1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 * All rights reserved. 5 */ 6 7 #ifndef TA_CRYPT_H 8 #define TA_CRYPT_H 9 10 /* This UUID is generated with the ITU-T UUID generator at 11 http://www.itu.int/ITU-T/asn1/uuid.html */ 12 #define TA_CRYPT_UUID { 0xcb3e5ba0, 0xadf1, 0x11e0, \ 13 { 0x99, 0x8b, 0x00, 0x02, 0xa5, 0xd5, 0xc5, 0x1b } } 14 15 #define TA_CRYPT_CMD_SHA224 1 16 #define TA_CRYPT_CMD_SHA256 2 17 #define TA_CRYPT_CMD_AES256ECB_ENC 3 18 #define TA_CRYPT_CMD_AES256ECB_DEC 4 19 20 /* 21 * TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 22 * uint32_t algorithm, uint32_t mode, uint32_t maxKeySize); 23 * in/out params[0].value.a = operation 24 * in/out params[0].value.b = algorithm 25 * in params[1].value.a = mode 26 * in params[2].value.b = maxKeySize 27 */ 28 #define TA_CRYPT_CMD_ALLOCATE_OPERATION 5 29 30 /* 31 * void TEE_FreeOperation(TEE_OperationHandle operation); 32 * in params[0].value.a = operation 33 */ 34 #define TA_CRYPT_CMD_FREE_OPERATION 6 35 36 /* 37 * void TEE_GetOperationInfo(TEE_OperationHandle operation, 38 * TEE_OperationInfo* operationInfo); 39 * in params[0].value.a = operation 40 * out params[1].memref = operationInfo 41 */ 42 #define TA_CRYPT_CMD_GET_OPERATION_INFO 7 43 44 /* 45 * void TEE_ResetOperation(TEE_OperationHandle operation); 46 * in params[0].value.a = operation 47 */ 48 #define TA_CRYPT_CMD_RESET_OPERATION 8 49 50 /* 51 * TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 52 * TEE_ObjectHandle key); 53 * in params[0].value.a = operation 54 * in params[0].value.b = key 55 */ 56 #define TA_CRYPT_CMD_SET_OPERATION_KEY 9 57 58 /* 59 * TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 60 * TEE_ObjectHandle key1, TEE_ObjectHandle key2); 61 * in params[0].value.a = operation 62 * in params[0].value.b = key1 63 * in params[0].value.a = key2 64 */ 65 #define TA_CRYPT_CMD_SET_OPERATION_KEY2 10 66 67 /* 68 * void TEE_CopyOperation(TEE_OperationHandle dstOperation, 69 * TEE_OperationHandle srcOperation); 70 * in params[0].value.a = dstOperation 71 * in params[0].value.b = srcOperation 72 */ 73 #define TA_CRYPT_CMD_COPY_OPERATION 11 74 75 /* 76 * void TEE_DigestUpdate(TEE_OperationHandle operation, 77 * void *chunk, size_t chunkSize); 78 * in params[0].value.a = operation 79 * in params[1].memref = chunk 80 */ 81 #define TA_CRYPT_CMD_DIGEST_UPDATE 12 82 83 /* 84 * TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, 85 * const void *chunk, size_t chunkLen, 86 * void *hash, size_t *hashLen); 87 * in params[0].value.a = operation 88 * in params[1].memref = chunk 89 * out params[2].memref = hash 90 */ 91 #define TA_CRYPT_CMD_DIGEST_DO_FINAL 13 92 93 /* 94 * void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 95 * size_t IVLen); 96 * in params[0].value.a = operation 97 * in params[1].memref = IV 98 */ 99 #define TA_CRYPT_CMD_CIPHER_INIT 14 100 101 /* 102 * TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, 103 * const void *srcData, size_t srcLen, 104 * void *destData, size_t *destLen); 105 * in params[0].value.a = operation 106 * in params[1].memref = srcData 107 * out params[2].memref = dstData 108 */ 109 #define TA_CRYPT_CMD_CIPHER_UPDATE 15 110 111 /* 112 * TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 113 * const void *srcData, size_t srcLen, 114 * void *destData, size_t *destLen); 115 * in params[0].value.a = operation 116 * in params[1].memref = srcData 117 * out params[2].memref = destData 118 */ 119 #define TA_CRYPT_CMD_CIPHER_DO_FINAL 16 120 121 /* 122 * void TEE_MACInit(TEE_OperationHandle operation, 123 * const void *IV, size_t IVLen); 124 * in params[0].value.a = operation 125 * in params[1].memref = IV 126 */ 127 #define TA_CRYPT_CMD_MAC_INIT 17 128 129 /* 