зеркало из https://github.com/microsoft/SymCrypt.git
Merged PR 10172292: Add symcrypt build for optee env
## Description: ## Admin Checklist: - [ ] You have updated documentation in symcrypt.h to reflect any changes in behavior - [ ] You have updated CHANGELOG.md to reflect any changes in behavior - [ ] You have updated symcryptunittest to exercise any new functionality - [ ] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest - [ ] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features - [ ] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations - [ ] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary Add symcrypt build for optee env Signed-off-by: v-shlevy <v-shlevy@microsoft.com> Related work items: #49419416
This commit is contained in:
Родитель
88481f7916
Коммит
476b8382f0
|
@ -3,7 +3,11 @@
|
||||||
# Choose which environment to use based on the host platform
|
# Choose which environment to use based on the host platform
|
||||||
# We don't support cross-compiling from one platform to another (e.g. compiling Windows binaries on Linux)
|
# We don't support cross-compiling from one platform to another (e.g. compiling Windows binaries on Linux)
|
||||||
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
|
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
|
||||||
set(SYMCRYPT_TARGET_ENV "LinuxUserMode")
|
if(SYMCRYPT_OPTEE MATCHES "ON")
|
||||||
|
set(SYMCRYPT_TARGET_ENV "OPTEE")
|
||||||
|
else()
|
||||||
|
set(SYMCRYPT_TARGET_ENV "LinuxUserMode")
|
||||||
|
endif()
|
||||||
elseif(CMAKE_SYSTEM_NAME MATCHES "Windows")
|
elseif(CMAKE_SYSTEM_NAME MATCHES "Windows")
|
||||||
set(SYMCRYPT_TARGET_ENV "WindowsUserMode")
|
set(SYMCRYPT_TARGET_ENV "WindowsUserMode")
|
||||||
else()
|
else()
|
||||||
|
@ -51,6 +55,21 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
|
||||||
# Enable a baseline of features for the compiler to support everywhere
|
# Enable a baseline of features for the compiler to support everywhere
|
||||||
# Assumes that the compiler will not emit crypto instructions as a result of normal C code
|
# Assumes that the compiler will not emit crypto instructions as a result of normal C code
|
||||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -march=armv8-a+simd+crypto")
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -march=armv8-a+simd+crypto")
|
||||||
|
|
||||||
|
if(SYMCRYPT_TARGET_ENV MATCHES "OPTEE")
|
||||||
|
# TA DEV KIT is require for OPTEE TA compilation
|
||||||
|
if(DEFINED TA_DEV_KIT_INC)
|
||||||
|
# Get the compiler toolchain include
|
||||||
|
execute_process(COMMAND ${CMAKE_C_COMPILER} -print-file-name=include OUTPUT_VARIABLE TOOLCHAIN_INCLUDE)
|
||||||
|
string(STRIP "${TOOLCHAIN_INCLUDE}" TOOLCHAIN_INCLUDE)
|
||||||
|
# OPTEE env has a different stdlib and doesn't support atomic operations or multithreading.
|
||||||
|
add_compile_options(-mno-outline-atomics -nostdinc -isystem ${TOOLCHAIN_INCLUDE})
|
||||||
|
include_directories(${TA_DEV_KIT_INC})
|
||||||
|
else()
|
||||||
|
message(FATAL_ERROR "TA_DEV_KIT_INC must be defined for OPTEE build")
|
||||||
|
endif()
|
||||||
|
endif()
