xref: /optee_os/ta/pkcs11/include/pkcs11_ta.h (revision f5a70e3efb80be4b9bff2c9c811ddc139058e05a) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2018-2020, Linaro Limited
4  */
5 
6 #ifndef PKCS11_TA_H
7 #define PKCS11_TA_H
8 
9 #include <stdbool.h>
10 #include <stdint.h>
11 
12 #define PKCS11_TA_UUID { 0xfd02c9da, 0x306c, 0x48c7, \
13 			 { 0xa4, 0x9c, 0xbb, 0xd8, 0x27, 0xae, 0x86, 0xee } }
14 
15 /* PKCS11 trusted application version information */
16 #define PKCS11_TA_VERSION_MAJOR			0
17 #define PKCS11_TA_VERSION_MINOR			1
18 #define PKCS11_TA_VERSION_PATCH			0
19 
20 /* Attribute specific values */
21 #define PKCS11_UNAVAILABLE_INFORMATION		UINT32_C(0xFFFFFFFF)
22 #define PKCS11_UNDEFINED_ID			PKCS11_UNAVAILABLE_INFORMATION
23 #define PKCS11_FALSE				false
24 #define PKCS11_TRUE				true
25 
26 /*
27  * Note on PKCS#11 TA commands ABI
28  *
29  * For evolution of the TA API and to not mess with the GPD TEE 4 parameters
30  * constraint, all the PKCS11 TA invocation commands use a subset of available
31  * the GPD TEE invocation parameter types.
32  *
33  * Param#0 is used for the so-called control arguments of the invoked command
34  * and for providing a PKCS#11 compliant status code for the request command.
35  * Param#0 is an in/out memory reference (aka memref[0]). The input buffer
36  * stores serialized arguments for the command. The output buffer store the
37  * 32bit TA return code for the command. As a consequence, param#0 shall
38  * always be an input/output memory reference of at least 32bit, more if
39  * the command expects more input arguments.
40  *
41  * When the TA returns with TEE_SUCCESS result, client shall always get the
42  * 32bit value stored in param#0 output buffer and use the value as TA
43  * return code for the invoked command.
44  *
45  * Param#1 can be used for input data arguments of the invoked command.
46  * It is unused or is a input memory reference, aka memref[1].
47  * Evolution of the API may use memref[1] for output data as well.
48  *
49  * Param#2 is mostly used for output data arguments of the invoked command
50  * and for output handles generated from invoked commands.
51  * Few commands uses it for a secondary input data buffer argument.
52  * It is unused or is a input/output/in-out memory reference, aka memref[2].
53  *
54  * Param#3 is currently unused and reserved for evolution of the API.
55  */
56 
57 /*
58  * PKCS11_CMD_PING		Acknowledge TA presence and return version info
59  *
60  * [in]         memref[0] = 32bit, unused, must be 0
61  * [out]        memref[0] = 32bit return code, enum pkcs11_rc
62  * [out]        memref[2] = [
63  *                      32bit version major value,
64  *                      32bit version minor value
65  *                      32bit version patch value
66  *              ]
67  */
68 #define PKCS11_CMD_PING				0
69 
70 /*
71  * Command return codes
72  * PKCS11_<x> relates CryptoKi client API CKR_<x>
73  */
74 enum pkcs11_rc {
75 	PKCS11_CKR_OK				= 0,
