xref: /optee_os/lib/libutee/include/tee_api_defines_extensions.h (revision 77bdbf67c42209142ef43129e01113d29d9c62f6) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2014, Linaro Limited
4  * Copyright (c) 2021, SumUp Services GmbH
5  */
6 
7 #ifndef TEE_API_DEFINES_EXTENSIONS_H
8 #define TEE_API_DEFINES_EXTENSIONS_H
9 
10 /*
11  * HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
12  */
13 
14 #define TEE_ALG_HKDF_MD5_DERIVE_KEY     0x800010C0
15 #define TEE_ALG_HKDF_SHA1_DERIVE_KEY    0x800020C0
16 #define TEE_ALG_HKDF_SHA224_DERIVE_KEY  0x800030C0
17 #define TEE_ALG_HKDF_SHA256_DERIVE_KEY  0x800040C0
18 #define TEE_ALG_HKDF_SHA384_DERIVE_KEY  0x800050C0
19 #define TEE_ALG_HKDF_SHA512_DERIVE_KEY  0x800060C0
20 
21 #define TEE_TYPE_HKDF_IKM               0xA10000C0
22 
23 #define TEE_ATTR_HKDF_IKM               0xC00001C0
24 #define TEE_ATTR_HKDF_SALT              0xD00002C0
25 #define TEE_ATTR_HKDF_INFO              0xD00003C0
26 #define TEE_ATTR_HKDF_OKM_LENGTH        0xF00004C0
27 
28 /*
29  * Concatenation Key Derivation Function (Concat KDF)
30  * NIST SP 800-56A section 5.8.1
31  */
32 
33 #define TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY    0x800020C1
34 #define TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY  0x800030C1
35 #define TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY  0x800040C1
36 #define TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY  0x800050C1
37 #define TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY  0x800060C1
38 
39 #define TEE_TYPE_CONCAT_KDF_Z                 0xA10000C1
40 
41 #define TEE_ATTR_CONCAT_KDF_Z                 0xC00001C1
42 #define TEE_ATTR_CONCAT_KDF_OTHER_INFO        0xD00002C1
43 #define TEE_ATTR_CONCAT_KDF_DKM_LENGTH        0xF00003C1
44 
45 /*
46  * PKCS #5 v2.0 Key Derivation Function 2 (PBKDF2)
47  * RFC 2898 section 5.2
48  * https://www.ietf.org/rfc/rfc2898.txt
49  */
50 
51 #define TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY 0x800020C2
52 
53 #define TEE_TYPE_PBKDF2_PASSWORD            0xA10000C2
54 
55 #define TEE_ATTR_PBKDF2_PASSWORD            0xC00001C2
56 #define TEE_ATTR_PBKDF2_SALT                0xD00002C2
57 #define TEE_ATTR_PBKDF2_ITERATION_COUNT     0xF00003C2
58 #define TEE_ATTR_PBKDF2_DKM_LENGTH          0xF00004C2
59 
60 /*
61  * PKCS#1 v1.5 RSASSA pre-hashed sign/verify
62  */
63 
64 #define TEE_ALG_RSASSA_PKCS1_V1_5	0xF0000830
65 
66 /*
67  *  TDEA CMAC (NIST SP800-38B)
68  */
69 #define TEE_ALG_DES3_CMAC	0xF0000613
70 
71 /*
72  * Implementation-specific object storage constants
73  */
74 
75 /* Storage is provided by the Rich Execution Environment (REE) */
76 #define TEE_STORAGE_PRIVATE_REE	 0x80000000
77 /* Storage is the Replay Protected Memory Block partition of an eMMC device */
78 #define TEE_STORAGE_PRIVATE_RPMB 0x80000100
79 /* Was TEE_STORAGE_PRIVATE_SQL, which isn't supported any longer */
80 #define TEE_STORAGE_PRIVATE_SQL_RESERVED  0x80000200
81 
82 /*
83  * Extension of "Memory Access Rights Constants"
84  * #define TEE_MEMORY_ACCESS_READ             0x00000001
85  * #define TEE_MEMORY_ACCESS_WRITE            0x00000002
86  * #define TEE_MEMORY_ACCESS_ANY_OWNER        0x00000004
87  *
88  * TEE_MEMORY_ACCESS_NONSECURE : if set TEE_CheckMemoryAccessRights()
89  * successfully returns only if target vmem range is mapped non-secure.
90  *
91  * TEE_MEMORY_ACCESS_SECURE : if set TEE_CheckMemoryAccessRights()
92  * successfully returns only if target vmem range is mapped secure.
93 
94  */
95 #define TEE_MEMORY_ACCESS_NONSECURE          0x10000000
96 #define TEE_MEMORY_ACCESS_SECURE             0x20000000
97 
98 /*
99  * Implementation-specific login types
100  */
101 
102 /* Private login method for REE kernel clients */
103 #define TEE_LOGIN_REE_KERNEL		0x80000000
104 
105 #endif /* TEE_API_DEFINES_EXTENSIONS_H */
106