|
||||||
|
|
||||||
# GCC complains about implicit casting between ASIMD registers (i.e. uint8x16_t -> uint64x2_t) by default,
|
# GCC complains about implicit casting between ASIMD registers (i.e. uint8x16_t -> uint64x2_t) by default,
|
||||||
# whereas clang and MSVC do not. Setting -flax-vector-conversions to build Arm64 intrinsics code with GCC.
|
# whereas clang and MSVC do not. Setting -flax-vector-conversions to build Arm64 intrinsics code with GCC.
|
||||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -flax-vector-conversions")
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -flax-vector-conversions")
|
||||||
|
|
|
@ -493,6 +493,8 @@ SymCryptUint64Bytesize( UINT64 value );
|
||||||
//
|
//
|
||||||
// SYMCRYPT_ENVIRONMENT_LINUX_USERMODE // use for Linux
|
// SYMCRYPT_ENVIRONMENT_LINUX_USERMODE // use for Linux
|
||||||
//
|
//
|
||||||
|
// SYMCRYPT_ENVIRONMENT_OPTEE_TA // use for OPTEE
|
||||||
|
//
|
||||||
// SYMCRYPT_ENVIRONMENT_GENERIC // use for all other situations
|
// SYMCRYPT_ENVIRONMENT_GENERIC // use for all other situations
|
||||||
//
|
//
|
||||||
|
|
||||||
|
|
|
@ -2884,6 +2884,7 @@ SYMCRYPT_EXTERN_C_END
|
||||||
|
|
||||||
#define SYMCRYPT_ENVIRONMENT_WINDOWS_KERNELMODE_LEGACY SYMCRYPT_ENVIRONMENT_GENERIC
|
#define SYMCRYPT_ENVIRONMENT_WINDOWS_KERNELMODE_LEGACY SYMCRYPT_ENVIRONMENT_GENERIC
|
||||||
|
|
||||||
|
#ifdef NTDDI_VERSION
|
||||||
#if (NTDDI_VERSION >= NTDDI_WIN7)
|
#if (NTDDI_VERSION >= NTDDI_WIN7)
|
||||||
#define SYMCRYPT_ENVIRONMENT_WINDOWS_KERNELMODE_WIN7_N_LATER SYMCRYPT_ENVIRONMENT_DEFS( WindowsKernelmodeWin7nLater )
|
#define SYMCRYPT_ENVIRONMENT_WINDOWS_KERNELMODE_WIN7_N_LATER SYMCRYPT_ENVIRONMENT_DEFS( WindowsKernelmodeWin7nLater )
|
||||||
#endif
|
#endif
|
||||||
|
@ -2909,12 +2910,16 @@ SYMCRYPT_EXTERN_C_END
|
||||||
#if (NTDDI_VERSION >= NTDDI_WIN10)
|
#if (NTDDI_VERSION >= NTDDI_WIN10)
|
||||||
#define SYMCRYPT_ENVIRONMENT_WINDOWS_USERMODE_WIN10_SGX SYMCRYPT_ENVIRONMENT_DEFS( Win10Sgx )
|
#define SYMCRYPT_ENVIRONMENT_WINDOWS_USERMODE_WIN10_SGX SYMCRYPT_ENVIRONMENT_DEFS( Win10Sgx )
|
||||||
#endif
|
#endif
|
||||||
|
#endif // NTDDI_VERSION
|
||||||
|
|
||||||
#define SYMCRYPT_ENVIRONMENT_WINDOWS_USERMODE_LATEST SYMCRYPT_ENVIRONMENT_WINDOWS_USERMODE_WIN8_1_N_LATER
|
#define SYMCRYPT_ENVIRONMENT_WINDOWS_USERMODE_LATEST SYMCRYPT_ENVIRONMENT_WINDOWS_USERMODE_WIN8_1_N_LATER
|
||||||
|
|
||||||
|
|
||||||
#define SYMCRYPT_ENVIRONMENT_LINUX_USERMODE SYMCRYPT_ENVIRONMENT_DEFS( LinuxUsermode )
|
#define SYMCRYPT_ENVIRONMENT_LINUX_USERMODE SYMCRYPT_ENVIRONMENT_DEFS( LinuxUsermode )
|
||||||
|
|
||||||
|
|
||||||
|
#define SYMCRYPT_ENVIRONMENT_OPTEE_TA SYMCRYPT_ENVIRONMENT_DEFS( OpteeTa )
|
||||||
|
|
||||||
//////////////////////////////////////////////////////////
|
//////////////////////////////////////////////////////////
|
||||||
//
|
//
|
||||||
// SymCryptWipe & SymCryptWipeKnownSize
|
// SymCryptWipe & SymCryptWipeKnownSize
|
||||||
|
|
|
@ -393,9 +393,24 @@ if(NOT WIN32)
|
||||||
endif()
|
endif()
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
add_library(symcrypt_linuxusermode STATIC env_linuxUserMode.c)
|
if(SYMCRYPT_TARGET_ENV MATCHES "LinuxUserMode")
|
||||||
set_target_properties(symcrypt_linuxusermode PROPERTIES PREFIX "")
|
add_library(symcrypt_linuxusermode STATIC env_linuxUserMode.c)
|
||||||
target_link_libraries(symcrypt_linuxusermode symcrypt_common)
|
set_target_properties(symcrypt_linuxusermode PROPERTIES PREFIX "")
|
||||||
|
target_link_libraries(symcrypt_linuxusermode symcrypt_common)
|
||||||
|
elseif(SYMCRYPT_TARGET_ENV MATCHES "OPTEE")
