xref: /optee_os/lib/libutee/include/tee_api_defines_extensions.h (revision 492c8e9ade1c3f2aeb215b06bb5e41f569975c3b) 
11bb92983SJerome Forissier /* SPDX-License-Identifier: BSD-2-Clause */
28854d3c6SJerome Forissier /*
3*492c8e9aSEtienne Carriere  * Copyright (c) 2014-2021, Linaro Limited
4eee637e7SAlexander Zakharov  * Copyright (c) 2021, SumUp Services GmbH
58854d3c6SJerome Forissier  */
68854d3c6SJerome Forissier 
78854d3c6SJerome Forissier #ifndef TEE_API_DEFINES_EXTENSIONS_H
88854d3c6SJerome Forissier #define TEE_API_DEFINES_EXTENSIONS_H
98854d3c6SJerome Forissier 
108854d3c6SJerome Forissier /*
11*492c8e9aSEtienne Carriere  * API extended result codes as per TEE_Result IDs defined in GPD TEE
12*492c8e9aSEtienne Carriere  * Internal Core API specification v1.1:
13*492c8e9aSEtienne Carriere  *
14*492c8e9aSEtienne Carriere  * 0x70000000 - 0x7FFFFFFF: Reserved for implementation-specific return
15*492c8e9aSEtienne Carriere  *			    code providing non-error information
16*492c8e9aSEtienne Carriere  * 0x80000000 - 0x8FFFFFFF: Reserved for implementation-specific errors
17*492c8e9aSEtienne Carriere  *
18*492c8e9aSEtienne Carriere  * TEE_ERROR_DEFER_DRIVER_INIT - Device driver failed to initialize because
19*492c8e9aSEtienne Carriere  * the driver depends on a device not yet initialized.
20*492c8e9aSEtienne Carriere  */
21*492c8e9aSEtienne Carriere #define TEE_ERROR_DEFER_DRIVER_INIT	0x80000000
22*492c8e9aSEtienne Carriere 
23*492c8e9aSEtienne Carriere /*
24cdb198a7SJerome Forissier  * HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
25cdb198a7SJerome Forissier  */
26cdb198a7SJerome Forissier 
27cdb198a7SJerome Forissier #define TEE_ALG_HKDF_MD5_DERIVE_KEY     0x800010C0
28cdb198a7SJerome Forissier #define TEE_ALG_HKDF_SHA1_DERIVE_KEY    0x800020C0
29cdb198a7SJerome Forissier #define TEE_ALG_HKDF_SHA224_DERIVE_KEY  0x800030C0
30cdb198a7SJerome Forissier #define TEE_ALG_HKDF_SHA256_DERIVE_KEY  0x800040C0
31cdb198a7SJerome Forissier #define TEE_ALG_HKDF_SHA384_DERIVE_KEY  0x800050C0
32cdb198a7SJerome Forissier #define TEE_ALG_HKDF_SHA512_DERIVE_KEY  0x800060C0
33cdb198a7SJerome Forissier 
34cdb198a7SJerome Forissier #define TEE_TYPE_HKDF_IKM               0xA10000C0
35cdb198a7SJerome Forissier 
36cdb198a7SJerome Forissier #define TEE_ATTR_HKDF_IKM               0xC00001C0
37cdb198a7SJerome Forissier #define TEE_ATTR_HKDF_SALT              0xD00002C0
38cdb198a7SJerome Forissier #define TEE_ATTR_HKDF_INFO              0xD00003C0
39cdb198a7SJerome Forissier #define TEE_ATTR_HKDF_OKM_LENGTH        0xF00004C0
40cdb198a7SJerome Forissier 
41cdb198a7SJerome Forissier /*
428854d3c6SJerome Forissier  * Concatenation Key Derivation Function (Concat KDF)
438854d3c6SJerome Forissier  * NIST SP 800-56A section 5.8.1
448854d3c6SJerome Forissier  */
458854d3c6SJerome Forissier 
468854d3c6SJerome Forissier #define TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY    0x800020C1
478854d3c6SJerome Forissier #define TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY  0x800030C1
488854d3c6SJerome Forissier #define TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY  0x800040C1
498854d3c6SJerome Forissier #define TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY  0x800050C1
508854d3c6SJerome Forissier #define TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY  0x800060C1
518854d3c6SJerome Forissier 
528854d3c6SJerome Forissier #define TEE_TYPE_CONCAT_KDF_Z                 0xA10000C1
538854d3c6SJerome Forissier 
548854d3c6SJerome Forissier #define TEE_ATTR_CONCAT_KDF_Z                 0xC00001C1
558854d3c6SJerome Forissier #define TEE_ATTR_CONCAT_KDF_OTHER_INFO        0xD00002C1
