 678 + #define OBJ_wap OBJ_international_organizations,43L +@@ -318,14 +313,6 @@ + #define NID_ecdsa_with_SHA512 796 + #define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L + +-#define SN_ec192wapi "ec192wapi" +-#define NID_ec192wapi 1214 +-#define OBJ_ec192wapi OBJ_ISO_CN,11235L,1L,1L,2L,1L +- +-#define SN_ec192wapi_with_SHA256 "ec192wapi-with-SHA256" +-#define NID_ec192wapi_with_SHA256 1215 +-#define OBJ_ec192wapi_with_SHA256 OBJ_ISO_CN,11235L,1L,1L,1L +- + #define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L + + #define SN_secp112r1 "secp112r1" +@@ -1187,80 +1174,11 @@ + #define NID_sm3 1143 + #define OBJ_sm3 OBJ_sm_scheme,401L + +-#define SN_SM2_with_SM3 "SM2-SM3" +-#define LN_SM2_with_SM3 "SM2-with-SM3" +-#define NID_SM2_with_SM3 1196 +-#define OBJ_SM2_with_SM3 OBJ_sm_scheme,501L +- + #define SN_sm3WithRSAEncryption "RSA-SM3" + #define LN_sm3WithRSAEncryption "sm3WithRSAEncryption" + #define NID_sm3WithRSAEncryption 1144 + #define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L + +-#define SN_sm9 "SM9" +-#define LN_sm9 "sm9" +-#define NID_sm9 1197 +-#define OBJ_sm9 OBJ_sm_scheme,302L +- +-#define SN_sm2_sign "SM2-1" +-#define LN_sm2_sign "sm2-sign" +-#define NID_sm2_sign 1198 +-#define OBJ_sm2_sign OBJ_sm2,1L +- +-#define SN_sm2_encrypt "SM2-3" +-#define LN_sm2_encrypt "sm2-encrypt" +-#define NID_sm2_encrypt 1211 +-#define OBJ_sm2_encrypt OBJ_sm2,3L +- +-#define SN_sm2_cryptography_message_syntax_specification "sm2-cryptography-message-syntax-specification" +-#define LN_sm2_cryptography_message_syntax_specification "SM2 Cryptography Message Syntax Specification" +-#define NID_sm2_cryptography_message_syntax_specification 1199 +-#define OBJ_sm2_cryptography_message_syntax_specification OBJ_oscca,6L,1L,4L,2L +- +-#define LN_pkcs7_sm2data "pkcs7-sm2data" +-#define NID_pkcs7_sm2data 1200 +-#define OBJ_pkcs7_sm2data OBJ_sm2_cryptography_message_syntax_specification,1L +- +-#define LN_pkcs7_sm2signedData "pkcs7-sm2signedData" +-#define NID_pkcs7_sm2signedData 1201 +-#define OBJ_pkcs7_sm2signedData OBJ_sm2_cryptography_message_syntax_specification,2L +- +-#define LN_pkcs7_sm2envelopedData "pkcs7-sm2envelopedData" +-#define NID_pkcs7_sm2envelopedData 1212 +-#define OBJ_pkcs7_sm2envelopedData OBJ_sm2_cryptography_message_syntax_specification,3L +- +-#define LN_pkcs7_sm2signedAndEnvelopedData "pkcs7-sm2signedAndEnvelopedData" +-#define NID_pkcs7_sm2signedAndEnvelopedData 1213 +-#define OBJ_pkcs7_sm2signedAndEnvelopedData OBJ_sm2_cryptography_message_syntax_specification,4L +- +-#define SN_sm2_cryptography_algorithm_application_specification "sm2-cryptography-algorithm-application-specification" +-#define LN_sm2_cryptography_algorithm_application_specification "SM2 Cryptography Algorithm Application Specification" +-#define NID_sm2_cryptography_algorithm_application_specification 1204 +-#define OBJ_sm2_cryptography_algorithm_application_specification OBJ_oscca,6L,1L,4L,1L +- +-#define SN_q5 "q5" +-#define LN_q5 "Password-based Key Derivation Specification" +-#define NID_q5 1205 +-#define OBJ_q5 OBJ_sm2_cryptography_algorithm_application_specification,5L +- +-#define LN_id_gm_pbkdf "GM-PBKDF" +-#define NID_id_gm_pbkdf 1206 +-#define OBJ_id_gm_pbkdf OBJ_q5,1L +- +-#define LN_id_gm_pbes "GM-PBES" +-#define NID_id_gm_pbes 1207 +-#define OBJ_id_gm_pbes OBJ_q5,2L +- +-#define SN_pbeWithSM3AndSM4_CBC "PBE-SM3-SM4" +-#define LN_pbeWithSM3AndSM4_CBC "pbeWithSM3AndSM4-CBC" +-#define NID_pbeWithSM3AndSM4_CBC 1208 +-#define OBJ_pbeWithSM3AndSM4_CBC OBJ_sm2_cryptography_algorithm_application_specification,12L,1L,1L +- +-#define SN_hmacWithSM3 "sm3WithKey" +-#define