diff --git a/TEEKit/include/tee/dstb_api.h b/TEEKit/include/tee/dstb_api.h new file mode 100644 index 0000000000000000000000000000000000000000..aed8dffe0bfc0adbd48078f9b60ac4154136bfd1 --- /dev/null +++ b/TEEKit/include/tee/dstb_api.h @@ -0,0 +1,126 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file dstb_api.h + * + * @brief Provides the API about Distributed TEE service. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef DSTB_API_H +#define DSTB_API_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Enumerates device ID types. + * + * @since 20 + */ +enum devid_type { + /** Network ID */ + DEVID_NETID = 0, + /** Device ID */ + DEVID_UDID = 1, +}; + +/** + * @brief Defines device information. + * + * @since 20 + */ +struct device_info { + /** Enumerated variable for device ID type */ + enum devid_type devid_type; + /** Device ID value */ + char *devid; +}; + +/** + * @brief Enumerates the negotiation conditions. + * + * @since 20 + */ +enum nego_condition { + /** check whether local has record of peer. If no, start negatiation. */ + CHECK_LOCAL = 0, + /** check local and peer have records of each other. If no, start negotiation. */ + CHECK_BOTH = 1, + /** start negotiation with no condition. */ + NO_CHECK = 2, +}; + +/** + * @brief Generate share key by distributed TEE. + * + * @param devid_info [OUT]The peer devid, can be networkid or deviceid. + * @param salt [IN]The salt should be random, same as peer if caller want to generate same share key. + * @param salt_len [IN]The length of the salt buffer. + * @param info [IN]The entra information for generate share key, same as peer if caller want to generate same share key. + * @param info_len [IN]The length of the information buffer. + * @param key [OUT]The result key. + * @param key_len [IN]The length of the result key. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns other information otherwise. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_dstb_gen_sharekey(struct device_info *devid_info, const uint8_t *salt, uint32_t salt_len, + const uint8_t *info, uint32_t info_len, uint8_t *key, uint32_t key_len); + +/** + * @brief The pre-negotiation interface about distributed TEE service . + * + * @param devid_info [OUT]The peer devid, can be networkid or deviceid. + * @param cond [IN]Pre-negotiation conditions. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns other information otherwise. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_dstb_pre_attestation(struct device_info *devid_info, enum nego_condition cond); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/pthread_attr.h b/TEEKit/include/tee/pthread_attr.h new file mode 100644 index 0000000000000000000000000000000000000000..9e3674b9e864fe495b8bb137cacb5fa3f3a32fdd --- /dev/null +++ b/TEEKit/include/tee/pthread_attr.h @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file pthread_attr.h + * + * @brief Provides the attr about TA multi-thread. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef PTHREAD_ATTR_H +#define PTHREAD_ATTR_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Defines that the thread attribute of ca is not explicitly set (wildcard/default state). + * + * @since 20 + */ +#define TEESMP_THREAD_ATTR_CA_WILDCARD 0 + +/** + * @brief Defines that the thread attribute of ca inherit from the parent thread. + * + * @since 20 + */ +#define TEESMP_THREAD_ATTR_CA_INHERIT (-1U) + +/** + * @brief Defines that the task ID attribute inherit from the parent task/thread. + * + * @since 20 + */ +#define TEESMP_THREAD_ATTR_TASK_ID_INHERIT (-1U) + +/** + * @brief Defines that the thread attribute has a shadow. + * + * @since 20 + */ +#define TEESMP_THREAD_ATTR_HAS_SHADOW 0x1 + +/** + * @brief Defines that the thread attribute does not have a shadow. + * + * @since 20 + */ +#define TEESMP_THREAD_ATTR_NO_SHADOW 0x0 + +/** + * @brief Sets thread attributes for CA, task ID, and shadow settings. + * + * @param ca Specifies the CA attribute value (e.g., TEESMP_THREAD_ATTR_CA_INHERIT for inheritance). + * @param task_id Specifies the task ID attribute value (e.g., TEESMP_THREAD_ATTR_TASK_ID_INHERIT for inheritance). + * @param shadow Indicates whether to enable shadow settings (TEESMP_THREAD_ATTR_NO_SHADOW 0x0 for no shadow, TEESMP_THREAD_ATTR_HAS_SHADOW 0x1 for has shadow). + * + * @return always return 0. + * + * @since 20 + * @version 1.0 + */ +int pthread_attr_settee(pthread_attr_t *, int ca, int task_id, int shadow); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/rpmb_driver_rw_api.h b/TEEKit/include/tee/rpmb_driver_rw_api.h new file mode 100644 index 0000000000000000000000000000000000000000..f532c1970c240c1d90bd9010d72070b62c68c913 --- /dev/null +++ b/TEEKit/include/tee/rpmb_driver_rw_api.h @@ -0,0 +1,364 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file rpmb_driver_rw_api.h + * + * @brief APIs related to RPMB driver read and write. + * Provides the function of reading and writing RPMB driver. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef RPMB_DRIVER_RW_API_H +#define RPMB_DRIVER_RW_API_H + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Defines the total block number. + * + * @since 20 + * @version 1.0 + */ +#define TOTAL_BLK 4 + +/** + * @brief Defines the size of block. + * + * @since 20 + * @version 1.0 + */ +#define BLK_SIZE 256 + +/** + * @brief Defines the size of the total block. + * + * @since 20 + * @version 1.0 + */ +#define TOTAL_BLK_SIZE (TOTAL_BLK * BLK_SIZE) + +/** + * @brief Defines the number of security write protection entries. + * + * @since 20 + */ +#define SEC_WRITE_PROTECT_ENTRY_NUM 4 + +/** + * @brief Defines the number of reserved security write protection entries. + * + * @since 20 + */ +#define SEC_WRITE_PROTECT_ENTRY_RESERVED_NUM 3 + +/** + * @brief Defines the reserved size of security write protection entries. + * + * @since 20 + */ +#define SEC_WRITE_PROTECT_ENTRY_RESERVED_SIZE 16 + +/** + * @brief Defines the number of reserved security write protection frames. + * + * @since 20 + */ +#define SEC_WRITE_PROTECT_FRAME_RESERVED_NUM 14 + +/** + * @brief Defines the number of reserved end security write protection frames. + * + * @since 20 + */ +#define SEC_WRITE_PROTECT_FRAME_RESERVED_END_NUM 176 + +/** + * @brief Defines the size of the security write protection block. + * + * @since 20 + */ +#define SEC_WRITE_PROTECT_BLK_SIZE 256 + +/** + * @brief Defines the maximum number of security write protection LUNs. + * + * @since 20 + */ +#define SEC_WRITE_PROTECT_LUN_MAX 5 + +/** + * @brief A WPF set to one specifies that the logical unit shall inhibit alteration of the medium for LBA within + * the range indicated by LOGICAL BLOCK ADDRESS field and NUMBER OF LOGICAL BLOCKS field. + * Commands requiring writes to the medium shall be terminated with CHECK CONDITION status, + * with the sense key set to DATA PROTECT, and the additional sense code set to WRITE PROTECTED. + * + * @since 20 + * @version 1.0 + */ +typedef enum { + /** Disables the write protection. */ + SEC_WRITE_PROTECT_DISABLE = 0, + /** Enables the write protection. */ + SEC_WRITE_PROTECT_ENABLE = 1, +} write_protect_flag; + +/** + * @brief Write Protect Type specifies how WPF bit may be modified. + * + * @since 20 + * @version 1.0 + */ +typedef enum { + /** WPF bit is persistent through power cycle and hardware reset. + * WPF value may only be changed writing to Secure Write Protect Configuration Block. + */ + NV_TYPE = 0, + /** WPF bit is automatically cleared to 0b after power cycle or hardware reset. */ + P_TYPE = 1, + /** WPF bit is automatically set to 1b after power cycle or hardware reset. */ + NV_AWP_TYPE = 2, +} write_protect_type; + +/** + * @brief Secure Write Protect Entry. + * +-----+---+---+---+---+---+---+---+----+ + * | | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | + * +-----+---+---+---+---+---+---+---+----+ + * | 0 | Reserved | WFT | WPF| -> wp_data + * +-----+---+---+---+---+---+---+---+----+ + * | 1 | Reserved | + * +-----+---+---+---+---+---+---+---+----+ + * | 2 | Reserved | + * +-----+---+---+---+---+---+---+---+----+ + * | 3 | Reserved | + * +-----+---+---+---+---+---+---+---+----+ + * | 4 | LOGICAL BLOCK ADDRESS | -> logical_blk_addr + * +-----+ + + * | ... | | + * +-----+ + + * | 11 | | + * +-----+ + + * | 20 | | + * +-----+---+---+---+---+---+---+---+----+ + * | ... | NUMBER OF LOGICAL BLOCKS | -> logical_blk_num + * +-----+---+---+---+---+---+---+---+----+ + * | 15 | | + * +-----+---+---+---+---+---+---+---+----+ + * + * @since 20 + * @version 1.0 + */ +struct rpmb_protect_cfg_blk_entry { + /** This field specifies the write protect data. */ + uint8_t wp_data; + /** Reserved bytes for padding. */ + uint8_t reserved[SEC_WRITE_PROTECT_ENTRY_RESERVED_NUM]; + /** This field specifies the LBA of the first logical address of the Secure Write Protect ares. */ + uint64_t logical_blk_addr; + /** This field specifies the number of contiguous logical size that belong to the Secure Write Protect. */ + uint32_t logical_blk_num; +}__attribute__((packed)); + + +/** + * @brief Secure Write Protect Configuration Block is supported by RPMB region 0 only. + * This block is used for configuring secure write protect areas in logical units. + * Each Secure Write Protect Configuration Block for each logical unit. + * Each entry represents one secure write protect area. + * If an entry is not used, then the related fields shall contain a value of zero. + * +-----+---+---+---+---+---+---+---+----+ + * | | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | + * +-----+---+---+---+---+---+---+---+----+ + * | 0 | LUN | + * +-----+---+---+---+---+---+---+---+----+ + * | 1 | DATA LENGTH | + * +-----+---+---+---+---+---+---+---+----+ + * | 2 | | + * +-----+ + + * | ... | Reserved | + * +-----+ + + * | 15 | | + * +-----+---+---+---+---+---+---+---+----+ + * | 16 | | + * +-----+ + + * | ... | Secure Write Protect Entry 0 | + * +-----+ + + * | 31 | | + * +-----+---+---+---+---+---+---+---+----+ + * | 32 | | + * +-----+ + + * | ... | Secure Write Protect Entry 1 | + * +-----+ + + * | 47 | | + * +-----+---+---+---+---+---+---+---+----+ + * | 48 | | + * +-----+ + + * | ... | Secure Write Protect Entry 1 | + * +-----+ + + * | 63 | | + * +-----+---+---+---+---+---+---+---+----+ + * | 64 | | + * +-----+ + + * | ... | Secure Write Protect Entry 1 | + * +-----+ + + * | 79 | | + * +-----+---+---+---+---+---+---+---+----+ + * | 80 | | + * +-----+ + + * | ... | Reserved | + * +-----+ + + * | 255 | | + * +-----+---+---+---+---+---+---+---+----+ + * + * @since 20 + * @version 1.0 + */ +struct rpmb_protect_cfg_block { + /** Logical Unit Number (LUN) */ + uint8_t lun; + /** Data length for the configuration block */ + uint8_t data_length; + /** Reserved bytes for padding */ + uint8_t reserved[SEC_WRITE_PROTECT_FRAME_RESERVED_NUM]; + /** Array of Secure Write Protect entries */ + struct rpmb_protect_cfg_blk_entry entries[SEC_WRITE_PROTECT_ENTRY_NUM]; + /** Reserved bytes for padding at the end of the block */ + uint8_t reserved_end[SEC_WRITE_PROTECT_FRAME_RESERVED_END_NUM]; +}__attribute__((packed)); + +/** + * @brief Write protect config block by RPMB driver. + * + * @param lun Indicates the logical unit to which secure write protection shall apply, + * and 0 <= lun <= {@code SEC_WRITE_PROTECT_LUN_MAX} + * @param entries Indicates the Secure Write Protect Entry array, The maximum length is 4. + * @param len Indicates the real length of the Secure Write Protect Entry array, which value is less than 4. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if the input parameter is incorrect. + * Returns {@code TEE_ERROR_OUT_OF_MEMORY} if the send message fail. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_rpmb_protect_cfg_blk_write(uint8_t lun, struct rpmb_protect_cfg_blk_entry *entries, uint32_t len); + +/** + * @brief Read protect config block by RPMB driver. + * + * @param lun Indicates the logical unit to which secure read protection shall apply, + * and 0 <= lun <= SEC_WRITE_PROTECT_LUN_MAX. + * @param entries Indicates the Secure Read Protect Entry array, The maximum length is 4. + * @param len Indicates the real length of the Secure Read Protect Entry array, which value is less than 4. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if the input parameter is incorrect. + * Returns {@code TEE_ERROR_OUT_OF_MEMORY} if the send message fail. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_rpmb_protect_cfg_blk_read(uint8_t lun, struct rpmb_protect_cfg_blk_entry *entries, uint32_t *len); + +/** + * @brief Write plaintext buffer to RPMB driver. + * + * @param buf Indicates the buffer for writing data. + * @param size Indicates the length of buffer, the maximum value is 1024. + * @param block Indicates the block index of the position of start block, the value is [0, 3]. + * @param offset Indicates the offset bytes of data position, and the value of offest bytes is less than 256. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if the input parameter is incorrect. + * Returns {@code TEE_ERROR_OUT_OF_MEMORY} if the send message fail. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_rpmb_driver_write(const uint8_t *buf, size_t size, uint32_t block, uint32_t offset); + +/** + * @brief Read plaintext buffer from RPMB driver. + * + * @param buf Indicates the buffer for read data. + * @param size Indicates the length of buffer, the maximum value is 1024. + * @param block Indicates the block index of the position of start block, the value is [0, 3]. + * @param offset Indicates the offset bytes of data position, and the value of offest bytes is less than 256. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if the input parameter is incorrect. + * Returns {@code TEE_ERROR_OUT_OF_MEMORY} if the send message fail. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_rpmb_driver_read(uint8_t *buf, size_t size, uint32_t block, uint32_t offset); + +/** + * @brief Remove data from RPMB driver. + * + * @param size Indicates the length of remove data, the maximum value is 1024. + * @param block Indicates the block index of the position of start block, the value is [0, 3]. + * @param offset Indicates the offset bytes of data position, and the value of offest bytes is less than 256. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if the input parameter is incorrect. + * Returns {@code TEE_ERROR_OUT_OF_MEMORY} if the send message fail. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_rpmb_driver_remove(size_t size, uint32_t block, uint32_t offset); + +/** + * @brief RPMB secure storage fully formatted operation + * + * @param NA + * + * @return TEE_SUCCESS Indicates that the function was executed successfully + * TEE_ERROR_RPMB_GENERIC RPMB controller general error + * TEE_ERROR_RPMB_MAC_FAIL RPMB controller MAC check error + * TEE_ERROR_RPMB_RESP_UNEXPECT_MAC RPMB response data MAC check error + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_rpmb_format(); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/rpmb_fcntl.h b/TEEKit/include/tee/rpmb_fcntl.h new file mode 100644 index 0000000000000000000000000000000000000000..3534c5ee89840d30a78aca6398e3ce508f64f7c3 --- /dev/null +++ b/TEEKit/include/tee/rpmb_fcntl.h @@ -0,0 +1,310 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file rpmb_fcntl.h + * + * @brief Provides the APIs related to RPMB service. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef RPMB_RPMB_FCNTL_H +#define RPMB_RPMB_FCNTL_H + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Partition initialization, perform RPMB Key writing and formatting operations. + * + * @attention This function only needs to be executed once. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_RPMB_GENERIC} if the RPMB controller general error. + * Returns {@code TEE_ERROR_RPMB_MAC_FAIL} if the RPMB controller MAC check error. + * Returns {@code TEE_ERROR_RPMB_RESP_UNEXPECT_MAC} if the RPMB response data MAC check error. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_RPMB_FS_Init(void); + +/** + * @brief RPMB secure storage fully formatted operation. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_RPMB_GENERIC} if the RPMB controller general error. + * Returns {@code TEE_ERROR_RPMB_MAC_FAIL} if the RPMB controller MAC check error. + * Returns {@code TEE_ERROR_RPMB_RESP_UNEXPECT_MAC} if the RPMB response data MAC check error. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_RPMB_FS_Format(void); + +/** + * @brief Write files to RPMB. + * + * @attention If you want to improve the performance of writing files, you need to define the heap size in TA's + * manifest to be at leaset 3 times the file size plus 256KB. + * For example: To write a file with a size of 100KB, the defined heap size is at least + * 556KB (3 * 100 + 256). If the heap size cannot be satisfied, the file writing will still succeed, + * but the performance will be poor. + * + * @param filename Indicates the file name of the data to be written, the maximum length is 64 bytes. + * @param buf Indicates the buffer for writting data. + * @param size Indicates the size of the written data, the maximum size is 160KB. + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect, or the file name is longer than 64 + * bytes. + * Returns {@code TEE_ERROR_RPMB_NOSPC} if the RPMB partition has insufficient disk space. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_RPMB_FS_Write(const char *filename, const uint8_t *buf, size_t size); + +/** + * @brief Write files to RPMB by huk2 encryption. + * + * @attention If you want to improve the performance of writing files, you need to define the heap size in TA's + * manifest to be at leaset 3 times the file size plus 256KB. + * For example: To write a file with a size of 100KB, the defined heap size is at least + * 556KB (3 * 100 + 256). If the heap size cannot be satisfied, the file writing will still succeed, + * but the performance will be poor. + * + * @param filename Indicates the file name of the data to be written, the maximum length is 64 bytes. + * @param buf Indicates the buffer for writting data. + * @param size Indicates the size of the written data, the maximum size is 160KB. + * @param fmode Indicates the encryption method for written data, this interface provides specified huk2 encryption. + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect, or the file name is longer than 64 + * bytes. + * Returns {@code TEE_ERROR_RPMB_NOSPC} if the RPMB partition has insufficient disk space. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_RPMB_FS_Write_Attr(const char *filename, const uint8_t *buf, size_t size, uint32_t fmode); + +/** + * @brief Read files from RPMB. + * + * @attention If you want to improve the performance of reading files, you need to define the heap size in TA's + * manifest to be at leaset 3 times the file size plus 256KB. + * For example: To read a file with a size of 100KB, the defined heap size is at least + * 556KB (3 * 100 + 256). If the heap size cannot be satisfied, the file reading will still succeed, + * but the performance will be poor. + * + * @param filename Indicates the file name of the data to be read, the maximum length is 64 bytes. + * @param buf Indicates the buffer for reading data. + * @param size Indicates the read data size. + * @param count Indicates the size of the actual read. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect, or the file name is longer than 64 + * bytes. + * Returns {@code TEE_ERROR_RPMB_FILE_NOT_FOUND} if the file dose not exist. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_RPMB_FS_Read(const char *filename, uint8_t *buf, size_t size, uint32_t *count); + +/** + * @brief Rename file name in RPMB. + * + * @param old_name Indicates the old file name. + * @param new_name Indicates the new file name. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect, or the file name is longer than 64 + * bytes. + * Returns {@code TEE_ERROR_RPMB_FILE_NOT_FOUND} if the file dose not exist. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_RPMB_FS_Rename(const char *old_name, const char *new_name); + +/** + * @brief Delete files in RPMB. + * + * @param filename Indicates the file name to be deleted. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect, or the file name is longer than 64 + * bytes. + * Returns {@code TEE_ERROR_RPMB_FILE_NOT_FOUND} if the file dose not exist. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_RPMB_FS_Rm(const char *filename); + +/** + * @brief File status stored in RPMB partition, used in {@code TEE_RPMB_FS_Stat}. + * + * @since 20 + */ +struct rpmb_fs_stat { + /** Indicates the file size. */ + uint32_t size; + /** Reserved field for padding. */ + uint32_t reserved; +}; + +/** + * @brief Get file status in RPMB. + * + * @param filename Indicates the file name in RPMB. + * @param stat Indicates the file status information obtained. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect, or the file name is longer than 64 + * bytes. + * Returns {@code TEE_ERROR_RPMB_FILE_NOT_FOUND} if the file dose not exist. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_RPMB_FS_Stat(const char *filename, struct rpmb_fs_stat *stat); + +/** + * @brief Disk status stored in RPMB partition, used in {@code TEE_RPMB_FS_StatDisk}. + * + * @since 20 + */ +struct rpmb_fs_statdisk { + /** Indicates the total size of RPMB partition. */ + uint32_t disk_size; + /** Indicates the TA used size. */ + uint32_t ta_used_size; + /** Indicates the free size of the RPMB partition. */ + uint32_t free_size; + /** Reserved field for padding. */ + uint32_t reserved; +}; + +/** + * @brief Get the disk status. + * + * @param stat Indicates the disk status information obtained. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_RPMB_FS_StatDisk(struct rpmb_fs_statdisk *stat); + +/** + * @brief File attribute definition, which means that the file cannot be erased during the factory reset. + * + * @since 20 +*/ +#define TEE_RPMB_FMODE_NON_ERASURE (1U << 0) + +/** + * @brief File attribute definition, which means the attribute value of the cleard file. + * + * @since 20 +*/ +#define TEE_RPMB_FMODE_CLEAR 0 + + +/** + * @brief Set the file attribute in RPMB. + * + * @param filename Indicates the file name in RPMB. + * @param fmode Indicates the file attribute, currently supports {@code TEE_RPMB_FMODE_NON_ERASURE} and + * {@code TEE_RPMB_FMODE_CLEAR} two attributes, other values will return {@code TEE_ERROR_BAD_PARAMETERS}. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect, + * or the file name is longer than 64 bytes. + * Returns {@code TEE_ERROR_RPMB_FILE_NOT_FOUND} if the file dose not exist. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_RPMB_FS_SetAttr(const char *filename, uint32_t fmode); + +/** + * @brief Format, delete file attribute is erasable file, keep the file attribute is an inerasable file. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_RPMB_GENERIC} if the RPMB controller general error. + * Returns {@code TEE_ERROR_RPMB_MAC_FAIL} if the RPMB controller MAC check error. + * Returns {@code TEE_ERROR_RPMB_RESP_UNEXPECT_MAC} if the RPMB response data MAC check error. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_RPMB_FS_Erase(void); + +/** + * @brief Enumerates the types of RPMB key status, used in {@code TEE_RPMB_KEY_Status}. + * + * @since 20 +*/ +enum TEE_RPMB_KEY_STAT { + /** RPMB Key status is invalid. */ + TEE_RPMB_KEY_INVALID = 0x0, + /** RPMB Key has been programmed and matched correctly. */ + TEE_RPMB_KEY_SUCCESS, + /** RPMB Key is not programmed. */ + TEE_RPMB_KEY_NOT_PROGRAM, + /** RPMB Key has been programmed but failed to match. */ + TEE_RPMB_KEY_NOT_MATCH, +}; + +/** + * @brief Obtain RPMB Key status. + * + * @return Returns {@code TEE_RPMB_KEY_SUCCESS} if the RPMB Key has been programmed and matched correctly. + * Returns {@code TEE_RPMB_KEY_NOT_PROGRAM} if the RPMB Key is not programmed. + * Returns {@code TEE_RPMB_KEY_NOT_MATCH} if RPMB Key has been programmed but failed to match. + * Returns {@code TEE_RPMB_KEY_INVALID} if the RPMB Key status is invalid. + * + * @since 20 + * @version 1.0 + */ +uint32_t TEE_RPMB_KEY_Status(void); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_agent.h b/TEEKit/include/tee/tee_agent.h new file mode 100644 index 0000000000000000000000000000000000000000..80e05d5b74d21df36cdc57f8dfa39058f2bf926b --- /dev/null +++ b/TEEKit/include/tee/tee_agent.h @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_agent.h + * + * @brief Provides the API about TA agent. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_AGENT_H +#define TEE_AGENT_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief The TA sends a message to the gtask to lock the agent. + * + * @param agent_id ID of the agent that requests to be locked. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns other information otherwise. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_agent_lock(uint32_t agent_id); + +/** + * @brief Unlock the agent. + * + * @param agent_id ID of the agent that requests to be unlocked. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns other information otherwise. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_agent_unlock(uint32_t agent_id); + +/** + * @brief Send agent cmd to gtask. + * + * @param agent_id The agent ID. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns other information otherwise. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_send_agent_cmd(uint32_t agent_id); + +/** + * @brief Receive messgage in get agent buffer. + * + * @param agent_id The agent ID. + * @param buffer The agent buffer. + * @param length The length of the agent buffer. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns other information otherwise. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_get_agent_buffer(uint32_t agent_id, void **buffer, uint32_t *length); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_apm_api.h b/TEEKit/include/tee/tee_apm_api.h new file mode 100644 index 0000000000000000000000000000000000000000..3fbdf0aa91766065a3feba045838589f3ce132dc --- /dev/null +++ b/TEEKit/include/tee/tee_apm_api.h @@ -0,0 +1,234 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_apm_api.h + * + * @brief Provides the API about TA APM. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_APM_API_H +#define TEE_APM_API_H + +#include "tee_defines.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Enumerates the TEE measurement result values. + * + * @since 20 + */ +enum tee_measure_result_value { + /** Measurement success. */ + TEE_MEASURE_SUCCESS = 0x00000000, + /** Generic error. */ + TEE_MEASURE_ERROR_GENERIC = 0x00000001, + /** TA hash check failed. */ + TEE_MEASURE_ERROR_TA_HASH_CHECK_FAILED = 0x00000002, + /** TA baseline does not exist. */ + TEE_MEASURE_ERROR_TA_BASELINE_NOT_EXIST = 0x00000003, + /** TA memory hash does not exist. */ + TEE_MEASURE_ERROR_TA_MEMHASH_NOT_EXIST = 0x00000004, + /** Permission denied. */ + TEE_MEASURE_ERROR_PERMISSION_DENY = 0x00000005, + /** TA history measurement does not exist. */ + TEE_MEASURE_ERROR_TA_HISTORY_MEASURE_NOT_EXIST = 0x00000006, + /** MSPC report query failed. */ + TEE_MEASURE_ERROR_MSPC_REPORT_QUERY_FAILED = 0x00000007, + /** MSPC service is unavailable. */ + TEE_MEASURE_ERROR_MSPC_NOT_SUPPORT = 0x00000008, + /** APM measurement report not supported. */ + TEE_MEASURE_ERROR_REPORT_NOT_SUPPORT = 0x00000009, + /** APM service is unavailable. */ + TEE_MEASURE_ERROR_APM_NOT_SUPPORT = 0x0000000a, +}; + +/** + * @brief Record the recent measure errors. + * + * @since 20 + */ +#define MAX_HISTORY_MEASURE_RECORDS_NUM 10 + +/** + * @brief Defines the history of measurement errors. + * + * @since 20 + */ +struct history_measure_result_t { + /** recent measure errors number. */ + uint8_t error_num; + /** measure error type */ + uint32_t error_type[MAX_HISTORY_MEASURE_RECORDS_NUM]; + /** measure error time */ + uint64_t error_time[MAX_HISTORY_MEASURE_RECORDS_NUM]; +}; + +/** + * @brief Defines the size of the TA memory hash. + * + * @since 20 + */ +#define TA_HASH_SIZE 32 + +/** + * @brief Defines the structure of the TA measure report. + * + * @since 20 + */ +struct ta_measure_report_t { + /** TA UUID */ + TEE_UUID uuid; + /** TA's measurement result */ + uint32_t measure_result; + /** TA's runtime measurement hash */ + uint8_t ta_measured[TA_HASH_SIZE]; + /** TA's baseline measurement hash */ + uint8_t ta_baseline[TA_HASH_SIZE]; + /** History measurement results */ + struct history_measure_result_t history_result; +}; + +/** + * @brief Queries the TA measure report. + * + * @param uuid A pointer to the TA's UUID. + * @param report A pointer to the structure that stores the measure report result. + * + * @return Returns the query result, TEE_SUCCESS if successful, or the corresponding error code if failed. + * + * @since 20 + */ +TEE_Result tee_query_ta_measure_report(const TEE_UUID *uuid, struct ta_measure_report_t *report); + +/** + * @brief Defines the structure of the MSPC measure report element. + * + * @since 20 + */ +struct mspc_metric_report_element_t { + /** Baseline status */ + uint32_t baseline_status; + /** Most recent error */ + uint32_t recent_error; + /** Error type */ + uint32_t error_class; + /** Time when the error occurred */ + uint32_t error_time; +}; + +/** + * @brief Defines the structure of the MSPC measure result report substructure. + * + * @since 20 + */ +struct mspc_metric_result_report_sub { + /** Global metric result */ + struct mspc_metric_report_element_t global_result; + /** BL2 metric result */ + struct mspc_metric_report_element_t bl2_result; + /** BL31 metric result */ + struct mspc_metric_report_element_t bl31_result; + /** TEE metric result */ + struct mspc_metric_report_element_t tee_result; +}; + +/** + * @brief Defines the structure of the passive part of the MSPC measure result report. + * + * @since 20 + */ +struct mspc_metric_result_report_passive { + /** BL2 verification result */ + struct mspc_metric_report_element_t bl2_verify_result; + /** TEE active metric result */ + struct mspc_metric_report_element_t tee_active_protect; +}; + +/** + * @brief Defines the structure of the command processing part of the MSPC measure result report. + * + * @since 20 + */ +struct mspc_metric_result_report_of_cmd_process { + /** Baseline command metirc result */ + struct mspc_metric_report_element_t cmd_baseline; + /** Active command metric result */ + struct mspc_metric_report_element_t cmd_active_metric; + /** Passive command metric result */ + struct mspc_metric_report_element_t cmd_passive_metric; + /** Query command metric result */ + struct mspc_metric_report_element_t cmd_query_result; +}; + +/** + * @brief Defines the structure of the MSPC measure result report. + * + * @since 20 + */ +struct mspc_metric_result_report_t { + /** Final metric result */ + uint32_t final_result; + /** Baseline metric report */ + struct mspc_metric_result_report_sub baseline_report; + /** Idle metric report */ + struct mspc_metric_result_report_sub idle_metric_report; + /** Active metric report */ + struct mspc_metric_result_report_sub active_metric_report; + /** Passive metric report */ + struct mspc_metric_result_report_passive passive_metric_report; + /** Command metric report */ + struct mspc_metric_result_report_of_cmd_process cmd_process_report; +}; + +/** + * @brief Queries the MSPC measurement report. + * + * @param report A pointer to the structure that stores mspc measurement report. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns other information otherwise. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_query_mspc_measure_report(struct mspc_metric_result_report_t *report); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_arith_api.h b/TEEKit/include/tee/tee_arith_api.h new file mode 100644 index 0000000000000000000000000000000000000000..2099075775cb1b5ee35b68d68734d4f2d498509c --- /dev/null +++ b/TEEKit/include/tee/tee_arith_api.h @@ -0,0 +1,594 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_arith_api.h + * + * @brief Provides APIs for operating big integers. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_ARITH_API_H +#define TEE_ARITH_API_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Defines the handle type representing a big integer. + * + * @since 20 + */ +typedef uint32_t TEE_BigInt; + +/** + * @brief Defines the handle of a big integer for Fast Modular Multiplication (FMM). + * + * @since 20 + */ +typedef uint32_t TEE_BigIntFMM; + +/** + * @brief Defines the handle of a context container for FMM operations. + * + * @since 20 + */ +typedef uint32_t TEE_BigIntFMMContext; + +/** + * @brief Obtains the size of the array of uint32_t values required to represent a BigInt. + * + * @param n Indicates the TEE_BigInt type. + * + * @return Returns the BigInt size obtained. + * + * @since 20 + * @version 1.0 + */ +#define TEE_BigIntSizeInU32(n) ((((n) + 31) / 32) + 2) + +/** + * @brief Obtains the size of the array of uint32_t values. + * + * @param modulusSizeInBits Indicates the modulus size, in bits. + * + * @return Returns the number of bytes required to store a TEE_BigIntFMM, + * given a modulus of length modSizeInBits. + * + * @since 20 + * @version 1.0 + */ +size_t TEE_BigIntFMMSizeInU32(size_t modulusSizeInBits); + +/** + * @brief Obtains the size of an array of uint32_t values required to represent a fast modular context. + * + * @param modulusSizeInBits Indicates the modulus size, in bits. + * + * @return Returns the number of bytes required to store a TEE_BigIntFMMContext, + * given a modulus of length modSizeInBits. + * + * @since 20 + * @version 1.0 + */ +size_t TEE_BigIntFMMContextSizeInU32(size_t modulusSizeInBits); + +/** + * @brief Initializes a TEE_BigInt. + * + * @param bigInt Indicates the pointer to the TEE_BigInt to initialize. + * @param len Indicates the size of the memory pointed to by TEE_BigInt, in uint32_t. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntInit(TEE_BigInt *bigInt, size_t len); + +/** + * @brief Calculates the necessary prerequisites for fast modular multiplication and stores them in a context. + * + * @param context Indicates the pointer to the TEE_BigIntFMMContext to initialize. + * @param len Indicates the size of the memory pointed to by context, in uint32_t. + * @param modulus Indicates the pointer to the modulus. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntInitFMMContext(TEE_BigIntFMMContext *context, size_t len, const TEE_BigInt *modulus); + +/** + * @brief Calculates the necessary prerequisites for fast modular multiplication and stores them in a context. + * + * @param context Indicates the pointer to the TEE_BigIntFMMContext to initialize. + * @param len Indicates the size of the memory pointed to by context, in uint32_t. + * @param modulus Indicates the pointer to the modulus. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns other values if the operation fails. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_BigIntInitFMMContext1(TEE_BigIntFMMContext *context, size_t len, const TEE_BigInt *modulus); + +/** + * @brief Initializes a TEE_BigIntFMM and sets its represented value to zero. + * + * @param bigIntFMM Indicates the pointer to the TEE_BigIntFMM to initialize. + * @param len Indicates the size of the memory pointed to by bigIntFMM, in uint32_t. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntInitFMM(TEE_BigIntFMM *bigIntFMM, size_t len); + +/** + * @brief Converts an octet string buffer into the TEE_BigInt format. + * + * @param dest Indicates the pointer to the TEE_BigInt that holds the result. + * @param buffer Indicates the pointer to the buffer that holds the octet string representation of the integer. + * @param bufferLen Indicates the buffer length, in bytes. + * @param sign Indicates the sign of dest, which is set to the sign of sign. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_OVERFLOW if the memory allocated for dest is too small. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_BigIntConvertFromOctetString(TEE_BigInt *dest, const uint8_t *buffer, size_t bufferLen, int32_t sign); + +/** + * @brief Converts the absolute value of an integer in TEE_BigInt format into an octet string. + * + * @param buffer Indicates the pointer to the output buffer that holds the converted octet string representation + * of the integer. + * @param bufferLen Indicates the pointer to the buffer length, in bytes. + * @param bigInt Indicates the pointer to the integer to convert. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_SHORT_BUFFER if the output buffer is too small to hold the octet string. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_BigIntConvertToOctetString(void *buffer, size_t *bufferLen, const TEE_BigInt *bigInt); + +/** + * @brief Sets dest to the value shortVal. + * + * @param dest Indicates the pointer to the TEE_BigInt that holds the result. + * @param shortVal Indicates the value to set. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntConvertFromS32(TEE_BigInt *dest, int32_t shortVal); + +/** + * @brief Sets dest to the value of src, including the sign of src. + * + * @param dest Indicates the pointer to the int32_t that holds the result. + * @param src Indicates the pointer to the value to set. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_OVERFLOW if src does not fit within an int32_t. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_BigIntConvertToS32(int32_t *dest, const TEE_BigInt *src); + +/** + * @brief Checks whether op1 > op2, op1 == op2, or op1 < op2. + * + * @param op1 Indicates the pointer to the first operand. + * @param op2 Indicates the pointer to the second operand. + * + * @return Returns 0 if op1 == op2. + * Returns a positive number if op1 > op2. + * + * @since 20 + * @version 1.0 + */ +int32_t TEE_BigIntCmp(const TEE_BigInt *op1, const TEE_BigInt *op2); + +/** + * @brief Checks whether op > shortVal, op == shortVal, or op < shortVal. + * + * @param op Indicates the pointer to the first operand. + * @param shortVal Indicates the pointer to the second operand. + * + * @return Returns 0 if op1 == shortVal. + * Returns a positive number if op1 > shortVal. + * + * @since 20 + * @version 1.0 + */ +int32_t TEE_BigIntCmpS32(const TEE_BigInt *op, int32_t shortVal); + +/** + * @brief Computes |dest| = |op| >> bits. + * + * @param dest Indicates the pointer to the TEE_BigInt that holds the shifted result. + * @param op Indicates the pointer to the operand to be shifted. + * @param bits Indicates the number of bits to shift. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntShiftRight(TEE_BigInt *dest, const TEE_BigInt *op, size_t bits); + +/** + * @brief Obtains the bitIndex bit of the natural binary representation of |src|. + * + * @param src Indicates the pointer to the integer. + * @param bitIndex Indicates the offset of the bit to read, starting from offset 0 of the least significant bit. + * + * @return Returns the Boolean value of bitIndexth in |src|. The value true represents a 1, + * and false represents a 0. + * + * @since 20 + * @version 1.0 + */ +bool TEE_BigIntGetBit(const TEE_BigInt *src, uint32_t bitIndex); + +/** + * @brief Obtains the number of bits in the natural binary representation of |src|, + * that is, the magnitude of src. + * + * @param src Indicates the pointer to the integer. + * + * @return Returns 0 if src is 0. + * Returns the number of bits in the natural binary representation of src. + * + * @since 20 + * @version 1.0 + */ +uint32_t TEE_BigIntGetBitCount(const TEE_BigInt *src); + +/** + * @brief Sets the first bit of bitIndex in the natural binary representation of op to + * 1 or 0. + * + * @param op Indicates the pointer to the integer. + * @param bitIndex Indicates the offset of the bit to set, starting from offset 0 of the least significant bit. + * @param value Indicates the bit value to set. The value true represents a 1, and the value false + * represents a 0. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_OVERFLOW bitIndexth if the bitIndexth bit is larger than the allocated bit + * length of op. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_BigIntSetBit(TEE_BigInt *op, uint32_t bitIndex, bool value); + +/** + * @brief Assigns the value of src to dest. + * + * @param dest Indicates the pointer to the TEE_BigInt to be assigned. + * @param src Indicates the pointer to the source operand. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_OVERFLOW if the dest operand cannot hold the value of src. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_BigIntAssign(TEE_BigInt *dest, const TEE_BigInt *src); + +/** + * @brief Assigns the value of src to dest. + * + * @param dest Indicates the pointer to the TEE_BigInt to be assigned. + * @param src Indicates the pointer to the source operand. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_OVERFLOW if the dest operand cannot hold the value of src. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_BigIntAbs(TEE_BigInt *dest, const TEE_BigInt *src); + +/** + * @brief Computes dest = op1 + op2. + * + * @param dest Indicates the pointer to the TEE_BigInt that holds the sum of op1 and op2. + * @param op1 Indicates the pointer to the first operand. + * @param op2 Indicates the pointer to the second operand. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntAdd(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2); + +/** + * @brief Computes dest = op1 – op2. + * + * @param dest Indicates the pointer to the TEE_BigInt that holds the difference between op1 + * and op2. + * @param op1 Indicates the pointer to the first operand. + * @param op2 Indicates the pointer to the second operand. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntSub(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2); + +/** + * @brief Negates an operand: dest = –op. + * + * @param dest Indicates the pointer to the TEE_BigInt that holds the result –op. + * @param op Indicates the pointer to the operand to be negated. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntNeg(TEE_BigInt *dest, const TEE_BigInt *op); + +/** + * @brief Computes dest = op1 * op2. + * + * @param dest Indicates the pointer to the TEE_BigInt that holds the product of op1 and op2. + * @param op1 Indicates the pointer to the first operand. + * @param op2 Indicates the pointer to the second operand. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntMul(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2); + +/** + * @brief Computes dest = op * op. + * + * @param dest Indicates the pointer to the TEE_BigInt that holds the result op * op. + * @param op Indicates the pointer to the operand to be squared. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntSquare(TEE_BigInt *dest, const TEE_BigInt *op); + +/** + * @brief Computes dest_r and dest_q to make op1 = dest_q* op2 + dest_r. + * + * @param dest_q Indicates the pointer to the TEE_BigInt that holds the quotient. + * @param dest_r Indicates the pointer to the TEE_BigInt that holds the remainder. + * @param op1 Indicates the pointer to the first operand, which is the dividend. + * @param op2 Indicates the pointer to the second operand, which is the divisor. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_BAD_PARAMETERS if at least one parameter is null. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntDiv(TEE_BigInt *dest_q, TEE_BigInt *dest_r, const TEE_BigInt *op1, const TEE_BigInt *op2); + +/** + * @brief Computes dest = op (mod n) to make 0 <= dest < n. + * + * @param dest Indicates the pointer to the TEE_BigInt that holds the result op (mod n). + * @param op Indicates the pointer to the operand to be reduced mod n. + * @param n [IN] Indicates the pointer to the modulus, which must be greater than 1. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntMod(TEE_BigInt *dest, const TEE_BigInt *op, const TEE_BigInt *n); + +/** + * @brief Computes dest = (op1 + op2) (mod n). + * + * @param dest Indicates the pointer to the TEE_BigInt that holds the result op (op1 + op2)(mod n). + * @param op1 Indicates the pointer to the first operand. + * @param op2 Indicates the pointer to the second operand. + * @param n Indicates the pointer to the modulus, which must be greater than 1. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntAddMod(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2, const TEE_BigInt *n); + +/** + * @brief Computes dest = (op1 – op2) (mod n). + * + * @param dest Indicates the pointer to the TEE_BigInt that holds the result op (op1 – op2)(mod n). + * @param op1 Indicates the pointer to the first operand. + * @param op2 Indicates the pointer to the second operand. + * @param n Indicates the pointer to the modulus, which must be greater than 1. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntSubMod(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2, const TEE_BigInt *n); + +/** + * @brief Computes dest = (op1* op2)(mod n). + * + * @param dest Indicates the pointer to the TEE_BigInt that holds the result op (op1 * op2)(mod n). + * @param op1 Indicates the pointer to the first operand. + * @param op2 Indicates the pointer to the second operand. + * @param n Indicates the pointer to the modulus, which must be greater than 1. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntMulMod(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2, const TEE_BigInt *n); + +/** + * @brief Computes dest = (op * op) (mod n). + * + * @param dest Indicates the pointer to the TEE_BigInt that holds the result op (op * op)(mod n). + * @param op Indicates the pointer to the operand. + * @param n [IN] Indicates the pointer to the modulus, which must be greater than 1. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntSquareMod(TEE_BigInt *dest, const TEE_BigInt *op, const TEE_BigInt *n); + +/** + * @brief Computes dest to make dest* op = 1 (mod n). + * + * @param dest Indicates the pointer to the TEE_BigInt that holds the result (op^–1)(mod n). + * @param op Indicates the pointer to the operand. + * @param n [IN] Indicates the pointer to the modulus, which must be greater than 1. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntInvMod(TEE_BigInt *dest, const TEE_BigInt *op, const TEE_BigInt *n); + +/** + * @brief Checks whether gcd(op1, op2) == 1. + * + * @param op1 Indicates the pointer to the first operand. + * @param op2 Indicates the pointer to the second operand. + * + * @return Returns true if gcd(op1, op2) == 1. + * Returns false if gcd(op1, op2) != 1. + * + * @since 20 + * @version 1.0 + */ +bool TEE_BigIntRelativePrime(const TEE_BigInt *op1, const TEE_BigInt *op2); + +/** + * @brief Computes the greatest common divisor of op1 and op2. + * + * @param gcd Indicates the pointer to the TEE_BigInt that holds the greatest common divisor of op1 + * and op2. + * @param u Indicates the pointer to the TEE_BigInt that holds the first coefficient. + * @param v Indicates the pointer to the TEE_BigInt that holds the second coefficient. + * @param op1 Indicates the pointer to the first operand. + * @param op2 Indicates the pointer to the second operand. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntComputeExtendedGcd(TEE_BigInt *gcd, TEE_BigInt *u, TEE_BigInt *v, const TEE_BigInt *op1, + const TEE_BigInt *op2); +/** + * @brief Performs a probabilistic primality test on op. + * + * @param op Indicates the pointer to the candidate number that is tested for primality. + * @param confidenceLevel Indicates the expected confidence level for a non-conclusive test. + * + * @return Returns 0 if op is a composite number. + * Returns 1 if op is a prime number. + * Returns –1 if the test is non-conclusive but the probability that op is composite is + * less than 2^(-confidenceLevel). + * + * @since 20 + * @version 1.0 + */ +int32_t TEE_BigIntIsProbablePrime(const TEE_BigInt *op, uint32_t confidenceLevel); + +/** + * @brief Converts src into a representation suitable for doing fast modular multiplication. + * + * @param dest Indicates the pointer to an initialized TEE_BigIntFMM memory area. + * @param src Indicates the pointer to the TEE_BigInt to convert. + * @param n Indicates the pointer to the modulus. + * @param context Indicates the pointer to the context that is previously initialized using + * {@link TEE_BigIntInitFMMContext1}. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntConvertToFMM(TEE_BigIntFMM *dest, const TEE_BigInt *src, const TEE_BigInt *n, + const TEE_BigIntFMMContext *context); + +/** + * @brief Converts src in the fast modular multiplication representation back to a + * TEE_BigInt representation. + * + * @param dest Indicates the pointer to an initialized TEE_BigIntFMM memory area to store the converted result. + * @param src Indicates the pointer to a TEE_BigIntFMM holding the value in the fast modular multiplication + * representation. + * @param n Indicates the pointer to the modulus. + * @param context Indicates the pointer to the context that is previously initialized using + * {@link TEE_BigIntInitFMMContext1}. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntConvertFromFMM(TEE_BigInt *dest, const TEE_BigIntFMM *src, const TEE_BigInt *n, + const TEE_BigIntFMMContext *context); + +/** + * @brief Computes dest = op1* op2 in the fast modular multiplication representation. + * + * @param dest Indicates the pointer to the TEE_BigIntFMM that holds the result op1* op2. + * @param op1 Indicates the pointer to the first operand. + * @param op2 Indicates the pointer to the second operand. + * @param n Indicates the pointer to the modulus. + * @param context Indicates the pointer to the context that is previously initialized using + * {@link TEE_BigIntInitFMMContext1}. + * + * @since 20 + * @version 1.0 + */ +void TEE_BigIntComputeFMM(TEE_BigIntFMM *dest, const TEE_BigIntFMM *op1, const TEE_BigIntFMM *op2, const TEE_BigInt *n, + const TEE_BigIntFMMContext *context); + +/** + * @brief Computes dest = (op1 ^ op2)(mod n). + * + * @param des Indicates the pointer to the TEE_BigInt that holds the result (op1 ^ op2)(mod n). + * @param op1 Indicates the pointer to the first operand. + * @param op2 Indicates the pointer to the second operand. + * @param n Indicates the pointer to the modulus. + * @param context Indicates the pointer to the context that is previously initialized using + * {@link TEE_BigIntInitFMMContext1} or initialized to null. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_NOT_SUPPORTED if the value of n is not supported. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_BigIntExpMod(TEE_BigInt *des, TEE_BigInt *op1, const TEE_BigInt *op2, const TEE_BigInt *n, + TEE_BigIntFMMContext *context); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_core_api.h b/TEEKit/include/tee/tee_core_api.h new file mode 100644 index 0000000000000000000000000000000000000000..83a2b0140624abe48efcd30d81aad6285c829aa9 --- /dev/null +++ b/TEEKit/include/tee/tee_core_api.h @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + * @version 1.0 + */ + + /** + * @file tee_core_api.h + * + * @brief Provides APIs for managing trusted application (TA) sessions. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef __TEE_CORE_API_H +#define __TEE_CORE_API_H + +#include "tee_defines.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef _TEE_TA_SESSION_HANDLE +/** + * @brief Represents the handle for a Trusted Application session. + * + * @since 20 + */ +#define _TEE_TA_SESSION_HANDLE + +/** + * @brief Defines the handle of TA session. + * + * @since 20 + */ +typedef uint32_t TEE_TASessionHandle; +#endif + +/** + * @brief Raises a panic in the TA instance. + * + * @param panicCode Indicates an informative panic code defined by the TA. + * + * @since 20 + * @version 1.0 + */ +void TEE_Panic(TEE_Result panicCode); + +/** + * @brief Opens a new session with a TA. + * + * @param destination Indicates the pointer to the TEE_UUID structure that contains + * the Universal Unique Identifier (UUID) of the target TA. + * @param cancellationRequestTimeout Indicates the timeout period in milliseconds or a special value + * if there is no timeout. + * @param paramTypes Indicates the types of all parameters passed in the operation. + * @param params Indicates the parameters passed in the operation. + * @param session Indicates the pointer to the variable that will receive the client session handle. + * @param returnOrigin Indicates the pointer to the variable that holds the return origin. + * + * @return Returns TEE_SUCCESS if the session is opened. + * Returns TEE_ERROR_ITEM_NOT_FOUND if the TA cannot be found in the Trusted Execution Environment (TEE). + * Returns TEE_ERROR_ACCESS_DENIED if the access request to the TA is denied. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_OpenTASession(const TEE_UUID *destination, uint32_t cancellationRequestTimeout, uint32_t paramTypes, + TEE_Param params[TEE_PARAMS_NUM], TEE_TASessionHandle *session, uint32_t *returnOrigin); + +/** + * @brief Closes a client session. + * + * @param session Indicates the handle of the session to close. + * + * @since 20 + * @version 1.0 + */ +void TEE_CloseTASession(TEE_TASessionHandle session); + +/** + * @brief Invokes a command in a session opened between this client TA instance and a target TA instance. + * + * @param session Indicates the handle of the opened session. + * @param cancellationRequestTimeout Indicates the timeout period in milliseconds or a special value + * if there is no timeout. + * @param commandID Indicates the identifier of the command to invoke. + * @param paramTypes Indicates the types of all parameters passed in the operation. + * @param params Indicates the parameters passed in the operation. + * @param returnOrigin Indicates the pointer to the variable that holds the return origin. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_ACCESS_DENIED if the command fails to be invoked. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_InvokeTACommand(TEE_TASessionHandle session, uint32_t cancellationRequestTimeout, uint32_t commandID, + uint32_t paramTypes, TEE_Param params[TEE_PARAMS_NUM], uint32_t *returnOrigin); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_crypto_api.h b/TEEKit/include/tee/tee_crypto_api.h new file mode 100644 index 0000000000000000000000000000000000000000..37273330c67c88bee10d1849a20b417c0cef4099 --- /dev/null +++ b/TEEKit/include/tee/tee_crypto_api.h @@ -0,0 +1,1190 @@ +您说: +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_crypto_api.h + * + * @brief Provides APIs for cryptographic operations. + * + * You can use these APIs to implement encryption and decryption. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_CRYPTO_API_H +#define TEE_CRYPTO_API_H + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef NULL +/** + * @brief Definition of NULL. + * + * @since 20 + */ +#define NULL ((void *)0) +#endif + +/** + * @brief Defines the maximum key length, in bits. + * + * @since 20 + */ +#define TEE_MAX_KEY_SIZE_IN_BITS (1024 * 8) + +/** + * @brief Defines the length of the SW_RSA key, in bytes. + * + * @since 20 + */ +#define SW_RSA_KEYLEN 1024 + +/** + * @brief Defines the maximum length of other Diffie-Hellman (DH) information, in bytes. + * + * @since 20 + */ +#define TEE_DH_MAX_SIZE_OF_OTHER_INFO 64 + +/** + * @brief Defines the maximum parameter count. + * + * @since 20 + */ +#define TEE_PARAM_COUNT_MAX 9 + +/** + * @brief Enumerates the cryptographic operation handles. + * + * @since 20 + */ +enum __TEE_Operation_Constants { + /** Cipher */ + TEE_OPERATION_CIPHER = 0x1, + /** MAC */ + TEE_OPERATION_MAC = 3, + /** AE */ + TEE_OPERATION_AE = 4, + /** Digest */ + TEE_OPERATION_DIGEST = 5, + /** Asymmetric Cipher */ + TEE_OPERATION_ASYMMETRIC_CIPHER = 6, + /** Asymmetric Signature */ + TEE_OPERATION_ASYMMETRIC_SIGNATURE = 7, + /** Key Derivation */ + TEE_OPERATION_KEY_DERIVATION = 8, + /** KDF Key Derivation */ + TEE_OPERATION_KDF_KEY_DERIVATION = 9, +}; + +/** + * @brief Enumerates the cryptographic algorithms. + * + * @since 20 + */ +enum __tee_crypto_algorithm_id { + /** Invalid algorithm */ + TEE_ALG_INVALID = 0x0, + /** AES_ECB_NOPAD */ + TEE_ALG_AES_ECB_NOPAD = 0x10000010, + /** AES_CBC_NOPAD */ + TEE_ALG_AES_CBC_NOPAD = 0x10000110, + /** AES_CTR */ + TEE_ALG_AES_CTR = 0x10000210, + /** AES_CTS */ + TEE_ALG_AES_CTS = 0x10000310, + /** AES_XTS */ + TEE_ALG_AES_XTS = 0x10000410, + /** AES_CBC_MAC_NOPAD */ + TEE_ALG_AES_CBC_MAC_NOPAD = 0x30000110, + /** AES_CBC_MAC_PKCS5 */ + TEE_ALG_AES_CBC_MAC_PKCS5 = 0x30000510, + /** AES_CMAC */ + TEE_ALG_AES_CMAC = 0x30000610, + /** AES_GMAC */ + TEE_ALG_AES_GMAC = 0x30000810, + /** AES_CCM */ + TEE_ALG_AES_CCM = 0x40000710, + /** AES_GCM */ + TEE_ALG_AES_GCM = 0x40000810, + /** DES_ECB_NOPAD */ + TEE_ALG_DES_ECB_NOPAD = 0x10000011, + /** DES_CBC_NOPAD */ + TEE_ALG_DES_CBC_NOPAD = 0x10000111, + /** DES_CBC_MAC_NOPAD */ + TEE_ALG_DES_CBC_MAC_NOPAD = 0x30000111, + /** DES_CBC_MAC_PKCS5 */ + TEE_ALG_DES_CBC_MAC_PKCS5 = 0x30000511, + /** DES3_ECB_NOPAD */ + TEE_ALG_DES3_ECB_NOPAD = 0x10000013, + /** DES3_CBC_NOPAD */ + TEE_ALG_DES3_CBC_NOPAD = 0x10000113, + /** DES3_CBC_MAC_NOPAD */ + TEE_ALG_DES3_CBC_MAC_NOPAD = 0x30000113, + /** DES3_CBC_MAC_PKCS5 */ + TEE_ALG_DES3_CBC_MAC_PKCS5 = 0x30000513, + /** RSASSA_PKCS1_V1_5_MD5 */ + TEE_ALG_RSASSA_PKCS1_V1_5_MD5 = 0x70001830, + /** RSASSA_PKCS1_V1_5_SHA1 */ + TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 = 0x70002830, + /** RSASSA_PKCS1_V1_5_SHA224 */ + TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 = 0x70003830, + /** RSASSA_PKCS1_V1_5_SHA256 */ + TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 = 0x70004830, + /** RSASSA_PKCS1_V1_5_SHA384 */ + TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 = 0x70005830, + /** RSASSA_PKCS1_V1_5_SHA512 */ + TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 = 0x70006830, + /** RSASSA_PKCS1_V1_5_SM3 */ + TEE_ALG_RSASSA_PKCS1_V1_5_SM3 = 0xF0007830, + /** RSASSA_PKCS1_V1_5_MD5_SHA1 */ + TEE_ALG_RSASSA_PKCS1_V1_5_MD5_SHA1 = 0xF0008830, + /** RSASSA_PKCS1_PSS_MGF1_MD5 */ + TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5 = 0x70111930, + /** RSASSA_PKCS1_PSS_MGF1_SHA1 */ + TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 = 0x70212930, + /** RSASSA_PKCS1_PSS_MGF1_SHA224 */ + TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 = 0x70313930, + /** RSASSA_PKCS1_PSS_MGF1_SHA256 */ + TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 = 0x70414930, + /** RSASSA_PKCS1_PSS_MGF1_SHA384 */ + TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 = 0x70515930, + /** RSASSA_PKCS1_PSS_MGF1_SHA512 */ + TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 = 0x70616930, + /** RSAES_PKCS1_V1_5 */ + TEE_ALG_RSAES_PKCS1_V1_5 = 0x60000130, + /** RSAES_PKCS1_OAEP_MGF1_SHA1 */ + TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1 = 0x60210230, + /** RSAES_PKCS1_OAEP_MGF1_SHA224 */ + TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224 = 0x60211230, + /** RSAES_PKCS1_OAEP_MGF1_SHA256 */ + TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256 = 0x60212230, + /** RSAES_PKCS1_OAEP_MGF1_SHA384 */ + TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384 = 0x60213230, + /** RSAES_PKCS1_OAEP_MGF1_SHA512 */ + TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512 = 0x60214230, + /** RSA_NOPAD */ + TEE_ALG_RSA_NOPAD = 0x60000030, + /** DSA_SHA1 */ + TEE_ALG_DSA_SHA1 = 0x70002131, + /** DSA_SHA224 */ + TEE_ALG_DSA_SHA224 = 0x70003131, + /** DSA_SHA256 */ + TEE_ALG_DSA_SHA256 = 0x70004131, + /** DH_DERIVE_SHARED_SECRET */ + TEE_ALG_DH_DERIVE_SHARED_SECRET = 0x80000032, + /** MD5 */ + TEE_ALG_MD5 = 0x50000001, + /** SHA1 */ + TEE_ALG_SHA1 = 0x50000002, + /** SHA224 */ + TEE_ALG_SHA224 = 0x50000003, + /** SHA256 */ + TEE_ALG_SHA256 = 0x50000004, + /** SHA384 */ + TEE_ALG_SHA384 = 0x50000005, + /** SHA512 */ + TEE_ALG_SHA512 = 0x50000006, + /** HMAC_MD5 */ + TEE_ALG_HMAC_MD5 = 0x30000001, + /** HMAC_SHA1 */ + TEE_ALG_HMAC_SHA1 = 0x30000002, + /** HMAC_SHA224 */ + TEE_ALG_HMAC_SHA224 = 0x30000003, + /** HMAC_SHA256 */ + TEE_ALG_HMAC_SHA256 = 0x30000004, + /** HMAC_SHA384 */ + TEE_ALG_HMAC_SHA384 = 0x30000005, + /** HMAC_SHA512 */ + TEE_ALG_HMAC_SHA512 = 0x30000006, + /** HMAC_SM3 */ + TEE_ALG_HMAC_SM3 = 0x30000007, + /** AES_ECB_PKCS5 */ + TEE_ALG_AES_ECB_PKCS5 = 0x10000020, + /** AES_CBC_PKCS5 */ + TEE_ALG_AES_CBC_PKCS5 = 0x10000220, + /** AES_CBC_ISO_PADDING */ + TEE_ALG_AES_CBC_ISO_PADDING = 0x10000330, + /** ECDSA_SHA1 */ + TEE_ALG_ECDSA_SHA1 = 0x70001042, + /** ECDSA_SHA224 */ + TEE_ALG_ECDSA_SHA224 = 0x70002042, + /** ECDSA_SHA256 */ + TEE_ALG_ECDSA_SHA256 = 0x70003042, + /** ECDSA_SHA384 */ + TEE_ALG_ECDSA_SHA384 = 0x70004042, + /** ECDSA_SHA512 */ + TEE_ALG_ECDSA_SHA512 = 0x70005042, + /** ED25519 */ + TEE_ALG_ED25519 = 0x70005043, + /** ECDH_DERIVE_SHARED_SECRET */ + TEE_ALG_ECDH_DERIVE_SHARED_SECRET = 0x80000042, + /** X25519 */ + TEE_ALG_X25519 = 0x80000044, + /** ECC */ + TEE_ALG_ECC = 0x80000001, + /** ECDSA_P192 */ + TEE_ALG_ECDSA_P192 = 0x70001042, + /** ECDSA_P224 */ + TEE_ALG_ECDSA_P224 = 0x70002042, + /** ECDSA_P256 */ + TEE_ALG_ECDSA_P256 = 0x70003042, + /** ECDSA_P384 */ + TEE_ALG_ECDSA_P384 = 0x70004042, + /** ECDSA_P521 */ + TEE_ALG_ECDSA_P521 = 0x70005042, + /** ECDH_P192 */ + TEE_ALG_ECDH_P192 = 0x80001042, + /** ECDH_P224 */ + TEE_ALG_ECDH_P224 = 0x80002042, + /** ECDH_P256 */ + TEE_ALG_ECDH_P256 = 0x80003042, + /** ECDH_P384 */ + TEE_ALG_ECDH_P384 = 0x80004042, + /** ECDH_P521 */ + TEE_ALG_ECDH_P521 = 0x80005042, + /** SIP_HASH */ + TEE_ALG_SIP_HASH = 0xF0000002, + /** SM2_DSA_SM3 */ + TEE_ALG_SM2_DSA_SM3 = 0x70006045, + /** SM2_PKE */ + TEE_ALG_SM2_PKE = 0x80000045, + /** SM3 */ + TEE_ALG_SM3 = 0x50000007, + /** SM4_ECB_NOPAD */ + TEE_ALG_SM4_ECB_NOPAD = 0x10000014, + /** SM4_ECB_PKCS7 */ + TEE_ALG_SM4_ECB_PKCS7 = 0x10000024, + /** SM4_CBC_NOPAD */ + TEE_ALG_SM4_CBC_NOPAD = 0x10000114, + /** SM4_CBC_PKCS7 */ + TEE_ALG_SM4_CBC_PKCS7 = 0xF0000003, + /** SM4_CTR */ + TEE_ALG_SM4_CTR = 0x10000214, + /** SM4_CFB128 */ + TEE_ALG_SM4_CFB128 = 0xF0000000, + /** SM4_XTS */ + TEE_ALG_SM4_XTS = 0x10000414, + /** SM4_OFB */ + TEE_ALG_SM4_OFB = 0x10000514, + /** AES_OFB */ + TEE_ALG_AES_OFB = 0x10000510, + /** AES_CFB128 */ + TEE_ALG_AES_CFB128 = 0xF0000610, + /** SM4_GCM */ + TEE_ALG_SM4_GCM = 0xF0000005, + /** PBKDF2_HMAC_SHA1_DERIVE_KEY */ + TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY = 0x800020C2, + /** PBKDF2_HMAC_SHA256_DERIVE_KEY */ + TEE_ALG_PBKDF2_HMAC_SHA256_DERIVE_KEY= 0x800040C2, + /** PBKDF2_HMAC_SHA384_DERIVE_KEY */ + TEE_ALG_PBKDF2_HMAC_SHA384_DERIVE_KEY= 0x800050C2, + /** PBKDF2_HMAC_SHA512_DERIVE_KEY */ + TEE_ALG_PBKDF2_HMAC_SHA512_DERIVE_KEY= 0x800060C2, + /** HKDF */ + TEE_ALG_HKDF = 0x80000047, + /** PRF */ + TEE_ALG_PRF = 0xF0000006, +}; + +/** + * @brief Defines the __tee_crypto_algorithm_id struct. + * + * @see __tee_crypto_algorithm_id + * + * @since 20 + */ +typedef enum __tee_crypto_algorithm_id tee_crypto_algorithm_id; + +/** + * @brief No element is available. + * + * @since 20 + */ +#define TEE_OPTIONAL_ELEMENT_NONE 0x00000000 + +/** + * @brief Enumerates the Elliptic-Curve Cryptography (ECC) curves supported. + * + * @since 20 + */ +typedef enum { + /** CURVE_NIST_P192 */ + TEE_ECC_CURVE_NIST_P192 = 0x00000001, + /** CURVE_NIST_P224 */ + TEE_ECC_CURVE_NIST_P224 = 0x00000002, + /** CURVE_NIST_P256 */ + TEE_ECC_CURVE_NIST_P256 = 0x00000003, + /** CURVE_NIST_P384 */ + TEE_ECC_CURVE_NIST_P384 = 0x00000004, + /** CURVE_NIST_P521 */ + TEE_ECC_CURVE_NIST_P521 = 0x00000005, + /** CURVE_SM2 256 bits */ + TEE_ECC_CURVE_SM2 = 0x00000300, + /** CURVE_25519 256 bits */ + TEE_ECC_CURVE_25519 = 0x00000200, +} TEE_ECC_CURVE; + +/** + * @brief Enumerates the Mask Generation Function (MGF1) modes. + * + * @since 20 + */ +typedef enum { + /** SHA1 mode for DH hashing. */ + TEE_DH_HASH_SHA1_mode = 0, + /** SHA224 mode for DH hashing. */ + TEE_DH_HASH_SHA224_mode = 1, + /** SHA256 mode for DH hashing. */ + TEE_DH_HASH_SHA256_mode = 2, + /** SHA384 mode for DH hashing. */ + TEE_DH_HASH_SHA384_mode = 3, + /** SHA512 mode for DH hashing. */ + TEE_DH_HASH_SHA512_mode = 4, + /** Total number of DH hashing modes. */ + TEE_DH_HASH_NumOfModes, +} TEE_DH_HASH_Mode; + +/** + * @brief Enumerates the Diffie-Hellman operation modes. + * + * @since 20 + */ +typedef enum { + /** PKCS3 */ + TEE_DH_PKCS3_mode =0, + /** X942 algorithm. */ + TEE_DH_ANSI_X942_mode = 1, + /** Number of modes. */ + TEE_DH_NumOfModes, +} TEE_DH_OpMode_t; + +/** + * @brief Defines an enum for TEE_DH_DerivFuncMode. + * + * @since 20 + */ + +typedef enum { + /** ASN1_DerivMode */ + TEE_DH_ASN1_DerivMode = 0, + /** ConcatDerivMode */ + TEE_DH_ConcatDerivMode = 1, + /** X963_DerivMode */ + TEE_DH_X963_DerivMode =TEE_DH_ConcatDerivMode, + /** OMADRM_DerivMode */ + TEE_DH_OMADRM_DerivMode = 2, + /** ISO18033_KDF1_DerivMode */ + TEE_DH_ISO18033_KDF1_DerivMode = 3, + /** ISO18033_KDF2_DerivMode */ + TEE_DH_ISO18033_KDF2_DerivMode = 4, + /** Number of modes. */ + TEE_DH_DerivFunc_NumOfModes, +} TEE_DH_DerivFuncMode; + +/** + * @brief Enumerates the object attributes for cryptographic operations. + * + * @since 20 + */ + +enum __TEE_DK_ObjectAttribute { + /** Pointer to the shared secret value. */ + TEE_DK_SECRECT = 0, + /** Pointer to a struct that contains other data. */ + TEE_DK_OTHER, + /** Enumerator ID of the hash function to be used. */ + TEE_DK_HASH_MODE, + /** Enumerator ID of the derivation function mode. */ + TEE_DK_DERIVATION_MODE +}; + +/** + * @brief Defines a struct for __TEE_DK_ObjectAttribute. + * + * @see __TEE_DK_ObjectAttribute + * + * @since 20 + */ + +typedef enum __TEE_DK_ObjectAttribute tee_dk_objectattribute; + +/** + * @brief Enumerates the cryptographic operation modes. + * + * @since 20 + */ +enum __TEE_OperationMode { + /** Encryption */ + TEE_MODE_ENCRYPT = 0x0, + /** Decryption */ + TEE_MODE_DECRYPT, + /** Signing */ + TEE_MODE_SIGN, + /** Signature verification */ + TEE_MODE_VERIFY, + /** MAC */ + TEE_MODE_MAC, + /** Digest */ + TEE_MODE_DIGEST, + /** Key derivation */ + TEE_MODE_DERIVE +}; + +/** + * @brief Enumerates the cryptographic operation states. + * + * @since 20 + */ +enum tee_operation_state { + /** Initial */ + TEE_OPERATION_STATE_INITIAL = 0x00000000, + /** Active */ + TEE_OPERATION_STATE_ACTIVE = 0x00000001, +}; + +/** + * @brief Defines the mode for cryptographic operations. + * + * @since 20 + */ +typedef uint32_t TEE_OperationMode; + +/** + * @brief Defines a struct for TEE_DH_OtherInfo. + * + * @since 20 + */ +typedef struct { + /** object ID(OID) */ + uint8_t algorithm_id[TEE_DH_MAX_SIZE_OF_OTHER_INFO]; + /** length of AlgorithmID */ + uint32_t size_of_algorithm_id; + /** public info of sender */ + uint8_t party_u_info[TEE_DH_MAX_SIZE_OF_OTHER_INFO]; + /** length of PartyUInfo */ + uint32_t size_of_party_u_info; + /** public info of receiver */ + uint8_t party_v_info[TEE_DH_MAX_SIZE_OF_OTHER_INFO]; + /** length of PartyVInfo */ + uint32_t size_of_party_v_info; + /** shared private info */ + uint8_t supp_priv_info[TEE_DH_MAX_SIZE_OF_OTHER_INFO]; + /** length of SuppPrivInfo */ + uint32_t size_of_supp_priv_info; + /** shared public info */ + uint8_t supp_pub_info[TEE_DH_MAX_SIZE_OF_OTHER_INFO]; + /** length of SuppPubInfo */ + uint32_t size_of_supp_pub_info; +} TEE_DH_OtherInfo; + +/** + * @brief Defines the operation information. + * + * @since 20 + */ +struct __TEE_OperationInfo { + /** Algorithm ID */ + uint32_t algorithm; /* #__TEE_CRYPTO_ALGORITHM_ID */ + /** Operation type */ + uint32_t operationClass; /* #__TEE_Operation_Constants */ + /** Operation mode */ + uint32_t mode; /* #__TEE_OperationMode */ + /** Digest length */ + uint32_t digestLength; + /** Maximum key length */ + uint32_t maxKeySize; + /** Key length*/ + uint32_t keySize; + /** Required key usage */ + uint32_t requiredKeyUsage; + /** Handle state */ + uint32_t handleState; + /** Key */ + void *keyValue; +}; + +/** + * @brief Defines a struct for __TEE_OperationInfo. + * + * @see __TEE_OperationInfo + * + * @since 20 + */ + +typedef struct __TEE_OperationInfo TEE_OperationInfo; + +/** + * @brief Defines the key information stored in the OperationInfo. + * + * @since 20 + */ +typedef struct { + /** Key length */ + uint32_t keySize; + /** Required key usage */ + uint32_t requiredKeyUsage; +} TEE_OperationInfoKey; + +/** + * @brief Defines information about an operation. + * + * @since 20 + */ +typedef struct { + /** Algorithm ID */ + uint32_t algorithm; + /** Operation type */ + uint32_t operationClass; + /** Operation mode */ + uint32_t mode; + /** Digest length */ + uint32_t digestLength; + /** Maximum key length */ + uint32_t maxKeySize; + /** Handle state */ + uint32_t handleState; + /** Operation state */ + uint32_t operationState; + /** Number of keys */ + uint32_t numberOfKeys; + /** Key information */ + TEE_OperationInfoKey keyInformation[]; +} TEE_OperationInfoMultiple; + +/** + * @brief Defines the cryptographic operation handle. + * + * @since 20 + */ +struct __TEE_OperationHandle { + /** Algorithm ID */ + uint32_t algorithm; + /** Operation type */ + uint32_t operationClass; + /** Operation mode */ + uint32_t mode; + /** Digest length */ + uint32_t digestLength; + /** Maximum key length */ + uint32_t maxKeySize; + /** Key length */ + uint32_t keySize; + /** Key length */ + uint32_t keySize2; + /** Required key usage */ + uint32_t requiredKeyUsage; + /** Handle state */ + uint32_t handleState; + /** Key */ + void *keyValue; + /** Key */ + void *keyValue2; + /** */ + void *crypto_ctxt; + /** */ + void *hmac_rest_ctext; + /** iv */ + void *IV; + /** Public key */ + void *publicKey; + /** Length of the public key */ + uint32_t publicKeyLen; + /** Private key */ + void *privateKey; + /** Length of the private key */ + uint32_t privateKeyLen; + /** Length of the IV */ + uint32_t IVLen; + /** TEE_DH_OtherInfo */ + TEE_DH_OtherInfo *dh_otherinfo; + /** TEE_DH_HASH_Mode */ + uint32_t dh_hash_mode; + /** TEE_DH_DerivFuncMode */ + uint32_t dh_derive_func; + /** TEE_DH_OpMode_t */ + uint32_t dh_op_mode; + void *dh_prime; + uint32_t dh_prime_size; + /** Operation lock */ + pthread_mutex_t operation_lock; + /** HAL information */ + void *hal_info; +}; + +/** + * @brief Defines the data used for conversion of integers. + * + * @since 20 + */ +typedef struct { + /** Source */ + uint32_t src; + /** Destination */ + uint32_t dest; +} crypto_uint2uint; + +/** + * @brief Defines the maximum length of an RSA public key. + * + * @since 20 + */ +#define RSA_PUBKEY_MAXSIZE sizeof(CRYS_RSAUserPubKey_t) +/** + * @brief Defines the maximum length of an RES private key. + * + * @since 20 + */ +#define RSA_PRIVKEY_MAXSIZE sizeof(CRYS_RSAUserPrivKey_t) + +/** + * @brief Defines a structure to hold the input and output data. + * + * @since 20 + */ +typedef struct { + /** Source data */ + void *src_data; + /** Length of the source data */ + size_t src_len; + /** Destination data */ + void *dest_data; + /** Length of the destination data */ + size_t *dest_len; +} operation_src_dest; + +/** + * @brief Defines the AE initialization data. + * + * @since 20 + */ +typedef struct { + /** nonce */ + void *nonce; + /** Leng of nonce */ + size_t nonce_len; + /** Length of the tag */ + uint32_t tag_len; + /** Length of the additional authenticated data (AAD) */ + size_t aad_len; + /** Length of the payload */ + size_t payload_len; +} operation_ae_init; + +/** + * @brief Defines the __TEE_OperationHandle struct. + * + * @see __TEE_OperationHandle + * + * @since 20 + */ +typedef struct __TEE_OperationHandle TEE_OperationHandleVar; + +/** + * @brief Defines the __TEE_ObjectHandle struct. + * + * @since 20 + */ +typedef struct __TEE_ObjectHandle TEE_ObjectHandleVar; + +/** + * @brief Allocates an operation handle. + * + * @param operation Indicates the pointer to the operation handle. + * @param algorithm Indicates the cipher algorithm. + * @param mode Indicates the operation mode. + * @param maxKeySize Indicates the maximum length of the key. + * + * @return Returns TEE_SUCCESS if the operation handle is allocated. + * Returns TEE_ERROR_OUT_OF_MEMORY if there is no enough memory for this operation. + * Returns TEE_ERROR_NOT_SUPPORTED if the specified algorithm is not supported. + * Returns TEE_ERROR_GENERIC if the operation fails due to other errors. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, uint32_t algorithm, uint32_t mode, + uint32_t maxKeySize); + +/** + * @brief Releases an operation handle. + * + * @param operation Indicates the operation handle to release. + * + * @since 20 + * @version 1.0 + */ +void TEE_FreeOperation(TEE_OperationHandle operation); + +/** + * @brief Obtains operation information. + * + * @param operation Indicates the operation handle. + * @param operationInfo Indicates the pointer to the operation information. + * + * @since 20 + * @version 1.0 + */ +void TEE_GetOperationInfo(const TEE_OperationHandle operation, TEE_OperationInfo *operationInfo); + +/** + * @brief Resets an operation handle. + * + * @param operation Indicates the operation handle to reset. + * + * @since 20 + * @version 1.0 + */ +void TEE_ResetOperation(TEE_OperationHandle operation); + +/** + * @brief Sets the key for an operation. + * + * @param operation Indicates the operation handle. + * @param key Indicates the key. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_BAD_PARAMETERS if the operation fails due to invalid parameters. + * Returns TEE_ERROR_OUT_OF_MEMORY if there is no enough memory for this operation. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, const TEE_ObjectHandle key); + +/** + * @brief Sets two keys for an operation. + * + * @param operation Indicates the operation handle. + * @param key1 Indicates key 1. + * @param key2 Indicates key 2. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_BAD_PARAMETERS if the operation fails due to invalid parameters. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, const TEE_ObjectHandle key1, + const TEE_ObjectHandle key2); + +/** + * @brief Copies an operation handle. + * + * @param dstOperation Indicates the destination operation handle. + * @param srcOperation Indicates the source operation handle. + * + * @since 20 + * @version 1.0 + */ +void TEE_CopyOperation(TEE_OperationHandle dstOperation, const TEE_OperationHandle srcOperation); + +/** + * @brief Initializes the context to start a cipher operation. + * + * @param operation Indicates the operation handle. + * @param IV Indicates the pointer to the buffer storing the operation IV. If this parameter is not used, + * set it to NULL. + * @param IVLen Indicates the length of the IV buffer. + * + * @since 20 + * @version 1.0 + */ +void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, size_t IVLen); + +/** + * @brief Updates the data for a cipher operation. + * + * @param operation Indicates the operation handle. + * @param srcData Indicates the pointer to the source data. + * @param srcLen Indicates the length of the source data. + * @param destData Indicates the pointer to the destination data. + * @param destLen Indicates the pointer to the destination data length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_BAD_PARAMETERS if the operation fails due to invalid parameters. + * Returns TEE_ERROR_GENERIC if the operation fails due to other errors. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, size_t srcLen, void *destData, + size_t *destLen); + +/** + * @brief Finalizes a cipher operation. + * + * @param operation Indicates the operation handle. + * @param srcData Indicates the pointer to the source data. + * @param srcLen Indicates the length of the source data. + * @param destData Indicates the pointer to the destination data. + * @param destLen Indicates the pointer to the destination data length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_BAD_PARAMETERS if the operation fails due to invalid parameters. + * Returns TEE_ERROR_GENERIC if the operation fails due to other errors. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, const void *srcData, size_t srcLen, void *destData, + size_t *destLen); + +/** + * @brief Updates the digest. + * + * @param operation Indicates the operation handle. + * @param chunk Indicates the pointer to the chunk of data to be hashed. + * @param chunkSize Indicates the length of the chunk. + * + * @since 20 + * @version 1.0 + */ +void TEE_DigestUpdate(TEE_OperationHandle operation, const void *chunk, size_t chunkSize); + +/** + * @brief Finalizes the message digest operation. + * + * @param operation Indicates the operation handle. + * @param chunk Indicates the pointer to the chunk of data to be hashed. + * @param chunkLen Indicates the length of the chunk. + * @param hash Indicates the pointer to the buffer storing the message hash. + * @param hashLen + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, size_t chunkLen, void *hash, + size_t *hashLen); + +/** + * @brief Initializes a MAC operation. + * + * @param operation Indicates the operation handle. + * @param IV Indicates the pointer to the buffer storing the operation IV. If this parameter is not used, + * set it to NULL. + * @param IVLen Indicates the length of the IV buffer. + * + * @since 20 + * @version 1.0 + */ +void TEE_MACInit(TEE_OperationHandle operation, void *IV, size_t IVLen); + +/** + * @brief Updates the MAC. + * + * @param operation Indicates the operation handle. + * @param chunk Indicates the pointer to the chunk of MAC data. + * @param chunkSize Indicates the size of the chunk. + * + * @since 20 + * @version 1.0 + */ +void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, size_t chunkSize); + +/** + * @brief MAC Finalizes the MAC operation with a last chunk of message and computes the MAC. + * + * @param operation Indicates the operation handle. + * @param message Indicates the pointer to the buffer containing the last message chunk to MAC. + * @param messageLen Indicates the length of the message buffer. + * @param mac Indicates the pointer to the buffer storing the computed MAC. + * @param macLen Indicates the pointer to the MAC buffer length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_GENERIC if the operation fails due to other errors. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, const void *message, size_t messageLen, void *mac, + size_t *macLen); + +/** + * @brief Finalizes the MAC operation and compares the MAC with the one passed in. + * + * @param operation Indicates the operation handle. + * @param message Indicates the pointer to the buffer containing the last message chunk to MAC. + * @param messageLen Indicates the length of the buffer. + * @param mac Indicates the pointer to the buffer storing the computed MAC. + * @param macLen Indicates the MAC buffer length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_GENERIC if the operation fails due to other errors. + * Returns TEE_ERROR_MAC_INVALID if the computed MAC is not the same as that passed in. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, const void *message, size_t messageLen, const void *mac, + const size_t macLen); + +/** + * @brief Derives a key. + * + * @param operation Indicates the operation handle. + * @param params Indicates the pointer to the parameters for this operation. + * @param paramCount Indicates the number of parameters. + * @param derivedKey Indicates the derived key. + * + * @since 20 + * @version 1.0 + */ +void TEE_DeriveKey(TEE_OperationHandle operation, const TEE_Attribute *params, uint32_t paramCount, + TEE_ObjectHandle derivedKey); + +/** + * @brief Generates random data. + * + * @param randomBuffer Indicates the pointer to the buffer storing the random data generated. + * @param randomBufferLen Indicates the length of the buffer storing the random data. + * + * @since 20 + * @version 1.0 + */ +void TEE_GenerateRandom(void *randomBuffer, size_t randomBufferLen); + +/** + * @brief Initializes an AE operation. + * + * @param operation Indicates the operation handle. + * @param nonce Indicates the pointer to the buffer for storing the nonce. + * @param nonceLen Indicates the length of the nonce. + * @param tagLen Indicates the length of the tag. + * @param AADLen Indicates the length of the AAD. + * @param payloadLen Indicates the length of the payload. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_GENERIC if the operation fails due to other errors. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_AEInit(TEE_OperationHandle operation, void *nonce, size_t nonceLen, uint32_t tagLen, size_t AADLen, + size_t payloadLen); + +/** + * @brief Updates the AAD in an AE operation. + * + * @param operation Indicates the operation handle. + * @param AADdata Indicates the pointer to the new AAD. + * @param AADdataLen Indicates the length of the new AAD. + * + * @since 20 + * @version 1.0 + */ +void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, size_t AADdataLen); + +/** + * @brief Updates data for an AE operation. + * + * @param operation Indicates the operation handle. + * @param srcData Indicates the pointer to the source data. + * @param srcLen Indicates the length of the source data. + * @param destData Indicates the pointer to the destination data. + * @param destLen Indicates the pointer to the destination data length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_GENERIC if the operation fails due to other errors. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, void *srcData, size_t srcLen, void *destData, size_t *destLen); + +/** + * @brief Finalizes the AE encryption operation. + * + * @param operation Indicates the operation handle. + * @param srcData Indicates the pointer to the source data. + * @param srcLen Indicates the length of the source data. + * @param destData Indicates the pointer to the destination data. + * @param destLen Indicates the pointer to the destination data length. + * @param tag Indicates the pointer to the buffer storing the computed tag. + * @param tagLen Indicates the pointer to the tag buffer length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_GENERIC if the operation fails due to other errors. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, void *srcData, size_t srcLen, void *destData, + size_t *destLen, void *tag, size_t *tagLen); + +/** + * @brief Finalizes an AE decryption operation. + * + * @param operation Indicates the operation handle. + * @param srcData Indicates the pointer to the source data. + * @param srcLen Indicates the length of the source data. + * @param destData Indicates the pointer to the destination data. + * @param destLen Indicates the pointer to the destination data length. + * @param tag Indicates the pointer to the buffer storing the computed tag. + * @param tagLen Indicates the tag buffer length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_MAC_INVALID if the computed tag does not match the provided tag. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, void *srcData, size_t srcLen, void *destData, + size_t *destLen, void *tag, size_t tagLen); + +/** + * @brief Performs asymmetric encryption. + * + * @param operation Indicates the operation handle. + * @param params Indicates the pointer to the parameters for this operation. + * @param paramCount Indicates the number of parameters. + * @param srcData Indicates the pointer to the source data. + * @param srcLen Indicates the length of the source data. + * @param destData Indicates the pointer to the destination data. + * @param destLen Indicates the pointer to the destination data length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_BAD_PARAMETERS if the operation fails due to invalid parameters. + * Returns TEE_ERROR_GENERIC if the operation fails due to other errors. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, const TEE_Attribute *params, uint32_t paramCount, + void *srcData, size_t srcLen, void *destData, size_t *destLen); + +/** + * @brief Performs asymmetric decryption. + * + * @param operation Indicates the operation handle. + * @param params Indicates the pointer to the parameters for this operation. + * @param paramCount Indicates the number of parameters. + * @param srcData Indicates the pointer to the source data. + * @param srcLen Indicates the length of the source data. + * @param destData Indicates the pointer to the destination data. + * @param destLen Indicates the pointer to the destination data length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_BAD_PARAMETERS if the operation fails due to invalid parameters. + * Returns TEE_ERROR_GENERIC if the operation fails due to other errors. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, const TEE_Attribute *params, uint32_t paramCount, + void *srcData, size_t srcLen, void *destData, size_t *destLen); + +/** + * @brief Signs a message digest in an asymmetric operation. + * + * @param operation Indicates the operation handle. + * @param params Indicates the pointer to the parameters for this operation. + * @param paramCount Indicates the number of parameters. + * @param digest Indicates the pointer to the message digest. + * @param digestLen Indicates the digest length. + * @param signature Indicates the pointer to the signature. + * @param signatureLen Indicates the pointer to the signature length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_BAD_PARAMETERS if the operation fails due to invalid parameters. + * Returns TEE_ERROR_GENERIC if the operation fails due to other errors. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, const TEE_Attribute *params, uint32_t paramCount, + void *digest, size_t digestLen, void *signature, size_t *signatureLen); + +/** + * @brief Verifies a message digest signature in an asymmetric operation. + * + * @param operation Indicates the operation handle. + * @param params Indicates the pointer to the parameters for this operation. + * @param paramCount Indicates the number of parameters. + * @param digest Indicates the pointer to the message digest. + * @param digestLen Indicates the digest length. + * @param signature Indicates the pointer to the signature. + * @param signatureLen Indicates the signature length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_BAD_PARAMETERS if the operation fails due to invalid parameters. + * Returns TEE_ERROR_GENERIC if the operation fails due to other errors. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, const TEE_Attribute *params, uint32_t paramCount, + void *digest, size_t digestLen, void *signature, size_t signatureLen); + +/** + * @brief Obtains information about the operation involving multiple keys. + * + * @param operation Indicates the operation handle. + * @param operationInfoMultiple Indicates the pointer to the operation information obtained. + * @param operationSize [IN/OUT] Indicates the pointer to the operation information size. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_BAD_PARAMETERS if the operation fails due to invalid parameters. + * Returns TEE_ERROR_SHORT_BUFFER if the operationInfo buffer is not large enough to + * hold the information obtained. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, TEE_OperationInfoMultiple *operationInfoMultiple, + const size_t *operationSize); + +/** + * @brief Checks whether the algorithm is supported. + * + * @param algId Indicates the algorithm to check. + * @param element Indicates the cryptographic element. + * + * @return Returns TEE_SUCCESS if the algorithm is supported. + * Returns TEE_ERROR_NOT_SUPPORTED otherwise. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_IsAlgorithmSupported(uint32_t algId, uint32_t element); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_crypto_hal.h b/TEEKit/include/tee/tee_crypto_hal.h new file mode 100644 index 0000000000000000000000000000000000000000..5486122c91f6e56f147928d22aa9f0ddea2bb557 --- /dev/null +++ b/TEEKit/include/tee/tee_crypto_hal.h @@ -0,0 +1,101 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_crypto_hal.h + * + * @brief Provides APIs for cryptographic operations. + * + * You can use these APIs to implement encryption and decryption. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_CRYPTO_HAL_H +#define TEE_CRYPTO_HAL_H + +#include "tee_crypto_api.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Enumerates the types of the crypto engine. + * + * @since 20 + */ +enum CRYPTO_ENGINE { + /** The hardware-based DX crypto engine. */ + DX_CRYPTO = 0, + /** The hardware-based MSPE crypto engine. */ + EPS_CRYPTO = 1, + /** The software-based crypto engine, such as OpenSSL. */ + SOFT_CRYPTO = 2, + /** The SEC crypto engine, commonly employed in vehicle platforms. */ + SEC_CRYPTO = 3, + /** The maximum value of the crypto engine. */ + CRYPTO_ENGINE_MAX = 1024, +}; + +/** + * @brief Sets the encryption and decryption engines to an operation. + * + * @param operation Indicates the handle of the operation to set. + * @param crypto Indicates the engines to set. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_BAD_PARAMETERS if operation is null or crypto is invalid. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SetCryptoFlag(TEE_OperationHandle operation, uint32_t crypto); + +/** + * @brief Sets the encryption and decryption engines to an object. + * + * @param object Indicates the handle of the object to set. + * @param crypto Indicates the engines to set. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_BAD_PARAMETERS if object is null or crypto is invalid. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SetObjectFlag(TEE_ObjectHandle object, uint32_t crypto); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_defines.h b/TEEKit/include/tee/tee_defines.h new file mode 100644 index 0000000000000000000000000000000000000000..a8e775488331320a401f7f9c524726eb15fe0816 --- /dev/null +++ b/TEEKit/include/tee/tee_defines.h @@ -0,0 +1,971 @@ +您说: +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_defines.h + * + * @brief Defines basic data types and data structures of TEE. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef __TEE_DEFINES_H +#define __TEE_DEFINES_H + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef TA_EXPORT + +/** + * @brief Represents the export attribute for Trusted Applications. + * + * @since 20 + */ +#define TA_EXPORT +#endif + +/** + * @brief Defines the tee mutex handle. + * + * @since 20 + */ +typedef int *tee_mutex_handle; + +/** + * @brief Represents API level 1.1.1. + * + * @since 20 + */ +#define API_LEVEL1_1_1 2 + +/** + * @brief Represents API level 1.2. + * + * @since 20 + */ +#define API_LEVEL1_2 3 + +/** + * @brief Represents the number of TEE parameters. + * + * @since 20 + */ +#define TEE_PARAMS_NUM 4 + +#ifndef NULL +/** + * @brief Represents a null pointer constant. + * + * @since 20 + */ +#define NULL ((void *)0) +#endif + +/** + * @brief Marks a parameter as unused. + * + * @since 20 + */ +#define PARAM_NOT_USED(val) ((void)(val)) + +/** + * @brief Enumerates the TEE parameter. + * + * @since 20 + */ +typedef union { + /** Describes a memory reference. */ + struct { + /** Pointer to the memory buffer. */ + void *buffer; + /** Size of the memory buffer. */ + size_t size; + } memref; + /** Describes value parameters. */ + struct { + /** First value. */ + unsigned int a; + /** Second value. */ + unsigned int b; + } value; + /** Describes shared memory reference. */ + struct { + /** Pointer to the shared memory buffer. */ + void *buffer; + /** Size of the shared memory buffer. */ + size_t size; + } sharedmem; +} TEE_Param; + +/** + * @brief Constructs the TEE parameter types from the provided types. + * + * @since 20 + */ +#define TEE_PARAM_TYPES(param0Type, param1Type, param2Type, param3Type) \ + (((param3Type) << 12) | ((param2Type) << 8) | ((param1Type) << 4) | (param0Type)) + +/** + * @brief Extracts the parameter type at the specified index from the TEE parameter types. + * + * @since 20 + */ +#define TEE_PARAM_TYPE_GET(paramTypes, index) (((paramTypes) >> (4U * (index))) & 0x0F) + +/** + * @brief Checks parameter types. + * + * @param param_to_check Indicates the expected parameter values. + * @param valid0 Indicates the first parameter type to check. + * @param valid1 Indicates the second parameter type to check. + * @param valid2 Indicates the third parameter type to check. + * @param valid3 Indicates the fourth parameter type to check. + * + * @return Returns true if the parameter types are correct. + * Returns false otherwise. + * @since 20 + */ +static inline bool check_param_type(uint32_t param_to_check, uint32_t valid0, uint32_t valid1, uint32_t valid2, + uint32_t valid3) +{ + return (TEE_PARAM_TYPES(valid0, valid1, valid2, valid3) == param_to_check); +} + +/** + * @brief Enumerates the types of the TEE parameter. + * + * @since 20 + */ +enum TEE_ParamType { + /** Represents no parameter type. */ + TEE_PARAM_TYPE_NONE = 0x0, + /** Represents a value input type. */ + TEE_PARAM_TYPE_VALUE_INPUT = 0x1, + /** Represents a value output type. */ + TEE_PARAM_TYPE_VALUE_OUTPUT = 0x2, + /** Represents a value inout type. */ + TEE_PARAM_TYPE_VALUE_INOUT = 0x3, + /** Represents a memory reference input type. */ + TEE_PARAM_TYPE_MEMREF_INPUT = 0x5, + /** Represents a memory reference output type. */ + TEE_PARAM_TYPE_MEMREF_OUTPUT = 0x6, + /** Represents a memory reference inout type. */ + TEE_PARAM_TYPE_MEMREF_INOUT = 0x7, + /** Represents an ION input type. */ + TEE_PARAM_TYPE_ION_INPUT = 0x8, + /** Represents an ION single list input type. */ + TEE_PARAM_TYPE_ION_SGLIST_INPUT = 0x9, + /** Represents a shared memory reference inout type. */ + TEE_PARAM_TYPE_MEMREF_SHARED_INOUT = 0xa, + /** Represents a resource memory input type. */ + TEE_PARAM_TYPE_RESMEM_INPUT = 0xc, + /** Represents a resource memory output type. */ + TEE_PARAM_TYPE_RESMEM_OUTPUT = 0xd, + /** Represents a resource memory inout type. */ + TEE_PARAM_TYPE_RESMEM_INOUT = 0xe, +}; + +/** + * @brief Marks a variable as unused. + * + * @since 20 + */ +#define S_VAR_NOT_USED(variable) \ + do { \ + (void)(variable); \ + } while (0) + +/** + * @brief Defines an object information. + * + * @since 20 + */ +typedef struct { + /** Type of the object. */ + uint32_t objectType; + /** Size of the object. */ + uint32_t objectSize; + /** Maximum allowed size for the object. */ + uint32_t maxObjectSize; + /** Usage flags of the object. */ + uint32_t objectUsage; + /** Size of the data associated with the object. */ + uint32_t dataSize; + /** Position of the data within the object. */ + uint32_t dataPosition; + /** Flags associated with the handle. */ + uint32_t handleFlags; +} TEE_ObjectInfo; + +/** + * @brief Defines an object attribute. + * + * @since 20 + */ +typedef struct { + /** Attribute ID. */ + uint32_t attributeID; + /** Attribute content. */ + union { + /** Reference type content. */ + struct { + /** Buffer pointer. */ + void *buffer; + /** Length of the buffer. */ + size_t