From 826207b3d8e51cf57af7e4f6a3df61b150561b60 Mon Sep 17 00:00:00 2001 From: houmingyong Date: Wed, 17 May 2023 10:36:16 +0800 Subject: [PATCH] supprot kunpeng remote attestation --- CMakeLists.txt | 8 +- component/CMakeLists.txt | 4 +- component/remote_attest/CMakeLists.txt | 22 + .../remote_attest/ra_report/CMakeLists.txt | 48 + .../remote_attest/ra_report/gp_ra_helper.c | 136 + .../remote_attest/ra_report/gp_ra_helper.h | 34 + .../remote_attest/ra_report/gp_ra_report.c | 69 + .../remote_attest/ra_report/gp_ra_report.h | 24 + .../remote_attest/ra_report/sg_ra_report.c | 26 + .../remote_attest/ra_report/sg_ra_report.h | 34 + .../remote_attest/ra_verify/CMakeLists.txt | 44 + .../ra_verify/gp_ra_report_verify.c | 50 + .../ra_verify/gp_ra_report_verify.h | 30 + .../ra_verify/sg_ra_report_verify.c | 20 + .../ra_verify/sg_ra_report_verify.h | 30 + component/remote_attest/sg_report_st.h | 43 + inc/host_inc/status.h | 8 + thirdparty/cjson/cJSON.bak | 3110 +++++++++++++++++ thirdparty/cjson/cJSON.h | 293 ++ .../kunpengsecl/verifier/custom_base64url.h | 20 + thirdparty/kunpengsecl/verifier/teeverifier.h | 50 + thirdparty/libqca/ra_client_api.h | 22 + tools/sign_tool/generate_signature.py | 56 - tools/sign_tool/manifest.py | 322 -- tools/sign_tool/sign_tool.sh | 252 +- tools/sign_tool/signtool_v3.py | 428 --- 26 files changed, 4224 insertions(+), 959 deletions(-) create mode 100644 component/remote_attest/CMakeLists.txt create mode 100644 component/remote_attest/ra_report/CMakeLists.txt create mode 100644 component/remote_attest/ra_report/gp_ra_helper.c create mode 100644 component/remote_attest/ra_report/gp_ra_helper.h create mode 100644 component/remote_attest/ra_report/gp_ra_report.c create mode 100644 component/remote_attest/ra_report/gp_ra_report.h create mode 100644 component/remote_attest/ra_report/sg_ra_report.c create mode 100644 component/remote_attest/ra_report/sg_ra_report.h create mode 100644 component/remote_attest/ra_verify/CMakeLists.txt create mode 100644 component/remote_attest/ra_verify/gp_ra_report_verify.c create mode 100644 component/remote_attest/ra_verify/gp_ra_report_verify.h create mode 100644 component/remote_attest/ra_verify/sg_ra_report_verify.c create mode 100644 component/remote_attest/ra_verify/sg_ra_report_verify.h create mode 100644 component/remote_attest/sg_report_st.h create mode 100644 thirdparty/cjson/cJSON.bak create mode 100644 thirdparty/cjson/cJSON.h create mode 100644 thirdparty/kunpengsecl/verifier/custom_base64url.h create mode 100644 thirdparty/kunpengsecl/verifier/teeverifier.h create mode 100644 thirdparty/libqca/ra_client_api.h delete mode 100644 tools/sign_tool/generate_signature.py delete mode 100644 tools/sign_tool/manifest.py delete mode 100644 tools/sign_tool/signtool_v3.py diff --git a/CMakeLists.txt b/CMakeLists.txt index 9c3c25b..079be3b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -92,10 +92,4 @@ install(FILES ${LOCAL_ROOT_PATH}/conf/rsyslog.d/secgear.conf install(FILES ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh DESTINATION ${LOCAL_ROOT_PATH_INSTALL}/usr/bin/ PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) -set(SIGN_FILE - ${LOCAL_ROOT_PATH}/tools/sign_tool/generate_signature.py - ${LOCAL_ROOT_PATH}/tools/sign_tool/manifest.py - ${LOCAL_ROOT_PATH}/tools/sign_tool/signtool_v3.py -) -install(FILES ${SIGN_FILE} - DESTINATION ${LOCAL_ROOT_PATH_INSTALL}/lib/secGear/) + diff --git a/component/CMakeLists.txt b/component/CMakeLists.txt index 6cff34c..ee0a669 100644 --- a/component/CMakeLists.txt +++ b/component/CMakeLists.txt @@ -9,6 +9,8 @@ # See the Mulan PSL v2 for more details. ADD_SUBDIRECTORY(secure_channel) - +if(CC_GP) + ADD_SUBDIRECTORY(remote_attest) +endif() diff --git a/component/remote_attest/CMakeLists.txt b/component/remote_attest/CMakeLists.txt new file mode 100644 index 0000000..0b86c6f --- /dev/null +++ b/component/remote_attest/CMakeLists.txt @@ -0,0 +1,22 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +ADD_SUBDIRECTORY(ra_report) +ADD_SUBDIRECTORY(ra_verify) + + +file(GLOB RA_HEADERS ${CMAKE_CURRENT_SOURCE_DIR}/sg_report_st.h + ${CMAKE_CURRENT_SOURCE_DIR}/ra_report/sg_ra_report.h + ${CMAKE_CURRENT_SOURCE_DIR}/ra_report/gp_ra_helper.h + ${CMAKE_CURRENT_SOURCE_DIR}/ra_verify/sg_ra_report_verify.h) + +install(FILES ${RA_HEADERS} + DESTINATION /usr/include/secGear + PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) diff --git a/component/remote_attest/ra_report/CMakeLists.txt b/component/remote_attest/ra_report/CMakeLists.txt new file mode 100644 index 0000000..6b459d7 --- /dev/null +++ b/component/remote_attest/ra_report/CMakeLists.txt @@ -0,0 +1,48 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +project(sg_ra_report C) + +set(TARGET secgear_ra) +aux_source_directory(. SRC_FILES) +aux_source_directory(${LOCAL_ROOT_PATH}/thirdparty/cjson/ CJSON_SRC) + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC") + +if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) +endif() + +include_directories( + ${CMAKE_CURRENT_BINARY_DIR} + ${CMAKE_CURRENT_SOURCE_DIR} + ${CMAKE_CURRENT_SOURCE_DIR}/.. + ${LOCAL_ROOT_PATH}/inc/host_inc + ${SDK_PATH}/include/CA + ${LOCAL_ROOT_PATH}/thirdparty/cjson + ${LOCAL_ROOT_PATH}/thirdparty/libqca + ${LOCAL_ROOT_PATH}/thirdparty/kunpengsecl/verifier +) +add_library(${TARGET} SHARED ${SRC_FILES} ${CJSON_SRC}) + +if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${TARGET} PRIVATE /usr/lib64) +endif() + +target_link_libraries(${TARGET} teec_adaptor) + +set(LIBRARY_INSTALL ${LOCAL_ROOT_PATH_INSTALL}/usr/lib64) + +install(TARGETS ${TARGET} + LIBRARY + DESTINATION ${LIBRARY_INSTALL} + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + + diff --git a/component/remote_attest/ra_report/gp_ra_helper.c b/component/remote_attest/ra_report/gp_ra_helper.c new file mode 100644 index 0000000..80a01e9 --- /dev/null +++ b/component/remote_attest/ra_report/gp_ra_helper.c @@ -0,0 +1,136 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include "gp_ra_helper.h" + +#include +#include "cJSON.h" +#include "custom_base64url.h" +#include "enclave_log.h" + +void free_gp_ra_buf(cc_ra_buf_t *ra_buf) +{ + if (ra_buf->buf != NULL) { + free(ra_buf->buf); + } + if (ra_buf != NULL) { + free(ra_buf); + } +} + +/* caller need to free (cc_ra_buf_t **in) */ +cc_enclave_result_t gen_provision_no_as_in_buff(cc_ra_buf_t **in) +{ + cc_enclave_result_t ret = CC_SUCCESS; + cJSON *in_json = cJSON_CreateObject(); + cJSON_AddStringToObject(in_json, "handler", "provisioning-input"); + + cJSON *in_payload = cJSON_CreateObject(); + cJSON_AddStringToObject(in_payload, "version", "TEE.RA.1.0"); + cJSON_AddStringToObject(in_payload, "scenario", "sce_no_as"); + cJSON_AddStringToObject(in_payload, "hash_alg", "HS256"); + + cJSON_AddItemToObject(in_json, "payload", in_payload); + + // char *in_buf = cJSON_PrintUnformatted(in_json); + char *in_buf = cJSON_Print(in_json); + uint32_t in_buf_len = strlen(in_buf) + 1; + + print_debug("provision input json buf:%s\n", in_buf); + + cc_ra_buf_t *tmp_ra_buf = calloc(1, sizeof(cc_ra_buf_t)); + if (tmp_ra_buf == NULL) { + ret = CC_ERROR_RA_MEMORY; + goto end; + } + tmp_ra_buf->buf = calloc(1, in_buf_len); + if (tmp_ra_buf->buf == NULL) { + ret = CC_ERROR_RA_MEMORY; + free(tmp_ra_buf); + goto end; + } + (void)memcpy(tmp_ra_buf->buf, in_buf, in_buf_len); + tmp_ra_buf->len = in_buf_len; + + *in = tmp_ra_buf; +end: + cJSON_free(in_buf); + cJSON_Delete(in_json); + return ret; +} + +/* caller need to free (cc_ra_buf_t **in) */ +cc_enclave_result_t gen_ra_report_in_buff(gp_get_ra_report_input_t *param, cc_ra_buf_t **json_buf) +{ + cc_enclave_result_t ret = CC_SUCCESS; + cJSON *in_json = cJSON_CreateObject(); + cJSON_AddStringToObject(in_json, "handler", "report-input"); + + char b64_nonce[MAX_NONCE_BUF_LEN] = {0}; + int b64_nonce_len = MAX_NONCE_BUF_LEN; + base64urlencode(param->nonce, param->nonce_len, (uint8_t *)b64_nonce, &b64_nonce_len); + print_debug("nonce_buf_len:%d, nonce_buf:%s\n", b64_nonce_len, b64_nonce); + + cJSON *in_payload = cJSON_CreateObject(); + cJSON_AddStringToObject(in_payload, "version", "TEE.RA.1.0"); + cJSON_AddStringToObject(in_payload, "nonce", b64_nonce); + cJSON_AddStringToObject(in_payload, "uuid", (char *)param->uuid); + cJSON_AddStringToObject(in_payload, "hash_alg", "HS256"); + cJSON_AddBoolToObject(in_payload, "with_tcb", param->with_tcb); + + cJSON_AddItemToObject(in_json, "payload", in_payload); + + // char *in_buf = cJSON_PrintUnformatted(in_json); + char *in_buf = cJSON_Print(in_json); + uint32_t in_buf_len = strlen(in_buf) + 1; + + print_debug("get ra report input json buf:%s\n", in_buf); + + cc_ra_buf_t *tmp_ra_buf = calloc(1, sizeof(cc_ra_buf_t)); + if (tmp_ra_buf == NULL) { + ret = CC_ERROR_RA_MEMORY; + goto end; + } + tmp_ra_buf->buf = calloc(1, in_buf_len); + if (tmp_ra_buf->buf == NULL) { + ret = CC_ERROR_RA_MEMORY; + free(tmp_ra_buf); + goto end; + } + (void)memcpy(tmp_ra_buf->buf, in_buf, in_buf_len); + tmp_ra_buf->len = in_buf_len; + + *json_buf = (cc_ra_buf_t *)tmp_ra_buf; +end: + cJSON_free(in_buf); + cJSON_Delete(in_json); + return ret; +} + +void print_ra_report(cc_ra_buf_t *report) +{ + cJSON *cj_report = cJSON_ParseWithLength((char *)report->buf, report->len); + if (cj_report == NULL) { + print_debug("cjson parse report error!\n"); + return; + } + char *str_report = cJSON_Print(cj_report); + + print_debug("report:%s\n", str_report); + + cJSON_free(str_report); + cJSON_Delete(cj_report); + return; +} + + + diff --git a/component/remote_attest/ra_report/gp_ra_helper.h b/component/remote_attest/ra_report/gp_ra_helper.h new file mode 100644 index 0000000..6bee143 --- /dev/null +++ b/component/remote_attest/ra_report/gp_ra_helper.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#ifndef SECGEAR_RA_HELPER_H +#define SECGEAR_RA_HELPER_H + +#include +#include +#include "status.h" +#include "sg_report_st.h" + +#define MAX_NONCE_BUF_LEN 512 +typedef struct { + uint8_t *uuid; + uint32_t nonce_len; + uint8_t nonce[MAX_NONCE_BUF_LEN]; + bool with_tcb; +} gp_get_ra_report_input_t; + +cc_enclave_result_t gen_provision_no_as_in_buff(cc_ra_buf_t **in); +cc_enclave_result_t gen_ra_report_in_buff(gp_get_ra_report_input_t *param, cc_ra_buf_t **json_buf); +void print_ra_report(cc_ra_buf_t *report); +void free_gp_ra_buf(cc_ra_buf_t *ra_buf); +#endif + diff --git a/component/remote_attest/ra_report/gp_ra_report.c b/component/remote_attest/ra_report/gp_ra_report.c new file mode 100644 index 0000000..dd02d7d --- /dev/null +++ b/component/remote_attest/ra_report/gp_ra_report.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include "gp_ra_report.h" + +#include +#include "gp_ra_helper.h" +#include "ra_client_api.h" +#include "enclave_log.h" + +#define TEST_REPORT_OUT_LEN 0x3000 +cc_enclave_result_t gp_ra_provision_no_as() +{ + cc_ra_buf_t *in = NULL; + cc_enclave_result_t ret; + + ret = gen_provision_no_as_in_buff(&in); + if (ret != CC_SUCCESS) { + return ret; + } + uint8_t data[TEST_REPORT_OUT_LEN] = {0}; + cc_ra_buf_t report = {TEST_REPORT_OUT_LEN, data}; + + TEEC_Result gp_ret = RemoteAttest((struct ra_buffer_data *)in, (struct ra_buffer_data *)&report); + free_gp_ra_buf(in); + + if (gp_ret != TEEC_SUCCESS) { + print_error_term("gp ra provision no as failed ret:%x\n", gp_ret); + return CC_ERROR_RA_PROVISION_NO_AS; + } + + return CC_SUCCESS; +} + +cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario) +{ + cc_enclave_result_t ret = CC_SUCCESS; + switch(scenario) { + case CC_RA_SCENARIO_NO_AS: + ret = gp_ra_provision_no_as(); + break; + default: + return CC_ERROR_RA_PRE_ENV_INVALID_SCENARIO; + } + return ret; +} + +cc_enclave_result_t gp_get_ra_report(cc_ra_buf_t *in, cc_ra_buf_t *report) +{ + TEEC_Result gp_ret = RemoteAttest((struct ra_buffer_data *)in, (struct ra_buffer_data *)report); + if (gp_ret != TEEC_SUCCESS) { + print_error_term("get ra report failed, ret:%x\n", gp_ret); + return CC_ERROR_RA_GET_REPORT; + } + + return CC_SUCCESS; +} + + + diff --git a/component/remote_attest/ra_report/gp_ra_report.h b/component/remote_attest/ra_report/gp_ra_report.h new file mode 100644 index 0000000..9d02ce3 --- /dev/null +++ b/component/remote_attest/ra_report/gp_ra_report.h @@ -0,0 +1,24 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#ifndef SECGEAR_GP_RA_REPORT_H +#define SECGEAR_GP_RA_REPORT_H + +#include "status.h" +#include "sg_report_st.h" + +cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario); + +cc_enclave_result_t gp_get_ra_report(cc_ra_buf_t *in, cc_ra_buf_t *report); + +#endif + diff --git a/component/remote_attest/ra_report/sg_ra_report.c b/component/remote_attest/ra_report/sg_ra_report.c new file mode 100644 index 0000000..1cc4bdc --- /dev/null +++ b/component/remote_attest/ra_report/sg_ra_report.c @@ -0,0 +1,26 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include "gp_ra_report.h" + +cc_enclave_result_t cc_prepare_ra_env(cc_ra_scenario_t scenario) +{ + return gp_prepare_ra_env(scenario); +} + +cc_enclave_result_t cc_get_ra_report(cc_ra_buf_t *in, cc_ra_buf_t *report) +{ + return gp_get_ra_report(in, report); +} + + + diff --git a/component/remote_attest/ra_report/sg_ra_report.h b/component/remote_attest/ra_report/sg_ra_report.h new file mode 100644 index 0000000..960cb02 --- /dev/null +++ b/component/remote_attest/ra_report/sg_ra_report.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#ifndef SECGEAR_REMOTE_REPORT_H +#define SECGEAR_REMOTE_REPORT_H + +#include +#include "status.h" +#include "secgear_defs.h" +#include "sg_report_st.h" + +#ifdef __cplusplus +extern "C" { +#endif + +CC_API_SPEC cc_enclave_result_t cc_prepare_ra_env(cc_ra_scenario_t scenario); + +CC_API_SPEC cc_enclave_result_t cc_get_ra_report(cc_ra_buf_t *in, cc_ra_buf_t *report); + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/component/remote_attest/ra_verify/CMakeLists.txt b/component/remote_attest/ra_verify/CMakeLists.txt new file mode 100644 index 0000000..fc92d9c --- /dev/null +++ b/component/remote_attest/ra_verify/CMakeLists.txt @@ -0,0 +1,44 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +project(sg_ra_verify C) + +set(TARGET secgear_verify) +aux_source_directory(. SRC_FILES) + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC") + +if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(/usr/lib64) +endif() + +include_directories( + ${CMAKE_CURRENT_BINARY_DIR} + ${CMAKE_CURRENT_SOURCE_DIR} + ${CMAKE_CURRENT_SOURCE_DIR}/.. + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/thirdparty/kunpengsecl/verifier +) +add_library(${TARGET} SHARED ${SRC_FILES}) + +if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${TARGET} PRIVATE /usr/lib64) +endif() + +target_link_libraries(${TARGET}) + +set(LIBRARY_INSTALL ${LOCAL_ROOT_PATH_INSTALL}/usr/lib64) + +install(TARGETS ${TARGET} + LIBRARY + DESTINATION ${LIBRARY_INSTALL} + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + + diff --git a/component/remote_attest/ra_verify/gp_ra_report_verify.c b/component/remote_attest/ra_verify/gp_ra_report_verify.c new file mode 100644 index 0000000..0917f7a --- /dev/null +++ b/component/remote_attest/ra_verify/gp_ra_report_verify.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include "gp_ra_report_verify.h" + +#include "teeverifier.h" +#include "enclave_log.h" + +int convert_cctype_to_gptype(cc_ra_verify_type_t type) +{ + // gp type, 1: compare image hash; 2: compare mem hash; 3: compare image and mem hash + if (type == CC_RA_VERIFY_TYPE_LOOSE) { + return 1; + } else if (type == CC_RA_VERIFY_TYPE_STRICT) { + return 3; + } else { + return CC_ERROR_RA_REPORT_VERIFY_INVALID_TYPE; + } +} + +cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc_ra_verify_type_t type, char *basevalue) +{ + int gp_type = convert_cctype_to_gptype(type); + if (gp_type == (int)CC_ERROR_RA_REPORT_VERIFY_INVALID_TYPE) { + return CC_FAIL; + } + int ret = tee_verify_report((buffer_data *)report, (buffer_data *)nonce, gp_type, basevalue); + switch (ret) { + case TVS_ALL_SUCCESSED: + return CC_SUCCESS; + case TVS_VERIFIED_NONCE_FAILED: + return CC_ERROR_RA_REPORT_VERIFY_NONCE; + case TVS_VERIFIED_SIGNATURE_FAILED: + return CC_ERROR_RA_REPORT_VERIFY_SIGNATURE; + case TVS_VERIFIED_HASH_FAILED: + return CC_ERROR_RA_REPORT_VERIFY_HASH; + default: + print_debug("verify report failed, unknown errorcode:%d!\n", ret); + } + return ret; +} \ No newline at end of file diff --git a/component/remote_attest/ra_verify/gp_ra_report_verify.h b/component/remote_attest/ra_verify/gp_ra_report_verify.h new file mode 100644 index 0000000..ffd8387 --- /dev/null +++ b/component/remote_attest/ra_verify/gp_ra_report_verify.h @@ -0,0 +1,30 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#ifndef SECGEAR_GP_VERIFY_REPORT_H +#define SECGEAR_GP_VERIFY_REPORT_H + +#include "status.h" +#include "secgear_defs.h" +#include "sg_report_st.h" + +#ifdef __cplusplus +extern "C" { +#endif + +CC_API_SPEC cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc_ra_verify_type_t type, char *basevalue); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/component/remote_attest/ra_verify/sg_ra_report_verify.c b/component/remote_attest/ra_verify/sg_ra_report_verify.c new file mode 100644 index 0000000..63f26c4 --- /dev/null +++ b/component/remote_attest/ra_verify/sg_ra_report_verify.c @@ -0,0 +1,20 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include "gp_ra_report_verify.h" + +#include "enclave_log.h" + +cc_enclave_result_t cc_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc_ra_verify_type_t type, char *basevalue) +{ + return gp_verify_report(report, nonce, type, basevalue); +} \ No newline at end of file diff --git a/component/remote_attest/ra_verify/sg_ra_report_verify.h b/component/remote_attest/ra_verify/sg_ra_report_verify.h new file mode 100644 index 0000000..92ca953 --- /dev/null +++ b/component/remote_attest/ra_verify/sg_ra_report_verify.h @@ -0,0 +1,30 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#ifndef SECGEAR_VERIFY_REPORT_H +#define SECGEAR_VERIFY_REPORT_H + +#include "status.h" +#include "secgear_defs.h" +#include "sg_report_st.h" + +#ifdef __cplusplus +extern "C" { +#endif + +CC_API_SPEC cc_enclave_result_t cc_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc_ra_verify_type_t type, char *basevalue); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/component/remote_attest/sg_report_st.h b/component/remote_attest/sg_report_st.h new file mode 100644 index 0000000..89ee25a --- /dev/null +++ b/component/remote_attest/sg_report_st.