widevine-partner/oemcrypto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Second OPK Partner Beta v16 Release

Browse Source 
See https://developers.google.com/widevine/drm/client/opk
for documentation and an integration guide.

See CHANGELOG.md for details about recent changes.
This commit is contained in:
Fred Gylys-Colwell
2022-02-24 13:59:13 -08:00
parent a11741f98d
commit 684711a20f
213 changed files with 16113 additions and 2997 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
CHANGELOG.md Normal file
View File

@@ -0,0 +1,73 @@
# Widevine OEMCrypto, ODK, and OPK Changelog
[TOC]
## [Version 16.4 plus opk beta 2][v16.4+opk-beta2]
Second beta release of the OEMCrypto Porting Kit (OPK), supporting OEMCrypto v16.
The following changes are included with this update:
- Add makefiles to build OEMCrypto TA and host apps for OP-TEE. See
`oemcrypto/opk/ports/optee/README.md` for information on how to build with make
- Update missing and outdated files such as `odk_message.h` and
`OEMCryptoCENCCommon.h`
- Rename WTPI interface files with common WTPI prefix
- Add more WTPI unit tests for crypto functions
- Replace DER parsing code in OEMCrypto TA OPTEE port with mbedtls
implementation
- Update oemcrypto unittests
Using the default make settings and an external OP-TEE repository setup, the
OEMCrypto TA port is now buildable for QEMU. Slight changes to environment
variables will enable STM32MP1 and NXP iMX8 targets. Keep in mind that the
performance capabilities of QEMU and the STM32MP1 platforms do not meet the
timing requirements for many oemcrypto unittests; so far we have only passed all
tests on the NXP hardware.
This update does not include any Trusty port code.
## [Version 16.4 plus opk beta][v16.4+opk-beta]
Initial beta release of the OEMCrypto Porting Kit (OPK), supporting OEMCrypto v16.
## [Version 16.4 doc updates][v16.4+doc-updates]
Documentation updates. All headers have been updated so that documentation may
be extracted using Doxygen. Documentation can now be found at
https://developers.google.com/widevine/drm/client/oemcrypto
## [Version 16.4 plus extra tests][v16.4+extra-test]
We have added several new tests to the OEMCrypto test suite in order to identify
and fix certain types of security issues that are being discovered and disclosed
by security researchers. Widevine strongly recommends these additional security
tests, in order to minimize the risk and exposure from external security
research.
Most of the new tests are checking for buffer overflow and off-by-one
errors. They verify that OEMCrypto correctly handles the case where input
buffers are larger than output buffers; total subsamples are larger than
samples; and message buffers are much larger than required. OEMCrypto is
expected to accept bad input and fail gracefully. Failing these tests is an
indication that there might be a security risk.
Because buffer overflow bugs might crash the device or cause a seg fault, these
tests might fail and then stop running. For this reason, you cannot assume that
your device is passing all of the tests if you don't see FAIL in the
output. Instead, you should look for a summary at the end of the test suite
output saying that all the tests passed. See the README.md in oemcrypto/test
for more details.
## [Version 16.4][v16.4]
Public release for OEMCrypto API and ODK library version 16.4.
[v16.4]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v16.4
[v16.4+extra-test]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v16.4+extra-tests
[v16.4+doc-updates]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v16.4+doc-updates
[v16.4+opk-beta]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v16.4+opk-beta
[v16.4+opk-beta2]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v16.4+opk-beta2

296
linux/src/file_store.cpp Normal file
View File

@@ -0,0 +1,296 @@
// Copyright 2013 Google Inc. All Rights Reserved.
//
// File class - provides a simple file implementation
#include "file_store.h"
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <sys/sendfile.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <cstring>
#include <memory>
#include "log.h"
namespace {
const char kCurrentDirectory[] = ".";
const char kParentDirectory[] = "..";
const char kDirectoryDelimiter = '/';
const char kWildcard[] = "*";
bool IsCurrentOrParentDirectory(char* dir) {
return strcmp(dir, kCurrentDirectory) == 0 ||
strcmp(dir, kParentDirectory) == 0;
}
bool IsDirectory(const std::string& path) {
struct stat buf;
if (stat(path.c_str(), &buf) == 0)
return buf.st_mode & S_IFDIR;
else
return false;
}
bool CreateDirectory(const std::string& path_in) {
std::string path = path_in;
size_t size = path.size();
if ((size == 1) && (path[0] == kDirectoryDelimiter)) return true;
if (size <= 1) return false;
size_t pos = path.find(kDirectoryDelimiter, 1);
while (pos < size) {
path[pos] = '\0';
if (mkdir(path.c_str(), 0700) != 0) {
if (errno != EEXIST) {
LOGW("File::CreateDirectory: mkdir failed: %d, %s", errno,
strerror(errno));
return false;
}
}
path[pos] = kDirectoryDelimiter;
pos = path.find(kDirectoryDelimiter, pos + 1);
}
if (path[size - 1] != kDirectoryDelimiter) {
if (mkdir(path.c_str(), 0700) != 0) {
if (errno != EEXIST) {
LOGW("File::CreateDirectory: mkdir failed: %d, %s", errno,
strerror(errno));
return false;
}
}
}
return true;
}
} // namespace
namespace wvcdm {
class FileImpl : public File {
public:
FileImpl() {}
void FlushFile() {
fflush(file_);
fsync(fileno(file_));
}
~FileImpl() override {
if (file_) {
FlushFile();
fclose(file_);
file_ = nullptr;
}
}
ssize_t Read(char* buffer, size_t bytes) override {
if (!buffer) {
LOGW("File::Read: buffer is empty");
return -1;
}
if (!file_) {
LOGW("File::Read: file not open");
return -1;
}
size_t len = fread(buffer, sizeof(char), bytes, file_);
if (len != bytes) {
LOGW("File::Read: fread failed: %d, %s", errno, strerror(errno));
}
return len;
}
ssize_t Write(const char* buffer, size_t bytes) override {
if (!buffer) {
LOGW("File::Write: buffer is empty");
return -1;
}
if (!file_) {
LOGW("File::Write: file not open");
return -1;
}
size_t len = fwrite(buffer, sizeof(char), bytes, file_);
if (len != bytes) {
LOGW("File::Write: fwrite failed: %d, %s", errno, strerror(errno));
}
FlushFile();
return len;
}
FILE* file_;
std::string file_path_;
};
class FileSystem::Impl {};
FileSystem::FileSystem() {}
FileSystem::FileSystem(const std::string& origin, void*) : origin_(origin) {}
FileSystem::~FileSystem() {}
std::unique_ptr<File> FileSystem::Open(const std::string& name, int flags) {
std::string open_flags;
// create the enclosing directory if it does not exist
size_t delimiter_pos = name.rfind(kDirectoryDelimiter);
if (delimiter_pos != std::string::npos) {
std::string dir_path = name.substr(0, delimiter_pos);
if ((flags & FileSystem::kCreate) && !Exists(dir_path))
CreateDirectory(dir_path);
}
// ensure only owners has access
mode_t old_mask = umask(077);
if (((flags & FileSystem::kTruncate) && Exists(name)) ||
((flags & FileSystem::kCreate) && !Exists(name))) {
FILE* fp = fopen(name.c_str(), "w+");
if (fp) {
fclose(fp);
}
}
open_flags = (flags & FileSystem::kReadOnly) ? "rb" : "rb+";
std::unique_ptr<FileImpl> file_impl(new FileImpl());
file_impl->file_ = fopen(name.c_str(), open_flags.c_str());
umask(old_mask);
if (!file_impl->file_) {
LOGW("File::Open: fopen failed: %d, %s", errno, strerror(errno));
return nullptr;
}
file_impl->file_path_ = name;
return file_impl;
}
bool FileSystem::Exists(const std::string& path) {
struct stat buf;
int res = stat(path.c_str(), &buf) == 0;
if (!res) {
LOGV("File::Exists: stat failed: %d, %s", errno, strerror(errno));
}
return res;
}
bool FileSystem::Remove(const std::string& path) {
if (IsDirectory(path)) {
// Handle directory deletion
DIR* dir;
if ((dir = opendir(path.c_str())) != nullptr) {
// first remove files and dir within it
struct dirent* entry;
while ((entry = readdir(dir)) != nullptr) {
if (!IsCurrentOrParentDirectory(entry->d_name)) {
std::string path_to_remove = path + kDirectoryDelimiter;
path_to_remove += entry->d_name;
if (!Remove(path_to_remove)) {
closedir(dir);
return false;
}
}
}
closedir(dir);
}
if (rmdir(path.c_str())) {
LOGW("File::Remove: rmdir failed: %d, %s", errno, strerror(errno));
return false;
}
return true;
} else {
size_t wildcard_pos = path.find(kWildcard);
if (wildcard_pos == std::string::npos) {
// Handle file deletion
if (unlink(path.c_str()) && (errno != ENOENT)) {
LOGW("File::Remove: unlink failed: %d, %s", errno, strerror(errno));
return false;
}
} else {
// Handle wildcard specified file deletion
size_t delimiter_pos = path.rfind(kDirectoryDelimiter, wildcard_pos);
if (delimiter_pos == std::string::npos) {
LOGW("File::Remove: unable to find path delimiter before wildcard");
return false;
}
DIR* dir;
std::string dir_path = path.substr(0, delimiter_pos);
if ((dir = opendir(dir_path.c_str())) == nullptr) {
LOGW("File::Remove: directory open failed for wildcard");
return false;
}
struct dirent* entry;
std::string ext = path.substr(wildcard_pos + 1);
while ((entry = readdir(dir)) != nullptr) {
size_t filename_len = strlen(entry->d_name);
if (filename_len > ext.size()) {
if (strcmp(entry->d_name + filename_len - ext.size(), ext.c_str()) ==
0) {
std::string file_path_to_remove =
dir_path + kDirectoryDelimiter + entry->d_name;
if (!Remove(file_path_to_remove)) {
closedir(dir);
return false;
}
}
}
}
closedir(dir);
}
return true;
}
}
ssize_t FileSystem::FileSize(const std::string& path) {
struct stat buf;
if (stat(path.c_str(), &buf) == 0)
return buf.st_size;
else
return -1;
}
// Accept a directory, return all the files in that directory.
// Returns false if the directory does not exist.
bool FileSystem::List(const std::string& dirpath,
std::vector<std::string>* filenames) {
if (filenames == nullptr) {
LOGE("FileSystem::List: destination not provided");
return false;
}
if (!Exists(dirpath)) {
LOGW("FileSystem::List: path %s does not exist: %d, %s",
dirpath.c_str(), errno, strerror(errno));
return false;
}
DIR* dir = opendir(dirpath.c_str());
if (dir == nullptr) {
LOGW("FileSystem::List: directory open failed %s: %d, %s", dirpath.c_str(),
errno, strerror(errno));
return false;
}
filenames->clear();
struct dirent* entry;
while ((entry = readdir(dir)) != nullptr) {
if (!IsCurrentOrParentDirectory(entry->d_name)) {
filenames->push_back(entry->d_name);
}
}
closedir(dir);
return true;
}
void FileSystem::set_origin(const std::string& origin) { origin_ = origin; }
void FileSystem::set_identifier(const std::string& identifier) {
identifier_ = identifier;
}
} // namespace wvcdm

62
linux/src/log.cpp Normal file
View File

@@ -0,0 +1,62 @@
// Copyright 2013 Google Inc. All Rights Reserved.
//
// Log - implemented using stdout.
#include "log.h"
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
namespace {
FILE* const kOutputFile = stdout;
} // namespace
namespace wvcdm {
LogPriority g_cutoff = LOG_WARN;
void InitLogging() {
// Note: The default log level is LOG_WARN, above. If you set the
// environment variable VERBOSE_LOG, you will get verbose logging. This is
// set by jenkins (http://go/wvbuild), so that we have more details when the
// build breaks.
const char* verbose_env = getenv("VERBOSE_LOG");
if (verbose_env && !strncmp(verbose_env, "yes", 3) ) {
g_cutoff = LOG_VERBOSE;
}
}
void Log(const char* file, const char* function, int line, LogPriority level,
const char* fmt, ...) {
const char* severities[] = { "ERROR", "WARN", "INFO", "DEBUG", "VERBOSE" };
if (level >=
static_cast<LogPriority>(sizeof(severities) / sizeof(*severities))) {
fprintf(kOutputFile, "[FATAL:%s(%d):%s] Invalid log priority level: %d\n",
file, line, function, level);
return;
}
if (level > g_cutoff) return;
// Strip off the the leading "../" that clutters the logs.
const char * up_dir = "../";
const size_t up_dir_size = strlen(up_dir);
while (strncmp(up_dir, file, up_dir_size) == 0) file += up_dir_size;
fprintf(kOutputFile, "[%s:%s(%d):%s] ", severities[level], file, line,
function);
va_list ap;
va_start(ap, fmt);
vfprintf(kOutputFile, fmt, ap);
va_end(ap);
putc('\n', kOutputFile);
fflush(kOutputFile);
}
} // namespace wvcdm

19
oem_certificate_generator/oem_certificate.py Normal file → Executable file
View File

@@ -1,3 +1,4 @@
#!/usr/bin/python3
# Copyright 2017 Google LLC. All Rights Reserved.
"""OEM certificate generation tool.
@@ -110,7 +111,7 @@ class X509CertificateChain(object):
x509_stack = pkcs7.d.sign.cert
certificates = []
for i in xrange(backend._lib.sk_X509_num(x509_stack)):
for i in range(backend._lib.sk_X509_num(x509_stack)):
x509_value = backend._ffi.gc(
backend._lib.X509_dup(backend._lib.sk_X509_value(x509_stack, i)),
backend._lib.X509_free)
@@ -134,6 +135,10 @@ class X509CertificateChain(object):
return backend._read_mem_bio(bio)
# Type for argparse to accept byte buffers on the command line
def utf8_bytes(utf8_str):
return utf8_str.encode('utf-8')
def _multiple_of_1024(key_size_str):
"""argparse custom type function for key size."""
key_size = int(key_size_str)
@@ -299,9 +304,9 @@ def generate_leaf_certificate(args):
def secure_erase(args):
"""Subparser handler for secure erasing of a file."""
length = args.file.tell()
for _ in xrange(args.passes):
for _ in range(args.passes):
args.file.seek(0)
for _ in xrange(length):
for _ in range(length):
args.file.write(os.urandom(1))
args.file.close()
os.remove(args.file.name)
@@ -403,6 +408,7 @@ def create_parser():
'--output_private_key_file', type=argparse.FileType('wb'), required=True)
parser_csr.add_argument(
'--passphrase',
type=utf8_bytes,
help=('specify an optional passphrase to encrypt the private key. The '
'private key is not encrypted if omitted.'))
parser_csr.set_defaults(func=generate_csr)
@@ -429,7 +435,7 @@ def create_parser():
'--root_certificate_file', type=argparse.FileType('rb'), required=True)
parser_intermediate_cert.add_argument(
'--root_private_key_file', type=argparse.FileType('rb'), required=True)
parser_intermediate_cert.add_argument('--root_private_key_passphrase')
parser_intermediate_cert.add_argument('--root_private_key_passphrase', type=utf8_bytes)
parser_intermediate_cert.add_argument(
'--output_certificate_file', type=argparse.FileType('wb'), required=True)
parser_intermediate_cert.set_defaults(func=generate_intermediate_certificate)
@@ -460,13 +466,14 @@ def create_parser():
'--intermediate_private_key_file',
type=argparse.FileType('rb'),
required=True)
parser_leaf_cert.add_argument('--intermediate_private_key_passphrase')
parser_leaf_cert.add_argument('--intermediate_private_key_passphrase', type=utf8_bytes)
parser_leaf_cert.add_argument(
'--output_certificate_file', type=argparse.FileType('wb'), required=True)
parser_leaf_cert.add_argument(
'--output_private_key_file', type=argparse.FileType('wb'), required=True)
parser_leaf_cert.add_argument(
'--passphrase',
type=utf8_bytes,
help=('specify an optional passphrase to encrypt the private key. The '
'private key is not encrypted if omitted.'))
parser_leaf_cert.set_defaults(func=generate_leaf_certificate)
@@ -497,7 +504,7 @@ def main():
args = sys.argv[1:]
config_file_name = 'oem_certificate.cfg'
if os.path.isfile(config_file_name):
print 'Load from args default configuration file: ', config_file_name
print('Load from args default configuration file: ', config_file_name)
args.append('@' + config_file_name)
parser_args = create_parser().parse_args(args)
parser_args.func(parser_args)

25
oem_certificate_generator/oem_certificate_test_helper.py
View File

@@ -1,9 +1,10 @@
#!/usr/bin/python3
# Copyright 2017 Google LLC. All Rights Reserved.
"""Common test utility functions for OEM certificate generation."""
import datetime
import StringIO
import io
from cryptography import x509
from cryptography.hazmat import backends
@@ -24,7 +25,7 @@ _NOT_VALID_BEFORE = datetime.datetime(2001, 8, 9)
_VALID_DURATION = 100
_LEAF_CERT_VALID_DURATION = 8000
_SYSTEM_ID = 2001
_ROOT_PRIVATE_KEY_PASSPHRASE = 'root_passphrase'
_ROOT_PRIVATE_KEY_PASSPHRASE = b'root_passphrase'
class ArgParseObject(object):
@@ -67,11 +68,11 @@ def setup_csr_args(country_name=_COUNTRY_NAME,
if output_csr_file:
args.output_csr_file = output_csr_file
else:
args.output_csr_file = StringIO.StringIO()
args.output_csr_file = io.BytesIO()
if output_private_key_file:
args.output_private_key_file = output_private_key_file
else:
args.output_private_key_file = StringIO.StringIO()
args.output_private_key_file = io.BytesIO()
args.passphrase = passphrase
return args
@@ -86,12 +87,12 @@ def setup_intermediate_cert_args(
args.not_valid_before = not_valid_before
args.valid_duration = valid_duration
args.system_id = system_id
args.csr_file = StringIO.StringIO(csr_bytes)
args.csr_file = io.BytesIO(csr_bytes)
args.root_private_key_passphrase = root_private_key_passphrase
if output_certificate_file:
args.output_certificate_file = output_certificate_file
else:
args.output_certificate_file = StringIO.StringIO()
args.output_certificate_file = io.BytesIO()
serialized_private_key = root_key.private_bytes(
serialization.Encoding.DER,
@@ -100,8 +101,8 @@ def setup_intermediate_cert_args(
args.root_private_key_passphrase))
serialized_certificate = root_certificate.public_bytes(
serialization.Encoding.DER)
args.root_certificate_file = StringIO.StringIO(serialized_certificate)
args.root_private_key_file = StringIO.StringIO(serialized_private_key)
args.root_certificate_file = io.BytesIO(serialized_certificate)
args.root_private_key_file = io.BytesIO(serialized_private_key)
return args
@@ -122,16 +123,16 @@ def setup_leaf_cert_args(intermediate_key_bytes,
if output_certificate_file:
args.output_certificate_file = output_certificate_file
else:
args.output_certificate_file = StringIO.StringIO()
args.output_certificate_file = io.BytesIO()
if output_private_key_file:
args.output_private_key_file = output_private_key_file
else:
args.output_private_key_file = StringIO.StringIO()
args.output_private_key_file = io.BytesIO()
args.passphrase = passphrase
args.intermediate_private_key_file = StringIO.StringIO(
args.intermediate_private_key_file = io.BytesIO(
intermediate_key_bytes)
args.intermediate_certificate_file = StringIO.StringIO(
args.intermediate_certificate_file = io.BytesIO(
intermediate_certificate_bytes)
return args

8
oemcrypto/include/oemcrypto_types.h
View File

@@ -23,6 +23,14 @@ typedef struct WidevineKeybox { // 128 bytes total.
uint8_t crc_[4];
} WidevineKeybox;
// This is the format for a key control block.
typedef struct {
uint8_t verification[4];
uint32_t duration;
uint32_t nonce;
uint32_t control_bits;
} KeyControlBlock;
/*
* SRM_Restriction_Data
*

13
oemcrypto/odk/Android.bp
View File

@@ -5,6 +5,18 @@
// ----------------------------------------------------------------
// Builds libwv_odk.a, The ODK Library (libwv_odk) is used by
// the CDM and by oemcrypto implementations.
// *** THIS PACKAGE HAS SPECIAL LICENSING CONDITIONS. PLEASE
// CONSULT THE OWNERS AND opensource-licensing@google.com BEFORE
// DEPENDING ON IT IN YOUR PROJECT. ***
package {
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "vendor_widevine_license"
// to get the below license kinds:
// legacy_by_exception_only (by exception only)
default_applicable_licenses: ["vendor_widevine_license"],
}
cc_library_static {
name: "libwv_odk",
include_dirs: [
@@ -15,6 +27,7 @@ cc_library_static {
srcs: [
"src/odk.c",
"src/odk_message.c",
"src/odk_overflow.c",
"src/odk_serialize.c",
"src/odk_timer.c",

6
oemcrypto/odk/README
View File

@@ -1,8 +1,6 @@
This ODK Library is used to generate and parse core OEMCrypto messages for
OEMCrypto v16 and above.
This library is used by both OEMCrypto on a device, and by Widevine license and
provisioning servers.
OEMCrypto v16 and above. This library is used by both OEMCrypto on a device
and by Widevine license and provisioning servers.
The source of truth for these files is in the server code base on piper. Do not
edit these files in the Android directory tree or in the Widevine Git

10
oemcrypto/odk/include/OEMCryptoCENCCommon.h
View File

@@ -61,7 +61,7 @@ typedef enum OEMCryptoResult {
OEMCrypto_ERROR_INVALID_NONCE = 32,
OEMCrypto_ERROR_TOO_MANY_KEYS = 33,
OEMCrypto_ERROR_DEVICE_NOT_RSA_PROVISIONED = 34,
OEMCrypto_ERROR_INVALID_RSA_KEY = 35,
OEMCrypto_ERROR_INVALID_RSA_KEY = 35, /* deprecated */
OEMCrypto_ERROR_KEY_EXPIRED = 36,
OEMCrypto_ERROR_INSUFFICIENT_RESOURCES = 37,
OEMCrypto_ERROR_INSUFFICIENT_HDCP = 38,
@@ -87,6 +87,9 @@ typedef enum OEMCryptoResult {
OEMCrypto_ERROR_LICENSE_RELOAD = 57,
OEMCrypto_ERROR_MULTIPLE_USAGE_ENTRIES = 58,
OEMCrypto_WARNING_MIXED_OUTPUT_PROTECTION = 59,
OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION = 60,
OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING = 61,
OEMCrypto_ERROR_INVALID_KEY = 65,
/* ODK return values */
ODK_ERROR_BASE = 1000,
ODK_ERROR_CORE_MESSAGE = ODK_ERROR_BASE,
@@ -95,6 +98,11 @@ typedef enum OEMCryptoResult {
ODK_TIMER_EXPIRED = ODK_ERROR_BASE + 3,
ODK_UNSUPPORTED_API = ODK_ERROR_BASE + 4,
ODK_STALE_RENEWAL = ODK_ERROR_BASE + 5,
/* OPK return values */
OPK_ERROR_BASE = 2000,
OPK_ERROR_REMOTE_CALL = OPK_ERROR_BASE,
OPK_ERROR_INCOMPATIBLE_VERSION = OPK_ERROR_BASE + 1,
OPK_ERROR_NO_PERSISTENT_DATA = OPK_ERROR_BASE + 2,
} OEMCryptoResult;
/* clang-format on */

4
oemcrypto/odk/include/odk_attributes.h
View File

@@ -6,9 +6,9 @@
#define WIDEVINE_ODK_INCLUDE_ODK_ATTRIBUTES_H_
#if defined(__GNUC__) || defined(__clang__)
# define UNUSED __attribute__((__unused__))
#define UNUSED __attribute__((__unused__))
#else
# define UNUSED
#define UNUSED
#endif
#endif // WIDEVINE_ODK_INCLUDE_ODK_ATTRIBUTES_H_

143
oemcrypto/odk/include/odk_message.h Normal file
View File

@@ -0,0 +1,143 @@
/*
* Copyright 2019 Google LLC. All Rights Reserved. This file and proprietary
* source code may only be used and distributed under the Widevine
* License Agreement.
*/
#ifndef WIDEVINE_ODK_INCLUDE_ODK_MESSAGE_H_
#define WIDEVINE_ODK_INCLUDE_ODK_MESSAGE_H_
#ifdef __cplusplus
extern "C" {
#endif
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
/*
* ODK_Message is the structure that defines the serialized messages passed
* between the REE and TEE. ODK_Message is an abstract data type that represents
* the concept of a message without disclosing the implementation details. By
* hiding the internal structure, modification of the message fields by code
* that is not privy to the message definition can be prevented. If the message
* definition was exposed, there could be serious yet subtle errors in message
* manipulation anywhere in the code base. By restricting message modification
* it is possible to enforce validity and integrity with a small set of
* primitives that can be carefully reviewed. Checks can be added to verify that
* a message's fields are internally consistent before every operation. As an
* example, it can be guaranteed that the message status will be checked prior
* to accessing any field so parsing will be stopped when the message status is
* set after any parse error is detected. This also makes development easier
* since any access to the message structure can be tracked through a single
* point so, for example, it becomes possible to add trace statements globally
* to all message operations by only changing the field accessors. Finally it
* simplifies maintenance by localizing changes to the message structure to a
* few files.
*/
#if defined(__GNUC__) || defined(__clang__)
# define ALIGNED __attribute__((aligned))
#else
# define ALIGNED
# error ODK_Message must be aligned to the maximum useful alignment of the \
machine you are compiling for. Define the ALIGNED macro accordingly.
#endif
typedef struct {
#define SIZE_OF_ODK_MESSAGE_IMPL 64
uint8_t opaque_data[SIZE_OF_ODK_MESSAGE_IMPL];
} ALIGNED ODK_Message;
typedef enum {
MESSAGE_STATUS_OK = 0xe937fcf7,
MESSAGE_STATUS_UNKNOWN_ERROR = 0xe06c1190,
MESSAGE_STATUS_OVERFLOW_ERROR = 0xc43ae4bc,
MESSAGE_STATUS_UNDERFLOW_ERROR = 0x7123cd0b,
MESSAGE_STATUS_PARSE_ERROR = 0x0b9f6189,
MESSAGE_STATUS_NULL_POINTER_ERROR = 0x2d66837a,
MESSAGE_STATUS_API_VALUE_ERROR = 0x6ba34f47,
MESSAGE_STATUS_END_OF_MESSAGE_ERROR = 0x998db72a,
MESSAGE_STATUS_INVALID_ENUM_VALUE = 0xedb88197,
MESSAGE_STATUS_INVALID_TAG_ERROR = 0x14dce06a,
MESSAGE_STATUS_NOT_INITIALIZED = 0x2990b6c6,
MESSAGE_STATUS_OUT_OF_MEMORY = 0xfc5c64cc,
MESSAGE_STATUS_MAP_SHARED_MEMORY_FAILED = 0xfafecacf,
MESSAGE_STATUS_SECURE_BUFFER_ERROR = 0x78f0e873
} ODK_MessageStatus;
/*
* Create a message structure that references a separate data buffer. An
* initialized message is returned. The caller is responsible for ensuring that
* the buffer remains allocated for the lifetime of the message. If |buffer|
* is NULL or |capacity| is zero, the message is invalid and the status
* will be set to MESSAGE_STATUS_NOT_INITIALIZED.
*/
ODK_Message ODK_Message_Create(uint8_t* buffer, size_t capacity);
/*
* Erase the contents of the message, set it to an empty state by setting the
* message size and read offset to 0, effectively erasing the contents of the
* message. The message data buffer pointer remains unchanged, i.e. the message
* retains ownership of the buffer. The message status is reset to
* MESSAGE_STATUS_OK.
*/
void ODK_Message_Clear(ODK_Message* message);
/*
* Reset read pointer to the beginning of the message and clear status
* so that parsing of the message will restart at the beginning of the
* message. The message status is reset to MESSAGE_STATUS_OK.
*/
void ODK_Message_Reset(ODK_Message* message);
/*
* Return a pointer to the message data buffer, i.e. the message payload.
* This is the buffer address that was passed into ODK_Message_Create.
*/
uint8_t* ODK_Message_GetBase(ODK_Message* message);
/*
* Get the maximum number of bytes the message can hold.
*/
size_t ODK_Message_GetCapacity(ODK_Message* message);
/*
* Get the number of bytes currently in the message
*/
size_t ODK_Message_GetSize(ODK_Message* message);
/*
* Get the offset of where the next bytes will be read from the message data
* buffer.
*/
size_t ODK_Message_GetOffset(ODK_Message* message);
/*
* Return the status of the message
*/
ODK_MessageStatus ODK_Message_GetStatus(ODK_Message* message);
/*
* Set the message status to a specific value
*/
void ODK_Message_SetStatus(ODK_Message* message, ODK_MessageStatus status);
/*
* Set the size of the message to a value. This may be needed after writing data
* into the message data buffer.
*/
void ODK_Message_SetSize(ODK_Message* message, size_t size);
/*
* Test if the integrity of a message. This means that the status must be
* MESSAGE_STATUS_OK and that the internal fields of the message are
* within the range of valid values.
*/
bool ODK_Message_IsValid(ODK_Message* message);
#ifdef __cplusplus
} // extern "C"
#endif
#endif // WIDEVINE_ODK_INCLUDE_ODK_MESSAGE_H_

2
oemcrypto/odk/include/odk_structs.h
View File

@@ -15,7 +15,7 @@
#define ODK_MINOR_VERSION 4
/* ODK Version string. Date changed automatically on each release. */
#define ODK_RELEASE_DATE "ODK v16.4 2020-10-07"
#define ODK_RELEASE_DATE "ODK v16.4 2020-10-23"
/* The lowest version number for an ODK message. */
#define ODK_FIRST_VERSION 16

12
oemcrypto/odk/src/core_message_deserialize.cpp
View File

@@ -39,13 +39,11 @@ bool ParseRequest(uint32_t message_type,
reinterpret_cast<const uint8_t*>(oemcrypto_core_message.c_str());
const size_t buf_length = oemcrypto_core_message.size();
uint8_t blk[SIZE_OF_MESSAGE_STRUCT];
Message* msg = reinterpret_cast<Message*>(blk);
InitMessage(msg, const_cast<uint8_t*>(buf), buf_length);
SetSize(msg, buf_length);
ODK_Message msg = ODK_Message_Create(const_cast<uint8_t*>(buf), buf_length);
ODK_Message_SetSize(&msg, buf_length);
unpacker(msg, prepared);
if (!ValidMessage(msg)) {
unpacker(&msg, prepared);
if (!ODK_Message_IsValid(&msg)) {
return false;
}
@@ -80,7 +78,7 @@ bool ParseRequest(uint32_t message_type,
// than the total message size. We allow the total message size to be larger
// for forward compatibility because future messages might have extra fields
// that we can ignore.
if (core_message.message_length < GetOffset(msg)) return false;
if (core_message.message_length < ODK_Message_GetOffset(&msg)) return false;
return true;
}

18
oemcrypto/odk/src/core_message_serialize.cpp
View File

@@ -50,18 +50,16 @@ bool CreateResponse(uint32_t message_type, const S& core_request,
static constexpr size_t BUF_CAPACITY = 2048;
std::vector<uint8_t> buf(BUF_CAPACITY, 0);
uint8_t blk[SIZE_OF_MESSAGE_STRUCT];
Message* msg = reinterpret_cast<Message*>(blk);
InitMessage(msg, buf.data(), buf.capacity());
packer(msg, &response);
if (!ValidMessage(msg)) {
ODK_Message msg = ODK_Message_Create(buf.data(), buf.capacity());
packer(&msg, &response);
if (!ODK_Message_IsValid(&msg)) {
return false;
}
uint32_t message_length = GetSize(msg);
InitMessage(msg, buf.data() + sizeof(header->message_type),
sizeof(header->message_length));
Pack_uint32_t(msg, &message_length);
uint32_t message_length = static_cast<uint32_t>(ODK_Message_GetSize(&msg));
msg = ODK_Message_Create(buf.data() + sizeof(header->message_type),
sizeof(header->message_length));
Pack_uint32_t(&msg, &message_length);
oemcrypto_core_message->assign(reinterpret_cast<const char*>(buf.data()),
message_length);
return true;
@@ -74,7 +72,7 @@ bool CopyDeviceId(const ODK_ProvisioningRequest& src,
if (request.device_id_length > sizeof(request.device_id)) {
return false;
}
request.device_id_length = device_id.size();
request.device_id_length = static_cast<uint32_t>(device_id.size());
memset(request.device_id, 0, sizeof(request.device_id));
memcpy(request.device_id, device_id.data(), request.device_id_length);
return true;

49
oemcrypto/odk/src/odk.c
View File

@@ -27,9 +27,7 @@ static OEMCryptoResult ODK_PrepareRequest(
return ODK_ERROR_CORE_MESSAGE;
}
uint8_t blk[SIZE_OF_MESSAGE_STRUCT];
Message* msg = (Message*)blk;
InitMessage(msg, message, *core_message_length);
ODK_Message msg = ODK_Message_Create(message, *core_message_length);
/* The core message should be at the beginning of the buffer, and with a
* shorter length. */
@@ -52,7 +50,7 @@ static OEMCryptoResult ODK_PrepareRequest(
return ODK_ERROR_CORE_MESSAGE;
}
Pack_ODK_PreparedLicenseRequest(
msg, (ODK_PreparedLicenseRequest*)prepared_request_buffer);
&msg, (ODK_PreparedLicenseRequest*)prepared_request_buffer);
break;
}
case ODK_Renewal_Request_Type: {
@@ -61,7 +59,7 @@ static OEMCryptoResult ODK_PrepareRequest(
return ODK_ERROR_CORE_MESSAGE;
}
Pack_ODK_PreparedRenewalRequest(
msg, (ODK_PreparedRenewalRequest*)prepared_request_buffer);
&msg, (ODK_PreparedRenewalRequest*)prepared_request_buffer);
break;
}
case ODK_Provisioning_Request_Type: {
@@ -71,7 +69,7 @@ static OEMCryptoResult ODK_PrepareRequest(
return ODK_ERROR_CORE_MESSAGE;
}
Pack_ODK_PreparedProvisioningRequest(
msg, (ODK_PreparedProvisioningRequest*)prepared_request_buffer);
&msg, (ODK_PreparedProvisioningRequest*)prepared_request_buffer);
break;
}
default: {
@@ -80,13 +78,13 @@ static OEMCryptoResult ODK_PrepareRequest(
}
*core_message_length = core_message->message_length;
if (GetStatus(msg) != MESSAGE_STATUS_OK) {
if (ODK_Message_GetStatus(&msg) != MESSAGE_STATUS_OK) {
/* This is to indicate the caller that the core_message_length has been
* appropriately set, but the message buffer is either empty or too small,
* which needs to be initialized and filled in the subsequent call. */
return OEMCrypto_ERROR_SHORT_BUFFER;
}
if (GetSize(msg) != *core_message_length) {
if (ODK_Message_GetSize(&msg) != *core_message_length) {
/* This should not happen. Something is wrong. */
return ODK_ERROR_CORE_MESSAGE;
}
@@ -102,20 +100,11 @@ static OEMCryptoResult ODK_ParseResponse(
return ODK_ERROR_CORE_MESSAGE;
}
uint8_t blk[SIZE_OF_MESSAGE_STRUCT];
Message* msg = (Message*)blk;
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-qual"
/* We initialize the message buffer with a size of the entire message
* length. */
/* TODO(b/164486737): Fix the cast-qual warning */
InitMessage(msg, (uint8_t*)message, message_length);
#pragma GCC diagnostic pop
ODK_Message msg = ODK_Message_Create((uint8_t*)message, message_length);
/* The core message should be at the beginning of the buffer, and with a
* shorter length. The core message is the part we are parsing. */
SetSize(msg, core_message_length);
ODK_Message_SetSize(&msg, core_message_length);
/* Parse message and unpack it into response buffer. */
switch (message_type) {
@@ -123,14 +112,14 @@ static OEMCryptoResult ODK_ParseResponse(
if (sizeof(ODK_LicenseResponse) > response_buffer_length) {
return ODK_ERROR_CORE_MESSAGE;
}
Unpack_ODK_LicenseResponse(msg, (ODK_LicenseResponse*)response_buffer);
Unpack_ODK_LicenseResponse(&msg, (ODK_LicenseResponse*)response_buffer);
break;
}
case ODK_Renewal_Response_Type: {
if (sizeof(ODK_RenewalResponse) > response_buffer_length) {
return ODK_ERROR_CORE_MESSAGE;
}
Unpack_ODK_RenewalResponse(msg, (ODK_RenewalResponse*)response_buffer);
Unpack_ODK_RenewalResponse(&msg, (ODK_RenewalResponse*)response_buffer);
break;
}
case ODK_Provisioning_Response_Type: {
@@ -138,7 +127,7 @@ static OEMCryptoResult ODK_ParseResponse(
return ODK_ERROR_CORE_MESSAGE;
}
Unpack_ODK_ProvisioningResponse(
msg, (ODK_ProvisioningResponse*)response_buffer);
&msg, (ODK_ProvisioningResponse*)response_buffer);
break;
}
default: {
@@ -147,9 +136,9 @@ static OEMCryptoResult ODK_ParseResponse(
}
ODK_CoreMessage* core_message = (ODK_CoreMessage*)response_buffer;
if (GetStatus(msg) != MESSAGE_STATUS_OK ||
if (ODK_Message_GetStatus(&msg) != MESSAGE_STATUS_OK ||
message_type != core_message->message_type ||
GetOffset(msg) != core_message->message_length) {
ODK_Message_GetOffset(&msg) != core_message->message_length) {
return ODK_ERROR_CORE_MESSAGE;
}
@@ -174,7 +163,7 @@ OEMCryptoResult ODK_PrepareCoreLicenseRequest(
return ODK_ERROR_CORE_MESSAGE;
}
ODK_PreparedLicenseRequest license_request = {
{0, 0, {}},
{0, 0, {0}},
};
return ODK_PrepareRequest(
message, message_length, core_message_length, ODK_License_Request_Type,
@@ -203,7 +192,7 @@ OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message,
return OEMCrypto_SUCCESS;
}
ODK_PreparedRenewalRequest renewal_request = {{0, 0, {}}, 0};
ODK_PreparedRenewalRequest renewal_request = {{0, 0, {0}}, 0};
/* First, we compute the time this request was made relative to the playback
* clock. */
if (clock_values->time_of_first_decrypt == 0) {
@@ -237,7 +226,7 @@ OEMCryptoResult ODK_PrepareCoreProvisioningRequest(
return ODK_ERROR_CORE_MESSAGE;
}
ODK_PreparedProvisioningRequest provisioning_request = {
{0, 0, {}},
{0, 0, {0}},
0,
{0},
};
@@ -267,7 +256,7 @@ OEMCryptoResult ODK_ParseLicense(
return ODK_ERROR_CORE_MESSAGE;
}
ODK_LicenseResponse license_response = {{{0, 0, {}}}, NULL, {0}};
ODK_LicenseResponse license_response = {{{0, 0, {0}}}, NULL, {0}};
license_response.parsed_license = parsed_license;
const OEMCryptoResult err = ODK_ParseResponse(
@@ -354,7 +343,7 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
}
ODK_RenewalResponse renewal_response = {
{{0, 0, {}}, 0},
{{0, 0, {0}}, 0},
0,
};
const OEMCryptoResult err = ODK_ParseResponse(
@@ -393,7 +382,7 @@ OEMCryptoResult ODK_ParseProvisioning(
return ODK_ERROR_CORE_MESSAGE;
}
ODK_ProvisioningResponse provisioning_response = {{{0, 0, {}}, 0, {0}}, NULL};
ODK_ProvisioningResponse provisioning_response = {{{0, 0, {0}}, 0, {0}}, NULL};
provisioning_response.parsed_provisioning = parsed_response;
if (device_id_length > ODK_DEVICE_ID_LEN_MAX) {