LN_hmacWithSM3 "hmacWithSM3" +-#define NID_hmacWithSM3 1209 +-#define OBJ_hmacWithSM3 OBJ_sm3,2L +- + #define LN_hmacWithSHA224 "hmacWithSHA224" + #define NID_hmacWithSHA224 798 + #define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L +@@ -4814,11 +4732,6 @@ + #define NID_seed_ofb128 778 + #define OBJ_seed_ofb128 OBJ_kisa,1L,6L + +-#define SN_sm4Cipher "SM4-CIPHER" +-#define LN_sm4Cipher "sm4Cipher" +-#define NID_sm4Cipher 1210 +-#define OBJ_sm4Cipher OBJ_sm_scheme,104L +- + #define SN_sm4_ecb "SM4-ECB" + #define LN_sm4_ecb "sm4-ecb" + #define NID_sm4_ecb 1133 +@@ -4854,16 +4767,6 @@ + #define NID_sm4_ctr 1139 + #define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L + +-#define SN_sm4_gcm "SM4-GCM" +-#define LN_sm4_gcm "sm4-gcm" +-#define NID_sm4_gcm 1203 +-#define OBJ_sm4_gcm OBJ_sm_scheme,104L,8L +- +-#define SN_sm4_xts "SM4-XTS" +-#define LN_sm4_xts "sm4-xts" +-#define NID_sm4_xts 1202 +-#define OBJ_sm4_xts OBJ_sm_scheme,104L,10L +- + #define SN_hmac "HMAC" + #define LN_hmac "hmac" + #define NID_hmac 855 +@@ -5196,14 +5099,6 @@ + #define SN_ffdhe8192 "ffdhe8192" + #define NID_ffdhe8192 1130 + +-#define SN_kyber512 "kyber512" +-#define LN_kyber512 "kyber512" +-#define NID_kyber512 1216 +- +-#define SN_x25519_kyber512 "x25519_kyber512" +-#define LN_x25519_kyber512 "x25519_kyber512" +-#define NID_x25519_kyber512 1217 +- + #define SN_ISO_UA "ISO-UA" + #define NID_ISO_UA 1150 + #define OBJ_ISO_UA OBJ_member_body,804L +diff --git a/include/TA/openssl/openssl/objects.h b/thirdparty/open_source/openssl/openssl/objects.h +similarity index 99% +rename from include/TA/openssl/openssl/objects.h +rename to thirdparty/open_source/openssl/openssl/objects.h +index 611895f..5e8b576 100644 +--- a/include/TA/openssl/openssl/objects.h ++++ b/thirdparty/open_source/openssl/openssl/objects.h +@@ -27,6 +27,7 @@ + # define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 + # define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 + ++ + #ifdef __cplusplus + extern "C" { + #endif +@@ -167,6 +168,7 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); + int OBJ_add_sigid(int signid, int dig_id, int pkey_id); + void OBJ_sigid_free(void); + ++ + # ifdef __cplusplus + } + # endif +diff --git a/include/TA/openssl/openssl/objectserr.h b/thirdparty/open_source/openssl/openssl/objectserr.h +similarity index 100% +rename from include/TA/openssl/openssl/objectserr.h +rename to thirdparty/open_source/openssl/openssl/objectserr.h +diff --git a/include/TA/openssl/openssl/opensslconf.h b/thirdparty/open_source/openssl/openssl/opensslconf.h +similarity index 100% +rename from include/TA/openssl/openssl/opensslconf.h +rename to thirdparty/open_source/openssl/openssl/opensslconf.h +diff --git a/include/TA/openssl/openssl/opensslv.h b/thirdparty/open_source/openssl/openssl/opensslv.h +similarity index 99% +rename from include/TA/openssl/openssl/opensslv.h +rename to thirdparty/open_source/openssl/openssl/opensslv.h +index 2b107a8..c486264 100644 +--- a/include/TA/openssl/openssl/opensslv.h ++++ b/thirdparty/open_source/openssl/openssl/opensslv.h +@@ -94,6 +94,7 @@ extern "C" { + # define SHLIB_VERSION_HISTORY "" + # define SHLIB_VERSION_NUMBER "1.1" + ++ + #ifdef __cplusplus + } + #endif +diff --git a/include/TA/openssl/openssl/ossl_typ.h b/thirdparty/open_source/openssl/openssl/ossl_typ.h +similarity index 98% +rename from include/TA/openssl/openssl/ossl_typ.h +rename to thirdparty/open_source/openssl/openssl/ossl_typ.h +index fa54d67..e0edfaa 100644 +--- a/include/TA/openssl/openssl/ossl_typ.h ++++ b/thirdparty/open_source/openssl/openssl/ossl_typ.h +@@ -96,9 +96,6 @@ typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + + typedef struct evp_pkey_method_st EVP_PKEY_METHOD; + typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; +-#ifndef OPENSSL_NO_GMSM +-typedef struct sm2_derive_param_st SM2_DERIVE_PARAM; +-#endif + + typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; + +diff --git a/include/TA/openssl/openssl/pem.h b/thirdparty/open_source/openssl/openssl/pem.h +similarity index 97% +rename from include/TA/openssl/openssl/pem.h +rename to thirdparty/open_source/openssl/openssl/pem.h +index a187bea..2ef5b5d 100644 +--- a/include/TA/openssl/openssl/pem.h ++++ b/thirdparty/open_source/openssl/openssl/pem.h +@@ -16,9 +16,6 @@ + # include + # include + # include +-# ifndef OPENSSL_NO_SM2_ENVELOP +-# include +-# endif + + #ifdef __cplusplus + extern "C" { +@@ -51,9 +48,6 @@ extern "C" { + # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" + # define PEM_STRING_PARAMETERS "PARAMETERS" + # define PEM_STRING_CMS "CMS" +-# ifndef OPENSSL_NO_SM2_ENVELOP +-# define PEM_STRING_SM2_ENVELOPED_KEY "SM2 ENVELOPED KEY" +-# endif + + # define PEM_TYPE_ENCRYPTED 10 + # define PEM_TYPE_MIC_ONLY 20 +@@ -377,11 +371,6 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u); + # endif + # endif +-# ifndef OPENSSL_NO_SM2_ENVELOP +-DECLARE_PEM_rw(SM2_ENVELOPED_KEY, SM2_ENVELOPED_KEY) +-SM2_ENVELOPED_KEY *d2i_SM2_ENVELOPED_KEY_bio(BIO *bp, SM2_ENVELOPED_KEY **sm2evpkey); +-int i2d_SM2_ENVELOPED_KEY_bio(BIO *bp, SM2_ENVELOPED_KEY *sm2evpkey); +-# endif + + # ifdef __cplusplus + } +diff --git a/include/TA/openssl/openssl/pemerr.h b/thirdparty/open_source/openssl/openssl/pemerr.h +similarity index 100% +rename from include/TA/openssl/openssl/pemerr.h +rename to thirdparty/open_source/openssl/openssl/pemerr.h +diff --git a/include/TA/openssl/openssl/pkcs7.h b/thirdparty/open_source/openssl/openssl/pkcs7.h +similarity index 64% +rename from include/TA/openssl/openssl/pkcs7.h +rename to thirdparty/open_source/openssl/openssl/pkcs7.h +index 0ea05c5..9b66e00 100644 +--- a/include/TA/openssl/openssl/pkcs7.h ++++ b/thirdparty/open_source/openssl/openssl/pkcs7.h +@@ -151,28 +151,6 @@ DEFINE_STACK_OF(PKCS7) + # define PKCS7_get_signed_attributes(si) ((si)->auth_attr) + # define PKCS7_get_attributes(si) ((si)->unauth_attr) + +-#ifndef OPENSSL_NO_PKCS7_SM2 +-# define PKCS7_type_is_sm2(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_sm2data \ +- || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2signedData \ +- || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2envelopedData \ +- || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2signedAndEnvelopedData \ +- ) +-# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed \ +- || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2signedData \ +- ) +-# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +-# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped \ +- || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2envelopedData \ +- ) +-# define PKCS7_type_is_signedAndEnveloped(a) \ +- (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped \ +- || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2signedAndEnvelopedData \ +- ) +-# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data \ +- || OBJ_obj2nid((a)->type) == NID_pkcs7_sm2data \ +- ) +-# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) +-#else + # define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) + # define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) + # define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +@@ -180,7 +158,6 @@ DEFINE_STACK_OF(PKCS7) + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) + # define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) + # define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) +-#endif + + # define PKCS7_set_detached(p,v) \ + PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) +@@ -208,7 +185,6 @@ DEFINE_STACK_OF(PKCS7) + # define PKCS7_PARTIAL 0x4000 + # define PKCS7_REUSE_DIGEST 0x8000 + # define PKCS7_NO_DUAL_CONTENT 0x10000 +-# define PKCS7_NOPADDING 0x20000 + + /* Flags: for compatibility with older code */ + +@@ -337,120 +313,6 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); + + BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + +-#ifndef OPENSSL_NO_PKCS7_SM2 +-/** +- * @API: +- * PKCS7 *PKCS7_sm2_sign_envelop(X509 *signer, EVP_PKEY *pkey, STACK_OF(X509) *certs, +- STACK_OF(X509) *recips, const EVP_CIPHER *cipher, +- BIO *indata, int flags); +- * @function: Build a complete PKCS#7 sm2 signedAndEnveloped data +- * @param[in] +- * X509 *signer -- the certificate to sign with +- * EVP_PKEY *pkey -- the corresponding private key +- * STACK_OF(X509) *certs -- an optional additional set of certificates +- * STACK_OF(X509) *recips -- a list of recipient certificates +- * const EVP_CIPHER *cipher -- the symmetric cipher to use +- * BIO *indata -- the content to be enveloped and signed +- * int flags -- an optional set of flags +- * @return PKCS7* PKCS7 struct pointer +- * @see GM/T 0010-2012 SM2 cryptography message syntax specification. Sec. 10 +- * @reused API: +- * PKCS7_set_type +- * PKCS7_set_cipher +- * PKCS7_sign_add_signer +- * PKCS7_add_recipient +- * PKCS7_add_certificate +- * PKCS7_final +- */ +-PKCS7 *PKCS7_sm2_sign_envelop(X509 *signer, EVP_PKEY *pkey, STACK_OF(X509) *certs, +- STACK_OF(X509) *recips, const EVP_CIPHER *cipher, +- BIO *indata, int flags); +-/** +- * @API: +- * int PKCS7_sm2_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); +- * @function: PKCS#7 sm2 enveloped or signedAndEnveloped data decryption +- * @param[in] +- * PKCS7 *p7 -- PKCS7 struct pointer +- * EVP_PKEY *pkey -- the private key for decryption +- * X509 *cert -- the corresponding recipient certificate +- * int flags -- an optional set of flags +- * @param[out] +- * BIO *data -- output data BIO struct pointer +- * @return int: 1 for success; 0 for failure +- * @see GM/T 0010-2012 SM2 cryptography message syntax specification. Sec. 9 and 10 +- * @reused API: +- * PKCS7_decrypt +- */ +-int PKCS7_sm2_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); +-/** +- * @API: +- * int PKCS7_sm2_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, +- BIO *indata, BIO *out, int flags); +- * @function: PKCS#7 sm2 signed or signedAndEnveloped data signature verification +- * @param[in] +- * PKCS7 *p7 -- PKCS7 struct pointer +- * STACK_OF(X509) *certs -- a set of signer certificates +- * EVP_PKEY *pkey -- the private key for decryption +- * X509 *cert -- the corresponding recipient certificate +- * int flags -- an optional set of flags +- * @param[out] +- * BIO *data -- output data BIO struct pointer +- * @return int: 1 for success; 0 for failure +- * @see GM/T 0010-2012 SM2 cryptography message syntax specification. Sec. 8 and 10 +- * @reused API: +- * PKCS7_get0_signers +- * PKCS7_get_signer_info +- * PKCS7_signatureVerify +- */ +-int PKCS7_sm2_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, +- BIO *indata, BIO *out, int flags); +-/** +- * @API: +- * int PKCS7_sm2_decrypt_verify(PKCS7 *p7, X509 *recip, EVP_PKEY *recipkey, STACK_OF(X509) *certs, +- X509_STORE *store, BIO *out, int flags); +- * @function: PKCS#7 sm2 signedAndEnveloped data decryption and signature verification +- * @param[in] +- * PKCS7 *p7 -- PKCS7 struct pointer +- * X509 *recip -- the recipient certificate +- * EVP_PKEY *recipkey -- the corresponding private key for decryption +- * STACK_OF(X509) *certs -- a set of signer certificates +- * X509_STORE *store -- the trusted certificate store to use for chain verification +- * int flags -- an optional set of flags +- * @param[out] +- * BIO *out -- output data BIO struct pointer +- * @return int: 1 for success; 0 for failure +- * @see GM/T 0010-2012 SM2 cryptography message syntax specification. Sec. 8 and 10 +- * @reused API: +- * PKCS7_sm2_decrypt +- * PKCS7_sm2_verify +- */ +-int PKCS7_sm2_decrypt_verify(PKCS7 *p7, X509 *recip, EVP_PKEY *recipkey, STACK_OF(X509) *certs, +- X509_STORE *store, BIO *out, int flags); +-/** +- * @API: +- * int PKCS7_sm2_dataFinal(PKCS7 *p7, BIO *bio, BIO *data); +- * @function: PKCS#7 sm2 signed, enveloped and signedAndEnveloped data signing and encrypting +- * @param[in] +- * PKCS7 *p7 -- PKCS7 struct pointer +- * BIO *bio -- BIO chain +- * BIO *data -- input data BIO struct pointer +- * @param[out] +- * BIO *out -- output data BIO struct pointer +- * @return int: 1 for success; 0 for failure +- * @see GM/T 0010-2012 SM2 cryptography message syntax specification. Sec. 8, 9 and 10 +- * @note: +- * Why do we create a new sm2 data final API? +- * +- * The process in the native OpenSSL API PKCS7_final calls PKCS7_dataInit and PKCS7_dataFinal +- * in sequence. PKCS7_dataInit constructs a digest BIO. Each digest algorithm corresponds to only +- * one digest BIO. PKCS7_dataFinal obtains the digest value in plaintext. Because the z value of +- * SM2 Signature needs to be calculated and it is different for each signer. +- * +- * The interface is added to adapt to the multi-sm2-signer scenario. +- */ +-int PKCS7_sm2_dataFinal(PKCS7 *p7, BIO *bio, BIO *data); +-#endif +- + # ifdef __cplusplus + } + # endif +diff --git a/include/TA/openssl/openssl/pkcs7err.h b/thirdparty/open_source/openssl/openssl/pkcs7err.h +similarity index 84% +rename from include/TA/openssl/openssl/pkcs7err.h +rename to thirdparty/open_source/openssl/openssl/pkcs7err.h +index 22f8d52..02e0299 100644 +--- a/include/TA/openssl/openssl/pkcs7err.h ++++ b/thirdparty/open_source/openssl/openssl/pkcs7err.h +@@ -57,15 +57,6 @@ int ERR_load_PKCS7_strings(void); + # define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 + # define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 + # define PKCS7_F_PKCS7_VERIFY 117 +-# define PKCS7_F_PKCS7_ADD_RECIPIENT 140 +-# define PKCS7_F_PKCS7_SM2_SIGN_ENVELOP 141 +-# define PKCS7_F_PKCS7_SM2_VERIFY 142 +-# define PKCS7_F_PKCS7_SM2_VERIFY_CERT 143 +-# define PKCS7_F_PKCS7_SM2_VERIFY_SIGNATURE 144 +-# define PKCS7_F_PKCS7_SM2_VERIFY_DATA 145 +-# define PKCS7_F_PKCS7_SM2_DECRYPT_VERIFY 146 +-# define PKCS7_F_PKCS7_SM2_SIGN_DATA 147 +-# define PKCS7_F_PKCS7_SM2_DATAFINAL 148 + + /* + * PKCS7 reason codes. +@@ -108,11 +99,5 @@ int ERR_load_PKCS7_strings(void); + # define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 + # define PKCS7_R_WRONG_CONTENT_TYPE 113 + # define PKCS7_R_WRONG_PKCS7_TYPE 114 +-# define PKCS7_R_UNSUPPORTED_SIGNERS 146 +-# define PKCS7_R_UNSUPPORTED_RECIPIENTS 147 +-# define PKCS7_R_SM2_SIGN_DATA_FAILURE 148 +-# define PKCS7_R_SM2_VERIFY_DATA_FAILURE 149 +-# define PKCS7_R_SM2_SIGNATURE_FAILURE 150 +-# define PKCS7_R_SM2_VERIFY_ERROR 151 + + #endif +diff --git a/include/TA/openssl/openssl/rand.h b/thirdparty/open_source/openssl/openssl/rand.h +similarity index 85% +rename from include/TA/openssl/openssl/rand.h +rename to thirdparty/open_source/openssl/openssl/rand.h +index ec3b31f..38a2a27 