1fa0525faSJens Wiklander /* SPDX-License-Identifier: BSD-2-Clause */ 2fa0525faSJens Wiklander /* 3fa0525faSJens Wiklander * Copyright (c) 2019, Linaro Limited 4fa0525faSJens Wiklander */ 5fa0525faSJens Wiklander 6fa0525faSJens Wiklander #ifndef __KERNEL_HUK_SUBKEY_H 7fa0525faSJens Wiklander #define __KERNEL_HUK_SUBKEY_H 8fa0525faSJens Wiklander 9fa0525faSJens Wiklander #include <tee_api_types.h> 10fa0525faSJens Wiklander #include <types_ext.h> 11fa0525faSJens Wiklander #include <utee_defines.h> 12fa0525faSJens Wiklander 13fa0525faSJens Wiklander /* 14fa0525faSJens Wiklander * enum huk_subkey_usage - subkey usage identifier 15fa0525faSJens Wiklander * @HUK_SUBKEY_RPMB: RPMB key 16fa0525faSJens Wiklander * @HUK_SUBKEY_SSK: Secure Storage key 17fa0525faSJens Wiklander * @HUK_SUBKEY_DIE_ID: Representing the die ID 186b71c85cSJoakim Bech * @HUK_SUBKEY_UNIQUE_TA: TA unique key 19e1afc439SSumit Garg * @HUK_SUBKEY_TA_ENC: TA encryption key 200f04594cSJorge Ramirez-Ortiz * @HUK_SUBKEY_SE050: SCP03 set of encryption keys 21fa0525faSJens Wiklander * 22fa0525faSJens Wiklander * Add more identifiers as needed, be careful to not change the already 23fa0525faSJens Wiklander * assigned numbers as that will affect the derived subkey. 24fa0525faSJens Wiklander */ 25fa0525faSJens Wiklander enum huk_subkey_usage { 26fa0525faSJens Wiklander /* 27fa0525faSJens Wiklander * All IDs are explicitly assigned to make it easier to keep then 28fa0525faSJens Wiklander * constant. 29fa0525faSJens Wiklander */ 30fa0525faSJens Wiklander HUK_SUBKEY_RPMB = 0, 31fa0525faSJens Wiklander HUK_SUBKEY_SSK = 1, 32fa0525faSJens Wiklander HUK_SUBKEY_DIE_ID = 2, 336b71c85cSJoakim Bech HUK_SUBKEY_UNIQUE_TA = 3, 34e1afc439SSumit Garg HUK_SUBKEY_TA_ENC = 4, 350f04594cSJorge Ramirez-Ortiz HUK_SUBKEY_SE050 = 5, 36fa0525faSJens Wiklander }; 37fa0525faSJens Wiklander 38fa0525faSJens Wiklander #define HUK_SUBKEY_MAX_LEN TEE_SHA256_HASH_SIZE 39fa0525faSJens Wiklander 40fa0525faSJens Wiklander /* 41fa0525faSJens Wiklander * huk_subkey_derive() - Derive a subkey from the hardware unique key 42fa0525faSJens Wiklander * @usage: Intended usage of the subkey 43fa0525faSJens Wiklander * @const_data: Constant data to generate different subkeys with 44fa0525faSJens Wiklander * the same usage 45fa0525faSJens Wiklander * @const_data_len: Length of constant data 46fa0525faSJens Wiklander * @subkey: Generated subkey 47fa0525faSJens Wiklander * @subkey_len: Required size of the subkey, sizes larger than 48fa0525faSJens Wiklander * HUK_SUBKEY_MAX_LEN are not accepted. 49fa0525faSJens Wiklander * 50fa0525faSJens Wiklander * Returns a subkey derived from the hardware unique key. Given the same 51fa0525faSJens Wiklander * input the same subkey is returned each time. 52e6e1a209SThomas Bourgoin * Function huk_subkey_derive() is __weak to allow platform specific 53e6e1a209SThomas Bourgoin * implementation. 54e6e1a209SThomas Bourgoin * __huk_subkey_derive() implements the default behavior of HUK derivation. 55fa0525faSJens Wiklander * 56*97452933SNiklas Kirschall * Return TEE_SUCCESS on success or an error code on failure. 57fa0525faSJens Wiklander */ 58fa0525faSJens Wiklander TEE_Result huk_subkey_derive(enum huk_subkey_usage usage, 59fa0525faSJens Wiklander const void *const_data, size_t const_data_len, 60fa0525faSJens Wiklander uint8_t *subkey, size_t subkey_len); 61e6e1a209SThomas Bourgoin TEE_Result __huk_subkey_derive(enum huk_subkey_usage usage, 62e6e1a209SThomas Bourgoin const void *const_data, size_t const_data_len, 63e6e1a209SThomas Bourgoin uint8_t *subkey, size_t subkey_len); 64fa0525faSJens Wiklander 65fa0525faSJens Wiklander 66fa0525faSJens Wiklander #endif /*__KERNEL_HUK_SUBKEY_H*/ 67