20
oemcrypto/odk/src/odk.gyp
View File

@@ -5,8 +5,10 @@
{
'targets': [
{
'toolsets' : [ 'target' ],
'target_name': 'odk',
'type': 'static_library',
'standalone_static_library': 1,
'include_dirs': [
'../include',
'../../include',
@@ -14,9 +16,27 @@
'includes' : [
'odk.gypi',
],
'cflags': [
# TODO(b/172518513): Remove this
'-Wno-error=cast-qual',
],
'cflags_c': [
# TODO(b/159354894): Remove this
'-Wno-error=bad-function-cast',
],
'defines': [
# Needed for <endian.h> to work.
'_DEFAULT_SOURCE',
],
'direct_dependent_settings': {
'defines': [
# Needed for <endian.h> to work.
'_DEFAULT_SOURCE',
],
'include_dirs': [
'.',
'../include',
'../../include',
],
}
},

1
oemcrypto/odk/src/odk.gypi
View File

@@ -7,6 +7,7 @@
{
'sources': [
'odk.c',
'odk_message.c',
'odk_overflow.c',
'odk_serialize.c',
'odk_timer.c',

14
oemcrypto/odk/src/odk_endian.h
View File

@@ -11,11 +11,23 @@ extern "C" {
#if defined(__linux__) || defined(__ANDROID__)
#include <endian.h>
#define oemcrypto_htobe16 htobe16
#define oemcrypto_be16toh be16toh
#define oemcrypto_htobe32 htobe32
#define oemcrypto_be32toh be32toh
#define oemcrypto_htobe64 htobe64
#define oemcrypto_be64toh be64toh
#else /* defined(__linux__) || defined(__ANDROID__) */
#elif defined(__APPLE__)
#include <libkern/OSByteOrder.h>
#define oemcrypto_htobe16 OSSwapHostToBigInt16
#define oemcrypto_be16toh OSSwapBigToHostInt16
#define oemcrypto_htobe32 OSSwapHostToBigInt32
#define oemcrypto_be32toh OSSwapBigToHostInt32
#define oemcrypto_htobe64 OSSwapHostToBigInt64
#define oemcrypto_be64toh OSSwapBigToHostInt64
#else /* defined(__linux__) || defined(__ANDROID__) */
uint32_t oemcrypto_htobe16(uint16_t u16);
uint32_t oemcrypto_be16toh(uint16_t u16);
uint32_t oemcrypto_htobe32(uint32_t u32);
uint32_t oemcrypto_be32toh(uint32_t u32);
uint64_t oemcrypto_htobe64(uint64_t u64);

171
oemcrypto/odk/src/odk_message.c Normal file
View File

@@ -0,0 +1,171 @@
/*
* Copyright 2019 Google LLC. All Rights Reserved. This file and proprietary
* source code may only be used and distributed under the Widevine
* License Agreement.
*/
#include "odk_message.h"
#include "odk_message_priv.h"
#include <assert.h>
#include <stdio.h>
#include <string.h>
/*
* C11 defines static_assert in assert.h. If it is available, force a compile
* time error if the abstract ODK_Message struct size does not match its
* implementation. If static_assert is not available, the runtime assert in
* InitMessage will catch the mismatch at the time a message is initialized.
*/
#ifdef static_assert
static_assert(
sizeof(ODK_Message) >= sizeof(ODK_Message_Impl),
"sizeof(ODK_Message) is too small. You can increase "
"SIZE_OF_ODK_MESSAGE_IMPL in odk_message.h to make it large enough.");
#endif
/*
* Create a message structure that references a separate data buffer. An
* initialized message is returned. The caller is responsible for ensuring that
* the buffer remains allocated for the lifetime of the message. |buffer| may be
* NULL. Serialization into a message with a NULL buffer will cause the message
* size to be incremented, but no data will be written into the message
* buffer. This is useful for calculating the amount of space a message will
* need, prior to doing the actual serialization. The buffer contents are
* unchanged by this function.
*/
ODK_Message ODK_Message_Create(uint8_t* buffer, size_t capacity) {
assert(sizeof(ODK_Message) >= sizeof(ODK_Message_Impl));
ODK_Message message;
ODK_Message_Impl* message_impl = (ODK_Message_Impl*)&message;
message_impl->base = buffer;
message_impl->capacity = capacity;
message_impl->size = 0;
message_impl->read_offset = 0;
message_impl->status = MESSAGE_STATUS_OK;
return message;
}
/*
* Erase the contents of the message, set it to an empty state by setting the
* message size and read offset to 0, effectively erasing the contents of the
* message. The message data buffer pointer remains unchanged, i.e. the message
* retains ownership of the buffer. The message buffer is zero-filled. The
* message status is reset to MESSAGE_STATUS_OK.
*/
void ODK_Message_Clear(ODK_Message* message) {
ODK_Message_Impl* message_impl = (ODK_Message_Impl*)message;
assert(message_impl != NULL);
message_impl->read_offset = 0;
message_impl->size = 0;
message_impl->status = MESSAGE_STATUS_OK;
if (message_impl->base) {
memset(message_impl->base, 0, message_impl->capacity);
}
}
/*
* Reset read pointer to the beginning of the message and clear status
* so that parsing of the message will restart at the beginning of the
* message. The message status is reset to MESSAGE_STATUS_OK.
*/
void ODK_Message_Reset(ODK_Message* message) {
ODK_Message_Impl* message_impl = (ODK_Message_Impl*)message;
assert(message_impl != NULL);
message_impl->read_offset = 0;
message_impl->status = MESSAGE_STATUS_OK;
}
/*
* Return a pointer to the message data buffer, i.e. the message payload.
* This is the buffer address that was passed into ODK_Message_Create.
*/
uint8_t* ODK_Message_GetBase(ODK_Message* message) {
ODK_Message_Impl* message_impl = (ODK_Message_Impl*)message;
assert(message_impl != NULL);
return message_impl->base;
}
/*
* Get the maximum number of bytes the message can hold.
*/
size_t ODK_Message_GetCapacity(ODK_Message* message) {
ODK_Message_Impl* message_impl = (ODK_Message_Impl*)message;
assert(message_impl != NULL);
return message_impl->capacity;
}
/*
* Get the number of bytes currently in the message
*/
size_t ODK_Message_GetSize(ODK_Message* message) {
ODK_Message_Impl* message_impl = (ODK_Message_Impl*)message;
assert(message_impl != NULL);
return message_impl->size;
}
/*
* Get the offset of where the next bytes will be read from the message data
* buffer.
*/
size_t ODK_Message_GetOffset(ODK_Message* message) {
ODK_Message_Impl* message_impl = (ODK_Message_Impl*)message;
assert(message_impl != NULL);
return message_impl->read_offset;
}
/*
* Return the status of the message
*/
ODK_MessageStatus ODK_Message_GetStatus(ODK_Message* message) {
ODK_Message_Impl* message_impl = (ODK_Message_Impl*)message;
assert(message_impl != NULL);
return message_impl->status;
}
/*
* Set the message status to a specific value
*/
void ODK_Message_SetStatus(ODK_Message* message, ODK_MessageStatus status) {
ODK_Message_Impl* message_impl = (ODK_Message_Impl*)message;
assert(message_impl != NULL);
/* preserve the first error */
if (message_impl->status == MESSAGE_STATUS_OK) {
message_impl->status = status;
}
}
/*
* Set the size of the message to a value. This may be needed after writing data
* into the message data buffer.
*/
void ODK_Message_SetSize(ODK_Message* message, size_t size) {
ODK_Message_Impl* message_impl = (ODK_Message_Impl*)message;
assert(message_impl != NULL);
assert(size <= message_impl->capacity);
message_impl->size = size;
}
/*
* Test if the integrity of a message. This means that the status must be
* MESSAGE_STATUS_OK and that the base, read_offset, size and capacity of the
* message are within the range of valid values. The message's base pointer
* may be NULL if the buffer has not been assigned yet, that is not invalid.
*/
bool ODK_Message_IsValid(ODK_Message* message) {
assert(message);
ODK_Message_Impl* message_impl = (ODK_Message_Impl*)message;
if (message_impl == NULL) {
return false;
}
if (message_impl->status != MESSAGE_STATUS_OK) {
return false;
}
if (message_impl->read_offset > message_impl->capacity ||
message_impl->size > message_impl->capacity ||
message_impl->read_offset > message_impl->size) {
message_impl->status = MESSAGE_STATUS_OVERFLOW_ERROR;
return false;
}
return true;
}

41
oemcrypto/odk/src/odk_message_priv.h Normal file
View File

@@ -0,0 +1,41 @@
/*
* Copyright 2019 Google LLC. All Rights Reserved. This file and proprietary
* source code may only be used and distributed under the Widevine
* License Agreement.
*/
#ifndef WIDEVINE_ODK_INCLUDE_ODK_MESSAGE_PRIV_H_
#define WIDEVINE_ODK_INCLUDE_ODK_MESSAGE_PRIV_H_
#ifdef __cplusplus
extern "C" {
#endif
/*
* This file must only be included by odk_message.c and serialization_base.c.
*/
#include <stddef.h>
#include <stdint.h>
/*
* This is the implementation of a message. This structure is private, i.e. it
* should only be included by files that are allowed to modify the internals of
* a message, that being odk_message.c and serialization_base.c. To ensure
* proper alignment and message size, an ODK_Message_Impl should never be
* allocated directly, instead allocate ODK_Message and cast to ODK_Message_Impl
* because ODK_Message_Impl may be smaller than ODK_Message.
*/
typedef struct {
uint8_t* base;
size_t capacity;
size_t size;
size_t read_offset;
ODK_MessageStatus status;
} ODK_Message_Impl;
#ifdef __cplusplus
} // extern "C"
#endif
#endif // WIDEVINE_ODK_INCLUDE_ODK_MESSAGE_PRIV_H_

10
oemcrypto/odk/src/odk_overflow.c
View File

@@ -34,3 +34,13 @@ int odk_add_overflow_ux(size_t a, size_t b, size_t* c) {
}
return 1;
}
int odk_mul_overflow_ux(size_t a, size_t b, size_t* c) {
if (b > 0 && a > SIZE_MAX / b) {
return 1;
}
if (c) {
*c = a * b;
}
return 0;
}

1
oemcrypto/odk/src/odk_overflow.h
View File

@@ -15,6 +15,7 @@ extern "C" {
int odk_sub_overflow_u64(uint64_t a, uint64_t b, uint64_t* c);
int odk_add_overflow_u64(uint64_t a, uint64_t b, uint64_t* c);
int odk_add_overflow_ux(size_t a, size_t b, size_t* c);
int odk_mul_overflow_ux(size_t a, size_t b, size_t* c);
#ifdef __cplusplus
}

58
oemcrypto/odk/src/odk_serialize.c
View File

@@ -13,20 +13,20 @@
/* @@ private serialize */
static void Pack_ODK_NonceValues(Message* msg, ODK_NonceValues const* obj) {
static void Pack_ODK_NonceValues(ODK_Message* msg, ODK_NonceValues const* obj) {
Pack_uint16_t(msg, &obj->api_minor_version);
Pack_uint16_t(msg, &obj->api_major_version);
Pack_uint32_t(msg, &obj->nonce);
Pack_uint32_t(msg, &obj->session_id);
}
static void Pack_ODK_CoreMessage(Message* msg, ODK_CoreMessage const* obj) {
static void Pack_ODK_CoreMessage(ODK_Message* msg, ODK_CoreMessage const* obj) {
Pack_uint32_t(msg, &obj->message_type);
Pack_uint32_t(msg, &obj->message_length);
Pack_ODK_NonceValues(msg, &obj->nonce_values);
}
static void Pack_OEMCrypto_KeyObject(Message* msg,
static void Pack_OEMCrypto_KeyObject(ODK_Message* msg,
OEMCrypto_KeyObject const* obj) {
Pack_OEMCrypto_Substring(msg, &obj->key_id);
Pack_OEMCrypto_Substring(msg, &obj->key_data_iv);
@@ -35,7 +35,7 @@ static void Pack_OEMCrypto_KeyObject(Message* msg,
Pack_OEMCrypto_Substring(msg, &obj->key_control);
}
static void Pack_ODK_TimerLimits(Message* msg, ODK_TimerLimits const* obj) {
static void Pack_ODK_TimerLimits(ODK_Message* msg, ODK_TimerLimits const* obj) {
Pack_bool(msg, &obj->soft_enforce_rental_duration);
Pack_bool(msg, &obj->soft_enforce_playback_duration);
Pack_uint64_t(msg, &obj->earliest_playback_start_seconds);
@@ -44,10 +44,11 @@ static void Pack_ODK_TimerLimits(Message* msg, ODK_TimerLimits const* obj) {
Pack_uint64_t(msg, &obj->initial_renewal_duration_seconds);
}
static void Pack_ODK_ParsedLicense(Message* msg, ODK_ParsedLicense const* obj) {
static void Pack_ODK_ParsedLicense(ODK_Message* msg,
ODK_ParsedLicense const* obj) {
/* hand-coded */
if (obj->key_array_length > ODK_MAX_NUM_KEYS) {
SetStatus(msg, MESSAGE_STATUS_OVERFLOW_ERROR);
ODK_Message_SetStatus(msg, MESSAGE_STATUS_OVERFLOW_ERROR);
return;
}
Pack_OEMCrypto_Substring(msg, &obj->enc_mac_keys_iv);
@@ -64,7 +65,7 @@ static void Pack_ODK_ParsedLicense(Message* msg, ODK_ParsedLicense const* obj) {
}
}
static void Pack_ODK_ParsedProvisioning(Message* msg,
static void Pack_ODK_ParsedProvisioning(ODK_Message* msg,
ODK_ParsedProvisioning const* obj) {
Pack_enum(msg, obj->key_type);
Pack_OEMCrypto_Substring(msg, &obj->enc_private_key);
@@ -74,19 +75,19 @@ static void Pack_ODK_ParsedProvisioning(Message* msg,
/* @@ odk serialize */
void Pack_ODK_PreparedLicenseRequest(Message* msg,
void Pack_ODK_PreparedLicenseRequest(ODK_Message* msg,
ODK_PreparedLicenseRequest const* obj) {
Pack_ODK_CoreMessage(msg, &obj->core_message);
}
void Pack_ODK_PreparedRenewalRequest(Message* msg,
void Pack_ODK_PreparedRenewalRequest(ODK_Message* msg,
ODK_PreparedRenewalRequest const* obj) {
Pack_ODK_CoreMessage(msg, &obj->core_message);
Pack_uint64_t(msg, &obj->playback_time);
}
void Pack_ODK_PreparedProvisioningRequest(
Message* msg, ODK_PreparedProvisioningRequest const* obj) {
ODK_Message* msg, ODK_PreparedProvisioningRequest const* obj) {
Pack_ODK_CoreMessage(msg, &obj->core_message);
Pack_uint32_t(msg, &obj->device_id_length);
PackArray(msg, &obj->device_id[0], sizeof(obj->device_id));
@@ -94,18 +95,20 @@ void Pack_ODK_PreparedProvisioningRequest(
/* @@ kdo serialize */
void Pack_ODK_LicenseResponse(Message* msg, ODK_LicenseResponse const* obj) {
void Pack_ODK_LicenseResponse(ODK_Message* msg,
ODK_LicenseResponse const* obj) {
Pack_ODK_PreparedLicenseRequest(msg, &obj->request);
Pack_ODK_ParsedLicense(msg, (const ODK_ParsedLicense*)obj->parsed_license);
PackArray(msg, &obj->request_hash[0], sizeof(obj->request_hash));
}
void Pack_ODK_RenewalResponse(Message* msg, ODK_RenewalResponse const* obj) {
void Pack_ODK_RenewalResponse(ODK_Message* msg,
ODK_RenewalResponse const* obj) {
Pack_ODK_PreparedRenewalRequest(msg, &obj->request);
Pack_uint64_t(msg, &obj->renewal_duration_seconds);
}
void Pack_ODK_ProvisioningResponse(Message* msg,
void Pack_ODK_ProvisioningResponse(ODK_Message* msg,
ODK_ProvisioningResponse const* obj) {
Pack_ODK_PreparedProvisioningRequest(msg, &obj->request);
Pack_ODK_ParsedProvisioning(
@@ -116,20 +119,21 @@ void Pack_ODK_ProvisioningResponse(Message* msg,
/* @@ private deserialize */
static void Unpack_ODK_NonceValues(Message* msg, ODK_NonceValues* obj) {
static void Unpack_ODK_NonceValues(ODK_Message* msg, ODK_NonceValues* obj) {
Unpack_uint16_t(msg, &obj->api_minor_version);
Unpack_uint16_t(msg, &obj->api_major_version);
Unpack_uint32_t(msg, &obj->nonce);
Unpack_uint32_t(msg, &obj->session_id);
}
static void Unpack_ODK_CoreMessage(Message* msg, ODK_CoreMessage* obj) {
static void Unpack_ODK_CoreMessage(ODK_Message* msg, ODK_CoreMessage* obj) {
Unpack_uint32_t(msg, &obj->message_type);
Unpack_uint32_t(msg, &obj->message_length);
Unpack_ODK_NonceValues(msg, &obj->nonce_values);
}
static void Unpack_OEMCrypto_KeyObject(Message* msg, OEMCrypto_KeyObject* obj) {
static void Unpack_OEMCrypto_KeyObject(ODK_Message* msg,
OEMCrypto_KeyObject* obj) {
Unpack_OEMCrypto_Substring(msg, &obj->key_id);
Unpack_OEMCrypto_Substring(msg, &obj->key_data_iv);
Unpack_OEMCrypto_Substring(msg, &obj->key_data);
@@ -137,7 +141,7 @@ static void Unpack_OEMCrypto_KeyObject(Message* msg, OEMCrypto_KeyObject* obj) {
Unpack_OEMCrypto_Substring(msg, &obj->key_control);
}
static void Unpack_ODK_TimerLimits(Message* msg, ODK_TimerLimits* obj) {
static void Unpack_ODK_TimerLimits(ODK_Message* msg, ODK_TimerLimits* obj) {
Unpack_bool(msg, &obj->soft_enforce_rental_duration);
Unpack_bool(msg, &obj->soft_enforce_playback_duration);
Unpack_uint64_t(msg, &obj->earliest_playback_start_seconds);
@@ -146,7 +150,7 @@ static void Unpack_ODK_TimerLimits(Message* msg, ODK_TimerLimits* obj) {
Unpack_uint64_t(msg, &obj->initial_renewal_duration_seconds);
}
static void Unpack_ODK_ParsedLicense(Message* msg, ODK_ParsedLicense* obj) {
static void Unpack_ODK_ParsedLicense(ODK_Message* msg, ODK_ParsedLicense* obj) {
Unpack_OEMCrypto_Substring(msg, &obj->enc_mac_keys_iv);
Unpack_OEMCrypto_Substring(msg, &obj->enc_mac_keys);
Unpack_OEMCrypto_Substring(msg, &obj->pst);
@@ -156,7 +160,7 @@ static void Unpack_ODK_ParsedLicense(Message* msg, ODK_ParsedLicense* obj) {
Unpack_ODK_TimerLimits(msg, &obj->timer_limits);
Unpack_uint32_t(msg, &obj->key_array_length);
if (obj->key_array_length > ODK_MAX_NUM_KEYS) {
SetStatus(msg, MESSAGE_STATUS_OVERFLOW_ERROR);
ODK_Message_SetStatus(msg, MESSAGE_STATUS_OVERFLOW_ERROR);
return;
}
uint32_t i;
@@ -165,7 +169,7 @@ static void Unpack_ODK_ParsedLicense(Message* msg, ODK_ParsedLicense* obj) {
}
}
static void Unpack_ODK_ParsedProvisioning(Message* msg,
static void Unpack_ODK_ParsedProvisioning(ODK_Message* msg,
ODK_ParsedProvisioning* obj) {
obj->key_type = (OEMCrypto_PrivateKeyType)Unpack_enum(msg);
Unpack_OEMCrypto_Substring(msg, &obj->enc_private_key);
@@ -175,42 +179,42 @@ static void Unpack_ODK_ParsedProvisioning(Message* msg,
/* @ kdo deserialize */
void Unpack_ODK_PreparedLicenseRequest(Message* msg,
void Unpack_ODK_PreparedLicenseRequest(ODK_Message* msg,
ODK_PreparedLicenseRequest* obj) {
Unpack_ODK_CoreMessage(msg, &obj->core_message);
}
void Unpack_ODK_PreparedRenewalRequest(Message* msg,
void Unpack_ODK_PreparedRenewalRequest(ODK_Message* msg,
ODK_PreparedRenewalRequest* obj) {
Unpack_ODK_CoreMessage(msg, &obj->core_message);
Unpack_uint64_t(msg, &obj->playback_time);
}
void Unpack_ODK_PreparedProvisioningRequest(
Message* msg, ODK_PreparedProvisioningRequest* obj) {
ODK_Message* msg, ODK_PreparedProvisioningRequest* obj) {
Unpack_ODK_CoreMessage(msg, &obj->core_message);
Unpack_uint32_t(msg, &obj->device_id_length);
UnpackArray(msg, &obj->device_id[0], sizeof(obj->device_id));
}
void Unpack_ODK_PreparedCommonRequest(Message* msg,
void Unpack_ODK_PreparedCommonRequest(ODK_Message* msg,
ODK_PreparedCommonRequest* obj) {
Unpack_ODK_CoreMessage(msg, &obj->core_message);
}
/* @@ odk deserialize */
void Unpack_ODK_LicenseResponse(Message* msg, ODK_LicenseResponse* obj) {
void Unpack_ODK_LicenseResponse(ODK_Message* msg, ODK_LicenseResponse* obj) {
Unpack_ODK_PreparedLicenseRequest(msg, &obj->request);
Unpack_ODK_ParsedLicense(msg, obj->parsed_license);
UnpackArray(msg, &obj->request_hash[0], sizeof(obj->request_hash));
}
void Unpack_ODK_RenewalResponse(Message* msg, ODK_RenewalResponse* obj) {
void Unpack_ODK_RenewalResponse(ODK_Message* msg, ODK_RenewalResponse* obj) {
Unpack_ODK_PreparedRenewalRequest(msg, &obj->request);
Unpack_uint64_t(msg, &obj->renewal_duration_seconds);
}
void Unpack_ODK_ProvisioningResponse(Message* msg,
void Unpack_ODK_ProvisioningResponse(ODK_Message* msg,
ODK_ProvisioningResponse* obj) {
Unpack_ODK_PreparedProvisioningRequest(msg, &obj->request);
Unpack_ODK_ParsedProvisioning(msg, obj->parsed_provisioning);

26
oemcrypto/odk/src/odk_serialize.h
View File

@@ -16,34 +16,34 @@ extern "C" {
#endif
/* odk pack */
void Pack_ODK_PreparedLicenseRequest(Message* msg,
void Pack_ODK_PreparedLicenseRequest(ODK_Message* msg,
const ODK_PreparedLicenseRequest* obj);
void Pack_ODK_PreparedRenewalRequest(Message* msg,
void Pack_ODK_PreparedRenewalRequest(ODK_Message* msg,
const ODK_PreparedRenewalRequest* obj);
void Pack_ODK_PreparedProvisioningRequest(
Message* msg, const ODK_PreparedProvisioningRequest* obj);
ODK_Message* msg, const ODK_PreparedProvisioningRequest* obj);
/* odk unpack */
void Unpack_ODK_LicenseResponse(Message* msg, ODK_LicenseResponse* obj);
void Unpack_ODK_RenewalResponse(Message* msg, ODK_RenewalResponse* obj);
void Unpack_ODK_ProvisioningResponse(Message* msg,
void Unpack_ODK_LicenseResponse(ODK_Message* msg, ODK_LicenseResponse* obj);
void Unpack_ODK_RenewalResponse(ODK_Message* msg, ODK_RenewalResponse* obj);
void Unpack_ODK_ProvisioningResponse(ODK_Message* msg,
ODK_ProvisioningResponse* obj);
/* kdo pack */
void Pack_ODK_LicenseResponse(Message* msg, const ODK_LicenseResponse* obj);
void Pack_ODK_RenewalResponse(Message* msg, const ODK_RenewalResponse* obj);
void Pack_ODK_ProvisioningResponse(Message* msg,
void Pack_ODK_LicenseResponse(ODK_Message* msg, const ODK_LicenseResponse* obj);
void Pack_ODK_RenewalResponse(ODK_Message* msg, const ODK_RenewalResponse* obj);
void Pack_ODK_ProvisioningResponse(ODK_Message* msg,
const ODK_ProvisioningResponse* obj);
/* kdo unpack */
void Unpack_ODK_PreparedLicenseRequest(Message* msg,
void Unpack_ODK_PreparedLicenseRequest(ODK_Message* msg,
ODK_PreparedLicenseRequest* obj);
void Unpack_ODK_PreparedRenewalRequest(Message* msg,
void Unpack_ODK_PreparedRenewalRequest(ODK_Message* msg,
ODK_PreparedRenewalRequest* obj);
void Unpack_ODK_PreparedProvisioningRequest(
Message* msg, ODK_PreparedProvisioningRequest* obj);
ODK_Message* msg, ODK_PreparedProvisioningRequest* obj);
void Unpack_ODK_PreparedCommonRequest(Message* msg,
void Unpack_ODK_PreparedCommonRequest(ODK_Message* msg,
ODK_PreparedCommonRequest* obj);
#ifdef __cplusplus

22
oemcrypto/odk/src/odk_structs_priv.h
View File

@@ -74,26 +74,26 @@ typedef struct {
// without any padding added by the compiler. Make sure they get updated when
// request structs change. Refer to test suite OdkSizeTest in
// ../test/odk_test.cpp for validations of each of the defined request sizes.
#define ODK_LICENSE_REQUEST_SIZE 20
#define ODK_RENEWAL_REQUEST_SIZE 28
#define ODK_PROVISIONING_REQUEST_SIZE 88
#define ODK_LICENSE_REQUEST_SIZE 20u
#define ODK_RENEWAL_REQUEST_SIZE 28u
#define ODK_PROVISIONING_REQUEST_SIZE 88u
// These are the possible timer status values.
#define ODK_CLOCK_TIMER_STATUS_UNDEFINED 0 // Should not happen.
#define ODK_CLOCK_TIMER_STATUS_UNDEFINED 0u // Should not happen.
// When the structure has been initialized, but no license is loaded.
#define ODK_CLOCK_TIMER_STATUS_LICENSE_NOT_LOADED 1
#define ODK_CLOCK_TIMER_STATUS_LICENSE_NOT_LOADED 1u
// After the license is loaded, before a successful decrypt.
#define ODK_CLOCK_TIMER_STATUS_LICENSE_LOADED 2
#define ODK_CLOCK_TIMER_STATUS_LICENSE_LOADED 2u
// After the license is loaded, if a renewal has also been loaded.
#define ODK_CLOCK_TIMER_STATUS_RENEWAL_LOADED 3
#define ODK_CLOCK_TIMER_STATUS_RENEWAL_LOADED 3u
// The first decrypt has occurred and the timer is active.
#define ODK_CLOCK_TIMER_STATUS_ACTIVE 4
#define ODK_CLOCK_TIMER_STATUS_ACTIVE 4u
// The first decrypt has occurred and the timer is unlimited.
#define ODK_CLOCK_TIMER_STATUS_UNLIMITED 5
#define ODK_CLOCK_TIMER_STATUS_UNLIMITED 5u
// The timer has transitioned from active to expired.
#define ODK_CLOCK_TIMER_STATUS_EXPIRED 6
#define ODK_CLOCK_TIMER_STATUS_EXPIRED 6u
// The license has been marked as inactive.
#define ODK_CLOCK_TIMER_STATUS_LICENSE_INACTIVE 7
#define ODK_CLOCK_TIMER_STATUS_LICENSE_INACTIVE 7u
// A helper function for computing timer limits when a renewal is loaded.
OEMCryptoResult ODK_ComputeRenewalDuration(const ODK_TimerLimits* timer_limits,

218
oemcrypto/odk/src/serialization_base.c
View File

@@ -4,233 +4,175 @@
#include "serialization_base.h"
#include <assert.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include "OEMCryptoCENCCommon.h"
#include "odk_message.h"
#include "odk_message_priv.h"
#include "odk_overflow.h"
struct _Message {
uint8_t* base;
size_t capacity;
size_t size; /* bytes written */
size_t read_offset; /* bytes read */
MessageStatus status;
};
bool ValidMessage(Message* message) {
if (message == NULL) {
return false;
}
if (message->status != MESSAGE_STATUS_OK) {
return false;
}
if (message->base == NULL) {
message->status = MESSAGE_STATUS_NULL_POINTER_ERROR;
return false;
}
if (message->size > message->capacity ||
message->read_offset > message->size) {
message->status = MESSAGE_STATUS_OVERFLOW_ERROR;
return false;
}
return true;
/*
* An ODK_Message_Impl pointer must only be obtained by calling GetMessageImpl.
* This forces any message to pass the validity check before being operated on,
* which means that no function can modify or access the internals of a message
* without having it be validated first.
*/
static ODK_Message_Impl* GetMessageImpl(ODK_Message* message) {
if (!ODK_Message_IsValid(message)) return NULL;
return (ODK_Message_Impl*)message;
}
static void PackBytes(Message* message, const uint8_t* ptr, size_t count) {
if (count <= message->capacity - message->size) {
memcpy((void*)(message->base + message->size), (void*)ptr, count);
message->size += count;
static void PackBytes(ODK_Message* message, const uint8_t* ptr, size_t count) {
ODK_Message_Impl* message_impl = GetMessageImpl(message);
if (!message_impl) return;
if (count <= message_impl->capacity - message_impl->size) {
memcpy((void*)(message_impl->base + message_impl->size), (const void*)ptr,
count);
message_impl->size += count;
} else {
message->status = MESSAGE_STATUS_OVERFLOW_ERROR;
message_impl->status = MESSAGE_STATUS_OVERFLOW_ERROR;
}
}
void Pack_enum(Message* message, int value) {
void Pack_enum(ODK_Message* message, int value) {
uint32_t v32 = value;
Pack_uint32_t(message, &v32);
}
void Pack_bool(Message* message, const bool* value) {
if (!ValidMessage(message)) return;
void Pack_bool(ODK_Message* message, const bool* value) {
assert(value);
uint8_t data[4] = {0};
data[3] = *value ? 1 : 0;
PackBytes(message, data, sizeof(data));
}
void Pack_uint16_t(Message* message, const uint16_t* value) {
if (!ValidMessage(message)) return;
void Pack_uint16_t(ODK_Message* message, const uint16_t* value) {
assert(value);
uint8_t data[2] = {0};
data[0] = *value >> 8;
data[1] = *value >> 0;
data[0] = (uint8_t)(*value >> 8);
data[1] = (uint8_t)(*value >> 0);
PackBytes(message, data, sizeof(data));
}
void Pack_uint32_t(Message* message, const uint32_t* value) {
if (!ValidMessage(message)) return;
void Pack_uint32_t(ODK_Message* message, const uint32_t* value) {
assert(value);
uint8_t data[4] = {0};
data[0] = *value >> 24;
data[1] = *value >> 16;
data[2] = *value >> 8;
data[3] = *value >> 0;
data[0] = (uint8_t)(*value >> 24);
data[1] = (uint8_t)(*value >> 16);
data[2] = (uint8_t)(*value >> 8);
data[3] = (uint8_t)(*value >> 0);
PackBytes(message, data, sizeof(data));
}
void Pack_uint64_t(Message* message, const uint64_t* value) {
if (!ValidMessage(message)) return;
uint32_t hi = *value >> 32;
uint32_t lo = *value;
void Pack_uint64_t(ODK_Message* message, const uint64_t* value) {
assert(value);
uint32_t hi = (uint32_t)(*value >> 32);
uint32_t lo = (uint32_t)(*value);
Pack_uint32_t(message, &hi);
Pack_uint32_t(message, &lo);
}
void PackArray(Message* message, const uint8_t* base, size_t size) {
if (!ValidMessage(message)) return;
void PackArray(ODK_Message* message, const uint8_t* base, size_t size) {
PackBytes(message, base, size);
}
void Pack_OEMCrypto_Substring(Message* msg, const OEMCrypto_Substring* obj) {
void Pack_OEMCrypto_Substring(ODK_Message* message,
const OEMCrypto_Substring* obj) {
assert(obj);
uint32_t offset = (uint32_t)obj->offset;
uint32_t length = (uint32_t)obj->length;
Pack_uint32_t(msg, &offset);
Pack_uint32_t(msg, &length);
Pack_uint32_t(message, &offset);
Pack_uint32_t(message, &length);
}
static void UnpackBytes(Message* message, uint8_t* ptr, size_t count) {
if (count <= message->size - message->read_offset) {
memcpy((void*)ptr, (void*)(message->base + message->read_offset), count);
message->read_offset += count;
static void UnpackBytes(ODK_Message* message, uint8_t* ptr, size_t count) {
assert(ptr);
ODK_Message_Impl* message_impl = GetMessageImpl(message);
if (!message_impl) return;
if (count <= message_impl->size - message_impl->read_offset) {
memcpy((void*)ptr, (void*)(message_impl->base + message_impl->read_offset),
count);
message_impl->read_offset += count;
} else {
message->status = MESSAGE_STATUS_UNDERFLOW_ERROR;
message_impl->status = MESSAGE_STATUS_UNDERFLOW_ERROR;
}
}
int Unpack_enum(Message* message) {
int Unpack_enum(ODK_Message* message) {
uint32_t v32;
Unpack_uint32_t(message, &v32);
return v32;
return (int)v32;
}
void Unpack_bool(Message* message, bool* value) {
if (!ValidMessage(message)) return;
void Unpack_bool(ODK_Message* message, bool* value) {
uint8_t data[4] = {0};
UnpackBytes(message, data, sizeof(data));
assert(value);
*value = (0 != data[3]);
}
void Unpack_uint16_t(Message* message, uint16_t* value) {
if (!ValidMessage(message)) return;
void Unpack_uint16_t(ODK_Message* message, uint16_t* value) {
assert(value);
uint8_t data[2] = {0};
UnpackBytes(message, data, sizeof(data));
*value = data[0];
*value = *value << 8 | data[1];
}
void Unpack_uint32_t(Message* message, uint32_t* value) {
if (!ValidMessage(message)) return;
void Unpack_uint32_t(ODK_Message* message, uint32_t* value) {
ODK_Message_Impl* message_impl = GetMessageImpl(message);
if (!message_impl) return;
uint8_t data[4] = {0};
UnpackBytes(message, data, sizeof(data));
assert(value);
*value = data[0];
*value = *value << 8 | data[1];
*value = *value << 8 | data[2];
*value = *value << 8 | data[3];
}
void Unpack_uint64_t(Message* message, uint64_t* value) {
if (!ValidMessage(message)) return;
void Unpack_uint64_t(ODK_Message* message, uint64_t* value) {
uint32_t hi = 0;
uint32_t lo = 0;
Unpack_uint32_t(message, &hi);
Unpack_uint32_t(message, &lo);
assert(value);
*value = hi;
*value = *value << 32 | lo;
}
void Unpack_OEMCrypto_Substring(Message* msg, OEMCrypto_Substring* obj) {
void Unpack_OEMCrypto_Substring(ODK_Message* message,
OEMCrypto_Substring* obj) {
uint32_t offset = 0, length = 0;
Unpack_uint32_t(msg, &offset);
Unpack_uint32_t(msg, &length);
if (!ValidMessage(msg)) return;
Unpack_uint32_t(message, &offset);
Unpack_uint32_t(message, &length);
ODK_Message_Impl* message_impl = GetMessageImpl(message);
if (!message_impl) return;
/* Each substring should be contained within the message body, which is in the
* total message, just after the core message. The offset of a substring is
* relative to the message body. So we need to verify:
* 0 < offset and offset + length < message->capacity - message->size
* or offset + length + message->size < message->capacity
* 0 < offset and offset + length < message_impl->capacity -
* message_impl->size or offset + length + message_impl->size <
* message_impl->capacity
*/
size_t substring_end = 0; /* = offset + length; */
size_t end = 0; /* = substring_end + message->size; */
size_t end = 0; /* = substring_end + message_impl->size; */
if (odk_add_overflow_ux(offset, length, &substring_end) ||
odk_add_overflow_ux(substring_end, msg->size, &end) ||
end > msg->capacity) {
msg->status = MESSAGE_STATUS_OVERFLOW_ERROR;
odk_add_overflow_ux(substring_end, message_impl->size, &end) ||
end > message_impl->capacity) {
message_impl->status = MESSAGE_STATUS_OVERFLOW_ERROR;
return;
}
assert(obj);
obj->offset = offset;
obj->length = length;
}
/* copy out */
void UnpackArray(Message* message, uint8_t* address, size_t size) {
if (!ValidMessage(message)) return;
void UnpackArray(ODK_Message* message, uint8_t* address, size_t size) {
UnpackBytes(message, address, size);
}
/*
* The message structure, which is separate from the buffer,
* is initialized to reference the buffer
*/
void InitMessage(Message* message, uint8_t* buffer, size_t capacity) {
if (message == NULL) return;
memset(message, 0, sizeof(Message));
message->base = buffer;
message->capacity = capacity;
message->size = 0;
message->read_offset = 0;
message->status = MESSAGE_STATUS_OK;
}
/*
* Set the message to an empty state
*/
void ResetMessage(Message* message) {
message->size = 0;
message->read_offset = 0;
message->status = MESSAGE_STATUS_OK;
}
uint8_t* GetBase(Message* message) {
if (message == NULL) return NULL;
return message->base;
}
size_t GetCapacity(Message* message) {
if (message == NULL) return 0;
return message->capacity;
}
size_t GetSize(Message* message) {
if (message == NULL) return 0;
return message->size;
}
void SetSize(Message* message, size_t size) {
if (message == NULL) return;
if (size > message->capacity)
message->status = MESSAGE_STATUS_OVERFLOW_ERROR;
else
message->size = size;
}
MessageStatus GetStatus(Message* message) { return message->status; }
void SetStatus(Message* message, MessageStatus status) {
message->status = status;
}
size_t GetOffset(Message* message) {
if (message == NULL) return 0;
return message->read_offset;
}
size_t SizeOfMessageStruct() { return sizeof(Message); }