100644 +--- a/include/TA/openssl/openssl/rand.h ++++ b/thirdparty/open_source/openssl/openssl/rand.h +@@ -69,16 +69,6 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void)) + DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) + # endif + +-#if !defined(OPENSSL_NO_FIPS) || !defined(OPENSSL_NO_CMVP) +-int FIPS_rand_set_method(const RAND_METHOD *meth); +-const RAND_METHOD *FIPS_rand_get_method(void); +-int FIPS_rand_strength(void); +-/* 1.0.0 compat functions */ +-int FIPS_rand_seed(const void *buf, int num); +-int FIPS_rand_bytes(unsigned char *out, int outlen); +-void FIPS_rand_reset(void); +-int FIPS_rand_status(void); +-#endif + + #ifdef __cplusplus + } +diff --git a/include/TA/openssl/openssl/randerr.h b/thirdparty/open_source/openssl/openssl/randerr.h +similarity index 100% +rename from include/TA/openssl/openssl/randerr.h +rename to thirdparty/open_source/openssl/openssl/randerr.h +diff --git a/include/TA/openssl/openssl/rsa.h b/thirdparty/open_source/openssl/openssl/rsa.h +similarity index 99% +rename from include/TA/openssl/openssl/rsa.h +rename to thirdparty/open_source/openssl/openssl/rsa.h +index 459f0d2..5e76365 100644 +--- a/include/TA/openssl/openssl/rsa.h ++++ b/thirdparty/open_source/openssl/openssl/rsa.h +@@ -31,12 +31,7 @@ extern "C" { + # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 + # endif + +-# ifndef OPENSSL_NO_FIPS +- # define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 2048 +- # define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS_LEGACY 1024 +-#else +- # define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 +-# endif ++# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 + + # ifndef OPENSSL_RSA_SMALL_MODULUS_BITS + # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +diff --git a/include/TA/openssl/openssl/rsaerr.h b/thirdparty/open_source/openssl/openssl/rsaerr.h +similarity index 97% +rename from include/TA/openssl/openssl/rsaerr.h +rename to thirdparty/open_source/openssl/openssl/rsaerr.h +index 30a39de..59b15e1 100644 +--- a/include/TA/openssl/openssl/rsaerr.h ++++ b/thirdparty/open_source/openssl/openssl/rsaerr.h +@@ -86,10 +86,6 @@ int ERR_load_RSA_strings(void); + # define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 + # define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 126 + # define RSA_F_SETUP_TBUF 167 +-#ifndef OPENSSL_NO_FIPS +-# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 207 +-# define RSA_F_FIPS_NDCPP_RSA_BUILTIN_KEYGEN 206 +-#endif + + /* + * RSA reason codes. +@@ -167,8 +163,5 @@ int ERR_load_RSA_strings(void); + # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 + # define RSA_R_VALUE_MISSING 147 + # define RSA_R_WRONG_SIGNATURE_LENGTH 119 +-#ifndef OPENSSL_NO_FIPS +-# define RSA_R_UNSUPPORTED_PARAMETERS 202 +-#endif + + #endif +diff --git a/include/TA/openssl/openssl/safestack.h b/thirdparty/open_source/openssl/openssl/safestack.h +similarity index 100% +rename from include/TA/openssl/openssl/safestack.h +rename to thirdparty/open_source/openssl/openssl/safestack.h +diff --git a/include/TA/openssl/openssl/sha.h b/thirdparty/open_source/openssl/openssl/sha.h +similarity index 97% +rename from include/TA/openssl/openssl/sha.h +rename to thirdparty/open_source/openssl/openssl/sha.h +index 4a47e6e..6a1eb0d 100644 +--- a/include/TA/openssl/openssl/sha.h ++++ b/thirdparty/open_source/openssl/openssl/sha.h +@@ -83,10 +83,13 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); + # define SHA512_CBLOCK (SHA_LBLOCK*8) + # if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) + # define SHA_LONG64 unsigned __int64 ++# define U64(C) C##UI64 + # elif