14bca302aSIgor Opaniuk /* SPDX-License-Identifier: BSD-2-Clause */ 24bca302aSIgor Opaniuk /* 34bca302aSIgor Opaniuk * Copyright (c) 2018, Linaro Limited 44bca302aSIgor Opaniuk */ 54bca302aSIgor Opaniuk #ifndef __PTA_SYSTEM_H 64bca302aSIgor Opaniuk #define __PTA_SYSTEM_H 74bca302aSIgor Opaniuk 84bca302aSIgor Opaniuk /* 94bca302aSIgor Opaniuk * Interface to the pseudo TA, which is provides misc. auxiliary services, 104bca302aSIgor Opaniuk * extending existing GlobalPlatform Core API 114bca302aSIgor Opaniuk */ 124bca302aSIgor Opaniuk 134bca302aSIgor Opaniuk #define PTA_SYSTEM_UUID { 0x3a2f8978, 0x5dc0, 0x11e8, { \ 144bca302aSIgor Opaniuk 0x9c, 0x2d, 0xfa, 0x7a, 0xe0, 0x1b, 0xbe, 0xbc } } 154bca302aSIgor Opaniuk 164bca302aSIgor Opaniuk /* 17*a30ddda9SJoakim Bech * Having keys with too few bits impose a potential security risk, hence set a 18*a30ddda9SJoakim Bech * lower bound of 128 bits. 19*a30ddda9SJoakim Bech */ 20*a30ddda9SJoakim Bech #define TA_DERIVED_KEY_MIN_SIZE 16 21*a30ddda9SJoakim Bech 22*a30ddda9SJoakim Bech /* Same value as max in huk_subkey_derive */ 23*a30ddda9SJoakim Bech #define TA_DERIVED_KEY_MAX_SIZE 32 24*a30ddda9SJoakim Bech 25*a30ddda9SJoakim Bech #define TA_DERIVED_EXTRA_DATA_MAX_SIZE 1024 26*a30ddda9SJoakim Bech 27*a30ddda9SJoakim Bech /* 284bca302aSIgor Opaniuk * Add (re-seed) caller-provided entropy to the RNG pool. Keymaster 294bca302aSIgor Opaniuk * implementations need to securely mix the provided entropy into their pool, 304bca302aSIgor Opaniuk * which also must contain internally-generated entropy from a hardware random 314bca302aSIgor Opaniuk * number generator. 324bca302aSIgor Opaniuk * 334bca302aSIgor Opaniuk * [in] memref[0]: entropy input data 344bca302aSIgor Opaniuk */ 354bca302aSIgor Opaniuk #define PTA_SYSTEM_ADD_RNG_ENTROPY 0 364bca302aSIgor Opaniuk 37*a30ddda9SJoakim Bech /* 38*a30ddda9SJoakim Bech * Derives a device and TA unique key. The caller can also provide extra data 39*a30ddda9SJoakim Bech * that will be mixed together with existing device unique properties. If no 40*a30ddda9SJoakim Bech * extra data is provided, then the derived key will only use device unique 41*a30ddda9SJoakim Bech * properties and caller TA UUID. 42*a30ddda9SJoakim Bech * 43*a30ddda9SJoakim Bech * [in] params[0].memref.buffer Buffer for extra data 44*a30ddda9SJoakim Bech * [in] params[0].memref.size Size of extra data (max 1024 bytes) 45*a30ddda9SJoakim Bech * [out] params[1].memref.buffer Buffer for the derived key 46*a30ddda9SJoakim Bech * [out] params[1].memref.size Size of the derived key (16 to 32 bytes) 47*a30ddda9SJoakim Bech */ 48*a30ddda9SJoakim Bech #define PTA_SYSTEM_DERIVE_TA_UNIQUE_KEY 1 49*a30ddda9SJoakim Bech 504bca302aSIgor Opaniuk #endif /* __PTA_SYSTEM_H */ 51