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#ifndef SECGEAR_REPORT_STRUCT_H +#define SECGEAR_REPORT_STRUCT_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct cc_ra_buf { + uint32_t len; + uint8_t *buf; +} cc_ra_buf_t; + +typedef enum { + CC_RA_SCENARIO_NO_AS, + // CC_RA_SCENARIO_AS_NO_DAA, + // CC_RA_SCENARIO_AS_WITH_DAA +} cc_ra_scenario_t; + +typedef enum { + CC_RA_VERIFY_TYPE_LOOSE, + CC_RA_VERIFY_TYPE_STRICT, + CC_RA_VERIFY_TYPE_MAX +} cc_ra_verify_type_t; + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/inc/host_inc/status.h b/inc/host_inc/status.h index 40e9f1c..ea7b93b 100644 --- a/inc/host_inc/status.h +++ b/inc/host_inc/status.h @@ -78,6 +78,14 @@ typedef enum _enclave_result_t CC_ERROR_ATT_KEY_UNINITIALIZED, /* attestation key is not initialized*/ CC_ERROR_INVALID_ATT_KEY_CERT_DATA, /* attestation data is not valid*/ CC_ERROR_PLATFORM_CERT_UNAVAILABLE, /* cert is not available*/ + CC_ERROR_RA_PRE_ENV_INVALID_SCENARIO, + CC_ERROR_RA_MEMORY, + CC_ERROR_RA_PROVISION_NO_AS, + CC_ERROR_RA_GET_REPORT, + CC_ERROR_RA_REPORT_VERIFY_NONCE, + CC_ERROR_RA_REPORT_VERIFY_SIGNATURE, + CC_ERROR_RA_REPORT_VERIFY_HASH, + CC_ERROR_RA_REPORT_VERIFY_INVALID_TYPE, /* secure channel */ CC_ERROR_SEC_CHL_INVALID_CONN, /* invalid connection */ CC_ERROR_SEC_CHL_LEN_NOT_ENOUGH, /* the buf length to store secure channle encrypt/decrypt is not enough */ diff --git a/thirdparty/cjson/cJSON.bak b/thirdparty/cjson/cJSON.bak new file mode 100644 index 0000000..3063f74 --- /dev/null +++ b/thirdparty/cjson/cJSON.bak @@ -0,0 +1,3110 @@ +/* + Copyright (c) 2009-2017 Dave Gamble and cJSON contributors + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. +*/ + +/* cJSON */ +/* JSON parser in C. */ + +/* disable warnings about old C89 functions in MSVC */ +#if !defined(_CRT_SECURE_NO_DEPRECATE) && defined(_MSC_VER) +#define _CRT_SECURE_NO_DEPRECATE +#endif + +#ifdef __GNUC__ +#pragma GCC visibility push(default) +#endif +#if defined(_MSC_VER) +#pragma warning (push) +/* disable warning about single line comments in system headers */ +#pragma warning (disable : 4001) +#endif + +#include +#include +#include +#include +#include +#include +#include + +#ifdef ENABLE_LOCALES +#include +#endif + +#if defined(_MSC_VER) +#pragma warning (pop) +#endif +#ifdef __GNUC__ +#pragma GCC visibility pop +#endif + +#include "cJSON.h" + +/* define our own boolean type */ +#ifdef true +#undef true +#endif +#define true ((cJSON_bool)1) + +#ifdef false +#undef false +#endif +#define false ((cJSON_bool)0) + +/* define isnan and isinf for ANSI C, if in C99 or above, isnan and isinf has been defined in math.h */ +#ifndef isinf +#define isinf(d) (isnan((d - d)) && !isnan(d)) +#endif +#ifndef isnan +#define isnan(d) (d != d) +#endif + +#ifndef NAN +#ifdef _WIN32 +#define NAN sqrt(-1.0) +#else +#define NAN 0.0/0.0 +#endif +#endif + +typedef struct { + const unsigned char *json; + size_t position; +} error; +static error global_error = { NULL, 0 }; + +CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void) +{ + return (const char*) (global_error.json + global_error.position); +} + +CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item) +{ + if (!cJSON_IsString(item)) + { + return NULL; + } + + return item->valuestring; +} + +CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item) +{ + if (!cJSON_IsNumber(item)) + { + return (double) NAN; + } + + return item->valuedouble; +} + +/* This is a safeguard to prevent copy-pasters from using incompatible C and header files */ +#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 7) || (CJSON_VERSION_PATCH != 15) + #error cJSON.h and cJSON.c have different versions. Make sure that both have the same. +#endif + +CJSON_PUBLIC(const char*) cJSON_Version(void) +{ + static char version[15]; + sprintf(version, "%i.%i.%i", CJSON_VERSION_MAJOR, CJSON_VERSION_MINOR, CJSON_VERSION_PATCH); + + return version; +} + +/* Case insensitive string comparison, doesn't consider two NULL pointers equal though */ +static int case_insensitive_strcmp(const unsigned char *string1, const unsigned char *string2) +{ + if ((string1 == NULL) || (string2 == NULL)) + { + return 1; + } + + if (string1 == string2) + { + return 0; + } + + for(; tolower(*string1) == tolower(*string2); (void)string1++, string2++) + { + if (*string1 == '\0') + { + return 0; + } + } + + return tolower(*string1) - tolower(*string2); +} + +typedef struct internal_hooks +{ + void *(CJSON_CDECL *allocate)(size_t size); + void (CJSON_CDECL *deallocate)(void *pointer); + void *(CJSON_CDECL *reallocate)(void *pointer, size_t size); +} internal_hooks; + +#if defined(_MSC_VER) +/* work around MSVC error C2322: '...' address of dllimport '...' is not static */ +static void * CJSON_CDECL internal_malloc(size_t size) +{ + return malloc(size); +} +static void CJSON_CDECL internal_free(void *pointer) +{ + free(pointer); +} +static void * CJSON_CDECL internal_realloc(void *pointer, size_t size) +{ + return realloc(pointer, size); +} +#else +#define internal_malloc malloc +#define internal_free free +#define internal_realloc realloc +#endif + +/* strlen of character literals resolved at compile time */ +#define static_strlen(string_literal) (sizeof(string_literal) - sizeof("")) + +static internal_hooks global_hooks = { internal_malloc, internal_free, internal_realloc }; + +static unsigned char* cJSON_strdup(const unsigned char* string, const internal_hooks * const hooks) +{ + size_t length = 0; + unsigned char *copy = NULL; + + if (string == NULL) + { + return NULL; + } + + length = strlen((const char*)string) + sizeof(""); + copy = (unsigned char*)hooks->allocate(length); + if (copy == NULL) + { + return NULL; + } + memcpy(copy, string, length); + + return copy; +} + +CJSON_PUBLIC(void) cJSON_InitHooks(cJSON_Hooks* hooks) +{ + if (hooks == NULL) + { + /* Reset hooks */ + global_hooks.allocate = malloc; + global_hooks.deallocate = free; + global_hooks.reallocate = realloc; + return; + } + + global_hooks.allocate = malloc; + if (hooks->malloc_fn != NULL) + { + global_hooks.allocate = hooks->malloc_fn; + } + + global_hooks.deallocate = free; + if (hooks->free_fn != NULL) + { + global_hooks.deallocate = hooks->free_fn; + } + + /* use realloc only if both free and malloc are used */ + global_hooks.reallocate = NULL; + if ((global_hooks.allocate == malloc) && (global_hooks.deallocate == free)) + { + global_hooks.reallocate = realloc; + } +} + +/* Internal constructor. */ +static cJSON *cJSON_New_Item(const internal_hooks * const hooks) +{ + cJSON* node = (cJSON*)hooks->allocate(sizeof(cJSON)); + if (node) + { + memset(node, '\0', sizeof(cJSON)); + } + + return node; +} + +/* Delete a cJSON structure. */ +CJSON_PUBLIC(void) cJSON_Delete(cJSON *item) +{ + cJSON *next = NULL; + while (item != NULL) + { + next = item->next; + if (!(item->type & cJSON_IsReference) && (item->child != NULL)) + { + cJSON_Delete(item->child); + } + if (!(item->type & cJSON_IsReference) && (item->valuestring != NULL)) + { + global_hooks.deallocate(item->valuestring); + } + if (!(item->type & cJSON_StringIsConst) && (item->string != NULL)) + { + global_hooks.deallocate(item->string); + } + global_hooks.deallocate(item); + item = next; + } +} + +/* get the decimal point character of the current locale */ +static unsigned char get_decimal_point(void) +{ +#ifdef ENABLE_LOCALES + struct lconv *lconv = localeconv(); + return (unsigned char) lconv->decimal_point[0]; +#else + return '.'; +#endif +} + +typedef struct +{ + const unsigned char *content; + size_t length; + size_t offset; + size_t depth; /* How deeply nested (in arrays/objects) is the input at the current offset. */ + internal_hooks hooks; +} parse_buffer; + +/* check if the given size is left to read in a given parse buffer (starting with 1) */ +#define can_read(buffer, size) ((buffer != NULL) && (((buffer)->offset + size) <= (buffer)->length)) +/* check if the buffer can be accessed at the given index (starting with 0) */ +#define can_access_at_index(buffer, index) ((buffer != NULL) && (((buffer)->offset + index) < (buffer)->length)) +#define cannot_access_at_index(buffer, index) (!can_access_at_index(buffer, index)) +/* get a pointer to the buffer at the position */ +#define buffer_at_offset(buffer) ((buffer)->content + (buffer)->offset) + +/* Parse the input text to generate a number, and populate the result into item. */ +static cJSON_bool parse_number(cJSON * const item, parse_buffer * const input_buffer) +{ + double number = 0; + unsigned char *after_end = NULL; + unsigned char number_c_string[64]; + unsigned char decimal_point = get_decimal_point(); + size_t i = 0; + + if ((input_buffer == NULL) || (input_buffer->content == NULL)) + { + return false; + } + + /* copy the number into a temporary buffer and replace '.' with the decimal point + * of the current locale (for strtod) + * This also takes care of '\0' not necessarily being available for marking the end of the input */ + for (i = 0; (i < (sizeof(number_c_string) - 1)) && can_access_at_index(input_buffer, i); i++) + { + switch (buffer_at_offset(input_buffer)[i]) + { + case '0': + case '1': + case '2': + case '3': + case '4': + case '5': + case '6': + case '7': + case '8': + case '9': + case '+': + case '-': + case 'e': + case 'E': + number_c_string[i] = buffer_at_offset(input_buffer)[i]; + break; + + case '.': + number_c_string[i] = decimal_point; + break; + + default: + goto loop_end; + } + } +loop_end: + number_c_string[i] = '\0'; + + number = strtod((const char*)number_c_string, (char**)&after_end); + if (number_c_string == after_end) + { + return false; /* parse_error */ + } + + item->valuedouble = number; + + /* use saturation in case of overflow */ + if (number >= INT_MAX) + { + item->valueint = INT_MAX; + } + else if (number <= (double)INT_MIN) + { + item->valueint = INT_MIN; + } + else + { + item->valueint = (int)number; + } + + item->type = cJSON_Number; + + input_buffer->offset += (size_t)(after_end - number_c_string); + return true; +} + +/* don't ask me, but the original cJSON_SetNumberValue returns an integer or double */ +CJSON_PUBLIC(double) cJSON_SetNumberHelper(cJSON *object, double number) +{ + if (number >= INT_MAX) + { + object->valueint = INT_MAX; + } + else if (number <= (double)INT_MIN) + { + object->valueint = INT_MIN; + } + else + { + object->valueint = (int)number; + } + + return object->valuedouble = number; +} + +CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring) +{ + char *copy = NULL; + /* if object's type is not cJSON_String or is cJSON_IsReference, it should not set valuestring */ + if (!(object->type & cJSON_String) || (object->type & cJSON_IsReference)) + { + return NULL; + } + if (strlen(valuestring) <= strlen(object->valuestring)) + { + strcpy(object->valuestring, valuestring); + return object->valuestring; + } + copy = (char*) cJSON_strdup((const unsigned char*)valuestring, &global_hooks); + if (copy == NULL) + { + return NULL; + } + if (object->valuestring != NULL) + { + cJSON_free(object->valuestring); + } + object->valuestring = copy; + + return copy; +} + +typedef struct +{ + unsigned char *buffer; + size_t length; + size_t offset; + size_t depth; /* current nesting depth (for formatted printing) */ + cJSON_bool noalloc; + cJSON_bool format; /* is this print a formatted print */ + internal_hooks hooks; +} printbuffer; + +/* realloc printbuffer if necessary to have at least "needed" bytes more */ +static unsigned char* ensure(printbuffer * const p, size_t needed) +{ + unsigned char *newbuffer = NULL; + size_t newsize = 0; + + if ((p == NULL) || (p->buffer == NULL)) + { + return NULL; + } + + if ((p->length > 0) && (p->offset >= p->length)) + { + /* make sure that offset is valid */ + return NULL; + } + + if (needed > INT_MAX) + { + /* sizes bigger than INT_MAX are currently not supported */ + return NULL; + } + + needed += p->offset + 1; + if (needed <= p->length) + { + return p->buffer + p->offset; + } + + if (p->noalloc) { + return NULL; + } + + /* calculate new buffer size */ + if (needed > (INT_MAX / 2)) + { + /* overflow of int, use INT_MAX if possible */ + if (needed <= INT_MAX) + { + newsize = INT_MAX; + } + else + { + return NULL; + } + } + else + { + newsize = needed * 2; + } + + if (p->hooks.reallocate != NULL) + { + /* reallocate with realloc if available */ + newbuffer = (unsigned char*)p->hooks.reallocate(p->buffer, newsize); + if (newbuffer == NULL) + { + p->hooks.deallocate(p->buffer); + p->length = 0; + p->buffer = NULL; + + return NULL; + } + } + else + { + /* otherwise reallocate manually */ + newbuffer = (unsigned char*)p->hooks.allocate(newsize); + if (!newbuffer) + { + p->hooks.deallocate(p->buffer); + p->length = 0; + p->buffer = NULL; + + return NULL; + } + + memcpy(newbuffer, p->buffer, p->offset + 1); + p->hooks.deallocate(p->buffer); + } + p->length = newsize; + p->buffer = newbuffer; + + return newbuffer + p->offset; +} + +/* calculate the new length of the string in a printbuffer and update the offset */ +static void update_offset(printbuffer * const buffer) +{ + const unsigned char *buffer_pointer = NULL; + if ((buffer == NULL) || (buffer->buffer == NULL)) + { + return; + } + buffer_pointer = buffer->buffer + buffer->offset; + + buffer->offset += strlen((const char*)buffer_pointer); +} + +/* securely comparison of floating-point variables */ +static cJSON_bool compare_double(double a, double b) +{ + double maxVal = fabs(a) > fabs(b) ? fabs(a) : fabs(b); + return (fabs(a - b) <= maxVal * DBL_EPSILON); +} + +/* Render the number nicely from the given item into a string. */ +static cJSON_bool print_number(const cJSON * const item, printbuffer * const output_buffer) +{ + unsigned char *output_pointer = NULL; + double d = item->valuedouble; + int length = 0; + size_t i = 0; + unsigned char number_buffer[26] = {0}; /* temporary buffer to print the number into */ + unsigned char decimal_point = get_decimal_point(); + double test = 0.0; + + if (output_buffer == NULL) + { + return false; + } + + /* This checks for NaN and Infinity */ + if (isnan(d) || isinf(d)) + { + length = sprintf((char*)number_buffer, "null"); + } + else + { + /* Try 15 decimal places of precision to avoid nonsignificant nonzero digits */ + length = sprintf((char*)number_buffer, "%1.15g", d); + + /* Check whether the original double can be recovered */ + if ((sscanf((char*)number_buffer, "%lg", &test) != 1) || !compare_double((double)test, d)) + { + /* If not, print with 17 decimal places of precision */ + length = sprintf((char*)number_buffer, "%1.17g", d); + } + } + + /* sprintf failed or buffer overrun occurred */ + if ((length < 0) || (length > (int)(sizeof(number_buffer) - 1))) + { + return false; + } + + /* reserve appropriate space in the output */ + output_pointer = ensure(output_buffer, (size_t)length + sizeof("")); + if (output_pointer == NULL) + { + return false; + } + + /* copy the printed number to the output and replace locale + * dependent decimal point with '.' */ + for (i = 0; i < ((size_t)length); i++) + { + if (number_buffer[i] == decimal_point) + { + output_pointer[i] = '.'; + continue; + } + + output_pointer[i] = number_buffer[i]; + } + output_pointer[i] = '\0'; + + output_buffer->offset += (size_t)length; + + return true; +} + +/* parse 4 digit hexadecimal number */ +static unsigned parse_hex4(const unsigned char * const input) +{ + unsigned int h = 0; + size_t i = 0; + + for (i = 0; i < 4; i++) + { + /* parse digit */ + if ((input[i] >= '0') && (input[i] <= '9')) + { + h += (unsigned int) input[i] - '0'; + } + else if ((input[i] >= 'A') && (input[i] <= 'F')) + { + h += (unsigned int) 10 + input[i] - 'A'; + } + else if ((input[i] >= 'a') && (input[i] <= 'f')) + { + h += (unsigned int) 10 + input[i] - 'a'; + } + else /* invalid */ + { + return 0; + } + + if (i < 3) + { + /* shift left to make place for the next nibble */ + h = h << 4; + } + } + + return h; +} + +/* converts a UTF-16 literal to UTF-8 + * A literal can be one or two sequences of the form \uXXXX */ +static unsigned char utf16_literal_to_utf8(const unsigned char * const input_pointer, const unsigned char * const input_end, unsigned char **output_pointer) +{ + long unsigned int codepoint = 0; + unsigned int first_code = 0; + const unsigned char *first_sequence = input_pointer; + unsigned char utf8_length = 0; + unsigned char utf8_position = 0; + unsigned char sequence_length = 0; + unsigned char first_byte_mark = 0; + + if ((input_end - first_sequence) < 6) + { + /* input ends unexpectedly */ + goto fail; + } + + /* get the first utf16 sequence */ + first_code = parse_hex4(first_sequence + 2); + + /* check that the code is valid */ + if (((first_code >= 0xDC00) && (first_code <= 0xDFFF))) + { + goto