11bb92983SJerome Forissier /* SPDX-License-Identifier: BSD-2-Clause */ 2b0104773SPascal Brand /* 3b0104773SPascal Brand * Copyright (c) 2014, STMicroelectronics International N.V. 4b0104773SPascal Brand */ 5b0104773SPascal Brand 6b0104773SPascal Brand /* Based on GP TEE Internal API Specification Version 0.27 */ 7b0104773SPascal Brand #ifndef TEE_INTERNAL_API_H 8b0104773SPascal Brand #define TEE_INTERNAL_API_H 9b0104773SPascal Brand 10*4b0f9953SJens Wiklander #include <compiler.h> 11*4b0f9953SJens Wiklander #include <stddef.h> 12b0104773SPascal Brand #include <tee_api_defines.h> 13b0104773SPascal Brand #include <tee_api_types.h> 14*4b0f9953SJens Wiklander #include <trace.h> 15b0104773SPascal Brand 16*4b0f9953SJens Wiklander /* Property access functions */ 17*4b0f9953SJens Wiklander 18*4b0f9953SJens Wiklander TEE_Result TEE_GetPropertyAsString(TEE_PropSetHandle propsetOrEnumerator, 19*4b0f9953SJens Wiklander const char *name, char *valueBuffer, 20*4b0f9953SJens Wiklander uint32_t *valueBufferLen); 21*4b0f9953SJens Wiklander 22*4b0f9953SJens Wiklander TEE_Result TEE_GetPropertyAsBool(TEE_PropSetHandle propsetOrEnumerator, 23*4b0f9953SJens Wiklander const char *name, bool *value); 24*4b0f9953SJens Wiklander 25*4b0f9953SJens Wiklander TEE_Result TEE_GetPropertyAsU32(TEE_PropSetHandle propsetOrEnumerator, 26*4b0f9953SJens Wiklander const char *name, uint32_t *value); 27*4b0f9953SJens Wiklander 28*4b0f9953SJens Wiklander TEE_Result TEE_GetPropertyAsBinaryBlock(TEE_PropSetHandle propsetOrEnumerator, 29*4b0f9953SJens Wiklander const char *name, void *valueBuffer, 30*4b0f9953SJens Wiklander uint32_t *valueBufferLen); 31*4b0f9953SJens Wiklander 32*4b0f9953SJens Wiklander TEE_Result TEE_GetPropertyAsUUID(TEE_PropSetHandle propsetOrEnumerator, 33*4b0f9953SJens Wiklander const char *name, TEE_UUID *value); 34*4b0f9953SJens Wiklander 35*4b0f9953SJens Wiklander TEE_Result TEE_GetPropertyAsIdentity(TEE_PropSetHandle propsetOrEnumerator, 36*4b0f9953SJens Wiklander const char *name, TEE_Identity *value); 37*4b0f9953SJens Wiklander 38*4b0f9953SJens Wiklander TEE_Result TEE_AllocatePropertyEnumerator(TEE_PropSetHandle *enumerator); 39*4b0f9953SJens Wiklander 40*4b0f9953SJens Wiklander void TEE_FreePropertyEnumerator(TEE_PropSetHandle enumerator); 41*4b0f9953SJens Wiklander 42*4b0f9953SJens Wiklander void TEE_StartPropertyEnumerator(TEE_PropSetHandle enumerator, 43*4b0f9953SJens Wiklander TEE_PropSetHandle propSet); 44*4b0f9953SJens Wiklander 45*4b0f9953SJens Wiklander void TEE_ResetPropertyEnumerator(TEE_PropSetHandle enumerator); 46*4b0f9953SJens Wiklander 47*4b0f9953SJens Wiklander TEE_Result TEE_GetPropertyName(TEE_PropSetHandle enumerator, 48*4b0f9953SJens Wiklander void *nameBuffer, uint32_t *nameBufferLen); 49*4b0f9953SJens Wiklander 50*4b0f9953SJens Wiklander TEE_Result TEE_GetNextProperty(TEE_PropSetHandle enumerator); 51*4b0f9953SJens Wiklander 52*4b0f9953SJens Wiklander /* System API - Misc */ 53*4b0f9953SJens Wiklander 54*4b0f9953SJens Wiklander void TEE_Panic(TEE_Result panicCode); 55*4b0f9953SJens Wiklander 56*4b0f9953SJens Wiklander /* System API - Internal Client API */ 57*4b0f9953SJens Wiklander 58*4b0f9953SJens Wiklander TEE_Result TEE_OpenTASession(const TEE_UUID *destination, 59*4b0f9953SJens Wiklander uint32_t cancellationRequestTimeout, 60*4b0f9953SJens Wiklander uint32_t paramTypes, 61*4b0f9953SJens Wiklander TEE_Param params[TEE_NUM_PARAMS], 62*4b0f9953SJens Wiklander TEE_TASessionHandle *session, 63*4b0f9953SJens Wiklander uint32_t *returnOrigin); 64*4b0f9953SJens Wiklander 65*4b0f9953SJens Wiklander void TEE_CloseTASession(TEE_TASessionHandle session); 66*4b0f9953SJens Wiklander 67*4b0f9953SJens Wiklander TEE_Result TEE_InvokeTACommand(TEE_TASessionHandle session, 68*4b0f9953SJens Wiklander uint32_t cancellationRequestTimeout, 69*4b0f9953SJens Wiklander uint32_t commandID, uint32_t paramTypes, 70*4b0f9953SJens Wiklander TEE_Param params[TEE_NUM_PARAMS], 71*4b0f9953SJens Wiklander uint32_t *returnOrigin); 72*4b0f9953SJens Wiklander 73*4b0f9953SJens Wiklander /* System API - Cancellations */ 74*4b0f9953SJens Wiklander 75*4b0f9953SJens Wiklander bool TEE_GetCancellationFlag(void); 76*4b0f9953SJens Wiklander 77*4b0f9953SJens Wiklander bool TEE_UnmaskCancellation(void); 78*4b0f9953SJens Wiklander 79*4b0f9953SJens Wiklander bool TEE_MaskCancellation(void); 80*4b0f9953SJens Wiklander 81*4b0f9953SJens Wiklander /* System API - Memory Management */ 82*4b0f9953SJens Wiklander 83*4b0f9953SJens Wiklander TEE_Result TEE_CheckMemoryAccessRights(uint32_t accessFlags, void *buffer, 84*4b0f9953SJens Wiklander uint32_t size); 85*4b0f9953SJens Wiklander 86*4b0f9953SJens Wiklander void TEE_SetInstanceData(const void *instanceData); 87*4b0f9953SJens Wiklander 88*4b0f9953SJens Wiklander const void *TEE_GetInstanceData(void); 89*4b0f9953SJens Wiklander 90*4b0f9953SJens Wiklander void *TEE_Malloc(uint32_t size, uint32_t hint); 91*4b0f9953SJens Wiklander 92*4b0f9953SJens Wiklander void *TEE_Realloc(void *buffer, uint32_t newSize); 93*4b0f9953SJens Wiklander 94*4b0f9953SJens Wiklander void TEE_Free(void *buffer); 95*4b0f9953SJens Wiklander 96*4b0f9953SJens Wiklander void *TEE_MemMove(void *dest, const void *src, uint32_t size); 97*4b0f9953SJens Wiklander 98*4b0f9953SJens Wiklander /* 99*4b0f9953SJens Wiklander * Note: TEE_MemCompare() has a constant-time implementation (execution time 100*4b0f9953SJens Wiklander * does not depend on buffer content but only on buffer size). It is the main 101*4b0f9953SJens Wiklander * difference with memcmp(). 