Gitiles
Code Review Sign In
192.168.1.100 / T108 / 41f65e67393adc65e024efffac65f99a369de4e1 / . / mbtk / include / ql_v2 / ql_tee_service.h
blob: 7b724c1ee7eb1af99018d67f6f3e480fe71766bc [file] [log] [blame]
b.liub17525e2025-05-14 17:22:29 +0800[diff] [blame]1#ifndef QL_TEE_SERVICE_H
2#define QL_TEE_SERVICE_H
3
4#include <stdint.h>
5#include <stddef.h>
6#include <stdbool.h>
7
8#ifdef __cplusplus
9extern "C"
10{
11#endif // __cplusplus
12
13
14#define SINGLE_OBJ_MAX_SIZE (512 * 1024)
15#define OPERATION_BUF_MAX_SIZE 4096
16
17
18typedef enum {
19 QL_TEE_OK = 0,
20
21 QL_KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = -1,
22 QL_KM_ERROR_UNSUPPORTED_PURPOSE = -2,
23 QL_KM_ERROR_INCOMPATIBLE_PURPOSE = -3,
24 QL_KM_ERROR_UNSUPPORTED_ALGORITHM = -4,
25 QL_KM_ERROR_INCOMPATIBLE_ALGORITHM = -5,
26 QL_KM_ERROR_UNSUPPORTED_KEY_SIZE = -6,
27 QL_KM_ERROR_UNSUPPORTED_BLOCK_MODE = -7,
28 QL_KM_ERROR_INCOMPATIBLE_BLOCK_MODE = -8,
29 QL_KM_ERROR_UNSUPPORTED_MAC_LENGTH = -9,
30 QL_KM_ERROR_UNSUPPORTED_PADDING_MODE = -10,
31 QL_KM_ERROR_INCOMPATIBLE_PADDING_MODE = -11,
32 QL_KM_ERROR_UNSUPPORTED_DIGEST = -12,
33 QL_KM_ERROR_INCOMPATIBLE_DIGEST = -13,
34 QL_KM_ERROR_INVALID_EXPIRATION_TIME = -14,
35 QL_KM_ERROR_INVALID_USER_ID = -15,
36 QL_KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT = -16,
37 QL_KM_ERROR_UNSUPPORTED_KEY_FORMAT = -17,
38 QL_KM_ERROR_INCOMPATIBLE_KEY_FORMAT = -18,
39 QL_KM_ERROR_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = -19, /* For PKCS8 & PKCS12 */
40 QL_KM_ERROR_UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = -20, /* For PKCS8 & PKCS12 */
41 QL_KM_ERROR_INVALID_INPUT_LENGTH = -21,
42 QL_KM_ERROR_KEY_EXPORT_OPTIONS_INVALID = -22,
43 QL_KM_ERROR_DELEGATION_NOT_ALLOWED = -23,
44 QL_KM_ERROR_KEY_NOT_YET_VALID = -24,
45 QL_KM_ERROR_KEY_EXPIRED = -25,
46 QL_KM_ERROR_KEY_USER_NOT_AUTHENTICATED = -26,
47 QL_KM_ERROR_OUTPUT_PARAMETER_NULL = -27,
48 QL_KM_ERROR_INVALID_OPERATION_HANDLE = -28,
49 QL_KM_ERROR_INSUFFICIENT_BUFFER_SPACE = -29,
50 QL_KM_ERROR_VERIFICATION_FAILED = -30,
51 QL_KM_ERROR_TOO_MANY_OPERATIONS = -31,
52 QL_KM_ERROR_UNEXPECTED_NULL_POINTER = -32,
53 QL_KM_ERROR_INVALID_KEY_BLOB = -33,
54 QL_KM_ERROR_IMPORTED_KEY_NOT_ENCRYPTED = -34,
55 QL_KM_ERROR_IMPORTED_KEY_DECRYPTION_FAILED = -35,
56 QL_KM_ERROR_IMPORTED_KEY_NOT_SIGNED = -36,
57 QL_KM_ERROR_IMPORTED_KEY_VERIFICATION_FAILED = -37,
58 QL_KM_ERROR_INVALID_ARGUMENT = -38,
59 QL_KM_ERROR_UNSUPPORTED_TAG = -39,
60 QL_KM_ERROR_INVALID_TAG = -40,
61 QL_KM_ERROR_MEMORY_ALLOCATION_FAILED = -41,
62 QL_KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44,
63 QL_KM_ERROR_SECURE_HW_ACCESS_DENIED = -45,
64 QL_KM_ERROR_OPERATION_CANCELLED = -46,
65 QL_KM_ERROR_CONCURRENT_ACCESS_CONFLICT = -47,
66 QL_KM_ERROR_SECURE_HW_BUSY = -48,
67 QL_KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = -49,
68 QL_KM_ERROR_UNSUPPORTED_EC_FIELD = -50,
69 QL_KM_ERROR_MISSING_NONCE = -51,
70 QL_KM_ERROR_INVALID_NONCE = -52,
71 QL_KM_ERROR_MISSING_MAC_LENGTH = -53,
72 QL_KM_ERROR_KEY_RATE_LIMIT_EXCEEDED = -54,
73 QL_KM_ERROR_CALLER_NONCE_PROHIBITED = -55,
