| /* |
| * Copyright (c) 2013-2018,2020-2022 TRUSTONIC LIMITED |
| * All rights reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions are met: |
| * |
| * 1. Redistributions of source code must retain the above copyright notice, |
| * this list of conditions and the following disclaimer. |
| * |
| * 2. Redistributions in binary form must reproduce the above copyright |
| * notice, this list of conditions and the following disclaimer in the |
| * documentation and/or other materials provided with the distribution. |
| * |
| * 3. Neither the name of the TRUSTONIC LIMITED nor the names of its |
| * contributors may be used to endorse or promote products derived from |
| * this software without specific prior written permission. |
| * |
| * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
| * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR |
| * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
| * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
| * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
| * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
| * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
| * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| */ |
| |
| #ifndef TLCTEEKEYMINT_IF_H |
| #define TLCTEEKEYMINT_IF_H |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| |
| #include <stdint.h> |
| #include <stdbool.h> |
| #include "MobiCoreDriverApi.h" |
| #include "TAKeymint_Api.h" |
| |
| typedef void *TEE_SessionHandle; |
| |
| struct operation { |
| /* I'm indexing these based on the handles chosen by the TA. The |
| * specification says that they must be unpredictable (maybe they're |
| * published beyond our process?) and I don't want that responsibility |
| * here. While the number of concurrent operations is small, we can just |
| * do a linear search. |
| */ |
| keymaster_operation_handle_t handle; |
| bool live; |
| keymaster_algorithm_t algorithm; |
| size_t final_length; |
| }; |
| |
| /** |
| * Map a buffer. |
| */ |
| keymaster_error_t map_buffer( |
| mcSessionHandle_t* session_handle, |
| const uint8_t *buf, uint32_t buflen, |
| mcBulkMap_t *bufinfo); |
| |
| /** |
| * Unmap a buffer. |
| */ |
| void unmap_buffer( |
| mcSessionHandle_t* session_handle, |
| const uint8_t *buf, |
| mcBulkMap_t *bufinfo); |
| |
| /** |
| * Notify the trusted application and wait for response. |
| */ |
| keymaster_error_t transact( |
| mcSessionHandle_t* session_handle, |
| tciMessage_ptr tci); |
| |
| struct TEE_Session { |
| tciMessage_ptr pTci; |
| mcSessionHandle_t sessionHandle; |
| struct operation op[MAX_OPERATION_NUM]; |
| unsigned live_ops; |
| }; |
| |
| /** |
| * Open session to the TEE Keymint trusted application |
| * |
| * @param pSessionHandle [out] Return pointer to the session handle |
| * |
| * @return Zero, or negative @c errno value |
| */ |
| int TEE_Open( |
| TEE_SessionHandle *sessionHandle); |
| |
| /** |
| * Close session to the TEE Keymint trusted application |
| * |
| * @param sessionHandle [in] Session handle |
| */ |
| void TEE_Close( |
| TEE_SessionHandle sessionHandle); |
| |
| keymaster_error_t TEE_Configure( |
| TEE_SessionHandle session_handle, |
| const keymaster_key_param_set_t* params); |
| |
| keymaster_error_t TEE_AddRngEntropy( |
| TEE_SessionHandle session_handle, |
| const uint8_t* data, |
| uint32_t dataLength); |
| |
| keymaster_error_t TEE_GenerateAndAttestKey( |
| TEE_SessionHandle session_handle, |
| const keymaster_key_param_set_t* params, |
| const keymaster_key_blob_t* attest_key_blob, |
| const keymaster_key_param_set_t* attest_params, |
| const keymaster_blob_t* attest_issuer_blob, |
| keymaster_key_blob_t* key_blob, |
| keymaster_key_characteristics_t* characteristics, |
| keymaster_cert_chain_t* cert_chain); |
| |
| keymaster_error_t TEE_GetKeyCharacteristics( |
| TEE_SessionHandle session_handle, |
| const keymaster_key_blob_t* key_blob, |
| const keymaster_blob_t* client_id, |
| const keymaster_blob_t* app_data, |
| keymaster_key_characteristics_t* characteristics); |
| |
| keymaster_error_t TEE_ImportAndAttestKey( |
| TEE_SessionHandle session_handle, |
| const keymaster_key_param_set_t* params, |
| keymaster_key_format_t key_format, |
| const keymaster_blob_t* key_data, |
| const keymaster_key_blob_t* attest_key_blob, |
| const keymaster_key_param_set_t* attest_params, |
