11bb92983SJerome Forissier /* SPDX-License-Identifier: BSD-2-Clause */ 28854d3c6SJerome Forissier /* 38854d3c6SJerome Forissier * Copyright (c) 2014, Linaro Limited 48854d3c6SJerome Forissier */ 58854d3c6SJerome Forissier 68854d3c6SJerome Forissier #ifndef TEE_API_DEFINES_EXTENSIONS_H 78854d3c6SJerome Forissier #define TEE_API_DEFINES_EXTENSIONS_H 88854d3c6SJerome Forissier 98854d3c6SJerome Forissier /* 10cdb198a7SJerome Forissier * HMAC-based Extract-and-Expand Key Derivation Function (HKDF) 11cdb198a7SJerome Forissier */ 12cdb198a7SJerome Forissier 13cdb198a7SJerome Forissier #define TEE_ALG_HKDF_MD5_DERIVE_KEY 0x800010C0 14cdb198a7SJerome Forissier #define TEE_ALG_HKDF_SHA1_DERIVE_KEY 0x800020C0 15cdb198a7SJerome Forissier #define TEE_ALG_HKDF_SHA224_DERIVE_KEY 0x800030C0 16cdb198a7SJerome Forissier #define TEE_ALG_HKDF_SHA256_DERIVE_KEY 0x800040C0 17cdb198a7SJerome Forissier #define TEE_ALG_HKDF_SHA384_DERIVE_KEY 0x800050C0 18cdb198a7SJerome Forissier #define TEE_ALG_HKDF_SHA512_DERIVE_KEY 0x800060C0 19cdb198a7SJerome Forissier 20cdb198a7SJerome Forissier #define TEE_TYPE_HKDF_IKM 0xA10000C0 21cdb198a7SJerome Forissier 22cdb198a7SJerome Forissier #define TEE_ATTR_HKDF_IKM 0xC00001C0 23cdb198a7SJerome Forissier #define TEE_ATTR_HKDF_SALT 0xD00002C0 24cdb198a7SJerome Forissier #define TEE_ATTR_HKDF_INFO 0xD00003C0 25cdb198a7SJerome Forissier #define TEE_ATTR_HKDF_OKM_LENGTH 0xF00004C0 26cdb198a7SJerome Forissier 27cdb198a7SJerome Forissier /* 288854d3c6SJerome Forissier * Concatenation Key Derivation Function (Concat KDF) 298854d3c6SJerome Forissier * NIST SP 800-56A section 5.8.1 308854d3c6SJerome Forissier */ 318854d3c6SJerome Forissier 328854d3c6SJerome Forissier #define TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY 0x800020C1 338854d3c6SJerome Forissier #define TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY 0x800030C1 348854d3c6SJerome Forissier #define TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY 0x800040C1 358854d3c6SJerome Forissier #define TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY 0x800050C1 368854d3c6SJerome Forissier #define TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY 0x800060C1 378854d3c6SJerome Forissier 388854d3c6SJerome Forissier #define TEE_TYPE_CONCAT_KDF_Z 0xA10000C1 398854d3c6SJerome Forissier 408854d3c6SJerome Forissier #define TEE_ATTR_CONCAT_KDF_Z 0xC00001C1 418854d3c6SJerome Forissier #define TEE_ATTR_CONCAT_KDF_OTHER_INFO 0xD00002C1 428854d3c6SJerome Forissier #define TEE_ATTR_CONCAT_KDF_DKM_LENGTH 0xF00003C1 438854d3c6SJerome Forissier 440f2293b7SJerome Forissier /* 450f2293b7SJerome Forissier * PKCS #5 v2.0 Key Derivation Function 2 (PBKDF2) 460f2293b7SJerome Forissier * RFC 2898 section 5.2 470f2293b7SJerome Forissier * https://www.ietf.org/rfc/rfc2898.txt 480f2293b7SJerome Forissier */ 490f2293b7SJerome Forissier 500f2293b7SJerome Forissier #define TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY 0x800020C2 510f2293b7SJerome Forissier 520f2293b7SJerome Forissier #define TEE_TYPE_PBKDF2_PASSWORD 0xA10000C2 530f2293b7SJerome Forissier 540f2293b7SJerome Forissier #define TEE_ATTR_PBKDF2_PASSWORD 0xC00001C2 550f2293b7SJerome Forissier #define TEE_ATTR_PBKDF2_SALT 0xD00002C2 560f2293b7SJerome Forissier #define TEE_ATTR_PBKDF2_ITERATION_COUNT 0xF00003C2 570f2293b7SJerome Forissier #define TEE_ATTR_PBKDF2_DKM_LENGTH 0xF00004C2 580f2293b7SJerome Forissier 59b44708c1SJerome Forissier /* 606a2e0a9fSGabor Szekely * PKCS#1 v1.5 RSASSA pre-hashed sign/verify 616a2e0a9fSGabor Szekely */ 626a2e0a9fSGabor Szekely 636a2e0a9fSGabor Szekely #define TEE_ALG_RSASSA_PKCS1_V1_5 0xF0000830 646a2e0a9fSGabor Szekely 656a2e0a9fSGabor Szekely /* 66b44708c1SJerome Forissier * Implementation-specific object storage constants 67b44708c1SJerome Forissier */ 68b44708c1SJerome Forissier 69b44708c1SJerome Forissier /* Storage is provided by the Rich Execution Environment (REE) */ 70b44708c1SJerome Forissier #define TEE_STORAGE_PRIVATE_REE 0x80000000 71b44708c1SJerome Forissier /* Storage is the Replay Protected Memory Block partition of an eMMC device */ 72b44708c1SJerome Forissier #define TEE_STORAGE_PRIVATE_RPMB 0x80000100 73455856d4SJens Wiklander /* Was TEE_STORAGE_PRIVATE_SQL, which isn't supported any longer */ 74455856d4SJens Wiklander #define TEE_STORAGE_PRIVATE_SQL_RESERVED 0x80000200 75b44708c1SJerome Forissier 76dd3247beSEtienne Carriere /* 77dd3247beSEtienne Carriere * Extension of "Memory Access Rights Constants" 78dd3247beSEtienne Carriere * #define TEE_MEMORY_ACCESS_READ 0x00000001 79dd3247beSEtienne Carriere * #define TEE_MEMORY_ACCESS_WRITE 0x00000002 80dd3247beSEtienne Carriere * #define TEE_MEMORY_ACCESS_ANY_OWNER 0x00000004 81dd3247beSEtienne Carriere * 82dd3247beSEtienne Carriere * TEE_MEMORY_ACCESS_NONSECURE : if set TEE_CheckMemoryAccessRights() 83dd3247beSEtienne Carriere * successfully returns only if target vmem range is mapped non-secure. 84dd3247beSEtienne Carriere * 85dd3247beSEtienne Carriere * TEE_MEMORY_ACCESS_SECURE : if set TEE_CheckMemoryAccessRights() 86dd3247beSEtienne Carriere * successfully returns only if target vmem range is mapped secure. 87dd3247beSEtienne Carriere 88dd3247beSEtienne Carriere */ 89dd3247beSEtienne Carriere #define TEE_MEMORY_ACCESS_NONSECURE 0x10000000 90dd3247beSEtienne Carriere #define TEE_MEMORY_ACCESS_SECURE 0x20000000 91dd3247beSEtienne Carriere 92*78f462f6SSumit Garg /* 93*78f462f6SSumit Garg * Implementation-specific login types 94*78f462f6SSumit Garg */ 95*78f462f6SSumit Garg 96*78f462f6SSumit Garg /* Private login method for REE kernel clients */ 97*78f462f6SSumit Garg #define TEE_LOGIN_REE_KERNEL 0x80000000 98*78f462f6SSumit Garg 998854d3c6SJerome Forissier #endif /* TEE_API_DEFINES_EXTENSIONS_H */ 100