80
oemcrypto/odk/src/serialization_base.h
View File

@@ -13,74 +13,24 @@ extern "C" {
#include <stdint.h>
#include "OEMCryptoCENCCommon.h"
#include "odk_message.h"
#define SIZE_OF_MESSAGE_STRUCT 64
void Pack_enum(ODK_Message* message, int value);
void Pack_bool(ODK_Message* message, const bool* value);
void Pack_uint16_t(ODK_Message* message, const uint16_t* value);
void Pack_uint32_t(ODK_Message* message, const uint32_t* value);
void Pack_uint64_t(ODK_Message* message, const uint64_t* value);
void PackArray(ODK_Message* message, const uint8_t* base, size_t size);
void Pack_OEMCrypto_Substring(ODK_Message* msg, const OEMCrypto_Substring* obj);
/*
* Description:
* Point |msg| to stack-array |blk|.
* |blk| is guaranteed large enough to hold a |Message| struct.
* |blk| cannot be used in the same scope as a variable name.
* |msg| points to valid memory in the same scope |AllocateMessage| is used.
* Parameters:
* msg: pointer to pointer to |Message| struct
* blk: variable name for stack-array
*/
#define AllocateMessage(msg, blk) \
uint8_t blk[SIZE_OF_MESSAGE_STRUCT]; \
*(msg) = (Message*)(blk)
typedef struct _Message Message;
typedef enum {
MESSAGE_STATUS_OK,
MESSAGE_STATUS_UNKNOWN_ERROR,
MESSAGE_STATUS_OVERFLOW_ERROR,
MESSAGE_STATUS_UNDERFLOW_ERROR,
MESSAGE_STATUS_PARSE_ERROR,
MESSAGE_STATUS_NULL_POINTER_ERROR,
MESSAGE_STATUS_API_VALUE_ERROR
} MessageStatus;
bool ValidMessage(Message* message);
void Pack_enum(Message* message, int value);
void Pack_bool(Message* message, const bool* value);
void Pack_uint16_t(Message* message, const uint16_t* value);
void Pack_uint32_t(Message* message, const uint32_t* value);
void Pack_uint64_t(Message* message, const uint64_t* value);
void PackArray(Message* message, const uint8_t* base, size_t size);
void Pack_OEMCrypto_Substring(Message* msg, const OEMCrypto_Substring* obj);
int Unpack_enum(Message* message);
void Unpack_bool(Message* message, bool* value);
void Unpack_uint16_t(Message* message, uint16_t* value);
void Unpack_uint32_t(Message* message, uint32_t* value);
void Unpack_uint64_t(Message* message, uint64_t* value);
void UnpackArray(Message* message, uint8_t* address,
int Unpack_enum(ODK_Message* message);
void Unpack_bool(ODK_Message* message, bool* value);
void Unpack_uint16_t(ODK_Message* message, uint16_t* value);
void Unpack_uint32_t(ODK_Message* message, uint32_t* value);
void Unpack_uint64_t(ODK_Message* message, uint64_t* value);
void UnpackArray(ODK_Message* message, uint8_t* address,
size_t size); /* copy out */
void Unpack_OEMCrypto_Substring(Message* msg, OEMCrypto_Substring* obj);
/*
* Initialize a message structure to reference a separate buffer. The caller
* is responsible for ensuring that the buffer remains allocated for the
* lifetime of the message.
*/
void InitMessage(Message* message, uint8_t* buffer, size_t capacity);
/*
* Reset an existing the message to an empty state
*/
void ResetMessage(Message* message);
uint8_t* GetBase(Message* message);
size_t GetCapacity(Message* message);
size_t GetSize(Message* message);
void SetSize(Message* message, size_t size);
MessageStatus GetStatus(Message* message);
void SetStatus(Message* message, MessageStatus status);
size_t GetOffset(Message* message);
size_t SizeOfMessageStruct();
void Unpack_OEMCrypto_Substring(ODK_Message* msg, OEMCrypto_Substring* obj);
#ifdef __cplusplus
} // extern "C"

14
oemcrypto/odk/test/fuzzing/Android.bp
View File

@@ -2,6 +2,18 @@
// source code may only be used and distributed under the Widevine
// License Agreement.
// *** THIS PACKAGE HAS SPECIAL LICENSING CONDITIONS. PLEASE
// CONSULT THE OWNERS AND opensource-licensing@google.com BEFORE
// DEPENDING ON IT IN YOUR PROJECT. ***
package {
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "vendor_widevine_license"
// to get the below license kinds:
// legacy_by_exception_only (by exception only)
default_applicable_licenses: ["vendor_widevine_license"],
}
cc_defaults {
name: "odk_fuzz_library_defaults",
srcs: [
@@ -165,4 +177,4 @@ cc_fuzz {
],
defaults: ["odk_fuzz_library_defaults"],
proprietary: true,
}
}

12
oemcrypto/odk/test/fuzzing/corpus_generator/Android.bp
View File

@@ -9,6 +9,18 @@
// ----------------------------------------------------------------
// Builds libwv_odk.so, The ODK shared Library (libwv_odk) is used
// by the OEMCrypto unit tests to generate corpus for ODK fuzz scrips.
// *** THIS PACKAGE HAS SPECIAL LICENSING CONDITIONS. PLEASE
// CONSULT THE OWNERS AND opensource-licensing@google.com BEFORE
// DEPENDING ON IT IN YOUR PROJECT. ***
package {
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "vendor_widevine_license"
// to get the below license kinds:
// legacy_by_exception_only (by exception only)
default_applicable_licenses: ["vendor_widevine_license"],
}
cc_library_shared {
name: "libwv_odk_corpus_generator",
include_dirs: [

26
oemcrypto/odk/test/fuzzing/odk_fuzz.gyp
View File

@@ -18,16 +18,34 @@
'../src',
'../kdo/include',
],
'cflags_cc': [
'-std=c++11',
'cflags': [
'-g3',
'-O0',
'-fsanitize=fuzzer,address,undefined',
'-fno-omit-frame-pointer',
'-U_FORTIFY_SOURCE',
'-fsanitize=fuzzer,address,undefined',
'-fno-sanitize-recover=address,undefined',
'-fPIC',
# TODO(b/172518513): Remove this
'-Wno-error=cast-qual',
],
'cflags_c': [
'-std=c99',
'-D_POSIX_C_SOURCE=200809L',
# TODO(b/159354894): Remove this
'-Wno-error=bad-function-cast',
],
'cflags_cc': [
'-std=c++11',
'-frtti',
],
'ldflags': [
'-fPIC',
'-fsanitize=fuzzer,address,undefined',
# Sanitizers with link-time components must be repeated here.
'-fsanitize=fuzzer,address',
],
'libraries': [
'-lpthread',
],
'sources': [
'odk_fuzz.cpp',

8
oemcrypto/odk/test/fuzzing/odk_fuzz_helper.cpp
View File

@@ -99,11 +99,9 @@ OEMCryptoResult odk_deserialize_RenewalResponse(
// odk_kdo method, we call Unpack_ODK_PreparedRenewalRequest private method.
// playback_time cannot be captured from publicly exposed API
// ODK_ParseRenewal.
uint8_t blk[SIZE_OF_MESSAGE_STRUCT];
Message* msg = reinterpret_cast<Message*>(blk);
InitMessage(msg, const_cast<uint8_t*>(buf), len);
SetSize(msg, len);
Unpack_ODK_PreparedRenewalRequest(msg, renewal_msg);
ODK_Message msg = ODK_Message_Create(const_cast<uint8_t*>(buf), len);
ODK_Message_SetSize(&msg, len);
Unpack_ODK_PreparedRenewalRequest(&msg, renewal_msg);
return OEMCrypto_SUCCESS;
}

4
oemcrypto/odk/test/fuzzing/odk_provisioning_response_fuzz_with_mutator.cpp
View File

@@ -6,13 +6,15 @@
#include <vector>
#include "fuzzing/odk_fuzz_helper.h"
#include "odk_attributes.h"
namespace oemcrypto_core_message {
// The custom mutator: Ensure that each input can be deserialized properly
// by ODK function after mutation.
extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size,
size_t max_size, unsigned int seed) {
size_t max_size,
unsigned int seed UNUSED) {
const size_t kProvisioningResponseArgsSize =
sizeof(ODK_ParseProvisioning_Args);
if (size < kProvisioningResponseArgsSize) {

4
oemcrypto/odk/test/fuzzing/odk_renewal_response_fuzz_with_mutator.cpp
View File

@@ -6,13 +6,15 @@
#include <vector>
#include "fuzzing/odk_fuzz_helper.h"
#include "odk_attributes.h"
namespace oemcrypto_core_message {
// The custom mutator: Ensure that each input can be deserialized properly
// by ODK function after mutation.
extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size,
size_t max_size, unsigned int seed) {
size_t max_size,
unsigned int seed UNUSED) {
const size_t kRenewalResponseArgsSize = sizeof(ODK_ParseRenewal_Args);
if (size < kRenewalResponseArgsSize) {
return 0;

10
oemcrypto/odk/test/odk_test.cpp
View File

@@ -4,8 +4,6 @@
#include "odk.h"
#include <endian.h> // TODO(b/147944591): use this one? Or odk_endian.h?
#include <cstdlib>
#include <cstring>
@@ -178,15 +176,15 @@ TEST(OdkTest, SerializeFieldsStress) {
std::srand(0);
size_t total_size = 0;
for (int i = 0; i < n; i++) {
fields[i].type = static_cast<ODK_FieldType>(std::rand() %
static_cast<int>(ODK_NUMTYPES));
fields[i].type = static_cast<ODK_FieldType>(
std::rand() % static_cast<int>(ODK_LAST_STRESSABLE_TYPE));
fields[i].value = malloc(ODK_AllocSize(fields[i].type));
fields[i].name = "stress";
total_size += ODK_FieldLength(fields[i].type);
}
uint8_t* buf = new uint8_t[total_size]{};
for (int i = 0; i < total_size; i++) {
for (size_t i = 0; i < total_size; i++) {
buf[i] = std::rand() & 0xff;
}
@@ -703,7 +701,7 @@ TEST(OdkSizeTest, ReleaseRequest) {
&core_message_length, &nonce_values,
&clock_values, system_time_seconds));
// Release requests do not have a core message.
EXPECT_GE(core_message_length, 0);
EXPECT_GE(core_message_length, 0u);
}
TEST(OdkSizeTest, ProvisioningRequest) {

57
oemcrypto/odk/test/odk_test_helper.cpp
View File

@@ -4,8 +4,6 @@
#include "odk_test_helper.h"
#include <endian.h>
#include <cstdint>
#include <cstdlib>
#include <cstring>
@@ -15,6 +13,7 @@
#include "OEMCryptoCENCCommon.h"
#include "gtest/gtest.h"
#include "odk_endian.h"
#include "odk_structs.h"
#include "odk_structs_priv.h"
@@ -87,10 +86,10 @@ void ODK_SetDefaultLicenseResponseParams(ODK_LicenseResponseParams* params) {
".srm_restriction_data"},
{ODK_UINT32, &(params->parsed_license.license_type), ".license_type"},
{ODK_UINT32, &(params->parsed_license.nonce_required), ".nonce_required"},
{ODK_UINT32,
{ODK_BOOL,
&(params->parsed_license.timer_limits.soft_enforce_rental_duration),
".soft_enforce_rental_duration"},
{ODK_UINT32,
{ODK_BOOL,
&(params->parsed_license.timer_limits.soft_enforce_playback_duration),
".soft_enforce_playback_duration"},
{ODK_UINT64,
@@ -203,6 +202,8 @@ size_t ODK_FieldLength(ODK_FieldType type) {
return sizeof(uint32_t);
case ODK_UINT64:
return sizeof(uint64_t);
case ODK_BOOL: // Booleans are stored in the message as 32 bit ints.
return sizeof(uint32_t);
case ODK_SUBSTRING:
return sizeof(uint32_t) + sizeof(uint32_t);
case ODK_DEVICEID:
@@ -227,24 +228,33 @@ OEMCryptoResult ODK_WriteSingleField(uint8_t* buf, const ODK_Field* field) {
}
switch (field->type) {
case ODK_UINT16: {
const uint16_t u16 = htobe16(*static_cast<uint16_t*>(field->value));
const uint16_t u16 =
oemcrypto_htobe16(*static_cast<uint16_t*>(field->value));
memcpy(buf, &u16, sizeof(u16));
break;
}
case ODK_UINT32: {
const uint32_t u32 = htobe32(*static_cast<uint32_t*>(field->value));
const uint32_t u32 =
oemcrypto_htobe32(*static_cast<uint32_t*>(field->value));
memcpy(buf, &u32, sizeof(u32));
break;
}
case ODK_UINT64: {
const uint64_t u64 = htobe64(*static_cast<uint64_t*>(field->value));
const uint64_t u64 =
oemcrypto_htobe64(*static_cast<uint64_t*>(field->value));
memcpy(buf, &u64, sizeof(u64));
break;
}
case ODK_BOOL: {
const bool value = *static_cast<bool*>(field->value);
const uint32_t u32 = oemcrypto_htobe32(value ? 1 : 0);
memcpy(buf, &u32, sizeof(u32));
break;
}
case ODK_SUBSTRING: {
OEMCrypto_Substring* s = static_cast<OEMCrypto_Substring*>(field->value);
const uint32_t off = htobe32(s->offset);
const uint32_t len = htobe32(s->length);
const uint32_t off = oemcrypto_htobe32(s->offset);
const uint32_t len = oemcrypto_htobe32(s->length);
memcpy(buf, &off, sizeof(off));
memcpy(buf + sizeof(off), &len, sizeof(len));
break;
@@ -272,19 +282,26 @@ OEMCryptoResult ODK_ReadSingleField(const uint8_t* buf,
case ODK_UINT16: {
memcpy(field->value, buf, sizeof(uint16_t));
uint16_t* u16p = static_cast<uint16_t*>(field->value);
*u16p = be16toh(*u16p);
*u16p = oemcrypto_be16toh(*u16p);
break;
}
case ODK_UINT32: {
memcpy(field->value, buf, sizeof(uint32_t));
uint32_t* u32p = static_cast<uint32_t*>(field->value);
*u32p = be32toh(*u32p);
*u32p = oemcrypto_be32toh(*u32p);
break;
}
case ODK_UINT64: {
memcpy(field->value, buf, sizeof(uint64_t));
uint64_t* u64p = static_cast<uint64_t*>(field->value);
*u64p = be64toh(*u64p);
*u64p = oemcrypto_be64toh(*u64p);
break;
}
case ODK_BOOL: {
uint32_t value;
memcpy(&value, buf, sizeof(uint32_t));
value = oemcrypto_be32toh(value);
*static_cast<bool*>(field->value) = (value != 0);
break;
}
case ODK_SUBSTRING: {
@@ -293,8 +310,8 @@ OEMCryptoResult ODK_ReadSingleField(const uint8_t* buf,
uint32_t len = 0;
memcpy(&off, buf, sizeof(off));
memcpy(&len, buf + sizeof(off), sizeof(len));
s->offset = be32toh(off);
s->length = be32toh(len);
s->offset = oemcrypto_be32toh(off);
s->length = oemcrypto_be32toh(len);
break;
}
case ODK_DEVICEID:
@@ -319,15 +336,16 @@ OEMCryptoResult ODK_DumpSingleField(const uint8_t* buf,
case ODK_UINT16: {
uint16_t val;
memcpy(&val, buf, sizeof(uint16_t));
val = be16toh(val);
val = oemcrypto_be16toh(val);
std::cerr << field->name << ": " << val << " = 0x" << std::hex << val
<< "\n";
break;
}
case ODK_BOOL:
case ODK_UINT32: {
uint32_t val;
memcpy(&val, buf, sizeof(uint32_t));
val = be32toh(val);
val = oemcrypto_be32toh(val);
std::cerr << field->name << ": " << val << " = 0x" << std::hex << val
<< "\n";
break;
@@ -335,7 +353,7 @@ OEMCryptoResult ODK_DumpSingleField(const uint8_t* buf,
case ODK_UINT64: {
uint64_t val;
memcpy(&val, buf, sizeof(uint64_t));
val = be64toh(val);
val = oemcrypto_be64toh(val);
std::cerr << field->name << ": " << val << " = 0x" << std::hex << val
<< "\n";
break;
@@ -465,11 +483,6 @@ void ODK_BuildMessageBuffer(ODK_CoreMessage* core_message,
{ODK_UINT32, &(core_message->nonce_values.session_id), "session_id"},
};
uint32_t header_size = 0;
for (auto& field : total_fields) {
header_size += ODK_FieldLength(field.type);
}
total_fields.insert(total_fields.end(), extra_fields.begin(),
extra_fields.end());
for (auto& field : total_fields) {

7
oemcrypto/odk/test/odk_test_helper.h
View File

@@ -21,7 +21,12 @@ enum ODK_FieldType {
ODK_SUBSTRING,
ODK_DEVICEID,
ODK_HASH,
ODK_NUMTYPES,
// The "stressable" types are the ones we can put in a stress test that packs
// and unpacks random data and can expect to get back the same thing.
ODK_LAST_STRESSABLE_TYPE,
// Put boolean after ODK_LAST_STRESSABLE_TYPE, so that we skip boolean type in
// SerializeFieldsStress because we unpack any nonzero to 'true'.
ODK_BOOL,
};
enum ODK_FieldMode {

4
oemcrypto/odk/test/odk_timer_test.cpp
View File

@@ -1133,8 +1133,8 @@ TEST_P(ODKUseCase_LicenseWithRenewal, NullPointerTest) {
timer_value_pointer);
}
INSTANTIATE_TEST_CASE_P(RestrictRenewal, ODKUseCase_LicenseWithRenewal,
::testing::Values(0, 1));
INSTANTIATE_TEST_SUITE_P(RestrictRenewal, ODKUseCase_LicenseWithRenewal,
::testing::Values(0, 1));
// Limited Duration License. (See above for notes on Use Case tests). The user
// has 15 minutes to begin watching the movie. If a renewal is not received,

8
oemcrypto/oemcrypto_unittests.gyp
View File

@@ -8,9 +8,9 @@
'privacy_crypto_impl%': 'boringssl',
'boringssl_libcrypto_path%': '<!(echo $PATH_TO_CDM_DIR)/third_party/boringssl/boringssl.gyp:crypto',
'boringssl_libssl_path%': '<!(echo $PATH_TO_CDM_DIR)/third_party/boringssl/boringssl.gyp:ssl',
'gtest_dependency': '<!(echo $PATH_TO_CDM_DIR)/third_party/gmock.gyp:gtest',
'gmock_dependency': '<!(echo $PATH_TO_CDM_DIR)/third_party/gmock.gyp:gmock',
'gmock_main_dependency': '<!(echo $PATH_TO_CDM_DIR)/third_party/gmock.gyp:gmock_main',
'gtest_dependency': '<!(echo $PATH_TO_CDM_DIR)/third_party/googletest.gyp:gtest',
'gmock_dependency': '<!(echo $PATH_TO_CDM_DIR)/third_party/googletest.gyp:gmock',
'gmock_main_dependency': '<!(echo $PATH_TO_CDM_DIR)/third_party/googletest.gyp:gmock_main',
'oemcrypto_dir': '.',
'util_dir': '../util',
'platform_specific_dir': '<!(echo $PATH_TO_CDM_DIR)/linux/src',
@@ -25,6 +25,7 @@
'odk/src/core_message_serialize.cpp',
'<(platform_specific_dir)/file_store.cpp',
'<(platform_specific_dir)/log.cpp',
'<(util_dir)/src/cdm_random.cpp',
'<(util_dir)/src/platform.cpp',
'<(util_dir)/src/rw_lock.cpp',
'<(util_dir)/src/string_conversions.cpp',
@@ -35,6 +36,7 @@
'../util/libssl_dependency.gypi',
'test/oemcrypto_unittests.gypi',
'ref/oec_ref.gypi',
'ref/oec_ref_unittests.gypi',
],
'libraries': [
'-lpthread',

35
oemcrypto/opk/build/Makefile.opk
View File

@@ -12,7 +12,7 @@
# The top level files are:
# Makefile.opk : This file, top level makefile for the OPK
# Makefile.rules : Generated Make rules for building the OPK
# oemcrypto.gyp : gyp file to make liboemcrypto and unit tests
# host.gyp : gyp file to make liboemcrypto and unit tests
# ta.gyp : gyp file with dependencies to make the TEE libraries
# The generated *.mk files contain the rules to build each library:
@@ -20,17 +20,24 @@
# │ ├── odk
# │ │ └── src
# │ │ └── odk.target.mk
# │ ├── oemcrypto_unittests.target.mk
# │ └── opk
# │ ├── build
# │ │ ├── liboemcrypto.target.mk
# │ │ ├── oemcrypto_unittests.target.mk
# │ │ └── ta.target.mk
# │ ├── oemcrypto_ta
# │ │ ├── oemcrypto_ta_reference_clock.target.mk
# │ │ ├── oemcrypto_ta_reference_crypto.target.mk
# │ │ ├── oemcrypto_ta_reference_root_of_trust.target.mk
# │ │ ── oemcrypto_ta.target.mk
# │ │ ├── oemcrypto_ta.target.mk
# │ │ ├── wtpi_reference
# │ │ ├── oemcrypto_ta_reference_clock.target.mk
# │ │ │ ├── oemcrypto_ta_reference_crypto.target.mk
# │ │ │ └── oemcrypto_ta_reference_root_of_trust.target.mk
# │ │ └── wtpi_test
# │ │ ├── ree
# │ │ │ ├── opk_ree_api.target.mk
# │ │ │ └── opk_ree.target.mk
# │ │ ├── tee
# │ │ │ └── opk_tee_wtpi_test.target.mk
# │ │ ├── wtpi_test_lib.target.mk
# │ │ └── wtpi_test.target.mk
# │ └── serialization
# │ ├── ree
# │ │ └── opk_ree.target.mk
@@ -38,9 +45,7 @@
# │ └── opk_tee.target.mk
# └── third_party
# ├── boringssl
# │ ── crypto.target.mk
# │ └── ssl.target.mk
# ├── gmock.target.mk
# │ ── crypto.target.mk
# └── gtest.target.mk
# You can add additional compiler options by setting these defines or
@@ -80,30 +85,28 @@ include oemcrypto/opk/serialization/tee/opk_tee.target.mk
include $(WTPI_IMPL_DIR)/wtpi_impl.target.mk
# Include rules to build the WTPI test libraries
include oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/opk_ree.target.mk
include oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/opk_ree_api.target.mk
include oemcrypto/opk/oemcrypto_ta/wtpi_test/wtpi_test_lib.target.mk
include oemcrypto/opk/oemcrypto_ta/wtpi_test/tee/opk_tee_wtpi_test.target.mk
include oemcrypto/opk/build/wtpi_unittests.target.mk
include $(WTPI_UNITTEST_DIR)/wtpi_unittests.target.mk
# Add rules for the transport layer implementations for OEMCrypto TA and WTPI unit tests
include $(REE_TOS_DIR)/ree_tos.target.mk
include $(REE_TOS_WTPI_DIR)/ree_tos_wtpi.target.mk
ifeq ($(USE_TA_REFERENCE_CRYPTO),yes)
include oemcrypto/opk/oemcrypto_ta/oemcrypto_ta_reference_crypto.target.mk
include oemcrypto/opk/oemcrypto_ta/wtpi_reference/oemcrypto_ta_reference_crypto.target.mk
ta_libs: oemcrypto_ta_reference_crypto
endif
ifeq ($(USE_TA_REFERENCE_CLOCK),yes)
include oemcrypto/opk/oemcrypto_ta/oemcrypto_ta_reference_clock.target.mk
include oemcrypto/opk/oemcrypto_ta/wtpi_reference/oemcrypto_ta_reference_clock.target.mk
ta_libs: oemcrypto_ta_reference_clock
endif
ifeq ($(USE_TA_REFERENCE_ROOT_OF_TRUST),yes)
include oemcrypto/opk/oemcrypto_ta/oemcrypto_ta_reference_root_of_trust.target.mk
include oemcrypto/opk/oemcrypto_ta/wtpi_reference/oemcrypto_ta_reference_root_of_trust.target.mk
ta_libs: oemcrypto_ta_reference_root_of_trust
endif
include oemcrypto/opk/build/liboemcrypto.target.mk

36
oemcrypto/opk/build/Makefile.optee
View File

@@ -1,8 +1,8 @@
# Makefile for OP-TEE liboemcrypto.so and the OP-TEE widevine trusted app
# $OPTEE must be defined as the root of the OP-TEE SDK
ifndef OPTEE
$(error OPTEE is undefined)
# $OPTEE_DIR must be defined as the root of the OP-TEE SDK
ifndef OPTEE_DIR
$(error OPTEE_DIR is undefined)
endif
# $CDM_DIR must be defined as the path to the top level of the OPK release
@@ -22,28 +22,31 @@ endif
OPTEE_PLATFORM ?= qemu
CFG_TEE_TA_MALLOC_DEBUG:=y
# Default toolchain dir from the optee repositories
OPTEE_TOOLCHAIN_DIR ?= $(OPTEE_DIR)/toolchains
ifeq ($(OPTEE_PLATFORM),qemu)
PLATFORM := vexpress-qemu_virt
TEEC_EXPORT ?= $(OPTEE)/out-br/build/optee_client_ext-1.0/libteec
OPTEE_TOOLCHAIN := $(OPTEE)/toolchains/aarch32
TA_DEV_KIT_DIR := $(OPTEE)/optee_os/out/arm/export-ta_arm32
TEEC_EXPORT ?= $(OPTEE_DIR)/out-br/build/optee_client_ext-1.0/libteec
OPTEE_TOOLCHAIN := $(OPTEE_TOOLCHAIN_DIR)/aarch32
TA_DEV_KIT_DIR := $(OPTEE_DIR)/optee_os/out/arm/export-ta_arm32
CROSS_COMPILE := arm-linux-gnueabihf-
CPPFLAGS := \
-isystem $(OPTEE_TOOLCHAIN)/lib/gcc/arm-none-linux-gnueabihf/10.2.1/include \
else ifeq ($(OPTEE_PLATFORM),stm32mp1)
TEEC_EXPORT ?= $(OPTEE)/out-br/build/optee_client_ext-1.0/libteec
OPTEE_TOOLCHAIN := $(OPTEE)/toolchains/aarch32
TA_DEV_KIT_DIR := $(OPTEE)/optee_os/out/arm/export-ta_arm32
TEEC_EXPORT ?= $(OPTEE_DIR)/out-br/build/optee_client_ext-1.0/libteec
OPTEE_TOOLCHAIN := $(OPTEE_TOOLCHAIN_DIR)/aarch32
TA_DEV_KIT_DIR := $(OPTEE_DIR)/optee_os/out/arm/export-ta_arm32
CROSS_COMPILE := arm-linux-gnueabihf-
CPPFLAGS := \
-isystem $(OPTEE_TOOLCHAIN)/lib/gcc/arm-none-linux-gnueabihf/10.2.1/include \
else ifeq ($(OPTEE_PLATFORM),nxpimx8m)
PLATFORM := imx-mx8mqevk
TEEC_EXPORT ?= $(OPTEE)/out-br/build/optee_client_ext-1.0/libteec
OPTEE_TOOLCHAIN := $(OPTEE)/toolchains/aarch64
TA_DEV_KIT_DIR := $(OPTEE)/optee_os/out/arm/export-ta_arm64
TEEC_EXPORT ?= $(OPTEE_DIR)/out-br/build/optee_client_ext-1.0/libteec
OPTEE_TOOLCHAIN := $(OPTEE_TOOLCHAIN_DIR)/aarch64
TA_DEV_KIT_DIR := $(OPTEE_DIR)/optee_os/out/arm/export-ta_arm64
CROSS_COMPILE := aarch64-linux-gnu-
CPPFLAGS := \
-isystem $(OPTEE_TOOLCHAIN)/lib/gcc/aarch64-none-linux-gnu/10.2.1/include \
@@ -58,7 +61,7 @@ CC_target := $(OPTEE_TOOLCHAIN)/bin/$(CROSS_COMPILE)gcc
CXX_target := $(OPTEE_TOOLCHAIN)/bin/$(CROSS_COMPILE)g++
AR_target := $(OPTEE_TOOLCHAIN)/bin/$(CROSS_COMPILE)ar
CPPFLAGS += \
-I $(OPTEE)/optee_client/public \
-I $(OPTEE_DIR)/optee_client/public \
-Wno-psabi \
# OEMCrypto TA optional components
@@ -72,7 +75,7 @@ $(info XXXXX builddir_name $(builddir_name))
# List libraries from the Trusted OS SDK to link into
# liboemcrypto.so
TRUSTED_OS_SDK_LIBS := $(OPTEE)/out-br/build/optee_client_ext-1.0/libteec/libteec.so
TRUSTED_OS_SDK_LIBS := $(OPTEE_DIR)/out-br/build/optee_client_ext-1.0/libteec/libteec.so
PORT_BASE_DIR:=../ports/optee
@@ -102,6 +105,7 @@ WTPI_UNITTEST_LDFLAGS := \
-L$(builddir)/ \
-L$(builddir)/obj.target/third_party \
-L$(builddir)/obj.target/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree \
-lcrypto \
-lopk_ree_api \
-lgtest \
-lwtpi_test_lib \
@@ -123,6 +127,10 @@ WTPI_IMPL_DIR := $(PORT_BASE_DIR)/ta/common/wtpi_impl
# host executable.
OEMCRYPTO_UNITTEST_DIR := $(PORT_BASE_DIR)/host/oemcrypto_unittests
# Makefile.opk expects this variable, which points to wtpi_unittests.target.mk.
# That makefile builds the wtpi unittest host executable.
WTPI_UNITTEST_DIR := $(PORT_BASE_DIR)/host/wtpi_unittests
# Makefile.opk expects these two variables. They point to ree_tos.target.mk and
# ree_tos_wtpi.target.mk respectively, which build the transport layer
# implementations ree_tos.a and ree_tos_wtpi.a

