[GitHub/LineageOS/android_hardware_samsung_slsi_exynos5.git] / libkeymaster / tlTeeKeymaster_Api.h

/**
 * @file   tlTeeKeymaster_Api.h
 * @brief  Contains TCI command definitions and data structures
 *
 * Copyright Giesecke & Devrient GmbH 2012
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the author may not be used to endorse or promote
 *    products derived from this software without specific prior
 *    written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#ifndef __TLTEEKEYMASTERAPI_H__
#define __TLTEEKEYMASTERAPI_H__

#include "tci.h"


/**
 * Command ID's
 */
#define CMD_ID_TEE_RSA_GEN_KEY_PAIR   1
#define CMD_ID_TEE_RSA_SIGN           2
#define CMD_ID_TEE_RSA_VERIFY         3
#define CMD_ID_TEE_HMAC_GEN_KEY       4
#define CMD_ID_TEE_HMAC_SIGN          5
#define CMD_ID_TEE_HMAC_VERIFY        6
#define CMD_ID_TEE_KEY_IMPORT         7
#define CMD_ID_TEE_GET_PUB_KEY        8
/*... add more command ids when needed */


/**
 * Command message.
 *
 * @param len Length of the data to process.
 * @param data Data to be processed
 */
typedef struct {
    tciCommandHeader_t  header;     /**< Command header */
    uint32_t            len;        /**< Length of data to process */
} command_t;


/**
 * Response structure
 */
typedef struct {
    tciResponseHeader_t header;     /**< Response header */
    uint32_t            len;
} response_t;


/**
 * Generate key data
 * Response data contains generated RSA key pair data is
 * wrapped as below:
 *
 * |-- Key metadata --|-- Public key (plaintext) --|-- Private key (encrypted) --|
 */
typedef struct {
    uint32_t type;           /**< Key pair type. RSA or RSACRT */
    uint32_t keysize;        /**< Key size in bits, e.g. 1024, 2048,.. */
    uint32_t exponent;       /**< Exponent number */
    uint32_t keydata;        /**< Key data buffer passed by TLC  */
    uint32_t keydatalen;     /**< Length of key data buffer */
    uint32_t solen;          /**< Secure object length  (of key data) (provided by the trustlet)  */
} rsagenkey_t;


/**
 *  RSA sign data structure
 */
typedef struct {
    uint32_t keydata;           /**< Key data buffer */
    uint32_t keydatalen;        /**< Length of key data buffer */
    uint32_t plaindata;         /**< Plaintext data buffer */
    uint32_t plaindatalen;      /**< Length of plaintext data buffer */
    uint32_t signaturedata;     /**< Signature data buffer */
    uint32_t signaturedatalen;  /**< Length of signature data buffer */
    uint32_t algorithm;         /**< Signing algorithm */
} rsasign_t;


/**
 *  RSA signature verify data structure
 */
typedef struct {
    uint32_t keydata;           /**< Key data buffer */
    uint32_t keydatalen;        /**< Length of key data buffer */
    uint32_t plaindata;         /**< Plaintext data buffer */
    uint32_t plaindatalen;      /**< Length of plaintext data buffer */
    uint32_t signaturedata;     /**< Signature data buffer */
    uint32_t signaturedatalen;  /**< Length of signature data buffer */
    uint32_t algorithm;         /**< Signing algorithm */
    bool     validity;          /**< Signature validity */
} rsaverify_t;


/**
 * Generate HMAC key data
 * Response data contains generated HMAC key data that is
 * wrapped as below:
 *
 * |-- HMAC key (encrypted) --|
 */
typedef struct {
    uint32_t keydata;        /**< Key data buffer passed by TLC  */
    uint32_t keydatalen;     /**< Length of key data buffer */
    uint32_t solen;          /**< Secure object length  (of key data) (provided by the trustlet)  */
} hmacgenkey_t;


/**
 *  HMAC sign data structure
 */
typedef struct {
    uint32_t keydata;           /**< Key data buffer */
    uint32_t keydatalen;        /**< Length of key data buffer */
    uint32_t plaindata;         /**< Plaintext data buffer */
    uint32_t plaindatalen;      /**< Length of plaintext data buffer */
    uint32_t signaturedata;     /**< Signature data buffer */
    uint32_t signaturedatalen;  /**< Length of signature data buffer */
    uint32_t digest;            /**< Digest algorithm */
} hmacsign_t;


