1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2014-2021, Linaro Limited
4  * Copyright (c) 2021, SumUp Services GmbH
5  */
6 
7 #ifndef TEE_API_DEFINES_EXTENSIONS_H
8 #define TEE_API_DEFINES_EXTENSIONS_H
9 
10 /*
11  * RSA signatures with MD5 hash
12  * Values prefixed with vendor ID bit31 with by TEE bitfields IDs
13  */
14 #define TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5       0xF0111930
15 #define TEE_ALG_RSAES_PKCS1_OAEP_MGF1_MD5       0xF0110230
16 
17 /*
18  * API extended result codes as per TEE_Result IDs defined in GPD TEE
19  * Internal Core API specification v1.1:
20  *
21  * 0x70000000 - 0x7FFFFFFF: Reserved for implementation-specific return
22  *			    code providing non-error information
23  * 0x80000000 - 0x8FFFFFFF: Reserved for implementation-specific errors
24  *
25  * TEE_ERROR_DEFER_DRIVER_INIT - Device driver failed to initialize because
26  * the driver depends on a device not yet initialized.
27  */
28 #define TEE_ERROR_DEFER_DRIVER_INIT	0x80000000
29 
30 /*
31  * TEE_ERROR_NODE_DISABLED - Device driver failed to initialize because it is
32  * not allocated for TEE environment.
33  */
34 #define TEE_ERROR_NODE_DISABLED		0x80000001
35 
36 /*
37  * HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
38  */
39 
40 #define TEE_ALG_HKDF_MD5_DERIVE_KEY     0x800010C0
41 #define TEE_ALG_HKDF_SHA1_DERIVE_KEY    0x800020C0
42 #define TEE_ALG_HKDF_SHA224_DERIVE_KEY  0x800030C0
43 #define TEE_ALG_HKDF_SHA256_DERIVE_KEY  0x800040C0
44 #define TEE_ALG_HKDF_SHA384_DERIVE_KEY  0x800050C0
45 #define TEE_ALG_HKDF_SHA512_DERIVE_KEY  0x800060C0
46 
47 #define TEE_TYPE_HKDF_IKM               0xA10000C0
48 
49 #define TEE_ATTR_HKDF_IKM               0xC00001C0
50 /*
51  * There is a name clash with the  official attributes TEE_ATTR_HKDF_SALT
52  * and TEE_ATTR_HKDF_INFO so define these alternative ID.
53  */
54 #define __OPTEE_TEE_ATTR_HKDF_SALT      0xD00002C0
55 #define __OPTEE_ATTR_HKDF_INFO          0xD00003C0
56 #define TEE_ATTR_HKDF_OKM_LENGTH        0xF00004C0
57 
58 /*
59  * Concatenation Key Derivation Function (Concat KDF)
60  * NIST SP 800-56A section 5.8.1
61  */
62 
63 #define TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY    0x800020C1
64 #define TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY  0x800030C1
65 #define TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY  0x800040C1
66 #define TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY  0x800050C1
67 #define TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY  0x800060C1
68 
69 #define TEE_TYPE_CONCAT_KDF_Z                 0xA10000C1
70 
71 #define TEE_ATTR_CONCAT_KDF_Z                 0xC00001C1
72 #define TEE_ATTR_CONCAT_KDF_OTHER_INFO        0xD00002C1
73 #define TEE_ATTR_CONCAT_KDF_DKM_LENGTH        0xF00003C1
74 
75 /*
76  * PKCS #5 v2.0 Key Derivation Function 2 (PBKDF2)
77  * RFC 2898 section 5.2
78  * https://www.ietf.org/rfc/rfc2898.txt
79  */
80 
81 #define TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY 0x800020C2
82 
83 #define TEE_TYPE_PBKDF2_PASSWORD            0xA10000C2
84 
85 #define TEE_ATTR_PBKDF2_PASSWORD            0xC00001C2
86 #define TEE_ATTR_PBKDF2_SALT                0xD00002C2
87 #define TEE_ATTR_PBKDF2_ITERATION_COUNT     0xF00003C2
88 #define TEE_ATTR_PBKDF2_DKM_LENGTH          0xF00004C2
89 
90 /*
91  * PKCS#1 v1.5 RSASSA pre-hashed sign/verify
92  */
93 
94 #define TEE_ALG_RSASSA_PKCS1_V1_5	0xF0000830
95 
96 /*
97  *  TDEA CMAC (NIST SP800-38B)
98  */
99 #define TEE_ALG_DES3_CMAC	0xF0000613
100 
101 /*
102  *  SM4-XTS
103  */
104 #define TEE_ALG_SM4_XTS 0xF0000414
105 
106 /*
107  * Implementation-specific object storage constants
108  */
109 
110 /* Storage is provided by the Rich Execution Environment (REE) */
111 #define TEE_STORAGE_PRIVATE_REE	 0x80000000
112 /* Storage is the Replay Protected Memory Block partition of an eMMC device */
113 #define TEE_STORAGE_PRIVATE_RPMB 0x80000100
114 /* Was TEE_STORAGE_PRIVATE_SQL, which isn't supported any longer */
115 #define TEE_STORAGE_PRIVATE_SQL_RESERVED  0x80000200
116 
117 /*
118  * Extension of "Memory Access Rights Constants"
119  * #define TEE_MEMORY_ACCESS_READ             0x00000001
120  * #define TEE_MEMORY_ACCESS_WRITE            0x00000002
121  * #define TEE_MEMORY_ACCESS_ANY_OWNER        0x00000004
122  *
123  * TEE_MEMORY_ACCESS_NONSECURE : if set TEE_CheckMemoryAccessRights()
124  * successfully returns only if target vmem range is mapped non-secure.
125  *
126  * TEE_MEMORY_ACCESS_SECURE : if set TEE_CheckMemoryAccessRights()
127  * successfully returns only if target vmem range is mapped secure.
128 
129  */
130 #define TEE_MEMORY_ACCESS_NONSECURE          0x10000000
131 #define TEE_MEMORY_ACCESS_SECURE             0x20000000
132 
133 /*
134  * Implementation-specific login types
135  */
136 
137 /* Private login method for REE kernel clients */
138 #define TEE_LOGIN_REE_KERNEL		0x80000000
139 
140 #endif /* TEE_API_DEFINES_EXTENSIONS_H */
141