354
oemcrypto/opk/build/Makefile.rules Normal file
View File

@@ -0,0 +1,354 @@
# We borrow heavily from the kernel build setup, though we are simpler since
# we don't have Kconfig tweaking settings on us.
# The implicit make rules have it looking for RCS files, among other things.
# We instead explicitly write all the rules we care about.
# It's even quicker (saves ~200ms) to pass -r on the command line.
MAKEFLAGS=-r
# The source directory tree.
srcdir := ../../..
abs_srcdir := $(abspath $(srcdir))
# The name of the builddir.
builddir_name ?= out
# The V=1 flag on command line makes us verbosely print command lines.
ifdef V
quiet=
else
quiet=quiet_
endif
# Specify BUILDTYPE=Release on the command line for a release build.
BUILDTYPE ?= debug
# Directory all our build output goes into.
# Note that this must be two directories beneath src/ for unit tests to pass,
# as they reach into the src/ directory for data with relative paths.
builddir ?= $(builddir_name)/$(BUILDTYPE)
abs_builddir := $(abspath $(builddir))
depsdir := $(builddir)/.deps
# Object output directory.
obj := $(builddir)/obj
abs_obj := $(abspath $(obj))
# We build up a list of every single one of the targets so we can slurp in the
# generated dependency rule Makefiles in one pass.
all_deps :=
CC.target ?= $(CC_target)
CFLAGS.target ?= $(CPPFLAGS) $(CFLAGS)
CXX.target ?= $(CXX_target)
CXXFLAGS.target ?= $(CPPFLAGS) $(CXXFLAGS)
LINK.target ?= $(LINK)
LDFLAGS.target ?= $(LDFLAGS)
AR.target ?= $(AR)
# C++ apps need to be linked with g++.
LINK ?= $(CXX.target)
# TODO(evan): move all cross-compilation logic to gyp-time so we don't need
# to replicate this environment fallback in make as well.
CC.host ?= $(CC_host)
CFLAGS.host ?= $(CPPFLAGS_host) $(CFLAGS_host)
CXX.host ?= $(CXX_host)
CXXFLAGS.host ?= $(CPPFLAGS_host) $(CXXFLAGS_host)
LINK.host ?= $(CXX.host)
LDFLAGS.host ?= $(LDFLAGS_host)
AR.host ?= $(AR_host)
# Define a dir function that can handle spaces.
# http://www.gnu.org/software/make/manual/make.html#Syntax-of-Functions
# "leading spaces cannot appear in the text of the first argument as written.
# These characters can be put into the argument value by variable substitution."
empty :=
space := $(empty) $(empty)
# http://stackoverflow.com/questions/1189781/using-make-dir-or-notdir-on-a-path-with-spaces
replace_spaces = $(subst $(space),?,$1)
unreplace_spaces = $(subst ?,$(space),$1)
dirx = $(call unreplace_spaces,$(dir $(call replace_spaces,$1)))
# Flags to make gcc output dependency info. Note that you need to be
# careful here to use the flags that ccache and distcc can understand.
# We write to a dep file on the side first and then rename at the end
# so we can't end up with a broken dep file.
depfile = $(depsdir)/$(call replace_spaces,$@).d
DEPFLAGS = -MMD -MF $(depfile).raw
# We have to fixup the deps output in a few ways.
# (1) the file output should mention the proper .o file.
# ccache or distcc lose the path to the target, so we convert a rule of
# the form:
# foobar.o: DEP1 DEP2
# into
# path/to/foobar.o: DEP1 DEP2
# (2) we want missing files not to cause us to fail to build.
# We want to rewrite
# foobar.o: DEP1 DEP2 \
# DEP3
# to
# DEP1:
# DEP2:
# DEP3:
# so if the files are missing, they're just considered phony rules.
# We have to do some pretty insane escaping to get those backslashes
# and dollar signs past make, the shell, and sed at the same time.
# Doesn't work with spaces, but that's fine: .d files have spaces in
# their names replaced with other characters.
define fixup_dep
# The depfile may not exist if the input file didn't have any #includes.
touch $(depfile).raw
# Fixup path as in (1).
sed -e "s|^$(notdir $@)|$@|" $(depfile).raw >> $(depfile)
# Add extra rules as in (2).
# We remove slashes and replace spaces with new lines;
# remove blank lines;
# delete the first line and append a colon to the remaining lines.
sed -e 's|\\||' -e 'y| |\n|' $(depfile).raw |\
grep -v '^$$' |\
sed -e 1d -e 's|$$|:|' \
>> $(depfile)
rm $(depfile).raw
endef
# Command definitions:
# - cmd_foo is the actual command to run;
# - quiet_cmd_foo is the brief-output summary of the command.
quiet_cmd_cc = CC($(TOOLSET)) $@
cmd_cc = $(CC.$(TOOLSET)) $(GYP_CFLAGS) $(DEPFLAGS) $(CFLAGS.$(TOOLSET)) -c -o $@ $<
quiet_cmd_cxx = CXX($(TOOLSET)) $@
cmd_cxx = $(CXX.$(TOOLSET)) $(GYP_CXXFLAGS) $(DEPFLAGS) $(CXXFLAGS.$(TOOLSET)) -c -o $@ $<
quiet_cmd_touch = TOUCH $@
cmd_touch = touch $@
quiet_cmd_copy = COPY $@
# send stderr to /dev/null to ignore messages when linking directories.
cmd_copy = ln -f "$<" "$@" 2>/dev/null || (rm -rf "$@" && cp -af "$<" "$@")
quiet_cmd_alink = AR($(TOOLSET)) $@
cmd_alink = rm -f $@ && $(AR.$(TOOLSET)) crs $@ $(filter %.o,$^)
quiet_cmd_alink_thin = AR($(TOOLSET)) $@
cmd_alink_thin = rm -f $@ && $(AR.$(TOOLSET)) crsT $@ $(filter %.o,$^)
# Due to circular dependencies between libraries :(, we wrap the
# special "figure out circular dependencies" flags around the entire
# input list during linking.
quiet_cmd_link = LINK($(TOOLSET)) $@
cmd_link = $(LINK.$(TOOLSET)) $(GYP_LDFLAGS) $(LDFLAGS.$(TOOLSET)) -o $@ -Wl,--start-group $(LD_INPUTS) -Wl,--end-group $(LIBS)
# We support two kinds of shared objects (.so):
# 1) shared_library, which is just bundling together many dependent libraries
# into a link line.
# 2) loadable_module, which is generating a module intended for dlopen().
#
# They differ only slightly:
# In the former case, we want to package all dependent code into the .so.
# In the latter case, we want to package just the API exposed by the
# outermost module.
# This means shared_library uses --whole-archive, while loadable_module doesn't.
# (Note that --whole-archive is incompatible with the --start-group used in
# normal linking.)
# Other shared-object link notes:
# - Set SONAME to the library filename so our binaries don't reference
# the local, absolute paths used on the link command-line.
quiet_cmd_solink = SOLINK($(TOOLSET)) $@
cmd_solink = $(LINK.$(TOOLSET)) -shared $(GYP_LDFLAGS) $(LDFLAGS.$(TOOLSET)) -Wl,-soname=$(@F) -o $@ -Wl,--whole-archive $(LD_INPUTS) -Wl,--no-whole-archive $(LIBS)
quiet_cmd_solink_module = SOLINK_MODULE($(TOOLSET)) $@
cmd_solink_module = $(LINK.$(TOOLSET)) -shared $(GYP_LDFLAGS) $(LDFLAGS.$(TOOLSET)) -Wl,-soname=$(@F) -o $@ -Wl,--start-group $(filter-out FORCE_DO_CMD, $^) -Wl,--end-group $(LIBS)
# Define an escape_quotes function to escape single quotes.
# This allows us to handle quotes properly as long as we always use
# use single quotes and escape_quotes.
escape_quotes = $(subst ','\'',$(1))
# This comment is here just to include a ' to unconfuse syntax highlighting.
# Define an escape_vars function to escape '$' variable syntax.
# This allows us to read/write command lines with shell variables (e.g.
# $LD_LIBRARY_PATH), without triggering make substitution.
escape_vars = $(subst $$,$$$$,$(1))
# Helper that expands to a shell command to echo a string exactly as it is in
# make. This uses printf instead of echo because printf's behaviour with respect
# to escape sequences is more portable than echo's across different shells
# (e.g., dash, bash).
exact_echo = printf '%s\n' '$(call escape_quotes,$(1))'
# Helper to compare the command we're about to run against the command
# we logged the last time we ran the command. Produces an empty
# string (false) when the commands match.
# Tricky point: Make has no string-equality test function.
# The kernel uses the following, but it seems like it would have false
# positives, where one string reordered its arguments.
# arg_check = $(strip $(filter-out $(cmd_$(1)), $(cmd_$@)) \
# $(filter-out $(cmd_$@), $(cmd_$(1))))
# We instead substitute each for the empty string into the other, and
# say they're equal if both substitutions produce the empty string.
# .d files contain ? instead of spaces, take that into account.
command_changed = $(or $(subst $(cmd_$(1)),,$(cmd_$(call replace_spaces,$@))),\
$(subst $(cmd_$(call replace_spaces,$@)),,$(cmd_$(1))))
# Helper that is non-empty when a prerequisite changes.
# Normally make does this implicitly, but we force rules to always run
# so we can check their command lines.
# $? -- new prerequisites
# $| -- order-only dependencies
prereq_changed = $(filter-out FORCE_DO_CMD,$(filter-out $|,$?))
# Helper that executes all postbuilds until one fails.
define do_postbuilds
@E=0;\
for p in $(POSTBUILDS); do\
eval $$p;\
E=$$?;\
if [ $$E -ne 0 ]; then\
break;\
fi;\
done;\
if [ $$E -ne 0 ]; then\
rm -rf "$@";\
exit $$E;\
fi
endef
# do_cmd: run a command via the above cmd_foo names, if necessary.
# Should always run for a given target to handle command-line changes.
# Second argument, if non-zero, makes it do asm/C/C++ dependency munging.
# Third argument, if non-zero, makes it do POSTBUILDS processing.
# Note: We intentionally do NOT call dirx for depfile, since it contains ? for
# spaces already and dirx strips the ? characters.
define do_cmd
$(if $(or $(command_changed),$(prereq_changed)),
@$(call exact_echo, $($(quiet)cmd_$(1)))
@mkdir -p "$(call dirx,$@)" "$(dir $(depfile))"
$(if $(findstring flock,$(word 1,$(cmd_$1))),
@$(cmd_$(1))
@echo " $(quiet_cmd_$(1)): Finished",
@$(cmd_$(1))
)
@$(call exact_echo,$(call escape_vars,cmd_$(call replace_spaces,$@) := $(cmd_$(1)))) > $(depfile)
@$(if $(2),$(fixup_dep))
$(if $(and $(3), $(POSTBUILDS)),
$(call do_postbuilds)
)
)
endef
# Declare the "all" target first so it is the default,
# even though we don't have the deps yet.
.PHONY: all
all:
# make looks for ways to re-generate included makefiles, but in our case, we
# don't have a direct way. Explicitly telling make that it has nothing to do
# for them makes it go faster.
%.d: ;
# Use FORCE_DO_CMD to force a target to run. Should be coupled with
# do_cmd.
.PHONY: FORCE_DO_CMD
FORCE_DO_CMD:
TOOLSET := target
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/%.o: $(srcdir)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/%.o: $(srcdir)/%.cc FORCE_DO_CMD
@$(call do_cmd,cxx,1)
$(obj).$(TOOLSET)/%.o: $(srcdir)/%.cpp FORCE_DO_CMD
@$(call do_cmd,cxx,1)
$(obj).$(TOOLSET)/%.o: $(srcdir)/%.cxx FORCE_DO_CMD
@$(call do_cmd,cxx,1)
$(obj).$(TOOLSET)/%.o: $(srcdir)/%.s FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/%.o: $(srcdir)/%.S FORCE_DO_CMD
@$(call do_cmd,cc,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/%.o: $(obj).$(TOOLSET)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/%.o: $(obj).$(TOOLSET)/%.cc FORCE_DO_CMD
@$(call do_cmd,cxx,1)
$(obj).$(TOOLSET)/%.o: $(obj).$(TOOLSET)/%.cpp FORCE_DO_CMD
@$(call do_cmd,cxx,1)
$(obj).$(TOOLSET)/%.o: $(obj).$(TOOLSET)/%.cxx FORCE_DO_CMD
@$(call do_cmd,cxx,1)
$(obj).$(TOOLSET)/%.o: $(obj).$(TOOLSET)/%.s FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/%.o: $(obj).$(TOOLSET)/%.S FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/%.o: $(obj)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/%.o: $(obj)/%.cc FORCE_DO_CMD
@$(call do_cmd,cxx,1)
$(obj).$(TOOLSET)/%.o: $(obj)/%.cpp FORCE_DO_CMD
@$(call do_cmd,cxx,1)
$(obj).$(TOOLSET)/%.o: $(obj)/%.cxx FORCE_DO_CMD
@$(call do_cmd,cxx,1)
$(obj).$(TOOLSET)/%.o: $(obj)/%.s FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/%.o: $(obj)/%.S FORCE_DO_CMD
@$(call do_cmd,cc,1)
ifeq ($(strip $(foreach prefix,$(NO_LOAD),\
$(findstring $(join ^,$(prefix)),\
$(join ^,oemcrypto/odk/src/odk.target.mk)))),)
include oemcrypto/odk/src/odk.target.mk
endif
ifeq ($(strip $(foreach prefix,$(NO_LOAD),\
$(findstring $(join ^,$(prefix)),\
$(join ^,oemcrypto/opk/build/ta.target.mk)))),)
include oemcrypto/opk/build/ta.target.mk
endif
ifeq ($(strip $(foreach prefix,$(NO_LOAD),\
$(findstring $(join ^,$(prefix)),\
$(join ^,oemcrypto/opk/oemcrypto_ta/oemcrypto_ta.target.mk)))),)
include oemcrypto/opk/oemcrypto_ta/oemcrypto_ta.target.mk
endif
ifeq ($(strip $(foreach prefix,$(NO_LOAD),\
$(findstring $(join ^,$(prefix)),\
$(join ^,oemcrypto/opk/oemcrypto_ta/wtpi_reference/oemcrypto_ta_reference_clock.target.mk)))),)
include oemcrypto/opk/oemcrypto_ta/wtpi_reference/oemcrypto_ta_reference_clock.target.mk
endif
ifeq ($(strip $(foreach prefix,$(NO_LOAD),\
$(findstring $(join ^,$(prefix)),\
$(join ^,oemcrypto/opk/oemcrypto_ta/wtpi_reference/oemcrypto_ta_reference_crypto.target.mk)))),)
include oemcrypto/opk/oemcrypto_ta/wtpi_reference/oemcrypto_ta_reference_crypto.target.mk
endif
ifeq ($(strip $(foreach prefix,$(NO_LOAD),\
$(findstring $(join ^,$(prefix)),\
$(join ^,oemcrypto/opk/oemcrypto_ta/wtpi_reference/oemcrypto_ta_reference_root_of_trust.target.mk)))),)
include oemcrypto/opk/oemcrypto_ta/wtpi_reference/oemcrypto_ta_reference_root_of_trust.target.mk
endif
ifeq ($(strip $(foreach prefix,$(NO_LOAD),\
$(findstring $(join ^,$(prefix)),\
$(join ^,oemcrypto/opk/serialization/tee/opk_tee.target.mk)))),)
include oemcrypto/opk/serialization/tee/opk_tee.target.mk
endif
ifeq ($(strip $(foreach prefix,$(NO_LOAD),\
$(findstring $(join ^,$(prefix)),\
$(join ^,third_party/boringssl/crypto.target.mk)))),)
include third_party/boringssl/crypto.target.mk
endif
# "all" is a concatenation of the "all" targets from all the included
# sub-makefiles. This is just here to clarify.
all:
# Add in dependency-tracking rules. $(all_deps) is the list of every single
# target in our tree. Only consider the ones with .d (dependency) info:
d_files := $(wildcard $(foreach f,$(all_deps),$(depsdir)/$(f).d))
ifneq ($(d_files),)
include $(d_files)
endif

139
oemcrypto/opk/build/oemcrypto/odk/src/odk.target.mk Normal file
View File

@@ -0,0 +1,139 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := odk
DEFS_debug := \
'-D_DEFAULT_SOURCE' \
'-D_DEBUG' \
'-D_GLIBCXX_DEBUG'
# Flags passed to all source files.
CFLAGS_debug := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-Wno-error=cast-qual \
-g \
-Og
# Flags passed to only C files.
CFLAGS_C_debug := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L \
-Wno-error=bad-function-cast
# Flags passed to only C++ files.
CFLAGS_CC_debug := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_debug := \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/oemcrypto/include
DEFS_release := \
'-D_DEFAULT_SOURCE' \
'-DNDEBUG'
# Flags passed to all source files.
CFLAGS_release := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-Wno-error=cast-qual \
-O2 \
-g0
# Flags passed to only C files.
CFLAGS_C_release := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L \
-Wno-error=bad-function-cast
# Flags passed to only C++ files.
CFLAGS_CC_release := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_release := \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/oemcrypto/include
OBJS := \
$(obj).target/$(TARGET)/oemcrypto/odk/src/odk.o \
$(obj).target/$(TARGET)/oemcrypto/odk/src/odk_message.o \
$(obj).target/$(TARGET)/oemcrypto/odk/src/odk_overflow.o \
$(obj).target/$(TARGET)/oemcrypto/odk/src/odk_serialize.o \
$(obj).target/$(TARGET)/oemcrypto/odk/src/odk_timer.o \
$(obj).target/$(TARGET)/oemcrypto/odk/src/odk_util.o \
$(obj).target/$(TARGET)/oemcrypto/odk/src/serialization_base.o
# Add to the list of files we specially track dependencies for.
all_deps += $(OBJS)
# CFLAGS et al overrides must be target-local.
# See "Target-specific Variable Values" in the GNU Make manual.
$(OBJS): TOOLSET := $(TOOLSET)
$(OBJS): GYP_CFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_C_$(BUILDTYPE))
$(OBJS): GYP_CXXFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_CC_$(BUILDTYPE))
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(srcdir)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj).$(TOOLSET)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# End of this set of suffix rules
### Rules for final target.
LDFLAGS_debug :=
LDFLAGS_release := \
-O2 \
-Wl,--strip-debug
LIBS :=
$(obj).target/oemcrypto/odk/src/libodk.a: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/oemcrypto/odk/src/libodk.a: LIBS := $(LIBS)
$(obj).target/oemcrypto/odk/src/libodk.a: TOOLSET := $(TOOLSET)
$(obj).target/oemcrypto/odk/src/libodk.a: $(OBJS) FORCE_DO_CMD
$(call do_cmd,alink)
all_deps += $(obj).target/oemcrypto/odk/src/libodk.a
# Add target alias
.PHONY: odk
odk: $(obj).target/oemcrypto/odk/src/libodk.a
# Add target alias to "all" target.
.PHONY: all
all: odk
# Add target alias
.PHONY: odk
odk: $(builddir)/libodk.a
# Copy this to the static library output path.
$(builddir)/libodk.a: TOOLSET := $(TOOLSET)
$(builddir)/libodk.a: $(obj).target/oemcrypto/odk/src/libodk.a FORCE_DO_CMD
$(call do_cmd,copy)
all_deps += $(builddir)/libodk.a
# Short alias for building this static library.
.PHONY: libodk.a
libodk.a: $(obj).target/oemcrypto/odk/src/libodk.a $(builddir)/libodk.a
# Add static library to "all" target.
.PHONY: all
all: $(builddir)/libodk.a

43
oemcrypto/opk/build/oemcrypto/opk/build/liboemcrypto.target.mk Normal file
View File

@@ -0,0 +1,43 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := liboemcrypto
### Rules for final target.
LDFLAGS_debug := \
$(LIBOEMCRYPTO_LDFLAGS)
LDFLAGS_release := \
$(LIBOEMCRYPTO_LDFLAGS) \
-O2 \
-Wl,--strip-debug
LIBS := \
$(TRUSTED_OS_SDK_LIBS) \
$(builddir)/libree_tos.a
$(obj).target/oemcrypto/opk/build/liboemcrypto.so: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/oemcrypto/opk/build/liboemcrypto.so: LIBS := $(LIBS)
$(obj).target/oemcrypto/opk/build/liboemcrypto.so: LD_INPUTS := $(obj).target/oemcrypto/opk/serialization/ree/libopk_ree.a
$(obj).target/oemcrypto/opk/build/liboemcrypto.so: TOOLSET := $(TOOLSET)
$(obj).target/oemcrypto/opk/build/liboemcrypto.so: $(obj).target/oemcrypto/opk/serialization/ree/libopk_ree.a FORCE_DO_CMD
$(call do_cmd,solink)
all_deps += $(obj).target/oemcrypto/opk/build/liboemcrypto.so
# Add target alias
.PHONY: liboemcrypto
liboemcrypto: $(builddir)/lib.target/liboemcrypto.so
# Copy this to the shared library output path.
$(builddir)/lib.target/liboemcrypto.so: TOOLSET := $(TOOLSET)
$(builddir)/lib.target/liboemcrypto.so: $(obj).target/oemcrypto/opk/build/liboemcrypto.so FORCE_DO_CMD
$(call do_cmd,copy)
all_deps += $(builddir)/lib.target/liboemcrypto.so
# Short alias for building this shared library.
.PHONY: liboemcrypto.so
liboemcrypto.so: $(obj).target/oemcrypto/opk/build/liboemcrypto.so $(builddir)/lib.target/liboemcrypto.so
# Add shared library to "all" target.
.PHONY: all
all: $(builddir)/lib.target/liboemcrypto.so

46
oemcrypto/opk/build/oemcrypto/opk/build/ta.target.mk Normal file
View File

@@ -0,0 +1,46 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := ta
### Rules for final target.
LDFLAGS_debug :=
LDFLAGS_release := \
-O2 \
-Wl,--strip-debug
LIBS :=
$(obj).target/oemcrypto/opk/build/libta.a: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/oemcrypto/opk/build/libta.a: LIBS := $(LIBS)
$(obj).target/oemcrypto/opk/build/libta.a: TOOLSET := $(TOOLSET)
$(obj).target/oemcrypto/opk/build/libta.a: FORCE_DO_CMD
$(call do_cmd,alink)
all_deps += $(obj).target/oemcrypto/opk/build/libta.a
# Add target alias
.PHONY: ta
ta: $(obj).target/oemcrypto/opk/build/libta.a
# Add target alias to "all" target.
.PHONY: all
all: ta
# Add target alias
.PHONY: ta
ta: $(builddir)/libta.a
# Copy this to the static library output path.
$(builddir)/libta.a: TOOLSET := $(TOOLSET)
$(builddir)/libta.a: $(obj).target/oemcrypto/opk/build/libta.a FORCE_DO_CMD
$(call do_cmd,copy)
all_deps += $(builddir)/libta.a
# Short alias for building this static library.
.PHONY: libta.a
libta.a: $(obj).target/oemcrypto/opk/build/libta.a $(builddir)/libta.a
# Add static library to "all" target.
.PHONY: all
all: $(builddir)/libta.a

156
oemcrypto/opk/build/oemcrypto/opk/oemcrypto_ta/oemcrypto_ta.target.mk Normal file
View File

@@ -0,0 +1,156 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := oemcrypto_ta
DEFS_debug := \
'-D_DEFAULT_SOURCE' \
'-D_DEBUG' \
'-D_GLIBCXX_DEBUG'
# Flags passed to all source files.
CFLAGS_debug := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-pedantic \
-pedantic-errors \
-Werror=pedantic \
-g \
-Og
# Flags passed to only C files.
CFLAGS_C_debug := \
-D_POSIX_C_SOURCE=200809L \
-std=c99
# Flags passed to only C++ files.
CFLAGS_CC_debug := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_debug := \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(WTPI_CONFIG_MACRO_DIR) \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/odk/include
DEFS_release := \
'-D_DEFAULT_SOURCE' \
'-DNDEBUG'
# Flags passed to all source files.
CFLAGS_release := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-pedantic \
-pedantic-errors \
-Werror=pedantic \
-O2 \
-g0
# Flags passed to only C files.
CFLAGS_C_release := \
-D_POSIX_C_SOURCE=200809L \
-std=c99
# Flags passed to only C++ files.
CFLAGS_CC_release := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_release := \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(WTPI_CONFIG_MACRO_DIR) \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/odk/include
OBJS := \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/oemcrypto.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/oemcrypto_asymmetric_key_table.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/oemcrypto_key.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/oemcrypto_key_control_block.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/oemcrypto_key_table.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/oemcrypto_object_table.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/oemcrypto_output.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/oemcrypto_overflow.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/oemcrypto_serialized_usage_table.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/oemcrypto_session.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/oemcrypto_session_key_table.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/oemcrypto_session_table.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/oemcrypto_usage_table.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/oemcrypto_wall_clock.o
# Add to the list of files we specially track dependencies for.
all_deps += $(OBJS)
# CFLAGS et al overrides must be target-local.
# See "Target-specific Variable Values" in the GNU Make manual.
$(OBJS): TOOLSET := $(TOOLSET)
$(OBJS): GYP_CFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_C_$(BUILDTYPE))
$(OBJS): GYP_CXXFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_CC_$(BUILDTYPE))
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(srcdir)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj).$(TOOLSET)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# End of this set of suffix rules
### Rules for final target.
LDFLAGS_debug :=
LDFLAGS_release := \
-O2 \
-Wl,--strip-debug
LIBS :=
$(obj).target/oemcrypto/opk/oemcrypto_ta/liboemcrypto_ta.a: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/oemcrypto/opk/oemcrypto_ta/liboemcrypto_ta.a: LIBS := $(LIBS)
$(obj).target/oemcrypto/opk/oemcrypto_ta/liboemcrypto_ta.a: TOOLSET := $(TOOLSET)
$(obj).target/oemcrypto/opk/oemcrypto_ta/liboemcrypto_ta.a: $(OBJS) FORCE_DO_CMD
$(call do_cmd,alink)
all_deps += $(obj).target/oemcrypto/opk/oemcrypto_ta/liboemcrypto_ta.a
# Add target alias
.PHONY: oemcrypto_ta
oemcrypto_ta: $(obj).target/oemcrypto/opk/oemcrypto_ta/liboemcrypto_ta.a
# Add target alias to "all" target.
.PHONY: all
all: oemcrypto_ta
# Add target alias
.PHONY: oemcrypto_ta
oemcrypto_ta: $(builddir)/liboemcrypto_ta.a
# Copy this to the static library output path.
$(builddir)/liboemcrypto_ta.a: TOOLSET := $(TOOLSET)
$(builddir)/liboemcrypto_ta.a: $(obj).target/oemcrypto/opk/oemcrypto_ta/liboemcrypto_ta.a FORCE_DO_CMD
$(call do_cmd,copy)
all_deps += $(builddir)/liboemcrypto_ta.a
# Short alias for building this static library.
.PHONY: liboemcrypto_ta.a
liboemcrypto_ta.a: $(obj).target/oemcrypto/opk/oemcrypto_ta/liboemcrypto_ta.a $(builddir)/liboemcrypto_ta.a
# Add static library to "all" target.
.PHONY: all
all: $(builddir)/liboemcrypto_ta.a

143
oemcrypto/opk/build/oemcrypto/opk/oemcrypto_ta/wtpi_reference/oemcrypto_ta_reference_clock.target.mk Normal file
View File

@@ -0,0 +1,143 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := oemcrypto_ta_reference_clock
DEFS_debug := \
'-D_DEFAULT_SOURCE' \
'-D_DEBUG' \
'-D_GLIBCXX_DEBUG'
# Flags passed to all source files.
CFLAGS_debug := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-pedantic \
-pedantic-errors \
-Werror=pedantic \
-g \
-Og
# Flags passed to only C files.
CFLAGS_C_debug := \
-D_POSIX_C_SOURCE=200809L \
-std=c99
# Flags passed to only C++ files.
CFLAGS_CC_debug := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_debug := \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(WTPI_CONFIG_MACRO_DIR) \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/odk/include
DEFS_release := \
'-D_DEFAULT_SOURCE' \
'-DNDEBUG'
# Flags passed to all source files.
CFLAGS_release := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-pedantic \
-pedantic-errors \
-Werror=pedantic \
-O2 \
-g0
# Flags passed to only C files.
CFLAGS_C_release := \
-D_POSIX_C_SOURCE=200809L \
-std=c99
# Flags passed to only C++ files.
CFLAGS_CC_release := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_release := \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(WTPI_CONFIG_MACRO_DIR) \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/odk/include
OBJS := \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_clock_and_gn_layer1.o
# Add to the list of files we specially track dependencies for.
all_deps += $(OBJS)
# CFLAGS et al overrides must be target-local.
# See "Target-specific Variable Values" in the GNU Make manual.
$(OBJS): TOOLSET := $(TOOLSET)
$(OBJS): GYP_CFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_C_$(BUILDTYPE))
$(OBJS): GYP_CXXFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_CC_$(BUILDTYPE))
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(srcdir)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj).$(TOOLSET)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# End of this set of suffix rules
### Rules for final target.
LDFLAGS_debug :=
LDFLAGS_release := \
-O2 \
-Wl,--strip-debug
LIBS :=
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_clock.a: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_clock.a: LIBS := $(LIBS)
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_clock.a: TOOLSET := $(TOOLSET)
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_clock.a: $(OBJS) FORCE_DO_CMD
$(call do_cmd,alink)
all_deps += $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_clock.a
# Add target alias
.PHONY: oemcrypto_ta_reference_clock
oemcrypto_ta_reference_clock: $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_clock.a
# Add target alias to "all" target.
.PHONY: all
all: oemcrypto_ta_reference_clock
# Add target alias
.PHONY: oemcrypto_ta_reference_clock
oemcrypto_ta_reference_clock: $(builddir)/liboemcrypto_ta_reference_clock.a
# Copy this to the static library output path.
$(builddir)/liboemcrypto_ta_reference_clock.a: TOOLSET := $(TOOLSET)
$(builddir)/liboemcrypto_ta_reference_clock.a: $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_clock.a FORCE_DO_CMD
$(call do_cmd,copy)
all_deps += $(builddir)/liboemcrypto_ta_reference_clock.a
# Short alias for building this static library.
.PHONY: liboemcrypto_ta_reference_clock.a
liboemcrypto_ta_reference_clock.a: $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_clock.a $(builddir)/liboemcrypto_ta_reference_clock.a
# Add static library to "all" target.
.PHONY: all
all: $(builddir)/liboemcrypto_ta_reference_clock.a

155
oemcrypto/opk/build/oemcrypto/opk/oemcrypto_ta/wtpi_reference/oemcrypto_ta_reference_crypto.target.mk Normal file
View File

@@ -0,0 +1,155 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := oemcrypto_ta_reference_crypto
DEFS_debug := \
'-D_DEFAULT_SOURCE' \
'-D_DEBUG' \
'-D_GLIBCXX_DEBUG'
# Flags passed to all source files.
CFLAGS_debug := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-pedantic \
-pedantic-errors \
-Werror=pedantic \
-g \
-Og
# Flags passed to only C files.
CFLAGS_C_debug := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L \
-std=c11
# Flags passed to only C++ files.
CFLAGS_CC_debug := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_debug := \
-I$(WTPI_CONFIG_MACRO_DIR) \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_reference \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/third_party/boringssl/kit/src/include
DEFS_release := \
'-D_DEFAULT_SOURCE' \
'-DNDEBUG'
# Flags passed to all source files.
CFLAGS_release := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-pedantic \
-pedantic-errors \
-Werror=pedantic \
-O2 \
-g0
# Flags passed to only C files.
CFLAGS_C_release := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L \
-std=c11
# Flags passed to only C++ files.
CFLAGS_CC_release := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_release := \
-I$(WTPI_CONFIG_MACRO_DIR) \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_reference \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/third_party/boringssl/kit/src/include
OBJS := \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_reference/crypto_util.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_reference/ecc_util.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_reference/rsa_util.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crc32.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_asymmetric.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_decrypt_sample.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_and_key_management_layer1_openssl.o
# Add to the list of files we specially track dependencies for.
all_deps += $(OBJS)
# CFLAGS et al overrides must be target-local.
# See "Target-specific Variable Values" in the GNU Make manual.
$(OBJS): TOOLSET := $(TOOLSET)
$(OBJS): GYP_CFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_C_$(BUILDTYPE))
$(OBJS): GYP_CXXFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_CC_$(BUILDTYPE))
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(srcdir)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj).$(TOOLSET)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# End of this set of suffix rules
### Rules for final target.
LDFLAGS_debug :=
LDFLAGS_release := \
-O2 \
-Wl,--strip-debug
LIBS :=
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_crypto.a: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_crypto.a: LIBS := $(LIBS)
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_crypto.a: TOOLSET := $(TOOLSET)
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_crypto.a: $(OBJS) FORCE_DO_CMD
$(call do_cmd,alink)
all_deps += $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_crypto.a
# Add target alias
.PHONY: oemcrypto_ta_reference_crypto
oemcrypto_ta_reference_crypto: $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_crypto.a
# Add target alias to "all" target.
.PHONY: all
all: oemcrypto_ta_reference_crypto
# Add target alias
.PHONY: oemcrypto_ta_reference_crypto
oemcrypto_ta_reference_crypto: $(builddir)/liboemcrypto_ta_reference_crypto.a
# Copy this to the static library output path.
$(builddir)/liboemcrypto_ta_reference_crypto.a: TOOLSET := $(TOOLSET)
$(builddir)/liboemcrypto_ta_reference_crypto.a: $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_crypto.a FORCE_DO_CMD
$(call do_cmd,copy)
all_deps += $(builddir)/liboemcrypto_ta_reference_crypto.a
# Short alias for building this static library.
.PHONY: liboemcrypto_ta_reference_crypto.a
liboemcrypto_ta_reference_crypto.a: $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_crypto.a $(builddir)/liboemcrypto_ta_reference_crypto.a
# Add static library to "all" target.
.PHONY: all
all: $(builddir)/liboemcrypto_ta_reference_crypto.a

145
oemcrypto/opk/build/oemcrypto/opk/oemcrypto_ta/wtpi_reference/oemcrypto_ta_reference_root_of_trust.target.mk Normal file
View File

@@ -0,0 +1,145 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := oemcrypto_ta_reference_root_of_trust
DEFS_debug := \
'-D_DEFAULT_SOURCE' \
'-D_DEBUG' \
'-D_GLIBCXX_DEBUG'
# Flags passed to all source files.
CFLAGS_debug := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-pedantic \
-pedantic-errors \
-Werror=pedantic \
-g \
-Og
# Flags passed to only C files.
CFLAGS_C_debug := \
-D_POSIX_C_SOURCE=200809L \
-std=c99
# Flags passed to only C++ files.
CFLAGS_CC_debug := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_debug := \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(WTPI_CONFIG_MACRO_DIR) \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/odk/include
DEFS_release := \
'-D_DEFAULT_SOURCE' \
'-DNDEBUG'
# Flags passed to all source files.
CFLAGS_release := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-pedantic \
-pedantic-errors \
-Werror=pedantic \
-O2 \
-g0
# Flags passed to only C files.
CFLAGS_C_release := \
-D_POSIX_C_SOURCE=200809L \
-std=c99
# Flags passed to only C++ files.
CFLAGS_CC_release := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_release := \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(WTPI_CONFIG_MACRO_DIR) \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/odk/include
OBJS := \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_wrap_asymmetric.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_device_key.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_root_of_trust_layer1.o
# Add to the list of files we specially track dependencies for.
all_deps += $(OBJS)
# CFLAGS et al overrides must be target-local.
# See "Target-specific Variable Values" in the GNU Make manual.
$(OBJS): TOOLSET := $(TOOLSET)
$(OBJS): GYP_CFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_C_$(BUILDTYPE))
$(OBJS): GYP_CXXFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_CC_$(BUILDTYPE))
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(srcdir)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj).$(TOOLSET)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# End of this set of suffix rules
### Rules for final target.
LDFLAGS_debug :=
LDFLAGS_release := \
-O2 \
-Wl,--strip-debug
LIBS :=
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_root_of_trust.a: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_root_of_trust.a: LIBS := $(LIBS)
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_root_of_trust.a: TOOLSET := $(TOOLSET)
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_root_of_trust.a: $(OBJS) FORCE_DO_CMD
$(call do_cmd,alink)
all_deps += $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_root_of_trust.a
# Add target alias
.PHONY: oemcrypto_ta_reference_root_of_trust
oemcrypto_ta_reference_root_of_trust: $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_root_of_trust.a
# Add target alias to "all" target.
.PHONY: all
all: oemcrypto_ta_reference_root_of_trust
# Add target alias
.PHONY: oemcrypto_ta_reference_root_of_trust
oemcrypto_ta_reference_root_of_trust: $(builddir)/liboemcrypto_ta_reference_root_of_trust.a
# Copy this to the static library output path.
$(builddir)/liboemcrypto_ta_reference_root_of_trust.a: TOOLSET := $(TOOLSET)
$(builddir)/liboemcrypto_ta_reference_root_of_trust.a: $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_root_of_trust.a FORCE_DO_CMD
$(call do_cmd,copy)
all_deps += $(builddir)/liboemcrypto_ta_reference_root_of_trust.a
# Short alias for building this static library.
.PHONY: liboemcrypto_ta_reference_root_of_trust.a
liboemcrypto_ta_reference_root_of_trust.a: $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_reference/liboemcrypto_ta_reference_root_of_trust.a $(builddir)/liboemcrypto_ta_reference_root_of_trust.a
# Add static library to "all" target.
.PHONY: all
all: $(builddir)/liboemcrypto_ta_reference_root_of_trust.a

151
oemcrypto/opk/build/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/opk_ree_api.target.mk Normal file
View File

@@ -0,0 +1,151 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := opk_ree_api
DEFS_debug := \
'-DENABLE_LOGGING=1' \
'-DMIN_LOG_LEVEL=LOG_LEVEL_DEBUG' \
'-DENABLE_ANSI_COLORS=1' \
'-D_DEBUG' \
'-D_GLIBCXX_DEBUG'
# Flags passed to all source files.
CFLAGS_debug := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-g \
-Werror=all \
-g \
-Og
# Flags passed to only C files.
CFLAGS_C_debug := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_debug := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_debug := \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test/common \
-I$(srcdir)/third_party/nlohmann-json/single_include \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/oemcrypto/opk/serialization/os_interfaces \
-I$(srcdir)/oemcrypto/opk/serialization/common/include \
-I$(srcdir)/oemcrypto/opk/serialization/generator
DEFS_release := \
'-DENABLE_LOGGING=1' \
'-DMIN_LOG_LEVEL=LOG_LEVEL_DEBUG' \
'-DENABLE_ANSI_COLORS=1' \
'-DNDEBUG'
# Flags passed to all source files.
CFLAGS_release := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-g \
-Werror=all \
-O2 \
-g0
# Flags passed to only C files.
CFLAGS_C_release := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_release := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_release := \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test/common \
-I$(srcdir)/third_party/nlohmann-json/single_include \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/oemcrypto/opk/serialization/os_interfaces \
-I$(srcdir)/oemcrypto/opk/serialization/common/include \
-I$(srcdir)/oemcrypto/opk/serialization/generator
OBJS := \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/GEN_ree_serializer.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/GEN_oemcrypto_tee_test_api.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/ree_special_cases.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/GEN_common_serializer.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/common_special_cases.o \
$(obj).target/$(TARGET)/oemcrypto/odk/src/odk_message.o \
$(obj).target/$(TARGET)/oemcrypto/odk/src/odk_overflow.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/bump_allocator.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/log_macros.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/length_types.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/marshaller_base.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/opk_init.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/opk_serialization_base.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/shared_buffer_allocator.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/ree/api_support.o
# Add to the list of files we specially track dependencies for.
all_deps += $(OBJS)
# CFLAGS et al overrides must be target-local.
# See "Target-specific Variable Values" in the GNU Make manual.
$(OBJS): TOOLSET := $(TOOLSET)
$(OBJS): GYP_CFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_C_$(BUILDTYPE))
$(OBJS): GYP_CXXFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_CC_$(BUILDTYPE))
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(srcdir)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj).$(TOOLSET)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# End of this set of suffix rules
### Rules for final target.
LDFLAGS_debug :=
LDFLAGS_release := \
-O2 \
-Wl,--strip-debug
LIBS :=
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/libopk_ree_api.a: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/libopk_ree_api.a: LIBS := $(LIBS)
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/libopk_ree_api.a: TOOLSET := $(TOOLSET)
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/libopk_ree_api.a: $(OBJS) FORCE_DO_CMD
$(call do_cmd,alink_thin)
all_deps += $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/libopk_ree_api.a
# Add target alias
.PHONY: opk_ree_api
opk_ree_api: $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/libopk_ree_api.a
# Add target alias to "all" target.
.PHONY: all
all: opk_ree_api

154
oemcrypto/opk/build/oemcrypto/opk/oemcrypto_ta/wtpi_test/tee/opk_tee_wtpi_test.target.mk Normal file
View File

@@ -0,0 +1,154 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := opk_tee_wtpi_test
DEFS_debug := \
'-DENABLE_LOGGING=1' \
'-DMIN_LOG_LEVEL=LOG_LEVEL_DEBUG' \
'-DENABLE_ANSI_COLORS=1' \
'-D_DEBUG' \
'-D_GLIBCXX_DEBUG'
# Flags passed to all source files.
CFLAGS_debug := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-g \
-Werror=all \
-g \
-Og
# Flags passed to only C files.
CFLAGS_C_debug := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_debug := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_debug := \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test/common \
-I$(srcdir)/third_party/nlohmann-json/single_include \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/oemcrypto/opk/serialization/os_interfaces \
-I$(srcdir)/oemcrypto/opk/serialization/common/include \
-I$(srcdir)/oemcrypto/opk/serialization/generator \
-I$(srcdir)/oemcrypto/opk/serialization/tee/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test/generator
DEFS_release := \
'-DENABLE_LOGGING=1' \
'-DMIN_LOG_LEVEL=LOG_LEVEL_DEBUG' \
'-DENABLE_ANSI_COLORS=1' \
'-DNDEBUG'
# Flags passed to all source files.
CFLAGS_release := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-g \
-Werror=all \
-O2 \
-g0
# Flags passed to only C files.
CFLAGS_C_release := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_release := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_release := \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test/common \
-I$(srcdir)/third_party/nlohmann-json/single_include \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/oemcrypto/opk/serialization/os_interfaces \
-I$(srcdir)/oemcrypto/opk/serialization/common/include \
-I$(srcdir)/oemcrypto/opk/serialization/generator \
-I$(srcdir)/oemcrypto/opk/serialization/tee/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test/generator
OBJS := \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/tee/GEN_dispatcher.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/tee/GEN_tee_serializer.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/tee/tee_special_cases.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/GEN_common_serializer.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/common_special_cases.o \
$(obj).target/$(TARGET)/oemcrypto/odk/src/odk_message.o \
$(obj).target/$(TARGET)/oemcrypto/odk/src/odk_overflow.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/bump_allocator.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/length_types.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/log_macros.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/marshaller_base.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/opk_init.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/opk_serialization_base.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/shared_buffer_allocator.o
# Add to the list of files we specially track dependencies for.
all_deps += $(OBJS)
# CFLAGS et al overrides must be target-local.
# See "Target-specific Variable Values" in the GNU Make manual.
$(OBJS): TOOLSET := $(TOOLSET)
$(OBJS): GYP_CFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_C_$(BUILDTYPE))
$(OBJS): GYP_CXXFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_CC_$(BUILDTYPE))
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(srcdir)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj).$(TOOLSET)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# End of this set of suffix rules
### Rules for final target.
LDFLAGS_debug :=
LDFLAGS_release := \
-O2 \
-Wl,--strip-debug
LIBS :=
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/tee/libopk_tee_wtpi_test.a: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/tee/libopk_tee_wtpi_test.a: LIBS := $(LIBS)
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/tee/libopk_tee_wtpi_test.a: TOOLSET := $(TOOLSET)
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/tee/libopk_tee_wtpi_test.a: $(OBJS) FORCE_DO_CMD
$(call do_cmd,alink_thin)
all_deps += $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/tee/libopk_tee_wtpi_test.a
# Add target alias
.PHONY: opk_tee_wtpi_test
opk_tee_wtpi_test: $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/tee/libopk_tee_wtpi_test.a
# Add target alias to "all" target.
.PHONY: all
all: opk_tee_wtpi_test

158
oemcrypto/opk/build/oemcrypto/opk/oemcrypto_ta/wtpi_test/wtpi_test.target.mk Normal file
View File