| const keymaster_blob_t* attest_issuer_blob, |
| keymaster_key_blob_t* key_blob, |
| keymaster_key_characteristics_t* characteristics, |
| keymaster_cert_chain_t* cert_chain); |
| |
| keymaster_error_t TEE_ExportKey( |
| TEE_SessionHandle session_handle, |
| keymaster_key_format_t export_format, |
| const keymaster_key_blob_t* key_to_export, |
| const keymaster_blob_t* client_id, |
| const keymaster_blob_t* app_data, |
| keymaster_blob_t* export_data); |
| |
| keymaster_error_t TEE_UpgradeKey( |
| TEE_SessionHandle session_handle, |
| const keymaster_key_blob_t* key_to_upgrade, |
| const keymaster_key_param_set_t* upgrade_params, |
| keymaster_key_blob_t* upgraded_key); |
| |
| keymaster_error_t TEE_DeleteKey( |
| TEE_SessionHandle session_handle, |
| const keymaster_key_blob_t* key_to_delete); |
| |
| keymaster_error_t TEE_DeleteAllKeys( |
| TEE_SessionHandle session_handle); |
| |
| keymaster_error_t TEE_Begin( |
| TEE_SessionHandle session_handle, |
| keymaster_purpose_t purpose, |
| const keymaster_key_blob_t* key, |
| const keymaster_key_param_set_t* params, |
| const keymaster_hw_auth_token_t *auth_token, |
| keymaster_key_param_set_t* out_params, |
| keymaster_operation_handle_t* operation_handle); |
| |
| keymaster_error_t TEE_Update( |
| TEE_SessionHandle session_handle, |
| keymaster_operation_handle_t operation_handle, |
| const keymaster_blob_t* input, |
| const keymaster_hw_auth_token_t *auth_token, |
| size_t* input_consumed, |
| keymaster_blob_t* output); |
| |
| keymaster_error_t TEE_Finish( |
| TEE_SessionHandle session_handle, |
| keymaster_operation_handle_t operation_handle, |
| const keymaster_blob_t* input, |
| const keymaster_blob_t* signature, |
| const keymaster_hw_auth_token_t *auth_token, |
| keymaster_blob_t* output); |
| |
| keymaster_error_t TEE_Abort( |
| TEE_SessionHandle session_handle, |
| keymaster_operation_handle_t operation_handle); |
| |
| keymaster_error_t TEE_ImportWrappedKey( |
| TEE_SessionHandle session_handle, |
| const keymaster_blob_t* wrapped_key_data, |
| const keymaster_key_blob_t* wrapping_key_blob, |
| const uint8_t* masking_key, |
| const keymaster_key_param_set_t* unwrapping_params, |
| uint64_t password_sid, |
| uint64_t biometric_sid, |
| keymaster_key_blob_t* key_blob, |
| keymaster_key_characteristics_t* key_characteristics, |
| keymaster_cert_chain_t* cert_chain); |
| |
| keymaster_error_t TEE_GetHmacSharingParameters( |
| TEE_SessionHandle session_handle, |
| keymaster_hmac_sharing_parameters_t* out_params); |
| |
| keymaster_error_t TEE_ComputeSharedMac( |
| TEE_SessionHandle session_handle, |
| const keymaster_hmac_sharing_parameters_set_t* sharing_params, |
| keymaster_blob_t *sharing_check); |
| |
| keymaster_error_t TEE_GenerateTimestamp( |
| TEE_SessionHandle session_handle, |
| keymaster_timestamp_token_t* timestamp_token); |
| |
| keymaster_error_t TEE_DestroyAttestationIds( |
| TEE_SessionHandle session_handle); |
| |
| keymaster_error_t TEE_EarlyBootEnded( |
| TEE_SessionHandle session_handle); |
| |
| keymaster_error_t TEE_DeviceLocked( |
| TEE_SessionHandle session_handle, |
| bool password_only); |
| |
| keymaster_error_t TEE_UnwrapAesStorageKey( |
| TEE_SessionHandle session_handle, |
| const keymaster_blob_t* wrapped_key_data); |
| |
| keymaster_error_t TEE_UpdateAad( |
| TEE_SessionHandle session_handle, |
| keymaster_operation_handle_t operation_handle, |
| const keymaster_blob_t* aad, |
| const keymaster_hw_auth_token_t *auth_token); |
| |
| keymaster_error_t TEE_GenerateEcdsaP256Key( |
| TEE_SessionHandle session_handle, |
| bool test_mode, |
| keymaster_blob_t *maced_public_key_blob, |
| keymaster_key_blob_t *private_key_handle_blob); |
| |
| keymaster_error_t TEE_GenerateCertificateRequest( |
| TEE_SessionHandle session_handle, |
| bool test_mode, |
| const keymaster_blob_t keys_to_sign[], |
| size_t nb_keys_to_sign, |
| const keymaster_blob_t *endpoint_enc_cert_chain, |
| const keymaster_blob_t *challenge_blob, |
| keymaster_blob_t *device_info, |
| keymaster_blob_t *protected_data, |
| keymaster_blob_t *keys_to_sign_mac); |
| |
| keymaster_error_t TEE_GetRootOfTrust( |
| TEE_SessionHandle session_handle, |
| const uint8_t challenge[16], |
| keymaster_blob_t *rot_blob); |
| |
| #ifdef __cplusplus |
| } |
| #endif |
| |
| #endif /* TLCTEEKEYMINT_IF_H */ |