fail; + } + + /* UTF16 surrogate pair */ + if ((first_code >= 0xD800) && (first_code <= 0xDBFF)) + { + const unsigned char *second_sequence = first_sequence + 6; + unsigned int second_code = 0; + sequence_length = 12; /* \uXXXX\uXXXX */ + + if ((input_end - second_sequence) < 6) + { + /* input ends unexpectedly */ + goto fail; + } + + if ((second_sequence[0] != '\\') || (second_sequence[1] != 'u')) + { + /* missing second half of the surrogate pair */ + goto fail; + } + + /* get the second utf16 sequence */ + second_code = parse_hex4(second_sequence + 2); + /* check that the code is valid */ + if ((second_code < 0xDC00) || (second_code > 0xDFFF)) + { + /* invalid second half of the surrogate pair */ + goto fail; + } + + + /* calculate the unicode codepoint from the surrogate pair */ + codepoint = 0x10000 + (((first_code & 0x3FF) << 10) | (second_code & 0x3FF)); + } + else + { + sequence_length = 6; /* \uXXXX */ + codepoint = first_code; + } + + /* encode as UTF-8 + * takes at maximum 4 bytes to encode: + * 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx */ + if (codepoint < 0x80) + { + /* normal ascii, encoding 0xxxxxxx */ + utf8_length = 1; + } + else if (codepoint < 0x800) + { + /* two bytes, encoding 110xxxxx 10xxxxxx */ + utf8_length = 2; + first_byte_mark = 0xC0; /* 11000000 */ + } + else if (codepoint < 0x10000) + { + /* three bytes, encoding 1110xxxx 10xxxxxx 10xxxxxx */ + utf8_length = 3; + first_byte_mark = 0xE0; /* 11100000 */ + } + else if (codepoint <= 0x10FFFF) + { + /* four bytes, encoding 1110xxxx 10xxxxxx 10xxxxxx 10xxxxxx */ + utf8_length = 4; + first_byte_mark = 0xF0; /* 11110000 */ + } + else + { + /* invalid unicode codepoint */ + goto fail; + } + + /* encode as utf8 */ + for (utf8_position = (unsigned char)(utf8_length - 1); utf8_position > 0; utf8_position--) + { + /* 10xxxxxx */ + (*output_pointer)[utf8_position] = (unsigned char)((codepoint | 0x80) & 0xBF); + codepoint >>= 6; + } + /* encode first byte */ + if (utf8_length > 1) + { + (*output_pointer)[0] = (unsigned char)((codepoint | first_byte_mark) & 0xFF); + } + else + { + (*output_pointer)[0] = (unsigned char)(codepoint & 0x7F); + } + + *output_pointer += utf8_length; + + return sequence_length; + +fail: + return 0; +} + +/* Parse the input text into an unescaped cinput, and populate item. */ +static cJSON_bool parse_string(cJSON * const item, parse_buffer * const input_buffer) +{ + const unsigned char *input_pointer = buffer_at_offset(input_buffer) + 1; + const unsigned char *input_end = buffer_at_offset(input_buffer) + 1; + unsigned char *output_pointer = NULL; + unsigned char *output = NULL; + + /* not a string */ + if (buffer_at_offset(input_buffer)[0] != '\"') + { + goto fail; + } + + { + /* calculate approximate size of the output (overestimate) */ + size_t allocation_length = 0; + size_t skipped_bytes = 0; + while (((size_t)(input_end - input_buffer->content) < input_buffer->length) && (*input_end != '\"')) + { + /* is escape sequence */ + if (input_end[0] == '\\') + { + if ((size_t)(input_end + 1 - input_buffer->content) >= input_buffer->length) + { + /* prevent buffer overflow when last input character is a backslash */ + goto fail; + } + skipped_bytes++; + input_end++; + } + input_end++; + } + if (((size_t)(input_end - input_buffer->content) >= input_buffer->length) || (*input_end != '\"')) + { + goto fail; /* string ended unexpectedly */ + } + + /* This is at most how much we need for the output */ + allocation_length = (size_t) (input_end - buffer_at_offset(input_buffer)) - skipped_bytes; + output = (unsigned char*)input_buffer->hooks.allocate(allocation_length + sizeof("")); + if (output == NULL) + { + goto fail; /* allocation failure */ + } + } + + output_pointer = output; + /* loop through the string literal */ + while (input_pointer < input_end) + { + if (*input_pointer != '\\') + { + *output_pointer++ = *input_pointer++; + } + /* escape sequence */ + else + { + unsigned char sequence_length = 2; + if ((input_end - input_pointer) < 1) + { + goto fail; + } + + switch (input_pointer[1]) + { + case 'b': + *output_pointer++ = '\b'; + break; + case 'f': + *output_pointer++ = '\f'; + break; + case 'n': + *output_pointer++ = '\n'; + break; + case 'r': + *output_pointer++ = '\r'; + break; + case 't': + *output_pointer++ = '\t'; + break; + case '\"': + case '\\': + case '/': + *output_pointer++ = input_pointer[1]; + break; + + /* UTF-16 literal */ + case 'u': + sequence_length = utf16_literal_to_utf8(input_pointer, input_end, &output_pointer); + if (sequence_length == 0) + { + /* failed to convert UTF16-literal to UTF-8 */ + goto fail; + } + break; + + default: + goto fail; + } + input_pointer += sequence_length; + } + } + + /* zero terminate the output */ + *output_pointer = '\0'; + + item->type = cJSON_String; + item->valuestring = (char*)output; + + input_buffer->offset = (size_t) (input_end - input_buffer->content); + input_buffer->offset++; + + return true; + +fail: + if (output != NULL) + { + input_buffer->hooks.deallocate(output); + } + + if (input_pointer != NULL) + { + input_buffer->offset = (size_t)(input_pointer - input_buffer->content); + } + + return false; +} + +/* Render the cstring provided to an escaped version that can be printed. */ +static cJSON_bool print_string_ptr(const unsigned char * const input, printbuffer * const output_buffer) +{ + const unsigned char *input_pointer = NULL; + unsigned char *output = NULL; + unsigned char *output_pointer = NULL; + size_t output_length = 0; + /* numbers of additional characters needed for escaping */ + size_t escape_characters = 0; + + if (output_buffer == NULL) + { + return false; + } + + /* empty string */ + if (input == NULL) + { + output = ensure(output_buffer, sizeof("\"\"")); + if (output == NULL) + { + return false; + } + strcpy((char*)output, "\"\""); + + return true; + } + + /* set "flag" to 1 if something needs to be escaped */ + for (input_pointer = input; *input_pointer; input_pointer++) + { + switch (*input_pointer) + { + case '\"': + case '\\': + case '\b': + case '\f': + case '\n': + case '\r': + case '\t': + /* one character escape sequence */ + escape_characters++; + break; + default: + if (*input_pointer < 32) + { + /* UTF-16 escape sequence uXXXX */ + escape_characters += 5; + } + break; + } + } + output_length = (size_t)(input_pointer - input) + escape_characters; + + output = ensure(output_buffer, output_length + sizeof("\"\"")); + if (output == NULL) + { + return false; + } + + /* no characters have to be escaped */ + if (escape_characters == 0) + { + output[0] = '\"'; + memcpy(output + 1, input, output_length); + output[output_length + 1] = '\"'; + output[output_length + 2] = '\0'; + + return true; + } + + output[0] = '\"'; + output_pointer = output + 1; + /* copy the string */ + for (input_pointer = input; *input_pointer != '\0'; (void)input_pointer++, output_pointer++) + { + if ((*input_pointer > 31) && (*input_pointer != '\"') && (*input_pointer != '\\')) + { + /* normal character, copy */ + *output_pointer = *input_pointer; + } + else + { + /* character needs to be escaped */ + *output_pointer++ = '\\'; + switch (*input_pointer) + { + case '\\': + *output_pointer = '\\'; + break; + case '\"': + *output_pointer = '\"'; + break; + case '\b': + *output_pointer = 'b'; + break; + case '\f': + *output_pointer = 'f'; + break; + case '\n': + *output_pointer = 'n'; + break; + case '\r': + *output_pointer = 'r'; + break; + case '\t': + *output_pointer = 't'; + break; + default: + /* escape and print as unicode codepoint */ + sprintf((char*)output_pointer, "u%04x", *input_pointer); + output_pointer += 4; + break; + } + } + } + output[output_length + 1] = '\"'; + output[output_length + 2] = '\0'; + + return true; +} + +/* Invoke print_string_ptr (which is useful) on an item. */ +static cJSON_bool print_string(const cJSON * const item, printbuffer * const p) +{ + return print_string_ptr((unsigned char*)item->valuestring, p); +} + +/* Predeclare these prototypes. */ +static cJSON_bool parse_value(cJSON * const item, parse_buffer * const input_buffer); +static cJSON_bool print_value(const cJSON * const item, printbuffer * const output_buffer); +static cJSON_bool parse_array(cJSON * const item, parse_buffer * const input_buffer); +static cJSON_bool print_array(const cJSON * const item, printbuffer * const output_buffer); +static cJSON_bool parse_object(cJSON * const item, parse_buffer * const input_buffer); +static cJSON_bool print_object(const cJSON * const item, printbuffer * const output_buffer); + +/* Utility to jump whitespace and cr/lf */ +static parse_buffer *buffer_skip_whitespace(parse_buffer * const buffer) +{ + if ((buffer == NULL) || (buffer->content == NULL)) + { + return NULL; + } + + if (cannot_access_at_index(buffer, 0)) + { + return buffer; + } + + while (can_access_at_index(buffer, 0) && (buffer_at_offset(buffer)[0] <= 32)) + { + buffer->offset++; + } + + if (buffer->offset == buffer->length) + { + buffer->offset--; + } + + return buffer; +} + +/* skip the UTF-8 BOM (byte order mark) if it is at the beginning of a buffer */ +static parse_buffer *skip_utf8_bom(parse_buffer * const buffer) +{ + if ((buffer == NULL) || (buffer->content == NULL) || (buffer->offset != 0)) + { + return NULL; + } + + if (can_access_at_index(buffer, 4) && (strncmp((const char*)buffer_at_offset(buffer), "\xEF\xBB\xBF", 3) == 0)) + { + buffer->offset += 3; + } + + return buffer; +} + +CJSON_PUBLIC(cJSON *) cJSON_ParseWithOpts(const char *value, const char **return_parse_end, cJSON_bool require_null_terminated) +{ + size_t buffer_length; + + if (NULL == value) + { + return NULL; + } + + /* Adding null character size due to require_null_terminated. */ + buffer_length = strlen(value) + sizeof(""); + + return cJSON_ParseWithLengthOpts(value, buffer_length, return_parse_end, require_null_terminated); +} + +/* Parse an object - create a new root, and populate. */ +CJSON_PUBLIC(cJSON *) cJSON_ParseWithLengthOpts(const char *value, size_t buffer_length, const char **return_parse_end, cJSON_bool require_null_terminated) +{ + parse_buffer buffer = { 0, 0, 0, 0, { 0, 0, 0 } }; + cJSON *item = NULL; + + /* reset error position */ + global_error.json = NULL; + global_error.position = 0; + + if (value == NULL || 0 == buffer_length) + { + goto fail; + } + + buffer.content = (const unsigned char*)value; + buffer.length = buffer_length; + buffer.offset = 0; + buffer.hooks = global_hooks; + + item = cJSON_New_Item(&global_hooks); + if (item == NULL) /* memory fail */ + { + goto fail; + } + + if (!parse_value(item, buffer_skip_whitespace(skip_utf8_bom(&buffer)))) + { + /* parse failure. ep is set. */ + goto fail; + } + + /* if we require null-terminated JSON without appended garbage, skip and then check for a null terminator */ + if (require_null_terminated) + { + buffer_skip_whitespace(&buffer); + if ((buffer.offset >= buffer.length) || buffer_at_offset(&buffer)[0] != '\0') + { + goto fail; + } + } + if (return_parse_end) + { + *return_parse_end = (const char*)buffer_at_offset(&buffer); + } + + return item; + +fail: + if (item != NULL) + { + cJSON_Delete(item); + } + + if (value != NULL) + { + error local_error; + local_error.json = (const unsigned char*)value; + local_error.position = 0; + + if (buffer.offset < buffer.length) + { + local_error.position = buffer.offset; + } + else if (buffer.length > 0) + { + local_error.position = buffer.length - 1; + } + + if (return_parse_end != NULL) + { + *return_parse_end = (const char*)local_error.json + local_error.position; + } + + global_error = local_error; + } + + return NULL; +} + +/* Default options for cJSON_Parse */ +CJSON_PUBLIC(cJSON *) cJSON_Parse(const char *value) +{ + return cJSON_ParseWithOpts(value, 0, 0); +} + +CJSON_PUBLIC(cJSON *) cJSON_ParseWithLength(const char *value, size_t buffer_length) +{ + return cJSON_ParseWithLengthOpts(value, buffer_length, 0, 0); +} + +#define cjson_min(a, b) (((a) < (b)) ? (a) : (b)) + +static unsigned char *print(const cJSON * const item, cJSON_bool format, const internal_hooks * const hooks) +{ + static const size_t default_buffer_size = 256; + printbuffer buffer[1]; + unsigned char *printed = NULL; + + memset(buffer, 0, sizeof(buffer)); + + /* create buffer */ + buffer->buffer = (unsigned char*) hooks->allocate(default_buffer_size); + buffer->length = default_buffer_size; + buffer->format = format; + buffer->hooks = *hooks; + if (buffer->buffer == NULL) + { + goto fail; + } + + /* print the value */ + if (!print_value(item, buffer)) + { + goto fail; + } + update_offset(buffer); + + /* check if reallocate is available */ + if (hooks->reallocate != NULL) + { + printed = (unsigned char*) hooks->reallocate(buffer->buffer, buffer->offset + 1); + if (printed == NULL) { + goto fail; + } + buffer->buffer = NULL; + } + else /* otherwise copy the JSON over to a new buffer */ + { + printed = (unsigned char*) hooks->allocate(buffer->offset + 1); + if (printed == NULL) + { + goto fail; + } + memcpy(printed, buffer->buffer, cjson_min(buffer->length, buffer->offset + 1)); + printed[buffer->offset] = '\0'; /* just to be sure */ + + /* free the buffer */ + hooks->deallocate(buffer->buffer); + } + + return printed; + +fail: + if (buffer->buffer != NULL) + { + hooks->deallocate(buffer->buffer); + } + + if (printed != NULL) + { + hooks->deallocate(printed); + } + + return NULL; +} + +/* Render a cJSON item/entity/structure to text. */ +CJSON_PUBLIC(char *) cJSON_Print(const cJSON *item) +{ + return (char*)print(item, true, &global_hooks); +} + +CJSON_PUBLIC(char *) cJSON_PrintUnformatted(const cJSON *item) +{ + return (char*)print(item, false, &global_hooks); +} + +CJSON_PUBLIC(char *) cJSON_PrintBuffered(const cJSON *item, int prebuffer, cJSON_bool fmt) +{ + printbuffer p = { 0, 0, 0, 0, 0, 0, { 0, 0, 0 } }; + + if (prebuffer < 0) + { + return NULL; + } + + p.buffer = (unsigned char*)global_hooks.allocate((size_t)prebuffer); + if (!p.buffer) + { + return NULL; + } + + p.length = (size_t)prebuffer; + p.offset = 0; + p.noalloc = false; + p.format = fmt; + p.hooks = global_hooks; + + if (!print_value(item, &p)) + { + global_hooks.deallocate(p.buffer); + return NULL; + } + + return (char*)p.buffer; +} + +CJSON_PUBLIC(cJSON_bool) cJSON_PrintPreallocated(cJSON *item, char *buffer, const int length, const cJSON_bool format) +{ + printbuffer p = { 0, 0, 0, 0, 0, 0, { 0, 0, 0 } }; + + if ((length < 0) || (buffer == NULL)) + { + return false; + } + + p.buffer = (unsigned char*)buffer; + p.length = (size_t)length; + p.offset = 0; + p.noalloc = true; + p.format = format; + p.hooks = global_hooks; + + return print_value(item, &p); +} + +/* Parser core - when encountering text, process appropriately. */ +static cJSON_bool parse_value(cJSON * const item, parse_buffer * const input_buffer) +{ + if ((input_buffer == NULL) || (input_buffer->content == NULL)) + { + return false; /* no input */ + } + + /* parse the different types of values */ + /* null */ + if (can_read(input_buffer, 4) && (strncmp((const char*)buffer_at_offset(input_buffer), "null", 4) == 0)) + { + item->type = cJSON_NULL; + input_buffer->offset += 4; + return true; + } + /* false */ + if (can_read(input_buffer, 5) && (strncmp((const char*)buffer_at_offset(input_buffer), "false", 5) == 0)) + { + item->type = cJSON_False; + input_buffer->offset += 5; + return true; + } + /* true */ + if (can_read(input_buffer, 4) && (strncmp((const char*)buffer_at_offset(input_buffer), "true", 4) == 0)) + { + item->type = cJSON_True; + item->valueint = 1; + input_buffer->offset += 4; + return true; + } + /* string */ + if (can_access_at_index(input_buffer, 0) && (buffer_at_offset(input_buffer)[0] == '\"')) + { + return parse_string(item, input_buffer); + } + /* number */ + if (can_access_at_index(input_buffer, 0) && ((buffer_at_offset(input_buffer)[0] == '-') || ((buffer_at_offset(input_buffer)[0] >= '0') && (buffer_at_offset(input_buffer)[0] <= '9')))) + { + return parse_number(item, input_buffer); + } + /* array */ + if (can_access_at_index(input_buffer, 0) && (buffer_at_offset(input_buffer)[0] == '[')) + { + return parse_array(item, input_buffer); + } + /* object */ + if (can_access_at_index(input_buffer, 0) && (buffer_at_offset(input_buffer)[0] == '{')) + { + return parse_object(item, input_buffer); + } + + return false; +} + +/* Render a value to text. */ +static cJSON_bool print_value(const cJSON * const item, printbuffer * const output_buffer) +{ + unsigned char *output = NULL; + + if ((item == NULL) || (output_buffer == NULL)) + { + return false; + } + + switch ((item->type) & 0xFF) + { + case cJSON_NULL: + output = ensure(output_buffer, 5); + if (output == NULL) + { + return false; + } + strcpy((char*)output, "null"); + return true; + + case cJSON_False: + output = ensure(output_buffer, 6); + if (output == NULL) + { + return false; + } + strcpy((char*)output, "false"); + return true; + + case cJSON_True: + output = ensure(output_buffer, 5); + if (output == NULL) + { + return false; + } + strcpy((char*)output, "true"); + return true; + + case cJSON_Number: + return print_number(item, output_buffer); + + case cJSON_Raw: + { + size_t raw_length = 0; + if (item->valuestring == NULL) + { + return false; + } + + raw_length = strlen(item->valuestring) + sizeof(""); + output = ensure(output_buffer, raw_length); + if (output == NULL) + { + return false; + } + memcpy(output, item->valuestring, raw_length); + return true; + } + + case cJSON_String: + return print_string(item, output_buffer); + + case cJSON_Array: + return print_array(item, output_buffer); + + case