1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2021, Foundries.io
4  * Jorge Ramirez-Ortiz <jorge@foundries.io>
5  */
6 
7 #ifndef SE_TEE_H
8 #define SE_TEE_H
9 
10 #include <unistd.h>
11 
12 #ifdef __cplusplus
13 extern "C" {
14 #endif
15 
16 typedef unsigned long SE_ULONG;
17 typedef SE_ULONG SE_RV;
18 
19 /* Values for type SR_RV */
20 #define SER_OK					0x0000
21 #define SER_CANT_OPEN_SESSION			0x0001
22 #define SER_ERROR_GENERIC			0x0002
23 
24 /*
25  * Type identifier for the APDU message as described by Smart Card Standard ISO7816-4
26  * about ADPU message bodies decoding convention:
27  *
28  * https://cardwerk.com/smart-card-standard-iso7816-4-section-5-basic-organizations/#chap5_3_2
29  */
30 enum se_apdu_type {
31 	SE_APDU_NO_HINT,
32 	SE_APDU_CASE_1,
33 	SE_APDU_CASE_2,
34 	SE_APDU_CASE_2E,
35 	SE_APDU_CASE_3,
36 	SE_APDU_CASE_3E,
37 	SE_APDU_CASE_4,
38 	SE_APDU_CASE_4E,
39 };
40 
41 /**
42  * se_apdu_request() - Send an APDU message and get response.
43  *
44  * @param type		Type of the APDU command.
45  * @param hdr		Pointer to APDU message header.
46  * @param hdr_len	Byte length of message header @hdr.
47  * @param src		Pointer to APDU message payload.
48  * @param src_len	Byte length of message payload @src.
49  * @param dst		Pointer to APDU message reponse buffer.
50  * @param dst_len	Byte length of reponse buffer @dst.
51  *
52  * @return SER_CANT_OPEN_SESSION	Error opening the TEE session.
53  * @return SER_ERROR_GENERIC		Error unspecified.
54  * @return SER_OK			On success.
55  */
56 SE_RV se_apdu_request(enum se_apdu_type type,
57 		    unsigned char *hdr, size_t hdr_len,
58 		    unsigned char *src, size_t src_len,
59 		    unsigned char *dst, size_t *dst_len);
60 
61 /**
62  * se_scp03_enable() - Enable the SCP03 protocol using the keys active in the
63  * Secure Element.
64  *
65  * Enables the SCP03 session with the Secure Element.
66  *
67  * @return SER_CANT_OPEN_SESSION	Error opening the TEE session.
68  * @return SER_ERROR_GENERIC		Error unspecified.
69  * @return SER_OK			On success.
70  */
71 SE_RV se_scp03_enable(void);
72 
73 /**
74  * se_scp03_rotate_keys_and_enable() - Attempt to replace the active SCP03 keys
75  * and enable the SCP03 session.
76  *
77  * Generates secure keys for the board and writes them in the Secure Element non
78  * volatile memory. Then re-enables the session.
79  *
80  * @return SER_CANT_OPEN_SESSION	Error opening the TEE session.
81  * @return SER_ERROR_GENERIC		Error unspecified.
82  * @return SER_OK			On success.
83  */
84 SE_RV se_scp03_rotate_keys_and_enable(void);
85 
86 #ifdef __cplusplus
87 }
88 #endif
89 
90 #endif /*SE_TEE_H*/
91