74 QL_KM_ERROR_KEY_MAX_OPS_EXCEEDED = -56,
75 QL_KM_ERROR_INVALID_MAC_LENGTH = -57,
76 QL_KM_ERROR_MISSING_MIN_MAC_LENGTH = -58,
77 QL_KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH = -59,
78 QL_KM_ERROR_UNSUPPORTED_KDF = -60,
79 QL_KM_ERROR_UNSUPPORTED_EC_CURVE = -61,
80 QL_KM_ERROR_KEY_REQUIRES_UPGRADE = -62,
81 QL_KM_ERROR_ATTESTATION_CHALLENGE_MISSING = -63,
82 QL_KM_ERROR_KEYMASTER_NOT_CONFIGURED = -64,
83 QL_KM_ERROR_ATTESTATION_APPLICATION_ID_MISSING = -65,
84
85 QL_KM_ERROR_UNIMPLEMENTED = -100,
86 QL_KM_ERROR_VERSION_MISMATCH = -101,
87
88 QL_KM_ERROR_UNKNOWN_ERROR = -1000,
89
90 QL_SS_ERROR_GENERIC = -200,
91 QL_SS_ERROR_ACCESS_DENIED = -201,
92 QL_SS_ERROR_CANCEL = -202,
93 QL_SS_ERROR_ACCESS_CONFLICT = -203,
94 QL_SS_ERROR_EXCESS_DATA = -204,
95 QL_SS_ERROR_BAD_FORMAT = -205,
96 QL_SS_ERROR_BAD_PARAMETERS = -206,
97 QL_SS_ERROR_BAD_STATE = -207,
98 QL_SS_ERROR_ITEM_NOT_FOUND = -208,
99 QL_SS_ERROR_NOT_IMPLEMENTED = -209,
100 QL_SS_ERROR_NOT_SUPPORTED = -210,
101 QL_SS_ERROR_NO_DATA = -211,
102 QL_SS_ERROR_OUT_OF_MEMORY = -212,
103 QL_SS_ERROR_BUSY = -213,
104 QL_SS_ERROR_COMMUNICATION = -214,
105 QL_SS_ERROR_SECURITY = -215,
106 QL_SS_ERROR_SHORT_BUFFER = -216,
107 QL_SS_ERROR_EXTERNAL_CANCEL = -217,
108
109 QL_SS_ERROR_TARGET_DEAD = -2000,
110 QL_SS_ERROR_UNKNOWN_ERROR = -2001,
111} ql_tee_error_t;
112
113
114typedef enum {
115 QL_SS_SEEK_SET = 0,
116 QL_SS_SEEK_CUR = 1,
117 QL_SS_SEEK_END = 2
118} ql_ss_whence_t;
119
120
121
122typedef enum {
123 QL_KM_ALGO_RSA = 1,
124 QL_KM_ALGO_EC = 3,
125 QL_KM_ALGO_AES = 32,
126} ql_km_algo_t;
127
128typedef enum {
129 QL_KM_MODE_ECB = 1,
130 QL_KM_MODE_CBC = 2,
131 QL_KM_MODE_CTR = 3,
132 QL_KM_MODE_GCM = 32,
133} ql_km_aes_mode_t;
134
135
136typedef enum {
137 QL_KM_PAD_RSA_NONE = 1,
138 QL_KM_PAD_RSA_OAEP = 2,
139 QL_KM_PAD_RSA_PSS = 3,
140 QL_KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4,
141 QL_KM_PAD_RSA_PKCS1_1_5_SIGN = 5,
142} ql_km_rsa_padding_t;
143
144
145typedef enum {
146 QL_KM_DIGEST_NONE = 0,
147 QL_KM_DIGEST_MD5 = 1,
148 QL_KM_DIGEST_SHA1 = 2,
149 QL_KM_DIGEST_SHA_2_224 = 3,
150 QL_KM_DIGEST_SHA_2_256 = 4,
151 QL_KM_DIGEST_SHA_2_384 = 5,
152 QL_KM_DIGEST_SHA_2_512 = 6,
153} ql_km_digest_t;
154
155
156typedef enum {
157 QL_KM_EC_CURVE_P_224 = 0,
158 QL_KM_EC_CURVE_P_256 = 1,
159 QL_KM_EC_CURVE_P_384 = 2,
160 QL_KM_EC_CURVE_P_521 = 3,
161} ql_km_ec_curve_t;
162
163
164typedef enum {
165 QL_KM_PURPOSE_ENCRYPT = 0, /* Usable with RSA, EC and AES keys. */
166 QL_KM_PURPOSE_DECRYPT = 1, /* Usable with RSA, EC and AES keys. */
167 QL_KM_PURPOSE_SIGN = 2, /* Usable with RSA, EC keys. */
168 QL_KM_PURPOSE_VERIFY = 3, /* Usable with RSA, EC keys. */
169} ql_km_purpose_t;
170
171
172typedef struct {
173 uint8_t *key_blob;
174 uint32_t key_blob_size;
175} ql_km_key_t;
176
177
178typedef struct {
179 ql_km_algo_t algo;
180 union {
181 struct {
182 ql_km_aes_mode_t mode;
183 uint32_t bits;
184 uint32_t min_mac_len;
185 } aes_args;
186 struct {
187 uint64_t exponent;
188 uint32_t bits;
189 } rsa_args;
190 struct {
191 ql_km_ec_curve_t curve;
192 } ec_args;
193 };