102*4b0f9953SJens Wiklander */ 103*4b0f9953SJens Wiklander int32_t TEE_MemCompare(const void *buffer1, const void *buffer2, uint32_t size); 104*4b0f9953SJens Wiklander 105*4b0f9953SJens Wiklander void *TEE_MemFill(void *buff, uint32_t x, uint32_t size); 106*4b0f9953SJens Wiklander 107*4b0f9953SJens Wiklander /* Data and Key Storage API - Generic Object Functions */ 108*4b0f9953SJens Wiklander 109*4b0f9953SJens Wiklander void TEE_GetObjectInfo(TEE_ObjectHandle object, TEE_ObjectInfo *objectInfo); 110*4b0f9953SJens Wiklander TEE_Result TEE_GetObjectInfo1(TEE_ObjectHandle object, 111*4b0f9953SJens Wiklander TEE_ObjectInfo *objectInfo); 112*4b0f9953SJens Wiklander 113*4b0f9953SJens Wiklander void TEE_RestrictObjectUsage(TEE_ObjectHandle object, uint32_t objectUsage); 114*4b0f9953SJens Wiklander TEE_Result TEE_RestrictObjectUsage1(TEE_ObjectHandle object, 115*4b0f9953SJens Wiklander uint32_t objectUsage); 116*4b0f9953SJens Wiklander 117*4b0f9953SJens Wiklander TEE_Result TEE_GetObjectBufferAttribute(TEE_ObjectHandle object, 118*4b0f9953SJens Wiklander uint32_t attributeID, void *buffer, 119*4b0f9953SJens Wiklander uint32_t *size); 120*4b0f9953SJens Wiklander 121*4b0f9953SJens Wiklander TEE_Result TEE_GetObjectValueAttribute(TEE_ObjectHandle object, 122*4b0f9953SJens Wiklander uint32_t attributeID, uint32_t *a, 123*4b0f9953SJens Wiklander uint32_t *b); 124*4b0f9953SJens Wiklander 125*4b0f9953SJens Wiklander void TEE_CloseObject(TEE_ObjectHandle object); 126*4b0f9953SJens Wiklander 127*4b0f9953SJens Wiklander /* Data and Key Storage API - Transient Object Functions */ 128*4b0f9953SJens Wiklander 129*4b0f9953SJens Wiklander TEE_Result TEE_AllocateTransientObject(TEE_ObjectType objectType, 130*4b0f9953SJens Wiklander uint32_t maxKeySize, 131*4b0f9953SJens Wiklander TEE_ObjectHandle *object); 132*4b0f9953SJens Wiklander 133*4b0f9953SJens Wiklander void TEE_FreeTransientObject(TEE_ObjectHandle object); 134*4b0f9953SJens Wiklander 135*4b0f9953SJens Wiklander void TEE_ResetTransientObject(TEE_ObjectHandle object); 136*4b0f9953SJens Wiklander 137*4b0f9953SJens Wiklander TEE_Result TEE_PopulateTransientObject(TEE_ObjectHandle object, 138*4b0f9953SJens Wiklander const TEE_Attribute *attrs, 139*4b0f9953SJens Wiklander uint32_t attrCount); 140*4b0f9953SJens Wiklander 141*4b0f9953SJens Wiklander void TEE_InitRefAttribute(TEE_Attribute *attr, uint32_t attributeID, 142*4b0f9953SJens Wiklander const void *buffer, uint32_t length); 143*4b0f9953SJens Wiklander 144*4b0f9953SJens Wiklander void TEE_InitValueAttribute(TEE_Attribute *attr, uint32_t attributeID, 145*4b0f9953SJens Wiklander uint32_t a, uint32_t b); 146*4b0f9953SJens Wiklander 147*4b0f9953SJens Wiklander void TEE_CopyObjectAttributes(TEE_ObjectHandle destObject, 148*4b0f9953SJens Wiklander TEE_ObjectHandle srcObject); 149*4b0f9953SJens Wiklander 150*4b0f9953SJens Wiklander TEE_Result TEE_CopyObjectAttributes1(TEE_ObjectHandle destObject, 151*4b0f9953SJens Wiklander TEE_ObjectHandle srcObject); 152*4b0f9953SJens Wiklander 153*4b0f9953SJens Wiklander TEE_Result TEE_GenerateKey(TEE_ObjectHandle object, uint32_t keySize, 154*4b0f9953SJens Wiklander const TEE_Attribute *params, uint32_t paramCount); 155*4b0f9953SJens Wiklander 156*4b0f9953SJens Wiklander /* Data and Key Storage API - Persistent Object Functions */ 157*4b0f9953SJens Wiklander 158*4b0f9953SJens Wiklander TEE_Result TEE_OpenPersistentObject(uint32_t storageID, const void *objectID, 159*4b0f9953SJens Wiklander uint32_t objectIDLen, uint32_t flags, 160*4b0f9953SJens Wiklander TEE_ObjectHandle *object); 161*4b0f9953SJens Wiklander 162*4b0f9953SJens Wiklander TEE_Result TEE_CreatePersistentObject(uint32_t storageID, const void *objectID, 163*4b0f9953SJens Wiklander uint32_t objectIDLen, uint32_t flags, 164*4b0f9953SJens Wiklander TEE_ObjectHandle attributes, 165*4b0f9953SJens Wiklander const void *initialData, 166*4b0f9953SJens Wiklander uint32_t initialDataLen, 167*4b0f9953SJens Wiklander TEE_ObjectHandle *object); 168*4b0f9953SJens Wiklander 169*4b0f9953SJens Wiklander void TEE_CloseAndDeletePersistentObject(TEE_ObjectHandle object); 170*4b0f9953SJens Wiklander 