568854d3c6SJerome Forissier #define TEE_ATTR_CONCAT_KDF_DKM_LENGTH        0xF00003C1
578854d3c6SJerome Forissier 
580f2293b7SJerome Forissier /*
590f2293b7SJerome Forissier  * PKCS #5 v2.0 Key Derivation Function 2 (PBKDF2)
600f2293b7SJerome Forissier  * RFC 2898 section 5.2
610f2293b7SJerome Forissier  * https://www.ietf.org/rfc/rfc2898.txt
620f2293b7SJerome Forissier  */
630f2293b7SJerome Forissier 
640f2293b7SJerome Forissier #define TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY 0x800020C2
650f2293b7SJerome Forissier 
660f2293b7SJerome Forissier #define TEE_TYPE_PBKDF2_PASSWORD            0xA10000C2
670f2293b7SJerome Forissier 
680f2293b7SJerome Forissier #define TEE_ATTR_PBKDF2_PASSWORD            0xC00001C2
690f2293b7SJerome Forissier #define TEE_ATTR_PBKDF2_SALT                0xD00002C2
700f2293b7SJerome Forissier #define TEE_ATTR_PBKDF2_ITERATION_COUNT     0xF00003C2
710f2293b7SJerome Forissier #define TEE_ATTR_PBKDF2_DKM_LENGTH          0xF00004C2
720f2293b7SJerome Forissier 
73b44708c1SJerome Forissier /*
746a2e0a9fSGabor Szekely  * PKCS#1 v1.5 RSASSA pre-hashed sign/verify
756a2e0a9fSGabor Szekely  */
766a2e0a9fSGabor Szekely 
776a2e0a9fSGabor Szekely #define TEE_ALG_RSASSA_PKCS1_V1_5	0xF0000830
786a2e0a9fSGabor Szekely 
796a2e0a9fSGabor Szekely /*
80eee637e7SAlexander Zakharov  *  TDEA CMAC (NIST SP800-38B)
81eee637e7SAlexander Zakharov  */
82eee637e7SAlexander Zakharov #define TEE_ALG_DES3_CMAC	0xF0000613
83eee637e7SAlexander Zakharov 
84eee637e7SAlexander Zakharov /*
85b44708c1SJerome Forissier  * Implementation-specific object storage constants
86b44708c1SJerome Forissier  */
87b44708c1SJerome Forissier 
88b44708c1SJerome Forissier /* Storage is provided by the Rich Execution Environment (REE) */
89b44708c1SJerome Forissier #define TEE_STORAGE_PRIVATE_REE	 0x80000000
90b44708c1SJerome Forissier /* Storage is the Replay Protected Memory Block partition of an eMMC device */
91b44708c1SJerome Forissier #define TEE_STORAGE_PRIVATE_RPMB 0x80000100
92455856d4SJens Wiklander /* Was TEE_STORAGE_PRIVATE_SQL, which isn't supported any longer */
93455856d4SJens Wiklander #define TEE_STORAGE_PRIVATE_SQL_RESERVED  0x80000200
94b44708c1SJerome Forissier 
95dd3247beSEtienne Carriere /*
96dd3247beSEtienne Carriere  * Extension of "Memory Access Rights Constants"
97dd3247beSEtienne Carriere  * #define TEE_MEMORY_ACCESS_READ             0x00000001
98dd3247beSEtienne Carriere  * #define TEE_MEMORY_ACCESS_WRITE            0x00000002
99dd3247beSEtienne Carriere  * #define TEE_MEMORY_ACCESS_ANY_OWNER        0x00000004
100dd3247beSEtienne Carriere  *
101dd3247beSEtienne Carriere  * TEE_MEMORY_ACCESS_NONSECURE : if set TEE_CheckMemoryAccessRights()
102dd3247beSEtienne Carriere  * successfully returns only if target vmem range is mapped non-secure.
103dd3247beSEtienne Carriere  *
104dd3247beSEtienne Carriere  * TEE_MEMORY_ACCESS_SECURE : if set TEE_CheckMemoryAccessRights()
105dd3247beSEtienne Carriere  * successfully returns only if target vmem range is mapped secure.
106dd3247beSEtienne Carriere 
107dd3247beSEtienne Carriere  */
108dd3247beSEtienne Carriere #define TEE_MEMORY_ACCESS_NONSECURE          0x10000000
109dd3247beSEtienne Carriere #define TEE_MEMORY_ACCESS_SECURE             0x20000000
110dd3247beSEtienne Carriere 
11178f462f6SSumit Garg /*
11278f462f6SSumit Garg  * Implementation-specific login types
11378f462f6SSumit Garg  */
11478f462f6SSumit Garg 
11578f462f6SSumit Garg /* Private login method for REE kernel clients */
11678f462f6SSumit Garg #define TEE_LOGIN_REE_KERNEL		0x80000000
11778f462f6SSumit Garg 
1188854d3c6SJerome Forissier #endif /* TEE_API_DEFINES_EXTENSIONS_H */
119