Gitiles
Code Review Sign In
192.168.1.100 / T108 / 41f65e67393adc65e024efffac65f99a369de4e1 / . / mbtk / include / ql_v2 / ql_tee_service.h
blob: 7b724c1ee7eb1af99018d67f6f3e480fe71766bc [file] [log] [blame]
#ifndef QL_TEE_SERVICE_H
#define QL_TEE_SERVICE_H
#include <stdint.h>
#include <stddef.h>
#include <stdbool.h>
#ifdef __cplusplus
extern "C"
{
#endif // __cplusplus
#define SINGLE_OBJ_MAX_SIZE (512 * 1024)
#define OPERATION_BUF_MAX_SIZE 4096
typedef enum {
QL_TEE_OK = 0,
QL_KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = -1,
QL_KM_ERROR_UNSUPPORTED_PURPOSE = -2,
QL_KM_ERROR_INCOMPATIBLE_PURPOSE = -3,
QL_KM_ERROR_UNSUPPORTED_ALGORITHM = -4,
QL_KM_ERROR_INCOMPATIBLE_ALGORITHM = -5,
QL_KM_ERROR_UNSUPPORTED_KEY_SIZE = -6,
QL_KM_ERROR_UNSUPPORTED_BLOCK_MODE = -7,
QL_KM_ERROR_INCOMPATIBLE_BLOCK_MODE = -8,
QL_KM_ERROR_UNSUPPORTED_MAC_LENGTH = -9,
QL_KM_ERROR_UNSUPPORTED_PADDING_MODE = -10,
QL_KM_ERROR_INCOMPATIBLE_PADDING_MODE = -11,
QL_KM_ERROR_UNSUPPORTED_DIGEST = -12,
QL_KM_ERROR_INCOMPATIBLE_DIGEST = -13,
QL_KM_ERROR_INVALID_EXPIRATION_TIME = -14,
QL_KM_ERROR_INVALID_USER_ID = -15,
QL_KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT = -16,
QL_KM_ERROR_UNSUPPORTED_KEY_FORMAT = -17,
QL_KM_ERROR_INCOMPATIBLE_KEY_FORMAT = -18,
QL_KM_ERROR_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = -19, /* For PKCS8 & PKCS12 */
QL_KM_ERROR_UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = -20, /* For PKCS8 & PKCS12 */
QL_KM_ERROR_INVALID_INPUT_LENGTH = -21,
QL_KM_ERROR_KEY_EXPORT_OPTIONS_INVALID = -22,
QL_KM_ERROR_DELEGATION_NOT_ALLOWED = -23,
QL_KM_ERROR_KEY_NOT_YET_VALID = -24,
QL_KM_ERROR_KEY_EXPIRED = -25,
QL_KM_ERROR_KEY_USER_NOT_AUTHENTICATED = -26,
QL_KM_ERROR_OUTPUT_PARAMETER_NULL = -27,
QL_KM_ERROR_INVALID_OPERATION_HANDLE = -28,
QL_KM_ERROR_INSUFFICIENT_BUFFER_SPACE = -29,
QL_KM_ERROR_VERIFICATION_FAILED = -30,
QL_KM_ERROR_TOO_MANY_OPERATIONS = -31,
QL_KM_ERROR_UNEXPECTED_NULL_POINTER = -32,
QL_KM_ERROR_INVALID_KEY_BLOB = -33,
QL_KM_ERROR_IMPORTED_KEY_NOT_ENCRYPTED = -34,
QL_KM_ERROR_IMPORTED_KEY_DECRYPTION_FAILED = -35,
QL_KM_ERROR_IMPORTED_KEY_NOT_SIGNED = -36,
QL_KM_ERROR_IMPORTED_KEY_VERIFICATION_FAILED = -37,
QL_KM_ERROR_INVALID_ARGUMENT = -38,
QL_KM_ERROR_UNSUPPORTED_TAG = -39,
QL_KM_ERROR_INVALID_TAG = -40,
QL_KM_ERROR_MEMORY_ALLOCATION_FAILED = -41,
QL_KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44,
QL_KM_ERROR_SECURE_HW_ACCESS_DENIED = -45,
QL_KM_ERROR_OPERATION_CANCELLED = -46,
QL_KM_ERROR_CONCURRENT_ACCESS_CONFLICT = -47,
QL_KM_ERROR_SECURE_HW_BUSY = -48,
QL_KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = -49,
QL_KM_ERROR_UNSUPPORTED_EC_FIELD = -50,
QL_KM_ERROR_MISSING_NONCE = -51,
QL_KM_ERROR_INVALID_NONCE = -52,