171*4b0f9953SJens Wiklander TEE_Result TEE_CloseAndDeletePersistentObject1(TEE_ObjectHandle object); 172*4b0f9953SJens Wiklander 173*4b0f9953SJens Wiklander TEE_Result TEE_RenamePersistentObject(TEE_ObjectHandle object, 174*4b0f9953SJens Wiklander const void *newObjectID, 175*4b0f9953SJens Wiklander uint32_t newObjectIDLen); 176*4b0f9953SJens Wiklander 177*4b0f9953SJens Wiklander TEE_Result TEE_AllocatePersistentObjectEnumerator(TEE_ObjectEnumHandle * 178*4b0f9953SJens Wiklander objectEnumerator); 179*4b0f9953SJens Wiklander 180*4b0f9953SJens Wiklander void TEE_FreePersistentObjectEnumerator(TEE_ObjectEnumHandle objectEnumerator); 181*4b0f9953SJens Wiklander 182*4b0f9953SJens Wiklander void TEE_ResetPersistentObjectEnumerator(TEE_ObjectEnumHandle objectEnumerator); 183*4b0f9953SJens Wiklander 184*4b0f9953SJens Wiklander TEE_Result TEE_StartPersistentObjectEnumerator(TEE_ObjectEnumHandle 185*4b0f9953SJens Wiklander objectEnumerator, 186*4b0f9953SJens Wiklander uint32_t storageID); 187*4b0f9953SJens Wiklander 188*4b0f9953SJens Wiklander TEE_Result TEE_GetNextPersistentObject(TEE_ObjectEnumHandle objectEnumerator, 189*4b0f9953SJens Wiklander TEE_ObjectInfo *objectInfo, 190*4b0f9953SJens Wiklander void *objectID, uint32_t *objectIDLen); 191*4b0f9953SJens Wiklander 192*4b0f9953SJens Wiklander /* Data and Key Storage API - Data Stream Access Functions */ 193*4b0f9953SJens Wiklander 194*4b0f9953SJens Wiklander TEE_Result TEE_ReadObjectData(TEE_ObjectHandle object, void *buffer, 195*4b0f9953SJens Wiklander uint32_t size, uint32_t *count); 196*4b0f9953SJens Wiklander 197*4b0f9953SJens Wiklander TEE_Result TEE_WriteObjectData(TEE_ObjectHandle object, const void *buffer, 198*4b0f9953SJens Wiklander uint32_t size); 199*4b0f9953SJens Wiklander 200*4b0f9953SJens Wiklander TEE_Result TEE_TruncateObjectData(TEE_ObjectHandle object, uint32_t size); 201*4b0f9953SJens Wiklander 202*4b0f9953SJens Wiklander TEE_Result TEE_SeekObjectData(TEE_ObjectHandle object, int32_t offset, 203*4b0f9953SJens Wiklander TEE_Whence whence); 204*4b0f9953SJens Wiklander 205*4b0f9953SJens Wiklander /* Cryptographic Operations API - Generic Operation Functions */ 206*4b0f9953SJens Wiklander 207*4b0f9953SJens Wiklander TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 208*4b0f9953SJens Wiklander uint32_t algorithm, uint32_t mode, 209*4b0f9953SJens Wiklander uint32_t maxKeySize); 210*4b0f9953SJens Wiklander 211*4b0f9953SJens Wiklander void TEE_FreeOperation(TEE_OperationHandle operation); 212*4b0f9953SJens Wiklander 213*4b0f9953SJens Wiklander void TEE_GetOperationInfo(TEE_OperationHandle operation, 214*4b0f9953SJens Wiklander TEE_OperationInfo *operationInfo); 215*4b0f9953SJens Wiklander 216*4b0f9953SJens Wiklander TEE_Result 217*4b0f9953SJens Wiklander TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, 218*4b0f9953SJens Wiklander TEE_OperationInfoMultiple *operationInfoMultiple, 219*4b0f9953SJens Wiklander uint32_t *operationSize); 220*4b0f9953SJens Wiklander 221*4b0f9953SJens Wiklander void TEE_ResetOperation(TEE_OperationHandle operation); 222*4b0f9953SJens Wiklander 223*4b0f9953SJens Wiklander TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 224*4b0f9953SJens Wiklander TEE_ObjectHandle key); 225*4b0f9953SJens Wiklander 226*4b0f9953SJens Wiklander TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 227*4b0f9953SJens Wiklander TEE_ObjectHandle key1, TEE_ObjectHandle key2); 228*4b0f9953SJens Wiklander 229*4b0f9953SJens Wiklander void TEE_CopyOperation(TEE_OperationHandle dstOperation, 230*4b0f9953SJens Wiklander TEE_OperationHandle srcOperation); 231*4b0f9953SJens Wiklander 232*4b0f9953SJens Wiklander TEE_Result TEE_IsAlgorithmSupported(uint32_t algId, uint32_t element); 233*4b0f9953SJens Wiklander 234*4b0f9953SJens Wiklander /* Cryptographic Operations API - Message Digest Functions */ 235*4b0f9953SJens Wiklander 236*4b0f9953SJens Wiklander void TEE_DigestUpdate(TEE_OperationHandle operation, 237*4b0f9953SJens Wiklander const void *chunk, uint32_t chunkSize); 238*4b0f9953SJens Wiklander 239*4b0f9953SJens Wiklander TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 240*4b0f9953SJens Wiklander uint32_t chunkLen, void *hash, uint32_t *hashLen); 241*4b0f9953SJens Wiklander 242*4b0f9953SJens Wiklander /* Cryptographic Operations API - Symmetric Cipher Functions */ 243*4b0f9953SJens Wiklander 244*4b0f9953SJens Wiklander void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 245*4b0f9953SJens Wiklander uint32_t IVLen); 246*4b0f9953SJens Wiklander 247*4b0f9953SJens Wiklander TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 248*4b0f9953SJens Wiklander uint32_t srcLen, void *destData, uint32_t *destLen); 249*4b0f9953SJens Wiklander 250*4b0f9953SJens Wiklander TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 251*4b0f9953SJens Wiklander const void *srcData, uint32_t srcLen, 252*4b0f9953SJens Wiklander void *destData, uint32_t *destLen); 253*4b0f9953SJens Wiklander 254*4b0f9953SJens Wiklander /* Cryptographic Operations API - MAC Functions */ 255*4b0f9953SJens Wiklander 256*4b0f9953SJens Wiklander void TEE_MACInit(TEE_OperationHandle operation, const void *IV, 257*4b0f9953SJens Wiklander uint32_t IVLen); 258*4b0f9953SJens Wiklander 259*4b0f9953SJens Wiklander void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 260*4b0f9953SJens Wiklander uint32_t chunkSize); 261*4b0f9953SJens Wiklander 262*4b0f9953SJens Wiklander TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 263*4b0f9953SJens Wiklander const void *message, uint32_t messageLen, 264*4b0f9953SJens Wiklander void *mac, uint32_t *macLen); 265*4b0f9953SJens Wiklander 266*4b0f9953SJens Wiklander TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 267*4b0f9953SJens Wiklander const void *message, uint32_t messageLen, 268*4b0f9953SJens Wiklander const void *mac, uint32_t macLen); 269*4b0f9953SJens Wiklander 270*4b0f9953SJens Wiklander /* Cryptographic Operations API - Authenticated Encryption Functions */ 271*4b0f9953SJens Wiklander 272*4b0f9953SJens Wiklander TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 273*4b0f9953SJens Wiklander uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 274*4b0f9953SJens Wiklander uint32_t payloadLen); 275*4b0f9953SJens Wiklander 276*4b0f9953SJens Wiklander void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 277*4b0f9953SJens Wiklander uint32_t AADdataLen); 278*4b0f9953SJens Wiklander 279*4b0f9953SJens Wiklander TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 280*4b0f9953SJens Wiklander uint32_t srcLen, void *destData, uint32_t *destLen); 281*4b0f9953SJens Wiklander 282*4b0f9953SJens Wiklander TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 283*4b0f9953SJens Wiklander const void *srcData, uint32_t srcLen, 284*4b0f9953SJens Wiklander void *destData, uint32_t *destLen, void *tag, 285*4b0f9953SJens Wiklander uint32_t *tagLen); 286*4b0f9953SJens Wiklander 287*4b0f9953SJens Wiklander TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 288*4b0f9953SJens Wiklander const void *srcData, uint32_t srcLen, 289*4b0f9953SJens Wiklander void *destData, uint32_t *destLen, void *tag, 290*4b0f9953SJens Wiklander uint32_t tagLen); 291*4b0f9953SJens Wiklander 292*4b0f9953SJens Wiklander /* Cryptographic Operations API - Asymmetric Functions */ 293*4b0f9953SJens Wiklander 294*4b0f9953SJens Wiklander TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 295*4b0f9953SJens Wiklander const TEE_Attribute *params, 296*4b0f9953SJens Wiklander uint32_t paramCount, const void *srcData, 297*4b0f9953SJens Wiklander uint32_t srcLen, void *destData, 298*4b0f9953SJens Wiklander uint32_t *destLen); 299*4b0f9953SJens Wiklander 300*4b0f9953SJens Wiklander TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 301*4b0f9953SJens Wiklander const TEE_Attribute *params, 302*4b0f9953SJens Wiklander uint32_t paramCount, const void *srcData, 303*4b0f9953SJens Wiklander uint32_t srcLen, void *destData, 304*4b0f9953SJens Wiklander uint32_t *destLen); 305*4b0f9953SJens Wiklander 306*4b0f9953SJens Wiklander TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 307*4b0f9953SJens Wiklander const TEE_Attribute *params, 308*4b0f9953SJens Wiklander uint32_t paramCount, const void *digest, 309*4b0f9953SJens Wiklander uint32_t digestLen, void *signature, 310*4b0f9953SJens Wiklander uint32_t *signatureLen); 311*4b0f9953SJens Wiklander 312*4b0f9953SJens Wiklander TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 313*4b0f9953SJens Wiklander const TEE_Attribute *params, 314*4b0f9953SJens Wiklander uint32_t paramCount, const void *digest, 315*4b0f9953SJens Wiklander uint32_t digestLen, const void *signature, 316*4b0f9953SJens Wiklander uint32_t signatureLen); 317*4b0f9953SJens Wiklander 318*4b0f9953SJens Wiklander /* Cryptographic Operations API - Key Derivation Functions */ 319*4b0f9953SJens Wiklander 320*4b0f9953SJens Wiklander void TEE_DeriveKey(TEE_OperationHandle operation, 321*4b0f9953SJens Wiklander const TEE_Attribute *params, uint32_t paramCount, 322*4b0f9953SJens Wiklander TEE_ObjectHandle derivedKey); 323*4b0f9953SJens Wiklander 324*4b0f9953SJens Wiklander /* Cryptographic Operations API - Random Number Generation Functions */ 325*4b0f9953SJens Wiklander 326*4b0f9953SJens Wiklander void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen); 327*4b0f9953SJens Wiklander 328*4b0f9953SJens Wiklander /* Date & Time API */ 329*4b0f9953SJens Wiklander 330*4b0f9953SJens Wiklander void TEE_GetSystemTime(TEE_Time *time); 331*4b0f9953SJens Wiklander 332*4b0f9953SJens Wiklander TEE_Result TEE_Wait(uint32_t timeout); 333*4b0f9953SJens Wiklander 334*4b0f9953SJens Wiklander TEE_Result TEE_GetTAPersistentTime(TEE_Time *time); 