File: tee_api_defines_extensions.h

package info (click to toggle)
optee-os 4.8.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 31,960 kB
  • sloc: ansic: 444,388; asm: 12,922; python: 3,719; makefile: 1,681; sh: 238
file content (140 lines) | stat: -rw-r--r-- 4,390 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
 
/* SPDX-License-Identifier: BSD-2-Clause */
/*
 * Copyright (c) 2014-2021, Linaro Limited
 * Copyright (c) 2021, SumUp Services GmbH
 */

#ifndef TEE_API_DEFINES_EXTENSIONS_H
#define TEE_API_DEFINES_EXTENSIONS_H

/*
 * RSA signatures with MD5 hash
 * Values prefixed with vendor ID bit31 with by TEE bitfields IDs
 */
#define TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5       0xF0111930
#define TEE_ALG_RSAES_PKCS1_OAEP_MGF1_MD5       0xF0110230

/*
 * API extended result codes as per TEE_Result IDs defined in GPD TEE
 * Internal Core API specification v1.1:
 *
 * 0x70000000 - 0x7FFFFFFF: Reserved for implementation-specific return
 *			    code providing non-error information
 * 0x80000000 - 0x8FFFFFFF: Reserved for implementation-specific errors
 *
 * TEE_ERROR_DEFER_DRIVER_INIT - Device driver failed to initialize because
 * the driver depends on a device not yet initialized.
 */
#define TEE_ERROR_DEFER_DRIVER_INIT	0x80000000

/*
 * TEE_ERROR_NODE_DISABLED - Device driver failed to initialize because it is
 * not allocated for TEE environment.
 */
#define TEE_ERROR_NODE_DISABLED		0x80000001

/*
 * HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
 */

#define TEE_ALG_HKDF_MD5_DERIVE_KEY     0x800010C0
#define TEE_ALG_HKDF_SHA1_DERIVE_KEY    0x800020C0
#define TEE_ALG_HKDF_SHA224_DERIVE_KEY  0x800030C0
#define TEE_ALG_HKDF_SHA256_DERIVE_KEY  0x800040C0
#define TEE_ALG_HKDF_SHA384_DERIVE_KEY  0x800050C0
#define TEE_ALG_HKDF_SHA512_DERIVE_KEY  0x800060C0

#define TEE_TYPE_HKDF_IKM               0xA10000C0

#define TEE_ATTR_HKDF_IKM               0xC00001C0
/*
 * There is a name clash with the  official attributes TEE_ATTR_HKDF_SALT
 * and TEE_ATTR_HKDF_INFO so define these alternative ID.
 */
#define __OPTEE_TEE_ATTR_HKDF_SALT      0xD00002C0
#define __OPTEE_ATTR_HKDF_INFO          0xD00003C0
#define TEE_ATTR_HKDF_OKM_LENGTH        0xF00004C0

/*
 * Concatenation Key Derivation Function (Concat KDF)
 * NIST SP 800-56A section 5.8.1
 */

#define TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY    0x800020C1
#define TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY  0x800030C1
#define TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY  0x800040C1
#define TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY  0x800050C1
#define TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY  0x800060C1

#define TEE_TYPE_CONCAT_KDF_Z                 0xA10000C1

#define TEE_ATTR_CONCAT_KDF_Z                 0xC00001C1
#define TEE_ATTR_CONCAT_KDF_OTHER_INFO        0xD00002C1
#define TEE_ATTR_CONCAT_KDF_DKM_LENGTH        0xF00003C1

/*
 * PKCS #5 v2.0 Key Derivation Function 2 (PBKDF2)
 * RFC 2898 section 5.2
 * https://www.ietf.org/rfc/rfc2898.txt
 */

#define TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY 0x800020C2

#define TEE_TYPE_PBKDF2_PASSWORD            0xA10000C2

#define TEE_ATTR_PBKDF2_PASSWORD            0xC00001C2
#define TEE_ATTR_PBKDF2_SALT                0xD00002C2
#define TEE_ATTR_PBKDF2_ITERATION_COUNT     0xF00003C2
#define TEE_ATTR_PBKDF2_DKM_LENGTH          0xF00004C2

/*
 * PKCS#1 v1.5 RSASSA pre-hashed sign/verify
 */

#define TEE_ALG_RSASSA_PKCS1_V1_5	0xF0000830

/*
 *  TDEA CMAC (NIST SP800-38B)
 */
#define TEE_ALG_DES3_CMAC	0xF0000613

/*
 *  SM4-XTS
 */
#define TEE_ALG_SM4_XTS 0xF0000414

/*
 * Implementation-specific object storage constants
 */

/* Storage is provided by the Rich Execution Environment (REE) */
#define TEE_STORAGE_PRIVATE_REE	 0x80000000
/* Storage is the Replay Protected Memory Block partition of an eMMC device */
#define TEE_STORAGE_PRIVATE_RPMB 0x80000100
/* Was TEE_STORAGE_PRIVATE_SQL, which isn't supported any longer */
#define TEE_STORAGE_PRIVATE_SQL_RESERVED  0x80000200

/*
 * Extension of "Memory Access Rights Constants"
 * #define TEE_MEMORY_ACCESS_READ             0x00000001
 * #define TEE_MEMORY_ACCESS_WRITE            0x00000002
 * #define TEE_MEMORY_ACCESS_ANY_OWNER        0x00000004
 *
 * TEE_MEMORY_ACCESS_NONSECURE : if set TEE_CheckMemoryAccessRights()
 * successfully returns only if target vmem range is mapped non-secure.
 *
 * TEE_MEMORY_ACCESS_SECURE : if set TEE_CheckMemoryAccessRights()
 * successfully returns only if target vmem range is mapped secure.

 */
#define TEE_MEMORY_ACCESS_NONSECURE          0x10000000
#define TEE_MEMORY_ACCESS_SECURE             0x20000000

/*
 * Implementation-specific login types
 */

/* Private login method for REE kernel clients */
#define TEE_LOGIN_REE_KERNEL		0x80000000

#endif /* TEE_API_DEFINES_EXTENSIONS_H */