11bb92983SJerome Forissier /* SPDX-License-Identifier: BSD-2-Clause */ 28854d3c6SJerome Forissier /* 3492c8e9aSEtienne Carriere * Copyright (c) 2014-2021, Linaro Limited 4eee637e7SAlexander Zakharov * Copyright (c) 2021, SumUp Services GmbH 58854d3c6SJerome Forissier */ 68854d3c6SJerome Forissier 78854d3c6SJerome Forissier #ifndef TEE_API_DEFINES_EXTENSIONS_H 88854d3c6SJerome Forissier #define TEE_API_DEFINES_EXTENSIONS_H 98854d3c6SJerome Forissier 108854d3c6SJerome Forissier /* 11*f5c3d85aSJulien Masson * RSA signatures with MD5 hash 12*f5c3d85aSJulien Masson * Values prefixed with vendor ID bit31 with by TEE bitfields IDs 13*f5c3d85aSJulien Masson */ 14*f5c3d85aSJulien Masson #define TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5 0xF0111930 15*f5c3d85aSJulien Masson #define TEE_ALG_RSAES_PKCS1_OAEP_MGF1_MD5 0xF0110230 16*f5c3d85aSJulien Masson 17*f5c3d85aSJulien Masson /* 18492c8e9aSEtienne Carriere * API extended result codes as per TEE_Result IDs defined in GPD TEE 19492c8e9aSEtienne Carriere * Internal Core API specification v1.1: 20492c8e9aSEtienne Carriere * 21492c8e9aSEtienne Carriere * 0x70000000 - 0x7FFFFFFF: Reserved for implementation-specific return 22492c8e9aSEtienne Carriere * code providing non-error information 23492c8e9aSEtienne Carriere * 0x80000000 - 0x8FFFFFFF: Reserved for implementation-specific errors 24492c8e9aSEtienne Carriere * 25492c8e9aSEtienne Carriere * TEE_ERROR_DEFER_DRIVER_INIT - Device driver failed to initialize because 26492c8e9aSEtienne Carriere * the driver depends on a device not yet initialized. 27492c8e9aSEtienne Carriere */ 28492c8e9aSEtienne Carriere #define TEE_ERROR_DEFER_DRIVER_INIT 0x80000000 29492c8e9aSEtienne Carriere 30492c8e9aSEtienne Carriere /* 3152199c35SVesa Jääskeläinen * TEE_ERROR_NODE_DISABLED - Device driver failed to initialize because it is 3252199c35SVesa Jääskeläinen * not allocated for TEE environment. 3352199c35SVesa Jääskeläinen */ 3452199c35SVesa Jääskeläinen #define TEE_ERROR_NODE_DISABLED 0x80000001 3552199c35SVesa Jääskeläinen 3652199c35SVesa Jääskeläinen /* 37cdb198a7SJerome Forissier * HMAC-based Extract-and-Expand Key Derivation Function (HKDF) 38cdb198a7SJerome Forissier */ 39cdb198a7SJerome Forissier 40cdb198a7SJerome Forissier #define TEE_ALG_HKDF_MD5_DERIVE_KEY 0x800010C0 41cdb198a7SJerome Forissier #define TEE_ALG_HKDF_SHA1_DERIVE_KEY 0x800020C0 42cdb198a7SJerome Forissier #define TEE_ALG_HKDF_SHA224_DERIVE_KEY 0x800030C0 43cdb198a7SJerome Forissier #define TEE_ALG_HKDF_SHA256_DERIVE_KEY 0x800040C0 44cdb198a7SJerome Forissier #define TEE_ALG_HKDF_SHA384_DERIVE_KEY 0x800050C0 45cdb198a7SJerome Forissier #define TEE_ALG_HKDF_SHA512_DERIVE_KEY 0x800060C0 46cdb198a7SJerome Forissier 47cdb198a7SJerome Forissier #define TEE_TYPE_HKDF_IKM 0xA10000C0 48cdb198a7SJerome Forissier 49cdb198a7SJerome Forissier #define TEE_ATTR_HKDF_IKM 0xC00001C0 50b93c7dffSJens Wiklander /* 51b93c7dffSJens Wiklander * There is a name clash with the official attributes TEE_ATTR_HKDF_SALT 52b93c7dffSJens Wiklander * and TEE_ATTR_HKDF_INFO so define these alternative ID. 53b93c7dffSJens Wiklander */ 54b93c7dffSJens Wiklander #define __OPTEE_TEE_ATTR_HKDF_SALT 0xD00002C0 55b93c7dffSJens Wiklander #define __OPTEE_ATTR_HKDF_INFO 0xD00003C0 56cdb198a7SJerome Forissier #define TEE_ATTR_HKDF_OKM_LENGTH 0xF00004C0 57cdb198a7SJerome Forissier 58cdb198a7SJerome Forissier /* 598854d3c6SJerome Forissier * Concatenation Key Derivation Function (Concat KDF) 608854d3c6SJerome Forissier * NIST SP 800-56A section 5.8.1 618854d3c6SJerome Forissier */ 628854d3c6SJerome Forissier 638854d3c6SJerome Forissier #define TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY 0x800020C1 648854d3c6SJerome Forissier #define TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY 0x800030C1 658854d3c6SJerome Forissier #define TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY 0x800040C1 668854d3c6SJerome Forissier #define TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY 0x800050C1 678854d3c6SJerome Forissier #define TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY 0x800060C1 688854d3c6SJerome Forissier 698854d3c6SJerome Forissier #define TEE_TYPE_CONCAT_KDF_Z 0xA10000C1 708854d3c6SJerome Forissier 718854d3c6SJerome Forissier #define TEE_ATTR_CONCAT_KDF_Z 0xC00001C1 728854d3c6SJerome Forissier #define TEE_ATTR_CONCAT_KDF_OTHER_INFO 0xD00002C1 738854d3c6SJerome Forissier #define TEE_ATTR_CONCAT_KDF_DKM_LENGTH 0xF00003C1 748854d3c6SJerome Forissier 750f2293b7SJerome Forissier /* 760f2293b7SJerome Forissier * PKCS #5 v2.0 Key Derivation Function 2 (PBKDF2) 770f2293b7SJerome Forissier * RFC 2898 section 5.2 780f2293b7SJerome Forissier * https://www.ietf.org/rfc/rfc2898.txt 790f2293b7SJerome Forissier */ 800f2293b7SJerome Forissier 810f2293b7SJerome Forissier #define TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY 0x800020C2 820f2293b7SJerome Forissier 830f2293b7SJerome Forissier #define TEE_TYPE_PBKDF2_PASSWORD 0xA10000C2 840f2293b7SJerome Forissier 850f2293b7SJerome Forissier #define TEE_ATTR_PBKDF2_PASSWORD 0xC00001C2 860f2293b7SJerome Forissier #define TEE_ATTR_PBKDF2_SALT 0xD00002C2 870f2293b7SJerome Forissier #define TEE_ATTR_PBKDF2_ITERATION_COUNT 0xF00003C2 880f2293b7SJerome Forissier #define TEE_ATTR_PBKDF2_DKM_LENGTH 0xF00004C2 890f2293b7SJerome Forissier 90b44708c1SJerome Forissier /* 916a2e0a9fSGabor Szekely * PKCS#1 v1.5 RSASSA pre-hashed sign/verify 926a2e0a9fSGabor Szekely */ 936a2e0a9fSGabor Szekely 946a2e0a9fSGabor Szekely #define TEE_ALG_RSASSA_PKCS1_V1_5 0xF0000830 956a2e0a9fSGabor Szekely 966a2e0a9fSGabor Szekely /* 97eee637e7SAlexander Zakharov * TDEA CMAC (NIST SP800-38B) 98eee637e7SAlexander Zakharov */ 99eee637e7SAlexander Zakharov #define TEE_ALG_DES3_CMAC 0xF0000613 100eee637e7SAlexander Zakharov 101eee637e7SAlexander Zakharov /* 102696f56acSPingan Xie * SM4-XTS 103696f56acSPingan Xie */ 104696f56acSPingan Xie #define TEE_ALG_SM4_XTS 0xF0000414 105696f56acSPingan Xie 106696f56acSPingan Xie /* 107b44708c1SJerome Forissier * Implementation-specific object storage constants 108b44708c1SJerome Forissier */ 109b44708c1SJerome Forissier 110b44708c1SJerome Forissier /* Storage is provided by the Rich Execution Environment (REE) */ 111b44708c1SJerome Forissier #define TEE_STORAGE_PRIVATE_REE 0x80000000 112b44708c1SJerome Forissier /* Storage is the Replay Protected Memory Block partition of an eMMC device */ 113b44708c1SJerome Forissier #define TEE_STORAGE_PRIVATE_RPMB 0x80000100 114455856d4SJens Wiklander /* Was TEE_STORAGE_PRIVATE_SQL, which isn't supported any longer */ 115455856d4SJens Wiklander #define TEE_STORAGE_PRIVATE_SQL_RESERVED 0x80000200 116b44708c1SJerome Forissier 117dd3247beSEtienne Carriere /* 118dd3247beSEtienne Carriere * Extension of "Memory Access Rights Constants" 119dd3247beSEtienne Carriere * #define TEE_MEMORY_ACCESS_READ 0x00000001 120dd3247beSEtienne Carriere * #define TEE_MEMORY_ACCESS_WRITE 0x00000002 121dd3247beSEtienne Carriere * #define TEE_MEMORY_ACCESS_ANY_OWNER 0x00000004 122dd3247beSEtienne Carriere * 123dd3247beSEtienne Carriere * TEE_MEMORY_ACCESS_NONSECURE : if set TEE_CheckMemoryAccessRights() 124dd3247beSEtienne Carriere * successfully returns only if target vmem range is mapped non-secure. 125dd3247beSEtienne Carriere * 126dd3247beSEtienne Carriere * TEE_MEMORY_ACCESS_SECURE : if set TEE_CheckMemoryAccessRights() 127dd3247beSEtienne Carriere * successfully returns only if target vmem range is mapped secure. 128dd3247beSEtienne Carriere 129dd3247beSEtienne Carriere */ 130dd3247beSEtienne Carriere #define TEE_MEMORY_ACCESS_NONSECURE 0x10000000 131dd3247beSEtienne Carriere #define TEE_MEMORY_ACCESS_SECURE 0x20000000 132dd3247beSEtienne Carriere 13378f462f6SSumit Garg /* 13478f462f6SSumit Garg * Implementation-specific login types 13578f462f6SSumit Garg */ 13678f462f6SSumit Garg 13778f462f6SSumit Garg /* Private login method for REE kernel clients */ 13878f462f6SSumit Garg #define TEE_LOGIN_REE_KERNEL 0x80000000 13978f462f6SSumit Garg 1408854d3c6SJerome Forissier #endif /* TEE_API_DEFINES_EXTENSIONS_H */ 141