335*4b0f9953SJens Wiklander 336*4b0f9953SJens Wiklander TEE_Result TEE_SetTAPersistentTime(const TEE_Time *time); 337*4b0f9953SJens Wiklander 338*4b0f9953SJens Wiklander void TEE_GetREETime(TEE_Time *time); 339*4b0f9953SJens Wiklander 340*4b0f9953SJens Wiklander /* TEE Arithmetical API - Memory allocation and size of objects */ 341*4b0f9953SJens Wiklander 342*4b0f9953SJens Wiklander uint32_t TEE_BigIntFMMSizeInU32(uint32_t modulusSizeInBits); 343*4b0f9953SJens Wiklander 344*4b0f9953SJens Wiklander uint32_t TEE_BigIntFMMContextSizeInU32(uint32_t modulusSizeInBits); 345*4b0f9953SJens Wiklander 346*4b0f9953SJens Wiklander /* TEE Arithmetical API - Initialization functions */ 347*4b0f9953SJens Wiklander 348*4b0f9953SJens Wiklander void TEE_BigIntInit(TEE_BigInt *bigInt, uint32_t len); 349*4b0f9953SJens Wiklander 350*4b0f9953SJens Wiklander void TEE_BigIntInitFMMContext(TEE_BigIntFMMContext *context, uint32_t len, 351*4b0f9953SJens Wiklander const TEE_BigInt *modulus); 352*4b0f9953SJens Wiklander 353*4b0f9953SJens Wiklander void TEE_BigIntInitFMM(TEE_BigIntFMM *bigIntFMM, uint32_t len); 354*4b0f9953SJens Wiklander 355*4b0f9953SJens Wiklander /* TEE Arithmetical API - Converter functions */ 356*4b0f9953SJens Wiklander 357*4b0f9953SJens Wiklander TEE_Result TEE_BigIntConvertFromOctetString(TEE_BigInt *dest, 358*4b0f9953SJens Wiklander const uint8_t *buffer, 359*4b0f9953SJens Wiklander uint32_t bufferLen, 360*4b0f9953SJens Wiklander int32_t sign); 361*4b0f9953SJens Wiklander 362*4b0f9953SJens Wiklander TEE_Result TEE_BigIntConvertToOctetString(uint8_t *buffer, uint32_t *bufferLen, 363*4b0f9953SJens Wiklander const TEE_BigInt *bigInt); 364*4b0f9953SJens Wiklander 365*4b0f9953SJens Wiklander void TEE_BigIntConvertFromS32(TEE_BigInt *dest, int32_t shortVal); 366*4b0f9953SJens Wiklander 367*4b0f9953SJens Wiklander TEE_Result TEE_BigIntConvertToS32(int32_t *dest, const TEE_BigInt *src); 368*4b0f9953SJens Wiklander 369*4b0f9953SJens Wiklander /* TEE Arithmetical API - Logical operations */ 370*4b0f9953SJens Wiklander 371*4b0f9953SJens Wiklander int32_t TEE_BigIntCmp(const TEE_BigInt *op1, const TEE_BigInt *op2); 372*4b0f9953SJens Wiklander 373*4b0f9953SJens Wiklander int32_t TEE_BigIntCmpS32(const TEE_BigInt *op, int32_t shortVal); 374*4b0f9953SJens Wiklander 375*4b0f9953SJens Wiklander void TEE_BigIntShiftRight(TEE_BigInt *dest, const TEE_BigInt *op, 376*4b0f9953SJens Wiklander size_t bits); 377*4b0f9953SJens Wiklander 378*4b0f9953SJens Wiklander bool TEE_BigIntGetBit(const TEE_BigInt *src, uint32_t bitIndex); 379*4b0f9953SJens Wiklander 380*4b0f9953SJens Wiklander uint32_t TEE_BigIntGetBitCount(const TEE_BigInt *src); 381*4b0f9953SJens Wiklander 382*4b0f9953SJens Wiklander void TEE_BigIntAdd(TEE_BigInt *dest, const TEE_BigInt *op1, 383*4b0f9953SJens Wiklander const TEE_BigInt *op2); 384*4b0f9953SJens Wiklander 385*4b0f9953SJens Wiklander void TEE_BigIntSub(TEE_BigInt *dest, const TEE_BigInt *op1, 386*4b0f9953SJens Wiklander const TEE_BigInt *op2); 387*4b0f9953SJens Wiklander 388*4b0f9953SJens Wiklander void TEE_BigIntNeg(TEE_BigInt *dest, const TEE_BigInt *op); 389*4b0f9953SJens Wiklander 390*4b0f9953SJens Wiklander void TEE_BigIntMul(TEE_BigInt *dest, const TEE_BigInt *op1, 391*4b0f9953SJens Wiklander const TEE_BigInt *op2); 392*4b0f9953SJens Wiklander 393*4b0f9953SJens Wiklander void TEE_BigIntSquare(TEE_BigInt *dest, const TEE_BigInt *op); 394*4b0f9953SJens Wiklander 395*4b0f9953SJens Wiklander void TEE_BigIntDiv(TEE_BigInt *dest_q, TEE_BigInt *dest_r, 396*4b0f9953SJens Wiklander const TEE_BigInt *op1, const TEE_BigInt *op2); 397*4b0f9953SJens Wiklander 398*4b0f9953SJens Wiklander /* TEE Arithmetical API - Modular arithmetic operations */ 399*4b0f9953SJens Wiklander 400*4b0f9953SJens Wiklander void TEE_BigIntMod(TEE_BigInt *dest, const TEE_BigInt *op, 401*4b0f9953SJens Wiklander const TEE_BigInt *n); 402*4b0f9953SJens Wiklander 403*4b0f9953SJens Wiklander void TEE_BigIntAddMod(TEE_BigInt *dest, const TEE_BigInt *op1, 404*4b0f9953SJens Wiklander const TEE_BigInt *op2, const TEE_BigInt *n); 405*4b0f9953SJens Wiklander 406*4b0f9953SJens Wiklander void TEE_BigIntSubMod(TEE_BigInt *dest, const TEE_BigInt *op1, 407*4b0f9953SJens Wiklander const TEE_BigInt *op2, const TEE_BigInt *n); 408*4b0f9953SJens Wiklander 409*4b0f9953SJens Wiklander void TEE_BigIntMulMod(TEE_BigInt *dest, const TEE_BigInt *op1, 410*4b0f9953SJens Wiklander const TEE_BigInt *op2, const TEE_BigInt *n); 411*4b0f9953SJens Wiklander 412*4b0f9953SJens Wiklander void TEE_BigIntSquareMod(TEE_BigInt *dest, const TEE_BigInt *op, 413*4b0f9953SJens Wiklander const TEE_BigInt *n); 414*4b0f9953SJens Wiklander 415*4b0f9953SJens Wiklander void TEE_BigIntInvMod(TEE_BigInt *dest, const TEE_BigInt *op, 416*4b0f9953SJens Wiklander const TEE_BigInt *n); 417*4b0f9953SJens Wiklander 418*4b0f9953SJens Wiklander /* TEE Arithmetical API - Other arithmetic operations */ 419*4b0f9953SJens Wiklander 420*4b0f9953SJens Wiklander bool TEE_BigIntRelativePrime(const TEE_BigInt *op1, const TEE_BigInt *op2); 421*4b0f9953SJens Wiklander 422*4b0f9953SJens Wiklander void TEE_BigIntComputeExtendedGcd(TEE_BigInt *gcd, TEE_BigInt *u, 423*4b0f9953SJens Wiklander TEE_BigInt *v, const TEE_BigInt *op1, 424*4b0f9953SJens Wiklander const TEE_BigInt *op2); 425*4b0f9953SJens Wiklander 426*4b0f9953SJens Wiklander int32_t TEE_BigIntIsProbablePrime(const TEE_BigInt *op, 427*4b0f9953SJens Wiklander uint32_t confidenceLevel); 428*4b0f9953SJens Wiklander 429*4b0f9953SJens Wiklander /* TEE Arithmetical API - Fast modular multiplication operations */ 430*4b0f9953SJens Wiklander 431*4b0f9953SJens Wiklander void TEE_BigIntConvertToFMM(TEE_BigIntFMM *dest, const TEE_BigInt *src, 432*4b0f9953SJens Wiklander const TEE_BigInt *n, 433*4b0f9953SJens Wiklander const TEE_BigIntFMMContext *context); 434*4b0f9953SJens Wiklander 435*4b0f9953SJens Wiklander void TEE_BigIntConvertFromFMM(TEE_BigInt *dest, const TEE_BigIntFMM *src, 436*4b0f9953SJens Wiklander const TEE_BigInt *n, 437*4b0f9953SJens Wiklander const TEE_BigIntFMMContext *context); 438*4b0f9953SJens Wiklander 439*4b0f9953SJens Wiklander void TEE_BigIntFMMConvertToBigInt(TEE_BigInt *dest, const TEE_BigIntFMM *src, 440*4b0f9953SJens Wiklander const TEE_BigInt *n, 441*4b0f9953SJens Wiklander const TEE_BigIntFMMContext *context); 442*4b0f9953SJens Wiklander 443*4b0f9953SJens Wiklander void TEE_BigIntComputeFMM(TEE_BigIntFMM *dest, const TEE_BigIntFMM *op1, 444*4b0f9953SJens Wiklander const TEE_BigIntFMM *op2, const TEE_BigInt *n, 445*4b0f9953SJens Wiklander const TEE_BigIntFMMContext *context); 446*4b0f9953SJens Wiklander 447*4b0f9953SJens Wiklander #define TA_EXPORT 448*4b0f9953SJens Wiklander 449*4b0f9953SJens Wiklander /* 450*4b0f9953SJens Wiklander * TA Interface 451*4b0f9953SJens Wiklander * 452*4b0f9953SJens Wiklander * Each Trusted Application must provide the Implementation with a number 453*4b0f9953SJens Wiklander * of functions, collectively called the “TA interface”. These functions 454*4b0f9953SJens Wiklander * are the entry points called by the Trusted Core Framework to create the 455*4b0f9953SJens Wiklander * instance, notify the instance that a new client is connecting, notify 456*4b0f9953SJens Wiklander * the instance when the client invokes a command, etc. 457*4b0f9953SJens Wiklander * 458*4b0f9953SJens Wiklander * Trusted Application Entry Points: 459*4b0f9953SJens Wiklander */ 460*4b0f9953SJens Wiklander 461*4b0f9953SJens Wiklander /* 462*4b0f9953SJens Wiklander * The function TA_CreateEntryPoint is the Trusted Application's 463*4b0f9953SJens Wiklander * constructor, which the Framework calls when it creates a new instance of 464*4b0f9953SJens Wiklander * the Trusted Application. To register instance data, the implementation 465*4b0f9953SJens Wiklander * of this constructor can use either global variables or the function 466*4b0f9953SJens Wiklander * TEE_InstanceSetData. 467*4b0f9953SJens Wiklander * 468*4b0f9953SJens Wiklander * Return Value: 469*4b0f9953SJens Wiklander * - TEE_SUCCESS: if the instance is successfully created, the function 470*4b0f9953SJens Wiklander * must return TEE_SUCCESS. 471*4b0f9953SJens Wiklander * - Any other value: if any other code is returned the instance is not 472*4b0f9953SJens Wiklander * created, and no other entry points of this instance will be called. 473*4b0f9953SJens Wiklander * The Framework MUST reclaim all resources and dereference all objects 474*4b0f9953SJens Wiklander * related to the creation of the instance. 475*4b0f9953SJens Wiklander * 476*4b0f9953SJens Wiklander * If this entry point was called as a result of a client opening a 477*4b0f9953SJens Wiklander * session, the error code is returned to the client and the session is 478*4b0f9953SJens Wiklander * not opened. 479*4b0f9953SJens Wiklander */ 480*4b0f9953SJens Wiklander TEE_Result TA_EXPORT TA_CreateEntryPoint(void); 481*4b0f9953SJens Wiklander 482*4b0f9953SJens Wiklander /* 483*4b0f9953SJens Wiklander * The function TA_DestroyEntryPoint is the Trusted Application‟s 484*4b0f9953SJens Wiklander * destructor, which the Framework calls when the instance is being 485*4b0f9953SJens Wiklander * destroyed. 486*4b0f9953SJens Wiklander * 487*4b0f9953SJens Wiklander * When the function TA_DestroyEntryPoint is called, the Framework 488*4b0f9953SJens Wiklander * guarantees that no client session is currently open. Once the call to 489*4b0f9953SJens Wiklander * TA_DestroyEntryPoint has been completed, no other entry point of this 490*4b0f9953SJens Wiklander * instance will ever be called. 