130 * void TEE_MACUpdate(TEE_OperationHandle operation, 131 * const void *chunk, size_t chunkSize); 132 * in params[0].value.a = operation 133 * in params[1].memref = chunk 134 */ 135 #define TA_CRYPT_CMD_MAC_UPDATE 18 136 137 /* 138 * TEE_Result TEE_MACFinalCompute(TEE_OperationHandle operation, 139 * const void *message, size_t messageLen, 140 * void *mac, size_t *macLen); 141 * in params[0].value.a = operation 142 * in params[1].memref = message 143 * out params[2].memref = mac 144 */ 145 #define TA_CRYPT_CMD_MAC_FINAL_COMPUTE 19 146 147 /* 148 * TEE_Result TEE_MACFinalCompare(TEE_OperationHandle operation, 149 * const void *message, size_t messageLen, 150 * const void *mac, size_t *macLen); 151 * in params[0].value.a = operation 152 * in params[1].memref = message 153 * in params[2].memref = mac 154 */ 155 #define TA_CRYPT_CMD_MAC_FINAL_COMPARE 20 156 157 /* 158 * TEE_Result TEE_AllocateTransientObject(TEE_ObjectType objectType, 159 * uint32_t maxObjectSize, TEE_ObjectHandle* object); 160 * in params[0].value.a = objectType 161 * in params[0].value.b = maxObjectSize 162 * out params[1].value.a = object; 163 */ 164 #define TA_CRYPT_CMD_ALLOCATE_TRANSIENT_OBJECT 21 165 166 /* 167 * void TEE_FreeTransientObject(TEE_ObjectHandle object); 168 * in params[0].value.a = object 169 */ 170 #define TA_CRYPT_CMD_FREE_TRANSIENT_OBJECT 22 171 172 /* 173 * void TEE_ResetTransientObject(TEE_ObjectHandle object); 174 * in params[0].value.a = object 175 */ 176 #define TA_CRYPT_CMD_RESET_TRANSIENT_OBJECT 23 177 178 /* 179 * TEE_Result TEE_PopulateTransientObject(TEE_ObjectHandle object, 180 * TEE_Attribute *attrs, uint32_t attrCount); 181 * in params[0].value.a = object 182 * in params[1].memref = attrs 183 */ 184 #define TA_CRYPT_CMD_POPULATE_TRANSIENT_OBJECT 24 185 186 /* 187 * void TEE_CopyObjectAttributes(TEE_ObjectHandle destObject, 188 * TEE_ObjectHandle srcObject); 189 * in params[0].value.a = destObject 190 * in params[0].value.b = srcObject 191 */ 192 #define TA_CRYPT_CMD_COPY_OBJECT_ATTRIBUTES 25 193 194 /* 195 * TEE_Result TEE_GenerateKey(TEE_ObjectHandle object, uint32_t keySize, 196 * TEE_Attribute *params, uint32_t paramCount); 197 * in params[0].value.a = object 198 * in params[0].value.b = keySize 199 * in params[1].memref = params 200 */ 201 #define TA_CRYPT_CMD_GENERATE_KEY 26 202 203 /* 204 * TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 205 * const TEE_Attribute *params, uint32_t paramCount, 206 * const void *srcData, size_t srcLen, void *destData, 207 * size_t *destLen); 208 * in params[0].value.a = operation 209 * in params[1].memref = params 210 * in params[2].memref = srcData 211 * out params[3].memref = destData 212 */ 213 #define TA_CRYPT_CMD_ASYMMETRIC_ENCRYPT 27 214 215 /* 216 * TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 217 * const TEE_Attribute *params, uint32_t paramCount, 218 * const void *srcData, size_t srcLen, void *destData, 219 * size_t *destLen) 220 * in params[0].value.a = operation 221 * in params[1].memref = params 222 * in params[2].memref = srcData 223 * out params[3].memref = destData 224 */ 225 #define TA_CRYPT_CMD_ASYMMETRIC_DECRYPT 28 226 227 /* 228 * TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 229 * const TEE_Attribute *params, uint32_t paramCount, 230 * const void *digest, size_t digestLen, void *signature, 231 * size_t *signatureLen) 232 * in params[0].value.a = operation 233 * in params[1].memref = params 234 * in params[2].memref = digest 235 * out params[3].memref = signature 236 */ 237 #define TA_CRYPT_CMD_ASYMMETRIC_SIGN_DIGEST 29 238 239 /* 240 * TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 241 * const TEE_Attribute *params, uint32_t paramCount, 242 * const void *digest, size_t digestLen, const void *signature, 243 * size_t signatureLen) 244 * in params[0].value.a = operation 245 * in params[1].memref = params 246 * in params[2].memref = digest 247 * in params[3].memref = signature 248 */ 249 #define TA_CRYPT_CMD_ASYMMETRIC_VERIFY_DIGEST 30 250 251 /* 252 * void TEE_DeriveKey(TEE_OperationHandle operation, 253 * const TEE_Attribute *params, uint32_t paramCount, 254 * TEE_ObjectHandle derivedKey) 255 * in params[0].value.a = operation 256 * in params[1].memref = params 257 * in params[0].value.b = derivedKey 258 */ 259 #define TA_CRYPT_CMD_DERIVE_KEY 31 260 261 /* 262 * void TEE_RandomNumberGenerate(void *randomBuffer, size_t randomBufferLen); 263 * out params[0].memref = randomBuffer 264 */ 265 #define TA_CRYPT_CMD_RANDOM_NUMBER_GENERATE 32 266 267 /* 268 * TEE_Result TEE_AEInit(TEE_OperationHandle operation, 269 * const void* nonce, size_t nonceLen, 270 * uint32_t tagLen, uint32_t AADLen, uint32_t payloadLen); 271 * in params[0].value.a = operation 272 * in params[1].memref = nonce 273 * in params[0].value.b = tagLen 274 * in params[2].value.a = AADLen 275 * in params[2].value.b = payloadLen 276 */ 277 #define TA_CRYPT_CMD_AE_INIT 33 278 279 /* 280 * void TEE_AEUpdateAAD(TEE_OperationHandle operation, 281 * void* AADdata, size_t AADdataLen); 282 * in params[0].value.a = operation 283 * in params[1].memref = AADdata 284 */ 285 #define TA_CRYPT_CMD_AE_UPDATE_AAD 34 286 287 /* 288 * TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, 289 * const void* srcData, size_t srcLen, 290 * void* destData, size_t *destLen); 291 * in params[0].value.a = operation 292 * in params[1].memref = srcData 293 * out params[2].memref = destData 294 */ 295 #define TA_CRYPT_CMD_AE_UPDATE 35 296 297 /* 298 * TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 299 * const void* srcData, size_t srcLen, 300 * void* destData, size_t* destLen, 301 * void* tag, size_t* tagLen); 302 * in params[0].value[0].a = operation 303 * in params[1].memref = srcData 304 * out params[2].memref = destData 305 * out params[3].memref = tag 306 */ 307 #define TA_CRYPT_CMD_AE_ENCRYPT_FINAL 36 308 309 /* 310 * TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 311 * const void* srcData, size_t srcLen, 312 * void* destData, size_t *destLen, 313 * const void* tag, size_t tagLen); 314 * in params[0].value.a = operation 315 * in params[1].memref = srcData 316 * out params[2].memref = destData 317 * in params[3].memref = tag 318 */ 319 #define TA_CRYPT_CMD_AE_DECRYPT_FINAL 37 320 321 /* 322 * TEE_Result TEE_GetObjectBufferAttribute(TEE_ObjectHandle object, 323 * uint32_t attributeID, void* buffer, size_t* size); 324 * in params[0].value.a = object 325 * in params[0].value.b = attributeID 326 * out params[1].memrefs = buffer 327 */ 328 #define TA_CRYPT_CMD_GET_OBJECT_BUFFER_ATTRIBUTE 38 329 330 /* 331 * TEE_Result TEE_GetObjectValueAttribute(TEE_ObjectHandle object, 332 * uint32_t attributeID, void* buffer, size_t* size); 333 * in params[0].value.a = object 334 * in params[0].value.b = attributeID 335 * out params[1].value.a = value a 336 * out params[1].value.b = value b 337 */ 338 #define TA_CRYPT_CMD_GET_OBJECT_VALUE_ATTRIBUTE 39 339 340 /* To set or get a global value */ 341 #define TA_CRYPT_CMD_SETGLOBAL 40 342 #define TA_CRYPT_CMD_GETGLOBAL 41 343 344 /* If mbedtls is compiled with MBEDTLS_SELF_TEST, run the self tests */ 345 #define TA_CRYPT_CMD_MBEDTLS_SELF_TESTS 42 346 347 /* 348 * in params[0].memref = cert-chain 349 * in params[1].memref = trust-anchor-cert 350 */ 351 #define TA_CRYPT_CMD_MBEDTLS_CHECK_CERT 43 352 353 /* 354 * in params[0].memref = Certificate request in PKCS#10 format 355 * out params[1].memref = Signed certificate in X.509 format 356 * out params[2].memref = Certificate chain 357 */ 358 #define TA_CRYPT_CMD_MBEDTLS_SIGN_CERT 44 359 360 /* 361 * system pTA is used for adding entropy to RNG pool */ 362 #define TA_CRYPT_CMD_SEED_RNG_POOL 45 363 364 /* 365 * Testing arithmetical interface. 