1 /* 2 * Copyright 2017, Rockchip Electronics Co., Ltd 3 * hisping lin, <hisping.lin@rock-chips.com> 4 * 5 * SPDX-License-Identifier: GPL-2.0+ 6 */ 7 #ifndef TEE_CLIENT_API_H 8 #define TEE_CLIENT_API_H 9 10 #include <optee_include/tee_base_types.h> 11 /* 12 * Defines the number of available memory references in an open session or 13 * invoke command operation payload. 14 */ 15 #define TEEC_CONFIG_PAYLOAD_REF_COUNT 4 16 17 /** 18 * Defines the maximum size of a single shared memory block, in bytes, of both 19 * API allocated and API registered memory. The size is currently set to 20 * 512 * kB (512 * 1024). 21 */ 22 #define TEEC_CONFIG_SHAREDMEM_MAX_SIZE 0x8000 23 24 /** 25 * Flag constants indicating the type of parameters encoded inside the 26 * operation payload (TEEC_Operation), Type is uint32_t. 27 * 28 * TEEC_NONE The Parameter is not used 29 * 30 * TEEC_VALUE_INPUT The Parameter is a TEEC_Value tagged as input. 31 * 32 * TEEC_VALUE_OUTPUT The Parameter is a TEEC_Value tagged as output. 33 * 34 * TEEC_VALUE_INOUT The Parameter is a TEEC_Value tagged as both as 35 * input and output, i.e., for which both the 36 * behaviors of TEEC_VALUE_INPUT and 37 * TEEC_VALUE_OUTPUT apply. 38 * 39 * TEEC_MEMREF_TEMP_INPUT The Parameter is a TEEC_TempMemoryReference 40 * describing a region of memory which needs to be 41 * temporarily registered for the duration of the 42 * Operation and is tagged as input. 43 * 44 * TEEC_MEMREF_TEMP_OUTPUT Same as TEEC_MEMREF_TEMP_INPUT, but the Memory 45 * Reference is tagged as output. The 46 * Implementation may update the size field to 47 * reflect the required output size in some use 48 * cases. 49 * 50 * TEEC_MEMREF_TEMP_INOUT A Temporary Memory Reference tagged as both 51 * input and output, i.e., for which both the 52 * behaviors of TEEC_MEMREF_TEMP_INPUT and 53 * TEEC_MEMREF_TEMP_OUTPUT apply. 54 * 55 * TEEC_MEMREF_WHOLE The Parameter is a Registered Memory Reference 56 * that refers to the entirety of its parent Shared 57 * Memory block. The parameter structure is a 58 * TEEC_MemoryReference. In this structure, the 59 * Implementation MUST read only the parent field 60 * and MAY update the size field when the operation 61 * completes. 62 * 63 * TEEC_MEMREF_PARTIAL_INPUT A Registered Memory Reference structure that 64 * refers to a partial region of its parent Shared 65 * Memory block and is tagged as input. 66 * 67 * TEEC_MEMREF_PARTIAL_OUTPUT Registered Memory Reference structure that 68 * refers to a partial region of its parent Shared 69 * Memory block and is tagged as output. 70 * 71 * TEEC_MEMREF_PARTIAL_INOUT The Registered Memory Reference structure that 72 * refers to a partial region of its parent Shared 73 * Memory block and is tagged as both input and 74 * output, i.e., for which both the behaviors of 75 * TEEC_MEMREF_PARTIAL_INPUT and 76 * TEEC_MEMREF_PARTIAL_OUTPUT apply. 77 */ 78 #define TEEC_NONE 0x00000000 79 #define TEEC_VALUE_INPUT 0x00000001 80 #define TEEC_VALUE_OUTPUT 0x00000002 81 #define TEEC_VALUE_INOUT 0x00000003 82 #define TEEC_MEMREF_TEMP_INPUT 0x00000005 83 #define TEEC_MEMREF_TEMP_OUTPUT 0x00000006 84 #define TEEC_MEMREF_TEMP_INOUT 0x00000007 85 #define TEEC_MEMREF_WHOLE 0x0000000C 86 #define TEEC_MEMREF_PARTIAL_INPUT 0x0000000D 87 #define TEEC_MEMREF_PARTIAL_OUTPUT 0x0000000E 88 #define TEEC_MEMREF_PARTIAL_INOUT 0x0000000F 89 90 /** 91 * Flag constants indicating the data transfer direction of memory in 92 * TEEC_Parameter. TEEC_MEM_INPUT signifies data transfer direction from the 93 * client application to the TEE. TEEC_MEM_OUTPUT signifies data transfer 94 * direction from the TEE to the client application. Type is uint32_t. 95 * 96 * TEEC_MEM_INPUT The Shared Memory can carry data from the client 97 * application to the Trusted Application. 98 * TEEC_MEM_OUTPUT The Shared Memory can carry data from the Trusted 99 * Application to the client application. 