@@ -0,0 +1,158 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := wtpi_test
DEFS_debug := \
'-DENABLE_LOGGING=1' \
'-DMIN_LOG_LEVEL=LOG_LEVEL_DEBUG' \
'-DENABLE_ANSI_COLORS=1' \
'-D_DEBUG' \
'-D_GLIBCXX_DEBUG'
# Flags passed to all source files.
CFLAGS_debug := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-g \
-Werror=all \
-g \
-Og
# Flags passed to only C files.
CFLAGS_C_debug := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_debug := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_debug := \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/third_party/googletest/googletest/include \
-I$(srcdir)/util/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test/common \
-I$(srcdir)/third_party/nlohmann-json/single_include \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/oemcrypto/opk/serialization/os_interfaces \
-I$(srcdir)/oemcrypto/opk/serialization/common/include \
-I$(srcdir)/oemcrypto/opk/serialization/generator \
-I$(srcdir)/third_party/googletest/googlemock/include
DEFS_release := \
'-DENABLE_LOGGING=1' \
'-DMIN_LOG_LEVEL=LOG_LEVEL_DEBUG' \
'-DENABLE_ANSI_COLORS=1' \
'-DNDEBUG'
# Flags passed to all source files.
CFLAGS_release := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-g \
-Werror=all \
-O2 \
-g0
# Flags passed to only C files.
CFLAGS_C_release := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_release := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_release := \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/third_party/googletest/googletest/include \
-I$(srcdir)/util/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test/common \
-I$(srcdir)/third_party/nlohmann-json/single_include \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/oemcrypto/opk/serialization/os_interfaces \
-I$(srcdir)/oemcrypto/opk/serialization/common/include \
-I$(srcdir)/oemcrypto/opk/serialization/generator \
-I$(srcdir)/third_party/googletest/googlemock/include
OBJS := \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/wtpi_test_main.o
# Add to the list of files we specially track dependencies for.
all_deps += $(OBJS)
# Make sure our dependencies are built before any of us.
$(OBJS): | $(obj).target/third_party/libgtest.a $(builddir)/libwtpi_test_lib.a $(builddir)/libcrypto.a $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/libwtpi_test_lib.a $(obj).target/third_party/boringssl/libcrypto.a
# CFLAGS et al overrides must be target-local.
# See "Target-specific Variable Values" in the GNU Make manual.
$(OBJS): TOOLSET := $(TOOLSET)
$(OBJS): GYP_CFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_C_$(BUILDTYPE))
$(OBJS): GYP_CXXFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_CC_$(BUILDTYPE))
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(srcdir)/%.cpp FORCE_DO_CMD
@$(call do_cmd,cxx,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj).$(TOOLSET)/%.cpp FORCE_DO_CMD
@$(call do_cmd,cxx,1)
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj)/%.cpp FORCE_DO_CMD
@$(call do_cmd,cxx,1)
# End of this set of suffix rules
### Rules for final target.
LDFLAGS_debug := \
-Wl,--whole-archive \
libwtpi_test_lib.a \
-Wl,--no-whole-archive
LDFLAGS_release := \
-Wl,--whole-archive \
libwtpi_test_lib.a \
-Wl,--no-whole-archive \
-O2 \
-Wl,--strip-debug
LIBS := \
-lrt \
-lpthread \
-ldl
$(builddir)/wtpi_test: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(builddir)/wtpi_test: LIBS := $(LIBS)
$(builddir)/wtpi_test: LD_INPUTS := $(OBJS) $(obj).target/third_party/libgtest.a $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/libwtpi_test_lib.a $(obj).target/third_party/boringssl/libcrypto.a
$(builddir)/wtpi_test: TOOLSET := $(TOOLSET)
$(builddir)/wtpi_test: $(OBJS) $(obj).target/third_party/libgtest.a $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/libwtpi_test_lib.a $(obj).target/third_party/boringssl/libcrypto.a FORCE_DO_CMD
$(call do_cmd,link)
all_deps += $(builddir)/wtpi_test
# Add target alias
.PHONY: wtpi_test
wtpi_test: $(builddir)/wtpi_test
# Add executable to "all" target.
.PHONY: all
all: $(builddir)/wtpi_test

168
oemcrypto/opk/build/oemcrypto/opk/oemcrypto_ta/wtpi_test/wtpi_test_lib.target.mk Normal file
View File

@@ -0,0 +1,168 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := wtpi_test_lib
DEFS_debug := \
'-DENABLE_LOGGING=1' \
'-DMIN_LOG_LEVEL=LOG_LEVEL_DEBUG' \
'-DENABLE_ANSI_COLORS=1' \
'-D_DEBUG' \
'-D_GLIBCXX_DEBUG'
# Flags passed to all source files.
CFLAGS_debug := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-g \
-Werror=all \
-g \
-Og
# Flags passed to only C files.
CFLAGS_C_debug := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_debug := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_debug := \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/third_party/googletest/googletest/include \
-I$(srcdir)/util/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test/common \
-I$(srcdir)/third_party/nlohmann-json/single_include \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/oemcrypto/opk/serialization/os_interfaces \
-I$(srcdir)/oemcrypto/opk/serialization/common/include \
-I$(srcdir)/oemcrypto/opk/serialization/generator \
-I$(srcdir)/third_party/boringssl/kit/src/include
DEFS_release := \
'-DENABLE_LOGGING=1' \
'-DMIN_LOG_LEVEL=LOG_LEVEL_DEBUG' \
'-DENABLE_ANSI_COLORS=1' \
'-DNDEBUG'
# Flags passed to all source files.
CFLAGS_release := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-g \
-Werror=all \
-O2 \
-g0
# Flags passed to only C files.
CFLAGS_C_release := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_release := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_release := \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/third_party/googletest/googletest/include \
-I$(srcdir)/util/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi_test/common \
-I$(srcdir)/third_party/nlohmann-json/single_include \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/oemcrypto/opk/serialization/os_interfaces \
-I$(srcdir)/oemcrypto/opk/serialization/common/include \
-I$(srcdir)/oemcrypto/opk/serialization/generator \
-I$(srcdir)/third_party/boringssl/kit/src/include
OBJS := \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/clock_interface_test.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/crypto_test.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/generation_number_interface_test.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/ssl_util.o \
$(obj).target/$(TARGET)/oemcrypto/opk/oemcrypto_ta/wtpi_test/test_rsa_key.o \
$(obj).target/$(TARGET)/linux/src/log.o
# Add to the list of files we specially track dependencies for.
all_deps += $(OBJS)
# CFLAGS et al overrides must be target-local.
# See "Target-specific Variable Values" in the GNU Make manual.
$(OBJS): TOOLSET := $(TOOLSET)
$(OBJS): GYP_CFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_C_$(BUILDTYPE))
$(OBJS): GYP_CXXFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_CC_$(BUILDTYPE))
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(srcdir)/%.cpp FORCE_DO_CMD
@$(call do_cmd,cxx,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj).$(TOOLSET)/%.cpp FORCE_DO_CMD
@$(call do_cmd,cxx,1)
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj)/%.cpp FORCE_DO_CMD
@$(call do_cmd,cxx,1)
# End of this set of suffix rules
### Rules for final target.
LDFLAGS_debug :=
LDFLAGS_release := \
-O2 \
-Wl,--strip-debug
LIBS :=
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/libwtpi_test_lib.a: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/libwtpi_test_lib.a: LIBS := $(LIBS)
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/libwtpi_test_lib.a: TOOLSET := $(TOOLSET)
$(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/libwtpi_test_lib.a: $(OBJS) FORCE_DO_CMD
$(call do_cmd,alink)
all_deps += $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/libwtpi_test_lib.a
# Add target alias
.PHONY: wtpi_test_lib
wtpi_test_lib: $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/libwtpi_test_lib.a
# Add target alias to "all" target.
.PHONY: all
all: wtpi_test_lib
# Add target alias
.PHONY: wtpi_test_lib
wtpi_test_lib: $(builddir)/libwtpi_test_lib.a
# Copy this to the static library output path.
$(builddir)/libwtpi_test_lib.a: TOOLSET := $(TOOLSET)
$(builddir)/libwtpi_test_lib.a: $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/libwtpi_test_lib.a FORCE_DO_CMD
$(call do_cmd,copy)
all_deps += $(builddir)/libwtpi_test_lib.a
# Short alias for building this static library.
.PHONY: libwtpi_test_lib.a
libwtpi_test_lib.a: $(obj).target/oemcrypto/opk/oemcrypto_ta/wtpi_test/libwtpi_test_lib.a $(builddir)/libwtpi_test_lib.a
# Add static library to "all" target.
.PHONY: all
all: $(builddir)/libwtpi_test_lib.a

15
oemcrypto/opk/build/oemcrypto/opk/ports/optee/build/README.md Normal file
View File

@@ -0,0 +1,15 @@
Port-specific makefiles for OP-TEE will be placed here after running
jenkins/opk_makefiles with optee-specific gen_makefiles scripts executed. The
generated port-specific makefiles include:
* oemcrypto_helloworld.target.mk
* ree_tos.target.mk
* ree_tos_wtpi_target.mk
* wtpi_impl.target.mk
as well as the unit test makefiles under `oemcrypto/opk/build/oemcrypto/opk/build/`:
* oemcrypto_unittests.target.mk
* wtpi_unittests.target.mk
Examples of how these are referenced can be found in the include rules in the
top level file `Makefile.opk`. Examples of how these are defined for the OP-TEE
port can be found in file `Makefile.optee`.

167
oemcrypto/opk/build/oemcrypto/opk/serialization/ree/opk_ree.target.mk Normal file
View File

@@ -0,0 +1,167 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := opk_ree
DEFS_debug := \
'-DENABLE_LOGGING=1' \
'-D_DEBUG' \
'-D_GLIBCXX_DEBUG'
# Flags passed to all source files.
CFLAGS_debug := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-g \
-Werror=all \
-g \
-Og
# Flags passed to only C files.
CFLAGS_C_debug := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_debug := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_debug := \
-I$(srcdir)/oemcrypto/opk/serialization \
-I$(srcdir)/oemcrypto/opk/serialization/common \
-I$(srcdir)/oemcrypto/opk/serialization/common/include \
-I$(srcdir)/third_party/nlohmann-json/single_include \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/oemcrypto/opk/serialization/os_interfaces
DEFS_release := \
'-DENABLE_LOGGING=1' \
'-DNDEBUG'
# Flags passed to all source files.
CFLAGS_release := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-g \
-Werror=all \
-O2 \
-g0
# Flags passed to only C files.
CFLAGS_C_release := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_release := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_release := \
-I$(srcdir)/oemcrypto/opk/serialization \
-I$(srcdir)/oemcrypto/opk/serialization/common \
-I$(srcdir)/oemcrypto/opk/serialization/common/include \
-I$(srcdir)/third_party/nlohmann-json/single_include \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/oemcrypto/opk/serialization/os_interfaces
OBJS := \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/ree/api_support.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/ree/GEN_ree_serializer.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/ree/GEN_oemcrypto_api.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/ree/ree_os_type.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/ree/ree_version.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/ree/ree_special_cases.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/ree/special_case_apis.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/bump_allocator.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/common_special_cases.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/GEN_common_serializer.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/log_macros.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/length_types.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/marshaller_base.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/message_debug.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/opk_init.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/opk_serialization_base.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/shared_buffer_allocator.o \
$(obj).target/$(TARGET)/oemcrypto/odk/src/odk_message.o \
$(obj).target/$(TARGET)/oemcrypto/odk/src/odk_overflow.o
# Add to the list of files we specially track dependencies for.
all_deps += $(OBJS)
# CFLAGS et al overrides must be target-local.
# See "Target-specific Variable Values" in the GNU Make manual.
$(OBJS): TOOLSET := $(TOOLSET)
$(OBJS): GYP_CFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_C_$(BUILDTYPE))
$(OBJS): GYP_CXXFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_CC_$(BUILDTYPE))
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(srcdir)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj).$(TOOLSET)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# End of this set of suffix rules
### Rules for final target.
LDFLAGS_debug :=
LDFLAGS_release := \
-O2 \
-Wl,--strip-debug
LIBS :=
$(obj).target/oemcrypto/opk/serialization/ree/libopk_ree.a: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/oemcrypto/opk/serialization/ree/libopk_ree.a: LIBS := $(LIBS)
$(obj).target/oemcrypto/opk/serialization/ree/libopk_ree.a: TOOLSET := $(TOOLSET)
$(obj).target/oemcrypto/opk/serialization/ree/libopk_ree.a: $(OBJS) FORCE_DO_CMD
$(call do_cmd,alink)
all_deps += $(obj).target/oemcrypto/opk/serialization/ree/libopk_ree.a
# Add target alias
.PHONY: opk_ree
opk_ree: $(obj).target/oemcrypto/opk/serialization/ree/libopk_ree.a
# Add target alias to "all" target.
.PHONY: all
all: opk_ree
# Add target alias
.PHONY: opk_ree
opk_ree: $(builddir)/libopk_ree.a
# Copy this to the static library output path.
$(builddir)/libopk_ree.a: TOOLSET := $(TOOLSET)
$(builddir)/libopk_ree.a: $(obj).target/oemcrypto/opk/serialization/ree/libopk_ree.a FORCE_DO_CMD
$(call do_cmd,copy)
all_deps += $(builddir)/libopk_ree.a
# Short alias for building this static library.
.PHONY: libopk_ree.a
libopk_ree.a: $(obj).target/oemcrypto/opk/serialization/ree/libopk_ree.a $(builddir)/libopk_ree.a
# Add static library to "all" target.
.PHONY: all
all: $(builddir)/libopk_ree.a

168
oemcrypto/opk/build/oemcrypto/opk/serialization/tee/opk_tee.target.mk Normal file
View File

@@ -0,0 +1,168 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := opk_tee
DEFS_debug := \
'-DENABLE_LOGGING=1' \
'-D_DEBUG' \
'-D_GLIBCXX_DEBUG'
# Flags passed to all source files.
CFLAGS_debug := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-g \
-Werror=all \
-g \
-Og
# Flags passed to only C files.
CFLAGS_C_debug := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_debug := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_debug := \
-I$(srcdir)/oemcrypto/opk/serialization \
-I$(srcdir)/oemcrypto/opk/serialization/common \
-I$(srcdir)/oemcrypto/opk/serialization/common/include \
-I$(srcdir)/third_party/nlohmann-json/single_include \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/oemcrypto/opk/serialization/os_interfaces \
-I$(srcdir)/oemcrypto/opk/serialization/tee/include
DEFS_release := \
'-DENABLE_LOGGING=1' \
'-DNDEBUG'
# Flags passed to all source files.
CFLAGS_release := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-g \
-Werror=all \
-O2 \
-g0
# Flags passed to only C files.
CFLAGS_C_release := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_release := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_release := \
-I$(srcdir)/oemcrypto/opk/serialization \
-I$(srcdir)/oemcrypto/opk/serialization/common \
-I$(srcdir)/oemcrypto/opk/serialization/common/include \
-I$(srcdir)/third_party/nlohmann-json/single_include \
-I$(srcdir)/oemcrypto/odk/include \
-I$(srcdir)/oemcrypto/odk/src \
-I$(srcdir)/oemcrypto/include \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta \
-I$(srcdir)/oemcrypto/opk/oemcrypto_ta/wtpi \
-I$(srcdir)/oemcrypto/opk/serialization/os_interfaces \
-I$(srcdir)/oemcrypto/opk/serialization/tee/include
OBJS := \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/tee/GEN_dispatcher.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/tee/GEN_tee_serializer.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/tee/tee_special_cases.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/tee/tee_os_type.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/tee/tee_version.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/tee/tee_tos_stubs.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/bump_allocator.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/common_special_cases.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/GEN_common_serializer.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/length_types.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/log_macros.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/marshaller_base.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/message_debug.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/opk_init.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/opk_serialization_base.o \
$(obj).target/$(TARGET)/oemcrypto/opk/serialization/common/shared_buffer_allocator.o \
$(obj).target/$(TARGET)/oemcrypto/odk/src/odk_message.o \
$(obj).target/$(TARGET)/oemcrypto/odk/src/odk_overflow.o
# Add to the list of files we specially track dependencies for.
all_deps += $(OBJS)
# CFLAGS et al overrides must be target-local.
# See "Target-specific Variable Values" in the GNU Make manual.
$(OBJS): TOOLSET := $(TOOLSET)
$(OBJS): GYP_CFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_C_$(BUILDTYPE))
$(OBJS): GYP_CXXFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_CC_$(BUILDTYPE))
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(srcdir)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj).$(TOOLSET)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# End of this set of suffix rules
### Rules for final target.
LDFLAGS_debug :=
LDFLAGS_release := \
-O2 \
-Wl,--strip-debug
LIBS :=
$(obj).target/oemcrypto/opk/serialization/tee/libopk_tee.a: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/oemcrypto/opk/serialization/tee/libopk_tee.a: LIBS := $(LIBS)
$(obj).target/oemcrypto/opk/serialization/tee/libopk_tee.a: TOOLSET := $(TOOLSET)
$(obj).target/oemcrypto/opk/serialization/tee/libopk_tee.a: $(OBJS) FORCE_DO_CMD
$(call do_cmd,alink)
all_deps += $(obj).target/oemcrypto/opk/serialization/tee/libopk_tee.a
# Add target alias
.PHONY: opk_tee
opk_tee: $(obj).target/oemcrypto/opk/serialization/tee/libopk_tee.a
# Add target alias to "all" target.
.PHONY: all
all: opk_tee
# Add target alias
.PHONY: opk_tee
opk_tee: $(builddir)/libopk_tee.a
# Copy this to the static library output path.
$(builddir)/libopk_tee.a: TOOLSET := $(TOOLSET)
$(builddir)/libopk_tee.a: $(obj).target/oemcrypto/opk/serialization/tee/libopk_tee.a FORCE_DO_CMD
$(call do_cmd,copy)
all_deps += $(builddir)/libopk_tee.a
# Short alias for building this static library.
.PHONY: libopk_tee.a
libopk_tee.a: $(obj).target/oemcrypto/opk/serialization/tee/libopk_tee.a $(builddir)/libopk_tee.a
# Add static library to "all" target.
.PHONY: all
all: $(builddir)/libopk_tee.a

11
oemcrypto/opk/build/ta.gyp
View File

@@ -6,10 +6,6 @@
'includes' : [
'../serialization/settings.gypi',
],
'variables': {
# Path to a gyp file with a wtpi_impl target for the TA
'wtpi_impl_dir': '<(oemcrypto_dir)/opk/ports/optee/build',
},
'targets' : [
{
'target_name' : 'ta',
@@ -19,11 +15,10 @@
'dependencies' : [
'<(odk_dir)/src/odk.gyp:odk',
'<(oemcrypto_ta_dir)/oemcrypto_ta.gyp:oemcrypto_ta',
'<(oemcrypto_ta_dir)/oemcrypto_ta.gyp:oemcrypto_ta_reference_root_of_trust',
'<(oemcrypto_ta_dir)/oemcrypto_ta.gyp:oemcrypto_ta_reference_clock',
'<(oemcrypto_ta_dir)/oemcrypto_ta.gyp:oemcrypto_ta_reference_crypto',
'<(oemcrypto_ta_dir)/wtpi_reference/wtpi_reference.gyp:oemcrypto_ta_reference_root_of_trust',
'<(oemcrypto_ta_dir)/wtpi_reference/wtpi_reference.gyp:oemcrypto_ta_reference_clock',
'<(oemcrypto_ta_dir)/wtpi_reference/wtpi_reference.gyp:oemcrypto_ta_reference_crypto',
'<(tee_dir)/tee.gyp:opk_tee',
'<(wtpi_impl_dir)/ta.gyp:wtpi_impl',
],
},
],

362
oemcrypto/opk/build/third_party/boringssl/crypto.target.mk vendored Normal file
View File

@@ -0,0 +1,362 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := crypto
DEFS_debug := \
'-DOPENSSL_NO_ASM' \
'-D_DEBUG' \
'-D_GLIBCXX_DEBUG'
# Flags passed to all source files.
CFLAGS_debug := \
-fvisibility=hidden \
-fPIC \
-fvisibility=hidden \
-fno-common \
-Wno-error \
-w \
-g \
-Og
# Flags passed to only C files.
CFLAGS_C_debug := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_debug := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_debug := \
-I$(srcdir)/third_party/boringssl/kit/src/include
DEFS_release := \
'-DOPENSSL_NO_ASM' \
'-DNDEBUG'
# Flags passed to all source files.
CFLAGS_release := \
-fvisibility=hidden \
-fPIC \
-fvisibility=hidden \
-fno-common \
-Wno-error \
-w \
-O2 \
-g0
# Flags passed to only C files.
CFLAGS_C_release := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_release := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_release := \
-I$(srcdir)/third_party/boringssl/kit/src/include
OBJS := \
$(obj).target/$(TARGET)/third_party/boringssl/kit/err_data.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_bitstr.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_bool.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_d2i_fp.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_dup.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_enum.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_gentm.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_i2d_fp.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_int.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_mbstr.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_object.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_octet.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_print.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_strex.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_strnid.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_time.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_type.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_utctm.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/a_utf8.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/asn1_lib.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/asn1_par.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/asn_pack.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/f_int.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/f_string.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/tasn_dec.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/tasn_enc.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/tasn_fre.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/tasn_new.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/tasn_typ.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/tasn_utl.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/asn1/time_support.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/base64/base64.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bio/bio.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bio/bio_mem.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bio/connect.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bio/fd.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bio/file.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bio/hexdump.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bio/pair.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bio/printf.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bio/socket.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bio/socket_helper.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/blake2/blake2.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bn_extra/bn_asn1.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bn_extra/convert.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/buf/buf.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bytestring/asn1_compat.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bytestring/ber.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bytestring/cbb.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bytestring/cbs.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/bytestring/unicode.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/chacha/chacha.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cipher_extra/cipher_extra.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cipher_extra/derive_key.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cipher_extra/e_aesccm.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cipher_extra/e_aesctrhmac.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cipher_extra/e_aesgcmsiv.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cipher_extra/e_chacha20poly1305.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cipher_extra/e_null.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cipher_extra/e_rc2.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cipher_extra/e_rc4.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cipher_extra/e_tls.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cipher_extra/tls_cbc.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cmac/cmac.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/conf/conf.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cpu-aarch64-fuchsia.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cpu-aarch64-linux.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cpu-aarch64-win.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cpu-arm-linux.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cpu-arm.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cpu-intel.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/cpu-ppc64le.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/crypto.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/curve25519/curve25519.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/curve25519/spake25519.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/dh_extra/dh_asn1.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/dh_extra/params.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/digest_extra/digest_extra.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/dsa/dsa.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/dsa/dsa_asn1.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/ec_extra/ec_asn1.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/ec_extra/ec_derive.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/ec_extra/hash_to_curve.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/ecdh_extra/ecdh_extra.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/ecdsa_extra/ecdsa_asn1.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/engine/engine.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/err/err.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/digestsign.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/evp.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/evp_asn1.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/evp_ctx.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/p_dsa_asn1.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/p_ec.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/p_ec_asn1.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/p_ed25519.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/p_ed25519_asn1.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/p_rsa.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/p_rsa_asn1.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/p_x25519.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/p_x25519_asn1.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/pbkdf.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/print.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/scrypt.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/evp/sign.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/ex_data.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/fipsmodule/bcm.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/fipsmodule/fips_shared_support.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/hkdf/hkdf.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/hpke/hpke.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/hrss/hrss.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/lhash/lhash.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/mem.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/obj/obj.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/obj/obj_xref.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/pem/pem_all.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/pem/pem_info.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/pem/pem_lib.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/pem/pem_oth.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/pem/pem_pk8.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/pem/pem_pkey.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/pem/pem_x509.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/pem/pem_xaux.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/pkcs7/pkcs7.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/pkcs7/pkcs7_x509.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/pkcs8/p5_pbev2.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/pkcs8/pkcs8.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/pkcs8/pkcs8_x509.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/poly1305/poly1305.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/poly1305/poly1305_arm.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/poly1305/poly1305_vec.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/pool/pool.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/rand_extra/deterministic.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/rand_extra/forkunsafe.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/rand_extra/fuchsia.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/rand_extra/passive.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/rand_extra/rand_extra.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/rand_extra/windows.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/rc4/rc4.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/refcount_c11.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/refcount_lock.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/rsa_extra/rsa_asn1.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/rsa_extra/rsa_print.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/siphash/siphash.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/stack/stack.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/thread.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/thread_none.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/thread_pthread.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/thread_win.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/trust_token/pmbtoken.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/trust_token/trust_token.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/trust_token/voprf.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/a_digest.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/a_sign.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/a_verify.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/algorithm.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/asn1_gen.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/by_dir.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/by_file.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/i2d_pr.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/name_print.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/rsa_pss.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/t_crl.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/t_req.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/t_x509.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/t_x509a.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509_att.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509_cmp.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509_d2.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509_def.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509_ext.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509_lu.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509_obj.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509_req.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509_set.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509_trs.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509_txt.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509_v3.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509_vfy.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509_vpm.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509cset.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509name.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509rset.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x509spki.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x_algor.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x_all.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x_attrib.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x_crl.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x_exten.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x_info.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x_name.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x_pkey.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x_pubkey.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x_req.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x_sig.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x_spki.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x_val.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x_x509.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509/x_x509a.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/pcy_cache.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/pcy_data.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/pcy_lib.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/pcy_map.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/pcy_node.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/pcy_tree.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_akey.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_akeya.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_alt.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_bcons.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_bitst.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_conf.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_cpols.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_crld.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_enum.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_extku.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_genn.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_ia5.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_info.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_int.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_lib.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_ncons.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_ocsp.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_pci.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_pcia.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_pcons.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_pmaps.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_prn.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_purp.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_skey.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/crypto/x509v3/v3_utl.o
# Add to the list of files we specially track dependencies for.
all_deps += $(OBJS)
# CFLAGS et al overrides must be target-local.
# See "Target-specific Variable Values" in the GNU Make manual.
$(OBJS): TOOLSET := $(TOOLSET)
$(OBJS): GYP_CFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_C_$(BUILDTYPE))
$(OBJS): GYP_CXXFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_CC_$(BUILDTYPE))
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(srcdir)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj).$(TOOLSET)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj)/%.c FORCE_DO_CMD
@$(call do_cmd,cc,1)
# End of this set of suffix rules
### Rules for final target.
LDFLAGS_debug :=
LDFLAGS_release := \
-O2 \
-Wl,--strip-debug
LIBS :=
$(obj).target/third_party/boringssl/libcrypto.a: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/third_party/boringssl/libcrypto.a: LIBS := $(LIBS)
$(obj).target/third_party/boringssl/libcrypto.a: TOOLSET := $(TOOLSET)
$(obj).target/third_party/boringssl/libcrypto.a: $(OBJS) FORCE_DO_CMD
$(call do_cmd,alink)
all_deps += $(obj).target/third_party/boringssl/libcrypto.a
# Add target alias
.PHONY: crypto
crypto: $(obj).target/third_party/boringssl/libcrypto.a
# Add target alias to "all" target.
.PHONY: all
all: crypto
# Add target alias
.PHONY: crypto
crypto: $(builddir)/libcrypto.a
# Copy this to the static library output path.
$(builddir)/libcrypto.a: TOOLSET := $(TOOLSET)
$(builddir)/libcrypto.a: $(obj).target/third_party/boringssl/libcrypto.a FORCE_DO_CMD
$(call do_cmd,copy)
all_deps += $(builddir)/libcrypto.a
# Short alias for building this static library.
.PHONY: libcrypto.a
libcrypto.a: $(obj).target/third_party/boringssl/libcrypto.a $(builddir)/libcrypto.a
# Add static library to "all" target.
.PHONY: all
all: $(builddir)/libcrypto.a

167
oemcrypto/opk/build/third_party/boringssl/ssl.target.mk vendored Normal file
View File

@@ -0,0 +1,167 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := ssl
DEFS_debug := \
'-D_DEBUG' \
'-D_GLIBCXX_DEBUG'
# Flags passed to all source files.
CFLAGS_debug := \
-fvisibility=hidden \
-fPIC \
-fvisibility=hidden \
-fno-common \
-Wno-error \
-w \
-g \
-Og
# Flags passed to only C files.
CFLAGS_C_debug := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_debug := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_debug := \
-I$(srcdir)/third_party/boringssl/kit/src/include
DEFS_release := \
'-DNDEBUG'
# Flags passed to all source files.
CFLAGS_release := \
-fvisibility=hidden \
-fPIC \
-fvisibility=hidden \
-fno-common \
-Wno-error \
-w \
-O2 \
-g0
# Flags passed to only C files.
CFLAGS_C_release := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_release := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_release := \
-I$(srcdir)/third_party/boringssl/kit/src/include
OBJS := \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/bio_ssl.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/d1_both.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/d1_lib.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/d1_pkt.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/d1_srtp.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/dtls_method.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/dtls_record.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/encrypted_client_hello.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/extensions.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/handoff.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/handshake.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/handshake_client.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/handshake_server.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/s3_both.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/s3_lib.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/s3_pkt.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/ssl_aead_ctx.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/ssl_asn1.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/ssl_buffer.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/ssl_cert.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/ssl_cipher.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/ssl_file.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/ssl_key_share.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/ssl_lib.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/ssl_privkey.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/ssl_session.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/ssl_stat.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/ssl_transcript.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/ssl_versions.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/ssl_x509.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/t1_enc.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/tls13_both.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/tls13_client.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/tls13_enc.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/tls13_server.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/tls_method.o \
$(obj).target/$(TARGET)/third_party/boringssl/kit/src/ssl/tls_record.o
# Add to the list of files we specially track dependencies for.
all_deps += $(OBJS)
# CFLAGS et al overrides must be target-local.
# See "Target-specific Variable Values" in the GNU Make manual.
$(OBJS): TOOLSET := $(TOOLSET)
$(OBJS): GYP_CFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_C_$(BUILDTYPE))
$(OBJS): GYP_CXXFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_CC_$(BUILDTYPE))
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(srcdir)/%.cc FORCE_DO_CMD
@$(call do_cmd,cxx,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj).$(TOOLSET)/%.cc FORCE_DO_CMD
@$(call do_cmd,cxx,1)
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj)/%.cc FORCE_DO_CMD
@$(call do_cmd,cxx,1)
# End of this set of suffix rules
### Rules for final target.
LDFLAGS_debug :=
LDFLAGS_release := \
-O2 \
-Wl,--strip-debug
LIBS :=
$(obj).target/third_party/boringssl/libssl.a: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/third_party/boringssl/libssl.a: LIBS := $(LIBS)
$(obj).target/third_party/boringssl/libssl.a: TOOLSET := $(TOOLSET)
$(obj).target/third_party/boringssl/libssl.a: $(OBJS) FORCE_DO_CMD
$(call do_cmd,alink)
all_deps += $(obj).target/third_party/boringssl/libssl.a
# Add target alias
.PHONY: ssl
ssl: $(obj).target/third_party/boringssl/libssl.a
# Add target alias to "all" target.
.PHONY: all
all: ssl
# Add target alias
.PHONY: ssl
ssl: $(builddir)/libssl.a
# Copy this to the static library output path.
$(builddir)/libssl.a: TOOLSET := $(TOOLSET)
$(builddir)/libssl.a: $(obj).target/third_party/boringssl/libssl.a FORCE_DO_CMD
$(call do_cmd,copy)
all_deps += $(builddir)/libssl.a
# Short alias for building this static library.
.PHONY: libssl.a
libssl.a: $(obj).target/third_party/boringssl/libssl.a $(builddir)/libssl.a
# Add static library to "all" target.
.PHONY: all
all: $(builddir)/libssl.a

117
oemcrypto/opk/build/third_party/gmock.target.mk vendored Normal file
View File

@@ -0,0 +1,117 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := gmock
DEFS_debug := \
'-D_DEBUG' \
'-D_GLIBCXX_DEBUG'
# Flags passed to all source files.
CFLAGS_debug := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-Wno-error \
-w \
-g \
-Og
# Flags passed to only C files.
CFLAGS_C_debug := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_debug := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_debug := \
-I$(srcdir)/third_party/googletest/googlemock \
-I$(srcdir)/third_party/googletest/googlemock/include \
-I$(srcdir)/third_party/googletest/googletest \
-I$(srcdir)/third_party/googletest/googletest/include
DEFS_release := \
'-DNDEBUG'
# Flags passed to all source files.
CFLAGS_release := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-Wno-error \
-w \
-O2 \
-g0
# Flags passed to only C files.
CFLAGS_C_release := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_release := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_release := \
-I$(srcdir)/third_party/googletest/googlemock \
-I$(srcdir)/third_party/googletest/googlemock/include \
-I$(srcdir)/third_party/googletest/googletest \
-I$(srcdir)/third_party/googletest/googletest/include
OBJS := \
$(obj).target/$(TARGET)/third_party/googletest/googlemock/src/gmock-all.o
# Add to the list of files we specially track dependencies for.
all_deps += $(OBJS)
# CFLAGS et al overrides must be target-local.
# See "Target-specific Variable Values" in the GNU Make manual.
$(OBJS): TOOLSET := $(TOOLSET)
$(OBJS): GYP_CFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_C_$(BUILDTYPE))
$(OBJS): GYP_CXXFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_CC_$(BUILDTYPE))
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(srcdir)/%.cc FORCE_DO_CMD
@$(call do_cmd,cxx,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj).$(TOOLSET)/%.cc FORCE_DO_CMD
@$(call do_cmd,cxx,1)
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj)/%.cc FORCE_DO_CMD
@$(call do_cmd,cxx,1)
# End of this set of suffix rules
### Rules for final target.
LDFLAGS_debug :=
LDFLAGS_release := \
-O2 \
-Wl,--strip-debug
LIBS :=
$(obj).target/third_party/libgmock.a: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/third_party/libgmock.a: LIBS := $(LIBS)
$(obj).target/third_party/libgmock.a: TOOLSET := $(TOOLSET)
$(obj).target/third_party/libgmock.a: $(OBJS) FORCE_DO_CMD
$(call do_cmd,alink_thin)
all_deps += $(obj).target/third_party/libgmock.a
# Add target alias
.PHONY: gmock
gmock: $(obj).target/third_party/libgmock.a
# Add target alias to "all" target.
.PHONY: all
all: gmock

117
oemcrypto/opk/build/third_party/gtest.target.mk vendored Normal file
View File

@@ -0,0 +1,117 @@
# This file is generated by gyp; do not edit.
TOOLSET := target
TARGET := gtest
DEFS_debug := \
'-D_DEBUG' \
'-D_GLIBCXX_DEBUG'
# Flags passed to all source files.
CFLAGS_debug := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-Wno-error \
-w \
-g \
-Og
# Flags passed to only C files.
CFLAGS_C_debug := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_debug := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_debug := \
-I$(srcdir)/third_party/googletest/googlemock \
-I$(srcdir)/third_party/googletest/googlemock/include \
-I$(srcdir)/third_party/googletest/googletest \
-I$(srcdir)/third_party/googletest/googletest/include
DEFS_release := \
'-DNDEBUG'
# Flags passed to all source files.
CFLAGS_release := \
-fPIC \
-fvisibility=hidden \
-fno-common \
-Wno-error \
-w \
-O2 \
-g0
# Flags passed to only C files.
CFLAGS_C_release := \
-std=c11 \
-D_POSIX_C_SOURCE=200809L
# Flags passed to only C++ files.
CFLAGS_CC_release := \
-std=c++11 \
-Wnon-virtual-dtor \
-fno-exceptions \
-fno-rtti
INCS_release := \
-I$(srcdir)/third_party/googletest/googlemock \
-I$(srcdir)/third_party/googletest/googlemock/include \
-I$(srcdir)/third_party/googletest/googletest \
-I$(srcdir)/third_party/googletest/googletest/include
OBJS := \
$(obj).target/$(TARGET)/third_party/googletest/googletest/src/gtest-all.o
# Add to the list of files we specially track dependencies for.
all_deps += $(OBJS)
# CFLAGS et al overrides must be target-local.
# See "Target-specific Variable Values" in the GNU Make manual.
$(OBJS): TOOLSET := $(TOOLSET)
$(OBJS): GYP_CFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_C_$(BUILDTYPE))
$(OBJS): GYP_CXXFLAGS := $(DEFS_$(BUILDTYPE)) $(INCS_$(BUILDTYPE)) $(CFLAGS_$(BUILDTYPE)) $(CFLAGS_CC_$(BUILDTYPE))
# Suffix rules, putting all outputs into $(obj).
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(srcdir)/%.cc FORCE_DO_CMD
@$(call do_cmd,cxx,1)
# Try building from generated source, too.
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj).$(TOOLSET)/%.cc FORCE_DO_CMD
@$(call do_cmd,cxx,1)
$(obj).$(TOOLSET)/$(TARGET)/%.o: $(obj)/%.cc FORCE_DO_CMD
@$(call do_cmd,cxx,1)
# End of this set of suffix rules
### Rules for final target.
LDFLAGS_debug :=
LDFLAGS_release := \
-O2 \
-Wl,--strip-debug
LIBS :=
$(obj).target/third_party/libgtest.a: GYP_LDFLAGS := $(LDFLAGS_$(BUILDTYPE))
$(obj).target/third_party/libgtest.a: LIBS := $(LIBS)
$(obj).target/third_party/libgtest.a: TOOLSET := $(TOOLSET)
$(obj).target/third_party/libgtest.a: $(OBJS) FORCE_DO_CMD
$(call do_cmd,alink_thin)
all_deps += $(obj).target/third_party/libgtest.a
# Add target alias
.PHONY: gtest
gtest: $(obj).target/third_party/libgtest.a
# Add target alias to "all" target.
.PHONY: all
all: gtest

2
oemcrypto/opk/oemcrypto_ta/oemcrypto.c
View File

@@ -700,7 +700,7 @@ OEMCryptoResult OEMCrypto_GenerateNonce(OEMCrypto_SESSION session,
/* last_nonce_time should only be initialized once. */
static uint64_t last_nonce_time = 0;
static int nonce_count = 0;
const int nonce_flood_count = 20;
const int nonce_flood_count = 200;
if (last_nonce_time == now) {
nonce_count++;
if (nonce_count > nonce_flood_count) {