cJSON_Object: + return print_object(item, output_buffer); + + default: + return false; + } +} + +/* Build an array from input text. */ +static cJSON_bool parse_array(cJSON * const item, parse_buffer * const input_buffer) +{ + cJSON *head = NULL; /* head of the linked list */ + cJSON *current_item = NULL; + + if (input_buffer->depth >= CJSON_NESTING_LIMIT) + { + return false; /* to deeply nested */ + } + input_buffer->depth++; + + if (buffer_at_offset(input_buffer)[0] != '[') + { + /* not an array */ + goto fail; + } + + input_buffer->offset++; + buffer_skip_whitespace(input_buffer); + if (can_access_at_index(input_buffer, 0) && (buffer_at_offset(input_buffer)[0] == ']')) + { + /* empty array */ + goto success; + } + + /* check if we skipped to the end of the buffer */ + if (cannot_access_at_index(input_buffer, 0)) + { + input_buffer->offset--; + goto fail; + } + + /* step back to character in front of the first element */ + input_buffer->offset--; + /* loop through the comma separated array elements */ + do + { + /* allocate next item */ + cJSON *new_item = cJSON_New_Item(&(input_buffer->hooks)); + if (new_item == NULL) + { + goto fail; /* allocation failure */ + } + + /* attach next item to list */ + if (head == NULL) + { + /* start the linked list */ + current_item = head = new_item; + } + else + { + /* add to the end and advance */ + current_item->next = new_item; + new_item->prev = current_item; + current_item = new_item; + } + + /* parse next value */ + input_buffer->offset++; + buffer_skip_whitespace(input_buffer); + if (!parse_value(current_item, input_buffer)) + { + goto fail; /* failed to parse value */ + } + buffer_skip_whitespace(input_buffer); + } + while (can_access_at_index(input_buffer, 0) && (buffer_at_offset(input_buffer)[0] == ',')); + + if (cannot_access_at_index(input_buffer, 0) || buffer_at_offset(input_buffer)[0] != ']') + { + goto fail; /* expected end of array */ + } + +success: + input_buffer->depth--; + + if (head != NULL) { + head->prev = current_item; + } + + item->type = cJSON_Array; + item->child = head; + + input_buffer->offset++; + + return true; + +fail: + if (head != NULL) + { + cJSON_Delete(head); + } + + return false; +} + +/* Render an array to text */ +static cJSON_bool print_array(const cJSON * const item, printbuffer * const output_buffer) +{ + unsigned char *output_pointer = NULL; + size_t length = 0; + cJSON *current_element = item->child; + + if (output_buffer == NULL) + { + return false; + } + + /* Compose the output array. */ + /* opening square bracket */ + output_pointer = ensure(output_buffer, 1); + if (output_pointer == NULL) + { + return false; + } + + *output_pointer = '['; + output_buffer->offset++; + output_buffer->depth++; + + while (current_element != NULL) + { + if (!print_value(current_element, output_buffer)) + { + return false; + } + update_offset(output_buffer); + if (current_element->next) + { + length = (size_t) (output_buffer->format ? 2 : 1); + output_pointer = ensure(output_buffer, length + 1); + if (output_pointer == NULL) + { + return false; + } + *output_pointer++ = ','; + if(output_buffer->format) + { + *output_pointer++ = ' '; + } + *output_pointer = '\0'; + output_buffer->offset += length; + } + current_element = current_element->next; + } + + output_pointer = ensure(output_buffer, 2); + if (output_pointer == NULL) + { + return false; + } + *output_pointer++ = ']'; + *output_pointer = '\0'; + output_buffer->depth--; + + return true; +} + +/* Build an object from the text. */ +static cJSON_bool parse_object(cJSON * const item, parse_buffer * const input_buffer) +{ + cJSON *head = NULL; /* linked list head */ + cJSON *current_item = NULL; + + if (input_buffer->depth >= CJSON_NESTING_LIMIT) + { + return false; /* to deeply nested */ + } + input_buffer->depth++; + + if (cannot_access_at_index(input_buffer, 0) || (buffer_at_offset(input_buffer)[0] != '{')) + { + goto fail; /* not an object */ + } + + input_buffer->offset++; + buffer_skip_whitespace(input_buffer); + if (can_access_at_index(input_buffer, 0) && (buffer_at_offset(input_buffer)[0] == '}')) + { + goto success; /* empty object */ + } + + /* check if we skipped to the end of the buffer */ + if (cannot_access_at_index(input_buffer, 0)) + { + input_buffer->offset--; + goto fail; + } + + /* step back to character in front of the first element */ + input_buffer->offset--; + /* loop through the comma separated array elements */ + do + { + /* allocate next item */ + cJSON *new_item = cJSON_New_Item(&(input_buffer->hooks)); + if (new_item == NULL) + { + goto fail; /* allocation failure */ + } + + /* attach next item to list */ + if (head == NULL) + { + /* start the linked list */ + current_item = head = new_item; + } + else + { + /* add to the end and advance */ + current_item->next = new_item; + new_item->prev = current_item; + current_item = new_item; + } + + /* parse the name of the child */ + input_buffer->offset++; + buffer_skip_whitespace(input_buffer); + if (!parse_string(current_item, input_buffer)) + { + goto fail; /* failed to parse name */ + } + buffer_skip_whitespace(input_buffer); + + /* swap valuestring and string, because we parsed the name */ + current_item->string = current_item->valuestring; + current_item->valuestring = NULL; + + if (cannot_access_at_index(input_buffer, 0) || (buffer_at_offset(input_buffer)[0] != ':')) + { + goto fail; /* invalid object */ + } + + /* parse the value */ + input_buffer->offset++; + buffer_skip_whitespace(input_buffer); + if (!parse_value(current_item, input_buffer)) + { + goto fail; /* failed to parse value */ + } + buffer_skip_whitespace(input_buffer); + } + while (can_access_at_index(input_buffer, 0) && (buffer_at_offset(input_buffer)[0] == ',')); + + if (cannot_access_at_index(input_buffer, 0) || (buffer_at_offset(input_buffer)[0] != '}')) + { + goto fail; /* expected end of object */ + } + +success: + input_buffer->depth--; + + if (head != NULL) { + head->prev = current_item; + } + + item->type = cJSON_Object; + item->child = head; + + input_buffer->offset++; + return true; + +fail: + if (head != NULL) + { + cJSON_Delete(head); + } + + return false; +} + +/* Render an object to text. */ +static cJSON_bool print_object(const cJSON * const item, printbuffer * const output_buffer) +{ + unsigned char *output_pointer = NULL; + size_t length = 0; + cJSON *current_item = item->child; + + if (output_buffer == NULL) + { + return false; + } + + /* Compose the output: */ + length = (size_t) (output_buffer->format ? 2 : 1); /* fmt: {\n */ + output_pointer = ensure(output_buffer, length + 1); + if (output_pointer == NULL) + { + return false; + } + + *output_pointer++ = '{'; + output_buffer->depth++; + if (output_buffer->format) + { + *output_pointer++ = '\n'; + } + output_buffer->offset += length; + + while (current_item) + { + if (output_buffer->format) + { + size_t i; + output_pointer = ensure(output_buffer, output_buffer->depth); + if (output_pointer == NULL) + { + return false; + } + for (i = 0; i < output_buffer->depth; i++) + { + *output_pointer++ = '\t'; + } + output_buffer->offset += output_buffer->depth; + } + + /* print key */ + if (!print_string_ptr((unsigned char*)current_item->string, output_buffer)) + { + return false; + } + update_offset(output_buffer); + + length = (size_t) (output_buffer->format ? 2 : 1); + output_pointer = ensure(output_buffer, length); + if (output_pointer == NULL) + { + return false; + } + *output_pointer++ = ':'; + if (output_buffer->format) + { + *output_pointer++ = '\t'; + } + output_buffer->offset += length; + + /* print value */ + if (!print_value(current_item, output_buffer)) + { + return false; + } + update_offset(output_buffer); + + /* print comma if not last */ + length = ((size_t)(output_buffer->format ? 1 : 0) + (size_t)(current_item->next ? 1 : 0)); + output_pointer = ensure(output_buffer, length + 1); + if (output_pointer == NULL) + { + return false; + } + if (current_item->next) + { + *output_pointer++ = ','; + } + + if (output_buffer->format) + { + *output_pointer++ = '\n'; + } + *output_pointer = '\0'; + output_buffer->offset += length; + + current_item = current_item->next; + } + + output_pointer = ensure(output_buffer, output_buffer->format ? (output_buffer->depth + 1) : 2); + if (output_pointer == NULL) + { + return false; + } + if (output_buffer->format) + { + size_t i; + for (i = 0; i < (output_buffer->depth - 1); i++) + { + *output_pointer++ = '\t'; + } + } + *output_pointer++ = '}'; + *output_pointer = '\0'; + output_buffer->depth--; + + return true; +} + +/* Get Array size/item / object item. */ +CJSON_PUBLIC(int) cJSON_GetArraySize(const cJSON *array) +{ + cJSON *child = NULL; + size_t size = 0; + + if (array == NULL) + { + return 0; + } + + child = array->child; + + while(child != NULL) + { + size++; + child = child->next; + } + + /* FIXME: Can overflow here. Cannot be fixed without breaking the API */ + + return (int)size; +} + +static cJSON* get_array_item(const cJSON *array, size_t index) +{ + cJSON *current_child = NULL; + + if (array == NULL) + { + return NULL; + } + + current_child = array->child; + while ((current_child != NULL) && (index > 0)) + { + index--; + current_child = current_child->next; + } + + return current_child; +} + +CJSON_PUBLIC(cJSON *) cJSON_GetArrayItem(const cJSON *array, int index) +{ + if (index < 0) + { + return NULL; + } + + return get_array_item(array, (size_t)index); +} + +static cJSON *get_object_item(const cJSON * const object, const char * const name, const cJSON_bool case_sensitive) +{ + cJSON *current_element = NULL; + + if ((object == NULL) || (name == NULL)) + { + return NULL; + } + + current_element = object->child; + if (case_sensitive) + { + while ((current_element != NULL) && (current_element->string != NULL) && (strcmp(name, current_element->string) != 0)) + { + current_element = current_element->next; + } + } + else + { + while ((current_element != NULL) && (case_insensitive_strcmp((const unsigned char*)name, (const unsigned char*)(current_element->string)) != 0)) + { + current_element = current_element->next; + } + } + + if ((current_element == NULL) || (current_element->string == NULL)) { + return NULL; + } + + return current_element; +} + +CJSON_PUBLIC(cJSON *) cJSON_GetObjectItem(const cJSON * const object, const char * const string) +{ + return get_object_item(object, string, false); +} + +CJSON_PUBLIC(cJSON *) cJSON_GetObjectItemCaseSensitive(const cJSON * const object, const char * const string) +{ + return get_object_item(object, string, true); +} + +CJSON_PUBLIC(cJSON_bool) cJSON_HasObjectItem(const cJSON *object, const char *string) +{ + return cJSON_GetObjectItem(object, string) ? 1 : 0; +} + +/* Utility for array list handling. */ +static void suffix_object(cJSON *prev, cJSON *item) +{ + prev->next = item; + item->prev = prev; +} + +/* Utility for handling references. */ +static cJSON *create_reference(const cJSON *item, const internal_hooks * const hooks) +{ + cJSON *reference = NULL; + if (item == NULL) + { + return NULL; + } + + reference = cJSON_New_Item(hooks); + if (reference == NULL) + { + return NULL; + } + + memcpy(reference, item, sizeof(cJSON)); + reference->string = NULL; + reference->type |= cJSON_IsReference; + reference->next = reference->prev = NULL; + return reference; +} + +static cJSON_bool add_item_to_array(cJSON *array, cJSON *item) +{ + cJSON *child = NULL; + + if ((item == NULL) || (array == NULL) || (array == item)) + { + return false; + } + + child = array->child; + /* + * To find the last item in array quickly, we use prev in array + */ + if (child == NULL) + { + /* list is empty, start new one */ + array->child = item; + item->prev = item; + item->next = NULL; + } + else + { + /* append to the end */ + if (child->prev) + { + suffix_object(child->prev, item); + array->child->prev = item; + } + } + + return true; +} + +/* Add item to array/object. */ +CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToArray(cJSON *array, cJSON *item) +{ + return add_item_to_array(array, item); +} + +#if defined(__clang__) || (defined(__GNUC__) && ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ > 5)))) + #pragma GCC diagnostic push +#endif +#ifdef __GNUC__ +#pragma GCC diagnostic ignored "-Wcast-qual" +#endif +/* helper function to cast away const */ +static void* cast_away_const(const void* string) +{ + return (void*)string; +} +#if defined(__clang__) || (defined(__GNUC__) && ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ > 5)))) + #pragma GCC diagnostic pop +#endif + + +static cJSON_bool add_item_to_object(cJSON * const object, const char * const string, cJSON * const item, const internal_hooks * const hooks, const cJSON_bool constant_key) +{ + char *new_key = NULL; + int new_type = cJSON_Invalid; + + if ((object == NULL) || (string == NULL) || (item == NULL) || (object == item)) + { + return false; + } + + if (constant_key) + { + new_key = (char*)cast_away_const(string); + new_type = item->type | cJSON_StringIsConst; + } + else + { + new_key = (char*)cJSON_strdup((const unsigned char*)string, hooks); + if (new_key == NULL) + { + return false; + } + + new_type = item->type & ~cJSON_StringIsConst; + } + + if (!(item->type & cJSON_StringIsConst) && (item->string != NULL)) + { + hooks->deallocate(item->string); + } + + item->string = new_key; + item->type = new_type; + + return add_item_to_array(object, item); +} + +CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObject(cJSON *object, const char *string, cJSON *item) +{ + return add_item_to_object(object, string, item, &global_hooks, false); +} + +/* Add an item to an object with constant string as key */ +CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObjectCS(cJSON *object, const char *string, cJSON *item) +{ + return add_item_to_object(object, string, item, &global_hooks, true); +} + +CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToArray(cJSON *array, cJSON *item) +{ + if (array == NULL) + { + return false; + } + + return add_item_to_array(array, create_reference(item, &global_hooks)); +} + +CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToObject(cJSON *object, const char *string, cJSON *item) +{ + if ((object == NULL) || (string == NULL)) + { + return false; + } + + return add_item_to_object(object, string, create_reference(item, &global_hooks), &global_hooks, false); +} + +CJSON_PUBLIC(cJSON*) cJSON_AddNullToObject(cJSON * const object, const char * const name) +{ + cJSON *null = cJSON_CreateNull(); + if (add_item_to_object(object, name, null, &global_hooks, false)) + { + return null; + } + + cJSON_Delete(null); + return NULL; +} + +CJSON_PUBLIC(cJSON*) cJSON_AddTrueToObject(cJSON * const object, const char * const name) +{ + cJSON *true_item = cJSON_CreateTrue(); + if (add_item_to_object(object, name, true_item, &global_hooks, false)) + { + return true_item; + } + + cJSON_Delete(true_item); + return NULL; +} + +CJSON_PUBLIC(cJSON*) cJSON_AddFalseToObject(cJSON * const object, const char * const name) +{ + cJSON *false_item = cJSON_CreateFalse(); + if (add_item_to_object(object, name, false_item, &global_hooks, false)) + { + return false_item; + } + + cJSON_Delete(false_item); + return NULL; +} + +CJSON_PUBLIC(cJSON*) cJSON_AddBoolToObject(cJSON * const object, const char * const name, const cJSON_bool boolean) +{ + cJSON *bool_item = cJSON_CreateBool(boolean); + if (add_item_to_object(object, name, bool_item, &global_hooks, false)) + { + return bool_item; + } + + cJSON_Delete(bool_item); + return NULL; +} + +CJSON_PUBLIC(cJSON*) cJSON_AddNumberToObject(cJSON * const object, const char * const name, const double number) +{ + cJSON *number_item = cJSON_CreateNumber(number); + if (add_item_to_object(object, name, number_item, &global_hooks, false)) + { + return number_item; + } + + cJSON_Delete(number_item); + return NULL; +} + +CJSON_PUBLIC(cJSON*) cJSON_AddStringToObject(cJSON * const object, const char * const name, const char * const string) +{ + cJSON *string_item = cJSON_CreateString(string); + if (add_item_to_object(object, name, string_item, &global_hooks, false)) + { + return string_item; + } + + cJSON_Delete(string_item); + return NULL; +} + +CJSON_PUBLIC(cJSON*) cJSON_AddRawToObject(cJSON * const object, const char * const name, const char * const raw) +{ + cJSON *raw_item = cJSON_CreateRaw(raw); + if (add_item_to_object(object, name, raw_item, &global_hooks, false)) + { + return raw_item; + } + + cJSON_Delete(raw_item); + return NULL; +} + +CJSON_PUBLIC(cJSON*) cJSON_AddObjectToObject(cJSON * const object, const char * const name) +{ + cJSON *object_item = cJSON_CreateObject(); + if (add_item_to_object(object, name, object_item, &global_hooks, false)) + { + return object_item; + } + + cJSON_Delete(object_item); + return NULL; +} + +CJSON_PUBLIC(cJSON*) cJSON_AddArrayToObject(cJSON * const object, const char * const name) +{ + cJSON *array = cJSON_CreateArray(); + if (add_item_to_object(object, name, array, &global_hooks, false)) + { + return array; + } + + cJSON_Delete(array); + return NULL; +} + +CJSON_PUBLIC(cJSON *) cJSON_DetachItemViaPointer(cJSON *parent, cJSON * const item) +{ + if ((parent == NULL) || (item == NULL)) + { + return NULL; + } + + if (item != parent->child) + { + /* not the first element */ + item->prev->next = item->next; + } + if (item->next != NULL) + { + /* not the last element */ + item->next->prev = item->prev; + } + + if (item == parent->child) + { + /* first element */ + parent->child = item->next; + } + else if (item->next == NULL) + { + /* last element */ + parent->child->prev = item->prev; + } + + /* make sure the detached item doesn't point anywhere anymore */ + item->prev = NULL; + item->next = NULL; + + return item; +} + +CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromArray(cJSON *array, int which) +{ + if (which < 0) + { + return NULL; + } + + return cJSON_DetachItemViaPointer(array, get_array_item(array, (size_t)which)); +} + +CJSON_PUBLIC(void) cJSON_DeleteItemFromArray(cJSON *array, int which) +{ + cJSON_Delete(cJSON_DetachItemFromArray(array, which)); +} + +CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObject(cJSON *object, const char *string) +{ + cJSON *to_detach = cJSON_GetObjectItem(object, string); + + return cJSON_DetachItemViaPointer(object, to_detach); +} + +CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObjectCaseSensitive(cJSON *object, const char *string) +{ + cJSON *to_detach = cJSON_GetObjectItemCaseSensitive(object, string); + + return cJSON_DetachItemViaPointer(object, to_detach); +} + +CJSON_PUBLIC(void) cJSON_DeleteItemFromObject(cJSON *object, const char *string) +{ + cJSON_Delete(cJSON_DetachItemFromObject(object, string)); +} + +CJSON_PUBLIC(void) cJSON_DeleteItemFromObjectCaseSensitive(cJSON *object, const char *string) +{ + cJSON_Delete(cJSON_DetachItemFromObjectCaseSensitive(object, string)); +} + +/* Replace array/object items with new ones. */ +CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON *newitem) +{ + cJSON *after_inserted = NULL; + + if (which < 0) + { + return false; + } + + after_inserted = get_array_item(array, (size_t)which); + if (after_inserted == NULL) + { + return add_item_to_array(array, newitem); + } + + newitem->next = after_inserted; + newitem->prev = after_inserted->prev; + after_inserted->prev = newitem; + if (after_inserted == array->child) + { + array->child = newitem; + } + else + { + newitem->prev->next = newitem; + } + return true; +} + +CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemViaPointer(cJSON * const parent, cJSON * const item, cJSON * replacement) +{ + if ((parent == NULL) || (replacement == NULL) || (item == NULL)) + { + return false; + } + + if (replacement == item) + { + return true; + } + + replacement->next = item->next; + replacement->prev = item->prev; + + if (replacement->next != NULL) + { + replacement->next->prev = replacement; + } + if (parent->child == item) + { + if (parent->child->prev == parent->child) + { + replacement->prev = replacement; + } + parent->child = replacement; + } + else + { /* + * To find the last item in array quickly, we use prev in array. + * We can't modify the last item's next pointer where this item was the parent's child + */ + if (replacement->prev != NULL) + { + replacement->prev->next = replacement; + } + if (replacement->next == NULL) + { + parent->child->prev = replacement; + } + } + + item->next = NULL; + item->prev = NULL; + cJSON_Delete(item); + + return true; +} + +CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInArray(cJSON *array, int which, cJSON *newitem) +{ + if (which < 0) + { + return false; + } + + return cJSON_ReplaceItemViaPointer(array, get_array_item(array, (size_t)which), newitem); +} + +static cJSON_bool replace_item_in_object(cJSON *object, const char *string, cJSON *replacement, cJSON_bool case_sensitive) +{ + if ((replacement == NULL) || (string == NULL)) + { + return false; + } + + /* replace the name in the replacement */ + if (!(replacement->type & cJSON_StringIsConst) && (replacement->string != NULL)) + { + cJSON_free(replacement->string); + } + replacement->string = (char*)cJSON_strdup((const unsigned char*)string, &global_hooks); + replacement->type &= ~cJSON_StringIsConst; + + return cJSON_ReplaceItemViaPointer(object, get_object_item(object, string, case_sensitive), replacement); +} + +CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObject(cJSON *object, const char *string, cJSON *newitem) +{ + return replace_item_in_object(object, string, newitem, false); +} + +CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObjectCaseSensitive(cJSON *object, const char *string, cJSON *newitem) +{ + return replace_item_in_object(object, string, newitem, true); +} + +/* Create basic types: */ +CJSON_PUBLIC(cJSON *) cJSON_CreateNull(void) +{ + cJSON *item = cJSON_New_Item(&global_hooks); + if(item) + { + item->type = cJSON_NULL; + } + + return item; +} + +CJSON_PUBLIC(cJSON *) cJSON_CreateTrue(void) +{ + cJSON *item = cJSON_New_Item(&global_hooks); + if(item) + { + item->type = cJSON_True; + } + + return item; +} + +CJSON_PUBLIC(cJSON *) cJSON_CreateFalse(void) +{ + cJSON *item = cJSON_New_Item(&global_hooks); + if(item) + { + item->type = cJSON_False; + } + + return item; +} + +CJSON_PUBLIC(cJSON *) cJSON_CreateBool(cJSON_bool boolean) +{ + cJSON *item = cJSON_New_Item(&global_hooks); + if(item) + { + item->type = boolean ? cJSON_True : cJSON_False; + } + + return item; +} + +CJSON_PUBLIC(cJSON *) cJSON_CreateNumber(double num) +{ + cJSON *item = cJSON_New_Item(&global_hooks); + if(item) + { + item->type = cJSON_Number; + item->valuedouble = num; + + /* use saturation in case of overflow */ + if (num >= INT_MAX) + { + item->valueint = INT_MAX; + } + else if (num <= (double)INT_MIN) + { + item->valueint = INT_MIN; + } + else + { + item->valueint = (int)num; + } + } + + return item; +} + +CJSON_PUBLIC(cJSON *) cJSON_CreateString(const char *string) +{ + cJSON *item = cJSON_New_Item(&global_hooks); + if(item) + { + item->type = cJSON_String; + item->valuestring = (char*)cJSON_strdup((const unsigned char*)string, &global_hooks); + if(!item->valuestring) + { + cJSON_Delete(item); + return NULL; + } + } + + return item; +} + +CJSON_PUBLIC(cJSON *) cJSON_CreateStringReference(const char *string) +{ + cJSON *item = cJSON_New_Item(&global_hooks); + if (item != NULL) + { + item->type = cJSON_String | cJSON_IsReference; + item->valuestring = (char*)cast_away_const(string); + } + + return item; +} + +CJSON_PUBLIC(cJSON *) cJSON_CreateObjectReference(const cJSON *child) +{ + cJSON *item = cJSON_New_Item(&global_hooks); + if (item != NULL) { + item->type = cJSON_Object | cJSON_IsReference; + item->child = (cJSON*)cast_away_const(child); + } + + return item; +} + +CJSON_PUBLIC(cJSON *) cJSON_CreateArrayReference(const cJSON *child) { + cJSON *item = cJSON_New_Item(&global_hooks); + if (item != NULL) { + item->type = cJSON_Array | cJSON_IsReference; + item->child = (cJSON*)cast_away_const(child); + } + + return item; +} + +CJSON_PUBLIC(cJSON *) cJSON_CreateRaw(const char *raw) +{ + cJSON *item = cJSON_New_Item(&global_hooks); + if(item) + { + item->type = cJSON_Raw; + item->valuestring = (char*)cJSON_strdup((const unsigned char*)raw, &global_hooks); + if(!item->valuestring) + { + cJSON_Delete(item); + return NULL; + } + } + + return item; +} + +CJSON_PUBLIC(cJSON *) cJSON_CreateArray(void) +{ + cJSON *item = cJSON_New_Item(&global_hooks); + if(item) + { + item->type=cJSON_Array; + } + + return item; +} + +CJSON_PUBLIC(cJSON *) cJSON_CreateObject(void) +{ + cJSON *item = cJSON_New_Item(&global_hooks); + if (item) + { + item->type = cJSON_Object; + } + + return item; +} + +/* Create Arrays: */ +CJSON_PUBLIC(cJSON *) cJSON_CreateIntArray(const int *numbers, int count) +{ + size_t i = 0; + cJSON *n = NULL; + cJSON *p = NULL; + cJSON *a = NULL; + + if ((count < 0) || (numbers == NULL)) + { + return NULL; + } + + a = cJSON_CreateArray(); + + for(i = 0; a && (i < (size_t)count); i++) + { + n = cJSON_CreateNumber(numbers[i]); + if (!n) + { + cJSON_Delete(a); + return NULL; + } + if(!i) + { + a->child = n; + } + else + { + suffix_object(p, n); + } + p = n; + } + + if (a && a->child) { + a->child->prev = n; + } + + return a; +} + +CJSON_PUBLIC(cJSON *) cJSON_CreateFloatArray(const float *numbers, int count) +{ + size_t i = 0; + cJSON *n = NULL; + cJSON *p = NULL; + cJSON *a = NULL; + + if ((count < 0) || (numbers == NULL)) + { + return NULL; + } + + a = cJSON_CreateArray(); + + for(i = 0; a && (i < (size_t)count); i++) + { + n = cJSON_CreateNumber((double)numbers[i]); + if(!n) + { + cJSON_Delete(a); + return NULL; + } + if(!i) + { + a->child = n; + } + else + { + suffix_object(p, n); + } + p = n; + } + + if (a && a->child) { + a->child->prev = n; + } + + return a; +} + +CJSON_PUBLIC(cJSON *) cJSON_CreateDoubleArray(const double *numbers, int count) +{ + size_t i = 0; + cJSON *n = NULL; + cJSON *p = NULL; + cJSON *a = NULL; + + if ((count < 0) || (numbers == NULL)) + { + return NULL; + } + + a = cJSON_CreateArray(); + + for(i = 0; a && (i < (size_t)count); i++) + { + n = cJSON_CreateNumber(numbers[i]); + if(!n) + { + cJSON_Delete(a); + return NULL; + } + if(!i) + { + a->child = n; + } + else + { + suffix_object(p, n); + } + p = n; + } + + if (a && a->child) { + a->child->prev = n; + } + + return a; +} + +CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char *const *strings, int count) +{ + size_t i = 0; + cJSON *n = NULL; + cJSON *p = NULL; + cJSON *a = NULL; + + if ((count < 0) || (strings == NULL)) + { + return NULL; + } + + a = cJSON_CreateArray(); + + for (i = 0; a && (i < (size_t)count); i++) + { + n = cJSON_CreateString(strings[i]); + if(!n) + { + cJSON_Delete(a); + return NULL; + } + if(!i) + { + a->child = n; + } + else + { + suffix_object(p,n); + } + p = n; + } + + if (a && a->child) { + a->child->prev = n; + } + + return a; +} + +/* Duplication */ +CJSON_PUBLIC(cJSON *) cJSON_Duplicate(const cJSON *item, cJSON_bool recurse) +{ + cJSON *newitem = NULL; + cJSON *child = NULL; + cJSON *next = NULL; + cJSON *newchild = NULL; + + /* Bail on bad ptr */ + if (!item) + { + goto fail; + } + /* Create new item */ + newitem = cJSON_New_Item(&global_hooks); + if (!newitem) + { + goto fail; + } + /* Copy over all vars */ + newitem->type = item->type & (~cJSON_IsReference); + newitem->valueint = item->valueint; + newitem->valuedouble = item->valuedouble; + if (item->valuestring) + { + newitem->valuestring = (char*)cJSON_strdup((unsigned char*)item->valuestring, &global_hooks); + if (!newitem->valuestring) + { + goto fail; + } + } + if (item->string) + { + newitem->string = (item->type&cJSON_StringIsConst) ? item->string : (char*)cJSON_strdup((unsigned char*)item->string, &global_hooks); + if (!newitem->string) + { + goto fail; + } + } + /* If non-recursive, then we're done! */ + if (!recurse) + { + return newitem; + } + /* Walk the ->next chain for the child. */ + child = item->child; + while (child != NULL) + { + newchild = cJSON_Duplicate(child, true); /* Duplicate (with recurse) each item in the ->next chain */ + if (!newchild) + { + goto fail; + } + if (next != NULL) + { + /* If newitem->child already set, then crosswire ->prev and ->next and move on */ + next->next = newchild; + newchild->prev = next; + next = newchild; + } + else + { + /* Set newitem->child and move to it */ + newitem->child = newchild; + next = newchild; + } + child = child->next; + } + if (newitem && newitem->child) + { + newitem->child->prev = newchild; + } + + return newitem; + +fail: + if (newitem != NULL) + { + cJSON_Delete(newitem); + } + + return NULL; +} + +static void skip_oneline_comment(char **input) +{ + *input += static_strlen("//"); + + for (; (*input)[0] != '\0'; ++(*input)) + { + if ((*input)[0] == '\n') { + *input += static_strlen("\n"); + return; + } + } +} + +static void skip_multiline_comment(char **input) +{ + *input += static_strlen("/*"); + + for (; (*input)[0] != '\0'; ++(*input)) + { + if (((*input)[0] == '*') && ((*input)[1] == '/')) + { + *input += static_strlen("*/"); + return; + } + } +} + +static void minify_string(char **input, char **output) { + (*output)[0] = (*input)[0]; + *input += static_strlen("\""); + *output += static_strlen("\""); + + + for (; (*input)[0] != '\0'; (void)++(*input), ++(*output)) { + (*output)[0] = (*input)[0]; + + if ((*input)[0] == '\"') { + (*output)[0] = '\"'; + *input += static_strlen("\""); + *output += static_strlen("\""); + return; + } else if (((*input)[0] == '\\') && ((*input)[1] == '\"')) { + (*output)[1] = (*input)[1]; + *input += static_strlen("\""); + *output += static_strlen("\""); + } + } +} + +CJSON_PUBLIC(void) cJSON_Minify(char *json) +{ + char *into = json; + + if (json == NULL) + { + return; + } + + while (json[0] != '\0') + { + switch (json[0]) + { + case ' ': + case '\t': + case '\r': + case '\n': + json++; + break; + + case '/': + if (json[1] == '/') + { + skip_oneline_comment(&json); + } + else if (json[1] == '*') + { + skip_multiline_comment(&json); + } else { + json++; + } + break; + + case '\"': + minify_string(&json, (char**)&into); + break; + + default: + into[0] = json[0]; + json++; + into++; + } + } + + /* and null-terminate. */ + *into = '\0'; +} + +CJSON_PUBLIC(cJSON_bool) cJSON_IsInvalid(const cJSON * const item) +{ + if (item == NULL) + { + return false; + } + + return (item->type & 0xFF) == cJSON_Invalid; +} + +CJSON_PUBLIC(cJSON_bool) cJSON_IsFalse(const cJSON * const item) +{ + if (item == NULL) + { + return false; + } + + return (item->type & 0xFF) == cJSON_False; +} + +CJSON_PUBLIC(cJSON_bool) cJSON_IsTrue(const cJSON * const item) +{ + if (item == NULL) + { + return false; + } + + return (item->type & 0xff) == cJSON_True; +} + + +CJSON_PUBLIC(cJSON_bool) cJSON_IsBool(const cJSON * const item) +{ + if (item == NULL) + { + return false; + } + + return (item->type & (cJSON_True | cJSON_False)) != 0; +} +CJSON_PUBLIC(cJSON_bool) cJSON_IsNull(const cJSON * const item) +{ + if (item == NULL) + { + return false; + } + + return (item->type & 0xFF) == cJSON_NULL; +} + +CJSON_PUBLIC(cJSON_bool) cJSON_IsNumber(const cJSON * const item) +{ + if (item == NULL) + { + return false; + } + + return (item->type & 0xFF) == cJSON_Number; +} + +CJSON_PUBLIC(cJSON_bool) cJSON_IsString(const cJSON * const item) +{ + if (item == NULL) + { + return false; + } + + return (item->type & 0xFF) == cJSON_String; +} + +CJSON_PUBLIC(cJSON_bool) cJSON_IsArray(const cJSON * const item) +{ + if (item == NULL) + { + return false; + } + + return (item->type & 0xFF) == cJSON_Array; +} + +CJSON_PUBLIC(cJSON_bool) cJSON_IsObject(const cJSON * const item) +{ + if (item == NULL) + { + return false; + } + + return (item->type & 0xFF) == cJSON_Object; +} + +CJSON_PUBLIC(cJSON_bool) cJSON_IsRaw(const cJSON * const item) +{ + if (item == NULL) + { + return false; + } + + return (item->type & 0xFF) == cJSON_Raw; +} + +CJSON_PUBLIC(cJSON_bool) cJSON_Compare(const cJSON * const a, const cJSON * const b, const cJSON_bool case_sensitive) +{ + if ((a == NULL) || (b == NULL) || ((a->type & 0xFF) != (b->type & 0xFF))) + { + return false; + } + + /* check if type is valid */ + switch (a->type & 0xFF) + { + case cJSON_False: + case cJSON_True: + case cJSON_NULL: + case cJSON_Number: + case cJSON_String: + case cJSON_Raw: + case cJSON_Array: + case cJSON_Object: + break; + + default: + return false; + } + + /* identical objects are equal */ + if (a == b) + { + return true; + } + + switch (a->type & 0xFF) + { + /* in these cases and equal type is enough */ + case cJSON_False: + case cJSON_True: + case cJSON_NULL: + return true; + + case cJSON_Number: + if (compare_double(a->valuedouble, b->valuedouble)) + { + return true; + } + return false; + + case cJSON_String: + case cJSON_Raw: + if ((a->valuestring == NULL) || (b->valuestring == NULL)) + { + return false; + } + if (strcmp(a->valuestring, b->valuestring) == 0) + { + return true; + } + + return false; + + case cJSON_Array: + { + cJSON *a_element = a->child; + cJSON *b_element = b->child; + + for (; (a_element != NULL) && (b_element != NULL);) + { + if (!cJSON_Compare(a_element, b_element, case_sensitive)) + { + return false; + } + + a_element = a_element->next; + b_element = b_element->next; + } + + /* one of the arrays is longer than the other */ + if (a_element != b_element) { + return false; + } + + return true; + } + + case cJSON_Object: + { + cJSON *a_element = NULL; + cJSON *b_element = NULL; + cJSON_ArrayForEach(a_element, a) + { + /* TODO This has O(n^2) runtime, which is horrible! */ + b_element = get_object_item(b, a_element->string, case_sensitive); + if (b_element == NULL) + { + return false; + } + + if (!cJSON_Compare(a_element, b_element, case_sensitive)) + { + return false; + } + } + + /* doing this twice, once on a and b to prevent true comparison if a subset of b + * TODO: Do this the proper way, this is just a fix for now */ + cJSON_ArrayForEach(b_element, b) + { + a_element = get_object_item(a, b_element->string, case_sensitive); + if (a_element == NULL) + { + return false; + } + + if (!cJSON_Compare(b_element, a_element, case_sensitive)) + { + return false; + } + } + + return true; + } + + default: + return false; + } +} + +CJSON_PUBLIC(void *) cJSON_malloc(size_t size) +{ + return global_hooks.allocate(size); +} + +CJSON_PUBLIC(void) cJSON_free(void *object) +{ + global_hooks.deallocate(object); +} diff --git a/thirdparty/cjson/cJSON.h b/thirdparty/cjson/cJSON.h new file mode 100644 index 0000000..92907a2 --- /dev/null +++ b/thirdparty/cjson/cJSON.h @@ -0,0 +1,293 @@ +/* + Copyright (c) 2009-2017 Dave Gamble and cJSON contributors + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. +*/ + +#ifndef cJSON__h +#define cJSON__h + +#ifdef __cplusplus +extern "C" +{ +#endif + +#if !defined(__WINDOWS__) && (defined(WIN32) || defined(WIN64) || defined(_MSC_VER) || defined(_WIN32)) +#define __WINDOWS__ +#endif + +#ifdef __WINDOWS__ + +/* When compiling for windows, we specify a specific calling convention to avoid issues where we are being called from a project with a different default calling convention. For windows you have 3 define options: + +CJSON_HIDE_SYMBOLS - Define this in the case where you don't want to ever dllexport symbols +CJSON_EXPORT_SYMBOLS - Define this on library build when you want to dllexport symbols (default) +CJSON_IMPORT_SYMBOLS - Define this if you want to dllimport symbol + +For *nix builds that support visibility attribute, you can define similar behavior by + +setting default visibility to hidden by adding +-fvisibility=hidden (for gcc) +or +-xldscope=hidden (for sun cc) +to CFLAGS + +then using the CJSON_API_VISIBILITY flag to "export" the same symbols the way CJSON_EXPORT_SYMBOLS does + +*/ + +#define CJSON_CDECL __cdecl +#define CJSON_STDCALL __stdcall + +/* export symbols by default, this is necessary for copy pasting the C and header file */ +#if !defined(CJSON_HIDE_SYMBOLS) && !defined(CJSON_IMPORT_SYMBOLS) && !defined(CJSON_EXPORT_SYMBOLS) +#define CJSON_EXPORT_SYMBOLS +#endif + +#if defined(CJSON_HIDE_SYMBOLS) +#define CJSON_PUBLIC(type) type CJSON_STDCALL +#elif defined(CJSON_EXPORT_SYMBOLS) +#define CJSON_PUBLIC(type) __declspec(dllexport) type CJSON_STDCALL +#elif defined(CJSON_IMPORT_SYMBOLS) +#define CJSON_PUBLIC(type) __declspec(dllimport) type CJSON_STDCALL +#endif +#else /* !