100 */ 101 #define TEEC_MEM_INPUT 0x00000001 102 #define TEEC_MEM_OUTPUT 0x00000002 103 104 /** 105 * Return values. Type is TEEC_Result 106 * 107 * TEEC_SUCCESS The operation was successful. 108 * TEEC_ERROR_GENERIC Non-specific cause. 109 * TEEC_ERROR_ACCESS_DENIED Access privileges are not sufficient. 110 * TEEC_ERROR_CANCEL The operation was canceled. 111 * TEEC_ERROR_ACCESS_CONFLICT Concurrent accesses caused conflict. 112 * TEEC_ERROR_EXCESS_DATA Too much data for the requested operation was 113 * passed. 114 * TEEC_ERROR_BAD_FORMAT Input data was of invalid format. 115 * TEEC_ERROR_BAD_PARAMETERS Input parameters were invalid. 116 * TEEC_ERROR_BAD_STATE Operation is not valid in the current state. 117 * TEEC_ERROR_ITEM_NOT_FOUND The requested data item is not found. 118 * TEEC_ERROR_NOT_IMPLEMENTED The requested operation should exist but is not 119 * yet implemented. 120 * TEEC_ERROR_NOT_SUPPORTED The requested operation is valid but is not 121 * supported in this implementation. 122 * TEEC_ERROR_NO_DATA Expected data was missing. 123 * TEEC_ERROR_OUT_OF_MEMORY System ran out of resources. 124 * TEEC_ERROR_BUSY The system is busy working on something else. 125 * TEEC_ERROR_COMMUNICATION Communication with a remote party failed. 126 * TEEC_ERROR_SECURITY A security fault was detected. 127 * TEEC_ERROR_SHORT_BUFFER The supplied buffer is too short for the 128 * generated output. 129 * TEEC_ERROR_TARGET_DEAD Trusted Application has panicked 130 * during the operation. 131 */ 132 133 /** 134 * Standard defined error codes. 135 */ 136 #define TEEC_SUCCESS 0x00000000 137 #define TEEC_ERROR_GENERIC 0xFFFF0000 138 #define TEEC_ERROR_ACCESS_DENIED 0xFFFF0001 139 #define TEEC_ERROR_CANCEL 0xFFFF0002 140 #define TEEC_ERROR_ACCESS_CONFLICT 0xFFFF0003 141 #define TEEC_ERROR_EXCESS_DATA 0xFFFF0004 142 #define TEEC_ERROR_BAD_FORMAT 0xFFFF0005 143 #define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 144 #define TEEC_ERROR_BAD_STATE 0xFFFF0007 145 #define TEEC_ERROR_ITEM_NOT_FOUND 0xFFFF0008 146 #define TEEC_ERROR_NOT_IMPLEMENTED 0xFFFF0009 147 #define TEEC_ERROR_NOT_SUPPORTED 0xFFFF000A 148 #define TEEC_ERROR_NO_DATA 0xFFFF000B 149 #define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C 150 #define TEEC_ERROR_BUSY 0xFFFF000D 151 #define TEEC_ERROR_COMMUNICATION 0xFFFF000E 152 #define TEEC_ERROR_SECURITY 0xFFFF000F 153 #define TEEC_ERROR_SHORT_BUFFER 0xFFFF0010 154 #define TEEC_ERROR_TARGET_DEAD 0xFFFF3024 155 156 /** 157 * Function error origins, of type TEEC_ErrorOrigin. These indicate where in 158 * the software stack a particular return value originates from. 159 * 160 * TEEC_ORIGIN_API The error originated within the TEE Client API 161 * implementation. 162 * TEEC_ORIGIN_COMMS The error originated within the underlying 163 * communications stack linking the rich OS with 164 * the TEE. 165 * TEEC_ORIGIN_TEE The error originated within the common TEE code. 166 * TEEC_ORIGIN_TRUSTED_APP The error originated within the Trusted Application 167 * code. 168 */ 169 #define TEEC_ORIGIN_API 0x00000001 170 #define TEEC_ORIGIN_COMMS 0x00000002 171 #define TEEC_ORIGIN_TEE 0x00000003 172 #define TEEC_ORIGIN_TRUSTED_APP 0x00000004 173 174 /** 175 * Session login methods, for use in TEEC_OpenSession() as parameter 176 * connectionMethod. Type is uint32_t. 177 * 178 * TEEC_LOGIN_PUBLIC No login data is provided. 179 * TEEC_LOGIN_USER Login data about the user running the Client 180 * Application process is provided. 181 * TEEC_LOGIN_GROUP Login data about the group running the Client 182 * Application process is provided. 183 * TEEC_LOGIN_APPLICATION Login data about the running Client Application 184 * itself is provided. 185 */ 186 #define TEEC_LOGIN_PUBLIC 0x00000000 187 #define TEEC_LOGIN_USER 0x00000001 188 #define TEEC_LOGIN_GROUP 0x00000002 189 #define TEEC_LOGIN_APPLICATION 0x00000004 190 191 /** 192 * Encode the paramTypes according to the supplied types. 