113
oemcrypto/opk/oemcrypto_ta/oemcrypto_ta.gyp
View File

@@ -6,32 +6,10 @@
'variables': {
# Include directory that contains wtpi_config_macros.h.
'config_macros_header_dir%': 'wtpi_reference',
'wtpi_test_impl_dir': '../ports/linux/wtpi_test_impl',
# TODO(b/207176111): add test scripts to cover both reference crypto impl
'reference_crypto_impl%': 'software',
},
'target_defaults': {
# OPK is written in pure C99. ...Aside from a few places where we use
# the preprocessor to include compiler-specific features only on supporting
# compilers. ...And aside from the reference crypto porting layer, which has
# to be C11. But the core OPK code will compile on the most pure,
# pedantic C99 compiler, and to check this, we turn on flags to keep
# ourselves honest by using the maximum compiler pedantry.
'cflags': [
'-pedantic',
'-pedantic-errors',
'-Werror=pedantic',
],
'cflags_c': [
'-std=c99',
],
# To make sure no other GYP file can override our C version, we filter out
# all other langauge standards here.
'cflags_c/': [
['exclude', '-std=*'],
['include', '-std=c99'],
],
},
'includes': [
'../strict_compiler_flags.gypi',
],
'targets': [
{
'target_name': 'oemcrypto_ta',
@@ -71,90 +49,5 @@
],
},
},
{
'target_name': 'oemcrypto_ta_reference_root_of_trust',
'type': 'static_library',
'standalone_static_library' : 1,
'sources': [
'wtpi_reference/crypto_wrap_asymmetric.c',
'wtpi_reference/device_key.c',
'wtpi_reference/root_of_trust_layer1.c',
],
'dependencies': [
'../../odk/src/odk.gyp:odk',
'oemcrypto_ta',
],
},
{
'target_name': 'oemcrypto_ta_reference_clock',
'type': 'static_library',
'standalone_static_library' : 1,
'sources': [
'wtpi_reference/clock_and_gn_layer1.c',
],
'dependencies': [
'../../odk/src/odk.gyp:odk',
'oemcrypto_ta',
],
},
{
'target_name': 'oemcrypto_ta_reference_crypto',
'type': 'static_library',
'standalone_static_library' : 1,
'include_dirs': [
'<(config_macros_header_dir)',
'wtpi_reference',
],
# The reference implementation of the crypto interface uses
# BoringSSL/OpenSSL, which requires C11. These flags effectively do the
# opposite of the default flags, filtering out the C99 flag and
# un-filtering-out the C11 flag.
'cflags_c': [
'-std=c11',
],
'cflags_c/': [
['exclude', '-std=*'],
['include', '-std=c11'],
],
'sources': [
'wtpi_reference/crc32.c',
'wtpi_reference/crypto_asymmetric.c',
'wtpi_reference/crypto_util.c',
'wtpi_reference/decrypt_sample.c',
'wtpi_reference/ecc_util.c',
'wtpi_reference/rsa_util.c',
'<(wtpi_test_impl_dir)/device_key_access.c',
'<(wtpi_test_impl_dir)/secure_buffer_access.c',
],
'conditions': [
['reference_crypto_impl=="hardware"', {
'sources': [
'wtpi_reference/crypto_and_key_management_layer1_hw.c',
'<(wtpi_test_impl_dir)/crypto_and_key_management_layer2_hw.c',
'<(wtpi_test_impl_dir)/layer2_crypto_key_table.c',
],
}, { # else
'sources': [
'wtpi_reference/crypto_and_key_management_layer1_openssl.c',
],
}], # end else
],
'variables': {
# Needed for BoringSSL dependency build files. These SHOULD already be
# defined by a higher-level configuration, but sometimes the OPK TA
# gets included in targets that don't define them, so we define them
# again here defensively.
'privacy_crypto_impl%': 'boringssl',
'boringssl_libcrypto_path%': '<(DEPTH)/third_party/boringssl/boringssl.gyp:crypto',
},
'includes': [
'../../../util/libcrypto_dependency.gypi',
],
'dependencies': [
'../../odk/src/odk.gyp:odk',
'oemcrypto_ta',
],
},
],
}

15
oemcrypto/opk/oemcrypto_ta/wtpi/wtpi_clock_interface_layer1.h
View File

@@ -16,13 +16,14 @@ extern "C" {
/** @defgroup secure-clock Monotonic Secure Clock
* Partners implementing a porting layer may either
* 1. Implement persistent_storage_layer2.h and clock_interface_layer2.h,
* and then use the reference implementation clock_and_gn_layer1.c for the
* clock and generation interfaces. This is preferred if the hardware secure
* timer resets to 0 whenever the device is inactive.
* 1. Implement wtpi_persistent_storage_layer2.h and
* wtpi_clock_interface_layer2.h, and then use the reference implementation
* wtpi_clock_and_gn_layer1.c for the clock and generation interfaces. This
* is preferred if the hardware secure timer resets to 0 whenever the device
* is inactive.
* or
* 2. Implement both this clock_interface_layer1.h and
* generation_number_interface.h. This is preferred if the system has a
* 2. Implement both this wtpi_clock_interface_layer1.h and
* wtpi_generation_number_interface.h. This is preferred if the system has a
* hardware secure wall clock.
*
* @{
@@ -44,7 +45,7 @@ extern "C" {
*
* @param[out] time_in_s: pointer to trusted time, in seconds.
*
* @retval OEMCrypto_ERROR_UNKNOWN_FAILURE if time_in_s is a null pointer
* @retval OEMCrypto_ERROR_INVALID_CONTEXT if time_in_s is a null pointer
* @retval OEMCrypto_SUCCESS on success
*/
OEMCryptoResult WTPI_GetTrustedTime(uint64_t* time_in_s);

15
oemcrypto/opk/oemcrypto_ta/wtpi/wtpi_clock_interface_layer2.h
View File

@@ -16,13 +16,14 @@ extern "C" {
/** @defgroup secure-timer Non-monotonic Secure Clock
*
* Partners implementing a porting layer may either
* 1. Implement persistent_storage_layer2.h and this clock_interface_layer2.h,
* and then use the reference implementation clock_and_gn_layer1.c for the
* clock and generation interfaces. This is preferred if the hardware secure
* timer resets to 0 whenever the device is inactive.
* 1. Implement wtpi_persistent_storage_layer2.h and this
* wtpi_clock_interface_layer2.h, and then use the reference implementation
* wtpi_clock_and_gn_layer1.c for the clock and generation interfaces. This
* is preferred if the hardware secure timer resets to 0 whenever the device
* is inactive.
* or
* 2. Implement both clock_interface_layer1.h and
* generation_number_interface.h. This is preferred if the system has a
* 2. Implement both wtpi_clock_interface_layer1.h and
* wtpi_generation_number_interface.h. This is preferred if the system has a
* hardware secure wall clock.
*
* @{
@@ -38,7 +39,7 @@ extern "C" {
*
* @param[out] time_in_s: pointer to system time, in seconds.
*
* @retval OEMCrypto_ERROR_UNKNOWN_FAILURE if time_in_s is a null pointer
* @retval OEMCrypto_ERROR_INVALID_CONTEXT if time_in_s is a null pointer
* @retval OEMCrypto_SUCCESS on success
*/
OEMCryptoResult WTPI_GetSecureTimer(uint64_t* time_in_s);

27
oemcrypto/opk/oemcrypto_ta/wtpi/wtpi_crypto_and_key_management_interface_layer1.h
View File

@@ -53,12 +53,13 @@ extern "C" {
* Partners implementing the Crypto and Key Management porting layer may either
* 1. Implement wtpi_crypto_and_key_management_interface_layer2.h and
* key_mapping_interface.h, and then use the reference implementation
* crypto_and_key_management_layer1_hw.c. This is preferred if there's a
* wtpi_crypto_and_key_management_layer1_hw.c. This is preferred if there's a
* hardware-backed crypto.
* or
* 2. Implement their own wtpi_crypto_and_key_management_interface_layer1.h, or
* use the reference implementation crypto_and_key_management_layer1_openssl.c
* and implement wtpi_device_key_access_interface.h and
* use the reference implementation
* wtpi_crypto_and_key_management_layer1_openssl.c and
* implement wtpi_device_key_access_interface.h and
* wtpi_secure_buffer_access_interface.h. This is preferred if a software-based
* crypto is used.
*/
@@ -410,9 +411,18 @@ OEMCryptoResult WTPI_K1_AESDecryptAndCreateKeyHandleForMacKeys(
/**
* Derives a layer 1 key handle from input |key_handle| with the specified
* context.
* context. The function derives either 128-bit key or 256-bit key.
*
* The derivation process:
* The derivation process for 128-bit key output:
* 1. Using the input key handle |key_handle|, prepare an AES_CMAC 128-bit
* operation.
* 2. Feed |counter| into the CMAC.
* 3. Feed |context_length| bytes from |context| into the CMAC.
* 4. Create |out_key_handle| with the same process as
* WTPI_K1_CreateKeyHandle(), using the result of the CMAC as the new input key
* data.
*
* The derivation process for 256-bit key output:
* 1. Using the input key handle |key_handle|, prepare an AES_CMAC 128-bit
* operation.
* 2. Feed |counter| into the CMAC.
@@ -431,8 +441,8 @@ OEMCryptoResult WTPI_K1_AESDecryptAndCreateKeyHandleForMacKeys(
* called multiple times to derive different keys from the same context, this
* counter should be incremented +2 each time.
* @param[in] context: input data for AES CMAC
* @param[in] context_length: length of context data in bytesr
* @param[in] out_key_type: desired type of output keyr
* @param[in] context_length: length of context data in bytes
* @param[in] out_key_type: desired type of output key
* @param[in] out_key_size: desired size of output key
* @param[out] out_key_handle: output key handle
*
@@ -462,8 +472,7 @@ OEMCryptoResult WTPI_K1_DeriveKeyFromKeyHandle(
* @param[in] wrapped_key_length: length of output buffer
*
* @retval OEMCrypto_SUCCESS success
* @retval OEMCrypto_ERROR_INVALID_CONTEXT any of the parameters are NULL,
* |wrapped_key_length| is not same as the size of the key to be wrapped, or
* @retval OEMCrypto_ERROR_INVALID_CONTEXT any of the parameters are NULL, or
* |key_handle| is invalid
* @retval OEMCrypto_ERROR_UNKNOWN_FAILURE any other failures
*/

10
oemcrypto/opk/oemcrypto_ta/wtpi/wtpi_crypto_and_key_management_interface_layer2.h
View File

@@ -20,17 +20,19 @@ extern "C" {
*
* Crypto and Key Management layer 2 defines the interfaces between the
* REFERENCE implementation of Crypto and Key Management layer 1
* (crypto_and_key_management_layer2_hw.c) and the hardware-backed cryptography.
* (wtpi_crypto_and_key_management_layer2_hw.c) and the hardware-backed
* cryptography.
*
* Partners implementing the Crypto and Key Management porting layer may either
* 1. Implement wtpi_crypto_and_key_management_interface_layer2.h and
* key_mapping_interface.h, and then use the reference implementation
* crypto_and_key_management_layer1_hw.c. This is preferred if there's a
* wtpi_crypto_and_key_management_layer1_hw.c. This is preferred if there's a
* hardware-backed crypto.
* or
* 2. Implement their own wtpi_crypto_and_key_management_interface_layer1.h, or
* use the reference implementation crypto_and_key_management_layer1_openssl.c
* and implement wtpi_device_key_access_interface.h and
* use the reference implementation
* wtpi_crypto_and_key_management_layer1_openssl.c and
* implement wtpi_device_key_access_interface.h and
* wtpi_secure_buffer_access_interface.h. This is preferred if a software-based
* crypto is used.
*

12
oemcrypto/opk/oemcrypto_ta/wtpi/wtpi_crypto_asymmetric_interface.h
View File

@@ -115,6 +115,8 @@ OEMCryptoResult WTPI_GetWrappedAsymmetricKeySize(size_t enc_private_key_length,
AsymmetricKeyType key_type,
size_t* buffer_size);
// TODO(b/185149406): Consider using WTPI_AsymmetricKey_Handle instead to avoid
// passing clear keys around.
/**
* Wraps the key data into a buffer that can be saved to the file system. The
* wrapping must be device unique.
@@ -126,15 +128,19 @@ OEMCryptoResult WTPI_GetWrappedAsymmetricKeySize(size_t enc_private_key_length,
* This is given the clear, PKCS8-padded key and the key may be prefixed with
* "SIGN" and a 4-byte code for the padding schemes.
*
* @retval OEMCrypto_SUCCESS success
* @retval OEMCrypto_ERROR_INVALID_CONTEXT any of the pointers are NULL,
* |clear_key_length| is 0
* @retval OEMCrypto_ERROR_SHORT_BUFFER output_length is too small
* @retval OEMCrypto_ERROR_UNKNOWN_FAILURE otherwise
*
* @param[out] output: destination buffer that will contain the wrapped key data
* @param[out] output_length: length of destination buffer
* @param[in] output_length: length of destination buffer
* @param[in] key_type: type of asymmetric key
* @param[in] clear_key: DER-encoded PKCS8 RSA private key data with 8 bytes of
* prefix data or PKCS8 ECPrivateKey (no prefix data).
* @param[in] clear_key_length: length of input data
*/
// TODO(b/185149406): Consider using WTPI_AsymmetricKey_Handle instead to avoid
// passing clear keys around.
OEMCryptoResult WTPI_WrapAsymmetricKey(uint8_t* output, size_t output_length,
AsymmetricKeyType key_type,
const uint8_t* clear_key,

4
oemcrypto/opk/oemcrypto_ta/wtpi/wtpi_decrypt_sample_interface.h
View File

@@ -43,8 +43,8 @@ extern "C" {
* Partners implementing the Decrypt Sample porting layer may either
* 1. Implement their own wtpi_decrypt_sample_interface.h. This is preferred if
* the device has hardware support for full-sample decryption, or
* 2. Use the reference implementation decrypt_sample.c. This is preferred when
* there is no hardware support for full-sample decryption. The reference
* 2. Use the reference implementation wtpi_decrypt_sample.c. This is preferred
* when there is no hardware support for full-sample decryption. The reference
* implementation will split the subsamples and decrypt them individually using
* the crypto_and_key_management_interface_layer1 component.
*/

2
oemcrypto/opk/oemcrypto_ta/wtpi/wtpi_device_key_access_interface.h
View File

@@ -19,7 +19,7 @@ extern "C" {
* directly call functions in this API. Partners have the option to implement
* this API and use Widevine's reference implementation of the layer 1 interface
* which wraps around the functions in this API, or instead implement all of the
* [Device Key layer 1](dev-key) functions.
* [Device Keys](@ref dev-key) functions.
*
* @{
*/

6
oemcrypto/opk/oemcrypto_ta/wtpi/wtpi_device_key_interface.h
View File

@@ -45,12 +45,6 @@ extern "C" {
*/
#define DEVICE_KEY_WRAP_INTERNAL_KEY 0x604e77a1
/** A device unique key for signing the wrapped internal key used by the
* implementation of the key management layer. This should be used as a key
* derivation context in WTPI_K1_DeriveDeviceKeyIntoHandle().
*/
#define DEVICE_KEY_SIGN_INTERNAL_KEY 0x90b4a189
/** A device unique key for encrypting the mac keys in usage entry.
*/
#define DEVICE_KEY_WRAP_MAC_KEY 0x125cc98d

6
oemcrypto/opk/oemcrypto_ta/wtpi/wtpi_generation_number_interface.h
View File

@@ -21,9 +21,9 @@ extern "C" {
*
* Partners implementing a porting layer may either
* 1. Implement wtpi_persistent_storage.h and wtpi_clock_interface_layer2.h,
* and then use the reference implementation clock_and_gn_layer1.c for the
* clock and generation interfaces. This is preferred if the hardware secure
* timer resets to 0 whenever the device is inactive.
* and then use the reference implementation wtpi_clock_and_gn_layer1.c for
* the clock and generation interfaces. This is preferred if the hardware
* secure timer resets to 0 whenever the device is inactive.
* or
* 2. Implement both wtpi_clock_interface_layer1.h and
* this wtpi_generation_number_interface.h. This is preferred if the system

6
oemcrypto/opk/oemcrypto_ta/wtpi/wtpi_persistent_storage.h
View File

@@ -18,9 +18,9 @@ extern "C" {
* Partners implementing a porting layer may either
* 1. Implement this wtpi_persistent_storage.h and
* wtpi_clock_interface_layer2.h, and then use the reference implementation
* clock_and_gn_layer1.c for the clock and generation interfaces. This is
* preferred if the hardware secure timer resets to 0 whenever the device is
* inactive.
* wtpi_clock_and_gn_layer1.c for the clock and generation interfaces. This
* is preferred if the hardware secure timer resets to 0 whenever the device
* is inactive.
* or
* 2. Implement both wtpi_clock_interface_layer1.h and
* wtpi_generation_number_interface.h. This is preferred if the system has a

4
oemcrypto/opk/oemcrypto_ta/wtpi/wtpi_secure_buffer_access_interface.h
View File

@@ -13,8 +13,8 @@ extern "C" {
/** @defgroup secure-buffer Secure Buffer Access
*
* Interface used by the reference [sample decryption
* interface])(decrypt-sample) to access secure buffers.
* Interface used by the reference
* [sample decryption interface](@ref decrypt-sample) to access secure buffers.
*
* @{
*/

8
oemcrypto/opk/oemcrypto_ta/wtpi_reference/key_mapping_interface.h
View File

@@ -23,12 +23,12 @@ extern "C" {
* WTPI_K1_SymmetricKey_Handle defined in Crypto and Key Management layer 1,
* with a WTPI_K2_SymmetricKey_Handle defined in Crypto and Key Management layer
* 2. This is used by both the REFERENCE implementation of hardware-backed
* Crypto and Key Management layer 1 (crypto_and_key_management_layer1_hw.c) and
* the TEST implementation of hardware-backed Crypto and Key Management layer 2
* (crypto_and_key_management_layer2_hw.c).
* Crypto and Key Management layer 1(wtpi_crypto_and_key_management_layer1_hw.c)
* and the TEST implementation of hardware-backed Crypto and Key Management
* layer 2(wtpi_crypto_and_key_management_layer2_hw.c).
*
* Partners using the reference implementation
* crypto_and_key_management_layer1_hw.c and implementing their own
* wtpi_crypto_and_key_management_layer1_hw.c and implementing their own
* wtpi_crypto_and_key_management_interface_layer2.h may need to implement this
* interface as well.
*/

9
oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_abort.c Normal file
View File

@@ -0,0 +1,9 @@
/* Copyright 2019 Google LLC. All Rights Reserved. This file and proprietary
source code may only be used and distributed under the Widevine
License Agreement. */
#include "wtpi_abort_interface.h"
#include <stdlib.h>
void WTPI_Abort(void) { abort(); }

2
oemcrypto/opk/oemcrypto_ta/wtpi_reference/clock_and_gn_layer1.c → oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_clock_and_gn_layer1.c
View File

@@ -9,6 +9,7 @@
#include <time.h>
#include "OEMCryptoCENC.h"
#include "oemcrypto_check_macros.h"
#include "oemcrypto_wall_clock.h"
#include "wtpi_clock_interface_layer2.h"
#include "wtpi_crypto_and_key_management_interface_layer1.h"
@@ -179,6 +180,7 @@ OEMCryptoResult WTPI_TerminateClock(void) {
OEMCrypto_Clock_Security_Level WTPI_GetClockType(void) { return kSecureTimer; }
OEMCryptoResult WTPI_GetTrustedTime(uint64_t* time_in_s) {
RETURN_INVALID_CONTEXT_IF_NULL(time_in_s);
OEMCryptoResult status = OEMCrypto_SUCCESS;
if (!gInitialized) {
LOGD("Clock needs to initialize.");

0
oemcrypto/opk/oemcrypto_ta/wtpi_reference/crc32.c → oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crc32.c
View File

7
oemcrypto/opk/oemcrypto_ta/wtpi_reference/crypto_and_key_management_layer1_hw.c → oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_and_key_management_layer1_hw.c
View File

@@ -88,7 +88,7 @@ static OEMCryptoResult EncryptAndSignKey(WTPI_K2_SymmetricKey_Handle key_handle,
// Compute the signature of the data past the signature block and store it
// at the start of the output buffer.
WTPI_K2_SymmetricKey_Handle signing_key_handle = NULL;
result = WTPI_K2_DeriveDeviceKeyIntoHandle(DEVICE_KEY_SIGN_INTERNAL_KEY,
result = WTPI_K2_DeriveDeviceKeyIntoHandle(DEVICE_KEY_WRAP_INTERNAL_KEY,
MAC_KEY_CLIENT,
&signing_key_handle, KEY_SIZE_256);
if (result != OEMCrypto_SUCCESS) return result;
@@ -111,11 +111,11 @@ static OEMCryptoResult VerifyAndDecryptKey(
// Verify the signature first, before decrypting.
WTPI_K2_SymmetricKey_Handle signing_key_handle = NULL;
OEMCryptoResult result = WTPI_K2_DeriveDeviceKeyIntoHandle(
DEVICE_KEY_SIGN_INTERNAL_KEY, MAC_KEY_SERVER, &signing_key_handle,
DEVICE_KEY_WRAP_INTERNAL_KEY, MAC_KEY_SERVER, &signing_key_handle,
KEY_SIZE_256);
if (result != OEMCrypto_SUCCESS) return result;
result = WTPI_C2_HMAC_SHA256_Verify(
signing_key_handle, (uint8_t*)(&wrapped->wrapped_key_data),
signing_key_handle, (const uint8_t*)(&wrapped->wrapped_key_data),
sizeof(wrapped->wrapped_key_data), wrapped->signature);
WTPI_K2_FreeKeyHandle(signing_key_handle);
if (result != OEMCrypto_SUCCESS) return result;
@@ -741,6 +741,7 @@ OEMCryptoResult WTPI_C1_CopyToOutputBuffer(
}
OEMCryptoResult WTPI_C1_RandomBytes(uint8_t* out, size_t size) {
if (out == NULL || size == 0) return OEMCrypto_ERROR_INVALID_CONTEXT;
if (RAND_bytes(out, size) != 1) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
return OEMCrypto_SUCCESS;
}

39
oemcrypto/opk/oemcrypto_ta/wtpi_reference/crypto_and_key_management_layer1_openssl.c → oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_and_key_management_layer1_openssl.c
View File

@@ -93,7 +93,9 @@ static OEMCryptoResult GetKeyType(WTPI_K1_SymmetricKey_Handle key_handle,
return OEMCrypto_SUCCESS;
}
static OEMCryptoResult DeriveFromDeviceKey(uint32_t context, uint8_t* out_key,
static OEMCryptoResult DeriveFromDeviceKey(uint32_t context,
SymmetricKeyType out_key_type,
uint8_t* out_key,
KeySize out_key_size) {
ABORT_IF(out_key == NULL, "Parameters are NULL or 0");
ABORT_IF(out_key_size != KEY_SIZE_128 && out_key_size != KEY_SIZE_256,
@@ -101,11 +103,21 @@ static OEMCryptoResult DeriveFromDeviceKey(uint32_t context, uint8_t* out_key,
const uint8_t* device_key = WTPI_GetDeviceKey();
KeySize device_key_size = WTPI_GetDeviceKeySize();
uint8_t full_context[16] = {'.', '.', '.', '.', 'W', 'i', 'd', 'e',
'v', 'i', 'n', 'e', ' ', 'O', 'P', 'K'};
// Prepare full context for key derivation
// Server and client MAC keys must derive to the same key.
const SymmetricKeyType type_temp =
out_key_type == MAC_KEY_SERVER ? MAC_KEY_CLIENT : out_key_type;
// Cast the type into 32 bits so it is the same size as the gap left for it in
// full_context. This will be a no-op on most architectures.
const uint32_t type_32 = (uint32_t)type_temp;
// Build a full context that is unique to this starting context / key type
// combination. We start with a context template with blanks at the beginning
// and fill the blanks with the starting context and key type.
uint8_t full_context[20] = {'.', '.', '.', '.', '.', '.', '.', '.', 'W', 'i',
'd', 'e', 'v', 'i', 'n', 'e', ' ', 'O', 'P', 'K'};
const size_t context_length = sizeof(full_context);
// Set the first four bytes to the specific use for this key.
memcpy(full_context, &context, 4);
memcpy(full_context + 4, &type_32, 4);
const uint8_t counter = 1;
if (!OPKI_DeriveKeyWithCMAC(device_key, device_key_size, counter,
full_context, context_length, out_key_size,
@@ -130,7 +142,8 @@ static OEMCryptoResult EncryptAndSignKey(const uint8_t* key, size_t key_size,
// Encrypt the key
uint8_t encryption_key[KEY_SIZE_128];
result = DeriveFromDeviceKey(DEVICE_KEY_WRAP_INTERNAL_KEY, encryption_key,
result = DeriveFromDeviceKey(DEVICE_KEY_WRAP_INTERNAL_KEY, ENCRYPTION_KEY,
encryption_key,
OPK_LengthToKeySize(sizeof(encryption_key)));
if (result != OEMCrypto_SUCCESS) return result;
if (!OPKI_AESCBCEncrypt(key, key_size, wrapped->wrapped_key_data.iv,
@@ -140,7 +153,8 @@ static OEMCryptoResult EncryptAndSignKey(const uint8_t* key, size_t key_size,
}
// Compute the signature of the wrapped key and store it
uint8_t signing_key[KEY_SIZE_256];
result = DeriveFromDeviceKey(DEVICE_KEY_SIGN_INTERNAL_KEY, signing_key,
result = DeriveFromDeviceKey(DEVICE_KEY_WRAP_INTERNAL_KEY, MAC_KEY_CLIENT,
signing_key,
OPK_LengthToKeySize(sizeof(signing_key)));
if (result != OEMCrypto_SUCCESS) return result;
const uint8_t* wrapped_key_data =
@@ -169,9 +183,9 @@ static OEMCryptoResult VerifyAndDecryptKey(
// Verify the signature first, before decrypting
uint8_t signing_key[KEY_SIZE_256];
OEMCryptoResult result =
DeriveFromDeviceKey(DEVICE_KEY_SIGN_INTERNAL_KEY, signing_key,
OPK_LengthToKeySize(sizeof(signing_key)));
OEMCryptoResult result = DeriveFromDeviceKey(
DEVICE_KEY_WRAP_INTERNAL_KEY, MAC_KEY_SERVER, signing_key,
OPK_LengthToKeySize(sizeof(signing_key)));
if (result != OEMCrypto_SUCCESS) return result;
const uint8_t* wrapped_key_data =
(const uint8_t*)(&wrapped->wrapped_key_data);
@@ -188,7 +202,8 @@ static OEMCryptoResult VerifyAndDecryptKey(
// Decrypt the key
uint8_t decryption_key[KEY_SIZE_128];
result = DeriveFromDeviceKey(DEVICE_KEY_WRAP_INTERNAL_KEY, decryption_key,
result = DeriveFromDeviceKey(DEVICE_KEY_WRAP_INTERNAL_KEY, ENCRYPTION_KEY,
decryption_key,
OPK_LengthToKeySize(sizeof(decryption_key)));
if (result != OEMCrypto_SUCCESS) return result;
if (!OPKI_AESCBCDecrypt(wrapped->wrapped_key_data.wrapped_key,
@@ -419,7 +434,7 @@ OEMCryptoResult WTPI_K1_DeriveDeviceKeyIntoHandle(
if (out_key_handle == NULL) return OEMCrypto_ERROR_INVALID_CONTEXT;
uint8_t derived_key[KEY_SIZE_256];
OEMCryptoResult result =
DeriveFromDeviceKey(context, derived_key, out_key_size);
DeriveFromDeviceKey(context, out_key_type, derived_key, out_key_size);
if (result != OEMCrypto_SUCCESS) return result;
return WTPI_K1_CreateKeyHandle(derived_key, (size_t)out_key_size,
@@ -530,6 +545,7 @@ OEMCryptoResult WTPI_K1_DeriveKeyFromKeyHandle(
out_key_size, derived_key)) {
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
}
return WTPI_K1_CreateKeyHandle(derived_key, (size_t)out_key_size,
out_key_type, out_key_handle);
}
@@ -615,6 +631,7 @@ OEMCryptoResult WTPI_C1_CopyToOutputBuffer(
}
OEMCryptoResult WTPI_C1_RandomBytes(uint8_t* out, size_t size) {
if (out == NULL || size == 0) return OEMCrypto_ERROR_INVALID_CONTEXT;
if (RAND_bytes(out, size) != 1) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
return OEMCrypto_SUCCESS;
}

0
oemcrypto/opk/oemcrypto_ta/wtpi_reference/crypto_asymmetric.c → oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_asymmetric.c
View File

0
oemcrypto/opk/oemcrypto_ta/wtpi_reference/crypto_wrap_asymmetric.c → oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_wrap_asymmetric.c
View File

0
oemcrypto/opk/oemcrypto_ta/wtpi_reference/decrypt_sample.c → oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_decrypt_sample.c
View File

0
oemcrypto/opk/oemcrypto_ta/wtpi_reference/device_key.c → oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_device_key.c
View File

60
oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_logging.c Normal file
View File

@@ -0,0 +1,60 @@
/* Copyright 2019 Google LLC. All Rights Reserved. This file and proprietary
source code may only be used and distributed under the Widevine
License Agreement. */
#include "wtpi_logging_interface.h"
#include <stdarg.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "wtpi_abort_interface.h"
#if !defined(OPK_LOG_LEVEL)
# define OPK_LOG_LEVEL LOG_DEBUG
#endif
static size_t LogPriorityToOrdering(LogPriority priority) {
switch (priority) {
case LOG_NONE:
return 0;
case LOG_ERROR:
return 1;
case LOG_DEBUG:
return 2;
}
ABORT("invalid log priority");
}
static const char* LogPriorityToName(LogPriority priority) {
static const char* const kPriorityNames[] = {"NONE", "ERROR", "DEBUG"};
return kPriorityNames[LogPriorityToOrdering(priority)];
}
/* A test implementation for logging. Outputs logs to stdout. */
void WTPI_Log(const char* file, const char* function, int line,
LogPriority level, const char* fmt, ...) {
if (level == LOG_NONE) {
fprintf(stderr, "[FATAL:%s(%d)] Cannot log at LOG_NONE level.\n", file,
line);
fflush(stderr);
return;
}
if (LogPriorityToOrdering(level) > LogPriorityToOrdering(OPK_LOG_LEVEL)) {
// Log message is below the threshold for logging.
return;
}
fprintf(stderr, "[%s:%s(%d):%s] ", LogPriorityToName(level), file, line,
function);
va_list ap;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
va_end(ap);
fputc('\n', stderr);
fflush(stderr);
}

109
oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_reference.gyp Normal file
View File

@@ -0,0 +1,109 @@
# Copyright 2019 Google LLC.All Rights Reserved.This file and proprietary
# source code may only be used and distributed under the Widevine
# License Agreement.
{
'variables': {
# Include directory that contains wtpi_config_macros.h.
'config_macros_header_dir%': '.',
# TODO(b/207176111): add test scripts to cover both reference crypto impl
'reference_crypto_impl%': 'software',
},
'includes': [
'../../strict_compiler_flags.gypi',
],
'target_defaults': {
'type': 'static_library',
'standalone_static_library': 1,
'dependencies': [
'../oemcrypto_ta.gyp:oemcrypto_ta',
],
},
'targets': [
{
'target_name': 'oemcrypto_ta_reference_root_of_trust',
'sources': [
'wtpi_crypto_wrap_asymmetric.c',
'wtpi_device_key.c',
'wtpi_root_of_trust_layer1.c',
],
'dependencies': [
'../../../odk/src/odk.gyp:odk',
],
},
{
'target_name': 'oemcrypto_ta_reference_clock',
'sources': [
'wtpi_clock_and_gn_layer1.c',
],
'dependencies': [
'../../../odk/src/odk.gyp:odk',
],
},
{
'target_name': 'oemcrypto_ta_reference_abort',
'sources': [
'wtpi_abort.c',
],
},
{
'target_name': 'oemcrypto_ta_reference_logging',
'sources': [
'wtpi_logging.c',
],
},
{
'target_name': 'oemcrypto_ta_reference_crypto',
'include_dirs': [
'<(config_macros_header_dir)',
'.',
],
# The reference implementation of the crypto interface uses
# BoringSSL/OpenSSL, which requires C11. These flags effectively do the
# opposite of the default flags, filtering out the C99 flag and
# un-filtering-out the C11 flag.
'cflags_c': [
'-std=c11',
],
'cflags_c/': [
['exclude', '-std=*'],
['include', '-std=c11'],
],
'sources': [
'crypto_util.c',
'ecc_util.c',
'rsa_util.c',
'wtpi_crc32.c',
'wtpi_crypto_asymmetric.c',
'wtpi_decrypt_sample.c',
],
'conditions': [
['reference_crypto_impl=="hardware"', {
'sources': [
'wtpi_crypto_and_key_management_layer1_hw.c',
],
}],
['reference_crypto_impl=="software"', {
'sources': [
'wtpi_crypto_and_key_management_layer1_openssl.c',
],
}],
],
'variables': {
# Needed for BoringSSL dependency build files. These SHOULD already be
# defined by a higher-level configuration, but sometimes the OPK TA
# gets included in targets that don't define them, so we define them
# again here defensively.
'privacy_crypto_impl%': 'boringssl',
'boringssl_libcrypto_path%': '<(DEPTH)/third_party/boringssl/boringssl.gyp:crypto',
},
'includes': [
'../../../../util/libcrypto_dependency.gypi',
],
'dependencies': [
'../../../odk/src/odk.gyp:odk',
],
},
],
}

0
oemcrypto/opk/oemcrypto_ta/wtpi_reference/root_of_trust_layer1.c → oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_root_of_trust_layer1.c
View File

112
oemcrypto/opk/oemcrypto_ta/wtpi_test/clock_interface_test.cpp Normal file
View File

@@ -0,0 +1,112 @@
// Copyright 2022 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine License
// Agreement.
#include <gtest/gtest.h>
#include <climits>
#include <fstream>
#include "OEMCryptoCENC.h"
#include "log.h"
#include "opk_init.h"
#include "wtpi_clock_interface_layer1.h"
namespace {
constexpr uint32_t kSecondsElapsed = 5;
constexpr uint32_t kSecondsTolerance = 1;
// temporary file to store the trusted time before reboot
const char* kSavedTrustedTime = "saved_trusted_time";
template <typename T>
std::ostream& binary_write(std::ostream& stream, const T& value) {
return stream.write(reinterpret_cast<const char*>(&value), sizeof(T));
}
template <typename T>
std::istream& binary_read(std::istream& stream, T& value) {
return stream.read(reinterpret_cast<char*>(&value), sizeof(T));
}
void SaveTrustedTime(uint64_t time) {
std::ofstream stream(kSavedTrustedTime, std::ios::binary);
binary_write(stream, time);
}
uint64_t LoadTrustedTime() {
uint64_t time = ULLONG_MAX;
std::ifstream stream(kSavedTrustedTime, std::ios::binary);
binary_read(stream, time);
return time;
}
bool IsTrustedTimeSaved() {
std::ifstream stream(kSavedTrustedTime);
return stream.good();
}
}; // namespace
class ClockInterfaceTest : public ::testing::Test {
protected:
ClockInterfaceTest() {}
void SetUp() override {
::testing::Test::SetUp();
const ::testing::TestInfo* const test_info =
::testing::UnitTest::GetInstance()->current_test_info();
LOGD("Running test %s.%s", test_info->test_case_name(), test_info->name());
ASSERT_TRUE(OPK_Initialize());
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_InitializeClock());
}
void TearDown() override {
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_TerminateClock());
OPK_Terminate();
::testing::Test::TearDown();
}
};
TEST_F(ClockInterfaceTest, TrustedTimeNULL) {
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT, WTPI_GetTrustedTime(NULL));
}
TEST_F(ClockInterfaceTest, ClockBasic) {
uint64_t time_in_s;
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_GetTrustedTime(&time_in_s));
printf("Sleep %us before validating the trusted time...\n",
kSecondsElapsed + kSecondsTolerance);
sleep(kSecondsElapsed + kSecondsTolerance);
uint64_t new_time_in_s;
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_GetTrustedTime(&new_time_in_s));
ASSERT_TRUE(new_time_in_s > time_in_s + kSecondsElapsed);
}
class ClockRebootTest : public ClockInterfaceTest {};
// The reboot tests verify that the trusted time returned by
// WTPI_GetTrustedTime() never goes backward after a device reboot
TEST_F(ClockRebootTest, SaveClockBeforeReboot) {
printf("Sleep %us before saving the trusted time...\n", kSecondsElapsed);
sleep(kSecondsElapsed);
// This is to simulate that the device is up for at least kSecondsElapsed
// before reboot. The test CheckClockAfterReboot below will validate the
// trusted time immediately after reboot. If WTPI_GetTrustedTime() is
// implemented on top of a timer which gets reset to 0 after every reboot, the
// trusted time could potentially go backward compared with the last recorded
// trusted time before reboot in a problematic implementation. This test is to
// make sure the trusted stays monotonic.
uint64_t current_time;
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_GetTrustedTime(&current_time));
SaveTrustedTime(current_time);
}
TEST_F(ClockRebootTest, CheckClockAfterReboot) {
ASSERT_EQ(true, IsTrustedTimeSaved());
uint64_t current_time;
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_GetTrustedTime(&current_time));
uint64_t saved_time = LoadTrustedTime();
ASSERT_TRUE(current_time >= saved_time);
remove(kSavedTrustedTime);
}

32
oemcrypto/opk/oemcrypto_ta/wtpi_test/common/common_special_cases.c
View File

@@ -109,7 +109,7 @@ void OPK_Pack_SymmetricKeyType(ODK_Message* message,
return;
}
OPK_Pack_uint32_t(message, (const uint32_t*)value);
OPK_Pack_int(message, (const int*)value);
}
void OPK_Unpack_SymmetricKeyType(ODK_Message* message,
@@ -119,7 +119,7 @@ void OPK_Unpack_SymmetricKeyType(ODK_Message* message,
return;
}
OPK_Unpack_uint32_t(message, (uint32_t*)value);
OPK_Unpack_int(message, (int*)value);
}
void OPK_Pack_AsymmetricKeyType(ODK_Message* message,
@@ -129,7 +129,7 @@ void OPK_Pack_AsymmetricKeyType(ODK_Message* message,
return;
}
OPK_Pack_uint32_t(message, (const uint32_t*)value);
OPK_Pack_int(message, (const int*)value);
}
void OPK_Unpack_AsymmetricKeyType(ODK_Message* message,
@@ -139,7 +139,7 @@ void OPK_Unpack_AsymmetricKeyType(ODK_Message* message,
return;
}
OPK_Unpack_uint32_t(message, (uint32_t*)value);
OPK_Unpack_int(message, (int*)value);
}
void OPK_Pack_RSA_Padding_Scheme(ODK_Message* message,
@@ -168,7 +168,7 @@ void OPK_Pack_KeySize(ODK_Message* message, const KeySize* value) {
return;
}
OPK_Pack_size_t(message, (const size_t*)value);
OPK_Pack_int(message, (const int*)value);
}
void OPK_Unpack_KeySize(ODK_Message* message, KeySize* value) {
@@ -177,7 +177,7 @@ void OPK_Unpack_KeySize(ODK_Message* message, KeySize* value) {
return;
}
OPK_Unpack_size_t(message, (size_t*)value);
OPK_Unpack_int(message, (int*)value);
}
void OPK_Pack_OEMCrypto_SharedMemory(ODK_Message* message,
@@ -193,3 +193,23 @@ void OPK_Unpack_OEMCrypto_SharedMemory(ODK_Message* message,
(void)value;
ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR);
}
void OPK_Pack_OEMCrypto_Clock_Security_Level(
ODK_Message* message, const OEMCrypto_Clock_Security_Level* value) {
if (value == NULL) {
ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR);
return;
}
OPK_Pack_uint32_t(message, (const uint32_t*)value);
}
void OPK_Unpack_OEMCrypto_Clock_Security_Level(
ODK_Message* message, OEMCrypto_Clock_Security_Level* value) {
if (value == NULL) {
ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR);
return;
}
OPK_Unpack_uint32_t(message, (uint32_t*)value);
}