__WINDOWS__ */ +#define CJSON_CDECL +#define CJSON_STDCALL + +#if (defined(__GNUC__) || defined(__SUNPRO_CC) || defined (__SUNPRO_C)) && defined(CJSON_API_VISIBILITY) +#define CJSON_PUBLIC(type) __attribute__((visibility("default"))) type +#else +#define CJSON_PUBLIC(type) type +#endif +#endif + +/* project version */ +#define CJSON_VERSION_MAJOR 1 +#define CJSON_VERSION_MINOR 7 +#define CJSON_VERSION_PATCH 15 + +#include + +/* cJSON Types: */ +#define cJSON_Invalid (0) +#define cJSON_False (1 << 0) +#define cJSON_True (1 << 1) +#define cJSON_NULL (1 << 2) +#define cJSON_Number (1 << 3) +#define cJSON_String (1 << 4) +#define cJSON_Array (1 << 5) +#define cJSON_Object (1 << 6) +#define cJSON_Raw (1 << 7) /* raw json */ + +#define cJSON_IsReference 256 +#define cJSON_StringIsConst 512 + +/* The cJSON structure: */ +typedef struct cJSON +{ + /* next/prev allow you to walk array/object chains. Alternatively, use GetArraySize/GetArrayItem/GetObjectItem */ + struct cJSON *next; + struct cJSON *prev; + /* An array or object item will have a child pointer pointing to a chain of the items in the array/object. */ + struct cJSON *child; + + /* The type of the item, as above. */ + int type; + + /* The item's string, if type==cJSON_String and type == cJSON_Raw */ + char *valuestring; + /* writing to valueint is DEPRECATED, use cJSON_SetNumberValue instead */ + int valueint; + /* The item's number, if type==cJSON_Number */ + double valuedouble; + + /* The item's name string, if this item is the child of, or is in the list of subitems of an object. */ + char *string; +} cJSON; + +typedef struct cJSON_Hooks +{ + /* malloc/free are CDECL on Windows regardless of the default calling convention of the compiler, so ensure the hooks allow passing those functions directly. */ + void *(CJSON_CDECL *malloc_fn)(size_t sz); + void (CJSON_CDECL *free_fn)(void *ptr); +} cJSON_Hooks; + +typedef int cJSON_bool; + +/* Limits how deeply nested arrays/objects can be before cJSON rejects to parse them. + * This is to prevent stack overflows. */ +#ifndef CJSON_NESTING_LIMIT +#define CJSON_NESTING_LIMIT 1000 +#endif + +/* returns the version of cJSON as a string */ +CJSON_PUBLIC(const char*) cJSON_Version(void); + +/* Supply malloc, realloc and free functions to cJSON */ +CJSON_PUBLIC(void) cJSON_InitHooks(cJSON_Hooks* hooks); + +/* Memory Management: the caller is always responsible to free the results from all variants of cJSON_Parse (with cJSON_Delete) and cJSON_Print (with stdlib free, cJSON_Hooks.free_fn, or cJSON_free as appropriate). The exception is cJSON_PrintPreallocated, where the caller has full responsibility of the buffer. */ +/* Supply a block of JSON, and this returns a cJSON object you can interrogate. */ +CJSON_PUBLIC(cJSON *) cJSON_Parse(const char *value); +CJSON_PUBLIC(cJSON *) cJSON_ParseWithLength(const char *value, size_t buffer_length); +/* ParseWithOpts allows you to require (and check) that the JSON is null terminated, and to retrieve the pointer to the final byte parsed. */ +/* If you supply a ptr in return_parse_end and parsing fails, then return_parse_end will contain a pointer to the error so will match cJSON_GetErrorPtr(). */ +CJSON_PUBLIC(cJSON *) cJSON_ParseWithOpts(const char *value, const char **return_parse_end, cJSON_bool require_null_terminated); +CJSON_PUBLIC(cJSON *) cJSON_ParseWithLengthOpts(const char *value, size_t buffer_length, const char **return_parse_end, cJSON_bool require_null_terminated); + +/* Render a cJSON entity to text for transfer/storage. */ +CJSON_PUBLIC(char *) cJSON_Print(const cJSON *item); +/* Render a cJSON entity to text for transfer/storage without any formatting. */ +CJSON_PUBLIC(char *) cJSON_PrintUnformatted(const cJSON *item); +/* Render a cJSON entity to text using a buffered strategy. prebuffer is a guess at the final size. guessing well reduces reallocation. fmt=0 gives unformatted, =1 gives formatted */ +CJSON_PUBLIC(char *) cJSON_PrintBuffered(const cJSON *item, int prebuffer, cJSON_bool fmt); +/* Render a cJSON entity to text using a buffer already allocated in memory with given length. Returns 1 on success and 0 on failure. */ +/* NOTE: cJSON is not always 100% accurate in estimating how much memory it will use, so to be safe allocate 5 bytes more than you actually need */ +CJSON_PUBLIC(cJSON_bool) cJSON_PrintPreallocated(cJSON *item, char *buffer, const int length, const cJSON_bool format); +/* Delete a cJSON entity and all subentities. */ +CJSON_PUBLIC(void) cJSON_Delete(cJSON *item); + +/* Returns the number of items in an array (or object). */ +CJSON_PUBLIC(int) cJSON_GetArraySize(const cJSON *array); +/* Retrieve item number "index" from array "array". Returns NULL if unsuccessful. */ +CJSON_PUBLIC(cJSON *) cJSON_GetArrayItem(const cJSON *array, int index); +/* Get item "string" from object. Case insensitive. */ +CJSON_PUBLIC(cJSON *) cJSON_GetObjectItem(const cJSON * const object, const char * const string); +CJSON_PUBLIC(cJSON *) cJSON_GetObjectItemCaseSensitive(const cJSON * const object, const char * const string); +CJSON_PUBLIC(cJSON_bool) cJSON_HasObjectItem(const cJSON *object, const char *string); +/* For analysing failed parses. This returns a pointer to the parse error. You'll probably need to look a few chars back to make sense of it. Defined when cJSON_Parse() returns 0. 0 when cJSON_Parse() succeeds. */ +CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void); + +/* Check item type and return its value */ +CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item); +CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item); + +/* These functions check the type of an item */ +CJSON_PUBLIC(cJSON_bool) cJSON_IsInvalid(const cJSON * const item); +CJSON_PUBLIC(cJSON_bool) cJSON_IsFalse(const cJSON * const item); +CJSON_PUBLIC(cJSON_bool) cJSON_IsTrue(const cJSON * const item); +CJSON_PUBLIC(cJSON_bool) cJSON_IsBool(const cJSON * const item); +CJSON_PUBLIC(cJSON_bool) cJSON_IsNull(const cJSON * const item); +CJSON_PUBLIC(cJSON_bool) cJSON_IsNumber(const cJSON * const item); +CJSON_PUBLIC(cJSON_bool) cJSON_IsString(const cJSON * const item); +CJSON_PUBLIC(cJSON_bool) cJSON_IsArray(const cJSON * const item); +CJSON_PUBLIC(cJSON_bool) cJSON_IsObject(const cJSON * const item); +CJSON_PUBLIC(cJSON_bool) cJSON_IsRaw(const cJSON * const item); + +/* These calls create a cJSON item of the appropriate type. */ +CJSON_PUBLIC(cJSON *) cJSON_CreateNull(void); +CJSON_PUBLIC(cJSON *) cJSON_CreateTrue(void); +CJSON_PUBLIC(cJSON *) cJSON_CreateFalse(void); +CJSON_PUBLIC(cJSON *) cJSON_CreateBool(cJSON_bool boolean); +CJSON_PUBLIC(cJSON *) cJSON_CreateNumber(double num); +CJSON_PUBLIC(cJSON *) cJSON_CreateString(const char *string); +/* raw json */ +CJSON_PUBLIC(cJSON *) cJSON_CreateRaw(const char *raw); +CJSON_PUBLIC(cJSON *) cJSON_CreateArray(void); +CJSON_PUBLIC(cJSON *) cJSON_CreateObject(void); + +/* Create a string where valuestring references a string so + * it will not be freed by cJSON_Delete */ +CJSON_PUBLIC(cJSON *) cJSON_CreateStringReference(const char *string); +/* Create an object/array that only references it's elements so + * they will not be freed by cJSON_Delete */ +CJSON_PUBLIC(cJSON *) cJSON_CreateObjectReference(const cJSON *child); +CJSON_PUBLIC(cJSON *) cJSON_CreateArrayReference(const cJSON *child); + +/* These utilities create an Array of count items. + * The parameter count cannot be greater than the number of elements in the number array, otherwise array access will be out of bounds.*/ +CJSON_PUBLIC(cJSON *) cJSON_CreateIntArray(const int *numbers, int count); +CJSON_PUBLIC(cJSON *) cJSON_CreateFloatArray(const float *numbers, int count); +CJSON_PUBLIC(cJSON *) cJSON_CreateDoubleArray(const double *numbers, int count); +CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char *const *strings, int count); + +/* Append item to the specified array/object. */ +CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToArray(cJSON *array, cJSON *item); +CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObject(cJSON *object, const char *string, cJSON *item); +/* Use this when string is definitely const (i.e. a literal, or as good as), and will definitely survive the cJSON object. + * WARNING: When this function was used, make sure to always check that (item->type & cJSON_StringIsConst) is zero before + * writing to `item->string` */ +CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObjectCS(cJSON *object, const char *string, cJSON *item); +/* Append reference to item to the specified array/object. Use this when you want to add an existing cJSON to a new cJSON, but don't want to corrupt your existing cJSON. */ +CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToArray(cJSON *array, cJSON *item); +CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToObject(cJSON *object, const char *string, cJSON *item); + +/* Remove/Detach items from Arrays/Objects. */ +CJSON_PUBLIC(cJSON *) cJSON_DetachItemViaPointer(cJSON *parent, cJSON * const item); +CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromArray(cJSON *array, int which); +CJSON_PUBLIC(void) cJSON_DeleteItemFromArray(cJSON *array, int which); +CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObject(cJSON *object, const char *string); +CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObjectCaseSensitive(cJSON *object, const char *string); +CJSON_PUBLIC(void) cJSON_DeleteItemFromObject(cJSON *object, const char *string); +CJSON_PUBLIC(void) cJSON_DeleteItemFromObjectCaseSensitive(cJSON *object, const char *string); + +/* Update array items. */ +CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON *newitem); /* Shifts pre-existing items to the right. */ +CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemViaPointer(cJSON * const parent, cJSON * const item, cJSON * replacement); +CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInArray(cJSON *array, int which, cJSON *newitem); +CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObject(cJSON *object,const char *string,cJSON *newitem); +CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObjectCaseSensitive(cJSON *object,const char *string,cJSON *newitem); + +/* Duplicate a cJSON item */ +CJSON_PUBLIC(cJSON *) cJSON_Duplicate(const cJSON *item, cJSON_bool recurse); +/* Duplicate will create a new, identical cJSON item to the one you pass, in new memory that will + * need to be released. With recurse!=0, it will duplicate any children connected to the item. + * The item->next and ->prev pointers are always zero on return from Duplicate. */ +/* Recursively compare two cJSON items for equality. If either a or b is NULL or invalid, they will be considered unequal. + * case_sensitive determines if object keys are treated case sensitive (1) or case insensitive (0) */ +CJSON_PUBLIC(cJSON_bool) cJSON_Compare(const cJSON * const a, const cJSON * const b, const cJSON_bool case_sensitive); + +/* Minify a strings, remove blank characters(such as ' ', '\t', '\r', '\n') from strings. + * The input pointer json cannot point to a read-only address area, such as a string constant, + * but should point to a readable and writable address area. */ +CJSON_PUBLIC(void) cJSON_Minify(char *json); + +/* Helper functions for creating and adding items to an object at the same time. + * They return the added item or NULL on failure. */ +CJSON_PUBLIC(cJSON*) cJSON_AddNullToObject(cJSON * const object, const char * const name); +CJSON_PUBLIC(cJSON*) cJSON_AddTrueToObject(cJSON * const object, const char * const name); +CJSON_PUBLIC(cJSON*) cJSON_AddFalseToObject(cJSON * const object, const char * const name); +CJSON_PUBLIC(cJSON*) cJSON_AddBoolToObject(cJSON * const object, const char * const name, const cJSON_bool boolean); +CJSON_PUBLIC(cJSON*) cJSON_AddNumberToObject(cJSON * const object, const char * const name, const double number); +CJSON_PUBLIC(cJSON*) cJSON_AddStringToObject(cJSON * const object, const char * const name, const char * const string); +CJSON_PUBLIC(cJSON*) cJSON_AddRawToObject(cJSON * const object, const char * const name, const char * const raw); +CJSON_PUBLIC(cJSON*) cJSON_AddObjectToObject(cJSON * const object, const char * const name); +CJSON_PUBLIC(cJSON*) cJSON_AddArrayToObject(cJSON * const object, const char * const name); + +/* When assigning an integer value, it needs to be propagated to valuedouble too. */ +#define cJSON_SetIntValue(object, number) ((object) ? (object)->valueint = (object)->valuedouble = (number) : (number)) +/* helper for the cJSON_SetNumberValue macro */ +CJSON_PUBLIC(double) cJSON_SetNumberHelper(cJSON *object, double number); +#define cJSON_SetNumberValue(object, number) ((object != NULL) ? cJSON_SetNumberHelper(object, (double)number) : (number)) +/* Change the valuestring of a cJSON_String object, only takes effect when type of object is cJSON_String */ +CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring); + +/* Macro for iterating over an array or object */ +#define cJSON_ArrayForEach(element, array) for(element = (array != NULL) ? (array)->child : NULL; element != NULL; element = element->next) + +/* malloc/free objects using the malloc/free functions that have been set with cJSON_InitHooks */ +CJSON_PUBLIC(void *) cJSON_malloc(size_t size); +CJSON_PUBLIC(void) cJSON_free(void *object); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/thirdparty/kunpengsecl/verifier/custom_base64url.h b/thirdparty/kunpengsecl/verifier/custom_base64url.h new file mode 100644 index 0000000..1e003da --- /dev/null +++ b/thirdparty/kunpengsecl/verifier/custom_base64url.h @@ -0,0 +1,20 @@ +/* +kunpengsecl licensed under the Mulan PSL v2. +You can use this software according to the terms and conditions of +the Mulan PSL v2. You may obtain a copy of Mulan PSL v2 at: + http://license.coscl.org.cn/MulanPSL2 +THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +See the Mulan PSL v2 for more details. +*/ + +#ifndef CUSTOM_BASE64URL_H +#define CUSTOM_BASE64URL_H + +#include + +void base64urlencode(const uint8_t *src, int src_len, uint8_t *cipher, int *dest_len); +uint8_t *base64urldecode(const uint8_t *src, int src_len, int *dest_len); + +#endif diff --git a/thirdparty/kunpengsecl/verifier/teeverifier.h b/thirdparty/kunpengsecl/verifier/teeverifier.h new file mode 100644 index 0000000..4a311f6 --- /dev/null +++ b/thirdparty/kunpengsecl/verifier/teeverifier.h @@ -0,0 +1,50 @@ +/* +kunpengsecl licensed under the Mulan PSL v2. +You can use this software according to the terms and conditions of +the Mulan PSL v2. You may obtain a copy of Mulan PSL v2 at: + http://license.coscl.org.cn/MulanPSL2 +THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +See the Mulan PSL v2 for more details. +*/ + +#ifndef __VERIFIER_LIB__ +#define __VERIFIER_LIB__ + +#include +#include +#include +#include +#include +#include +#include + +#define UUID_SIZE 16 +#define HASH_SIZE 32 +//Attester will send the report by this type +typedef struct{ + uint32_t size; + uint8_t *buf; +} buffer_data; + +typedef struct +{ + uint8_t uuid[UUID_SIZE]; + uint8_t valueinfo[2][HASH_SIZE]; // valueinfo[0]=img measurement and valueinfo[1]=mem measurement +} base_value; + +enum error_status_code { + TVS_ALL_SUCCESSED = 0, + TVS_VERIFIED_NONCE_FAILED = -1, + TVS_VERIFIED_SIGNATURE_FAILED = -2, + TVS_VERIFIED_HASH_FAILED = -3, +}; + +int tee_verify_report(buffer_data *data_buf,buffer_data *nonce,int type, char *filename); +int tee_validate_report(buffer_data *buf_data, buffer_data *nonce); +int tee_verify_report2(buffer_data *buf_data, int type,base_value *baseval); +bool tee_verify_akcert(buffer_data *akcert, int type, const char *refval); +bool tee_get_akcert_data(buffer_data *akcert, buffer_data *akpub, buffer_data *drkcrt); + +#endif diff --git a/thirdparty/libqca/ra_client_api.h b/thirdparty/libqca/ra_client_api.h new file mode 100644 index 0000000..dd793a3 --- /dev/null +++ b/thirdparty/libqca/ra_client_api.h @@ -0,0 +1,22 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. + * Licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ +#ifndef LIBQCA_H +#define LIBQCA_H +#include + +struct ra_buffer_data { + uint32_t size; + uint8_t *buf; +}; + +TEEC_Result RemoteAttest(struct ra_buffer_data *in, struct ra_buffer_data *out); +#endif diff --git a/tools/sign_tool/generate_signature.py b/tools/sign_tool/generate_signature.py deleted file mode 100644 index b3264ba..0000000 --- a/tools/sign_tool/generate_signature.py +++ /dev/null @@ -1,56 +0,0 @@ -#!