366 * 367 * Coding of signed 32-bit values: 368 * a int32_t with its bit pattern stored in a 32-bit value 369 */ 370 371 #define TA_CRYPT_ARITH_INVALID_HANDLE 0xffffffff 372 373 /* 374 * in params[0].value.a: Number of bits 375 * out params[1].value.b: Handle to bignum variable 376 */ 377 #define TA_CRYPT_CMD_ARITH_NEW_VAR 46 378 379 /* 380 * in params[0].value.a: Number of bits 381 * in params[0].value.b: Handle to bignum variable modulus 382 * out params[1].value.a: Handle to FMM context 383 */ 384 #define TA_CRYPT_CMD_ARITH_NEW_FMM_CTX 47 385 386 /* 387 * in params[0].value.a: Number of bits 388 * out params[1].value.a: Handle to FMM variable 389 */ 390 #define TA_CRYPT_CMD_ARITH_NEW_FMM_VAR 48 391 392 /* 393 * in params[0].value.a: Handle to bignum variable, FMM context, or 394 * FMM variable 395 */ 396 #define TA_CRYPT_CMD_ARITH_FREE_HANDLE 49 397 398 399 /* 400 * in params[0].value.a: Handle to bignum variable 401 * in params[0].value.b: S32 representing the sign of the value 402 * in params[1].memref: octet string representing the value 403 */ 404 #define TA_CRYPT_CMD_ARITH_FROM_OCTET_STRING 50 405 406 /* 407 * in params[0].value.a: Handle to bignum variable 408 * in params[0].value.b: S32 representing the value 409 */ 410 #define TA_CRYPT_CMD_ARITH_FROM_S32 51 411 412 /* 413 * in params[0].value.a: Handle to bignum variable 414 * out params[1].value.a: S32 representing the sign of the value 415 * out params[2].memref: octet string representing the value 416 */ 417 #define TA_CRYPT_CMD_ARITH_GET_VALUE 52 418 419 /* 420 * in params[0].value.a: Handle to bignum variable 421 * out params[1].value.a: S32 the value 422 */ 423 #define TA_CRYPT_CMD_ARITH_GET_VALUE_S32 53 424 425 /* 426 * in params[0].value.a: Handle to bignum variable 427 * in params[0].value.b: Bit number 428 * out params[1].value.a: Bit value 429 */ 430 #define TA_CRYPT_CMD_ARITH_GET_BIT 54 431 432 /* 433 * in params[0].value.a: Handle to bignum variable 434 * out params[1].value.a: Bit count 435 */ 436 #define TA_CRYPT_CMD_ARITH_GET_BIT_COUNT 55 437 438 /* 439 * in params[0].value.a: handle op 440 * in params[0].value.b: number of bits 441 * in params[1].value.a: handle result 442 */ 443 #define TA_CRYPT_CMD_ARITH_SHIFT_RIGHT 56 444 445 /* 446 * in params[0].value.a: handle op1 447 * in params[0].value.b: handle op2 448 * out params[1].value.a: result 449 */ 450 #define TA_CRYPT_CMD_ARITH_CMP 57 451 452 /* 453 * in params[0].value.a: handle op 454 * in params[0].value.b: S32 shortVal 455 * out params[1].value.a: result 456 */ 457 #define TA_CRYPT_CMD_ARITH_CMP_S32 58 458 459 /* 460 * in params[0].value.a: handle a 461 * in params[0].value.b: handle b 462 * in params[1].value.a: handle result 463 */ 464 #define TA_CRYPT_CMD_ARITH_ADD 59 465 466 /* 467 * in params[0].value.a: handle a 468 * in params[0].value.b: handle b 469 * in params[1].value.a: handle result 470 */ 471 #define TA_CRYPT_CMD_ARITH_SUB 60 472 473 /* 474 * in params[0].value.a: handle a 475 * in params[0].value.b: handle b 476 * in params[1].value.a: handle result 477 */ 478 #define TA_CRYPT_CMD_ARITH_MUL 61 479 480 /* 481 * in params[0].value.a: handle a 482 * in params[0].value.b: handle result 483 */ 484 #define TA_CRYPT_CMD_ARITH_NEG 62 485 486 /* 487 * in params[0].value.a: handle a 488 * in params[0].value.b: handle result 489 */ 490 #define TA_CRYPT_CMD_ARITH_SQR 63 491 492 /* 493 * in params[0].value.a: handle op1 494 * in params[0].value.b: handle op2 495 * in params[1].value.a: handle result Q 496 * in params[1].value.b: handle result R 497 */ 498 #define TA_CRYPT_CMD_ARITH_DIV 64 499 500 /* 501 * in params[0].value.a: handle op 502 * in params[0].value.b: handle n 503 * in params[1].value.a: handle result 504 */ 505 #define TA_CRYPT_CMD_ARITH_MOD 65 506 507 /* 508 * in params[0].value.a: handle op1 509 * in params[0].value.b: handle op2 510 * in params[1].value.a: handle n 511 * in params[1].value.b: handle result 512 */ 513 #define TA_CRYPT_CMD_ARITH_ADDMOD 66 514 515 /* 516 * in params[0].value.a: handle op1 517 * in params[0].value.b: handle op2 518 * in params[1].value.a: handle n 519 * in params[1].value.b: handle result 520 */ 521 #define TA_CRYPT_CMD_ARITH_SUBMOD 67 522 523 /* 524 * in params[0].value.a: handle op1 525 * in params[0].value.b: handle op2 526 * in params[1].value.a: handle n 527 * in params[1].value.b: handle result 528 */ 529 #define TA_CRYPT_CMD_ARITH_MULMOD 68 530 531 /* 532 * in params[0].value.a: handle op 533 * in params[0].value.b: handle n 534 * in params[1].value.a: handle result 535 */ 536 #define TA_CRYPT_CMD_ARITH_SQRMOD 69 537 538 /* 539 * in params[0].value.a: handle op 540 * in params[0].value.b: handle n 541 * in params[1].value.a: handle result 542 */ 543 #define TA_CRYPT_CMD_ARITH_INVMOD 70 544 545 /* 546 * in params[0].value.a: handle op 547 * in params[0].value.b: handle n 548 * in params[1].value.a: bool result 549 */ 550 #define TA_CRYPT_CMD_ARITH_IS_RELATIVE_PRIME 71 551 552 /* 553 * in params[0].value.a: handle op1 554 * in params[0].value.b: handle op2 555 * in params[1].value.a: handle result u 556 * in params[1].value.b: handle result v 557 * in params[2].value.a: handle result gcd 558 */ 559 #define TA_CRYPT_CMD_ARITH_COMPUTE_EGCD 72 560 561 /* 562 * in params[0].value.a: handle op 563 * in params[0].value.b: confidence level 564 * out params[1].value.a: S32 result 565 */ 566 #define TA_CRYPT_CMD_ARITH_IS_PRIME 73 567 568 /* 569 * in params[0].value.a: handle src 570 * in params[0].value.b: handle n 571 * in params[1].value.a: handle FMM context 572 * in params[1].value.b: handle result FMM variable 573 */ 574 #define TA_CRYPT_CMD_ARITH_TO_FMM 74 575 576 /* 577 * in params[0].value.a: handle FMM src 578 * in params[0].value.b: handle bigint n 579 * in params[1].value.a: handle FMM context 580 * in params[1].value.b: handle result bigint 581 */ 582 #define TA_CRYPT_CMD_ARITH_FROM_FMM 75 583 584 /* 585 * in params[0].value.a: handle FMM op1 586 * in params[0].value.b: handle FMM op2 587 * in params[1].value.a: handle bigint n 588 * in params[1].value.b: handle FMM context 589 * in params[2].value.a: handle FMM result 590 */ 591 #define TA_CRYPT_CMD_ARITH_COMPUTE_FMM 76 592 593 /* 594 * system PTA is used for deriving device and TA unique keys. This function in 595 * the "crypt" TA is testing the key derivation. 596 */ 597 #define TA_CRYPT_CMD_DERIVE_TA_UNIQUE_KEY 77 598 599 /* 600 * system PTA is used for deriving device and TA unique keys. This function in 601 * the "crypt" TA is testing the key derivation. This function tries to derive 602 * keys by using shared memory buffers (something that shall fail). 603 * 604 * in params[0].memref.buffer Buffer for extra data 605 * in params[0].memref.size Size of extra data 606 * out params[1].memref.buffer Buffer for the derived key 607 * out params[1].memref.size Size of the derived key 608 */ 609 #define TA_CRYPT_CMD_DERIVE_TA_UNIQUE_KEY_SHM 78 610 611 /* 612 * in params[0].value.a: algorithm 613 * in params[0].value.b: element 614 * out params[1].value.a: TEE_IsAlgorithmSupported() return status 615 */ 616 #define TA_CRYPT_CMD_IS_ALGO_SUPPORTED 79 617 #endif /*TA_CRYPT_H */ 618