|
||||||
|
# Remove files from symcrypt_common that are not supported in optee env.
|
||||||
|
# aes-asm.c - use SymCryptAesDecryptAsm which is not defined for ARM64
|
||||||
|
# cpuid_um.c - include auxv.h and use getauxval
|
||||||
|
# session.c - use atomic operations (__atomic_compare_exchange)
|
||||||
|
list(REMOVE_ITEM SOURCES_COMMON
|
||||||
|
aes-asm.c
|
||||||
|
cpuid_um.c
|
||||||
|
session.c)
|
||||||
|
|
||||||
|
add_library(symcrypt_envOpteeTa STATIC env_opteeTa.c)
|
||||||
|
set_target_properties(symcrypt_envOpteeTa PROPERTIES PREFIX "")
|
||||||
|
target_link_libraries(symcrypt_envOpteeTa symcrypt_common)
|
||||||
|
endif()
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
include_directories(${CMAKE_SOURCE_DIR}/inc)
|
include_directories(${CMAKE_SOURCE_DIR}/inc)
|
||||||
|
|
|
@ -0,0 +1,80 @@
|
||||||
|
//
|
||||||
|
// env_opteeTa.c
|
||||||
|
// Platform-specific code for OPTEE TA.
|
||||||
|
//
|
||||||
|
// Copyright (c) Microsoft Corporation. Licensed under the MIT license.
|
||||||
|
//
|
||||||
|
|
||||||
|
#include "precomp.h"
|
||||||
|
|
||||||
|
// OPTEE TA specific data
|
||||||
|
#define TEE_ERROR_BAD_STATE 0xFFFF0007
|
||||||
|
|
||||||
|
typedef uint32_t TEE_Result;
|
||||||
|
|
||||||
|
void TEE_Panic(TEE_Result panicCode);
|
||||||
|
|
||||||
|
|
||||||
|
SYMCRYPT_CPU_FEATURES SYMCRYPT_CALL SymCryptCpuFeaturesNeverPresentEnvOpteeTa(void)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptInitEnvOpteeTa( UINT32 version )
|
||||||
|
{
|
||||||
|
if( g_SymCryptFlags & SYMCRYPT_FLAG_LIB_INITIALIZED )
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Optee module relies on the unconditional availability of certain CPU features (ASIMD, AES, PMULL, SHA256)
|
||||||
|
g_SymCryptCpuFeaturesNotPresent = (SYMCRYPT_CPU_FEATURES) ~(SYMCRYPT_CPU_FEATURE_NEON|SYMCRYPT_CPU_FEATURE_NEON_AES|SYMCRYPT_CPU_FEATURE_NEON_PMULL|SYMCRYPT_CPU_FEATURE_NEON_SHA256);
|
||||||
|
|
||||||
|
SymCryptInitEnvCommon( version );
|
||||||
|
}
|
||||||
|
|
||||||
|
_Analysis_noreturn_
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptFatalEnvOpteeTa( ULONG fatalCode )
|
||||||
|
{
|
||||||
|
UINT32 fatalCodeVar;
|
||||||
|
|
||||||
|
SymCryptFatalIntercept( fatalCode );
|
||||||
|
|
||||||
|
//
|
||||||
|
// Put the fatal code in a location where it shows up in the dump
|
||||||
|
//
|
||||||
|
SYMCRYPT_FORCE_WRITE32( &fatalCodeVar, fatalCode );
|
||||||
|
|
||||||
|
//
|
||||||
|
// Our first preference is to fastfail,
|
||||||
|
// the second to create an AV, which can trigger a core dump so that we get to
|
||||||
|
// see what is going wrong.
|
||||||
|
//
|
||||||
|
__fastfail( FAST_FAIL_CRYPTO_LIBRARY );
|
||||||
|
|
||||||
|
TEE_Panic(TEE_ERROR_BAD_STATE);
|
||||||
|
|
||||||
|
//
|
||||||
|
// Next we write to the NULL pointer, this causes an AV
|
||||||
|
//
|
||||||
|
SYMCRYPT_FORCE_WRITE32( (volatile UINT32 *)NULL, fatalCode );
|
||||||
|
|
||||||
|
SymCryptFatalHang( fatalCode );
|
||||||
|
}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptTestInjectErrorEnvOpteeTa( PBYTE pbBuf, SIZE_T cbBuf )
|
||||||
|
{
|
||||||
|
//
|
||||||
|
// This feature is only used during testing. In production it is always
|
||||||
|
// an empty function that the compiler can optimize away.
