xref: /optee_os/lib/libutee/include/tee_api_defines_extensions.h (revision 7dfcefda2cd455765172b4b300155797a42dee38) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2014-2021, Linaro Limited
4  * Copyright (c) 2021, SumUp Services GmbH
5  */
6 
7 #ifndef TEE_API_DEFINES_EXTENSIONS_H
8 #define TEE_API_DEFINES_EXTENSIONS_H
9 
10 /*
11  * API extended result codes as per TEE_Result IDs defined in GPD TEE
12  * Internal Core API specification v1.1:
13  *
14  * 0x70000000 - 0x7FFFFFFF: Reserved for implementation-specific return
15  *			    code providing non-error information
16  * 0x80000000 - 0x8FFFFFFF: Reserved for implementation-specific errors
17  *
18  * TEE_ERROR_DEFER_DRIVER_INIT - Device driver failed to initialize because
19  * the driver depends on a device not yet initialized.
20  */
21 #define TEE_ERROR_DEFER_DRIVER_INIT	0x80000000
22 
23 /*
24  * TEE_ERROR_NODE_DISABLED - Device driver failed to initialize because it is
25  * not allocated for TEE environment.
26  */
27 #define TEE_ERROR_NODE_DISABLED		0x80000001
28 
29 /*
30  * HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
31  */
32 
33 #define TEE_ALG_HKDF_MD5_DERIVE_KEY     0x800010C0
34 #define TEE_ALG_HKDF_SHA1_DERIVE_KEY    0x800020C0
35 #define TEE_ALG_HKDF_SHA224_DERIVE_KEY  0x800030C0
36 #define TEE_ALG_HKDF_SHA256_DERIVE_KEY  0x800040C0
37 #define TEE_ALG_HKDF_SHA384_DERIVE_KEY  0x800050C0
38 #define TEE_ALG_HKDF_SHA512_DERIVE_KEY  0x800060C0
39 
40 #define TEE_TYPE_HKDF_IKM               0xA10000C0
41 
42 #define TEE_ATTR_HKDF_IKM               0xC00001C0
43 /*
44  * There is a name clash with the  official attributes TEE_ATTR_HKDF_SALT
45  * and TEE_ATTR_HKDF_INFO so define these alternative ID.
46  */
47 #define __OPTEE_TEE_ATTR_HKDF_SALT      0xD00002C0
48 #define __OPTEE_ATTR_HKDF_INFO          0xD00003C0
49 #define TEE_ATTR_HKDF_OKM_LENGTH        0xF00004C0
50 
51 /*
52  * Concatenation Key Derivation Function (Concat KDF)
53  * NIST SP 800-56A section 5.8.1
54  */
55 
56 #define TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY    0x800020C1
57 #define TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY  0x800030C1
58 #define TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY  0x800040C1
59 #define TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY  0x800050C1
60 #define TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY  0x800060C1
61 
62 #define TEE_TYPE_CONCAT_KDF_Z                 0xA10000C1
63 
64 #define TEE_ATTR_CONCAT_KDF_Z                 0xC00001C1
65 #define TEE_ATTR_CONCAT_KDF_OTHER_INFO        0xD00002C1
66 #define TEE_ATTR_CONCAT_KDF_DKM_LENGTH        0xF00003C1
67 
68 /*
69  * PKCS #5 v2.0 Key Derivation Function 2 (PBKDF2)
70  * RFC 2898 section 5.2
71  * https://www.ietf.org/rfc/rfc2898.txt
72  */
73 
74 #define TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY 0x800020C2
75 
76 #define TEE_TYPE_PBKDF2_PASSWORD            0xA10000C2
77 
78 #define TEE_ATTR_PBKDF2_PASSWORD            0xC00001C2
79 #define TEE_ATTR_PBKDF2_SALT                0xD00002C2
80 #define TEE_ATTR_PBKDF2_ITERATION_COUNT     0xF00003C2
81 #define TEE_ATTR_PBKDF2_DKM_LENGTH          0xF00004C2
82 
83 /*
84  * PKCS#1 v1.5 RSASSA pre-hashed sign/verify
85  */
86 
87 #define TEE_ALG_RSASSA_PKCS1_V1_5	0xF0000830
88 
89 /*
90  *  TDEA CMAC (NIST SP800-38B)
91  */
92 #define TEE_ALG_DES3_CMAC	0xF0000613
93 
94 /*
95  *  SM4-XTS
96  */
97 #define TEE_ALG_SM4_XTS 0xF0000414
98 
99 /*
100  * Implementation-specific object storage constants
101  */
102 
103 /* Storage is provided by the Rich Execution Environment (REE) */
104 #define TEE_STORAGE_PRIVATE_REE	 0x80000000
105 /* Storage is the Replay Protected Memory Block partition of an eMMC device */
106 #define TEE_STORAGE_PRIVATE_RPMB 0x80000100
107 /* Was TEE_STORAGE_PRIVATE_SQL, which isn't supported any longer */
108 #define TEE_STORAGE_PRIVATE_SQL_RESERVED  0x80000200
109 
110 /*
111  * Extension of "Memory Access Rights Constants"
112  * #define TEE_MEMORY_ACCESS_READ             0x00000001
113  * #define TEE_MEMORY_ACCESS_WRITE            0x00000002
114  * #define TEE_MEMORY_ACCESS_ANY_OWNER        0x00000004
115  *
116  * TEE_MEMORY_ACCESS_NONSECURE : if set TEE_CheckMemoryAccessRights()
117  * successfully returns only if target vmem range is mapped non-secure.
118  *
119  * TEE_MEMORY_ACCESS_SECURE : if set TEE_CheckMemoryAccessRights()
120  * successfully returns only if target vmem range is mapped secure.
121 
122  */
123 #define TEE_MEMORY_ACCESS_NONSECURE          0x10000000
124 #define TEE_MEMORY_ACCESS_SECURE             0x20000000
125 
126 /*
127  * Implementation-specific login types
128  */
129 
130 /* Private login method for REE kernel clients */
131 #define TEE_LOGIN_REE_KERNEL		0x80000000
132 
133 #endif /* TEE_API_DEFINES_EXTENSIONS_H */
134