193 * 194 * @param p0 The first param type. 195 * @param p1 The second param type. 196 * @param p2 The third param type. 197 * @param p3 The fourth param type. 198 */ 199 #define TEEC_PARAM_TYPES(p0, p1, p2, p3) \ 200 ((p0) | ((p1) << 4) | ((p2) << 8) | ((p3) << 12)) 201 202 /** 203 * Get the i_th param type from the paramType. 204 * 205 * @param p The paramType. 206 * @param i The i-th parameter to get the type for. 207 */ 208 #define TEEC_PARAM_TYPE_GET(p, i) (((p) >> (i * 4)) & 0xF) 209 210 typedef uint32_t TEEC_Result; 211 212 /** 213 * struct TEEC_Context - Represents a connection between a client application 214 * and a TEE. 215 */ 216 typedef struct { 217 char devname[256]; 218 int fd; 219 } TEEC_Context; 220 221 /** 222 * This type contains a Universally Unique Resource Identifier (UUID) type as 223 * defined in RFC4122. These UUID values are used to identify Trusted 224 * Applications. 225 */ 226 typedef struct { 227 uint32_t timeLow; 228 uint16_t timeMid; 229 uint16_t timeHiAndVersion; 230 uint8_t clockSeqAndNode[8]; 231 } TEEC_UUID; 232 233 /** 234 * struct TEEC_SharedMemory - Memory to transfer data between a client 235 * application and trusted code. 236 * 237 * @param buffer The memory buffer which is to be, or has been, shared 238 * with the TEE. 239 * @param size The size, in bytes, of the memory buffer. 240 * @param flags Bit-vector which holds properties of buffer. 241 * The bit-vector can contain either or both of the 242 * TEEC_MEM_INPUT and TEEC_MEM_OUTPUT flags. 243 * 244 * A shared memory block is a region of memory allocated in the context of the 245 * client application memory space that can be used to transfer data between 246 * that client application and a trusted application. The user of this struct 247 * is responsible to populate the buffer pointer. 248 */ 249 typedef struct { 250 void *buffer; 251 size_t size; 252 uint32_t flags; 253 /* 254 * Implementation-Defined 255 * 256 * These represent a pointer to an allocated buffer. 257 * This can be different from the 258 * "buffer" above if the caller tried to register 259 * a buffer rather than allocate one. 260 */ 261 void *alloc_buffer; 262 } TEEC_SharedMemory; 263 264 /** 265 * struct TEEC_TempMemoryReference - Temporary memory to transfer data between 266 * a client application and trusted code, only used for the duration of the 267 * operation. 268 * 269 * @param buffer The memory buffer which is to be, or has been shared with 270 * the TEE. 271 * @param size The size, in bytes, of the memory buffer. 272 * 273 * A memory buffer that is registered temporarily for the duration of the 274 * operation to be called. 275 */ 276 typedef struct { 277 void *buffer; 278 size_t size; 279 } TEEC_TempMemoryReference; 280 281 /** 282 * struct TEEC_RegisteredMemoryReference - use a pre-registered or 283 * pre-allocated shared memory block of memory to transfer data between 284 * a client application and trusted code. 285 * 286 * @param parent Points to a shared memory structure. The memory reference 287 * may utilize the whole shared memory or only a part of it. 288 * Must not be NULL 289 * 290 * @param size The size, in bytes, of the memory buffer. 291 * 292 * @param offset The offset, in bytes, of the referenced memory region from 293 * the start of the shared memory block. 294 * 295 */ 296 typedef struct { 297 TEEC_SharedMemory *parent; 298 size_t size; 299 size_t offset; 300 } TEEC_RegisteredMemoryReference; 301 302 /** 303 * struct TEEC_Value - Small raw data container 304 * 305 * Instead of allocating a shared memory buffer this structure can be used 306 * to pass small raw data between a client application and trusted code. 307 * 308 * @param a The first integer value. 309 * 310 * @param b The second second value. 