/**
 *  HMAC signature verify data structure
 */
typedef struct {
    uint32_t keydata;           /**< Key data buffer */
    uint32_t keydatalen;        /**< Length of key data buffer */
    uint32_t plaindata;         /**< Plaintext data buffer */
    uint32_t plaindatalen;      /**< Length of plaintext data buffer */
    uint32_t signaturedata;     /**< Signature data buffer */
    uint32_t signaturedatalen;  /**< Length of signature data buffer */
    uint32_t digest;            /**< Digest algorithm */
    bool     validity;          /**< Signature validity */
} hmacverify_t;

/**
 * RSA private key metadata
 */
typedef struct {
    uint32_t     lenpriexp;     /**< Private key exponent length */
} rsaprivkeymeta_t;


/**
 * RSA CRT private key metadata
 */
typedef struct {
    uint32_t     lenp;          /**< Prime p length */
    uint32_t     lenq;          /**< Prime q length */
    uint32_t     lendp;         /**< DP length */
    uint32_t     lendq;         /**< DQ length */
    uint32_t     lenqinv;       /**< QP length */
} rsacrtprivkeymeta_t;


/**
 * Key metadata (key size, modulus/exponent lengths, etc..)
 */
typedef struct {
    uint32_t     keytype;          /**< RSA key pair type. RSA or RSA CRT */
    uint32_t     keysize;          /**< RSA key size */
    uint32_t     lenpubmod;        /**< Public key modulus length */
    uint32_t     lenpubexp;        /**< Public key exponent length */
    union {
        rsaprivkeymeta_t    rsapriv;    /**< RSA private key */
        rsacrtprivkeymeta_t rsacrtpriv; /**< RSA CRT private key */
    };
    uint32_t     rfu;          /**< Reserved for future use */
    uint32_t     rfulen;       /**< Reserved for future use */
} rsakeymeta_t;

/**
 *  Key import data structure
 */
typedef struct {
    uint32_t     keydata;           /**< Key data buffer */
    uint32_t     keydatalen;        /**< Length of key data buffer */
    uint32_t     sodata;            /**< Wrapped buffer */
    uint32_t     sodatalen;         /**< Length of wrapped data buffer */
} keyimport_t;


/**
 *  Get public key data structure
 */
typedef struct {
    uint32_t type;              /**< Key type */
    uint32_t keydata;           /**< Key data buffer */
    uint32_t keydatalen;        /**< Length of key data buffer */
    uint32_t modulus;           /**< Modulus */
    uint32_t moduluslen;        /**< Modulus length */
    uint32_t exponent;          /**< Exponent */
    uint32_t exponentlen;       /**< Exponent length */
} getpubkey_t;


/**
 * TCI message data.
 */
typedef struct {
    union {
        command_t     command;
        response_t    response;
    };

    union {
        rsagenkey_t  rsagenkey;
        rsasign_t    rsasign;
        rsaverify_t  rsaverify;
        hmacgenkey_t hmacgenkey;
        hmacsign_t   hmacsign;
        hmacverify_t hmacverify;
        keyimport_t  keyimport;
        getpubkey_t  getpubkey;
    };

} tciMessage_t, *tciMessage_ptr;


/**
 * Overall TCI structure.
 */
typedef struct {
    tciMessage_t message;   /**< TCI message */
} tci_t;


/**
 * Trustlet UUID
 */
#define TEE_KEYMASTER_TL_UUID { { 7, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } }


#endif // __TLTEEKEYMASTERAPI_H__
Commit	Line	Data
8eff0eb0 DP	1	/**
	2	* @file tlTeeKeymaster_Api.h
	3	* @brief Contains TCI command definitions and data structures
	4	*
	5	* Copyright Giesecke & Devrient GmbH 2012
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	* 1. Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in the
	14	* documentation and/or other materials provided with the distribution.
	15	* 3. The name of the author may not be used to endorse or promote
	16	* products derived from this software without specific prior
	17	* written permission.
	18	*
	19	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
	20	* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	22	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
	23	* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	24	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
	25	* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	26	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
	27	* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	28	* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
	29	* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	30	*/
	31
	32	#ifndef __TLTEEKEYMASTERAPI_H__
	33	#define __TLTEEKEYMASTERAPI_H__
	34
	35	#include "tci.h"
	36
	37
	38
	39	/**
	40	* Command ID's
	41	*/
	42	#define CMD_ID_TEE_RSA_GEN_KEY_PAIR 1
	43	#define CMD_ID_TEE_RSA_SIGN 2
	44	#define CMD_ID_TEE_RSA_VERIFY 3
	45	#define CMD_ID_TEE_HMAC_GEN_KEY 4
	46	#define CMD_ID_TEE_HMAC_SIGN 5
	47	#define CMD_ID_TEE_HMAC_VERIFY 6
	48	#define CMD_ID_TEE_KEY_IMPORT 7
	49	#define CMD_ID_TEE_GET_PUB_KEY 8
	50	/... add more command ids when needed /
	51
	52
	53	/**
	54	* Command message.
	55	*
	56	* @param len Length of the data to process.
	57	* @param data Data to be processed
	58	*/
	59	typedef struct {
	60	tciCommandHeader_t header; /*< Command header /
	61	uint32_t len; /*< Length of data to process /
	62	} command_t;
	63
	64
65	/**
66	* Response structure
67	*/
68	typedef struct {
69	tciResponseHeader_t header; /*< Response header /
70	uint32_t len;
71	} response_t;
72
73
74	/**
75	* Generate key data
76	* Response data contains generated RSA key pair data is
77	* wrapped as below:
78	*
79	* \|-- Key metadata --\|-- Public key (plaintext) --\|-- Private key (encrypted) --\|
80	*/
81	typedef struct {
82	uint32_t type; /*< Key pair type. RSA or RSACRT /
83	uint32_t keysize; /*< Key size in bits, e.g. 1024, 2048,.. /
84	uint32_t exponent; /*< Exponent number /
85	uint32_t keydata; /*< Key data buffer passed by TLC /
86	uint32_t keydatalen; /*< Length of key data buffer /
87	uint32_t solen; /*< Secure object length (of key data) (provided by the trustlet) /
88	} rsagenkey_t;
89
90
91	/**
92	* RSA sign data structure
93	*/
94	typedef struct {
95	uint32_t keydata; /*< Key data buffer /
96	uint32_t keydatalen; /*< Length of key data buffer /
97	uint32_t plaindata; /*< Plaintext data buffer /
98	uint32_t plaindatalen; /*< Length of plaintext data buffer /
99	uint32_t signaturedata; /*< Signature data buffer /
100	uint32_t signaturedatalen; /*< Length of signature data buffer /
101	uint32_t algorithm; /*< Signing algorithm /
102	} rsasign_t;
103
104
105	/**
106	* RSA signature verify data structure
107	*/
108	typedef struct {
109	uint32_t keydata; /*< Key data buffer /
110	uint32_t keydatalen; /*< Length of key data buffer /
111	uint32_t plaindata; /*< Plaintext data buffer /
112	uint32_t plaindatalen; /*< Length of plaintext data buffer /
113	uint32_t signaturedata; /*< Signature data buffer /
114	uint32_t signaturedatalen; /*< Length of signature data buffer /
115	uint32_t algorithm; /*< Signing algorithm /
116	bool validity; /*< Signature validity /
117	} rsaverify_t;
118
119
120	/**
121	* Generate HMAC key data
122	* Response data contains generated HMAC key data that is