8
oemcrypto/opk/oemcrypto_ta/wtpi_test/common/common_special_cases.h
View File

@@ -44,9 +44,15 @@ void OPK_Unpack_RSA_Padding_Scheme(ODK_Message* msg,
void OPK_Pack_KeySize(ODK_Message* msg, const KeySize* key_size);
void OPK_Unpack_KeySize(ODK_Message* msg, KeySize* key_size);
void OPK_Pack_OEMCrypto_SharedMemory(ODK_Message* message,
const OEMCrypto_SharedMemory* value);
void OPK_Unpack_OEMCrypto_SharedMemory(ODK_Message* message,
OEMCrypto_SharedMemory* value);
void OPK_Pack_OEMCrypto_Clock_Security_Level(
ODK_Message* msg, const OEMCrypto_Clock_Security_Level* value);
void OPK_Unpack_OEMCrypto_Clock_Security_Level(
ODK_Message* msg, OEMCrypto_Clock_Security_Level* value);
#endif

745
oemcrypto/opk/oemcrypto_ta/wtpi_test/crypto_test.cpp
View File

@@ -6,7 +6,9 @@
#include "OEMCryptoCENC.h"
#include "log.h"
#include "oemcrypto_key_types.h"
#include "opk_init.h"
#include "ssl_util.h"
#include "tos_shared_memory_interface.h"
#include "wtpi_crc32_interface.h"
#include "wtpi_crypto_and_key_management_interface_layer1.h"
@@ -26,57 +28,66 @@ class CryptoTest : public ::testing::Test {
const ::testing::TestInfo* const test_info =
::testing::UnitTest::GetInstance()->current_test_info();
LOGD("Running test %s.%s", test_info->test_case_name(), test_info->name());
OPK_Initialize();
ASSERT_EQ(true, OPK_Initialize());
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_K1_InitializeKeyManagement());
}
void TearDown() override {
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_K1_TerminateKeyManagement());
OPK_Terminate();
::testing::Test::TearDown();
}
};
TEST_F(CryptoTest, CreateKeyHandleWorksWithTypicalKeySize) {
const uint8_t key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(
OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key, KEY_SIZE_128, CONTENT_KEY, &key_handle));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_128, CONTENT_KEY,
&key_handle));
ASSERT_NE(nullptr, key_handle);
ASSERT_EQ(
OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key, KEY_SIZE_256, CONTENT_KEY, &key_handle));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_256, CONTENT_KEY,
&key_handle));
ASSERT_NE(nullptr, key_handle);
}
TEST_F(CryptoTest, CreateKeyHandleFailsWithBadParams) {
const uint8_t key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(
OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_CreateKeyHandle(key, UNKNOWN_KEY_SIZE, CONTENT_KEY, &key_handle));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_CreateKeyHandle(key.data(), UNKNOWN_KEY_SIZE, CONTENT_KEY,
&key_handle));
ASSERT_EQ(
OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_CreateKeyHandle(NULL, KEY_SIZE_128, CONTENT_KEY, &key_handle));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_CreateKeyHandle(key, KEY_SIZE_128, CONTENT_KEY, NULL));
ASSERT_EQ(
OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_128, CONTENT_KEY, NULL));
}
TEST_F(CryptoTest, AESCBCEncryptHelloWorld) {
const uint8_t key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
SymmetricKeyType key_type = CONTENT_KEY;
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key, KEY_SIZE_128, key_type, &key_handle));
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_128,
key_type, &key_handle));
ASSERT_NE(nullptr, key_handle);
// Encrypt
@@ -99,14 +110,16 @@ TEST_F(CryptoTest, AESCBCEncryptHelloWorld) {
}
TEST_F(CryptoTest, AESCBCEncryptFailsForBadInput) {
const uint8_t key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
SymmetricKeyType key_type = CONTENT_KEY;
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key, KEY_SIZE_128, key_type, &key_handle));
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_128,
key_type, &key_handle));
std::string message = "Hello world!______";
std::vector<uint8_t> input(message.begin(), message.end());
@@ -140,14 +153,16 @@ TEST_F(CryptoTest, AESCBCEncryptFailsForBadInput) {
}
TEST_F(CryptoTest, AESCBCDecryptHelloWorld) {
const uint8_t key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
SymmetricKeyType key_type = CONTENT_KEY;
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key, KEY_SIZE_128, key_type, &key_handle));
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_128,
key_type, &key_handle));
ASSERT_NE(nullptr, key_handle);
// Decrypt
@@ -169,14 +184,16 @@ TEST_F(CryptoTest, AESCBCDecryptHelloWorld) {
}
TEST_F(CryptoTest, AESCBCEncryptDecryptLoop) {
const uint8_t key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(
OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key, KEY_SIZE_128, CONTENT_KEY, &key_handle));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_128, CONTENT_KEY,
&key_handle));
ASSERT_NE(nullptr, key_handle);
std::string message = "EncryptDecryptLoop";
@@ -201,14 +218,16 @@ TEST_F(CryptoTest, AESCBCEncryptDecryptLoop) {
}
TEST_F(CryptoTest, AESCBCDecryptFailsForBadInput) {
const uint8_t key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
SymmetricKeyType key_type = CONTENT_KEY;
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key, KEY_SIZE_128, key_type, &key_handle));
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_128,
key_type, &key_handle));
std::vector<uint8_t> input = {72, 148, 193, 81, 175, 242, 38, 26,
247, 167, 88, 96, 223, 94, 41, 95};
@@ -403,14 +422,16 @@ TEST_F(CryptoTest, Crc32Cont_OutputBufferFailsWithBadInput) {
}
TEST_F(CryptoTest, HMAC_SHA256FailsWithBadInput) {
const uint8_t key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(
OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key, KEY_SIZE_256, MAC_KEY_CLIENT, &key_handle));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_256, MAC_KEY_CLIENT,
&key_handle));
std::vector<uint8_t> input;
for (int i = 0; i < 32; i++) {
@@ -433,14 +454,16 @@ TEST_F(CryptoTest, HMAC_SHA256FailsWithBadInput) {
}
TEST_F(CryptoTest, HMAC_SHA256Basic) {
const uint8_t key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(
OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key, KEY_SIZE_256, MAC_KEY_CLIENT, &key_handle));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_256, MAC_KEY_CLIENT,
&key_handle));
std::vector<uint8_t> input;
for (int i = 0; i < 32; i++) {
@@ -461,14 +484,16 @@ TEST_F(CryptoTest, HMAC_SHA256Basic) {
}
TEST_F(CryptoTest, HMAC_SHA256_VerifyBasic) {
const uint8_t key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(
OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key, KEY_SIZE_256, MAC_KEY_CLIENT, &key_handle));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_256, MAC_KEY_CLIENT,
&key_handle));
std::vector<uint8_t> input;
for (int i = 0; i < 32; i++) {
@@ -490,14 +515,16 @@ TEST_F(CryptoTest, HMAC_SHA256_VerifyBasic) {
}
TEST_F(CryptoTest, HMAC_SHA256_VerifyFailsWithBadInput) {
const uint8_t key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(
OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key, KEY_SIZE_256, MAC_KEY_CLIENT, &key_handle));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_256, MAC_KEY_CLIENT,
&key_handle));
std::vector<uint8_t> input;
for (int i = 0; i < 32; i++) {
@@ -524,14 +551,16 @@ TEST_F(CryptoTest, HMAC_SHA256_VerifyFailsWithBadInput) {
}
TEST_F(CryptoTest, HMAC_SHA1Basic) {
const uint8_t key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(
OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key, KEY_SIZE_256, MAC_KEY_CLIENT, &key_handle));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_256, MAC_KEY_CLIENT,
&key_handle));
std::vector<uint8_t> input;
for (int i = 0; i < 32; i++) {
@@ -550,14 +579,16 @@ TEST_F(CryptoTest, HMAC_SHA1Basic) {
}
TEST_F(CryptoTest, HMAC_SHA1FailsWithBadInput) {
const uint8_t key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(
OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key, KEY_SIZE_256, MAC_KEY_CLIENT, &key_handle));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_256, MAC_KEY_CLIENT,
&key_handle));
std::vector<uint8_t> input;
for (int i = 0; i < 32; i++) {
@@ -689,12 +720,13 @@ TEST_F(CryptoTest, CreateAsymmetricKeyHandleFailsForBadInput) {
WTPI_CreateAsymmetricKeyHandle(test_rsa_key_der, TEST_RSA_KEY_DER_LEN,
DRM_RSA_PRIVATE_KEY, NULL));
const uint8_t bad_format[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
std::vector<uint8_t> bad_format;
for (int i = 0; i < 32; i++) {
bad_format.push_back(i);
}
ASSERT_EQ(OEMCrypto_ERROR_INVALID_RSA_KEY,
WTPI_CreateAsymmetricKeyHandle(bad_format, 32, DRM_RSA_PRIVATE_KEY,
&handle));
WTPI_CreateAsymmetricKeyHandle(bad_format.data(), 32,
DRM_RSA_PRIVATE_KEY, &handle));
}
TEST_F(CryptoTest, RSASign) {
@@ -712,7 +744,17 @@ TEST_F(CryptoTest, RSASign) {
WTPI_RSASign(handle, input.data(), input.size(), output.data(),
&output_len, kSign_RSASSA_PSS));
// TODO: verify RSA signature
// Verify with openssl, since we can't use WTPI functions to verify
RSA* rsa = NULL;
ASSERT_TRUE(
DeserializePKCS8PrivateKey(test_rsa_key_der, TEST_RSA_KEY_DER_LEN, &rsa));
boringssl_ptr<EVP_PKEY, EVP_PKEY_free> pkey(EVP_PKEY_new());
ASSERT_EQ(1, EVP_PKEY_set1_RSA(pkey.get(), rsa));
EXPECT_TRUE(VerifyPSSSignature(pkey.get(), input.data(), input.size(),
output.data(), output.size()))
<< "PSS signature check failed.";
}
TEST_F(CryptoTest, RSASignFailsWithBadInput) {
@@ -820,9 +862,7 @@ TEST_F(CryptoTest, GetSignatureSizeFailsForBadInputs) {
WTPI_GetSignatureSize(handle, NULL));
}
// TODO(b/205752860): wtpi_crypto_and_key_management_interface_layer1.h does not
// actually specify what should happen for NULL/0 inputs to RandomBytes()
TEST_F(CryptoTest, DISABLED_RandomBytesFailsForBadInputs) {
TEST_F(CryptoTest, RandomBytesFailsForBadInputs) {
std::vector<uint8_t> out(32, 0);
size_t size = 32;
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT, WTPI_C1_RandomBytes(NULL, size));
@@ -831,14 +871,16 @@ TEST_F(CryptoTest, DISABLED_RandomBytesFailsForBadInputs) {
}
TEST_F(CryptoTest, DeriveKeyFromKeyHandleFailsForBadInputs) {
const uint8_t key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(
OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key, KEY_SIZE_128, DERIVING_KEY, &key_handle));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_128, DERIVING_KEY,
&key_handle));
uint8_t counter = 0;
const uint8_t context[] = {50, 51, 52, 53};
@@ -864,4 +906,515 @@ TEST_F(CryptoTest, DeriveKeyFromKeyHandleFailsForBadInputs) {
out_key_size, NULL));
}
// TODO: DeriveKeyFromKeyHandle with expected CMAC+counter construction output
TEST_F(CryptoTest, DeriveKeyFromKeyHandleWorks) {
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_128, DERIVING_KEY,
&key_handle));
const uint8_t context[4] = {'T', 'E', 'S', 'T'};
WTPI_K1_SymmetricKey_Handle out_key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_DeriveKeyFromKeyHandle(key_handle, 1, context,
sizeof(context), MAC_KEY_CLIENT,
KEY_SIZE_256, &out_key_handle));
const uint8_t expected_derived_key[] = {31, 230, 128, 12, 6, 223, 177, 250,
199, 161, 58, 52, 105, 184, 151, 162,
131, 204, 51, 13, 29, 230, 183, 214,
157, 152, 245, 50, 81, 137, 110, 56};
WTPI_K1_SymmetricKey_Handle expected_derived_key_handle;
ASSERT_EQ(
OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(expected_derived_key, KEY_SIZE_256,
MAC_KEY_CLIENT, &expected_derived_key_handle));
// perform an operation with out_key_handle and expected_derived_key_handle to
// prove they are using the same underlying key data
std::vector<uint8_t> input;
for (int i = 0; i < 32; i++) {
input.push_back(i);
}
std::vector<uint8_t> output1(32, 1);
std::vector<uint8_t> output2(32, 2);
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_C1_HMAC_SHA256(out_key_handle, input.data(), input.size(),
output1.data()));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_C1_HMAC_SHA256(expected_derived_key_handle, input.data(),
input.size(), output2.data()));
for (int i = 0; i < 32; i++) {
ASSERT_EQ(output1[i], output2[i]);
}
}
TEST_F(CryptoTest, WrapKeyFailsForBadInputs) {
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_128, DERIVING_KEY,
&key_handle));
uint32_t context = 0x1234;
SymmetricKeyType key_type = DERIVING_KEY;
uint8_t wrapped_key[256];
uint8_t wrapped_key_length = KEY_SIZE_128;
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_WrapKey(context, NULL, key_type, wrapped_key,
wrapped_key_length));
ASSERT_EQ(
OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_WrapKey(context, key_handle, key_type, NULL, wrapped_key_length));
}
TEST_F(CryptoTest, UnwrapKeyFailsForBadInputs) {
WTPI_K1_SymmetricKey_Handle out_key_handle;
uint32_t context = 0x1234;
SymmetricKeyType key_type = DERIVING_KEY;
uint8_t wrapped_key[256];
uint8_t wrapped_key_length = KEY_SIZE_128;
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_UnwrapIntoKeyHandle(context, NULL, wrapped_key_length,
key_type, &out_key_handle));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_UnwrapIntoKeyHandle(context, wrapped_key, 7, key_type,
&out_key_handle));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_UnwrapIntoKeyHandle(context, wrapped_key,
wrapped_key_length, key_type, NULL));
}
TEST_F(CryptoTest, WrapAndUnwrapKeyWorks) {
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_256, MAC_KEY_CLIENT,
&key_handle));
uint32_t context = 0x1234;
SymmetricKeyType key_type = MAC_KEY_CLIENT;
uint8_t wrapped_key[256];
uint8_t wrapped_key_length = KEY_SIZE_256;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_WrapKey(context, key_handle, key_type, wrapped_key,
wrapped_key_length));
WTPI_K1_SymmetricKey_Handle out_key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_K1_UnwrapIntoKeyHandle(
context, wrapped_key, wrapped_key_length,
key_type, &out_key_handle));
// Perform the same crypto operation with both key handles to prove the
// unwrapped handle is the same as the wrapped one
std::vector<uint8_t> output1(32, 1);
std::vector<uint8_t> output2(32, 2);
std::vector<uint8_t> input;
for (int i = 0; i < 32; i++) {
input.push_back(i);
}
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_C1_HMAC_SHA256(key_handle, input.data(), input.size(),
output1.data()));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_C1_HMAC_SHA256(out_key_handle, input.data(), input.size(),
output2.data()));
for (int i = 0; i < 32; i++) {
ASSERT_EQ(output1[i], output2[i]);
}
}
TEST_F(CryptoTest, WrapAsymmetricKeyFailsForBadInputs) {
uint8_t output[4000];
size_t output_length = 4000;
AsymmetricKeyType key_type = DRM_RSA_PRIVATE_KEY;
uint8_t clear_key[256];
size_t clear_key_length = 256;
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_WrapAsymmetricKey(NULL, output_length, key_type, clear_key,
clear_key_length));
ASSERT_EQ(
OEMCrypto_ERROR_SHORT_BUFFER,
WTPI_WrapAsymmetricKey(output, 0, key_type, clear_key, clear_key_length));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_WrapAsymmetricKey(output, output_length, key_type, NULL,
clear_key_length));
ASSERT_EQ(
OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_WrapAsymmetricKey(output, output_length, key_type, clear_key, 0));
}
TEST_F(CryptoTest, UnwrapAsymmetricKeyFailsForBadInputs) {
uint8_t input[256];
size_t input_length = 256;
AsymmetricKeyType key_type = DRM_RSA_PRIVATE_KEY;
WTPI_AsymmetricKey_Handle key_handle;
uint32_t allowed_schemes = 0;
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_UnwrapIntoAsymmetricKeyHandle(NULL, input_length, key_type,
&key_handle, &allowed_schemes));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_UnwrapIntoAsymmetricKeyHandle(input, 0, key_type, &key_handle,
&allowed_schemes));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_UnwrapIntoAsymmetricKeyHandle(input, input_length, key_type,
NULL, &allowed_schemes));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_UnwrapIntoAsymmetricKeyHandle(input, input_length, key_type,
&key_handle, NULL));
}
TEST_F(CryptoTest, WrapAndUnwrapAsymmetricKeyWorks) {
WTPI_AsymmetricKey_Handle handle;
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_CreateAsymmetricKeyHandle(
test_rsa_key_der, TEST_RSA_KEY_DER_LEN,
DRM_RSA_PRIVATE_KEY, &handle));
size_t buffer_size = 0;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_GetWrappedAsymmetricKeySize(
TEST_RSA_KEY_DER_LEN, DRM_RSA_PRIVATE_KEY, &buffer_size));
std::vector<uint8_t> wrapped(buffer_size, 0);
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_WrapAsymmetricKey(wrapped.data(), wrapped.size(),
DRM_RSA_PRIVATE_KEY, test_rsa_key_der,
TEST_RSA_KEY_DER_LEN));
WTPI_AsymmetricKey_Handle out_handle;
uint32_t allowed_schemes;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_UnwrapIntoAsymmetricKeyHandle(wrapped.data(), wrapped.size(),
DRM_RSA_PRIVATE_KEY, &out_handle,
&allowed_schemes));
// perform an operation with the two handles to prove they are the same
std::vector<uint8_t> decrypted1(256, 0);
std::vector<uint8_t> decrypted2(256, 0);
size_t output_len = 256;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_RSADecrypt(handle, hello_world_encrypted, HELLO_WORLD_ENC_LEN,
decrypted1.data(), &output_len));
output_len = 256;
ASSERT_EQ(
OEMCrypto_SUCCESS,
WTPI_RSADecrypt(out_handle, hello_world_encrypted, HELLO_WORLD_ENC_LEN,
decrypted2.data(), &output_len));
std::string message = "Hello world!";
std::vector<uint8_t> expected(message.begin(), message.end());
for (size_t i = 0; i < expected.size(); i++) {
ASSERT_EQ(expected[i], decrypted1[i]);
ASSERT_EQ(expected[i], decrypted2[i]);
}
}
TEST_F(CryptoTest, GetKeySizeBasic) {
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_128, CONTENT_KEY,
&key_handle));
KeySize size = KEY_SIZE_256;
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_K1_GetKeySize(key_handle, &size));
ASSERT_EQ(KEY_SIZE_128, size);
}
TEST_F(CryptoTest, GetKeySizeFailsForBadInput) {
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_128, CONTENT_KEY,
&key_handle));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_GetKeySize(key_handle, NULL));
}
TEST_F(CryptoTest, AESDecryptAndCreateKeyHandleFailsForBadInput) {
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle decrypt_key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_128, CONTENT_KEY,
&decrypt_key_handle));
std::vector<uint8_t> enc_key = {72, 148, 193, 81, 175, 242, 38, 26,
247, 167, 88, 96, 223, 94, 41, 95};
std::vector<uint8_t> iv = {99, 0, 23, 18, 75, 4, 92, 115,
24, 70, 56, 57, 12, 43, 15, 29};
WTPI_K1_SymmetricKey_Handle out_key_handle;
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_AESDecryptAndCreateKeyHandle(
NULL, enc_key.data(), enc_key.size(), iv.data(), MAC_KEY_CLIENT,
&out_key_handle));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_AESDecryptAndCreateKeyHandle(
decrypt_key_handle, NULL, enc_key.size(), iv.data(),
MAC_KEY_CLIENT, &out_key_handle));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_AESDecryptAndCreateKeyHandle(
decrypt_key_handle, enc_key.data(), 7, iv.data(),
MAC_KEY_CLIENT, &out_key_handle));
// TODO(b/205751866): serializer allocates iv array on TEE side regardless if
// REE iv ptr is NULL, so the NULL never propagates to the TEE
//
// ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
// WTPI_K1_AESDecryptAndCreateKeyHandle(
// decrypt_key_handle, enc_key.data(), enc_key.size(), NULL,
// MAC_KEY_CLIENT, &out_key_handle));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_AESDecryptAndCreateKeyHandle(
decrypt_key_handle, enc_key.data(), enc_key.size(), iv.data(),
MAC_KEY_CLIENT, NULL));
}
TEST_F(CryptoTest, AESDecryptAndCreateKeyHandleBasic) {
std::vector<uint8_t> key;
for (int i = 0; i < 32; i++) {
key.push_back(i);
}
WTPI_K1_SymmetricKey_Handle expected_key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(key.data(), KEY_SIZE_256, MAC_KEY_CLIENT,
&expected_key_handle));
std::vector<uint8_t> decryption_key;
for (int i = 0; i < 32; i++) {
decryption_key.push_back(10 + i);
}
WTPI_K1_SymmetricKey_Handle decryption_key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(decryption_key.data(), KEY_SIZE_256,
CONTENT_KEY, &decryption_key_handle));
std::vector<uint8_t> iv = {99, 0, 23, 18, 75, 4, 92, 115,
24, 70, 56, 57, 12, 43, 15, 29};
// encrypt the `key` array using AES CBC
size_t key_size = KEY_SIZE_256;
uint8_t iv_buffer[KEY_IV_SIZE];
std::vector<uint8_t> encrypted_key(32, 0);
AES_KEY aes_key;
AES_set_encrypt_key(decryption_key.data(), (unsigned int)(key_size * 8),
&aes_key);
memcpy(iv_buffer, iv.data(), KEY_IV_SIZE);
AES_cbc_encrypt(key.data(), encrypted_key.data(), key.size(), &aes_key,
iv_buffer, AES_ENCRYPT);
WTPI_K1_SymmetricKey_Handle out_key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS, WTPI_K1_AESDecryptAndCreateKeyHandle(
decryption_key_handle, encrypted_key.data(),
encrypted_key.size(), iv.data(),
MAC_KEY_CLIENT, &out_key_handle));
// perform the same operation with both keys
std::vector<uint8_t> output1(32, 1);
std::vector<uint8_t> output2(32, 2);
std::vector<uint8_t> input;
for (int i = 0; i < 32; i++) {
input.push_back(i);
}
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_C1_HMAC_SHA256(out_key_handle, input.data(), input.size(),
output1.data()));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_C1_HMAC_SHA256(expected_key_handle, input.data(), input.size(),
output2.data()));
for (int i = 0; i < 32; i++) {
ASSERT_EQ(output1[i], output2[i]);
}
}
TEST_F(CryptoTest, AESDecryptAndCreateKeyHandleForMacKeysFailsForBadInput) {
std::vector<uint8_t> enc_mac_keys;
for (int i = 0; i < 64; i++) {
enc_mac_keys.push_back(i);
}
std::vector<uint8_t> decryption_key;
for (int i = 0; i < 32; i++) {
decryption_key.push_back(10 + i);
}
WTPI_K1_SymmetricKey_Handle decryption_key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(decryption_key.data(), KEY_SIZE_256,
CONTENT_KEY, &decryption_key_handle));
std::vector<uint8_t> iv = {99, 0, 23, 18, 75, 4, 92, 115,
24, 70, 56, 57, 12, 43, 15, 29};
WTPI_K1_SymmetricKey_Handle out_mac_key_client, out_mac_key_server;
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_AESDecryptAndCreateKeyHandleForMacKeys(
NULL, enc_mac_keys.data(), enc_mac_keys.size(), iv.data(),
&out_mac_key_server, &out_mac_key_client));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_AESDecryptAndCreateKeyHandleForMacKeys(
decryption_key_handle, NULL, enc_mac_keys.size(), iv.data(),
&out_mac_key_server, &out_mac_key_client));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_AESDecryptAndCreateKeyHandleForMacKeys(
decryption_key_handle, enc_mac_keys.data(), 63, iv.data(),
&out_mac_key_server, &out_mac_key_client));
// TODO(b/205751866): serializer allocates iv array on TEE side regardless
// if REE iv ptr is NULL, so the NULL never propagates to the TEE
//
// ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
// WTPI_K1_AESDecryptAndCreateKeyHandleForMacKeys(
// decryption_key_handle, enc_mac_keys.data(), enc_mac_keys.size(), NULL,
// &out_mac_key_server, &out_mac_key_client));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_AESDecryptAndCreateKeyHandleForMacKeys(
decryption_key_handle, enc_mac_keys.data(), enc_mac_keys.size(),
iv.data(), NULL, &out_mac_key_client));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_AESDecryptAndCreateKeyHandleForMacKeys(
decryption_key_handle, enc_mac_keys.data(), enc_mac_keys.size(),
iv.data(), &out_mac_key_server, NULL));
}
TEST_F(CryptoTest, AESDecryptAndCreateKeyHandleForMacKeysBasic) {
std::vector<uint8_t> in_mac_key_client, in_mac_key_server;
for (int i = 0; i < 32; i++) {
in_mac_key_client.push_back(i);
in_mac_key_server.push_back(i + 50);
}
WTPI_K1_SymmetricKey_Handle expected_mac_key_client_handle;
ASSERT_EQ(
OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(in_mac_key_client.data(), KEY_SIZE_256,
MAC_KEY_CLIENT, &expected_mac_key_client_handle));
WTPI_K1_SymmetricKey_Handle expected_mac_key_server_handle;
ASSERT_EQ(
OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(in_mac_key_server.data(), KEY_SIZE_256,
MAC_KEY_SERVER, &expected_mac_key_server_handle));
std::vector<uint8_t> decryption_key;
for (int i = 0; i < 32; i++) {
decryption_key.push_back(10 + i);
}
WTPI_K1_SymmetricKey_Handle decryption_key_handle;
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_K1_CreateKeyHandle(decryption_key.data(), KEY_SIZE_256,
CONTENT_KEY, &decryption_key_handle));
std::vector<uint8_t> iv = {99, 0, 23, 18, 75, 4, 92, 115,
24, 70, 56, 57, 12, 43, 15, 29};
// encrypt the mac keys using AES CBC
size_t key_size = KEY_SIZE_256;
uint8_t iv_buffer[KEY_IV_SIZE];
std::vector<uint8_t> enc_mac_keys(64, 0);
AES_KEY aes_key;
AES_set_encrypt_key(decryption_key.data(), (unsigned int)(key_size * 8),
&aes_key);
memcpy(iv_buffer, iv.data(), KEY_IV_SIZE);
AES_cbc_encrypt(in_mac_key_server.data(), enc_mac_keys.data(),
in_mac_key_server.size(), &aes_key, iv_buffer, AES_ENCRYPT);
AES_cbc_encrypt(in_mac_key_client.data(), enc_mac_keys.data() + 32,
in_mac_key_client.size(), &aes_key, iv_buffer, AES_ENCRYPT);
WTPI_K1_SymmetricKey_Handle out_mac_key_client_handle,
out_mac_key_server_handle;
ASSERT_EQ(
OEMCrypto_SUCCESS,
WTPI_K1_AESDecryptAndCreateKeyHandleForMacKeys(
decryption_key_handle, enc_mac_keys.data(), enc_mac_keys.size(),
iv.data(), &out_mac_key_server_handle, &out_mac_key_client_handle));
// perform the same operation with both keys, check that the output is the
// same
std::vector<uint8_t> output1(32, 1);
std::vector<uint8_t> output2(32, 2);
std::vector<uint8_t> output3(32, 3);
std::vector<uint8_t> output4(32, 4);
std::vector<uint8_t> input;
for (int i = 0; i < 32; i++) {
input.push_back(i);
}
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_C1_HMAC_SHA256(out_mac_key_client_handle, input.data(),
input.size(), output1.data()));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_C1_HMAC_SHA256(expected_mac_key_client_handle, input.data(),
input.size(), output2.data()));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_C1_HMAC_SHA256(out_mac_key_server_handle, input.data(),
input.size(), output3.data()));
ASSERT_EQ(OEMCrypto_SUCCESS,
WTPI_C1_HMAC_SHA256(expected_mac_key_server_handle, input.data(),
input.size(), output4.data()));
for (int i = 0; i < 32; i++) {
ASSERT_EQ(output1[i], output2[i]);
ASSERT_EQ(output3[i], output4[i]);
}
}
TEST_F(CryptoTest, DeriveDeviceKeyIntoHandleFailsForBadInput) {
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT,
WTPI_K1_DeriveDeviceKeyIntoHandle(0x1234, CONTENT_KEY, NULL,
KEY_SIZE_128));
}

2
oemcrypto/opk/oemcrypto_ta/wtpi_test/generation_number_interface_test.cpp
View File

@@ -18,7 +18,7 @@ class GenerationNumberInterfaceTest : public ::testing::Test {
const ::testing::TestInfo* const test_info =
::testing::UnitTest::GetInstance()->current_test_info();
LOGD("Running test %s.%s", test_info->test_case_name(), test_info->name());
OPK_Initialize();
ASSERT_EQ(true, OPK_Initialize());
}
void TearDown() override {

139
oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/GEN_oemcrypto_tee_test_api.c
View File

@@ -803,6 +803,38 @@ cleanup_and_return:
return result;
}
OEMCryptoResult WTPI_WrapAsymmetricKey(uint8_t* output, size_t output_length,
AsymmetricKeyType key_type,
const uint8_t* clear_key,
size_t clear_key_length) {
pthread_mutex_lock(&api_lock);
OEMCryptoResult result = OEMCrypto_ERROR_UNKNOWN_FAILURE;
ODK_Message request = ODK_Message_Create(NULL, 0);
ODK_Message response = ODK_Message_Create(NULL, 0);
API_Initialize();
request = OPK_Pack_WrapAsymmetricKey_Request(output, output_length, key_type,
clear_key, clear_key_length);
if (ODK_Message_GetStatus(&request) != MESSAGE_STATUS_OK) {
api_result = OEMCrypto_ERROR_UNKNOWN_FAILURE;
goto cleanup_and_return;
}
response = API_Transact(&request);
OPK_Unpack_WrapAsymmetricKey_Response(&response, &result, &output,
&output_length);
if (ODK_Message_GetStatus(&response) != MESSAGE_STATUS_OK) {
api_result = OEMCrypto_ERROR_UNKNOWN_FAILURE;
}
cleanup_and_return:
TOS_Transport_ReleaseMessage(&request);
TOS_Transport_ReleaseMessage(&response);
API_Terminate();
result = API_CheckResult(result);
pthread_mutex_unlock(&api_lock);
return result;
}
OEMCryptoResult WTPI_RSASign(WTPI_AsymmetricKey_Handle key,
const uint8_t* message, size_t message_length,
uint8_t* signature, size_t* signature_length,
@@ -1042,3 +1074,110 @@ cleanup_and_return:
pthread_mutex_unlock(&api_lock);
return result;
}
OEMCryptoResult WTPI_GetTrustedTime(uint64_t* time_in_s) {
pthread_mutex_lock(&api_lock);
OEMCryptoResult result = OEMCrypto_ERROR_UNKNOWN_FAILURE;
ODK_Message request = ODK_Message_Create(NULL, 0);
ODK_Message response = ODK_Message_Create(NULL, 0);
API_Initialize();
request = OPK_Pack_GetTrustedTime_Request(time_in_s);
if (ODK_Message_GetStatus(&request) != MESSAGE_STATUS_OK) {
api_result = OEMCrypto_ERROR_UNKNOWN_FAILURE;
goto cleanup_and_return;
}
response = API_Transact(&request);
OPK_Unpack_GetTrustedTime_Response(&response, &result, &time_in_s);
if (ODK_Message_GetStatus(&response) != MESSAGE_STATUS_OK) {
api_result = OEMCrypto_ERROR_UNKNOWN_FAILURE;
}
cleanup_and_return:
TOS_Transport_ReleaseMessage(&request);
TOS_Transport_ReleaseMessage(&response);
API_Terminate();
result = API_CheckResult(result);
pthread_mutex_unlock(&api_lock);
return result;
}
OEMCryptoResult WTPI_InitializeClock(void) {
pthread_mutex_lock(&api_lock);
OEMCryptoResult result = OEMCrypto_ERROR_UNKNOWN_FAILURE;
ODK_Message request = ODK_Message_Create(NULL, 0);
ODK_Message response = ODK_Message_Create(NULL, 0);
API_Initialize();
request = OPK_Pack_InitializeClock_Request();
if (ODK_Message_GetStatus(&request) != MESSAGE_STATUS_OK) {
api_result = OEMCrypto_ERROR_UNKNOWN_FAILURE;
goto cleanup_and_return;
}
response = API_Transact(&request);
OPK_Unpack_InitializeClock_Response(&response, &result);
if (ODK_Message_GetStatus(&response) != MESSAGE_STATUS_OK) {
api_result = OEMCrypto_ERROR_UNKNOWN_FAILURE;
}
cleanup_and_return:
TOS_Transport_ReleaseMessage(&request);
TOS_Transport_ReleaseMessage(&response);
API_Terminate();
result = API_CheckResult(result);
pthread_mutex_unlock(&api_lock);
return result;
}
OEMCryptoResult WTPI_TerminateClock(void) {
pthread_mutex_lock(&api_lock);
OEMCryptoResult result = OEMCrypto_ERROR_UNKNOWN_FAILURE;
ODK_Message request = ODK_Message_Create(NULL, 0);
ODK_Message response = ODK_Message_Create(NULL, 0);
API_Initialize();
request = OPK_Pack_TerminateClock_Request();
if (ODK_Message_GetStatus(&request) != MESSAGE_STATUS_OK) {
api_result = OEMCrypto_ERROR_UNKNOWN_FAILURE;
goto cleanup_and_return;
}
response = API_Transact(&request);
OPK_Unpack_TerminateClock_Response(&response, &result);
if (ODK_Message_GetStatus(&response) != MESSAGE_STATUS_OK) {
api_result = OEMCrypto_ERROR_UNKNOWN_FAILURE;
}
cleanup_and_return:
TOS_Transport_ReleaseMessage(&request);
TOS_Transport_ReleaseMessage(&response);
API_Terminate();
result = API_CheckResult(result);
pthread_mutex_unlock(&api_lock);
return result;
}
OEMCrypto_Clock_Security_Level WTPI_GetClockType(void) {
pthread_mutex_lock(&api_lock);
OEMCrypto_Clock_Security_Level result = kInsecureClock;
ODK_Message request = ODK_Message_Create(NULL, 0);
ODK_Message response = ODK_Message_Create(NULL, 0);
API_Initialize();
request = OPK_Pack_GetClockType_Request();
if (ODK_Message_GetStatus(&request) != MESSAGE_STATUS_OK) {
api_result = OEMCrypto_ERROR_UNKNOWN_FAILURE;
goto cleanup_and_return;
}
response = API_Transact(&request);
OPK_Unpack_GetClockType_Response(&response, &result);
if (ODK_Message_GetStatus(&response) != MESSAGE_STATUS_OK) {
api_result = OEMCrypto_ERROR_UNKNOWN_FAILURE;
}
cleanup_and_return:
TOS_Transport_ReleaseMessage(&request);
TOS_Transport_ReleaseMessage(&response);
API_Terminate();
pthread_mutex_unlock(&api_lock);
return result;
}

188
oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/GEN_ree_serializer.c
View File