|
||||||
|
//
|
||||||
|
UNREFERENCED_PARAMETER( pbBuf );
|
||||||
|
UNREFERENCED_PARAMETER( cbBuf );
|
||||||
|
}
|
||||||
|
|
|
@ -1,5 +1,12 @@
|
||||||
add_subdirectory(common) # Common functionality for Linux modules
|
add_subdirectory(common) # Common functionality for Linux modules
|
||||||
add_subdirectory(generic) # Generic Linux module
|
|
||||||
if(SYMCRYPT_USE_ASM AND SYMCRYPT_TARGET_ARCH MATCHES "AMD64")
|
if(SYMCRYPT_TARGET_ENV MATCHES "LinuxUserMode")
|
||||||
add_subdirectory(oe_full) # OpenEnclave with all functionality
|
|
||||||
|
add_subdirectory(generic) # Generic Linux module
|
||||||
|
|
||||||
|
if(SYMCRYPT_USE_ASM AND SYMCRYPT_TARGET_ARCH MATCHES "AMD64")
|
||||||
|
add_subdirectory(oe_full) # OpenEnclave with all functionality
|
||||||
|
endif()
|
||||||
|
elseif(SYMCRYPT_TARGET_ENV MATCHES "OPTEE")
|
||||||
|
add_subdirectory(optee) # OPTEE module
|
||||||
endif()
|
endif()
|
|
@ -0,0 +1,73 @@
|
||||||
|
//
|
||||||
|
// callbacks_pthread.c
|
||||||
|
// Contains symcrypt call back functions for pthreads
|
||||||
|
//
|
||||||
|
// Copyright (c) Microsoft Corporation. Licensed under the MIT license.
|
||||||
|
//
|
||||||
|
|
||||||
|
#include <pthread.h>
|
||||||
|
#include "precomp.h"
|
||||||
|
|
||||||
|
PVOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptCallbackAlloc( SIZE_T nBytes )
|
||||||
|
{
|
||||||
|
return aligned_alloc(SYMCRYPT_ASYM_ALIGN_VALUE, nBytes);
|
||||||
|
}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptCallbackFree( VOID * pMem )
|
||||||
|
{
|
||||||
|
free( pMem );
|
||||||
|
}
|
||||||
|
|
||||||
|
SYMCRYPT_ERROR
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptCallbackRandom( PBYTE pbBuffer, SIZE_T cbBuffer )
|
||||||
|
{
|
||||||
|
SymCryptRandom( pbBuffer, cbBuffer );
|
||||||
|
return SYMCRYPT_NO_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
PVOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptCallbackAllocateMutexFastInproc(void)
|
||||||
|
{
|
||||||
|
PVOID ptr = malloc(sizeof(pthread_mutex_t));
|
||||||
|
|
||||||
|
if( ptr )
|
||||||
|
{
|
||||||
|
if( pthread_mutex_init( (pthread_mutex_t *)ptr, NULL ) != 0 )
|
||||||
|
{
|
||||||
|
free(ptr);
|
||||||
|
ptr = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return ptr;
|
||||||
|
}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptCallbackFreeMutexFastInproc( PVOID pMutex )
|
||||||
|
{
|
||||||
|
pthread_mutex_destroy( (pthread_mutex_t *)pMutex );
|
||||||
|
|
||||||
|
free(pMutex);
|
||||||
|
}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptCallbackAcquireMutexFastInproc( PVOID pMutex )
|
||||||
|
{
|
||||||
|
pthread_mutex_lock( (pthread_mutex_t *)pMutex );
|
||||||
|
}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptCallbackReleaseMutexFastInproc( PVOID pMutex )
|
||||||
|
{
|
||||||
|
pthread_mutex_unlock( (pthread_mutex_t *)pMutex );
|
||||||
|
}
|
|
@ -0,0 +1,52 @@
|
||||||
|
//
|
||||||
|
// callbacks_singlethreaded.c
|
||||||
|
// Contains symcrypt call back functions for single threaded applications.
|
||||||
|
//
|
||||||
|
// Copyright (c) Microsoft Corporation. Licensed under the MIT license.