/usr/bin/env python -# coding:utf-8 -#---------------------------------------------------------------------------- -# Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved. -# iTrustee licensed under the Mulan PSL v2. -# You can use this software according to the terms and conditions of the Mulan -# PSL v2. -# You may obtain a copy of Mulan PSL v2 at: -# http://license.coscl.org.cn/MulanPSL2 -# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY -# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO -# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. -# See the Mulan PSL v2 for more details. -# Description: tools for generating a trusted application load image -# Author: Li mingjuan -# Create: 2020-10-27 -#---------------------------------------------------------------------------- - -import struct -import os -import hashlib -import subprocess - -HASH256 = 0 -HASH512 = 1 - -def gen_hash(hash_type, in_file_path, out_file_path): - in_file_size = os.path.getsize(in_file_path) - # Initialize a SHA256 object from the Python hash library - if int(hash_type) == HASH256: - hash_op = hashlib.sha256() - elif int(hash_type) == HASH512: - hash_op = hashlib.sha512() - # Set the input buffer and return the output digest - with open(in_file_path, 'rb') as in_file: - hash_op.update(in_file.read(in_file_size)) - - #-----hash file used for ras sign--- - with open(out_file_path, 'wb') as hash_fp: - # fixed hash prefix value - hash_fp.write(struct.pack('B'*19, 0x30, 0x31, 0x30, 0x0d, 0x06, \ - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, \ - 0x05, 0x00, 0x04, 0x20)) - hash_fp.write(hash_op.digest()) - return - -def gen_ta_signature(cfg, hash_file_path, out_file_path): - cmd = "openssl rsautl -sign -inkey {} -in {} -out {}".\ - format(cfg.sign_key, hash_file_path, out_file_path) - try: - subprocess.check_output(cmd.split(), shell=False) - except Exception: - print("sign operation failed") - raise RuntimeError - return - diff --git a/tools/sign_tool/manifest.py b/tools/sign_tool/manifest.py deleted file mode 100644 index 9cc2360..0000000 --- a/tools/sign_tool/manifest.py +++ /dev/null @@ -1,322 +0,0 @@ -#!/usr/bin/env python -# coding:utf-8 -#---------------------------------------------------------------------------- -# Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. -# iTrustee licensed under the Mulan PSL v2. -# You can use this software according to the terms and conditions of the Mulan -# PSL v2. -# You may obtain a copy of Mulan PSL v2 at: -# http://license.coscl.org.cn/MulanPSL2 -# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY -# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO -# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. -# See the Mulan PSL v2 for more details. -# Description: tools for generating a trusted application load image -# Author: Li mingjuan -# Create: 2018-02-20 -#---------------------------------------------------------------------------- -import string -import struct -import uuid -import os - -PRODUCT_TA_IMAGE = 1 -PRODUCT_DYN_LIB = 2 -PRODUCT_SERVICE_IMAGE = 3 - - -class PackUuid: - # Structure object to align and package the TEE_UUID - data = struct.Struct('IHH8b') - - def __init__(self, data): - unpacked_data = (PackUuid.data).unpack(str.encode(data)) - self.unpacked_data = unpacked_data - self.time_low = unpacked_data[0] - self.time_mid = unpacked_data[1] - self.time_hi_version = unpacked_data[2] - self.clock_seq_node = unpacked_data[3] - - def print_values(self): - print("ATTRIBUTE / VALUE") - for attr, value in self.__dict__.items(): - print(attr, value) - - def get_pack_data(self): - values = [self.time_low, - self.time_mid, - self.time_hi_version, - self.clock_seq_node, - ] - - return (PackUuid.data).pack(*values) - - -#---------------------------------------------------------------------------- -# Manifest -#---------------------------------------------------------------------------- -class Manifest: - - # Structure object to align and package the Manifest - data = struct.Struct('I' * 6) - - def __init__(self, data): - unpacked_data = (Manifest.data).unpack(str.encode(data)) - self.unpacked_data = unpacked_data - self.single_instance = unpacked_data[0] - self.multi_session = unpacked_data[1] - self.multi_command = unpacked_data[2] - self.heap_size = unpacked_data[3] - self.stack_size = unpacked_data[4] - self.instancekeepalive = unpacked_data[5] - - def print_values(self): - print("ATTRIBUTE / VALUE") - for attr, value in self.__dict__.items(): - print(attr, value) - - def get_pack_data(self): - values = [self.single_instance, - self.multi_session, - self.multi_command, - self.heap_size, - self.stack_size, - self.instancekeepalive, - ] - - return (Manifest.data).pack(*values) - - -#---------------------------------------------------------------------------- -# verify property name in manifest file -#---------------------------------------------------------------------------- -def verify_property_name(str_line): - print('verify property name') - alphas = string.ascii_letters + string.digits - cont = "".join([alphas, '-', '_', '.']) - if len(str_line) > 1: - if str_line[0] not in alphas: - print('invalid first letter in property name') - return False - else: - for otherchar in str_line[1:]: - if otherchar not in cont: - print('invalid char in property name') - return False - else: - print('invalid property name') - return False - - return True - - -#---------------------------------------------------------------------------- -# verify property value in manifest file -#---------------------------------------------------------------------------- -def verify_property_value(str_line): - print('verify property value') - filt_letter = chr(0) + chr(10) + chr(13) - for thechar in str_line: - if thechar in filt_letter: - print('invalid letter in prop value') - return False - return True - - -#---------------------------------------------------------------------------- -# remove tabs and space in property value -#---------------------------------------------------------------------------- -def trailing_space_tabs(str_line): - print('trailing space tabs in value head and trail') - space_tabs = chr(9) + chr(32) + chr(160) - space_tabs_newlines = space_tabs + chr(10) + chr(13) - print('tab: {}'.format(space_tabs)) - - print('str in: {}'.format(str_line)) - index = 0 - for thechar in str_line: - if thechar in space_tabs: - index += 1 - else: - break - headvalue = str_line[index:] - - strlen = len(headvalue) - - strlen -= 1 - - while strlen > 0: - if headvalue[strlen] in space_tabs_newlines: - strlen -= 1 - else: - break - - str_ret = headvalue[0:strlen+1] + chr(10) - print('str ret: {}'.format(str_ret)) - - return str_ret - - -#---------------------------------------------------------------------------- -# verify manifest file, parse manifest file, generate a new manfiest file -#---------------------------------------------------------------------------- -def parser_manifest(manifest, manifest_data_path, mani_ext): - print('verify manifest') - target_type = PRODUCT_TA_IMAGE - - uuid_val = PackUuid('\0' * 16) - - #manifest default - manifest_val = Manifest('\0'*24) - - manifest_val.single_instance = 1 - manifest_val.multi_session = 0 - manifest_val.multi_command = 0 - manifest_val.instancekeepalive = 0 - manifest_val.heap_size = 16384 - manifest_val.stack_size = 2048 - - service_name = 'external_service' - - with open(manifest, 'r') as mani_fp, open(mani_ext, 'wb') as mani_ext_fp: - for each_line in mani_fp: - print(each_line) - if each_line.startswith("#") or not len(each_line.strip()): - continue - index = each_line.find(':', 1, len(each_line)) - - prop_name = each_line[0:index] - prop_name_t = each_line[0:index+1] - prop_value_t = each_line[index+1:] - print('name is: {}; value is: {}'.format(prop_name, prop_value_t)) - - prop_value = trailing_space_tabs(prop_value_t) - prop_len = len(prop_value) - prop_value_v = prop_value[0:prop_len-1] - print('prop value_v: {}'.format(prop_value_v)) - - if verify_property_name(prop_name) is False: - print('manifest format invalid, please check it') - return (False, 0) - - if verify_property_value(prop_value_v) is False: - print('manifest format invalid, please check it') - return (False, 0) - - # name:value to lowcase, and parse manifest - prop_name_low = prop_name.lower() - print("name lower: {}".format(prop_name_low)) - if 'gpd.ta.appid' == prop_name_low: - print("compare name is srv id") - uuid_val = uuid.UUID(prop_value_v) - print('uuid str {}'.format(uuid_val)) - print('val fields {}'.format(uuid_val.fields)) - - elif 'gpd.ta.singleinstance' == prop_name_low: - prop_value_low = prop_value_v.lower() - if 'true' == prop_value_low: - manifest_val.single_instance = 1 - elif 'false' == prop_value_low: - manifest_val.single_instance = 0 - else: - print('single_instance value error!') - - elif 'gpd.ta.multisession' == prop_name_low: - prop_value_low = prop_value_v.lower() - if 'true' == prop_value_low: - manifest_val.multi_session = 1 - elif 'false' == prop_value_low: - manifest_val.multi_session = 0 - else: - print('multi_session value error!') - - elif 'gpd.ta.multicommand' == prop_name_low: - prop_value_low = prop_value_v.lower() - if 'true' == prop_value_low: - manifest_val.multi_command = 1 - elif 'false' == prop_value_low: - manifest_val.multi_command = 0 - else: - print('multi_command value error!') - - elif 'gpd.ta.instancekeepalive' == prop_name_low: - prop_value_low = prop_value_v.lower() - if 'true' == prop_value_low: - manifest_val.instancekeepalive = 1 - elif 'false' == prop_value_low: - manifest_val.instancekeepalive = 0 - else: - print('instancekeepalive value error!') - - elif 'gpd.ta.datasize' == prop_name_low: - manifest_val.heap_size = int(prop_value_v) - print('b') - - elif 'gpd.ta.stacksize' == prop_name_low: - manifest_val.stack_size = int(prop_value_v) - print('b') - - elif 'gpd.ta.service_name' == prop_name_low: - service_name = prop_value_v - print('b') - - else: - print('b') - #write have not paresed manifest into sample.manifest file - mani_ext_fp.write(str.encode(prop_name_t)) - mani_ext_fp.write(str.encode(prop_value)) - if 'gpd.ta.is_tee_service' == prop_name_low: - prop_value_low = prop_value_v.lower() - if 'true' == prop_value_low: - target_type = PRODUCT_SERVICE_IMAGE - elif 'gpd.ta.is_lib' == prop_name_low: - prop_value_low = prop_value_v.lower() - if 'true' == prop_value_low: - target_type = PRODUCT_DYN_LIB - - #write the whole parsed manifest into sample.manifest file - - service_name_len = len(service_name) - print('service name: {}'.format(service_name)) - print('service name len: {}'.format(service_name_len)) - if service_name_len > 64: - print("service name len exceed MAX value 27") - raise RuntimeError - - # get manifest string file len - manifest_str_size = os.path.getsize(mani_ext) - print('manifest str size {}'.format(manifest_str_size)) - - # 2> manifest + service_name - print("bytes len {}".format(len(uuid_val.bytes_le))) - print("bytes len {}".format(len(manifest_val.get_pack_data()))) - print("bytes len {}".format(len(service_name))) - - # 3> unparsed manifest, string manifest - with open(mani_ext, 'rb') as string_mani_fp: - print("read manifest string size {}".format(manifest_str_size)) - manifest_string_buf = string_mani_fp.read(manifest_str_size) - print("manifest strint: {}".format(manifest_string_buf)) - - #---- write manifest parse context to manifest file - with open(manifest_data_path, 'wb') as out_manifest_fp: - out_manifest_fp.write(uuid_val.bytes_le) - out_manifest_fp.write(str.encode(service_name)) - out_manifest_fp.write(manifest_val.get_pack_data()) - - product_name = str(uuid_val) - if target_type == PRODUCT_TA_IMAGE: - print("product type is ta image") - product_name = "".join([product_name, ".sec"]) - elif target_type == PRODUCT_SERVICE_IMAGE: - print("product type is service") - product_name = "".join([product_name, service_name, "_svr.sec"]) - elif target_type == PRODUCT_DYN_LIB: - print("product type is dyn lib") - product_name = "".join([product_name, service_name, ".so.sec"]) - else: - print("invalid product type!") - raise RuntimeError - - return (True, product_name) - diff --git a/tools/sign_tool/sign_tool.sh b/tools/sign_tool/sign_tool.sh index daca711..f150aed 100755 --- a/tools/sign_tool/sign_tool.sh +++ b/tools/sign_tool/sign_tool.sh @@ -1,27 +1,10 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. -# secGear is licensed under the Mulan PSL v2. -# You can use this software according to the terms and conditions of the Mulan PSL v2. -# You may obtain a copy of Mulan PSL v2 at: -# http://license.coscl.org.cn/MulanPSL2 -# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -# PURPOSE. -# See the Mulan PSL v2 for more details. - #!/bin/bash -VERSION=3 API_LEVEL=2 ONE_STEP_MODE=1 -localpath="$(cd "$(dirname "$0")"; pwd)" -pypath="/lib/secGear" -if [ -f ${localpath}/signtool_v3.py ]; then - signtoolpath=${localpath} -else - signtoolpath=${pypath} -fi +signtoolpath="/opt/itrustee_sdk/build/signtools/" -print_help(){ +print_help() { echo "sign tool usage: ./sign_tool.sh [options] ..." echo "[options]" echo "-c basic config file." @@ -31,8 +14,8 @@ print_help(){ echo " The dump command is used to generate metadata for sgx signed enclave." echo "-i input parameter, which is enclave to be signed for digest/sign command, and signed enclave for" echo " dump command." - echo "-k private key required for single-step method. NOTE: single-step method is only for the dubug mode," - echo " plaintext private key does exist in the production environment." + echo "-k private key required for single-step method. Note: single-step method is only for the debug mode," + echo "-k plaintext private key does exist in the production environment." echo "-m additional config_cloud.ini for trustzone." echo "-o output parameter, the sign command outputs signed enclave, the digest command outputs signing" echo " material, the dump command outputs data containing the SIGStruct metadata for the SGX signed" @@ -45,81 +28,81 @@ print_help(){ } -while getopts "c:d:i:k:m:o:p:s:x:h" opt -do +while getopts "c:d:i:k:m:o:p:s:x:h" opt; do case $opt in c) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -c is missing or incorrect" - exit -1 - fi - CONFIG_FILE=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -c is missing or incorrect" + exit 1 + fi + CONFIG_FILE=$OPTARG + ;; d) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -d is missing or incorrect" - exit -1 - fi - typeset -l CMD - CMD=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -d is missing or incorrect" + exit 1 + fi + typeset -l CMD + CMD=$OPTARG + ;; i) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -i is missing or incorrect" - exit -1 - fi - IN_ENCLAVE=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -i is missing or incorrect" + exit 1 + fi + IN_ENCLAVE=$OPTARG + ;; k) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -k is missing or incorrect" - exit -1 - fi - SIG_KEY=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -k is missing or incorrect" + exit 1 + fi + SIG_KEY=$OPTARG + ;; m) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -m is missing or incorrect" - exit -1 - fi - A_CONFIG_FILE=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -m is missing or incorrect" + exit 1 + fi + A_CONFIG_FILE=$OPTARG + ;; o) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -o is missing or incorrect" - exit -1 - fi - OUT_FILE=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -o is missing or incorrect" + exit 1 + fi + OUT_FILE=$OPTARG + ;; p) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -p is missing or incorrect" - exit -1 - fi - SERVER_PUBKEY=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -p is missing or incorrect" + exit 1 + fi + SERVER_PUBKEY=$OPTARG + ;; s) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -s is missing or incorrect" - exit -1 - fi - SIGNATURE=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -s is missing or incorrect" + exit 1 + fi + SIGNATURE=$OPTARG + ;; x) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -x is missing or incorrect" - exit -1 - fi - typeset -l ENCLAVE_TYPE - ENCLAVE_TYPE=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -x is missing or incorrect" + exit 1 + fi + typeset -l ENCLAVE_TYPE + ENCLAVE_TYPE=$OPTARG + ;; h) - print_help - exit 0 - ;; + print_help + exit 0 + ;; ?) - print_help - exit -1 + print_help + exit 1 + ;; esac done if [ ${OPTIND} == 1 ]; then @@ -127,103 +110,82 @@ if [ ${OPTIND} == 1 ]; then exit 0 fi -itrustee_start_sign(){ -# check_native_sign - if [ -z $A_CONFIG_FILE ]; then +itrustee_start_sign() { + # check_native_sign + if [ -z "$A_CONFIG_FILE" ]; then echo "Error: missing additional config_cloud.ini file for signing iTrustee enclave" - exit -1 + exit 1 fi if [ "${CMD}"x == "sign"x ]; then - if [ -z $SIGNATURE ]; then - ONE_STEP_MODE=1 - if [ -z $CONFIG_FILE ]; then - echo "Error: missing basic config file for signing iTrustee enclave" - exit -1 - fi - if [ -z $IN_ENCLAVE ]; then - echo "Error: missing enclave file" - exit -1 - fi - python ${signtoolpath}/signtool_v3.py "sign" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}" - else - ONE_STEP_MODE=0 - python ${signtoolpath}/signtool_v3.py "sign" "${ONE_STEP_MODE}" "NULL" "${OUT_FILE}" "NULL" "${A_CONFIG_FILE}" "${API_LEVEL}" "${SIGNATURE}" - fi - elif [ "${CMD}"x == "digest"x ]; then - ONE_STEP_MODE=0 - if [ -z $CONFIG_FILE ]; then - echo "Error: missing config file for