QL_KM_ERROR_MISSING_MAC_LENGTH = -53,
QL_KM_ERROR_KEY_RATE_LIMIT_EXCEEDED = -54,
QL_KM_ERROR_CALLER_NONCE_PROHIBITED = -55,
QL_KM_ERROR_KEY_MAX_OPS_EXCEEDED = -56,
QL_KM_ERROR_INVALID_MAC_LENGTH = -57,
QL_KM_ERROR_MISSING_MIN_MAC_LENGTH = -58,
QL_KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH = -59,
QL_KM_ERROR_UNSUPPORTED_KDF = -60,
QL_KM_ERROR_UNSUPPORTED_EC_CURVE = -61,
QL_KM_ERROR_KEY_REQUIRES_UPGRADE = -62,
QL_KM_ERROR_ATTESTATION_CHALLENGE_MISSING = -63,
QL_KM_ERROR_KEYMASTER_NOT_CONFIGURED = -64,
QL_KM_ERROR_ATTESTATION_APPLICATION_ID_MISSING = -65,
QL_KM_ERROR_UNIMPLEMENTED = -100,
QL_KM_ERROR_VERSION_MISMATCH = -101,
QL_KM_ERROR_UNKNOWN_ERROR = -1000,
QL_SS_ERROR_GENERIC = -200,
QL_SS_ERROR_ACCESS_DENIED = -201,
QL_SS_ERROR_CANCEL = -202,
QL_SS_ERROR_ACCESS_CONFLICT = -203,
QL_SS_ERROR_EXCESS_DATA = -204,
QL_SS_ERROR_BAD_FORMAT = -205,
QL_SS_ERROR_BAD_PARAMETERS = -206,
QL_SS_ERROR_BAD_STATE = -207,
QL_SS_ERROR_ITEM_NOT_FOUND = -208,
QL_SS_ERROR_NOT_IMPLEMENTED = -209,
QL_SS_ERROR_NOT_SUPPORTED = -210,
QL_SS_ERROR_NO_DATA = -211,
QL_SS_ERROR_OUT_OF_MEMORY = -212,
QL_SS_ERROR_BUSY = -213,
QL_SS_ERROR_COMMUNICATION = -214,
QL_SS_ERROR_SECURITY = -215,
QL_SS_ERROR_SHORT_BUFFER = -216,
QL_SS_ERROR_EXTERNAL_CANCEL = -217,
QL_SS_ERROR_TARGET_DEAD = -2000,
QL_SS_ERROR_UNKNOWN_ERROR = -2001,
} ql_tee_error_t;
typedef enum {
QL_SS_SEEK_SET = 0,
QL_SS_SEEK_CUR = 1,
QL_SS_SEEK_END = 2
} ql_ss_whence_t;
typedef enum {
QL_KM_ALGO_RSA = 1,
QL_KM_ALGO_EC = 3,
QL_KM_ALGO_AES = 32,
} ql_km_algo_t;
typedef enum {
QL_KM_MODE_ECB = 1,
QL_KM_MODE_CBC = 2,
QL_KM_MODE_CTR = 3,
QL_KM_MODE_GCM = 32,
} ql_km_aes_mode_t;
typedef enum {
QL_KM_PAD_RSA_NONE = 1,
QL_KM_PAD_RSA_OAEP = 2,
QL_KM_PAD_RSA_PSS = 3,
QL_KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4,
QL_KM_PAD_RSA_PKCS1_1_5_SIGN = 5,
} ql_km_rsa_padding_t;
typedef enum {
QL_KM_DIGEST_NONE = 0,
QL_KM_DIGEST_MD5 = 1,
QL_KM_DIGEST_SHA1 = 2,
QL_KM_DIGEST_SHA_2_224 = 3,
QL_KM_DIGEST_SHA_2_256 = 4,
QL_KM_DIGEST_SHA_2_384 = 5,
QL_KM_DIGEST_SHA_2_512 = 6,
} ql_km_digest_t;
typedef enum {
QL_KM_EC_CURVE_P_224 = 0,
QL_KM_EC_CURVE_P_256 = 1,
QL_KM_EC_CURVE_P_384 = 2,
QL_KM_EC_CURVE_P_521 = 3,
} ql_km_ec_curve_t;
typedef enum {
QL_KM_PURPOSE_ENCRYPT = 0, /* Usable with RSA, EC and AES keys. */
QL_KM_PURPOSE_DECRYPT = 1, /* Usable with RSA, EC and AES keys. */
QL_KM_PURPOSE_SIGN = 2, /* Usable with RSA, EC keys. */
QL_KM_PURPOSE_VERIFY = 3, /* Usable with RSA, EC keys. */
} ql_km_purpose_t;
typedef struct {
uint8_t *key_blob;
uint32_t key_blob_size;
} ql_km_key_t;
typedef struct {
ql_km_algo_t algo;
union {
struct {
ql_km_aes_mode_t mode;
uint32_t bits;
uint32_t min_mac_len;
} aes_args;
struct {
uint64_t exponent;
uint32_t bits;
} rsa_args;
struct {