@@ -835,13 +835,60 @@ void OPK_Unpack_GetWrappedAsymmetricKeySize_Response(ODK_Message* msg,
}
}
ODK_Message OPK_Pack_WrapAsymmetricKey_Request(const uint8_t* output,
size_t output_length,
AsymmetricKeyType key_type,
const uint8_t* clear_key,
size_t clear_key_length) {
uint32_t api_value = 10026; /* from _tee10026 */
ODK_Message msg = TOS_Transport_GetRequest();
OPK_Pack_uint32_t(&msg, &api_value);
uint64_t timestamp = time(0);
OPK_Pack_uint64_t(&msg, &timestamp);
OPK_Pack_size_t(&msg, &output_length);
OPK_Pack_size_t(&msg, &clear_key_length);
OPK_PackAlloc(&msg, output);
OPK_Pack_AsymmetricKeyType(&msg, &key_type);
OPK_PackMemory(&msg, clear_key, OPK_ToLengthType(clear_key_length));
OPK_PackEOM(&msg);
OPK_SharedBuffer_FinalizePacking();
return msg;
}
void OPK_Unpack_WrapAsymmetricKey_Response(ODK_Message* msg,
OEMCryptoResult* result,
uint8_t** output,
size_t* output_length) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10026)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
OPK_Unpack_size_t(msg, output_length);
OPK_Unpack_uint32_t(msg, result);
if (!Is_Valid_OEMCryptoResult(*result)) {
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE);
}
if (SuccessResult(*result)) {
uint8_t* p;
OPK_UnpackInPlace(msg, &p, OPK_FromSizeTPtr(output_length));
if (p && *output) {
memcpy(*output, p, OPK_SafeDerefSizeTPtr(output_length));
}
}
OPK_UnpackEOM(msg);
if (SuccessResult(*result)) {
OPK_SharedBuffer_FinalizeUnpacking();
}
}
ODK_Message OPK_Pack_RSASign_Request(WTPI_AsymmetricKey_Handle key,
const uint8_t* message,
size_t message_length,
const uint8_t* signature,
const size_t* signature_length,
RSA_Padding_Scheme padding_scheme) {
uint32_t api_value = 10026; /* from _tee10026 */
uint32_t api_value = 10027; /* from _tee10027 */
ODK_Message msg = TOS_Transport_GetRequest();
OPK_Pack_uint32_t(&msg, &api_value);
uint64_t timestamp = time(0);
@@ -862,7 +909,7 @@ void OPK_Unpack_RSASign_Response(ODK_Message* msg, OEMCryptoResult* result,
size_t** signature_length) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10026)
if (api_value != 10027)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
OPK_UnpackNullable_size_t(msg, signature_length);
OPK_Unpack_uint32_t(msg, result);
@@ -887,7 +934,7 @@ ODK_Message OPK_Pack_RSADecrypt_Request(WTPI_AsymmetricKey_Handle key,
const uint8_t* input,
size_t input_length, const uint8_t* out,
const size_t* out_length) {
uint32_t api_value = 10027; /* from _tee10027 */
uint32_t api_value = 10028; /* from _tee10028 */
ODK_Message msg = TOS_Transport_GetRequest();
OPK_Pack_uint32_t(&msg, &api_value);
uint64_t timestamp = time(0);
@@ -906,7 +953,7 @@ void OPK_Unpack_RSADecrypt_Response(ODK_Message* msg, OEMCryptoResult* result,
uint8_t** out, size_t** out_length) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10027)
if (api_value != 10028)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
OPK_UnpackNullable_size_t(msg, out_length);
OPK_Unpack_uint32_t(msg, result);
@@ -932,7 +979,7 @@ ODK_Message OPK_Pack_ECCSign_Request(WTPI_AsymmetricKey_Handle key,
size_t message_length,
const uint8_t* signature,
const size_t* signature_length) {
uint32_t api_value = 10028; /* from _tee10028 */
uint32_t api_value = 10029; /* from _tee10029 */
ODK_Message msg = TOS_Transport_GetRequest();
OPK_Pack_uint32_t(&msg, &api_value);
uint64_t timestamp = time(0);
@@ -952,7 +999,7 @@ void OPK_Unpack_ECCSign_Response(ODK_Message* msg, OEMCryptoResult* result,
size_t** signature_length) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10028)
if (api_value != 10029)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
OPK_UnpackNullable_size_t(msg, signature_length);
OPK_Unpack_uint32_t(msg, result);
@@ -977,7 +1024,7 @@ ODK_Message OPK_Pack_ECCDeriveSessionKey_Request(
WTPI_AsymmetricKey_Handle key, const uint8_t* key_source,
size_t key_source_length, const uint8_t* session_key,
const size_t* session_key_length) {
uint32_t api_value = 10029; /* from _tee10029 */
uint32_t api_value = 10030; /* from _tee10030 */
ODK_Message msg = TOS_Transport_GetRequest();
OPK_Pack_uint32_t(&msg, &api_value);
uint64_t timestamp = time(0);
@@ -998,7 +1045,7 @@ void OPK_Unpack_ECCDeriveSessionKey_Response(ODK_Message* msg,
size_t** session_key_length) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10029)
if (api_value != 10030)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
OPK_UnpackNullable_size_t(msg, session_key_length);
OPK_Unpack_uint32_t(msg, result);
@@ -1021,7 +1068,7 @@ void OPK_Unpack_ECCDeriveSessionKey_Response(ODK_Message* msg,
ODK_Message OPK_Pack_GetSignatureSize_Request(WTPI_AsymmetricKey_Handle key,
const size_t* signature_length) {
uint32_t api_value = 10030; /* from _tee10030 */
uint32_t api_value = 10031; /* from _tee10031 */
ODK_Message msg = TOS_Transport_GetRequest();
OPK_Pack_uint32_t(&msg, &api_value);
uint64_t timestamp = time(0);
@@ -1038,7 +1085,7 @@ void OPK_Unpack_GetSignatureSize_Response(ODK_Message* msg,
size_t** signature_length) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10030)
if (api_value != 10031)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
OPK_Unpack_uint32_t(msg, result);
if (!Is_Valid_OEMCryptoResult(*result)) {
@@ -1053,7 +1100,7 @@ void OPK_Unpack_GetSignatureSize_Response(ODK_Message* msg,
}
ODK_Message OPK_Pack_Crc32Init_Request(const uint32_t* initial_hash) {
uint32_t api_value = 10031; /* from _tee10031 */
uint32_t api_value = 10032; /* from _tee10032 */
ODK_Message msg = TOS_Transport_GetRequest();
OPK_Pack_uint32_t(&msg, &api_value);
uint64_t timestamp = time(0);
@@ -1068,7 +1115,7 @@ void OPK_Unpack_Crc32Init_Response(ODK_Message* msg, OEMCryptoResult* result,
uint32_t** initial_hash) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10031)
if (api_value != 10032)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
OPK_Unpack_uint32_t(msg, result);
if (!Is_Valid_OEMCryptoResult(*result)) {
@@ -1085,7 +1132,7 @@ void OPK_Unpack_Crc32Init_Response(ODK_Message* msg, OEMCryptoResult* result,
ODK_Message OPK_Pack_Crc32Cont_Request(const uint8_t* in, size_t in_length,
uint32_t prev_crc,
const uint32_t* new_crc) {
uint32_t api_value = 10032; /* from _tee10032 */
uint32_t api_value = 10033; /* from _tee10033 */
ODK_Message msg = TOS_Transport_GetRequest();
OPK_Pack_uint32_t(&msg, &api_value);
uint64_t timestamp = time(0);
@@ -1103,7 +1150,7 @@ void OPK_Unpack_Crc32Cont_Response(ODK_Message* msg, OEMCryptoResult* result,
uint32_t** new_crc) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10032)
if (api_value != 10033)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
OPK_Unpack_uint32_t(msg, result);
if (!Is_Valid_OEMCryptoResult(*result)) {
@@ -1122,7 +1169,7 @@ ODK_Message OPK_Pack_Crc32Cont_OutputBuffer_Request(const OPK_OutputBuffer* in,
size_t in_length,
uint32_t prev_crc,
const uint32_t* new_crc) {
uint32_t api_value = 10033; /* from _tee10033 */
uint32_t api_value = 10034; /* from _tee10034 */
ODK_Message msg = TOS_Transport_GetRequest();
OPK_Pack_uint32_t(&msg, &api_value);
uint64_t timestamp = time(0);
@@ -1153,7 +1200,7 @@ void OPK_Unpack_Crc32Cont_OutputBuffer_Response(ODK_Message* msg,
uint32_t** new_crc) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10033)
if (api_value != 10034)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
OPK_Unpack_uint32_t(msg, result);
if (!Is_Valid_OEMCryptoResult(*result)) {
@@ -1166,3 +1213,112 @@ void OPK_Unpack_Crc32Cont_OutputBuffer_Response(ODK_Message* msg,
OPK_SharedBuffer_FinalizeUnpacking();
}
}
ODK_Message OPK_Pack_GetTrustedTime_Request(const uint64_t* time_in_s) {
uint32_t api_value = 10035; /* from _tee10035 */
ODK_Message msg = TOS_Transport_GetRequest();
OPK_Pack_uint32_t(&msg, &api_value);
uint64_t timestamp = time(0);
OPK_Pack_uint64_t(&msg, &timestamp);
OPK_PackIsNull(&msg, time_in_s);
OPK_PackEOM(&msg);
OPK_SharedBuffer_FinalizePacking();
return msg;
}
void OPK_Unpack_GetTrustedTime_Response(ODK_Message* msg,
OEMCryptoResult* result,
uint64_t** time_in_s) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10035)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
OPK_Unpack_uint32_t(msg, result);
if (!Is_Valid_OEMCryptoResult(*result)) {
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE);
}
OPK_UnpackNullable_uint64_t(msg, time_in_s);
OPK_UnpackEOM(msg);
if (SuccessResult(*result)) {
OPK_SharedBuffer_FinalizeUnpacking();
}
}
ODK_Message OPK_Pack_InitializeClock_Request(void) {
uint32_t api_value = 10036; /* from _tee10036 */
ODK_Message msg = TOS_Transport_GetRequest();
OPK_Pack_uint32_t(&msg, &api_value);
uint64_t timestamp = time(0);
OPK_Pack_uint64_t(&msg, &timestamp);
OPK_PackEOM(&msg);
OPK_SharedBuffer_FinalizePacking();
return msg;
}
void OPK_Unpack_InitializeClock_Response(ODK_Message* msg,
OEMCryptoResult* result) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10036)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
OPK_Unpack_uint32_t(msg, result);
if (!Is_Valid_OEMCryptoResult(*result)) {
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE);
}
OPK_UnpackEOM(msg);
if (SuccessResult(*result)) {
OPK_SharedBuffer_FinalizeUnpacking();
}
}
ODK_Message OPK_Pack_TerminateClock_Request(void) {
uint32_t api_value = 10037; /* from _tee10037 */
ODK_Message msg = TOS_Transport_GetRequest();
OPK_Pack_uint32_t(&msg, &api_value);
uint64_t timestamp = time(0);
OPK_Pack_uint64_t(&msg, &timestamp);
OPK_PackEOM(&msg);
OPK_SharedBuffer_FinalizePacking();
return msg;
}
void OPK_Unpack_TerminateClock_Response(ODK_Message* msg,
OEMCryptoResult* result) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10037)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
OPK_Unpack_uint32_t(msg, result);
if (!Is_Valid_OEMCryptoResult(*result)) {
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE);
}
OPK_UnpackEOM(msg);
if (SuccessResult(*result)) {
OPK_SharedBuffer_FinalizeUnpacking();
}
}
ODK_Message OPK_Pack_GetClockType_Request(void) {
uint32_t api_value = 10038; /* from _tee10038 */
ODK_Message msg = TOS_Transport_GetRequest();
OPK_Pack_uint32_t(&msg, &api_value);
uint64_t timestamp = time(0);
OPK_Pack_uint64_t(&msg, &timestamp);
OPK_PackEOM(&msg);
OPK_SharedBuffer_FinalizePacking();
return msg;
}
void OPK_Unpack_GetClockType_Response(ODK_Message* msg,
OEMCrypto_Clock_Security_Level* result) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10038)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
OPK_Unpack_OEMCrypto_Clock_Security_Level(msg, result);
OPK_UnpackEOM(msg);
OPK_SharedBuffer_FinalizeUnpacking();
}

22
oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/GEN_ree_serializer.h
View File

@@ -146,6 +146,15 @@ ODK_Message OPK_Pack_GetWrappedAsymmetricKeySize_Request(
void OPK_Unpack_GetWrappedAsymmetricKeySize_Response(ODK_Message* msg,
OEMCryptoResult* result,
size_t** buffer_size);
ODK_Message OPK_Pack_WrapAsymmetricKey_Request(const uint8_t* output,
size_t output_length,
AsymmetricKeyType key_type,
const uint8_t* clear_key,
size_t clear_key_length);
void OPK_Unpack_WrapAsymmetricKey_Response(ODK_Message* msg,
OEMCryptoResult* result,
uint8_t** output,
size_t* output_length);
ODK_Message OPK_Pack_RSASign_Request(WTPI_AsymmetricKey_Handle key,
const uint8_t* message,
size_t message_length,
@@ -198,6 +207,19 @@ ODK_Message OPK_Pack_Crc32Cont_OutputBuffer_Request(const OPK_OutputBuffer* in,
void OPK_Unpack_Crc32Cont_OutputBuffer_Response(ODK_Message* msg,
OEMCryptoResult* result,
uint32_t** new_crc);
ODK_Message OPK_Pack_GetTrustedTime_Request(const uint64_t* time_in_s);
void OPK_Unpack_GetTrustedTime_Response(ODK_Message* msg,
OEMCryptoResult* result,
uint64_t** time_in_s);
ODK_Message OPK_Pack_InitializeClock_Request(void);
void OPK_Unpack_InitializeClock_Response(ODK_Message* msg,
OEMCryptoResult* result);
ODK_Message OPK_Pack_TerminateClock_Request(void);
void OPK_Unpack_TerminateClock_Response(ODK_Message* msg,
OEMCryptoResult* result);
ODK_Message OPK_Pack_GetClockType_Request(void);
void OPK_Unpack_GetClockType_Response(ODK_Message* msg,
OEMCrypto_Clock_Security_Level* result);
#ifdef __cplusplus
} // extern "C"
#endif

103
oemcrypto/opk/oemcrypto_ta/wtpi_test/ssl_util.cpp Normal file
View File

@@ -0,0 +1,103 @@
// Copyright 2021 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine License
// Agreement.
#include "ssl_util.h"
#include "log.h"
void dump_ssl_error(void) {
int count = 0;
unsigned long err;
while ((err = ERR_get_error())) {
count++;
char buffer[120];
ERR_error_string_n((int)err, buffer, sizeof(buffer));
LOGE("SSL Error %d -- %lu -- %s", count, err, buffer);
}
}
bool DeserializePKCS8PrivateKey(const uint8_t* serialized_bytes, size_t size,
RSA** rsa) {
BIO* bio = BIO_new_mem_buf(serialized_bytes, (int)size);
if (bio == NULL) {
LOGE("Could not allocate bio buffer");
return false;
}
bool success = false;
EVP_PKEY* evp = NULL;
PKCS8_PRIV_KEY_INFO* pkcs8_pki = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL);
if (pkcs8_pki == NULL) {
LOGE("d2i_PKCS8_PRIV_KEY_INFO_bio returned NULL");
goto cleanup;
}
evp = EVP_PKCS82PKEY(pkcs8_pki);
if (evp == NULL) {
LOGE("EVP_PKCS82PKEY returned NULL");
goto cleanup;
}
*rsa = EVP_PKEY_get1_RSA(evp);
if (*rsa == NULL) {
LOGE("PrivateKeyInfo did not contain an RSA key");
goto cleanup;
}
success = true;
cleanup:
dump_ssl_error();
if (evp != NULL) {
EVP_PKEY_free(evp);
}
if (pkcs8_pki != NULL) {
PKCS8_PRIV_KEY_INFO_free(pkcs8_pki);
}
BIO_free(bio);
return success;
}
bool VerifyPSSSignature(EVP_PKEY* pkey, const uint8_t* message,
size_t message_length, const uint8_t* signature,
size_t signature_length) {
boringssl_ptr<EVP_MD_CTX, EVP_MD_CTX_free> md_ctx(EVP_MD_CTX_new());
EVP_PKEY_CTX* pkey_ctx = nullptr;
if (EVP_DigestVerifyInit(md_ctx.get(), &pkey_ctx, EVP_sha1(),
nullptr /* no ENGINE */, pkey) != 1) {
LOGE("EVP_DigestVerifyInit failed in VerifyPSSSignature");
goto err;
}
if (EVP_PKEY_CTX_set_signature_md(pkey_ctx,
const_cast<EVP_MD*>(EVP_sha1())) != 1) {
LOGE("EVP_PKEY_CTX_set_signature_md failed in VerifyPSSSignature");
goto err;
}
if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) != 1) {
LOGE("EVP_PKEY_CTX_set_rsa_padding failed in VerifyPSSSignature");
goto err;
}
if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, SHA_DIGEST_LENGTH) != 1) {
LOGE("EVP_PKEY_CTX_set_rsa_pss_saltlen failed in VerifyPSSSignature");
goto err;
}
if (EVP_DigestVerifyUpdate(md_ctx.get(), message, message_length) != 1) {
LOGE("EVP_DigestVerifyUpdate failed in VerifyPSSSignature");
goto err;
}
if (EVP_DigestVerifyFinal(md_ctx.get(), const_cast<uint8_t*>(signature),
signature_length) != 1) {
LOGE(
"EVP_DigestVerifyFinal failed in VerifyPSSSignature. (Probably a bad "
"signature.)");
goto err;
}
return true;
err:
dump_ssl_error();
return false;
}

37
oemcrypto/opk/oemcrypto_ta/wtpi_test/ssl_util.h Normal file
View File

@@ -0,0 +1,37 @@
// Copyright 2021 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine License
// Agreement.
#include "openssl/aes.h"
#include "openssl/bio.h"
#include "openssl/err.h"
#include "openssl/rsa.h"
#include "openssl/sha.h"
#include "openssl/x509.h"
// A smart pointer for BoringSSL objects. It uses the specified free function
// to release resources and free memory when the pointer is deleted.
template <typename T, void (*func)(T*)>
class boringssl_ptr {
public:
explicit boringssl_ptr(T* p = nullptr) : ptr_(p) {}
boringssl_ptr(const boringssl_ptr& ptr) = delete;
~boringssl_ptr() {
if (ptr_) func(ptr_);
}
T& operator*() const { return *ptr_; }
T* operator->() const { return ptr_; }
T* get() const { return ptr_; }
bool NotNull() const { return ptr_ != nullptr; }
private:
T* ptr_;
};
bool DeserializePKCS8PrivateKey(const uint8_t* serialized_bytes, size_t size,
RSA** rsa);
bool VerifyPSSSignature(EVP_PKEY* pkey, const uint8_t* message,
size_t message_length, const uint8_t* signature,
size_t signature_length);

89
oemcrypto/opk/oemcrypto_ta/wtpi_test/tee/GEN_dispatcher.c
View File

@@ -23,6 +23,7 @@
#include "tee_special_cases.h"
#include "tos_shared_memory_interface.h"
#include "tos_transport_interface.h"
#include "wtpi_clock_interface_layer1.h"
#include "wtpi_generation_number_interface.h"
static ODK_Message CreateEmptyMessage(void) {
@@ -586,7 +587,32 @@ ODK_MessageStatus OPK_DispatchMessage(ODK_Message* request,
OPK_Pack_GetWrappedAsymmetricKeySize_Response(result, buffer_size);
break;
}
case 10026: /* WTPI_RSASign */
case 10026: /* WTPI_WrapAsymmetricKey */
{
size_t output_length;
OPK_Init_size_t((size_t*)&output_length);
size_t clear_key_length;
OPK_Init_size_t((size_t*)&clear_key_length);
uint8_t* output;
OPK_InitPointer((uint8_t**)&output);
AsymmetricKeyType key_type;
OPK_Init_AsymmetricKeyType((AsymmetricKeyType*)&key_type);
uint8_t* clear_key;
OPK_InitPointer((uint8_t**)&clear_key);
OPK_Unpack_WrapAsymmetricKey_Request(request, &output, &output_length,
&key_type, &clear_key,
&clear_key_length);
if (!ODK_Message_IsValid(request)) goto handle_invalid_request;
OEMCryptoResult result;
OPK_Init_uint32_t((uint32_t*)&result);
LOGD("WrapAsymmetricKey");
result = WTPI_WrapAsymmetricKey(output, output_length, key_type,
clear_key, clear_key_length);
*response =
OPK_Pack_WrapAsymmetricKey_Response(result, output, output_length);
break;
}
case 10027: /* WTPI_RSASign */
{
size_t message_length;
OPK_Init_size_t((size_t*)&message_length);
@@ -613,7 +639,7 @@ ODK_MessageStatus OPK_DispatchMessage(ODK_Message* request,
OPK_Pack_RSASign_Response(result, signature, signature_length);
break;
}
case 10027: /* WTPI_RSADecrypt */
case 10028: /* WTPI_RSADecrypt */
{
size_t input_length;
OPK_Init_size_t((size_t*)&input_length);
@@ -635,7 +661,7 @@ ODK_MessageStatus OPK_DispatchMessage(ODK_Message* request,
*response = OPK_Pack_RSADecrypt_Response(result, out, out_length);
break;
}
case 10028: /* WTPI_ECCSign */
case 10029: /* WTPI_ECCSign */
{
size_t message_length;
OPK_Init_size_t((size_t*)&message_length);
@@ -659,7 +685,7 @@ ODK_MessageStatus OPK_DispatchMessage(ODK_Message* request,
OPK_Pack_ECCSign_Response(result, signature, signature_length);
break;
}
case 10029: /* WTPI_ECCDeriveSessionKey */
case 10030: /* WTPI_ECCDeriveSessionKey */
{
size_t key_source_length;
OPK_Init_size_t((size_t*)&key_source_length);
@@ -684,7 +710,7 @@ ODK_MessageStatus OPK_DispatchMessage(ODK_Message* request,
session_key_length);
break;
}
case 10030: /* WTPI_GetSignatureSize */
case 10031: /* WTPI_GetSignatureSize */
{
WTPI_AsymmetricKey_Handle key;
OPK_Init_WTPI_AsymmetricKey_Handle((WTPI_AsymmetricKey_Handle*)&key);
@@ -699,7 +725,7 @@ ODK_MessageStatus OPK_DispatchMessage(ODK_Message* request,
*response = OPK_Pack_GetSignatureSize_Response(result, signature_length);
break;
}
case 10031: /* WTPI_Crc32Init */
case 10032: /* WTPI_Crc32Init */
{
uint32_t* initial_hash;
OPK_InitPointer((uint8_t**)&initial_hash);
@@ -712,7 +738,7 @@ ODK_MessageStatus OPK_DispatchMessage(ODK_Message* request,
*response = OPK_Pack_Crc32Init_Response(result, initial_hash);
break;
}
case 10032: /* WTPI_Crc32Cont */
case 10033: /* WTPI_Crc32Cont */
{
size_t in_length;
OPK_Init_size_t((size_t*)&in_length);
@@ -732,7 +758,7 @@ ODK_MessageStatus OPK_DispatchMessage(ODK_Message* request,
*response = OPK_Pack_Crc32Cont_Response(result, new_crc);
break;
}
case 10033: /* WTPI_Crc32Cont_OutputBuffer */
case 10034: /* WTPI_Crc32Cont_OutputBuffer */
{
size_t in_length;
OPK_Init_size_t((size_t*)&in_length);
@@ -755,6 +781,53 @@ ODK_MessageStatus OPK_DispatchMessage(ODK_Message* request,
*response = OPK_Pack_Crc32Cont_OutputBuffer_Response(result, new_crc);
break;
}
case 10035: /* WTPI_GetTrustedTime */
{
uint64_t* time_in_s;
OPK_InitPointer((uint8_t**)&time_in_s);
OPK_Unpack_GetTrustedTime_Request(request, &time_in_s);
if (!ODK_Message_IsValid(request)) goto handle_invalid_request;
OEMCryptoResult result;
OPK_Init_uint32_t((uint32_t*)&result);
LOGD("GetTrustedTime");
result = WTPI_GetTrustedTime(time_in_s);
*response = OPK_Pack_GetTrustedTime_Response(result, time_in_s);
break;
}
case 10036: /* WTPI_InitializeClock */
{
OPK_Unpack_InitializeClock_Request(request);
if (!ODK_Message_IsValid(request)) goto handle_invalid_request;
OEMCryptoResult result;
OPK_Init_uint32_t((uint32_t*)&result);
LOGD("InitializeClock");
result = WTPI_InitializeClock();
*response = OPK_Pack_InitializeClock_Response(result);
break;
}
case 10037: /* WTPI_TerminateClock */
{
OPK_Unpack_TerminateClock_Request(request);
if (!ODK_Message_IsValid(request)) goto handle_invalid_request;
OEMCryptoResult result;
OPK_Init_uint32_t((uint32_t*)&result);
LOGD("TerminateClock");
result = WTPI_TerminateClock();
*response = OPK_Pack_TerminateClock_Response(result);
break;
}
case 10038: /* WTPI_GetClockType */
{
OPK_Unpack_GetClockType_Request(request);
if (!ODK_Message_IsValid(request)) goto handle_invalid_request;
OEMCrypto_Clock_Security_Level result;
OPK_Init_OEMCrypto_Clock_Security_Level(
(OEMCrypto_Clock_Security_Level*)&result);
LOGD("GetClockType");
result = WTPI_GetClockType();
*response = OPK_Pack_GetClockType_Response(result);
break;
}
default:
return MESSAGE_STATUS_API_VALUE_ERROR;
}

157
oemcrypto/opk/oemcrypto_ta/wtpi_test/tee/GEN_tee_serializer.c
View File

@@ -680,6 +680,43 @@ ODK_Message OPK_Pack_GetWrappedAsymmetricKeySize_Response(
return msg;
}
void OPK_Unpack_WrapAsymmetricKey_Request(ODK_Message* msg, uint8_t** output,
size_t* output_length,
AsymmetricKeyType* key_type,
uint8_t** clear_key,
size_t* clear_key_length) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10026)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
uint64_t timestamp;
OPK_Unpack_uint64_t(msg, &timestamp);
OPK_Unpack_size_t(msg, output_length);
OPK_Unpack_size_t(msg, clear_key_length);
*output = (uint8_t*)OPK_UnpackAllocBuffer(
msg, OPK_FromSizeTPtr(output_length), sizeof(uint8_t));
OPK_Unpack_AsymmetricKeyType(msg, key_type);
OPK_UnpackInPlace(msg, clear_key, OPK_FromSizeTPtr(clear_key_length));
OPK_UnpackEOM(msg);
OPK_SharedBuffer_FinalizeUnpacking();
}
ODK_Message OPK_Pack_WrapAsymmetricKey_Response(OEMCryptoResult result,
const uint8_t* output,
size_t output_length) {
uint32_t api_value = 10026; /* from _tee10026 */
ODK_Message msg = TOS_Transport_GetResponse();
OPK_Pack_uint32_t(&msg, &api_value);
OPK_Pack_size_t(&msg, &output_length);
OPK_Pack_uint32_t(&msg, &result);
if (SuccessResult(result)) {
OPK_PackMemory(&msg, output, OPK_ToLengthType(output_length));
}
OPK_PackEOM(&msg);
OPK_SharedBuffer_FinalizePacking();
return msg;
}
void OPK_Unpack_RSASign_Request(ODK_Message* msg,
WTPI_AsymmetricKey_Handle* key,
uint8_t** message, size_t* message_length,
@@ -687,7 +724,7 @@ void OPK_Unpack_RSASign_Request(ODK_Message* msg,
RSA_Padding_Scheme* padding_scheme) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10026)
if (api_value != 10027)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
uint64_t timestamp;
OPK_Unpack_uint64_t(msg, &timestamp);
@@ -705,7 +742,7 @@ void OPK_Unpack_RSASign_Request(ODK_Message* msg,
ODK_Message OPK_Pack_RSASign_Response(OEMCryptoResult result,
const uint8_t* signature,
const size_t* signature_length) {
uint32_t api_value = 10026; /* from _tee10026 */
uint32_t api_value = 10027; /* from _tee10027 */
ODK_Message msg = TOS_Transport_GetResponse();
OPK_Pack_uint32_t(&msg, &api_value);
OPK_PackNullable_size_t(&msg, signature_length);
@@ -724,7 +761,7 @@ void OPK_Unpack_RSADecrypt_Request(ODK_Message* msg,
uint8_t** out, size_t** out_length) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10027)
if (api_value != 10028)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
uint64_t timestamp;
OPK_Unpack_uint64_t(msg, &timestamp);
@@ -741,7 +778,7 @@ void OPK_Unpack_RSADecrypt_Request(ODK_Message* msg,
ODK_Message OPK_Pack_RSADecrypt_Response(OEMCryptoResult result,
const uint8_t* out,
const size_t* out_length) {
uint32_t api_value = 10027; /* from _tee10027 */
uint32_t api_value = 10028; /* from _tee10028 */
ODK_Message msg = TOS_Transport_GetResponse();
OPK_Pack_uint32_t(&msg, &api_value);
OPK_PackNullable_size_t(&msg, out_length);
@@ -761,7 +798,7 @@ void OPK_Unpack_ECCSign_Request(ODK_Message* msg,
size_t** signature_length) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10028)
if (api_value != 10029)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
uint64_t timestamp;
OPK_Unpack_uint64_t(msg, &timestamp);
@@ -778,7 +815,7 @@ void OPK_Unpack_ECCSign_Request(ODK_Message* msg,
ODK_Message OPK_Pack_ECCSign_Response(OEMCryptoResult result,
const uint8_t* signature,
const size_t* signature_length) {
uint32_t api_value = 10028; /* from _tee10028 */
uint32_t api_value = 10029; /* from _tee10029 */
ODK_Message msg = TOS_Transport_GetResponse();
OPK_Pack_uint32_t(&msg, &api_value);
OPK_PackNullable_size_t(&msg, signature_length);
@@ -799,7 +836,7 @@ void OPK_Unpack_ECCDeriveSessionKey_Request(ODK_Message* msg,
size_t** session_key_length) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10029)
if (api_value != 10030)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
uint64_t timestamp;
OPK_Unpack_uint64_t(msg, &timestamp);
@@ -816,7 +853,7 @@ void OPK_Unpack_ECCDeriveSessionKey_Request(ODK_Message* msg,
ODK_Message OPK_Pack_ECCDeriveSessionKey_Response(
OEMCryptoResult result, const uint8_t* session_key,
const size_t* session_key_length) {
uint32_t api_value = 10029; /* from _tee10029 */
uint32_t api_value = 10030; /* from _tee10030 */
ODK_Message msg = TOS_Transport_GetResponse();
OPK_Pack_uint32_t(&msg, &api_value);
OPK_PackNullable_size_t(&msg, session_key_length);
@@ -834,7 +871,7 @@ void OPK_Unpack_GetSignatureSize_Request(ODK_Message* msg,
size_t** signature_length) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10030)
if (api_value != 10031)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
uint64_t timestamp;
OPK_Unpack_uint64_t(msg, &timestamp);
@@ -846,7 +883,7 @@ void OPK_Unpack_GetSignatureSize_Request(ODK_Message* msg,
ODK_Message OPK_Pack_GetSignatureSize_Response(OEMCryptoResult result,
const size_t* signature_length) {
uint32_t api_value = 10030; /* from _tee10030 */
uint32_t api_value = 10031; /* from _tee10031 */
ODK_Message msg = TOS_Transport_GetResponse();
OPK_Pack_uint32_t(&msg, &api_value);
OPK_Pack_uint32_t(&msg, &result);
@@ -859,7 +896,7 @@ ODK_Message OPK_Pack_GetSignatureSize_Response(OEMCryptoResult result,
void OPK_Unpack_Crc32Init_Request(ODK_Message* msg, uint32_t** initial_hash) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10031)
if (api_value != 10032)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
uint64_t timestamp;
OPK_Unpack_uint64_t(msg, &timestamp);
@@ -870,7 +907,7 @@ void OPK_Unpack_Crc32Init_Request(ODK_Message* msg, uint32_t** initial_hash) {
ODK_Message OPK_Pack_Crc32Init_Response(OEMCryptoResult result,
const uint32_t* initial_hash) {
uint32_t api_value = 10031; /* from _tee10031 */
uint32_t api_value = 10032; /* from _tee10032 */
ODK_Message msg = TOS_Transport_GetResponse();
OPK_Pack_uint32_t(&msg, &api_value);
OPK_Pack_uint32_t(&msg, &result);
@@ -885,7 +922,7 @@ void OPK_Unpack_Crc32Cont_Request(ODK_Message* msg, uint8_t** in,
uint32_t** new_crc) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10032)
if (api_value != 10033)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
uint64_t timestamp;
OPK_Unpack_uint64_t(msg, &timestamp);
@@ -899,7 +936,7 @@ void OPK_Unpack_Crc32Cont_Request(ODK_Message* msg, uint8_t** in,
ODK_Message OPK_Pack_Crc32Cont_Response(OEMCryptoResult result,
const uint32_t* new_crc) {
uint32_t api_value = 10032; /* from _tee10032 */
uint32_t api_value = 10033; /* from _tee10033 */
ODK_Message msg = TOS_Transport_GetResponse();
OPK_Pack_uint32_t(&msg, &api_value);
OPK_Pack_uint32_t(&msg, &result);
@@ -914,7 +951,7 @@ void OPK_Unpack_Crc32Cont_OutputBuffer_Request(
size_t* in_length, uint32_t* prev_crc, uint32_t** new_crc) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10033)
if (api_value != 10034)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
uint64_t timestamp;
OPK_Unpack_uint64_t(msg, &timestamp);
@@ -954,7 +991,7 @@ void OPK_Unpack_Crc32Cont_OutputBuffer_Request(
ODK_Message OPK_Pack_Crc32Cont_OutputBuffer_Response(OEMCryptoResult result,
const uint32_t* new_crc) {
uint32_t api_value = 10033; /* from _tee10033 */
uint32_t api_value = 10034; /* from _tee10034 */
ODK_Message msg = TOS_Transport_GetResponse();
OPK_Pack_uint32_t(&msg, &api_value);
OPK_Pack_uint32_t(&msg, &result);
@@ -963,3 +1000,91 @@ ODK_Message OPK_Pack_Crc32Cont_OutputBuffer_Response(OEMCryptoResult result,
OPK_SharedBuffer_FinalizePacking();
return msg;
}
void OPK_Unpack_GetTrustedTime_Request(ODK_Message* msg, uint64_t** time_in_s) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10035)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
uint64_t timestamp;
OPK_Unpack_uint64_t(msg, &timestamp);
*time_in_s = (uint64_t*)OPK_UnpackAlloc(msg, sizeof(uint64_t));
OPK_UnpackEOM(msg);
OPK_SharedBuffer_FinalizeUnpacking();
}
ODK_Message OPK_Pack_GetTrustedTime_Response(OEMCryptoResult result,
const uint64_t* time_in_s) {
uint32_t api_value = 10035; /* from _tee10035 */
ODK_Message msg = TOS_Transport_GetResponse();
OPK_Pack_uint32_t(&msg, &api_value);
OPK_Pack_uint32_t(&msg, &result);
OPK_PackNullable_uint64_t(&msg, time_in_s);
OPK_PackEOM(&msg);
OPK_SharedBuffer_FinalizePacking();
return msg;
}
void OPK_Unpack_InitializeClock_Request(ODK_Message* msg) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10036)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
uint64_t timestamp;
OPK_Unpack_uint64_t(msg, &timestamp);
OPK_UnpackEOM(msg);
OPK_SharedBuffer_FinalizeUnpacking();
}
ODK_Message OPK_Pack_InitializeClock_Response(OEMCryptoResult result) {
uint32_t api_value = 10036; /* from _tee10036 */
ODK_Message msg = TOS_Transport_GetResponse();
OPK_Pack_uint32_t(&msg, &api_value);
OPK_Pack_uint32_t(&msg, &result);
OPK_PackEOM(&msg);
OPK_SharedBuffer_FinalizePacking();
return msg;
}
void OPK_Unpack_TerminateClock_Request(ODK_Message* msg) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10037)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
uint64_t timestamp;
OPK_Unpack_uint64_t(msg, &timestamp);
OPK_UnpackEOM(msg);
OPK_SharedBuffer_FinalizeUnpacking();
}
ODK_Message OPK_Pack_TerminateClock_Response(OEMCryptoResult result) {
uint32_t api_value = 10037; /* from _tee10037 */
ODK_Message msg = TOS_Transport_GetResponse();
OPK_Pack_uint32_t(&msg, &api_value);
OPK_Pack_uint32_t(&msg, &result);
OPK_PackEOM(&msg);
OPK_SharedBuffer_FinalizePacking();
return msg;
}
void OPK_Unpack_GetClockType_Request(ODK_Message* msg) {
uint32_t api_value = UINT32_MAX;
OPK_Unpack_uint32_t(msg, &api_value);
if (api_value != 10038)
ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR);
uint64_t timestamp;
OPK_Unpack_uint64_t(msg, &timestamp);
OPK_UnpackEOM(msg);
OPK_SharedBuffer_FinalizeUnpacking();
}
ODK_Message OPK_Pack_GetClockType_Response(
OEMCrypto_Clock_Security_Level result) {
uint32_t api_value = 10038; /* from _tee10038 */
ODK_Message msg = TOS_Transport_GetResponse();
OPK_Pack_uint32_t(&msg, &api_value);
OPK_Pack_OEMCrypto_Clock_Security_Level(&msg, &result);
OPK_PackEOM(&msg);
OPK_SharedBuffer_FinalizePacking();
return msg;
}

18
oemcrypto/opk/oemcrypto_ta/wtpi_test/tee/GEN_tee_serializer.h
View File

@@ -131,6 +131,14 @@ void OPK_Unpack_GetWrappedAsymmetricKeySize_Request(
AsymmetricKeyType* key_type, size_t** buffer_size);
ODK_Message OPK_Pack_GetWrappedAsymmetricKeySize_Response(
OEMCryptoResult result, const size_t* buffer_size);
void OPK_Unpack_WrapAsymmetricKey_Request(ODK_Message* msg, uint8_t** output,
size_t* output_length,
AsymmetricKeyType* key_type,
uint8_t** clear_key,
size_t* clear_key_length);
ODK_Message OPK_Pack_WrapAsymmetricKey_Response(OEMCryptoResult result,
const uint8_t* output,
size_t output_length);
void OPK_Unpack_RSASign_Request(ODK_Message* msg,
WTPI_AsymmetricKey_Handle* key,
uint8_t** message, size_t* message_length,
@@ -180,6 +188,16 @@ void OPK_Unpack_Crc32Cont_OutputBuffer_Request(
size_t* in_length, uint32_t* prev_crc, uint32_t** new_crc);
ODK_Message OPK_Pack_Crc32Cont_OutputBuffer_Response(OEMCryptoResult result,
const uint32_t* new_crc);
void OPK_Unpack_GetTrustedTime_Request(ODK_Message* msg, uint64_t** time_in_s);
ODK_Message OPK_Pack_GetTrustedTime_Response(OEMCryptoResult result,
const uint64_t* time_in_s);
void OPK_Unpack_InitializeClock_Request(ODK_Message* msg);
ODK_Message OPK_Pack_InitializeClock_Response(OEMCryptoResult result);
void OPK_Unpack_TerminateClock_Request(ODK_Message* msg);
ODK_Message OPK_Pack_TerminateClock_Response(OEMCryptoResult result);
void OPK_Unpack_GetClockType_Request(ODK_Message* msg);
ODK_Message OPK_Pack_GetClockType_Response(
OEMCrypto_Clock_Security_Level result);
#ifdef __cplusplus
} // extern "C"
#endif

7
oemcrypto/opk/oemcrypto_ta/wtpi_test/tee/tee_special_cases.c
View File

@@ -69,6 +69,13 @@ void OPK_Init_KeySize(KeySize* obj) {
}
}
void OPK_Init_OEMCrypto_Clock_Security_Level(
OEMCrypto_Clock_Security_Level* obj) {
if (obj) {
memset(obj, 0, sizeof(OEMCrypto_Clock_Security_Level));
}
}
void OPK_Unpack_WTPI_K1_SymmetricKey_Handle(ODK_Message* message,
WTPI_K1_SymmetricKey_Handle* value);
void OPK_Unpack_C1_HMAC_SHA256_Verify_Request(ODK_Message* msg,

Some files were not shown because too many files have changed in this diff Show More