signing iTrustee enclave" - exit -1 - fi - if [ -z $IN_ENCLAVE ]; then - echo "Error: missing enclave file" - exit -1 - fi - python ${signtoolpath}/signtool_v3.py "digest" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}" + IN_PATH=$(dirname ${CONFIG_FILE}) + cp ${IN_ENCLAVE} ${IN_PATH}/libcombine.so + OUT_PATH=$(dirname ${OUT_FILE}) + echo ${IN_PATH} ${OUT_PATH} + python -B ${signtoolpath}/signtool_v3.py ${IN_PATH} ${OUT_PATH} --privateCfg ${A_CONFIG_FILE} + #rm -rf ${IN_PATH}/libcombine.so else echo "Error: illegal command" fi } -sgx_start_sign(){ - if [ -z $IN_ENCLAVE ]; then +sgx_start_sign() { + if [ -z "$IN_ENCLAVE" ]; then echo "Error: missing enclave file" - exit -1 + exit 1 fi SIGDATA_FILE="signdata" if [ "${CMD}"x == "sign"x ]; then - if [ -z $SIGNATURE ]; then - if [ -z $SIG_KEY ]; then - echo "Error: missing sign key" - exit -1 - fi - if [ -z $CONFIG_FILE ]; then - sgx_sign sign -enclave ${IN_ENCLAVE} -key ${SIG_KEY} -out ${OUT_FILE} + if [ -z "$SIGNATURE" ]; then + if [ -z "$SIG_KEY" ]; then + echo "Error: missing sign key" + exit 1 + fi + if [ -z "$CONFIG_FILE" ]; then + sgx_sign sign -enclave "${IN_ENCLAVE}" -key "${SIG_KEY}" -out "${OUT_FILE}" else - sgx_sign sign -enclave ${IN_ENCLAVE} -key ${SIG_KEY} -out ${OUT_FILE} -config ${CONFIG_FILE} + sgx_sign sign -enclave "${IN_ENCLAVE}" -key "${SIG_KEY}" -out "${OUT_FILE}" -config "${CONFIG_FILE}" fi else - if [ -z $SERVER_PUBKEY ]; then + if [ -z "$SERVER_PUBKEY" ]; then echo "Error: missing server public key" - exit -1 - fi - if [ -z $CONFIG_FILE ]; then - sgx_sign catsig -enclave ${IN_ENCLAVE} -key ${SERVER_PUBKEY} -sig ${SIGNATURE} -unsigned ${SIGDATA_FILE} -out ${OUT_FILE} + exit 1 + fi + if [ -z "$CONFIG_FILE" ]; then + sgx_sign catsig -enclave "${IN_ENCLAVE}" -key "${SERVER_PUBKEY}" -sig "${SIGNATURE}" -unsigned "${SIGDATA_FILE}" -out "${OUT_FILE}" else - sgx_sign catsig -enclave ${IN_ENCLAVE} -key ${SERVER_PUBKEY} -sig ${SIGNATURE} -unsigned ${SIGDATA_FILE} -out ${OUT_FILE} -config ${CONFIG_FILE} + sgx_sign catsig -enclave "${IN_ENCLAVE}" -key "${SERVER_PUBKEY}" -sig "${SIGNATURE}" -unsigned "${SIGDATA_FILE}" -out "${OUT_FILE}" -config "${CONFIG_FILE}" fi rm -rf ${SIGDATA_FILE} fi elif [ "${CMD}"x == "digest"x ]; then - if [ -z $CONFIG_FILE ]; then - sgx_sign gendata -enclave ${IN_ENCLAVE} -out ${SIGDATA_FILE} + if [ -z "$CONFIG_FILE" ]; then + sgx_sign gendata -enclave "${IN_ENCLAVE}" -out "${SIGDATA_FILE}" else - sgx_sign gendata -enclave ${IN_ENCLAVE} -out ${SIGDATA_FILE} -config ${CONFIG_FILE} + sgx_sign gendata -enclave "${IN_ENCLAVE}" -out "${SIGDATA_FILE}" -config "${CONFIG_FILE}" fi - cp ${SIGDATA_FILE} ${OUT_FILE} + cp "${SIGDATA_FILE}" "${OUT_FILE}" elif [ "${CMD}"x == "dump"x ]; then - sgx_sign dump -enclave ${IN_ENCLAVE} -dumpfile ${OUT_FILE} + sgx_sign dump -enclave "${IN_ENCLAVE}" -dumpfile "${OUT_FILE}" else echo "Error: illegal command" fi } - -if [ -z $CMD ]; then +if [ -z "$CMD" ]; then echo "Error: missing command" - exit -1 + exit 1 fi -if [ -z $ENCLAVE_TYPE ]; then +if [ -z "$ENCLAVE_TYPE" ]; then echo "Error: missing enclave type" - exit -1 + exit 1 fi -if [ -z $OUT_FILE ]; then +if [ -z "$OUT_FILE" ]; then echo "Error: missing out file" - exit -1 + exit 1 fi umask 0077 -check_results=`uname -m` +check_results=$(uname -m) if [ "${ENCLAVE_TYPE}"x == "sgx"x ]; then if [ "${check_results}"x != "x86_64"x ]; then echo "Warning: the enclave type does not comply with current architecture" @@ -236,5 +198,5 @@ elif [ "${ENCLAVE_TYPE}"x == "trustzone"x ]; then itrustee_start_sign else echo "Error: illegal enclave type" - exit -1 + exit 1 fi diff --git a/tools/sign_tool/signtool_v3.py b/tools/sign_tool/signtool_v3.py deleted file mode 100644 index dae036f..0000000 --- a/tools/sign_tool/signtool_v3.py +++ /dev/null @@ -1,428 +0,0 @@ -#!/usr/bin/env python -# coding:utf-8 -#---------------------------------------------------------------------------- -# Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. -# iTrustee licensed under the Mulan PSL v2. -# You can use this software according to the terms and conditions of the Mulan -# PSL v2. -# You may obtain a copy of Mulan PSL v2 at: -# http://license.coscl.org.cn/MulanPSL2 -# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY -# KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO -# NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. -# See the Mulan PSL v2 for more details. -# Description: tools for generating a trusted application load image -# Author: Li mingjuan -# Create: 2018-02-20 -#---------------------------------------------------------------------------- - -import struct -import os -import sys -import stat -import hashlib -import binascii -import subprocess -import shutil -import getpass -import argparse - -try: - from configparser import SafeConfigParser -except ImportError: - from ConfigParser import SafeConfigParser - -from manifest import parser_manifest -from generate_signature import gen_ta_signature -from generate_signature import gen_hash - -# fixed value, {1, 2} version are abandoned. -VERSION = 3 -TA_VERSION = 3 - -MAX_EXT_PROP_LEN = 152 - -MAGIC1 = 0xA5A55A5A -MAGIC2 = 0x55AA - -# ELF Definitions -ELF_TYPE = 32 -ELF_HDR_SIZE = 52 -ELF_PHDR_SIZE = 32 -ELF_INFO_MAGIC0_INDEX = 0 -ELF_INFO_MAGIC1_INDEX = 1 -ELF_INFO_MAGIC2_INDEX = 2 -ELF_INFO_MAGIC3_INDEX = 3 -#'\x7f' -ELF_INFO_MAGIC0 = 127 -#'E' -ELF_INFO_MAGIC1 = 69 -#'L' -ELF_INFO_MAGIC2 = 76 -#'F' -ELF_INFO_MAGIC3 = 70 -ELF_INFO_CLASS_INDEX = 4 -ELF_INFO_CLASS_32 = 1 -ELF_INFO_CLASS_64 = 2 -ELF_INFO_VERSION_INDEX = 6 -ELF_INFO_VERSION_CURRENT = 1 -ELF_BLOCK_ALIGN = 0x1000 - - -#---------------------------------------------------------------------------- -# Verify ELF header contents from an input ELF file -#---------------------------------------------------------------------------- -def verify_elf_header(elf_path): - elf_type = 0 - with open(elf_path, 'rb') as elf: - elf_data = struct.unpack('B'*16, elf.read(16)) - elf_type = elf_data[4] - if ((elf_data[ELF_INFO_MAGIC0_INDEX] != ELF_INFO_MAGIC0) or \ - (elf_data[ELF_INFO_MAGIC1_INDEX] != ELF_INFO_MAGIC1) or \ - (elf_data[ELF_INFO_MAGIC2_INDEX] != ELF_INFO_MAGIC2) or \ - (elf_data[ELF_INFO_MAGIC3_INDEX] != ELF_INFO_MAGIC3) or \ - (elf_data[ELF_INFO_VERSION_INDEX] != \ - ELF_INFO_VERSION_CURRENT)): - print("invalid elf header info") - raise RuntimeError - - if ((elf_type == 1 and elf_data[ELF_INFO_CLASS_INDEX] != \ - ELF_INFO_CLASS_32) or \ - (elf_type == 2 and elf_data[ELF_INFO_CLASS_INDEX] != \ - ELF_INFO_CLASS_64) or \ - (elf_type != 1 and elf_type != 2)): - print("invliad elf format") - raise RuntimeError - return - - -class Configuration: - release_type = 0 - otrp_flag = 0 - sign_type = 0 - public_key = "" - pub_key_len = 0 - server_ip = "" - config_path = "" - sign_key = "" - sign_key_len = 2048 - hash_type = 0 - padding_type = 0 - - def __init__(self, file_name): - parser = SafeConfigParser() - parser.read(file_name) - self.release_type = parser.get("config", "releaseType") - self.otrp_flag = parser.get("config", "otrpFlag") - self.sign_type = parser.get("config", "signType") - self.public_key = parser.get("config", "encryptKey") - self.pub_key_len = parser.get("config", "encryptKeyLen") - self.server_ip = parser.get("config", "serverIp") - self.config_path = parser.get("config", "configPath") - self.sign_key = parser.get("config", "signKey") - self.sign_key_len = parser.get("config", "signKeyLen") - self.hash_type = parser.get("config", "hashType") - self.padding_type = parser.get("config", "paddingType") - - -def gen_header(content_len, key_version): - return struct.pack('IHHII', MAGIC1, MAGIC2, VERSION, content_len, \ - key_version) - - -def gen_aes_key_info(cfg, iv_file_path, key_file_path, out_file_path): - rand_iv_cmd = "openssl rand -out {} 16".format(iv_file_path) - rand_key_cmd = "openssl rand -out {} 32".format(key_file_path) - try: - subprocess.check_output(rand_iv_cmd.split(), shell=False) - subprocess.check_output(rand_key_cmd.split(), shell=False) - except Exception: - print("rand operation failed") - raise RuntimeError - - os.chmod(iv_file_path, stat.S_IWUSR | stat.S_IRUSR) - os.chmod(key_file_path, stat.S_IWUSR | stat.S_IRUSR) - - sign_alg = 0 - sign_alg = sign_alg | (int(cfg.release_type) << 28) - sign_alg = sign_alg | (int(cfg.padding_type) << 27) - sign_alg = sign_alg | (int(cfg.hash_type) << 26) - if cfg.sign_key_len == "2048": - sign_alg = sign_alg | 0x00002048 - elif cfg.sign_key_len == "4096": - sign_alg = sign_alg | 0x00004096 - - print("sign_alg value is 0x%x" % sign_alg) - with open(out_file_path, 'wb') as out_file: - out_file.write(struct.pack('I', 32)) - out_file.write(struct.pack('I', 16)) - out_file.write(struct.pack('I', sign_alg)) - - with open(key_file_path, 'rb') as key_file: - out_file.write(key_file.read(32)) - - with open(iv_file_path, 'rb') as iv_file: - out_file.write(iv_file.read(16)) - - os.chmod(out_file_path, stat.S_IWUSR | stat.S_IRUSR) - return - - -def encrypt_aes_key(pubkey_path, in_path, out_path): - cmd = "openssl rsautl -encrypt -pubin -oaep -inkey {} -in {} -out {}". \ - format(pubkey_path, in_path, out_path) - try: - subprocess.check_output(cmd.split(), shell=False) - except Exception: - print("RSA encrypt operation failed") - raise RuntimeError - os.chmod(out_path, stat.S_IWUSR | stat.S_IRUSR) - return - -def gen_signature(cfg, uuid_str, raw_data_path, hash_file_path, out_file_path): - gen_ta_signature(cfg, uuid_str, raw_data_path, hash_file_path, out_file_path) - os.chmod(out_file_path, stat.S_IWUSR | stat.S_IRUSR) - return - -def gen_raw_data(manifest_data_path, manifest_ext_path, elf_file_path, \ - config_path, raw_file_path): - manifest_size = os.path.getsize(manifest_data_path) - manifest_ext_size = os.path.getsize(manifest_ext_path) - elf_size = os.path.getsize(elf_file_path) - config_size = 0 - - if manifest_ext_size > MAX_EXT_PROP_LEN: - print("too much data in \"manifest.txt\" to be handled. \ - extra string len %d" \ - % manifest_ext_size) - raise RuntimeError - - verify_elf_header(elf_file_path) - - with open(raw_file_path, 'wb') as file_op: - header = "" - if os.path.isfile(config_path): - config_size = os.path.getsize(config_path) - header = struct.pack('IIIII', TA_VERSION, manifest_size, \ - manifest_ext_size, \ - elf_size, config_size) - file_op.write(header) - - with open(manifest_data_path, 'rb') as manifest_data: - file_op.write(manifest_data.read(manifest_size)) - - with open(manifest_ext_path, 'rb') as manifest_ext: - file_op.write(manifest_ext.read(manifest_ext_size)) - - with open(elf_file_path, 'rb') as elf: - file_op.write(elf.read(elf_size)) - if config_size != 0: - with open(config_path, 'rb') as config: - file_op.write(config.read(config_size)) - return - - -def aes_encrypt(key_path, iv_path, in_file_path, out_file_path): - key_size = os.path.getsize(key_path) - with open(key_path, 'rb') as key_file: - key_data = key_file.read(key_size) - hex_key_str = binascii.b2a_hex(key_data) - - iv_size = os.path.getsize(iv_path) - with open(iv_path, 'rb') as iv_file: - iv_data = iv_file.read(iv_size) - hex_iv_str = binascii.b2a_hex(iv_data) - - cmd = "openssl enc -aes-256-cbc -in {} -out {} -K {} -iv {}".\ - format(in_file_path, out_file_path, \ - bytes.decode(hex_key_str), bytes.decode(hex_iv_str)) - try: - subprocess.check_output(cmd.split(), shell=False) - except Exception: - print("AES encrypt operation failed") - raise RuntimeError - - os.chmod(out_file_path, stat.S_IWUSR | stat.S_IRUSR) - return - -def update_api_level(api_level, manifest): - data = '' - with open(manifest, 'r') as file_op: - for line in file_op: - if line.startswith("#") or not "gpd.ta.api_level" in line: - data += line - line = "\ngpd.ta.api_level:{}\n".format(api_level) - data += line - with open(manifest, "w") as file_op: - file_op.writelines(data) - - -def update_otrp_flag(manifest): - data = '' - with open(manifest, 'r') as file_op: - for line in file_op: - if line.startswith("#") or not "gpd.ta.otrp_flag" in line: - data += line - line = "\ngpd.ta.otrp_flag:{}\n".format('true') - data += line - with open(manifest, "w") as file_op: - file_op.writelines(data) - - -def gen_data_for_sign(header, key_info, raw_file, data_sign): - key_info_len = os.path.getsize(key_info) - raw_file_len = os.path.getsize(raw_file) - - with open(data_sign, 'wb') as data_fp, \ - open(key_info, 'rb') as key_fp, open(raw_file, 'rb') as raw_fp: - data_fp.write(header) - data_fp.write(key_fp.read(key_info_len)) - data_fp.write(raw_fp.read(raw_file_len)) - - -def gen_key_version(cfg): - if cfg.pub_key_len == '3072': - return int(0x0202) - if cfg.pub_key_len == '2048': - return int(0x0002) - print("unhandled pulic key len %s" % cfg.pub_key_len) - raise RuntimeError - - -def generate_digest(cfg, api_level, enclave_file, manifest_file, hash_path, enc_key_path, enc_raw_path): - # temporary files - in_path = os.path.dirname(os.path.abspath(manifest_file)) - temp_path = os.path.join(in_path, "temp") - shutil.rmtree(temp_path, ignore_errors=True) - os.mkdir(temp_path) - os.chmod(temp_path, stat.S_IRWXU) - iv_file_path = os.path.join(temp_path, "iv.bin") - key_file_path = os.path.join(temp_path, "aeskey.bin") - key_info_path = os.path.join(temp_path, "KeyInfo") - raw_file_path = os.path.join(temp_path, "rawData") - manifest_data_path = os.path.join(temp_path, "manifestData.bin") - manifest_ext_path = os.path.join(temp_path, "manifestExt.bin") - data_for_sign_path = os.path.join(temp_path, "dataForSign.bin") - signature_path = os.path.join(temp_path, "signature.bin") - - # mandentory input files - manifest_path = manifest_file - elf_file_path = enclave_file - - ret, product_name = parser_manifest(manifest_path, \ - manifest_data_path, manifest_ext_path) - if ret is False: - raise RuntimeError - - update_api_level(api_level, manifest_ext_path) - - if cfg.otrp_flag == 1: - print("package otrp sec file\n") - update_otrp_flag(manifest_ext_path) - - gen_raw_data(manifest_data_path, manifest_ext_path, elf_file_path, \ - cfg.config_path, raw_file_path) - - # generate AES key info to encrypt raw data - gen_aes_key_info(cfg, iv_file_path, key_file_path, key_info_path) - encrypt_aes_key(cfg.public_key, key_info_path, enc_key_path) - - aes_encrypt(key_file_path, iv_file_path, raw_file_path, enc_raw_path) - - # generate Main Header - content_len = os.path.getsize(enc_key_path) + \ - (int(cfg.sign_key_len) / 8) + \ - os.path.getsize(enc_raw_path) - key_version = gen_key_version(cfg) - header = gen_header(int(content_len), key_version) - - gen_data_for_sign(header, key_info_path, raw_file_path, data_for_sign_path) - - gen_hash(cfg.hash_type, data_for_sign_path, hash_path) - - #remove temp files - os.remove(iv_file_path) - os.remove(key_file_path) - os.remove(key_info_path) - os.remove(raw_file_path) - os.remove(manifest_data_path) - os.remove(manifest_ext_path) - os.remove(data_for_sign_path) - return - -def gen_sec_image(cfg, enc_raw_path, enc_key_path, signature_path, out_file): - content_len = os.path.getsize(enc_key_path) + \ - (int(cfg.sign_key_len) / 8) + \ - os.path.getsize(enc_raw_path) - key_version = gen_key_version(cfg) - header = gen_header(int(content_len), key_version) - sec_img_path = out_file - with open(sec_img_path, 'wb') as sec_image: - # write to sec file [1.header info] - sec_image.write(header) - # write to sec file [2.AES key info] - enc_key_size = os.path.getsize(enc_key_path) - with open(enc_key_path, 'rb') as enc_key_info: - sec_image.write(enc_key_info.read(enc_key_size)) - # write to sec file [3.signature] - signature_size = os.path.getsize(signature_path) - with open(signature_path, 'rb') as signature_file: - sec_image.write(signature_file.read(signature_size)) - # write to sec file [4.encrypted raw data] - enc_raw_size = os.path.getsize(enc_raw_path) - with open(enc_raw_path, 'rb') as enc_raw_data: - sec_image.write(enc_raw_data.read(enc_raw_size)) - - print("=========================SUCCESS============================") - print("generate TA(V3 format) load image success: ") - print(sec_img_path) - print("============================================================") - - return - - -def main(): - argvs = sys.argv - cmd = argvs[1] - one_step_mode = int(argvs[2]) - enclave_path = argvs[3] - out_file = argvs[4] - manifest_file = argvs[5] - cloud_config = argvs[6] - cfg = Configuration(cloud_config) - api_level = int(argvs[7]) - - os.umask(127) - - in_path = os.path.dirname(os.path.abspath(cloud_config)) - temp_path = os.path.join(in_path, "temp") - enc_key_path = os.path.join(temp_path, "KeyInfo.enc") - enc_raw_path = os.path.join(temp_path, "rawData.enc") - hash_path = os.path.join(temp_path, "rawDataHash.bin") - temp_signature = os.path.join(temp_path, "tempSignature") - - sign_tool_dir = os.path.dirname(os.path.abspath(__file__)) - os.chdir(sign_tool_dir) - if cmd == "digest": - generate_digest(cfg, api_level, enclave_path, manifest_file, hash_path, enc_key_path, enc_raw_path) - shutil.copy(hash_path, out_file) - elif cmd == "sign": - if one_step_mode == 0: - in_signature = argvs[8] - gen_sec_image(cfg, enc_raw_path, enc_key_path, in_signature, out_file) - else: - generate_digest(cfg, api_level, enclave_path, manifest_file, hash_path, enc_key_path, enc_raw_path) - gen_ta_signature(cfg, hash_path, temp_signature) - in_signature = temp_signature - gen_sec_image(cfg, enc_raw_path, enc_key_path, in_signature, out_file) - os.remove(temp_signature) - os.remove(enc_key_path) - os.remove(enc_raw_path) - os.remove(hash_path) - #remove temp files - shutil.rmtree(temp_path) - - -if __name__ == '__main__': - main() - -- 2.33.0