|
||||||
|
//
|
||||||
|
|
||||||
|
#include "precomp.h"
|
||||||
|
|
||||||
|
PVOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptCallbackAlloc( SIZE_T nBytes )
|
||||||
|
{
|
||||||
|
return aligned_alloc(SYMCRYPT_ASYM_ALIGN_VALUE, nBytes);;
|
||||||
|
}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptCallbackFree( VOID * pMem )
|
||||||
|
{
|
||||||
|
free( pMem );
|
||||||
|
}
|
||||||
|
|
||||||
|
SYMCRYPT_ERROR
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptCallbackRandom( PBYTE pbBuffer, SIZE_T cbBuffer )
|
||||||
|
{
|
||||||
|
SymCryptRandom( pbBuffer, cbBuffer );
|
||||||
|
return SYMCRYPT_NO_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
PVOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptCallbackAllocateMutexFastInproc(void)
|
||||||
|
{
|
||||||
|
static const BYTE byte = 0;
|
||||||
|
|
||||||
|
// we want to return a valid non-NULL address so caller can check for NULL
|
||||||
|
return (PVOID)&byte;
|
||||||
|
}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptCallbackFreeMutexFastInproc( PVOID pMutex ) {}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptCallbackAcquireMutexFastInproc( PVOID pMutex ) {}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptCallbackReleaseMutexFastInproc( PVOID pMutex ) {}
|
|
@ -7,7 +7,6 @@
|
||||||
|
|
||||||
#include "precomp.h"
|
#include "precomp.h"
|
||||||
|
|
||||||
SYMCRYPT_ENVIRONMENT_LINUX_USERMODE
|
|
||||||
|
|
||||||
// Module main function executed by the runtime upon load
|
// Module main function executed by the runtime upon load
|
||||||
VOID __attribute__((constructor)) SymCryptModuleMain(void)
|
VOID __attribute__((constructor)) SymCryptModuleMain(void)
|
||||||
|
@ -75,77 +74,6 @@ VOID __attribute__((destructor)) SymCryptModuleDestructor(void)
|
||||||
SymCryptRngUninit();
|
SymCryptRngUninit();
|
||||||
}
|
}
|
||||||
|
|
||||||
PVOID
|
|
||||||
SYMCRYPT_CALL
|
|
||||||
SymCryptCallbackAlloc( SIZE_T nBytes )
|
|
||||||
{
|
|
||||||
PVOID ptr = NULL;
|
|
||||||
if(posix_memalign( &ptr, SYMCRYPT_ASYM_ALIGN_VALUE, nBytes ) != 0)
|
|
||||||
{
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
return ptr;
|
|
||||||
}
|
|
||||||
|
|
||||||
VOID
|
|
||||||
SYMCRYPT_CALL
|
|
||||||
SymCryptCallbackFree( VOID * pMem )
|
|
||||||
{
|
|
||||||
free( pMem );
|
|
||||||
}
|
|
||||||
|
|
||||||
SYMCRYPT_ERROR
|
|
||||||
SYMCRYPT_CALL
|
|
||||||
SymCryptCallbackRandom( PBYTE pbBuffer, SIZE_T cbBuffer )
|
|
||||||
{
|
|
||||||
SymCryptRandom( pbBuffer, cbBuffer );
|
|
||||||
return SYMCRYPT_NO_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
PVOID
|
|
||||||
SYMCRYPT_CALL
|
|
||||||
SymCryptCallbackAllocateMutexFastInproc(void)
|
|
||||||
{
|
|
||||||
PVOID ptr = malloc(sizeof(pthread_mutex_t));
|
|
||||||
|
|
||||||
if( ptr )
|
|
||||||
{
|
|
||||||
if( pthread_mutex_init( (pthread_mutex_t *)ptr, NULL ) != 0 )
|
|
||||||
{
|
|
||||||
free(ptr);
|
|
||||||
ptr = NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return ptr;
|
|
||||||
}
|
|
||||||
|
|
||||||
VOID
|
|
||||||
SYMCRYPT_CALL
|
|
||||||
SymCryptCallbackFreeMutexFastInproc( PVOID pMutex )
|
|
||||||
{
|
|
||||||
pthread_mutex_destroy( (pthread_mutex_t *)pMutex );
|
|
||||||
|
|
||||||
free(pMutex);
|
|
||||||
}
|
|
||||||
|
|
||||||
VOID
|
|
||||||
SYMCRYPT_CALL
|
|
||||||
SymCryptCallbackAcquireMutexFastInproc( PVOID pMutex )
|
|
||||||
{
|
|
||||||
pthread_mutex_lock( (pthread_mutex_t *)pMutex );
|
|
||||||
}
|
|
||||||
|
|
||||||
VOID
|
|
||||||
SYMCRYPT_CALL
|
|
||||||
SymCryptCallbackReleaseMutexFastInproc( PVOID pMutex )
|
|
||||||
{
|
|
||||||
pthread_mutex_unlock( (pthread_mutex_t *)pMutex );
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
VOID SYMCRYPT_CALL SymCryptModuleInit( UINT32 api, UINT32 minor )
|
VOID SYMCRYPT_CALL SymCryptModuleInit( UINT32 api, UINT32 minor )
|
||||||
{
|
{
|
||||||
if( api != SYMCRYPT_CODE_VERSION_API ||
|
if( api != SYMCRYPT_CODE_VERSION_API ||
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
//
|
||||||
|
// module_linuxUserMode.c
|
||||||
|
// SymCrypt env defined for linux user mode
|
||||||
|
//
|
||||||
|
// Copyright (c) Microsoft Corporation. Licensed under the MIT license.