491*4b0f9953SJens Wiklander * 492*4b0f9953SJens Wiklander * Note that when this function is called, all resources opened by the 493*4b0f9953SJens Wiklander * instance are still available. It is only after the function returns that 494*4b0f9953SJens Wiklander * the Implementation MUST start automatically reclaiming resources left 495*4b0f9953SJens Wiklander * opened. 496*4b0f9953SJens Wiklander * 497*4b0f9953SJens Wiklander * Return Value: 498*4b0f9953SJens Wiklander * This function can return no success or error code. After this function 499*4b0f9953SJens Wiklander * returns the Implementation MUST consider the instance destroyed and 500*4b0f9953SJens Wiklander * reclaims all resources left open by the instance. 501*4b0f9953SJens Wiklander */ 502*4b0f9953SJens Wiklander void TA_EXPORT TA_DestroyEntryPoint(void); 503*4b0f9953SJens Wiklander 504*4b0f9953SJens Wiklander /* 505*4b0f9953SJens Wiklander * The Framework calls the function TA_OpenSessionEntryPoint when a client 506*4b0f9953SJens Wiklander * requests to open a session with the Trusted Application. The open 507*4b0f9953SJens Wiklander * session request may result in a new Trusted Application instance being 508*4b0f9953SJens Wiklander * created as defined in section 4.5. 509*4b0f9953SJens Wiklander * 510*4b0f9953SJens Wiklander * The client can specify parameters in an open operation which are passed 511*4b0f9953SJens Wiklander * to the Trusted Application instance in the arguments paramTypes and 512*4b0f9953SJens Wiklander * params. These arguments can also be used by the Trusted Application 513*4b0f9953SJens Wiklander * instance to transfer response data back to the client. See section 4.3.6 514*4b0f9953SJens Wiklander * for a specification of how to handle the operation parameters. 515*4b0f9953SJens Wiklander * 516*4b0f9953SJens Wiklander * If this function returns TEE_SUCCESS, the client is connected to a 517*4b0f9953SJens Wiklander * Trusted Application instance and can invoke Trusted Application 518*4b0f9953SJens Wiklander * commands. When the client disconnects, the Framework will eventually 519*4b0f9953SJens Wiklander * call the TA_CloseSessionEntryPoint entry point. 520*4b0f9953SJens Wiklander * 521*4b0f9953SJens Wiklander * If the function returns any error, the Framework rejects the connection 522*4b0f9953SJens Wiklander * and returns the error code and the current content of the parameters the 523*4b0f9953SJens Wiklander * client. The return origin is then set to TEE_ORIGIN_TRUSTED_APP. 524*4b0f9953SJens Wiklander * 525*4b0f9953SJens Wiklander * The Trusted Application instance can register a session data pointer by 526*4b0f9953SJens Wiklander * setting *psessionContext. The value of this pointer is not interpreted 527*4b0f9953SJens Wiklander * by the Framework, and is simply passed back to other TA_ functions 528*4b0f9953SJens Wiklander * within this session. Note that *sessionContext may be set with a pointer 529*4b0f9953SJens Wiklander * to a memory allocated by the Trusted Application instance or with 530*4b0f9953SJens Wiklander * anything else, like an integer, a handle etc. The Framework will not 531*4b0f9953SJens Wiklander * automatically free *sessionContext when the session is closed; the 532*4b0f9953SJens Wiklander * Trusted Application instance is responsible for freeing memory if 533*4b0f9953SJens Wiklander * required. 534*4b0f9953SJens Wiklander * 535*4b0f9953SJens Wiklander * During the call to TA_OpenSessionEntryPoint the client may request to 536*4b0f9953SJens Wiklander * cancel the operation. See section 4.10 for more details on 537*4b0f9953SJens Wiklander * cancellations. If the call to TA_OpenSessionEntryPoint returns 538*4b0f9953SJens Wiklander * TEE_SUCCESS, the client must consider the session as successfully opened 539*4b0f9953SJens Wiklander * and explicitly close it if necessary. 540*4b0f9953SJens Wiklander * 541*4b0f9953SJens Wiklander * Parameters: 542*4b0f9953SJens Wiklander * - paramTypes: the types of the four parameters. 543*4b0f9953SJens Wiklander * - params: a pointer to an array of four parameters. 544*4b0f9953SJens Wiklander * - sessionContext: A pointer to a variable that can be filled by the 545*4b0f9953SJens Wiklander * Trusted Application instance with an opaque void* data pointer 546*4b0f9953SJens Wiklander * 547*4b0f9953SJens Wiklander * Return Value: 548*4b0f9953SJens Wiklander * - TEE_SUCCESS if the session is successfully opened. 549*4b0f9953SJens Wiklander * - Any other value if the session could not be open. 550*4b0f9953SJens Wiklander * o The error code may be one of the pre-defined codes, or may be a new 551*4b0f9953SJens Wiklander * error code defined by the Trusted Application implementation itself. 552*4b0f9953SJens Wiklander */ 553*4b0f9953SJens Wiklander TEE_Result TA_EXPORT TA_OpenSessionEntryPoint(uint32_t paramTypes, 554*4b0f9953SJens Wiklander TEE_Param params[TEE_NUM_PARAMS], 555*4b0f9953SJens Wiklander void **sessionContext); 556*4b0f9953SJens Wiklander 557*4b0f9953SJens Wiklander /* 558*4b0f9953SJens Wiklander * The Framework calls this function to close a client session. During the 559*4b0f9953SJens Wiklander * call to this function the implementation can use any session functions. 