ql_km_ec_curve_t curve;
} ec_args;
};
} ql_km_key_args_t;
typedef struct {
uint8_t *data;
uint32_t data_size;
} ql_km_blob_t;
typedef struct {
ql_km_algo_t algo;
ql_km_purpose_t purpose;
uint64_t handle;
} ql_km_operation_handle_t;
typedef struct {
ql_km_algo_t algo;
ql_km_purpose_t purpose;
union {
struct {
ql_km_aes_mode_t mode;
ql_km_blob_t iv;
} aes_args;
struct {
ql_km_rsa_padding_t padding;
ql_km_digest_t digest;
} rsa_args;
};
} ql_km_operation_args_t;
/*
* Secure Storage APIs
*/
ql_tee_error_t ql_ss_initialize();
void ql_ss_deinitialize();
ql_tee_error_t ql_ss_open(const void *id, uint32_t id_size, uint32_t *object);
ql_tee_error_t ql_ss_create(const void *id, uint32_t id_size,
void *data, uint32_t data_size,
uint32_t *object, bool overwrite);
ql_tee_error_t ql_ss_close(uint32_t object);
ql_tee_error_t ql_ss_read(uint32_t object, void *data, uint32_t data_size, uint32_t *count);
ql_tee_error_t ql_ss_write(uint32_t object, void *data, uint32_t data_size);
ql_tee_error_t ql_ss_seek(uint32_t object, int32_t offset, ql_ss_whence_t whence);
ql_tee_error_t ql_ss_unlink(uint32_t object);
ql_tee_error_t ql_ss_trunc(uint32_t object, uint32_t len);
ql_tee_error_t ql_ss_rename(uint32_t object, const void *id, uint32_t id_size);
ql_tee_error_t ql_ss_get_info(uint32_t object, uint32_t *obj_size, uint32_t *cur_pos);
/*
* Key Master APIs
*/
ql_tee_error_t ql_km_initialize();
void ql_km_deinitialize();
ql_tee_error_t ql_km_gen_key(const ql_km_key_args_t *key_args, ql_km_key_t *key);
ql_tee_error_t ql_km_import_key(const ql_km_key_args_t *key_args, const ql_km_blob_t *rawkey, ql_km_key_t *key);
ql_tee_error_t ql_km_destroy_key(ql_km_key_t *key);
ql_tee_error_t ql_km_destroy_blob(ql_km_blob_t *blob);
ql_tee_error_t ql_km_operation_begin(const ql_km_key_t *key,
ql_km_operation_args_t *op_args,
ql_km_operation_handle_t *op_handle);
ql_tee_error_t ql_km_operation_update(ql_km_operation_handle_t *op_handle,
uint8_t *input, uint32_t input_size,
ql_km_blob_t *output, uint32_t *consumed);
/*
* ql_tee_error_t ql_km_operation_finish(ql_km_operation_handle_t *op_handle,
* uint8_t *input, uint32_t input_size,
* ql_km_blob_t *output);
*
* ql_tee_error_t ql_km_operation_finish(ql_km_operation_handle_t *op_handle,
* uint8_t *input, uint32_t input_size,
* ql_km_blob_t *output, uint8_t *signature, uint32_t sig_size);
*
*/
ql_tee_error_t ql_km_operation_finish(ql_km_operation_handle_t *op_handle,
uint8_t *input, uint32_t input_size,
ql_km_blob_t *output, ...);
ql_tee_error_t ql_km_export_key(ql_km_key_t *keypair, ql_km_blob_t *pubkey);
ql_tee_error_t ql_km_get_key_algo(ql_km_key_t *keyblob, ql_km_algo_t *algo);
#ifdef __cplusplus
} /* extern "C" */
#endif /* __cplusplus */
#endif /* QL_TEE_SERVICE_H */