|
||||||
|
//
|
||||||
|
|
||||||
|
#include "precomp.h"
|
||||||
|
|
||||||
|
SYMCRYPT_ENVIRONMENT_LINUX_USERMODE
|
|
@ -4,7 +4,6 @@
|
||||||
// Copyright (c) Microsoft Corporation. Licensed under the MIT license.
|
// Copyright (c) Microsoft Corporation. Licensed under the MIT license.
|
||||||
//
|
//
|
||||||
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <stddef.h>
|
#include <stddef.h>
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
|
|
@ -13,7 +13,8 @@
|
||||||
#define RANDOM_NUM_CACHE_SIZE 128
|
#define RANDOM_NUM_CACHE_SIZE 128
|
||||||
#define MAX_GENERATE_BEFORE_RESEED 8192
|
#define MAX_GENERATE_BEFORE_RESEED 8192
|
||||||
|
|
||||||
pthread_mutex_t g_rngLock; // lock around access to following global variable
|
PVOID g_rngLock; // lock around access to following global variable
|
||||||
|
|
||||||
BOOLEAN g_RngStateInstantiated = FALSE;
|
BOOLEAN g_RngStateInstantiated = FALSE;
|
||||||
SYMCRYPT_RNG_AES_STATE g_AesRngState;
|
SYMCRYPT_RNG_AES_STATE g_AesRngState;
|
||||||
|
|
||||||
|
@ -53,7 +54,9 @@ VOID
|
||||||
SYMCRYPT_CALL
|
SYMCRYPT_CALL
|
||||||
SymCryptRngInit(void)
|
SymCryptRngInit(void)
|
||||||
{
|
{
|
||||||
if( pthread_mutex_init( &g_rngLock, NULL ) != 0)
|
g_rngLock = SymCryptCallbackAllocateMutexFastInproc();
|
||||||
|
|
||||||
|
if (g_rngLock == NULL)
|
||||||
{
|
{
|
||||||
SymCryptFatal( 'rngi' );
|
SymCryptFatal( 'rngi' );
|
||||||
}
|
}
|
||||||
|
@ -112,7 +115,7 @@ SymCryptRngUninit(void)
|
||||||
SymCryptEntropyFipsUninit();
|
SymCryptEntropyFipsUninit();
|
||||||
SymCryptEntropySecureUninit();
|
SymCryptEntropySecureUninit();
|
||||||
SymCryptRngAesUninstantiate( &g_AesRngState );
|
SymCryptRngAesUninstantiate( &g_AesRngState );
|
||||||
pthread_mutex_destroy( &g_rngLock );
|
SymCryptCallbackFreeMutexFastInproc( g_rngLock );
|
||||||
}
|
}
|
||||||
|
|
||||||
// This function fills pbRandom with cbRandom bytes. For small requests,
|
// This function fills pbRandom with cbRandom bytes. For small requests,
|
||||||
|
@ -130,8 +133,8 @@ SymCryptRandom( PBYTE pbRandom, SIZE_T cbRandom )
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
pthread_mutex_lock( &g_rngLock );
|
SymCryptCallbackAcquireMutexFastInproc( g_rngLock );
|
||||||
|
|
||||||
if( !g_RngStateInstantiated )
|
if( !g_RngStateInstantiated )
|
||||||
{
|
{
|
||||||
|
@ -223,7 +226,7 @@ SymCryptRandom( PBYTE pbRandom, SIZE_T cbRandom )
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
pthread_mutex_unlock( &g_rngLock );
|
SymCryptCallbackReleaseMutexFastInproc( g_rngLock );
|
||||||
}
|
}
|
||||||
|
|
||||||
// This function mixes the provided entropy into the RNG state using a call to SymCryptRngAesGenerateSmall
|
// This function mixes the provided entropy into the RNG state using a call to SymCryptRngAesGenerateSmall
|
||||||
|
@ -247,7 +250,7 @@ SymCryptProvideEntropy( PCBYTE pbEntropy, SIZE_T cbEntropy )
|
||||||
// Get hash result in additionalInput buffer.
|
// Get hash result in additionalInput buffer.
