xref: /optee_os/core/include/kernel/huk_subkey.h (revision 41e5aa8f18c4d48083341ff3df9e75f0c77cf703)

/* SPDX-License-Identifier: BSD-2-Clause */
/*
 * Copyright (c) 2019, Linaro Limited
 */

#ifndef __KERNEL_HUK_SUBKEY_H
#define __KERNEL_HUK_SUBKEY_H

#include <tee_api_types.h>
#include <types_ext.h>
#include <utee_defines.h>

/*
 * enum huk_subkey_usage - subkey usage identifier
 * @HUK_SUBKEY_RPMB:	RPMB key
 * @HUK_SUBKEY_SSK:	Secure Storage key
 * @HUK_SUBKEY_DIE_ID:	Representing the die ID
 *
 * Add more identifiers as needed, be careful to not change the already
 * assigned numbers as that will affect the derived subkey.
 */
enum huk_subkey_usage {
	/*
	 * All IDs are explicitly assigned to make it easier to keep then
	 * constant.
	 */
	HUK_SUBKEY_RPMB = 0,
	HUK_SUBKEY_SSK = 1,
	HUK_SUBKEY_DIE_ID = 2,
};

#define HUK_SUBKEY_MAX_LEN	TEE_SHA256_HASH_SIZE

/*
 * huk_subkey_derive() - Derive a subkey from the hardware unique key
 * @usage:		Intended usage of the subkey
 * @const_data:		Constant data to generate different subkeys with
 *			the same usage
 * @const_data_len:	Length of constant data
 * @subkey:		Generated subkey
 * @subkey_len:		Required size of the subkey, sizes larger than
 *			HUK_SUBKEY_MAX_LEN are not accepted.
 *
 * Returns a subkey derived from the hardware unique key. Given the same
 * input the same subkey is returned each time.
 *
 * Return TEE_SUCCES on success or an error code on failure.
 */
TEE_Result huk_subkey_derive(enum huk_subkey_usage usage,
			     const void *const_data, size_t const_data_len,
			     uint8_t *subkey, size_t subkey_len);


#endif /*__KERNEL_HUK_SUBKEY_H*/