311 */ 312 typedef struct { 313 uint32_t a; 314 uint32_t b; 315 } TEEC_Value; 316 317 /** 318 * union TEEC_Parameter - Memory container to be used when passing data between 319 * client application and trusted code. 320 * 321 * Either the client uses a shared memory reference, parts of it or a small raw 322 * data container. 323 * 324 * @param tmpref A temporary memory reference only valid for the duration 325 * of the operation. 326 * 327 * @param memref The entire shared memory or parts of it. 328 * 329 * @param value The small raw data container to use 330 */ 331 typedef union { 332 TEEC_TempMemoryReference tmpref; 333 TEEC_RegisteredMemoryReference memref; 334 TEEC_Value value; 335 } TEEC_Parameter; 336 337 /** 338 * struct TEEC_Session - Represents a connection between a client application 339 * and a trusted application. 340 */ 341 typedef struct { 342 uint32_t id; 343 } TEEC_Session; 344 345 /** 346 * struct TEEC_Operation - Holds information and memory references used in 347 * TEEC_InvokeCommand(). 348 * 349 * @param started Client must initialize to zero if it needs to cancel 350 * an operation about to be performed. 351 * @param paramTypes Type of data passed. Use TEEC_PARAMS_TYPE macro to 352 * create the correct flags. 353 * 0 means TEEC_NONE is passed for all params. 354 * @param params Array of parameters of type TEEC_Parameter. 355 * @param session Internal pointer to the last session used by 356 * TEEC_InvokeCommand with this operation. 357 * 358 */ 359 typedef struct { 360 uint32_t started; 361 uint32_t paramTypes; 362 TEEC_Parameter params[TEEC_CONFIG_PAYLOAD_REF_COUNT]; 363 /* Implementation-Defined */ 364 TEEC_Session *session; 365 TEEC_SharedMemory memRefs[TEEC_CONFIG_PAYLOAD_REF_COUNT]; 366 uint32_t flags; 367 } TEEC_Operation; 368 369 /** 370 * TEEC_InitializeContext() - Initializes a context holding connection 371 * information on the specific TEE, designated by the name string. 372 373 * @param name A zero-terminated string identifying the TEE to connect to. 374 * If name is set to NULL, the default TEE is connected to. NULL 375 * is the only supported value in this version of the API 376 * implementation. 377 * 378 * @param context The context structure which is to be initialized. 379 * 380 * @return TEEC_SUCCESS The initialization was successful. 381 * @return TEEC_Result Something failed. 382 */ 383 TEEC_Result TEEC_InitializeContext(const char *name, TEEC_Context *context); 384 385 /** 386 * TEEC_FinalizeContext() - Destroys a context holding connection information 387 * on the specific TEE. 388 * 389 * This function destroys an initialized TEE context, closing the connection 390 * between the client application and the TEE. This function must only be 391 * called when all sessions related to this TEE context have been closed and 392 * all shared memory blocks have been released, otherwise an error will be 393 * returned. 394 * 395 * @param context The context to be destroyed. 396 * 397 * @return TEEC_SUCCESS The function call was successful. 398 * @return TEEC_Result Something failed. 399 */ 400 TEEC_Result TEEC_FinalizeContext(TEEC_Context *context); 401 402 /** 403 * TEEC_OpenSession() - Opens a new session with the specified trusted 404 * application. 405 * 406 * @param context The initialized TEE context structure in which 407 * scope to open the session. 408 * @param session The session to initialize. 409 * @param destination A structure identifying the trusted application 410 * with which to open a session. 411 * 412 * @param connectionMethod The connection method to use. 413 * @param connectionData Any data necessary to connect with the chosen 414 * connection method. Not supported, should be set to 415 * NULL. 416 * @param operation An operation structure to use in the session. May 417 * be set to NULL to signify no operation structure 418 * needed. 419 * 420 * @param returnOrigin A parameter which will hold the error origin if 421 * this function returns any value other than 422 * TEEC_SUCCESS. 