|
||||||
SymCryptSha256Result( &hashState, additionalInput );
|
SymCryptSha256Result( &hashState, additionalInput );
|
||||||
|
|
||||||
pthread_mutex_lock( &g_rngLock );
|
SymCryptCallbackAcquireMutexFastInproc( g_rngLock );
|
||||||
|
|
||||||
scError = SymCryptRngAesGenerateSmall(
|
scError = SymCryptRngAesGenerateSmall(
|
||||||
&g_AesRngState,
|
&g_AesRngState,
|
||||||
|
@ -260,7 +263,7 @@ SymCryptProvideEntropy( PCBYTE pbEntropy, SIZE_T cbEntropy )
|
||||||
SymCryptFatal( 'acdx' );
|
SymCryptFatal( 'acdx' );
|
||||||
}
|
}
|
||||||
|
|
||||||
pthread_mutex_unlock( &g_rngLock );
|
SymCryptCallbackReleaseMutexFastInproc( g_rngLock );
|
||||||
|
|
||||||
SymCryptWipeKnownSize( additionalInput, sizeof(additionalInput) );
|
SymCryptWipeKnownSize( additionalInput, sizeof(additionalInput) );
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,9 @@ set(SOURCES
|
||||||
statusindicator.c
|
statusindicator.c
|
||||||
../common/optional/rngfipsjitter.c
|
../common/optional/rngfipsjitter.c
|
||||||
../common/optional/rngforkdetection.c
|
../common/optional/rngforkdetection.c
|
||||||
../common/optional/rngsecureurandom.c)
|
../common/optional/rngsecureurandom.c
|
||||||
|
../common/optional/module_linuxUserMode.c
|
||||||
|
../common/callbacks_pthread.c)
|
||||||
|
|
||||||
# Enable integrity verification if compiling for AMD64 or ARM64 or ARM
|
# Enable integrity verification if compiling for AMD64 or ARM64 or ARM
|
||||||
if(SYMCRYPT_TARGET_ARCH MATCHES "AMD64|ARM")
|
if(SYMCRYPT_TARGET_ARCH MATCHES "AMD64|ARM")
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
set(SOURCES
|
set(SOURCES
|
||||||
../common/integrity.c
|
../common/integrity.c
|
||||||
statusindicator.c
|
statusindicator.c
|
||||||
rng.c)
|
rng.c
|
||||||
|
../common/optional/module_linuxUserMode.c
|
||||||
|
../common/callbacks_pthread.c)
|
||||||
|
|
||||||
include_directories(${CMAKE_SOURCE_DIR}/inc ../common)
|
include_directories(${CMAKE_SOURCE_DIR}/inc ../common)
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
set(SOURCES
|
||||||
|
rng.c
|
||||||
|
module_opteeTa.c
|
||||||
|
../common/nointegrity.c
|
||||||
|
../common/callbacks_singlethreaded.c)
|
||||||
|
|
||||||
|
include_directories(../common)
|
||||||
|
|
||||||
|
# Build SymCrypt lib for OPTEE
|
||||||
|
add_library(symcrypt_optee STATIC ${SOURCES} $<TARGET_OBJECTS:symcrypt_envOpteeTa> $<TARGET_OBJECTS:symcrypt_common> $<TARGET_OBJECTS:symcrypt_module_linux_common>)
|
|
@ -0,0 +1,10 @@
|
||||||
|
//
|
||||||
|
// module_opteeTa.c
|
||||||
|
// SymCrypt env defined for optee TA
|
||||||
|
//
|
||||||
|
// Copyright (c) Microsoft Corporation. Licensed under the MIT license.
|
||||||
|
//
|
||||||
|
|
||||||
|
#include "precomp.h"
|
||||||
|
|
||||||
|
SYMCRYPT_ENVIRONMENT_OPTEE_TA
|
|
@ -0,0 +1,61 @@
|
||||||
|
//
|
||||||
|
// rng.c
|
||||||
|
// Defines secure entropy functions using TEE_GenerateRandom() as the source
|
||||||
|
//
|
||||||
|
// Copyright (c) Microsoft Corporation. Licensed under the MIT license.