194} ql_km_key_args_t;
195
196
197typedef struct {
198 uint8_t *data;
199 uint32_t data_size;
200} ql_km_blob_t;
201
202
203typedef struct {
204 ql_km_algo_t algo;
205 ql_km_purpose_t purpose;
206 uint64_t handle;
207} ql_km_operation_handle_t;
208
209
210typedef struct {
211 ql_km_algo_t algo;
212 ql_km_purpose_t purpose;
213 union {
214 struct {
215 ql_km_aes_mode_t mode;
216 ql_km_blob_t iv;
217 } aes_args;
218 struct {
219 ql_km_rsa_padding_t padding;
220 ql_km_digest_t digest;
221 } rsa_args;
222 };
223} ql_km_operation_args_t;
224
225
226/*
227 * Secure Storage APIs
228 */
229ql_tee_error_t ql_ss_initialize();
230
231void ql_ss_deinitialize();
232
233ql_tee_error_t ql_ss_open(const void *id, uint32_t id_size, uint32_t *object);
234
235ql_tee_error_t ql_ss_create(const void *id, uint32_t id_size,
236 void *data, uint32_t data_size,
237 uint32_t *object, bool overwrite);
238
239ql_tee_error_t ql_ss_close(uint32_t object);
240
241ql_tee_error_t ql_ss_read(uint32_t object, void *data, uint32_t data_size, uint32_t *count);
242
243ql_tee_error_t ql_ss_write(uint32_t object, void *data, uint32_t data_size);
244
245ql_tee_error_t ql_ss_seek(uint32_t object, int32_t offset, ql_ss_whence_t whence);
246
247ql_tee_error_t ql_ss_unlink(uint32_t object);
248
249ql_tee_error_t ql_ss_trunc(uint32_t object, uint32_t len);
250
251ql_tee_error_t ql_ss_rename(uint32_t object, const void *id, uint32_t id_size);
252
253ql_tee_error_t ql_ss_get_info(uint32_t object, uint32_t *obj_size, uint32_t *cur_pos);
254
255
256/*
257 * Key Master APIs
258 */
259
260ql_tee_error_t ql_km_initialize();
261
262void ql_km_deinitialize();
263
264ql_tee_error_t ql_km_gen_key(const ql_km_key_args_t *key_args, ql_km_key_t *key);
265
266ql_tee_error_t ql_km_import_key(const ql_km_key_args_t *key_args, const ql_km_blob_t *rawkey, ql_km_key_t *key);
267
268ql_tee_error_t ql_km_destroy_key(ql_km_key_t *key);
269
270ql_tee_error_t ql_km_destroy_blob(ql_km_blob_t *blob);
271
272ql_tee_error_t ql_km_operation_begin(const ql_km_key_t *key,
273 ql_km_operation_args_t *op_args,
274 ql_km_operation_handle_t *op_handle);
275
276
277ql_tee_error_t ql_km_operation_update(ql_km_operation_handle_t *op_handle,
278 uint8_t *input, uint32_t input_size,
279 ql_km_blob_t *output, uint32_t *consumed);
280
281/*
282 * ql_tee_error_t ql_km_operation_finish(ql_km_operation_handle_t *op_handle,
283 * uint8_t *input, uint32_t input_size,
284 * ql_km_blob_t *output);
285 *
286 * ql_tee_error_t ql_km_operation_finish(ql_km_operation_handle_t *op_handle,
287 * uint8_t *input, uint32_t input_size,
288 * ql_km_blob_t *output, uint8_t *signature, uint32_t sig_size);
289 *
290 */
291ql_tee_error_t ql_km_operation_finish(ql_km_operation_handle_t *op_handle,
292 uint8_t *input, uint32_t input_size,
293 ql_km_blob_t *output, ...);
294
295
296ql_tee_error_t ql_km_export_key(ql_km_key_t *keypair, ql_km_blob_t *pubkey);
297
298
299ql_tee_error_t ql_km_get_key_algo(ql_km_key_t *keyblob, ql_km_algo_t *algo);
300
301
302#ifdef __cplusplus
303} /* extern "C" */
304#endif /* __cplusplus */
305
306#endif /* QL_TEE_SERVICE_H */