423 * 424 * @return TEEC_SUCCESS OpenSession successfully opened a new session. 425 * @return TEEC_Result Something failed. 426 * 427 */ 428 TEEC_Result TEEC_OpenSession(TEEC_Context *context, 429 TEEC_Session *session, 430 const TEEC_UUID *destination, 431 uint32_t connectionMethod, 432 const void *connectionData, 433 TEEC_Operation *operation, 434 uint32_t *returnOrigin); 435 436 /** 437 * TEEC_CloseSession() - Closes the session which has been opened with the 438 * specific trusted application. 439 * 440 * @param session The opened session to close. 441 */ 442 void TEEC_CloseSession(TEEC_Session *session); 443 444 /** 445 * TEEC_InvokeCommand() - Executes a command in the specified trusted 446 * application. 447 * 448 * @param session A handle to an open connection to the trusted 449 * application. 450 * @param commandID Identifier of the command in the trusted application 451 * to invoke. 452 * @param operation An operation structure to use in the invoke command. 453 * May be set to NULL to signify no operation structure 454 * needed. 455 * @param returnOrigin A parameter which will hold the error origin if this 456 * function returns any value other than TEEC_SUCCESS. 457 * 458 * @return TEEC_SUCCESS OpenSession successfully opened a new session. 459 * @return TEEC_Result Something failed. 460 */ 461 TEEC_Result TEEC_InvokeCommand(TEEC_Session *session, 462 uint32_t commandID, 463 TEEC_Operation *operation, 464 uint32_t *returnOrigin); 465 466 /** 467 * TEEC_RegisterSharedMemory() - Register a block of existing memory as a 468 * shared block within the scope of the specified context. 469 * 470 * @param context The initialized TEE context structure in which scope to 471 * open the session. 472 * @param sharedMem pointer to the shared memory structure to register. 473 * 474 * @return TEEC_SUCCESS The registration was successful. 475 * @return TEEC_ERROR_OUT_OF_MEMORY Memory exhaustion. 476 * @return TEEC_Result Something failed. 477 */ 478 TEEC_Result TEEC_RegisterSharedMemory(TEEC_Context *context, 479 TEEC_SharedMemory *sharedMem); 480 481 /** 482 * TEEC_AllocateSharedMemory() - Allocate shared memory for TEE. 483 * 484 * @param context The initialized TEE context structure in which scope to 485 * open the session. 486 * @param sharedMem Pointer to the allocated shared memory. 487 * 488 * @return TEEC_SUCCESS The registration was successful. 489 * @return TEEC_ERROR_OUT_OF_MEMORY Memory exhaustion. 490 * @return TEEC_Result Something failed. 491 */ 492 TEEC_Result TEEC_AllocateSharedMemory(TEEC_Context *context, 493 TEEC_SharedMemory *sharedMem); 494 495 /** 496 * TEEC_ReleaseSharedMemory() - Free or deregister the shared memory. 497 * 498 * @param sharedMem Pointer to the shared memory to be freed. 499 */ 500 void TEEC_ReleaseSharedMemory(TEEC_SharedMemory *sharedMemory); 501 502 /** 503 * TEEC_RequestCancellation() - Request the cancellation of a pending open 504 * session or command invocation. 505 * 506 * @param operation Pointer to an operation previously passed to open session 507 * or invoke. 508 */ 509 void TEEC_RequestCancellation(TEEC_Operation *operation); 510 511 /** 512 * Register a pre-allocated Trusted Application This is mainly intended for 513 * OS-FREE contexts or when a filesystem is not available. 514 * 515 * @param ta Pointer to the trusted application binary 516 * @param size The size of the TA binary 517 * 518 * @return TEEC_SUCCESS if successful. 519 * @return TEEC_Result something failed. 520 */ 521 TEEC_Result TEEC_RegisterTA(const void *ta, const size_t size); 522 523 /** 524 * Unregister a pre-allocated Trusted Application This is mainly intended for 525 * OS-FREE contexts or when a filesystem is not available. 526 * 527 * @param ta Pointer to the trusted application binary 528 */ 529 void TEEC_UnregisterTA(const void *ta); 530 531 #endif 532