|
||||||
|
//
|
||||||
|
|
||||||
|
#include "precomp.h"
|
||||||
|
#include "rng.h"
|
||||||
|
|
||||||
|
// TEE_GenerateRandom gets FIPS/secure RNG from OPTEE (will be Unresolved symbol and will be resolved in linker phase with OPTEE Application)
|
||||||
|
void TEE_GenerateRandom(void *randomBuffer, size_t randomBufferLen);
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptEntropyFipsInit()
|
||||||
|
{}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptEntropyFipsUninit()
|
||||||
|
{}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptEntropyFipsGet( _Out_writes_( cbResult ) PBYTE pbResult, SIZE_T cbResult )
|
||||||
|
{
|
||||||
|
// TEE_GenerateRandom gets FIPS/secure RNG from OPTEE (implementation is platform specific)
|
||||||
|
TEE_GenerateRandom((void *)pbResult, cbResult);
|
||||||
|
}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptEntropySecureInit()
|
||||||
|
{}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptEntropySecureUninit()
|
||||||
|
{}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptEntropySecureGet( _Out_writes_( cbResult ) PBYTE pbResult, SIZE_T cbResult )
|
||||||
|
{
|
||||||
|
// TEE_GenerateRandom gets FIPS/secure RNG from OPTEE (implementation is platform specific)
|
||||||
|
TEE_GenerateRandom((void *)pbResult, cbResult);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fork is not supported in Optee so no need to detect it
|
||||||
|
VOID
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptRngForkDetectionInit()
|
||||||
|
{}
|
||||||
|
|
||||||
|
BOOLEAN
|
||||||
|
SYMCRYPT_CALL
|
||||||
|
SymCryptRngForkDetect()
|
||||||
|
{
|
||||||
|
return FALSE;
|
||||||
|
}
|
|
@ -120,6 +120,12 @@ def configure_cmake(args : argparse.Namespace) -> None:
|
||||||
if args.openssl_branch:
|
if args.openssl_branch:
|
||||||
cmake_args.append("-DOPENSSL_BUILD_BRANCH=" + args.openssl_branch)
|
cmake_args.append("-DOPENSSL_BUILD_BRANCH=" + args.openssl_branch)
|
||||||
|
|
||||||
|
# OPTEE
|
||||||
|
if args.optee:
|
||||||
|
cmake_args.append("-DSYMCRYPT_OPTEE=ON")
|
||||||
|
|
||||||
|
if args.ta_dev_kit_inc:
|
||||||
|
cmake_args.append("-DTA_DEV_KIT_INC=" + args.ta_dev_kit_inc)
|
||||||
|
|
||||||
if args.clean and args.build_dir.exists():
|
if args.clean and args.build_dir.exists():
|
||||||
shutil.rmtree(args.build_dir)
|
shutil.rmtree(args.build_dir)
|
||||||
|
@ -146,6 +152,9 @@ def build_cmake(args : argparse.Namespace) -> None:
|
||||||
if args.parallel_build:
|
if args.parallel_build:
|
||||||
cmake_args.append("-j")
|
cmake_args.append("-j")
|
||||||
|
|
||||||
|
if args.target:
|
||||||
|
cmake_args.append("--target " + args.target)
|
||||||
|
|
||||||
invoke_build_tool("cmake", cmake_args)
|
invoke_build_tool("cmake", cmake_args)
|
||||||
|
|
||||||
def build_msbuild(args : argparse.Namespace) -> None:
|
def build_msbuild(args : argparse.Namespace) -> None:
|
||||||
|
@ -217,6 +226,11 @@ def main() -> None:
|
||||||
parser_cmake.add_argument("--openssl", action = "store_true", help = "Enable OpenSSL performance comparison.", default = False)
|
parser_cmake.add_argument("--openssl", action = "store_true", help = "Enable OpenSSL performance comparison.", default = False)
|
||||||
parser_cmake.add_argument("--openssl-branch", type = str, help = "Checkout and build specified branch of OpenSSL.", default = None)
|
parser_cmake.add_argument("--openssl-branch", type = str, help = "Checkout and build specified branch of OpenSSL.", default = None)
|
||||||
parser_cmake.add_argument("--openssl-build-from-source", action = "store_true", help = "Build OpenSSL from source.", default = False)
|
parser_cmake.add_argument("--openssl-build-from-source", action = "store_true", help = "Build OpenSSL from source.", default = False)
|
||||||
|
parser_cmake.add_argument("--target", type = str, help = "Build a specific target.")
|
||||||
|
|
||||||
|
# OPTEE
|
||||||
|
parser_cmake.add_argument("--optee", action = "store_true", help = "Build SymCrypt for OPTEE env.", default = False)
|
||||||
|
parser_cmake.add_argument("--ta_dev_kit_inc", type = str, help = "TA DEV KIT include folder, needed for OPTEE TA compilation.")
|
||||||
|
|
||||||
# MSBuild build options
|
# MSBuild build options
|
||||||
parser_msbuild = subparsers.add_parser("msbuild", help = "Build using MSBuild.")
|
parser_msbuild = subparsers.add_parser("msbuild", help = "Build using MSBuild.")
|
||||||
|
|
Загрузка…
Ссылка в новой задаче