123	* wrapped as below:
124	*
125	* \|-- HMAC key (encrypted) --\|
126	*/
127	typedef struct {
128	uint32_t keydata; /*< Key data buffer passed by TLC /
129	uint32_t keydatalen; /*< Length of key data buffer /
130	uint32_t solen; /*< Secure object length (of key data) (provided by the trustlet) /
131	} hmacgenkey_t;
132
133
134	/**
135	* HMAC sign data structure
136	*/
137	typedef struct {
138	uint32_t keydata; /*< Key data buffer /
139	uint32_t keydatalen; /*< Length of key data buffer /
140	uint32_t plaindata; /*< Plaintext data buffer /
141	uint32_t plaindatalen; /*< Length of plaintext data buffer /
142	uint32_t signaturedata; /*< Signature data buffer /
143	uint32_t signaturedatalen; /*< Length of signature data buffer /
144	uint32_t digest; /*< Digest algorithm /
145	} hmacsign_t;
146
147
148	/**
149	* HMAC signature verify data structure
150	*/
151	typedef struct {
152	uint32_t keydata; /*< Key data buffer /
153	uint32_t keydatalen; /*< Length of key data buffer /
154	uint32_t plaindata; /*< Plaintext data buffer /
155	uint32_t plaindatalen; /*< Length of plaintext data buffer /
156	uint32_t signaturedata; /*< Signature data buffer /
157	uint32_t signaturedatalen; /*< Length of signature data buffer /
158	uint32_t digest; /*< Digest algorithm /
159	bool validity; /*< Signature validity /
160	} hmacverify_t;
161
162	/**
163	* RSA private key metadata
164	*/
165	typedef struct {
166	uint32_t lenpriexp; /*< Private key exponent length /
167	} rsaprivkeymeta_t;
168
169
170	/**
171	* RSA CRT private key metadata
172	*/
173	typedef struct {
174	uint32_t lenp; /*< Prime p length /
175	uint32_t lenq; /*< Prime q length /
176	uint32_t lendp; /*< DP length /
177	uint32_t lendq; /*< DQ length /
178	uint32_t lenqinv; /*< QP length /
179	} rsacrtprivkeymeta_t;
180
181
182	/**
183	* Key metadata (key size, modulus/exponent lengths, etc..)
184	*/
185	typedef struct {
186	uint32_t keytype; /*< RSA key pair type. RSA or RSA CRT /
187	uint32_t keysize; /*< RSA key size /
188	uint32_t lenpubmod; /*< Public key modulus length /
189	uint32_t lenpubexp; /*< Public key exponent length /
190	union {
191	rsaprivkeymeta_t rsapriv; /*< RSA private key /
192	rsacrtprivkeymeta_t rsacrtpriv; /*< RSA CRT private key /
193	};
194	uint32_t rfu; /*< Reserved for future use /
195	uint32_t rfulen; /*< Reserved for future use /
196	} rsakeymeta_t;
197
198	/**
199	* Key import data structure
200	*/
201	typedef struct {
202	uint32_t keydata; /*< Key data buffer /
203	uint32_t keydatalen; /*< Length of key data buffer /
204	uint32_t sodata; /*< Wrapped buffer /
205	uint32_t sodatalen; /*< Length of wrapped data buffer /
206	} keyimport_t;
207
208
209	/**
210	* Get public key data structure
211	*/
212	typedef struct {
213	uint32_t type; /*< Key type /
214	uint32_t keydata; /*< Key data buffer /
215	uint32_t keydatalen; /*< Length of key data buffer /
216	uint32_t modulus; /*< Modulus /
217	uint32_t moduluslen; /*< Modulus length /
218	uint32_t exponent; /*< Exponent /
219	uint32_t exponentlen; /*< Exponent length /
220	} getpubkey_t;
221
222
223	/**
224	* TCI message data.
225	*/
226	typedef struct {
227	union {
228	command_t command;
229	response_t response;
230	};
231
232	union {
233	rsagenkey_t rsagenkey;
234	rsasign_t rsasign;
235	rsaverify_t rsaverify;
236	hmacgenkey_t hmacgenkey;
237	hmacsign_t hmacsign;
238	hmacverify_t hmacverify;
239	keyimport_t keyimport;
240	getpubkey_t getpubkey;
241	};
242
243	} tciMessage_t, *tciMessage_ptr;
244
245
246	/**
247	* Overall TCI structure.
248	*/
249	typedef struct {
250	tciMessage_t message; /*< TCI message /
251	} tci_t;
252
253
254	/**
255	* Trustlet UUID
256	*/
257	#define TEE_KEYMASTER_TL_UUID { { 7, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } }
258
259
260	#endif // __TLTEEKEYMASTERAPI_H__