76 	PKCS11_CKR_CANCEL			= 0x0001,
77 	PKCS11_CKR_SLOT_ID_INVALID		= 0x0003,
78 	PKCS11_CKR_GENERAL_ERROR		= 0x0005,
79 	PKCS11_CKR_FUNCTION_FAILED		= 0x0006,
80 	PKCS11_CKR_ARGUMENTS_BAD		= 0x0007,
81 	PKCS11_CKR_ATTRIBUTE_READ_ONLY		= 0x0010,
82 	PKCS11_CKR_ATTRIBUTE_SENSITIVE		= 0x0011,
83 	PKCS11_CKR_ATTRIBUTE_TYPE_INVALID	= 0x0012,
84 	PKCS11_CKR_ATTRIBUTE_VALUE_INVALID	= 0x0013,
85 	PKCS11_CKR_ACTION_PROHIBITED		= 0x001b,
86 	PKCS11_CKR_DATA_INVALID			= 0x0020,
87 	PKCS11_CKR_DATA_LEN_RANGE		= 0x0021,
88 	PKCS11_CKR_DEVICE_ERROR			= 0x0030,
89 	PKCS11_CKR_DEVICE_MEMORY		= 0x0031,
90 	PKCS11_CKR_DEVICE_REMOVED		= 0x0032,
91 	PKCS11_CKR_ENCRYPTED_DATA_INVALID	= 0x0040,
92 	PKCS11_CKR_ENCRYPTED_DATA_LEN_RANGE	= 0x0041,
93 	PKCS11_CKR_KEY_HANDLE_INVALID		= 0x0060,
94 	PKCS11_CKR_KEY_SIZE_RANGE		= 0x0062,
95 	PKCS11_CKR_KEY_TYPE_INCONSISTENT	= 0x0063,
96 	PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED	= 0x0068,
97 	PKCS11_CKR_KEY_NOT_WRAPPABLE		= 0x0069,
98 	PKCS11_CKR_KEY_UNEXTRACTABLE		= 0x006a,
99 	PKCS11_CKR_MECHANISM_INVALID		= 0x0070,
100 	PKCS11_CKR_MECHANISM_PARAM_INVALID	= 0x0071,
101 	PKCS11_CKR_OBJECT_HANDLE_INVALID	= 0x0082,
102 	PKCS11_CKR_OPERATION_ACTIVE		= 0x0090,
103 	PKCS11_CKR_OPERATION_NOT_INITIALIZED	= 0x0091,
104 	PKCS11_CKR_PIN_INCORRECT		= 0x00a0,
105 	PKCS11_CKR_PIN_INVALID			= 0x00a1,
106 	PKCS11_CKR_PIN_LEN_RANGE		= 0x00a2,
107 	PKCS11_CKR_PIN_EXPIRED			= 0x00a3,
108 	PKCS11_CKR_PIN_LOCKED			= 0x00a4,
109 	PKCS11_CKR_SESSION_CLOSED		= 0x00b0,
110 	PKCS11_CKR_SESSION_COUNT		= 0x00b1,
111 	PKCS11_CKR_SESSION_HANDLE_INVALID	= 0x00b3,
112 	PKCS11_CKR_SESSION_READ_ONLY		= 0x00b5,
113 	PKCS11_CKR_SESSION_EXISTS		= 0x00b6,
114 	PKCS11_CKR_SESSION_READ_ONLY_EXISTS	= 0x00b7,
115 	PKCS11_CKR_SESSION_READ_WRITE_SO_EXISTS	= 0x00b8,
116 	PKCS11_CKR_SIGNATURE_INVALID		= 0x00c0,
117 	PKCS11_CKR_SIGNATURE_LEN_RANGE		= 0x00c1,
118 	PKCS11_CKR_TEMPLATE_INCOMPLETE		= 0x00d0,
119 	PKCS11_CKR_TEMPLATE_INCONSISTENT	= 0x00d1,
120 	PKCS11_CKR_TOKEN_NOT_PRESENT		= 0x00e0,
121 	PKCS11_CKR_TOKEN_NOT_RECOGNIZED		= 0x00e1,
122 	PKCS11_CKR_TOKEN_WRITE_PROTECTED	= 0x00e2,
123 	PKCS11_CKR_USER_ALREADY_LOGGED_IN	= 0x0100,
124 	PKCS11_CKR_USER_NOT_LOGGED_IN		= 0x0101,
125 	PKCS11_CKR_USER_PIN_NOT_INITIALIZED	= 0x0102,
126 	PKCS11_CKR_USER_TYPE_INVALID		= 0x0103,
127 	PKCS11_CKR_USER_ANOTHER_ALREADY_LOGGED_IN = 0x0104,
128 	PKCS11_CKR_USER_TOO_MANY_TYPES		= 0x0105,
129 	PKCS11_CKR_DOMAIN_PARAMS_INVALID	= 0x0130,
130 	PKCS11_CKR_CURVE_NOT_SUPPORTED		= 0x0140,
131 	PKCS11_CKR_BUFFER_TOO_SMALL		= 0x0150,
132 	PKCS11_CKR_SAVED_STATE_INVALID		= 0x0160,
133 	PKCS11_CKR_INFORMATION_SENSITIVE	= 0x0170,
134 	PKCS11_CKR_STATE_UNSAVEABLE		= 0x0180,
135 	PKCS11_CKR_PIN_TOO_WEAK			= 0x01b8,
136 	PKCS11_CKR_PUBLIC_KEY_INVALID		= 0x01b9,
137 	PKCS11_CKR_FUNCTION_REJECTED		= 0x0200,
138 	/* Vendor specific IDs not returned to client */
139 	PKCS11_RV_NOT_FOUND			= 0x80000000,
140 	PKCS11_RV_NOT_IMPLEMENTED		= 0x80000001,
141 };
142 #endif /*PKCS11_TA_H*/
143