1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (c) 2014-2021, Linaro Limited 4 * Copyright (c) 2021, SumUp Services GmbH 5 */ 6 7 #ifndef TEE_API_DEFINES_EXTENSIONS_H 8 #define TEE_API_DEFINES_EXTENSIONS_H 9 10 /* 11 * API extended result codes as per TEE_Result IDs defined in GPD TEE 12 * Internal Core API specification v1.1: 13 * 14 * 0x70000000 - 0x7FFFFFFF: Reserved for implementation-specific return 15 * code providing non-error information 16 * 0x80000000 - 0x8FFFFFFF: Reserved for implementation-specific errors 17 * 18 * TEE_ERROR_DEFER_DRIVER_INIT - Device driver failed to initialize because 19 * the driver depends on a device not yet initialized. 20 */ 21 #define TEE_ERROR_DEFER_DRIVER_INIT 0x80000000 22 23 /* 24 * HMAC-based Extract-and-Expand Key Derivation Function (HKDF) 25 */ 26 27 #define TEE_ALG_HKDF_MD5_DERIVE_KEY 0x800010C0 28 #define TEE_ALG_HKDF_SHA1_DERIVE_KEY 0x800020C0 29 #define TEE_ALG_HKDF_SHA224_DERIVE_KEY 0x800030C0 30 #define TEE_ALG_HKDF_SHA256_DERIVE_KEY 0x800040C0 31 #define TEE_ALG_HKDF_SHA384_DERIVE_KEY 0x800050C0 32 #define TEE_ALG_HKDF_SHA512_DERIVE_KEY 0x800060C0 33 34 #define TEE_TYPE_HKDF_IKM 0xA10000C0 35 36 #define TEE_ATTR_HKDF_IKM 0xC00001C0 37 #define TEE_ATTR_HKDF_SALT 0xD00002C0 38 #define TEE_ATTR_HKDF_INFO 0xD00003C0 39 #define TEE_ATTR_HKDF_OKM_LENGTH 0xF00004C0 40 41 /* 42 * Concatenation Key Derivation Function (Concat KDF) 43 * NIST SP 800-56A section 5.8.1 44 */ 45 46 #define TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY 0x800020C1 47 #define TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY 0x800030C1 48 #define TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY 0x800040C1 49 #define TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY 0x800050C1 50 #define TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY 0x800060C1 51 52 #define TEE_TYPE_CONCAT_KDF_Z 0xA10000C1 53 54 #define TEE_ATTR_CONCAT_KDF_Z 0xC00001C1 55 #define TEE_ATTR_CONCAT_KDF_OTHER_INFO 0xD00002C1 56 #define TEE_ATTR_CONCAT_KDF_DKM_LENGTH 0xF00003C1 57 58 /* 59 * PKCS #5 v2.0 Key Derivation Function 2 (PBKDF2) 60 * RFC 2898 section 5.2 61 * https://www.ietf.org/rfc/rfc2898.txt 62 */ 63 64 #define TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY 0x800020C2 65 66 #define TEE_TYPE_PBKDF2_PASSWORD 0xA10000C2 67 68 #define TEE_ATTR_PBKDF2_PASSWORD 0xC00001C2 69 #define TEE_ATTR_PBKDF2_SALT 0xD00002C2 70 #define TEE_ATTR_PBKDF2_ITERATION_COUNT 0xF00003C2 71 #define TEE_ATTR_PBKDF2_DKM_LENGTH 0xF00004C2 72 73 /* 74 * PKCS#1 v1.5 RSASSA pre-hashed sign/verify 75 */ 76 77 #define TEE_ALG_RSASSA_PKCS1_V1_5 0xF0000830 78 79 /* 80 * TDEA CMAC (NIST SP800-38B) 81 */ 82 #define TEE_ALG_DES3_CMAC 0xF0000613 83 84 /* 85 * Implementation-specific object storage constants 86 */ 87 88 /* Storage is provided by the Rich Execution Environment (REE) */ 89 #define TEE_STORAGE_PRIVATE_REE 0x80000000 90 /* Storage is the Replay Protected Memory Block partition of an eMMC device */ 91 #define TEE_STORAGE_PRIVATE_RPMB 0x80000100 92 /* Was TEE_STORAGE_PRIVATE_SQL, which isn't supported any longer */ 93 #define TEE_STORAGE_PRIVATE_SQL_RESERVED 0x80000200 94 95 /* 96 * Extension of "Memory Access Rights Constants" 97 * #define TEE_MEMORY_ACCESS_READ 0x00000001 98 * #define TEE_MEMORY_ACCESS_WRITE 0x00000002 99 * #define TEE_MEMORY_ACCESS_ANY_OWNER 0x00000004 100 * 101 * TEE_MEMORY_ACCESS_NONSECURE : if set TEE_CheckMemoryAccessRights() 102 * successfully returns only if target vmem range is mapped non-secure. 103 * 104 * TEE_MEMORY_ACCESS_SECURE : if set TEE_CheckMemoryAccessRights() 105 * successfully returns only if target vmem range is mapped secure. 106 107 */ 108 #define TEE_MEMORY_ACCESS_NONSECURE 0x10000000 109 #define TEE_MEMORY_ACCESS_SECURE 0x20000000 110 111 /* 112 * Implementation-specific login types 113 */ 114 115 /* Private login method for REE kernel clients */ 116 #define TEE_LOGIN_REE_KERNEL 0x80000000 117 118 #endif /* TEE_API_DEFINES_EXTENSIONS_H */ 119