560*4b0f9953SJens Wiklander * 561*4b0f9953SJens Wiklander * The Trusted Application implementation is responsible for freeing any 562*4b0f9953SJens Wiklander * resources consumed by the session being closed. Note that the Trusted 563*4b0f9953SJens Wiklander * Application cannot refuse to close a session, but can hold the closing 564*4b0f9953SJens Wiklander * until it returns from TA_CloseSessionEntryPoint. This is why this 565*4b0f9953SJens Wiklander * function cannot return an error code. 566*4b0f9953SJens Wiklander * 567*4b0f9953SJens Wiklander * Parameters: 568*4b0f9953SJens Wiklander * - sessionContext: The value of the void* opaque data pointer set by the 569*4b0f9953SJens Wiklander * Trusted Application in the function TA_OpenSessionEntryPoint for this 570*4b0f9953SJens Wiklander * session. 571*4b0f9953SJens Wiklander */ 572*4b0f9953SJens Wiklander void TA_EXPORT TA_CloseSessionEntryPoint(void *sessionContext); 573*4b0f9953SJens Wiklander 574*4b0f9953SJens Wiklander /* 575*4b0f9953SJens Wiklander * The Framework calls this function when the client invokes a command 576*4b0f9953SJens Wiklander * within the given session. 577*4b0f9953SJens Wiklander * 578*4b0f9953SJens Wiklander * The Trusted Application can access the parameters sent by the client 579*4b0f9953SJens Wiklander * through the paramTypes and params arguments. It can also use these 580*4b0f9953SJens Wiklander * arguments to transfer response data back to the client. 581*4b0f9953SJens Wiklander * 582*4b0f9953SJens Wiklander * During the call to TA_InvokeCommandEntryPoint the client may request to 583*4b0f9953SJens Wiklander * cancel the operation. 584*4b0f9953SJens Wiklander * 585*4b0f9953SJens Wiklander * A command is always invoked within the context of a client session. 586*4b0f9953SJens Wiklander * Thus, any session function can be called by the command implementation. 587*4b0f9953SJens Wiklander * 588*4b0f9953SJens Wiklander * Parameter: 589*4b0f9953SJens Wiklander * - sessionContext: The value of the void* opaque data pointer set by the 590*4b0f9953SJens Wiklander * Trusted Application in the function TA_OpenSessionEntryPoint. 591*4b0f9953SJens Wiklander * - commandID: A Trusted Application-specific code that identifies the 592*4b0f9953SJens Wiklander * command to be invoked. 593*4b0f9953SJens Wiklander * - paramTypes: the types of the four parameters. 594*4b0f9953SJens Wiklander * - params: a pointer to an array of four parameters. 595*4b0f9953SJens Wiklander * 596*4b0f9953SJens Wiklander * Return Value: 597*4b0f9953SJens Wiklander * - TEE_SUCCESS: if the command is successfully executed, the function 598*4b0f9953SJens Wiklander * must return this value. 599*4b0f9953SJens Wiklander * - Any other value: if the invocation of the command fails for any 600*4b0f9953SJens Wiklander * reason. 601*4b0f9953SJens Wiklander * o The error code may be one of the pre-defined codes, or may be a new 602*4b0f9953SJens Wiklander * error code defined by the Trusted Application implementation itself. 603*4b0f9953SJens Wiklander */ 604*4b0f9953SJens Wiklander 605*4b0f9953SJens Wiklander TEE_Result TA_EXPORT 606*4b0f9953SJens Wiklander TA_InvokeCommandEntryPoint(void *sessionContext, uint32_t commandID, 607*4b0f9953SJens Wiklander uint32_t paramTypes, 608*4b0f9953SJens Wiklander TEE_Param params[TEE_NUM_PARAMS]); 609*4b0f9953SJens Wiklander 610*4b0f9953SJens Wiklander /* 611*4b0f9953SJens Wiklander * Matching Client Functions <--> TA Functions 612*4b0f9953SJens Wiklander * 613*4b0f9953SJens Wiklander * TEE_OpenSession or TEE_OpenTASession: 614*4b0f9953SJens Wiklander * If a new Trusted Application instance is needed to handle the session, 615*4b0f9953SJens Wiklander * TA_CreateEntryPoint is called. 616*4b0f9953SJens Wiklander * Then, TA_OpenSessionEntryPoint is called. 617*4b0f9953SJens Wiklander * 618*4b0f9953SJens Wiklander * TEE_InvokeCommand or TEE_InvokeTACommand: 619*4b0f9953SJens Wiklander * TA_InvokeCommandEntryPoint is called. 620*4b0f9953SJens Wiklander * 621*4b0f9953SJens Wiklander * TEE_CloseSession or TEE_CloseTASession: 622*4b0f9953SJens Wiklander * TA_CloseSessionEntryPoint is called. 623*4b0f9953SJens Wiklander * For a multi-instance TA or for a single-instance, non keep-alive TA, if 624*4b0f9953SJens Wiklander * the session closed was the last session on the instance, then 625*4b0f9953SJens Wiklander * TA_DestroyEntryPoint is called. Otherwise, the instance is kept until 626*4b0f9953SJens Wiklander * the TEE shuts down. 627*4b0f9953SJens Wiklander */ 628*4b0f9953SJens Wiklander 629*4b0f9953SJens Wiklander #endif /*TEE_INTERNAL_API_H*/ 630