defined(__arch64__) + # define SHA_LONG64 unsigned long ++# define U64(C) C##UL + # else + # define SHA_LONG64 unsigned long long ++# define U64(C) C##ULL + # endif + + typedef struct SHA512state_st { +diff --git a/include/TA/openssl/openssl/stack.h b/thirdparty/open_source/openssl/openssl/stack.h +similarity index 100% +rename from include/TA/openssl/openssl/stack.h +rename to thirdparty/open_source/openssl/openssl/stack.h +diff --git a/include/TA/openssl/openssl/symhacks.h b/thirdparty/open_source/openssl/openssl/symhacks.h +similarity index 100% +rename from include/TA/openssl/openssl/symhacks.h +rename to thirdparty/open_source/openssl/openssl/symhacks.h +diff --git a/include/TA/openssl/openssl/x509.h b/thirdparty/open_source/openssl/openssl/x509.h +similarity index 98% +rename from include/TA/openssl/openssl/x509.h +rename to thirdparty/open_source/openssl/openssl/x509.h +index efdde0e..3ff86ec 100644 +--- a/include/TA/openssl/openssl/x509.h ++++ b/thirdparty/open_source/openssl/openssl/x509.h +@@ -34,6 +34,7 @@ + extern "C" { + #endif + ++ + /* Flags for X509_get_signature_info() */ + /* Signature info is valid */ + # define X509_SIG_INFO_VALID 0x1 +@@ -54,9 +55,6 @@ extern "C" { + # define X509v3_KU_ENCIPHER_ONLY 0x0001 + # define X509v3_KU_DECIPHER_ONLY 0x8000 + # define X509v3_KU_UNDEF 0xffff +-#define X509v3_KU_SM2_SIGN (X509v3_KU_DIGITAL_SIGNATURE | X509v3_KU_NON_REPUDIATION) +-#define X509v3_KU_SM2_ENC_ENCIPHERMENT (X509v3_KU_KEY_ENCIPHERMENT | X509v3_KU_DATA_ENCIPHERMENT) +-#define X509v3_KU_SM2_ENC_CIPHER_ONLY (X509v3_KU_ENCIPHER_ONLY | X509v3_KU_DECIPHER_ONLY) + + struct X509_algor_st { + ASN1_OBJECT *algorithm; +@@ -575,13 +573,6 @@ void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x); + int X509_get_signature_nid(const X509 *x); + +-# ifndef OPENSSL_NO_SM2 +-void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); +-ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); +-void X509_REQ_set0_sm2_id(X509_REQ *x, ASN1_OCTET_STRING *sm2_id); +-ASN1_OCTET_STRING *X509_REQ_get0_sm2_id(X509_REQ *x); +-# endif +- + int X509_trusted(const X509 *x); + int X509_alias_set1(X509 *x, const unsigned char *name, int len); + int X509_keyid_set1(X509 *x, const unsigned char *id, int len); +@@ -660,12 +651,6 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); + int X509_up_ref(X509 *x); + int X509_get_signature_type(const X509 *x); + +-#ifndef OPENSSL_NO_X509_REQ_EXP_ATTR +-int X509_REQ_add1_exp_attr_by_NID(X509_REQ *req, +- int nid, int type, +- const unsigned char *bytes, int len); +-#endif +- + # if OPENSSL_API_COMPAT < 0x10100000L + # define X509_get_notBefore X509_getm_notBefore + # define X509_get_notAfter X509_getm_notAfter +@@ -673,6 +658,7 @@ int X509_REQ_add1_exp_attr_by_NID(X509_REQ *req, + # define X509_set_notAfter X509_set1_notAfter + #endif + ++ + /* + * This one is only used so that a binary form can output, as in + * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) +@@ -743,7 +729,6 @@ const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); + const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); + DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)) + DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)) +-const unsigned char *X509_CRL_get_hash(const X509_CRL *crl); + X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); + const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); + STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +diff --git a/include/TA/openssl/openssl/x509_vfy.h b/thirdparty/open_source/openssl/openssl/x509_vfy.h +similarity index 99% +rename from include/TA/openssl/openssl/x509_vfy.h +rename to thirdparty/open_source/openssl/openssl/x509_vfy.h +index fa6027f..25c79f1 100644 +--- a/include/TA/openssl/openssl/x509_vfy.h ++++ b/thirdparty/open_source/openssl/openssl/x509_vfy.h +@@ -79,6 +79,7 @@ typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx + X509_NAME *nm); + typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); + ++ + void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + + # define X509_STORE_CTX_set_app_data(ctx,data) \ +@@ -188,9 +189,6 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + # define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 78 + # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 79 + +-/*huawei_0032_check_x509v3_pathlen_extension.patch*/ +-# define X509_V_ERR_INVALID_PATHLEN_EXTENSION 101 /* Returned by the verify callback to indicate that the pathlen is invalid */ +- + /* Certificate verify flags */ + + # if OPENSSL_API_COMPAT < 0x10100000L +@@ -449,6 +447,7 @@ int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + ++ + int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); + int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); + +diff --git a/include/TA/openssl/openssl/x509err.h b/thirdparty/open_source/openssl/openssl/x509err.h +similarity index 95% +rename from include/TA/openssl/openssl/x509err.h +rename to thirdparty/open_source/openssl/openssl/x509err.h +index 0a84ef0..cd08673 100644 +--- a/include/TA/openssl/openssl/x509err.h ++++ b/thirdparty/open_source/openssl/openssl/x509err.h +@@ -26,7 +26,6 @@ int ERR_load_X509_strings(void); + # define X509_F_BY_FILE_CTRL 101 + # define X509_F_CHECK_NAME_CONSTRAINTS 149 + # define X509_F_CHECK_POLICY 145 +-# define X509_F_COMMON_VERIFY_SM2 165 + # define X509_F_DANE_I2D 107 + # define X509_F_DIR_CTRL 102 + # define X509_F_GET_CERT_BY_SUBJECT 103 +@@ -71,8 +70,6 @@ int ERR_load_X509_strings(void); + # define X509_F_X509_REQ_PRINT_EX 121 + # define X509_F_X509_REQ_PRINT_FP 122 + # define X509_F_X509_REQ_TO_X509 123 +-# define X509_F_X509_REQ_VERIFY 163 +-# define X509_F_X509_REQ_VERIFY_SM2 164 + # define X509_F_X509_STORE_ADD_CERT 124 + # define X509_F_X509_STORE_ADD_CRL 125 + # define X509_F_X509_STORE_ADD_LOOKUP 157 +@@ -84,10 +81,8 @@ int ERR_load_X509_strings(void); + # define X509_F_X509_TO_X509_REQ 126 + # define X509_F_X509_TRUST_ADD 133 + # define X509_F_X509_TRUST_SET 141 +-# define X509_F_X509_VERIFY 161 + # define X509_F_X509_VERIFY_CERT 127 + # define X509_F_X509_VERIFY_PARAM_NEW 159 +-# define X509_F_X509_VERIFY_SM2 162 + + /* + * X509 reason codes. +-- +2.33.0 + diff --git a/itrustee_sdk.spec b/itrustee_sdk.spec index 5600d3592ca0a8c693dc7de32a9e15b88a73db0a..2aecef4473024cf1e393525e5b4d0166d10dc249 100644 --- a/itrustee_sdk.spec +++ b/itrustee_sdk.spec @@ -1,6 +1,6 @@ Name: itrustee_sdk Version: 0.1.0 -Release: 9 +Release: 10 Summary: Confidential computing framework for developing TA on itrustee OS ExclusiveArch: aarch64 @@ -11,7 +11,8 @@ Source0: https://gitee.com/openeuler/itrustee_sdk/repository/archive/v%{version} Patch0: 0001-add-Makefile-to-create-libteec_adaptor.so.patch Patch1: 0002-add-ftrapv-strip-and-FS-as-the-compiling-flags.patch Patch2: 0003-no-copy-shared-memory.patch -Patch3: support-part-openssl-headers.patch +Patch3: 0004-support-part-openssl-headers.patch +Patch4: 0005-support-remote-attestation.patch Provides: libteec_adaptor.so()(64bit) %define debug_package %{nil} @@ -54,6 +55,9 @@ strip %{buildroot}/lib64/*.so /lib64/libteec_adaptor.so %changelog +* Wed Apr 26 2023 houmingyong - 0.1.0-10 +- DESC:support remote attestation + * Tue Apr 11 2023 houmingyong - 0.1.0-9 - DESC:add ta openssl headers