length; + } ref; + /** Value type content. */ + struct { + /** First value. */ + uint32_t a; + /** Second value. */ + uint32_t b; + } value; + } content; +} TEE_Attribute; + +/** + * @brief Enumerates the types of object attribute. + * + * @since 20 + */ +enum TEE_ObjectAttribute { + /** Secret value attribute. */ + TEE_ATTR_SECRET_VALUE = 0xC0000000, + /** RSA modulus attribute. */ + TEE_ATTR_RSA_MODULUS = 0xD0000130, + /** RSA public exponent attribute. */ + TEE_ATTR_RSA_PUBLIC_EXPONENT = 0xD0000230, + /** RSA private exponent attribute. */ + TEE_ATTR_RSA_PRIVATE_EXPONENT = 0xC0000330, + /** RSA prime1 attribute. */ + TEE_ATTR_RSA_PRIME1 = 0xC0000430, + /** RSA prime2 attribute. */ + TEE_ATTR_RSA_PRIME2 = 0xC0000530, + /** RSA exponent1 attribute. */ + TEE_ATTR_RSA_EXPONENT1 = 0xC0000630, + /** RSA exponent2 attribute. */ + TEE_ATTR_RSA_EXPONENT2 = 0xC0000730, + /** RSA coefficient attribute. */ + TEE_ATTR_RSA_COEFFICIENT = 0xC0000830, + /** RSA MGF1 hash attribute. */ + TEE_ATTR_RSA_MGF1_HASH = 0xF0000830, + /** DSA prime attribute. */ + TEE_ATTR_DSA_PRIME = 0xD0001031, + /** DSA subprime attribute. */ + TEE_ATTR_DSA_SUBPRIME = 0xD0001131, + /** DSA base attribute. */ + TEE_ATTR_DSA_BASE = 0xD0001231, + /** DSA public value attribute. */ + TEE_ATTR_DSA_PUBLIC_VALUE = 0xD0000131, + /** DSA private value attribute. */ + TEE_ATTR_DSA_PRIVATE_VALUE = 0xC0000231, + /** DH prime attribute. */ + TEE_ATTR_DH_PRIME = 0xD0001032, + /** DH subprime attribute. */ + TEE_ATTR_DH_SUBPRIME = 0xD0001132, + /** DH base attribute. */ + TEE_ATTR_DH_BASE = 0xD0001232, + /** DH X bits attribute. */ + TEE_ATTR_DH_X_BITS = 0xF0001332, + /** DH public value attribute. */ + TEE_ATTR_DH_PUBLIC_VALUE = 0xD0000132, + /** DH private value attribute. */ + TEE_ATTR_DH_PRIVATE_VALUE = 0xC0000232, + /** RSA OAEP label attribute. */ + TEE_ATTR_RSA_OAEP_LABEL = 0xD0000930, + /** RSA PSS salt length attribute. */ + TEE_ATTR_RSA_PSS_SALT_LENGTH = 0xF0000A30, + /** ECC public value X attribute. */ + TEE_ATTR_ECC_PUBLIC_VALUE_X = 0xD0000141, + /** ECC public value Y attribute. */ + TEE_ATTR_ECC_PUBLIC_VALUE_Y = 0xD0000241, + /** ECC private value attribute. */ + TEE_ATTR_ECC_PRIVATE_VALUE = 0xC0000341, + /** ECC curve attribute. */ + TEE_ATTR_ECC_CURVE = 0xF0000441, + /** ED25519 context attribute. */ + TEE_ATTR_ED25519_CTX = 0xD0000643, + /** ED25519 public value attribute. */ + TEE_ATTR_ED25519_PUBLIC_VALUE = 0xD0000743, + /** ED25519 private value attribute. */ + TEE_ATTR_ED25519_PRIVATE_VALUE = 0xC0000843, + /** ED25519 PH attribute. */ + TEE_ATTR_ED25519_PH = 0xF0000543, + /** X25519 public value attribute. */ + TEE_ATTR_X25519_PUBLIC_VALUE = 0xD0000944, + /** X25519 private value attribute. */ + TEE_ATTR_X25519_PRIVATE_VALUE = 0xC0000A44, + /** PBKDF2 HMAC password attribute. */ + TEE_ATTR_PBKDF2_HMAC_PASSWORD = 0xD0000133, + /** PBKDF2 HMAC salt attribute. */ + TEE_ATTR_PBKDF2_HMAC_SALT = 0xD0000134, + /** PRF label attribute. */ + TEE_ATTR_PRF_LABEL = 0xD0000136, + /** PRF seed attribute. */ + TEE_ATTR_PRF_SEED = 0xD0000137, + /** PRF hash algorithm attribute. */ + TEE_ATTR_PRF_HASH_ALGORITHM = 0xF0000138, + /** HKDF salt attribute. */ + TEE_ATTR_HKDF_SALT = 0xD0000946, + /** HKDF info attribute. */ + TEE_ATTR_HKDF_INFO = 0xD0000A46, + /** PBKDF2 HMAC digest attribute. */ + TEE_ATTR_PBKDF2_HMAC_DIGEST = 0xF0000135, + /** HKDF hash algorithm attribute. */ + TEE_ATTR_HKDF_HASH_ALGORITHM = 0xF0000B46, + /** KDF key size attribute. */ + TEE_ATTR_KDF_KEY_SIZE = 0xF0000C46, +}; + +/** + * @brief Enumerates the types of object. + * + * @since 20 + */ +enum TEE_ObjectType { + /** AES object type. */ + TEE_TYPE_AES = 0xA0000010, + /** DES object type. */ + TEE_TYPE_DES = 0xA0000011, + /** DES3 object type. */ + TEE_TYPE_DES3 = 0xA0000013, + /** HMAC MD5 object type. */ + TEE_TYPE_HMAC_MD5 = 0xA0000001, + /** HMAC SHA1 object type. */ + TEE_TYPE_HMAC_SHA1 = 0xA0000002, + /** HMAC SHA224 object type. */ + TEE_TYPE_HMAC_SHA224 = 0xA0000003, + /** HMAC SHA256 object type. */ + TEE_TYPE_HMAC_SHA256 = 0xA0000004, + /** HMAC SHA384 object type. */ + TEE_TYPE_HMAC_SHA384 = 0xA0000005, + /** HMAC SHA512 object type. */ + TEE_TYPE_HMAC_SHA512 = 0xA0000006, + /** RSA public key object type. */ + TEE_TYPE_RSA_PUBLIC_KEY = 0xA0000030, + /** RSA keypair object type. */ + TEE_TYPE_RSA_KEYPAIR = 0xA1000030, + /** DSA public key object type. */ + TEE_TYPE_DSA_PUBLIC_KEY = 0xA0000031, + /** DSA keypair object type. */ + TEE_TYPE_DSA_KEYPAIR = 0xA1000031, + /** DH keypair object type. */ + TEE_TYPE_DH_KEYPAIR = 0xA1000032, + /** Generic secret object type. */ + TEE_TYPE_GENERIC_SECRET = 0xA0000000, + /** Data object type. */ + TEE_TYPE_DATA = 0xA1000033, + /** Data GP1.1 object type. */ + TEE_TYPE_DATA_GP1_1 = 0xA00000BF, + /** ECDSA public key object type. */ + TEE_TYPE_ECDSA_PUBLIC_KEY = 0xA0000041, + /** ECDSA keypair object type. */ + TEE_TYPE_ECDSA_KEYPAIR = 0xA1000041, + /** ECDH public key object type. */ + TEE_TYPE_ECDH_PUBLIC_KEY = 0xA0000042, + /** ECDH keypair object type. */ + TEE_TYPE_ECDH_KEYPAIR = 0xA1000042, + /** ED25519 public key object type. */ + TEE_TYPE_ED25519_PUBLIC_KEY = 0xA0000043, + /** ED25519 keypair object type. */ + TEE_TYPE_ED25519_KEYPAIR = 0xA1000043, + /** X25519 public key object type. */ + TEE_TYPE_X25519_PUBLIC_KEY = 0xA0000044, + /** X25519 keypair object type. */ + TEE_TYPE_X25519_KEYPAIR = 0xA1000044, + /** SM2 DSA public key object type. */ + TEE_TYPE_SM2_DSA_PUBLIC_KEY = 0xA0000045, + /** SM2 DSA keypair object type. */ + TEE_TYPE_SM2_DSA_KEYPAIR = 0xA1000045, + /** SM2 KEP public key object type. */ + TEE_TYPE_SM2_KEP_PUBLIC_KEY = 0xA0000046, + /** SM2 KEP keypair object type. */ + TEE_TYPE_SM2_KEP_KEYPAIR = 0xA1000046, + /** SM2 PKE public key object type. */ + TEE_TYPE_SM2_PKE_PUBLIC_KEY = 0xA0000047, + /** SM2 PKE keypair object type. */ + TEE_TYPE_SM2_PKE_KEYPAIR = 0xA1000047, + /** HMAC SM3 object type. */ + TEE_TYPE_HMAC_SM3 = 0xA0000007, + /** SM4 object type. */ + TEE_TYPE_SM4 = 0xA0000014, + /** HKDF object type. */ + TEE_TYPE_HKDF = 0xA000004A, + /** SIP Hash object type. */ + TEE_TYPE_SIP_HASH = 0xF0000002, + /** PBKDF2 HMAC object type. */ + TEE_TYPE_PBKDF2_HMAC = 0xF0000004, + /** PRF object type. */ + TEE_TYPE_PRF = 0xF0000005, + /** Corrupted object type. */ + TEE_TYPE_CORRUPTED_OBJECT = 0xA00000BE, +}; + +/** + * @brief Maximum length for the object name. + * + * @since 20 + */ +#define OBJECT_NAME_LEN_MAX 256 + +/** + * @brief Defines an object handle. + * + * @since 20 + */ +struct __TEE_ObjectHandle { + /** Pointer to the data. */ + void *dataPtr; + /** Length of the data. */ + uint32_t dataLen; + /** Name of the data. */ + uint8_t dataName[OBJECT_NAME_LEN_MAX]; + /** Pointer to the object information. */ + TEE_ObjectInfo *ObjectInfo; + /** Pointer to the attributes of the object. */ + TEE_Attribute *Attribute; + /** Length of the attributes. */ + uint32_t attributesLen; + /** CRT mode. */ + uint32_t CRTMode; + /** File descriptor for info attributes. */ + void *infoattrfd; + /** Flag for object generation. */ + uint32_t generate_flag; + /** Storage ID for the object. */ + uint32_t storage_id; +}; + +/** + * @brief Defines the __TEE_ObjectHandle struct. + * + * @see __TEE_ObjectHandle + * + * @since 20 + */ +typedef struct __TEE_ObjectHandle *TEE_ObjectHandle; + +/** + * @brief Defines the length of the node. + * + * @since 20 + */ +#define NODE_LEN 8 + +/** + * @brief Defines an UUID of TA. + * + * @since 20 + */ +typedef struct tee_uuid { + /** Low part of the UUID time. */ + uint32_t timeLow; + /** Mid part of the UUID time. */ + uint16_t timeMid; + /** High part of the UUID time and version. */ + uint16_t timeHiAndVersion; + /** Clock sequence and node of the UUID. */ + uint8_t clockSeqAndNode[NODE_LEN]; +} TEE_UUID; + +/** + * @brief Defines the type of spawn UUID. + * + * @since 20 + */ +typedef struct spawn_uuid { + /** Indicates if the UUID is valid. */ + uint64_t uuid_valid; + /** The spawn UUID. */ + TEE_UUID uuid; +} spawn_uuid_t; + +/** + * @brief Enumerates the result codes used in the TEEKit APIs. + * + * @since 20 + */ +enum TEE_Result_Value { + /** The operation is successful. */ + TEE_SUCCESS = 0x00000000, + /** The command is invalid. */ + TEE_ERROR_INVALID_CMD = 0x00000001, + /** The service does not exist. */ + TEE_ERROR_SERVICE_NOT_EXIST = 0x00000002, + /** The session does not exist. */ + TEE_ERROR_SESSION_NOT_EXIST = 0x00000003, + /** The number of sessions exceeds the limit. */ + TEE_ERROR_SESSION_MAXIMUM = 0x00000004, + /** The service has been already registered. */ + TEE_ERROR_REGISTER_EXIST_SERVICE = 0x00000005, + /** An internal error occurs. */ + TEE_ERROR_TARGET_DEAD_FATAL = 0x00000006, + /** Failed to read data. */ + TEE_ERROR_READ_DATA = 0x00000007, + /** Failed to write data. */ + TEE_ERROR_WRITE_DATA = 0x00000008, + /** Failed to truncate data. */ + TEE_ERROR_TRUNCATE_OBJECT = 0x00000009, + /** Failed to seek data. */ + TEE_ERROR_SEEK_DATA = 0x0000000A, + /** Failed to synchronize data. */ + TEE_ERROR_SYNC_DATA = 0x0000000B, + /** Failed to rename the file. */ + TEE_ERROR_RENAME_OBJECT = 0x0000000C, + /** An error occurs when the TA is loaded. */ + TEE_ERROR_TRUSTED_APP_LOAD_ERROR = 0x0000000D, + /** TA type is inconsistent with the loading mode. */ + TEE_ERROR_OTRP_LOAD_NOT_MATCHED = 0x80000100, + /** The not open session's otrp service num exceeds. */ + TEE_ERROR_OTRP_LOAD_EXCEED = 0x80000101, + /** UUID of load cmd is not inconsistent with the sec file. */ + TEE_ERROR_OTRP_ACCESS_DENIED = 0x80000102, + /** Otrp service is aged. */ + TEE_ERROR_OTRP_SERVICE_AGED = 0x80000103, + /** An I/O error occurs when data is stored. */ + TEE_ERROR_STORAGE_EIO = 0x80001001, + /** The storage section is unavailable. */ + TEE_ERROR_STORAGE_EAGAIN = 0x80001002, + /** The operation target is not a directory. */ + TEE_ERROR_STORAGE_ENOTDIR = 0x80001003, + /** This operation cannot be performed on a directory. */ + TEE_ERROR_STORAGE_EISDIR = 0x80001004, + /** The number of opened files exceeds the limit in system. */ + TEE_ERROR_STORAGE_ENFILE = 0x80001005, + /** The number of files opened for the process exceeds the limit.*/ + TEE_ERROR_STORAGE_EMFILE = 0x80001006, + /** The storage section is read only. */ + TEE_ERROR_STORAGE_EROFS = 0x80001007, + /** The file object has been rolled back. */ + TEE_ERROR_STORAGE_EROLLBACK = 0x80001008, + /** The file path is not correct. */ + TEE_ERROR_STORAGE_PATH_WRONG = 0x8000100A, + /** The service message queue overflows. */ + TEE_ERROR_MSG_QUEUE_OVERFLOW = 0x8000100B, + /** The subthread created by TA cannot access the service */ + TEE_ERROR_SUBTHREAD_ACCESS = 0x8000100C, + /** Enable backup feature, original partition is inactive */ + TEE_ERROR_ORIGIN_PARTITION_INACTIVE = 0x8000100D, + /** Enable backup feature, backup partition is inactive */ + TEE_ERROR_BACKUP_PARTITION_INACTIVE = 0x8000100E, + /** The file object is corrupted. */ + TEE_ERROR_CORRUPT_OBJECT = 0xF0100001, + /** The storage section is unavailable. */ + TEE_ERROR_STORAGE_NOT_AVAILABLE = 0xF0100003, + /** The cipher text is incorrect. */ + TEE_ERROR_CIPHERTEXT_INVALID = 0xF0100006, + /** Protocol error in socket connection. */ + TEE_ISOCKET_ERROR_PROTOCOL = 0xF1007001, + /** The socket is closed by the remote end. */ + TEE_ISOCKET_ERROR_REMOTE_CLOSED = 0xF1007002, + /** The socket connection timed out. */ + TEE_ISOCKET_ERROR_TIMEOUT = 0xF1007003, + /** There is no resource available for the socket connection. */ + TEE_ISOCKET_ERROR_OUT_OF_RESOURCES = 0xF1007004, + /** The buffer is too large for the socket connection. */ + TEE_ISOCKET_ERROR_LARGE_BUFFER = 0xF1007005, + /** A warning is given in the socket connection. */ + TEE_ISOCKET_WARNING_PROTOCOL = 0xF1007006, + /** Generic error. */ + TEE_ERROR_GENERIC = 0xFFFF0000, + /** The access is denied. */ + TEE_ERROR_ACCESS_DENIED = 0xFFFF0001, + /** The operation has been canceled. */ + TEE_ERROR_CANCEL = 0xFFFF0002, + /** An access conflict occurs. */ + TEE_ERROR_ACCESS_CONFLICT = 0xFFFF0003, + /** The data size exceeds the maximum. */ + TEE_ERROR_EXCESS_DATA = 0xFFFF0004, + /** Incorrect data format. */ + TEE_ERROR_BAD_FORMAT = 0xFFFF0005, + /** Incorrect parameters. */ + TEE_ERROR_BAD_PARAMETERS = 0xFFFF0006, + /** The current state does not support the operation. */ + TEE_ERROR_BAD_STATE = 0xFFFF0007, + /** Failed to find the target item. */ + TEE_ERROR_ITEM_NOT_FOUND = 0xFFFF0008, + /** The API is not implemented. */ + TEE_ERROR_NOT_IMPLEMENTED = 0xFFFF0009, + /** The API is not supported. */ + TEE_ERROR_NOT_SUPPORTED = 0xFFFF000A, + /** There is no data available for this operation. */ + TEE_ERROR_NO_DATA = 0xFFFF000B, + /** There is no memory available for this operation. */ + TEE_ERROR_OUT_OF_MEMORY = 0xFFFF000C, + /** The system does not respond to this operation. */ + TEE_ERROR_BUSY = 0xFFFF000D, + /** Failed to communicate with the target. */ + TEE_ERROR_COMMUNICATION = 0xFFFF000E, + /** A security error occurs. */ + TEE_ERROR_SECURITY = 0xFFFF000F, + /** The buffer is insufficient for this operation. */ + TEE_ERROR_SHORT_BUFFER = 0xFFFF0010, + /** The operation has been canceled. */ + TEE_ERROR_EXTERNAL_CANCEL = 0xFFFF0011, + /** The service is in the pending state (asynchronous state). */ + TEE_PENDING = 0xFFFF2000, + /** The service is in the pending state(). */ + TEE_PENDING2 = 0xFFFF2001, + /** Reserved. */ + TEE_PENDING3 = 0xFFFF2002, + /** The operation timed out. */ + TEE_ERROR_TIMEOUT = 0xFFFF3001, + /** Overflow occurs. */ + TEE_ERROR_OVERFLOW = 0xFFFF300f, + /** The TA is crashed. */ + TEE_ERROR_TARGET_DEAD = 0xFFFF3024, + /** There is no enough space to store data. */ + TEE_ERROR_STORAGE_NO_SPACE = 0xFFFF3041, + /** The MAC operation failed. */ + TEE_ERROR_MAC_INVALID = 0xFFFF3071, + /** The signature verification failed. */ + TEE_ERROR_SIGNATURE_INVALID = 0xFFFF3072, + /** Thecertificate verify failed. */ + TEE_ERROR_CERTIFICATE_INVALID = 0xFFFF3073, + /** Interrupted by CFC. Broken control flow is detected. */ + TEE_CLIENT_INTR = 0xFFFF4000, + /** Time is not set. */ + TEE_ERROR_TIME_NOT_SET = 0xFFFF5000, + /** Time needs to be reset. */ + TEE_ERROR_TIME_NEEDS_RESET = 0xFFFF5001, + /** System error. */ + TEE_FAIL = 0xFFFF5002, + /** Base value of the timer error code. */ + TEE_ERROR_TIMER = 0xFFFF6000, + /** Failed to create the timer. */ + TEE_ERROR_TIMER_CREATE_FAILED = 0xFFFF6001, + /** Failed to destroy the timer. */ + TEE_ERROR_TIMER_DESTROY_FAILED = 0xFFFF6002, + /** The timer is not found. */ + TEE_ERROR_TIMER_NOT_FOUND = 0xFFFF6003, + /** Base value of RPMB error codes. */ + TEE_ERROR_RPMB_BASE = 0xFFFF7000, + /** Generic error of RPMB operations. */ + TEE_ERROR_RPMB_GENERIC = 0xFFFF7001, + /** Verify MAC failed in RPMB operations. */ + TEE_ERROR_RPMB_MAC_FAIL = 0xFFFF7002, + /** Invalid counter in RPMB operations. */ + TEE_ERROR_RPMB_COUNTER_FAIL = 0xFFFF7003, + /** Address check failed in RPMB operations. */ + TEE_ERROR_RPMB_ADDR_FAIL = 0xFFFF7004, + /** Fail to write data to RPMB. */ + TEE_ERROR_RPMB_WRITE_FAIL = 0xFFFF7005, + /** Fail to read data in RPMB. */ + TEE_ERROR_RPMB_READ_FAIL = 0xFFFF7006, + /** Key is not provisioned in RPMB. */ + TEE_ERROR_RPMB_KEY_NOT_PROGRAM = 0xFFFF7007, + /** Incorrect message type in RPMB response. */ + TEE_ERROR_RPMB_RESP_UNEXPECT_MSGTYPE = 0xFFFF7100, + /** Incorrect message data block count in RPMB response. */ + TEE_ERROR_RPMB_RESP_UNEXPECT_BLKCNT = 0xFFFF7101, + /** Incorrect message data block count in RPMB response. */ + TEE_ERROR_RPMB_RESP_UNEXPECT_BLKIDX = 0xFFFF7102, + /** Incorrect message data counter in RPMB response. */ + TEE_ERROR_RPMB_RESP_UNEXPECT_WRCNT = 0xFFFF7103, + /** Incorrect message data nonce in RPMB response. */ + TEE_ERROR_RPMB_RESP_UNEXPECT_NONCE = 0xFFFF7104, + /** Incorrect message data MAC in RPMB response. */ + TEE_ERROR_RPMB_RESP_UNEXPECT_MAC = 0xFFFF7105, + /** The file is not found in RPMB. */ + TEE_ERROR_RPMB_FILE_NOT_FOUND = 0xFFFF7106, + /** No spece left for RPMB operations. */ + TEE_ERROR_RPMB_NOSPC = 0xFFFF7107, + /** Exceeds max space of RPMB for this TA. */ + TEE_ERROR_RPMB_SPC_CONFLICT = 0xFFFF7108, + /** RPMB service not ready. */ + TEE_ERROR_RPMB_NOT_AVAILABLE = 0xFFFF7109, + /** RPMB partition is damaged. */ + TEE_ERROR_RPMB_DAMAGED = 0xFFFF710A, + /** TUI is being used. */ + TEE_ERROR_TUI_IN_USE = 0xFFFF7110, + /** Incorrect message switch channal in TUI response. */ + TEE_ERROR_TUI_SWITCH_CHANNAL = 0xFFFF7111, + /** Incorrect message configurator driver in TUI response. */ + TEE_ERROR_TUI_CFG_DRIVER = 0xFFFF7112, + /** Invalid TUI event. */ + TEE_ERROR_TUI_INVALID_EVENT = 0xFFFF7113, + /** Incorrect message polling events in TUI response. */ + TEE_ERROR_TUI_POLL_EVENT = 0xFFFF7114, + /** TUI is cancelled. */ + TEE_ERROR_TUI_CANCELED = 0xFFFF7115, + /** TUI is exited. */ + TEE_ERROR_TUI_EXIT = 0xFFFF7116, + /** TUI unavailable. */ + TEE_ERROR_TUI_NOT_AVAILABLE = 0xFFFF7117, + /** sec flash is not available. */ + TEE_ERROR_SEC_FLASH_NOT_AVAILABLE = 0xFFFF7118, + /** SE service has crashed or not enable. */ + TEE_ERROR_SESRV_NOT_AVAILABLE = 0xFFFF7119, + /** The BIO service is not available. */ + TEE_ERROR_BIOSRV_NOT_AVAILABLE = 0xFFFF711A, + /** The ROT service is not available. */ + TEE_ERROR_ROTSRV_NOT_AVAILABLE = 0xFFFF711B, + /** The TA Anti-Rollback service is not available. */ + TEE_ERROR_ARTSRV_NOT_AVAILABLE = 0xFFFF711C, + /** The HSM service is not available. */ + TEE_ERROR_HSMSRV_NOT_AVAILABLE = 0xFFFF711D, + /** REE vrpmb agent check magic failed, maybe cache fail. */ + TEE_ERROR_VRPMB_AGENT_FAIL = 0xFFFF7200, + /** REE ssd driver rw failed. */ + TEE_ERROR_VRPMB_RW_FAIL = 0xFFFF7201, + /** vrpmb check super block mac failed. */ + TEE_ERROR_VRPMB_SUPER_MAC_FAILED = 0xFFFF7202, + /** reject write to vrpmb. */ + TEE_ERROR_VRPMB_WRITE_REJECT = 0xFFFF7203, + /** Failed to verify AntiRoot response. */ + TEE_ERROR_ANTIROOT_RSP_FAIL = 0xFFFF9110, + /** AntiRoot error in invokeCmd(). */ + TEE_ERROR_ANTIROOT_INVOKE_ERROR = 0xFFFF9111, + /** Audit failed. */ + TEE_ERROR_AUDIT_FAIL = 0xFFFF9112, + /** Unused. */ + TEE_FAIL2 = 0xFFFF9113, + /** IPC Channel overflow error. */ + TEE_ERROR_IPC_OVERFLOW = 0xFFFF9114, + /** APM error. */ + TEE_ERROR_APM = 0xFFFF9115, + /** CA auth file not exist. */ + TEE_ERROR_CA_AUTHFILE_NOT_EXIST = 0xFFFF9116, + /** CA caller access is denied. */ + TEE_ERROR_CA_CALLER_ACCESS_DENIED = 0xFFFF9117, + /** Invalid TA format. */ + TEE_ERROR_INVALID_TA_FORMAT = 0xFFFF9118, + /** local dstb service sign report error. */ + TEE_DSTB_LOCAL_SIGN_REPORT_ERROR = 0xFFFF9200, + /** remote dstb service sign report error. */ + TEE_DSTB_REMOTE_SIGN_REPORT_ERROR = 0xFFFF9201, + /** local dstb service report cert chain error. */ + TEE_DSTB_LOCAL_REPORT_CERT_CHAIN_ERROR = 0xFFFF9202, + /** remote dstb service report cert chain error. */ + TEE_DSTB_REMOTE_REPORT_CERT_CHAIN_ERROR = 0xFFFF9203, + /** local dstb service verify report error. */ + TEE_DSTB_LOCAL_REPORT_VERIFY_ERROR = 0xFFFF9204, + /** remote dstb service verify report error. */ + TEE_DSTB_REMOTE_REPORT_VERIFY_ERROR = 0xFFFF9205, + /** local dstb service verify cert chain error. */ + TEE_DSTB_LOCAL_CERT_CHAIN_VERIFY_ERROR = 0xFFFF9206, + /** remote dstb service verify cert chain error. */ + TEE_DSTB_REMOTE_CERT_CHAIN_VERIFY_ERROR = 0xFFFF9207, + /** local dstb service key version error. */ + TEE_DSTB_LOCAL_INVALID_KEY_VERSION_ERROR = 0xFFFF9208, + /** remote dstb service key version error. */ + TEE_DSTB_REMOTE_INVALID_KEY_VERSION_ERROR = 0xFFFF9209, + /** udid is invalid. */ + TEE_DSTB_INVALID_UDID = 0xFFFF920A, + /** dstb service derive key error. */ + TEE_DSTB_DERIVE_KEY_ERROR = 0xFFFF920B, + /** dstb service of ree error. */ + TEE_DSTB_REE_SRV_ERROR = 0xFFFF920C, + /** TA load fail becauce of anti-rollback. */ + TEE_ERROR_TA_ANTI_ROLLBACK = 0xFFFF920D, + /** open_session fail becauce of race with close_session. */ + TEE_ERROR_RETRY_OPEN_SESSION = 0xFFFF920E, + /** TA control file load fail. */ + TEE_ERROR_TA_CTRL_FILE_LOAD_FAIL = 0xFFFF920F, + /** TA control file verify fail. */ + TEE_ERROR_TA_CTRL_FILE_VERIFY_FAIL = 0xFFFF9210, + /** TA version is below the verison in control file. */ + TEE_ERROR_TA_VER_BELOW_CONTROL_VER = 0xFFFF9211, + /** Local dstb cert chain validity check failed. */ + TEE_DSTB_LOCAL_CERT_VALIDITY_ERROR = 0xFFFF9212, + /** Remote dstb cert chain validity check failed. */ + TEE_DSTB_REMOTE_CERT_VALIDITY_ERROR = 0xFFFF9213, +}; + +/** + * @brief Login type definitions + * + * @since 20 + */ +enum TEE_LoginMethod { + /** Public login method. */ + TEE_LOGIN_PUBLIC = 0x0, + /** User login method. */ + TEE_LOGIN_USER, + /** Group login method. */ + TEE_LOGIN_GROUP, + /** Application login method. */ + TEE_LOGIN_APPLICATION = 0x4, + /** User-application login method. */ + TEE_LOGIN_USER_APPLICATION = 0x5, + /** Group-application login method. */ + TEE_LOGIN_GROUP_APPLICATION = 0x6, + /** Customized login type. */ + TEE_LOGIN_IDENTIFY = 0x7, + /** Login type from the Linux kernel. */ + TEEK_LOGIN_IDENTIFY = 0x80000001, +}; + +/** + * @brief Definitions the TEE Identity. + * + * @since 20 + */ +typedef struct { + /** Login method. */ + uint32_t login; + /** The UUID of the identity. */ + TEE_UUID uuid; +} TEE_Identity; + +/** + * @brief Defines the return values. + * + * @since 20 + * @version 1.0 + */ +typedef uint32_t TEE_Result; + +/** + * @brief Defines the return values. + * + * @since 20 + * @version 1.0 + */ +typedef TEE_Result TEEC_Result; + +/** + * @brief Origin of the TEE. + * + * @since 20 + */ +#define TEE_ORIGIN_TEE 0x00000003 + +/** + * @brief Origin of the Trusted Application. + * + * @since 20 + */ +#define TEE_ORIGIN_TRUSTED_APP 0x00000004 + +#ifndef _TEE_TA_SESSION_HANDLE +/** + * @brief Defines the handle for a TA session. + * + * @since 20 + */ +#define _TEE_TA_SESSION_HANDLE +/** + * @brief Defines the handle of TA session. + * + * @since 20 + */ +typedef uint32_t TEE_TASessionHandle; +#endif + +/** + * @brief Defines the pointer to TEE_ObjectEnumHandle. + * + * @see __TEE_ObjectEnumHandle + * + * @since 20 + */ +typedef struct __TEE_ObjectEnumHandle *TEE_ObjectEnumHandle; + +/** + * @brief Defines the pointer to __TEE_OperationHandle. + * + * @see __TEE_OperationHandle + * + * @since 20 + */ +typedef struct __TEE_OperationHandle *TEE_OperationHandle; + +/** + * @brief Defines the infinite timeout value. + * + * @since 20 + */ +#define TEE_TIMEOUT_INFINITE (0xFFFFFFFF) + +/** + * @brief Definitions the TEE time. + * + * @since 20 + */ +typedef struct { + /** Seconds part of the time. */ + uint32_t seconds; + /** Milliseconds part of the time. */ + uint32_t millis; +} TEE_Time; + +/** + * @brief Definitions the date time of TEE. + * + * @since 20 + */ +typedef struct { + /** Seconds part of the date time. */ + int32_t seconds; + /** Milliseconds part of the date time. */ + int32_t millis; + /** Minutes part of the date time. */ + int32_t min; + /** Hours part of the date time. */ + int32_t hour; + /** Day part of the date time. */ + int32_t day; + /** Month part of the date time. */ + int32_t month; + /** Year part of the date time. */ + int32_t year; +} TEE_Date_Time; + +/** + * @brief Definitions the timer property of TEE. + * + * @since 20 + */ +typedef struct { + /** Type of the timer. */ + uint32_t type; + /** Timer ID. */ + uint32_t timer_id; + /** Timer class. */ + uint32_t timer_class; + /** Reserved field for future use. */ + uint32_t reserved2; +} TEE_timer_property; + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_drv_client.h b/TEEKit/include/tee/tee_drv_client.h new file mode 100644 index 0000000000000000000000000000000000000000..780d3d3cd02185312ded225cd3b972211c6896a6 --- /dev/null +++ b/TEEKit/include/tee/tee_drv_client.h @@ -0,0 +1,97 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_drv_client.h + * + * @brief Declare tee driver client API. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_DRV_CLIENT_H +#define TEE_DRV_CLIENT_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Open the specified driver in the TEE. + * + * @param drv_name [IN] The driver name. + * @param param [IN] The parameter information. + * @param param_len [IN] The length of the parameter. + * + * @return Returns greater than 0, which means the fd of the corresponding driver. + * Returns less than or equal to 0, which means falied to open the driver. + * + * @since 20 + * @version 1.0 + */ +int64_t tee_drv_open(const char *drv_name, const void *param, uint32_t param_len); + +/** + * @brief Cancels an operation. + * + * @param fd [IN] The file descriptor of the driver. + * @param cmd_id [IN] The command id. + * @param param [IN] The parameter information. + * @param param_len [IN] The length of the parameter. + * + * @return Returns 0 if the operation is successful. + * Returns -1 if the operation is failed. + * + * @since 20 + * @version 1.0 + */ +int64_t tee_drv_ioctl(int64_t fd, uint32_t cmd_id, const void *param, uint32_t param_len); + +/** + * @brief Open the specified driver in the TEE. + * + * @param fd [IN] The file descriptor of the driver. + * + * @return Returns 0 if the operation is successful. + * Returns -1 if the operation is failed. + * + * @since 20 + * @version 1.0 + */ +int64_t tee_drv_close(int64_t fd); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_dynamic_srv.h b/TEEKit/include/tee/tee_dynamic_srv.h new file mode 100644 index 0000000000000000000000000000000000000000..3a74dcdace9827a207aa720fc1d2a909aaf1412c --- /dev/null +++ b/TEEKit/include/tee/tee_dynamic_srv.h @@ -0,0 +1,154 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_dynamic_srv.h + * + * @brief Provides APIs related to dynamic service development. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef _TEE_DYNAMIC_SRV_H_ +#define _TEE_DYNAMIC_SRV_H_ + +#include +#include "tee_service_public.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Defines a structure for service thread initialize informations. + * + * @since 20 + */ +struct srv_thread_init_info { + /** Function pointer to the thread function. */ + void *(*func)(void *arg); + /** The maximum number of parallel threads. */ + uint32_t max_thread; + /** Shadow parameter, its purpose depends on the implementation. */ + int32_t shadow; + /** The stack size of the thread. */ + uint32_t stack_size; + /** The timeout period for the thread (in seconds). */ + uint32_t time_out_sec; +}; + +/** + * @brief Defines a function pointer type for service dispatch function. + * + * @param msg A pointer to the IPC message to be processed. + * @param sndr The sender of the IPC message. + * @param rsp A pointer to the IPC response message. + * + * @since 20 + */ +typedef void (*srv_dispatch_fn_t)(tee_service_ipc_msg *msg, + uint32_t sndr, tee_service_ipc_msg_rsp *rsp); + +/** + * @brief Defines a structure for service dispatch information. + * + * @since 20 + */ +struct srv_dispatch_t { + /** The command associated with the dispatch. */ + uint32_t cmd; + /** Function pointer for the dispatch handler. */ + srv_dispatch_fn_t fn; +}; + +/** + * @brief Get UUID by sender. + * + * @param sender [IN] Indicates the sender's task Id. + * @param uuid [OUT] Indicates the universally unique identifier. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if the input parameter is incorrect, + * or the file name is longer than 64 bytes. + * Returns {@code TEE_ERROR_ITEM_NOT_FOUND} if failed to find the corresponding UUID by sender. + * Returns {@code TEE_ERROR_GENERIC} if failed to obtain the UUID. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_srv_get_uuid_by_sender(uint32_t sender, TEE_UUID *uuid); + +/** + * @brief Releasing the object mapping of a specified address area. + * + * @param va_addr [IN] Indicates the address of the memory area to be released. + * @param size [IN] Indicates the size of the released memory area. + * + * @since 20 + * @version 1.0 + */ +void tee_srv_unmap_from_task(uint32_t va_addr, uint32_t size); + +/** + * @brief Create a new mapping in the virtual address space of the calling process. + * + * @param in_task_id [IN] Indicates the task Id. + * @param va_addr [IN] Indicates the address of the memory area to be mapped. + * @param size [IN] Indicates the size of the memory area to be mapped. + * @param virt_addr [OUT] Indicates the new mapping vitural address. + * + * @return Returns 0 if the operation is successful. + * @return Returns -1 if the operation is failed. + * + * @since 20 + * @version 1.0 + */ +int tee_srv_map_from_task(uint32_t in_task_id, uint32_t va_addr, uint32_t size, uint32_t *virt_addr); + +/** + * @brief Dispatch task by task name. + * + * @param task_name [IN] Indicates the task name. + * @param dispatch [IN] Indicates the dispatch information. + * @param n_dispatch [IN] Indicates the dispatch number. + * @param cur_thread [IN] Indicates the current thread information. + * + * @since 20 + * @version 1.0 + */ +void tee_srv_cs_server_loop(const char *task_name, const struct srv_dispatch_t *dispatch, + uint32_t n_dispatch, struct srv_thread_init_info *cur_thread); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_ext_api.h b/TEEKit/include/tee/tee_ext_api.h new file mode 100644 index 0000000000000000000000000000000000000000..a4522a716d42eed6d1e803044316f78de31b1f74 --- /dev/null +++ b/TEEKit/include/tee/tee_ext_api.h @@ -0,0 +1,216 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_ext_api.h + * + * @brief Provides extended interfaces. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_EXT_API_H +#define TEE_EXT_API_H + +#include "tee_defines.h" +#include "tee_hw_ext_api.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Defines the value of invalid user ID. + * + * @since 20 + */ +#define INVALID_USERID 0xFFFFFFFFU + +/** + * @brief Defines the SMC from user mode. + * + * @since 20 + */ +#define TEE_SMC_FROM_USR 0 + +/** + * @brief Defines the SMC from kernel mode. + * + * @since 20 + */ +#define TEE_SMC_FROM_KERNEL 1 + +/** + * @brief Defines the szie of reserved buffer. + * + * @since 20 + */ +#define RESERVED_BUF_SIZE 32 + +/** + * @brief Defines the caller information. + * + * @since 20 + */ +typedef struct ta_caller_info { + /** The session type. */ + uint32_t session_type; + union { + struct { + /** The caller's UUID. */ + TEE_UUID caller_uuid; + /** The caller's group ID. */ + uint32_t group_id; + }; + /** The buffer used to store CA information. */ + uint8_t ca_info[RESERVED_BUF_SIZE]; + } caller_identity; + /** Indicates whether the SMC is sent from kernel mode. */ + uint8_t smc_from_kernel_mode; + /** Reserved buffer. */ + uint8_t reserved[RESERVED_BUF_SIZE - 1]; +} caller_info; + +/** + * @brief Get caller info of current session, refer caller_info struct for more details. + * + * @param ca_name Indicates the process name of the caller of the CA. + * @param ca_uid Indicates the UID of the caller. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns other information otherwise. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_get_caller_info(caller_info *caller_info_data, uint32_t length); + +/** + * @brief Get user ID of current CA. + * + * @param user_id Indicates the user ID to be returned. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns other information otherwise. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_get_caller_userid(uint32_t *user_id); + +/** + * @brief Adds information about a caller that can invoke this TA. + * This API applies to the client applications (CAs) in the native CA and HAP format. + * + * @param cainfo_hash Indicates the hash value of the CA caller information. + * @param length Indicates the length of the hash value. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns other information otherwise. + * + * @since 20 + * @version 1.0 + */ +TEE_Result AddCaller_CA(const uint8_t *cainfo_hash, uint32_t length); + +/** + * @brief TA call this API allow others TA open session with itself. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns other information otherwise. + * + * @since 20 + * @version 1.0 + */ +TEE_Result AddCaller_TA_all(void); + +/** + * @brief Defines the session caller from CA. + * + * @since 20 + */ +#define SESSION_FROM_CA 0 + +/** + * @brief Defines the session caller from TA. + * + * @since 20 + */ +#define SESSION_FROM_TA 1 + +/** + * @brief Defines the TA task is not found, for example, from TA sub thread. + * + * @since 20 + */ +#define SESSION_FROM_NOT_SUPPORTED 0xFE + +/** + * @brief Defines the TA caller is not found. + * + * @since 20 + */ +#define SESSION_FROM_UNKNOWN 0xFF + +/** + * @brief Obtains the session type. + * + * @return Returns the session type obtained. + * + * @since 20 + * @version 1.0 + */ +uint32_t tee_get_session_type(void); + +/** + * @brief Derive key from platform key. + * * + * @param object [IN/OUT] input data in ObjectInfo->keytype, output keys in Attributes. + * @param key_size [IN] key size in bits, it desides the ecc curve type too. + * @param params [IN] unused. + * @param param_count [IN] unused. + * @param exinfo [IN] user info as dervice salt. + * @param exinfo_size [IN] size of user info, Max is 64 bytes, must bigger than 0. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns other information otherwise. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_derive_ta_platfrom_keys(TEE_ObjectHandle object, uint32_t key_size, const TEE_Attribute *params, + uint32_t param_count, const uint8_t *exinfo, uint32_t exinfo_size); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_get_recoverymode.h b/TEEKit/include/tee/tee_get_recoverymode.h new file mode 100644 index 0000000000000000000000000000000000000000..798787c5e90632b2848b7dcce622eddd44d5db13 --- /dev/null +++ b/TEEKit/include/tee/tee_get_recoverymode.h @@ -0,0 +1,84 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_get_recoverymode.h + * + * @brief Provides APIs for getting boot mode. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_GET_RECOVERYMODE_H +#define TEE_GET_RECOVERYMODE_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Enumerates the supported boot modes of the system. + */ +enum boot_modes { + /** System is powered off or shutting down. */ + BOOT_MODE_SHUTDOWN = 0, + /** Normal boot mode */ + BOOT_MODE_NORMAL, + /** Fastboot boot mode. */ + BOOT_MODE_FASTBOOT, + /** Recovery boot mode. */ + BOOT_MODE_RECOVERY, + /** eRecovery mode. */ + BOOT_MODE_RECOVERY2, + /** Maximum number of supported boot modes. */ + BOOT_MODE_CNT_MAX +}; + +/** + * @brief Get current boot mode. + * + * @param recoverymode [OUT] Indicates current boot mode. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * + * @since 20 + * @version 1.0 + */ +int32_t tee_ext_get_recoverymode(enum boot_modes *recoverymode); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_hw_ext_api.h b/TEEKit/include/tee/tee_hw_ext_api.h new file mode 100644 index 0000000000000000000000000000000000000000..ada35d68ef0285fa5db42137f8de2042d1eb21c2 --- /dev/null +++ b/TEEKit/include/tee/tee_hw_ext_api.h @@ -0,0 +1,148 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_hw_ext_api.h + * + * @brief Provides extended interfaces. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_HW_EXT_API_H +#define TEE_HW_EXT_API_H + +#include "tee_defines.h" +#include "tee_crypto_api.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Obtains the unique device ID from the TEE. + * + * @param device_unique_id Indicates the pointer to the buffer for storing the device ID. + * @param length Indicates the pointer to the buffer length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns other information otherwise. + * + * @since 20 + */ +TEE_Result tee_ext_get_device_unique_id(uint8_t *device_unique_id, uint32_t *length); + +/** + * @brief Defines the memory information. + * + * @since 20 + */ +struct meminfo_t { + /** Pointer to the memory buffer. */ + uint64_t buffer; + /** The size of the memory. */ + uint32_t size; +}; + +/** + * @brief Derive key from device rootkey and UUID of the current task for iteration. + * + * @param salt [IN] Indicates the data for salt. + * @param key [OUT] Indicates the pointer where key is saved. + * @param outer_iter_num [IN] Indicates the iteration times in huk service. + * @param inner_iter_num [IN] Indicates the iteration times in platform driver. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ERROR_GENERIC} if the processing failed. + * + * @since 20 + */ +TEE_Result tee_ext_derive_key_iter(const struct meminfo_t *salt, struct meminfo_t *key, + uint32_t outer_iter_num, uint32_t inner_iter_num); + +/** + * @brief Derive key from device rootkey and UUID of the current task for iteration by huk2 encryption. + * + * @param salt [IN] Indicates the data for salt. + * @param key [OUT] Indicates the pointer where key is saved. + * @param outer_iter_num [IN] Indicates the iteration times in huk service. + * @param inner_iter_num [IN] Indicates the iteration times in platform driver. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ERROR_GENERIC} if the processing failed. + * + * @since 20 + */ +TEE_Result tee_ext_derive_key_iter_by_huk2(const struct meminfo_t *salt, struct meminfo_t *key, + uint32_t outer_iter_num, uint32_t inner_iter_num); + +/** + * @brief Derive key from device root key by HUK2. + * @attention If the device does not support HUK2, the key is derived by HUK. + * + * @param salt [IN] Indicates the data for salt. + * @param size [IN] Indicates the length of salt. + * @param key [OUT] Indicates the pointer where key is saved. + * @param key_size [IN] Indicates the size of the key, which must be integer times of 16. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ERROR_GENERIC} if the processing failed. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_derive_ta_root_key_by_huk2(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t key_size); + +/** + * @brief derive key from device rootkey and UUID of the current task for iteration using huk2 enhance + * + * @param salt [IN] data for salt + * @param key [OUT] pointer where key is saved + * @param outer_iter_num [IN] iteration times in huk service + * @param inner_iter_num [IN] iteration times in platdrv + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is illegal. + * Returns {@code TEE_ERROR_GENERIC} if the processing failed. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_derive_key_iter_by_huk2_enhance(const struct meminfo_t *salt, struct meminfo_t *key, uint32_t outer_iter_num, uint32_t inner_iter_num); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_hw_ext_api_legacy.h b/TEEKit/include/tee/tee_hw_ext_api_legacy.h new file mode 100644 index 0000000000000000000000000000000000000000..21ba352f3be55ebd8436b068e1f6ea40c0ca484a --- /dev/null +++ b/TEEKit/include/tee/tee_hw_ext_api_legacy.h @@ -0,0 +1,141 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_hw_ext_api_legacy.h + * + * @brief Provides extended interfaces. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef __TEE_HW_EXT_API_LEGACY_H__ +#define __TEE_HW_EXT_API_LEGACY_H__ + +#include "tee_defines.h" +#include "tee_crypto_api.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Derive key from device root key. + * + * @param salt [IN] Indicates the data for salt. + * @param size [IN] Indicates the length of salt. + * @param key [OUT] Indicates the pointer where key is saved. + * @param key_size [IN] Indicates the size of the key, which must be integer times of 16. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ERROR_GENERIC} if the processing failed. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_EXT_DeriveTARootKey(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t key_size); + +/** + * @brief Derive key from device root key by HUK2. + * @attention If the device does not support HUK2, the key is derived by HUK. + * + * @param secret [IN] Indicates the input secret. + * @param secret_len [IN] Indicates the length of the input secret. + * @param key [OUT] Indicates the derived key. + * @param key_len [IN] Indicates the length of the derived key. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ERROR_GENERIC} if the processing failed. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_root_derive_key2_by_huk2(const uint8_t *secret, uint32_t secret_len, uint8_t *key, uint32_t key_len); + +/** + * @brief Derive key from device root key and UUID of the current task by HUK2. + * @attention If the device does not support HUK2, the key is derived by HUK. + * + * @param salt [IN] Indicates the data for salt. + * @param size [IN] Indicates the length of salt. + * @param key [OUT] Indicates the pointer where key is saved. + * @param key_size [IN] Indicates the size of the generated key, fix-size 32 bytes. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ERROR_GENERIC} if the processing failed. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_root_uuid_derive_key_by_huk2(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t *key_size); + +/** + * @brief using root key to derive key for keymaster using huk2 enhance + * + * @param secret [IN] input secret + * @param secret_len [IN] input secret size + * @param key [OUT] derived key + * @param key_len [OUT] derived key size + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ERROR_GENERIC} if the processing failed. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_root_derive_key2_by_huk2_enhance(const uint8_t *secret, uint32_t secret_len, uint8_t *key, uint32_t key_len); + +/** + * @brief derive key from device rootkey and UUID of the current task using huk2 enhance + * + * @param salt [IN] data for salt + * @param size [IN] salt length + * @param key_size [OUT] size of generated key, fix-size 32 bytes + * @param key [OUT] pointer where key is saved + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ERROR_GENERIC} if the processing failed. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_root_uuid_derive_key_by_huk2_enhance(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t *key_size); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_internal_se_api.h b/TEEKit/include/tee/tee_internal_se_api.h new file mode 100644 index 0000000000000000000000000000000000000000..10254798c93772ea1de4cf6f412e08245dfc403b --- /dev/null +++ b/TEEKit/include/tee/tee_internal_se_api.h @@ -0,0 +1,587 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_internal_se_api.h + * + * @brief Provides APIs related to the TEE Secure Element. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_INTERNAL_SE_API_H +#define TEE_INTERNAL_SE_API_H + +#include "tee_defines.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Represents the handle for the SE (Secure Element) service. + * + * @since 20 + */ +struct __TEE_SEServiceHandle; + +/** + * @brief Represents the handle for the SE reader. + * + * @since 20 + */ +struct __TEE_SEReaderHandle; + +/** + * @brief Represents the handle for the SE session. + * + * @since 20 + */ +struct __TEE_SESessionHandle; + +/** + * @brief Represents the handle for the SE channel. + * + * @since 20 + */ +struct __TEE_SEChannelHandle; + +/** + * @brief Defines the pointer type for {@code TEE_SEServiceHandle}. + * + * @since 20 + */ +typedef struct __TEE_SEServiceHandle *TEE_SEServiceHandle; + +/** + * @brief Defines the pointer type for {@code TEE_SEReaderHandle}. + * + * @since 20 + */ +typedef struct __TEE_SEReaderHandle *TEE_SEReaderHandle; + +/** + * @brief Defines the pointer type for {@code TEE_SESessionHandle}. + * + * @since 20 + */ +typedef struct __TEE_SESessionHandle *TEE_SESessionHandle; + +/** + * @brief Defines the pointer type for {@code TEE_SEChannelHandle}. + * + * @since 20 + */ +typedef struct __TEE_SEChannelHandle *TEE_SEChannelHandle; + +/** + * @brief Defines the maximum length of the ATR (Answer to Reset) in bytes. + * + * @since 20 + */ +#define ATR_LEN_MAX 32U + +/** + * @brief Defines the minimum length of the AID (Application Identifier) in bytes. + * + * @since 20 + */ +#define AID_LEN_MIN 5U + +/** + * @brief Defines the maximum length of the AID (Application Identifier) in bytes. + * + * @since 20 + */ +#define AID_LEN_MAX 16U + +/** + * @brief Defines the maximum of the logic channel. + * + * @since 20 + */ +#define SE_LOGIC_CHANNEL_MAX 8U + +/** + * @brief Defines the SCP03 type. + * + * @since 20 + */ +#define TEE_SC_TYPE_SCP03 0x01 + +/** + * @brief Defines the number of bits in a byte. + * + * @since 20 + */ +#define BYTE_LEN 8 + +/** + * @brief Represents the properties of the SE reader. + * + * @since 20 + */ +typedef struct __TEE_SEReaderProperties { + /** If an SE is present in the reader, the value is true. */ + bool sePresent; + /** If this reader is only accessible via the TEE, the value is true. */ + bool teeOnly; + /** If the response to a SELECT is available in the TEE, the value is true.*/ + bool selectResponseEnable; +} TEE_SEReaderProperties; + +/** + * @brief Defines the SE AID. + * + * @since 20 + */ +typedef struct __TEE_SEAID { + /** The value of the applet's AID. */ + uint8_t *buffer; + /** The lenght of the applet's AID. */ + uint32_t bufferLen; +} TEE_SEAID; + +/** + * @brief Enumerates the types of the key. + * + * @since 20 + */ +typedef enum { + /** A base key acc. to SCP02. */ + TEE_SC_BASE_KEY = 0, + /** A key set (key-MAC, key_ENC) acc. to SCP02, SCP03. */ + TEE_SC_KEY_SET = 1 +} TEE_SC_KeyType; + +/** + * @brief Defines a reference to a key set. + * + * @since 20 + */ +typedef struct __TEE_SC_KeySetRef { + /** Key-ENC (Static encryption key). */ + TEE_ObjectHandle scKeyEncHandle; + /** Key-MAC (Static MAC key). */ + TEE_ObjectHandle scKeyMacHandle; +} TEE_SC_KeySetRef; + +/** + * @brief Enumerates the levels of the security. + * + * @since 20 + */ +typedef enum { + /** Nothing will be applied. */ + TEE_SC_NO_SECURE_MESSAGING = 0x00, + /** Command and response APDU not be secured. */ + TEE_SC_AUTHENTICATE = 0x80, + /** Command APDU shall be MAC protected. */ + TEE_SC_C_MAC = 0x01, + /** Response APDU shall be MAC protected. */ + TEE_SC_R_MAC = 0x10, + /** Command and response APDU shall be MAC protected. */ + TEE_SC_CR_MAC = 0x11, + /** Command APDU shall be encrypted and MAC protected. */ + TEE_SC_C_ENC_MAC = 0x03, + /** Response APDU shall be encrypted and MAC protected. */ + TEE_SC_R_ENC_MAC = 0x30, + /** Command and response APDU shall be encrypted and MAC protected. */ + TEE_SC_CR_ENC_MAC = 0x33, + /** Command APDU shall be encrypted, and the command and response APDU shall be MAC protected.*/ + TEE_SC_C_ENC_CR_MAC = 0x13 +} TEE_SC_SecurityLevel; + +/** + * @brief Defines an alias for TEE_SC_AUTHENTICATE. + * + * @since 20 + */ +#define TEE_AUTHENTICATE TEE_SC_AUTHENTICATE + +/** + * @brief Represents the reference about SC card key. + * + * @since 20 + */ +typedef struct __TEE_SC_CardKeyRef { + /** The key identifier of the SC card key. */ + uint8_t scKeyID; + /** The key version if the SC card key. */ + uint8_t scKeyVersion; +} TEE_SC_CardKeyRef; + +/** + * @brief Represents the reference about the SC device key. + * + * @since 20 + */ +typedef struct __TEE_SC_DeviceKeyRef { + /** The type of the SC key. */ + TEE_SC_KeyType scKeyType; + /** Contains the specific information of the SC key. */ + union { + /** The handle for the SC base key. */ + TEE_ObjectHandle scBaseKeyHandle; + /** A reference to the SC key set. */ + TEE_SC_KeySetRef scKeySetRef; + } __TEE_key; +} TEE_SC_DeviceKeyRef; + +/** + * @brief Defines the OID of the SC. + * + * @since 20 + */ +typedef struct __TEE_SC_OID { + /** The value of the OID. */ + uint8_t *buffer; + /** The length of the OID. */ + uint32_t bufferLen; +} TEE_SC_OID; + +/** + * @brief Represents the paramaters about the SC. + * + * @since 20 + */ +typedef struct __TEE_SC_Params { + /** The SC type. */ + uint8_t scType; + /** The SC type defined by OID. */ + TEE_SC_OID scOID; + /** The SC security level. */ + TEE_SC_SecurityLevel scSecurityLevel; + /** Reference to SC card keys. */ + TEE_SC_CardKeyRef scCardKeyRef; + /** Reference to SC device keys. */ + TEE_SC_DeviceKeyRef scDeviceKeyRef; +} TEE_SC_Params; + +/** + * @brief Open the SE service. + * + * @param se_service_handle [IN] Indicates the handle of SE service. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ERROR_ACCESS_CONFLICT} if failed to access the SE service due to conflict. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SEServiceOpen(TEE_SEServiceHandle *se_service_handle); + +/** + * @brief Close the SE service. + * + * @param se_service_handle [IN] Indicates the handle of SE service. + * + * @since 20 + * @version 1.0 + */ +void TEE_SEServiceClose(TEE_SEServiceHandle se_service_handle); + +/** + * @brief Get the available readers handle of the SE service. + * + * @param se_service_handle [IN] Indicates the handle of SE service. + * @param se_reader_handle_list [OUT] Indicates the available readers handle list. + * @param se_reader_handle_list_len [OUT] Indicates the length of the handle list. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ITEM_NOT_FOUND} if cannot find the input SE service handle. + * Returns {@code TEE_ERROR_SHORT_BUFFER} if the provided buffer is too small to store the readers handle. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SEServiceGetReaders(TEE_SEServiceHandle se_service_handle, TEE_SEReaderHandle *se_reader_handle_list, + uint32_t *se_reader_handle_list_len); + +/** + * @brief Get the available readers handle of the SE service. + * + * @param se_reader_handle [IN] Indicates the SE readers handle. + * @param reader_properties [OUT] Indicates the reader's properties. + * + * @since 20 + * @version 1.0 + */ +void TEE_SEReaderGetProperties(TEE_SEReaderHandle se_reader_handle, TEE_SEReaderProperties *reader_properties); + +/** + * @brief Get the SE reader's name. + * + * @param se_reader_handle [IN] Indicates the SE readers handle. + * @param reader_name [OUT] Indicates the SE reader's name. + * @param reader_name_len [OUT] Indicates the length of the reader's name. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ITEM_NOT_FOUND} if cannot find the input SE reader handle. + * Returns {@code TEE_ERROR_BAD_FORMAT} if the input se_reader_handle points to the reader illegally. + * Returns {@code TEE_ERROR_SHORT_BUFFER} if the reader_name_len is too small to store the readers name. + * Returns {@code TEE_ERROR_SECURITY} if the security error is detected. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SEReaderGetName(TEE_SEReaderHandle se_reader_handle, char *reader_name, uint32_t *reader_name_len); + +/** + * @brief Open a session between the SE reader to the SE. + * + * @param se_reader_handle Indicates the SE readers handle. + * @param se_session_handle Indicates the session handle. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ITEM_NOT_FOUND} if cannot find the input SE reader handle. + * Returns {@code TEE_ERROR_COMMUNICATION} if communicte failed with the SE. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SEReaderOpenSession(TEE_SEReaderHandle se_reader_handle, TEE_SESessionHandle *se_session_handle); + +/** + * @brief Close sessions between the SE reader to the SE. + * + * @param se_reader_handle Indicates the SE readers handle. + * + * @since 20 + * @version 1.0 + */ +void TEE_SEReaderCloseSessions(TEE_SEReaderHandle se_reader_handle); + +/** + * @brief Get the SE ATR. + * + * @param se_session_handle Indicates the session handle. + * @param atr Indicates the SE ATR. + * @param atrLen Indicates the length of ATR. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ERROR_SHORT_BUFFER} if the provided buffer is too small to store the ATR. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SESessionGetATR(TEE_SESessionHandle se_session_handle, void *atr, uint32_t *atrLen); + +/** + * @brief Check whether the session is closed. + * + * @param se_session_handle Indicates the session handle. + * + * @return Returns {@code TEE_SUCCESS} if the session is closed or the input handle is invalid. + * Returns {@code TEE_ERROR_COMMUNICATION} if session state is invalid. + * Returns {@code TEE_ERROR_BAD_STATE} if the session is opened. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SESessionIsClosed(TEE_SESessionHandle se_session_handle); + +/** + * @brief Close the SE session. + * + * @param se_session_handle Indicates the session handle. + * + * @since 20 + * @version 1.0 + */ +void TEE_SESessionClose(TEE_SESessionHandle se_session_handle); + +/** + * @brief Close all channels which pointed to by the SE session. + * + * @param se_session_handle Indicates the session handle. + * + * @since 20 + * @version 1.0 + */ +void TEE_SESessionCloseChannels(TEE_SESessionHandle se_session_handle); + +/** + * @brief Open a basic channel which pointed to by the SE session. + * + * @param se_session_handle Indicates the session handle. + * @param se_aid Indicates the SE AID. + * @param se_channel_handle Indicates the SE channel handle. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_STATE} if the session is closed. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ITEM_NOT_FOUND} if cannot find the input SE reader handle. + * Returns other when SE responding to the abnormal status word. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SESessionOpenBasicChannel(TEE_SESessionHandle se_session_handle, TEE_SEAID *se_aid, + TEE_SEChannelHandle *se_channel_handle); + +/** + * @brief Open a logical channel which pointed to by the SE session. + * + * @param se_session_handle Indicates the session handle. + * @param se_aid Indicates the SE AID. + * @param se_channel_handle Indicates the SE channel handle. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_STATE} if the session is closed. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ITEM_NOT_FOUND} if cannot find the input SE reader handle. + * Returns other when SE responding to the abnormal status word. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SESessionOpenLogicalChannel(TEE_SESessionHandle se_session_handle, TEE_SEAID *se_aid, + TEE_SEChannelHandle *se_channel_handle); + +/** + * @brief Close the channel which pointed to by the channel handle. + * + * @param se_channel_handle Indicates the SE channel handle. + * + * @since 20 + * @version 1.0 + */ +void TEE_SEChannelClose(TEE_SEChannelHandle se_channel_handle); + +/** + * @brief Select the next SE service which pointed to by the channel handle. + * + * @param se_channel_handle Indicates the SE channel handle. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is invalid or the mode of SE is wrong. + * Returns other when SE responding to the abnormal status word. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SEChannelSelectNext(TEE_SEChannelHandle se_channel_handle); + +/** + * @brief Get the SELECT command response of SE when open the channel handle. + * + * @param se_channel_handle Indicates the SE channel handle. + * @param response Indicates the response of SE. + * @param response_len Indicates the length of the response. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is invalid. + * Returns {@code TEE_ERROR_SHORT_BUFFER} if the provided buffer is too small to store the response. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SEChannelGetSelectResponse(TEE_SEChannelHandle se_channel_handle, void *response, + uint32_t *response_len); + +/** + * @brief Transmit the command through the channle. + * + * @param se_channel_handle Indicates the SE channel handle. + * @param command Indicates the transmitted command. + * @param command_len Indicates the length of the command. + * @param response Indicates the response of SE. + * @param response_len Indicates the length of the response. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_COMMUNICATION} if length of command is less than 4. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is invalid. + * Returns {@code TEE_ERROR_BAD_STATE} if the channel is closed. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SEChannelTransmit(TEE_SEChannelHandle se_channel_handle, void *command, uint32_t command_len, + void *response, uint32_t *response_len); + +/** + * @brief Open a SE secure channel based on the input channel handle. + * Thereafter, when the {@code TEE_SEChannelTransmit} is called, all APDUs(ENC/MAC protected) transmitted based on + * the handle are automatically protected based on the defined secure channel parameter options. + * Currently, only SCP03 is supported. + * + * @param se_channel_handle Indicates the SE channel handle. + * @param sc_params Indicates the parameter reference for the secure channel protocol. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_COMMUNICATION} if communicate failed with the SE. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is invalid or the mode of SE is wrong. + * Returns {@code TEE_ERROR_NOT_SUPPORTED} if the parameter of the sc_params is not supported + * Returns {@code TEE_ERROR_MAC_INVALID} if the verification failed. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SESecureChannelOpen(TEE_SEChannelHandle se_channel_handle, TEE_SC_Params *sc_params); + +/** + * @brief Close the SE secure channel based on the input channel handle. + * The channel, which pointed to by the input channel handle, is not closed. + * It can be used for insecure communication, but the APDU that calls {@code TEE_SEChannelTransmit} + * transmission is not secure. + * + * @param se_channel_handle Indicates the SE channel handle. + * + * @since 20 + * @version 1.0 + */ +void TEE_SESecureChannelClose(TEE_SEChannelHandle se_channel_handle); + +/** + * @brief Get the channel Id which pointed to by the input channel handle. + * + * @param se_channel_handle Indicates the SE channel handle. + * @param channel_id Indicates the SE channel Id. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is invalid. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SEChannelGetID(TEE_SEChannelHandle se_channel_handle, uint8_t *channel_id); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_log.h b/TEEKit/include/tee/tee_log.h new file mode 100644 index 0000000000000000000000000000000000000000..370776867a18481803c55b54796db311f34895e1 --- /dev/null +++ b/TEEKit/include/tee/tee_log.h @@ -0,0 +1,387 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_log.h + * + * @brief Provides TEE log APIs. + * + * Reference of TEE log APIs and internal definitions. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef __TEE_LOG_H +#define __TEE_LOG_H + +#include "tee_defines.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Defines the ERROR level of the TA log. + * + * @since 20 + */ +#define TA_LOG_LEVEL_ERROR 0 + +/** + * @brief Defines the WARNING level of the TA log. + * + * @since 20 + */ +#define TA_LOG_LEVEL_WARNING 1 + +/** + * @brief Defines the INFO level of the TA log. + * + * @since 20 + */ +#define TA_LOG_LEVEL_INFO 2 + +/** + * @brief Defines the DEBUG level of the TA log. + * + * @since 20 + */ +#define TA_LOG_LEVEL_DEBUG 3 + +/** + * @brief Defines the VERBO level of the TA log. + * + * @since 20 + */ +#define TA_LOG_LEVEL_VERBO 4 + +/** + * @brief Defines the default level of the TA log. + * + * @since 20 + */ +#define TA_LOG_LEVEL_DEFAULT TA_LOG_LEVEL_INFO + +#ifndef TA_LOG_LEVEL +/** + * @brief Defines the default level of the TA log. + * {@code TA_LOG_LEVEL} can be redefined by TA developers + * + * @since 20 + */ +#define TA_LOG_LEVEL TA_LOG_LEVEL_DEFAULT +#endif + +/** + * @brief Defines the tag of the VERBO level TA log. + * + * @since 20 + */ +#define TAG_VERB "[verb]" + +/** + * @brief Defines the tag of the DEBUG level TA log. + * + * @since 20 + */ +#define TAG_DEBUG "[debug]" + +/** + * @brief Defines the tag of the INFO level TA log. + * + * @since 20 + */ +#define TAG_INFO "[info]" + +/** + * @brief Defines the tag of the WARNING level TA log. + * + * @since 20 + */ +#define TAG_WARN "[warn]" + +/** + * @brief Defines the tag of the ERROR level TA log. + * + * @since 20 + */ +#define TAG_ERROR "[error]" + +/** + * @brief Enumerates the levels of the log. + * + * @since 20 + */ +typedef enum { + /** Error level log. */ + LOG_LEVEL_ERROR = 0, + /** Warning level log. */ + LOG_LEVEL_WARN = 1, + /** Information level log. */ + LOG_LEVEL_INFO = 2, + /** Debug level log. */ + LOG_LEVEL_DEBUG = 3, + /** Verbose level log. */ + LOG_LEVEL_VERBO = 4, + /** On level log. */ + LOG_LEVEL_ON = 5, +} LOG_LEVEL; + +/** + * @brief Provides to print UART logs. + * + * @param fmt [IN] The log information. + * + * @since 20 + */ +void uart_cprintf(const char *fmt, ...); + +/** + * @brief Provides to print UART logs. + * + * @param fmt [IN] The log information. + * + * @since 20 + */ +void uart_printf_func(const char *fmt, ...); + +/** + * @brief Provides to print TEE logs. + * + * @param log_level [IN] The level of the log. + * @param fmt [IN] The log information. + * + * @since 20 + */ +void tee_print(LOG_LEVEL log_level, const char *fmt, ...); + +/** + * @brief Provides to print TEE driver logs. + * + * @param log_level [IN] The level of the log. + * @param log_tag [IN] The tag of the log. + * @param fmt [IN] The log information. + * + * @since 20 + */ +void tee_print_driver(LOG_LEVEL log_level, const char *log_tag, const char *fmt, ...); + +/** + * @brief Defines the debug prefix string. + * + * @since 20 + */ +extern const char *g_debug_prefix; + +#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO) +#ifdef DRIVER_LOG_TAG +/** + * @brief Defines the API to print TEE log at the VERBO level. + * + * @since 20 + */ +#define tlogv(fmt, args...) \ + tee_print_driver(LOG_LEVEL_VERBO, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_VERB, __LINE__, ##args) +#else +/** + * @brief Defines the API to print TEE log at the VERBO level. + * + * @since 20 + */ +#define tlogv(fmt, args...) tee_print(LOG_LEVEL_VERBO, "%s %d:" fmt "", TAG_VERB, __LINE__, ##args) +#endif /* DRIVER_LOG_TAG */ +#else +/** + * @brief Defines the API to print TEE log at the VERBO level. + * + * @since 20 + */ +#define tlogv(fmt, args...) \ + do { \ + } while (0) +#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO */ + +#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG) +#ifdef DRIVER_LOG_TAG +/** + * @brief Defines the API to print TEE log at the DEBUG level. + * + * @since 20 + */ +#define tlogd(fmt, args...) \ + tee_print_driver(LOG_LEVEL_DEBUG, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args) +#else +/** + * @brief Defines the API to print TEE log at the DEBUG level. + * + * @since 20 + */ +#define tlogd(fmt, args...) tee_print(LOG_LEVEL_DEBUG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args) +#endif /* DRIVER_LOG_TAG */ +#else +/** + * @brief Defines the API to print TEE log at the DEBUG level. + * + * @since 20 + */ +#define tlogd(fmt, args...) \ + do { \ + } while (0) +#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG */ + +#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO) +#ifdef DRIVER_LOG_TAG +/** + * @brief Defines the API to print TEE log at the INFO level. + * + * @since 20 + */ +#define tlogi(fmt, args...) \ + tee_print_driver(LOG_LEVEL_INFO, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args) +#else +/** + * @brief Defines the API to print TEE log at the INFO level. + * + * @since 20 + */ +#define tlogi(fmt, args...) tee_print(LOG_LEVEL_INFO, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args) +#endif /* DRIVER_LOG_TAG */ +#else +/** + * @brief Defines the API to print TEE log at the INFO level. + * + * @since 20 + */ +#define tlogi(fmt, args...) \ + do { \ + } while (0) +#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO */ + +#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING) +#ifdef DRIVER_LOG_TAG +/** + * @brief Defines the API to print TEE log at the WARNING level. + * + * @since 20 + */ +#define tlogw(fmt, args...) \ + tee_print_driver(LOG_LEVEL_WARN, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args) +#else +/** + * @brief Defines the API to print TEE log at the WARNING level. + * + * @since 20 + */ +#define tlogw(fmt, args...) tee_print(LOG_LEVEL_WARN, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args) +#endif /* DRIVER_LOG_TAG */ +#else +/** + * @brief Defines the API to print TEE log at the WARNING level. + * + * @since 20 + */ +#define tlogw(fmt, args...) \ + do { \ + } while (0) +#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING */ + +#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR) /* Always meet this condition. */ +#ifndef TLOGE_NO_TIMESTAMP +#ifdef DRIVER_LOG_TAG +/** + * @brief Defines the API to print TEE log at the ERROR level. + * + * @since 20 + */ +#define tloge(fmt, args...) \ + tee_print_driver(LOG_LEVEL_ERROR, DRIVER_LOG_TAG, "%s %d:" fmt " ", TAG_ERROR, __LINE__, ##args) +#else +/** + * @brief Defines the API to print TEE log at the ERROR level. + * + * @since 20 + */ +#define tloge(fmt, args...) tee_print(LOG_LEVEL_ERROR, "%s %d:" fmt " ", TAG_ERROR, __LINE__, ##args) +#endif /* DRIVER_LOG_TAG */ +#else +/** + * @brief Defines the API to print TEE log at the ERROR level. + * + * @since 20 + */ +#define tloge(fmt, args...) printf("[%s] %s %d:" fmt " ", g_debug_prefix, TAG_ERROR, __LINE__, ##args) +#endif /* TLOGE_NO_TIMESTAMP */ +#else +/** + * @brief Defines the API to print TEE log at the ERROR level. + * + * @since 20 + */ +#define tloge(fmt, args...) \ + do { \ + } while (0) +#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR */ + +/** + * @brief Defines an enum for system events. + * + * @since 20 + */ +typedef enum { + /** Fault event. */ + FAULT = 1, + /** Statistics event. */ + STATISTIC = 2, + /** Security event. */ + SECURITY = 3, + /** Behavior event. */ + BEHAVIOR = 4, +} HISYSEVENT_TYPE; + +/** + * @brief Reports DFX messages to HiViewOcean. + * + * @param domain Domain name of a message. + * @param event Event name of a message. + * @param event_type Event type of a message. + * @param fmt Format of a logged message. + * + * @since 20 + */ + +void tee_report(const char *domain, const char *event, HISYSEVENT_TYPE event_type, const char *fmt, ...); + + +#ifdef __cplusplus +} +#endif + +#endif /* __TEE_LOG_H */ +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_mem_mgmt_api.h b/TEEKit/include/tee/tee_mem_mgmt_api.h new file mode 100644 index 0000000000000000000000000000000000000000..f11dc0fa5962e08c518b5859fceffbbd3c9a10a6 --- /dev/null +++ b/TEEKit/include/tee/tee_mem_mgmt_api.h @@ -0,0 +1,285 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_mem_mgmt_api.h + * + * @brief Provides APIs for memory management. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_MEM_MGMT_API_H +#define TEE_MEM_MGMT_API_H + +#include "tee_defines.h" +#include "tee_mem_monitoring_api.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * The definitions below are defined by Global Platform or Platform SDK released previously + * for compatibility. + * Do not make any change to the content below. + */ +#ifndef ZERO_SIZE_PTR + +/** + * @brief Represents a zero-size pointer. + * + * @since 20 + */ +#define ZERO_SIZE_PTR ((void *)16) + +/** + * @brief Checks if the pointer is either zero-size or NULL. + * + * @since 20 + */ +#define zero_or_null_ptr(x) ((unsigned long)(x) <= (unsigned long)ZERO_SIZE_PTR) +#endif + +/** + * @brief Defines the enumeration values for memory allocation hints. + * + * @since 20 + */ +enum MALLOC_HINT { + /** Uninitialized buffer. */ + ZERO = 0, + /** Non-zero initialized buffer. */ + NOT_ZERO = 1, + /** 4-byte aligned buffer. */ + ALIGN_004 = 0x80000002, + /** 8-byte aligned buffer. */ + ALIGN_008 = 0x80000003, + /** 16-byte aligned buffer. */ + ALIGN_016 = 0x80000004, + /** 32-byte aligned buffer. */ + ALIGN_032 = 0x80000005, + /** 64-byte aligned buffer. */ + ALIGN_064 = 0x80000006, + /** 128-byte aligned buffer. */ + ALIGN_128 = 0x80000007, + /** 256-byte aligned buffer. */ + ALIGN_256 = 0x80000008, + /** 4-byte aligned buffer initialized to zero. */ + ALIGN_004_ZERO = 0x80000012, + /** 8-byte aligned buffer initialized to zero. */ + ALIGN_008_ZERO = 0x80000013, + /** 16-byte aligned buffer initialized to zero. */ + ALIGN_016_ZERO = 0x80000014, + /** 32-byte aligned buffer initialized to zero. */ + ALIGN_032_ZERO = 0x80000015, + /** 64-byte aligned buffer initialized to zero. */ + ALIGN_064_ZERO = 0x80000016, + /** 128-byte aligned buffer initialized to zero. */ + ALIGN_128_ZERO = 0x80000017, + /** 256-byte aligned buffer initialized to zero. */ + ALIGN_256_ZERO = 0x80000018, +}; + +/** + * @brief Allocated memory filled with zeros. + * + * @since 20 + */ +#define TEE_MALLOC_FILL_ZERO 0x00000000 + +/** + * @brief Allocated memory with no filling. + * + * @since 20 + */ +#define TEE_MALLOC_NO_FILL 0x00000001 + +/** + * @brief Allocated memory that is not shareable. + * + * @since 20 + */ +#define TEE_MALLOC_NO_SHARE 0x00000002 + +/** + * @brief Grants read access to memory. + * + * @since 20 + */ +#define TEE_MEMORY_ACCESS_READ 0x00000001 + +/** + * @brief Grants write access to memory. + * + * @since 20 + */ +#define TEE_MEMORY_ACCESS_WRITE 0x00000002 + +/** + * @brief Grants access to memory by any owner. + * + * @since 20 + */ +#define TEE_MEMORY_ACCESS_ANY_OWNER 0x00000004 + +/** + * @brief Fills x into the first size bytes of the buffer. + * + * @param buffer Indicates the pointer to the buffer. + * @param x Indicates the value to fill. + * @param size Indicates the number of bytes to fill. + * + * @since 20 + * @version 1.0 + */ +void TEE_MemFill(void *buffer, uint8_t x, size_t size); + +/** + * @brief Copies bytes. + * + * @param dest Indicates the pointer to the buffer that holds the bytes copied. + * @param src Indicates the pointer to the buffer that holds the bytes to copy. + * @param size Indicates the number of bytes to copy. + * + * @since 20 + * @version 1.0 + */ +void TEE_MemMove(void *dest, const void *src, size_t size); + +/** + * @brief Allocates space of the specified size for an object. + * + * @param size Indicates the size of the memory to be allocated. + * @param hint Indicates a hint to the allocator. The value 0 indicates that the memory block + * returned is filled with "\0". + * + * @return Returns a pointer to the newly allocated space if the operation is successful. + * @return Returns a NULL pointer if the allocation fails. + * + * @since 20 + * @version 1.0 + */ +void *TEE_Malloc(size_t size, uint32_t hint); + + /** + * @brief Releases the memory allocated by TEE_Malloc. + * + * If the buffer is a NULL pointer, TEE_Free does nothing. + * The buffer to be released must have been allocated by TEE_Malloc or TEE_Realloc and cannot be + * released repeatedly. Otherwise, unexpected result may be caused. + * + * @param buffer Indicates the pointer to the memory to release. + * + * @since 20 + * @version 1.0 + */ +void TEE_Free(void *buffer); + +/** + * @brief Reallocates memory. + * + * If new_size is greater than the old size, the content of the original memory does not change + * and the space in excess of the old size contains unspecified content. + * If the new size of the memory object requires movement of the object, the space for the previous + * instantiation of the object is deallocated. + * If the space cannot be allocated, the original object remains allocated and this function + * returns a NULL pointer. + * If the buffer is NULL, this function is equivalent to TEE_Malloc. + * + * @param buffer Indicates the pointer to the memory to reallocate. + * @param new_size Indicates the new size required. + * + * @return Returns a pointer to the allocated memory if the operation is successful. + * @return Returns a NULL pointer if the operation fails. + * + * @since 20 + * @version 1.0 + */ +void *TEE_Realloc(void *buffer, size_t new_size); + +/** + * @brief Compares memory content from the beginning. + * + * @param buffer1 Indicates the pointer to the first buffer. + * @param buffer2 Indicates the pointer to the second buffer. + * @param size Indicates the number of the bytes to compare. + * + * @return Returns –1 if buffer1 < buffer2. + * @return Returns 0 if buffer1 == buffer2. + * @return Returns 1 if buffer1 > buffer2. + * + * @since 20 + * @version 1.0 + */ +int32_t TEE_MemCompare(const void *buffer1, const void *buffer2, size_t size); + +/** + * @brief Checks whether this TA has the requested permissions to access a buffer. + * + * @param accessFlags Indicates the access permissions to check. + * @param buffer Indicates the pointer to the target buffer. + * @param size Indicates the size of the buffer to check. + * + * @return Returns TEE_SUCCESS if the TA has the requested permissions. + * @return Returns TEE_ERROR_ACCESS_DENIED otherwise. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_CheckMemoryAccessRights(uint32_t accessFlags, const void *buffer, size_t size); + +/** + * @brief Sets the TA instance data pointer. + * + * @param instanceData Indicates the pointer to the global TA instance data. + * + * @since 20 + * @version 1.0 + */ +void TEE_SetInstanceData(void *instanceData); + +/** + * @brief Obtains the instance data pointer set by the TA using TEE_SetInstanceData. + * + * @return Returns the pointer to the instance data set by TEE_SetInstanceData + * @return or NULL if no instance data pointer has been set. + * + * @since 20 + * @version 1.0 + */ +void *TEE_GetInstanceData(void); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_notify_set_priority.h b/TEEKit/include/tee/tee_notify_set_priority.h new file mode 100644 index 0000000000000000000000000000000000000000..88487d28b42375027bca7afc7159b9ddb7af4a0f --- /dev/null +++ b/TEEKit/include/tee/tee_notify_set_priority.h @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_notify_set_priority.h + * + * @brief Provides API for setting shadow threads' priority. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_NOTIFY_SET_PRIORITY_H +#define TEE_NOTIFY_SET_PRIORITY_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Support setting the priority of the shadow thread + * + * @param priority_ree [IN] priority of the shadow thread + * + * @return 0 success + * @return TEE_ERROR_ACCESS_DENIED do NOT have access right (thread without shadow-thread flag) + * @return TEE_ERROR_BAD_PARAMETERS invalid value of priority_ree + * @return -1 set priority fail + * + * @since 20 + * @version 1.0 + */ +int spi_notify_set_shadow_priority(uint32_t priority_ree); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_object_api.h b/TEEKit/include/tee/tee_object_api.h new file mode 100644 index 0000000000000000000000000000000000000000..10195e7623ade857f0f6feae7fff2b579121e916 --- /dev/null +++ b/TEEKit/include/tee/tee_object_api.h @@ -0,0 +1,385 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_object_api.h + * + * @brief Provides trusted storage APIs. + * + * You can use these APIs to implement trusted storage features. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef __TEE_OBJECT_API_H +#define __TEE_OBJECT_API_H + +#include "tee_defines.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Defines HANDLE_NULL, which is used to denote the absence of a handle. + * + * @since 20 + */ +#define TEE_HANDLE_NULL 0x00000000 + +/** + * @brief Enumerates the usages of the key of the TEE_ObjectHandle. + * + * @since 20 + */ +enum Usage_Constants { + /** The object's key is extractable. */ + TEE_USAGE_EXTRACTABLE = 0x00000001, + /** Used for encryption. */ + TEE_USAGE_ENCRYPT = 0x00000002, + /** Used for decryption. */ + TEE_USAGE_DECRYPT = 0x00000004, + /** Used for hash calculation. */ + TEE_USAGE_MAC = 0x00000008, + /** Used for creating a signature. */ + TEE_USAGE_SIGN = 0x00000010, + /** Used for signature verification. */ + TEE_USAGE_VERIFY = 0x00000020, + /** Used for key derivation. */ + TEE_USAGE_DERIVE = 0x00000040, + /** Used for object initialization, with all permissions assigned by default. */ + TEE_USAGE_DEFAULT = 0xFFFFFFFF, +}; + +/** + * @brief Defines information about the object pointed to by the flag of the TEE_ObjectHandle, + * for example, whether the object is a persistent object or is initialized. + * + * @since 20 + */ +enum Handle_Flag_Constants { + /** The object is a persistent object. */ + TEE_HANDLE_FLAG_PERSISTENT = 0x00010000, + /** The object is initialized. */ + TEE_HANDLE_FLAG_INITIALIZED = 0x00020000, + /** The object is a key set. */ + TEE_HANDLE_FLAG_KEY_SET = 0x00040000, + /** The object is expected to have two keys. */ + TEE_HANDLE_FLAG_EXPECT_TWO_KEYS = 0x00080000, +}; + +/** + * @brief Defines a value attribute identifier flag. + * + * @since 20 + */ +#define TEE_ATTR_FLAG_VALUE 0x20000000 + +/** + * @brief Defines a public attribute identifier flag. + * + * @since 20 + */ +#define TEE_ATTR_FLAG_PUBLIC 0x10000000 + +/** + * @brief Check whether the attribute is a buffer. + * + * @since 20 + */ +#define TEE_ATTR_IS_BUFFER(attribute_id) ((((attribute_id) << 2) >> 31) == 0) + +/** + * @brief Check whether the attribute is a value. + * + * @since 20 + */ +#define TEE_ATTR_IS_VALUE(attribute_id) ((((attribute_id) << 2) >> 31) == 1) + +/** + * @brief Check whether the attribute is protected. + * + * @since 20 + */ +#define TEE_ATTR_IS_PROTECTED(attribute_id) ((((attribute_id) << 3) >> 31) == 0) + +/** + * @brief Check whether the attribute is public. + * + * @since 20 + */ +#define TEE_ATTR_IS_PUBLIC(attribute_id) ((((attribute_id) << 3) >> 31) == 1) + +/** + * @brief Obtains a buffer attribute from the TEE_Attribute struct of the object pointed + * to by TEE_ObjectHandle. + * + * The members in the TEE_Attribute struct must be ref. If the TEE_Attribute is private, + * the Usage_Constants of the object must include TEE_USAGE_EXTRACTABLE. + * + * @param object Indicates the handle of the object. + * @param attributeID Indicates the ID of the attribute to obtain, for example, TEE_ObjectAttribute. + * The attribute ID can also be customized. + * @param buffer Indicates the pointer to the buffer that stores the attribute obtained. + * @param size Indicates the pointer to the length of the content stored. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_ITEM_NOT_FOUND if the TEE_Attribute cannot be found in the object + * or the object is not initialized. + * @return Returns TEE_ERROR_SHORT_BUFFER if the buffer is too small to store the content obtained. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GetObjectBufferAttribute(TEE_ObjectHandle object, uint32_t attributeID, void *buffer, size_t *size); + +/** + * @brief Obtains a value attribute from the TEE_Attribute of an object. + * + * The members of the TEE_Attribute struct must be values. If the TEE_Attribute is private, + * the Usage_Constants of the object must include TEE_USAGE_EXTRACTABLE. + * + * @param object Indicates the handle of the object. + * @param attributeID Indicates the ID of the attribute to obtain, for example, TEE_ObjectAttribute. + * The attribute ID can also be customized. + * @param a Indicates the pointer to the placeholder filled with the attribute field a. + * @param b Indicates the pointer to the placeholder filled with the attribute field b. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_ITEM_NOT_FOUND if the TEE_Attribute cannot be found in the object + * or the object is not initialized. + * @return Returns TEE_ERROR_ACCESS_DENIED if TEE_Attribute is private + * but the object Usage_Constants does not contain the TEE_USAGE_EXTRACTABLE flag. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GetObjectValueAttribute(TEE_ObjectHandle object, uint32_t attributeID, uint32_t *a, uint32_t *b); + +/** + * @brief Closes a TEE_ObjectHandle object. + * + * The object can be persistent or transient. + * + * @param object Indicates the TEE_ObjectHandle object to close. + * + * @since 20 + * @version 1.0 + */ +void TEE_CloseObject(TEE_ObjectHandle object); + +/** + * @brief Allocates an uninitialized object to store keys. + * + * objectType and maxObjectSize must be specified. + * + * @param objectType Indicates the type of the object to create. The value is TEE_ObjectType. + * @param maxObjectSize Indicates the maximum number of bytes of the object. + * @param object Indicates the pointer to the handle of the newly created object. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_OUT_OF_MEMORY if the memory is insufficient. + * @return Returns TEE_ERROR_NOT_SUPPORTED if the object type is not supported. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_AllocateTransientObject(uint32_t objectType, uint32_t maxObjectSize, TEE_ObjectHandle *object); + +/** + * @brief Releases a transient object that is previously allocated with TEE_AllocateTransientObject. + * + * After the function is called, the handle becomes invalid and all allocated resources are released. + * TEE_FreeTransientObject and TEE_AllocateTransientObject are used in pairs. + * + * @param object Indicates the TEE_ObjectHandle to release. + * + * @since 20 + * @version 1.0 + */ +void TEE_FreeTransientObject(TEE_ObjectHandle object); + +/** + * @brief Resets a transient object to its initial state after allocation. + * + * You can use an allocated object, which has not been initialized or used to store a key, to store a key. + * + * @param object Indicates the TEE_ObjectHandle to reset. + * + * @since 20 + * @version 1.0 + */ +void TEE_ResetTransientObject(TEE_ObjectHandle object); + +/** + * @brief Populates an uninitialized object with object attributes passed by the TA in the attrs parameter. + * + * The object must be uninitialized. \n + * The attrs parameter is passed by a TA. + * + * @param object Indicates the handle on a created but uninitialized object. + * @param attrs Indicates the pointer to an array of object attributes, which can be one or more TEE_Attributes. + * @param attrCount Indicates the number of members in the attribute array. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_BAD_PARAMETERS if an incorrect or inconsistent attribute value is detected. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_PopulateTransientObject(TEE_ObjectHandle object, TEE_Attribute *attrs, uint32_t attrCount); + +/** + * @brief Initializes the TEE_Attribute of the buffer type. + * + * The members in the TEE_Attribute struct must be ref. + * + * @param attr Indicates the pointer to the TEE_Attribute initialized. + * @param attributeID Indicates the ID assigned to the TEE_Attribute. + * @param buffer Indicates the pointer to the buffer that stores the content to be allocated. + * @param length Indicates the length of the assigned value, in bytes. + * + * @since 20 + * @version 1.0 + */ +void TEE_InitRefAttribute(TEE_Attribute *attr, uint32_t attributeID, void *buffer, size_t length); + +/** + * @brief Initializes a TEE_Attribute. + * + * @param attr Indicates the pointer to the TEE_Attribute initialized. + * @param attributeID Indicates the ID assigned to the TEE_Attribute. + * @param a Indicates the value to be assigned to the member a in the TEE_Attribute. + * @param b Indicates the value to be assigned to the member b in the TEE_Attribute. + * + * @since 20 + * @version 1.0 + */ +void TEE_InitValueAttribute(TEE_Attribute *attr, uint32_t attributeID, uint32_t a, uint32_t b); + +/** + * @brief Generates a random key or a key pair and populates a transient key object with the generated key. + * + * @param object Indicates a transient object used to hold the generated key. + * @param keySize Indicates the number of bytes of the key. + * @param params Indicates the pointer to the parameters for key generation. + * @param paramCount Indicates the number of parameters required for key generation. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_BAD_PARAMETERS if the type of the key generated does not match + * the key that can be held in the transient object. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GenerateKey(TEE_ObjectHandle object, uint32_t keySize, TEE_Attribute *params, uint32_t paramCount); + +/** + * @brief Get the information of the object data part, the total length of the data part and the current + * position of the data stream. + * + * @param object Indicates the handle of the object. + * @param pos Indicates the data stream position. + * @param len Indicates the data stream length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns others if the operation is failed. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_InfoObjectData(TEE_ObjectHandle object, uint32_t *pos, uint32_t *len); + +/** + * @brief Obtains TEE_ObjectInfo. + * + * This function obtains TEE_ObjectInfo and copies the obtained information to the pre-allocated space + * pointed to by objectInfo. + * + * @param object Indicates the handle of the object. + * @param objectInfo Indicates the pointer to the TEE_ObjectInfo obtained. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_CORRUPT_OBJECT if the object is corrupted and the object handle will be closed. + * @return Returns TEE_ERROR_STORAGE_NOT_AVAILABLE if the object is stored + * in a storage area that is inaccessible currently. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GetObjectInfo1(TEE_ObjectHandle object, TEE_ObjectInfo *objectInfo); + +/** + * @brief Assigns the TEE_Attribute of an initialized object to an uninitialized object. + * + * This function populates an uninitialized object with TEE_Attribute. + * That is, it copies TEE_Attribute of srcobject to destobject. + * The TEE_Attribute types and IDs of the two objects must match. + * + * @param destObject Indicates the uninitialized object. + * @param srcObject Indicates the initialized object. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_CORRUPT_OBJECT if the object is corrupted and the object handle will be closed. + * @return Returns TEE_ERROR_STORAGE_NOT_AVAILABLE if the object is stored + * in a storage area that is inaccessible currently. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_CopyObjectAttributes1(TEE_ObjectHandle destObject, TEE_ObjectHandle srcObject); + +/** + * @brief Restricts the objectUse bit of an object. + * + * This bit determines the usage of the key in the object. The value range is Usage_Constant. + * The bit in the objectUse parameter can be set as follows: \n + * If it is set to 1, the corresponding usage flag in the object is left unchanged. \n + * If it is set to 0, the corresponding usage flag in the object is cleared. \n + * The newly created object contains all Usage_Constant, and the usage flag can be cleared only. + * + * @param object Indicates the TEE_ObjectHandle of the target object. + * @param objectUsage Indicates the new object usage. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_CORRUPT_OBJECT if the object is corrupted and the object handle will be closed. + * @return Returns TEE_ERROR_STORAGE_NOT_AVAILABLE if the object is stored + * in a storage area that is inaccessible currently. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_RestrictObjectUsage1(TEE_ObjectHandle object, uint32_t objectUsage); +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_property_api.h b/TEEKit/include/tee/tee_property_api.h new file mode 100644 index 0000000000000000000000000000000000000000..b8d2292ee16e01607190b291e50f5ea5b474ee29 --- /dev/null +++ b/TEEKit/include/tee/tee_property_api.h @@ -0,0 +1,269 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_property_api.h + * + * @brief Reference of TEE object api definitions. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_PROPERTY_API_H +#define TEE_PROPERTY_API_H + +#include "tee_defines.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Enumerates the types of the property set. + * + * @since 20 + */ +typedef enum { + /** Unknown property set type. */ + TEE_PROPSET_UNKNOW = 0, + /** Property set type for TEE implementation. */ + TEE_PROPSET_TEE_IMPLEMENTATION = 0xFFFFFFFD, + /** Property set type for the current client. */ + TEE_PROPSET_CURRENT_CLIENT = 0xFFFFFFFE, + /** Property set type for the current Trusted Application (TA). */ + TEE_PROPSET_CURRENT_TA = 0xFFFFFFFF, +} Pseudo_PropSetHandle; + +/** + * @brief Defines the property set handle type. + * + * @since 20 + */ +typedef uint32_t TEE_PropSetHandle; + +/** + * @brief Obtains a property from a property set and converts its value into a printable string. + * + * + * @param propsetOrEnumerator Indicates one of the TEE_PROPSET_XXX pseudo-handles or a handle on a property enumerator. + * @param name Indicates the pointer to the zero-terminated string containing the name of the property to obtain. + * @param valueBuffer Indicates the pointer to the buffer for holding the property value obtained. + * @param valueBufferLen Indicates the pointer to the buffer length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_ITEM_NOT_FOUND if the target property cannot be obtained. + * @return Returns TEE_ERROR_SHORT_BUFFER if the value buffer is too small to hold the property value obtained. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GetPropertyAsString(TEE_PropSetHandle propsetOrEnumerator, const char *name, char *valueBuffer, + size_t *valueBufferLen); + +/** + * @brief Obtains a property from a property set and converts its value into a Boolean value. + * + * @param propsetOrEnumerator Indicates one of the TEE_PROPSET_XXX pseudo-handles or a handle on a property enumerator. + * @param name Indicates the pointer to the zero-terminated string containing the name of the property to obtain. + * @param value Indicates the pointer to the variable that holds the property value obtained. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_ITEM_NOT_FOUND if the target property cannot be obtained. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GetPropertyAsBool(TEE_PropSetHandle propsetOrEnumerator, const char *name, bool *value); + +/** + * @brief Obtains a property from a property set and converts its value into a 32-bit unsigned integer. + * + * @param propsetOrEnumerator Indicates one of the TEE_PROPSET_XXX pseudo-handles or a handle on a property enumerator. + * @param name Indicates the pointer to the zero-terminated string containing the name of the property to obtain. + * @param value Indicates the pointer to the variable that holds the property value obtained. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_ITEM_NOT_FOUND if the target property cannot be obtained. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GetPropertyAsU32(TEE_PropSetHandle propsetOrEnumerator, const char *name, uint32_t *value); + +/** + * @brief Obtains a property from a property set and converts its value into a 64-bit unsigned integer. + * + * @param propsetOrEnumerator Indicates one of the TEE_PROPSET_XXX pseudo-handles or a handle on a property enumerator. + * @param name Indicates the pointer to the zero-terminated string containing the name of the property to obtain. + * @param value Indicates the pointer to the variable that holds the property value obtained. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_ITEM_NOT_FOUND if the target property cannot be obtained. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GetPropertyAsU64(TEE_PropSetHandle propsetOrEnumerator, const char *name, uint64_t *value); + +/** + * @brief Obtains a property from a property set and converts its value into a binary block. + * + * @param propsetOrEnumerator Indicates one of the TEE_PROPSET_XXX pseudo-handles or a handle on a property enumerator. + * @param name Indicates the pointer to the zero-terminated string containing the name of the property to obtain. + * @param valueBuffer Indicates the pointer to the buffer for holding the property value obtained. + * @param valueBufferLen Indicates the pointer to the buffer length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_ITEM_NOT_FOUND if the target property cannot be obtained. + * @return TEE_ERROR_SHORT_BUFFER the value buffer is not large enough to hold the whole property value + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GetPropertyAsBinaryBlock(TEE_PropSetHandle propsetOrEnumerator, const char *name, void *valueBuffer, + size_t *valueBufferLen); + +/** + * @brief Obtains a property from a property set and converts its value to the TEE_UUID struct. + * + * @param propsetOrEnumerator Indicates one of the TEE_PROPSET_XXX pseudo-handles or a handle on a property enumerator. + * @param name Indicates the pointer to the zero-terminated string containing the name of the property to obtain. + * @param value Indicates the pointer to the variable that holds the property value obtained. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_ITEM_NOT_FOUND if the target property cannot be obtained. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GetPropertyAsUUID(TEE_PropSetHandle propsetOrEnumerator, const char *name, TEE_UUID *value); + +/** + * @brief Obtains a property from a property set and converts its value to the TEE_Identity struct. + * + * @param propsetOrEnumerator Indicates one of the TEE_PROPSET_XXX pseudo-handles or a handle on a property enumerator. + * @param name Indicates the pointer to the zero-terminated string containing the name of the property to obtain. + * @param value Indicates the pointer to the variable that holds the property value obtained. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_ITEM_NOT_FOUND if the target property cannot be obtained. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GetPropertyAsIdentity(TEE_PropSetHandle propsetOrEnumerator, const char *name, TEE_Identity *value); + +/** + * @brief Allocates a property enumerator object. + * + * @param enumerator Indicates the pointer to the property enumerator filled with an opaque handle. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_OUT_OF_MEMORY if there is no enough resources to allocate the property enumerator. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_AllocatePropertyEnumerator(TEE_PropSetHandle *enumerator); + +/** + * @brief Releases a property enumerator object. + * + * @param enumerator Indicates the handle on the property enumerator to release. + * + * @return void + * + * @since 20 + * @version 1.0 + */ +void TEE_FreePropertyEnumerator(TEE_PropSetHandle enumerator); + +/** + * @brief Starts to enumerate the properties in an enumerator. + * + * @param enumerator Indicates the handle on the enumerator. + * @param propSet Indicates the pseudo-handle on the property set to enumerate. + * + * @return void + * + * @since 20 + * @version 1.0 + */ +void TEE_StartPropertyEnumerator(TEE_PropSetHandle enumerator, TEE_PropSetHandle propSet); + +/** + * @brief Resets a property enumerator immediately after allocation. + * + * @param enumerator Indicates the handle on the enumerator to reset. + * + * @return void + * + * @since 20 + * @version 1.0 + */ +void TEE_ResetPropertyEnumerator(TEE_PropSetHandle enumerator); + +/** + * @brief Obtains the name of this property in an enumerator. + * + * @param enumerator Indicates the handle on the enumerator. + * @param nameBuffer Indicates the pointer to the buffer that stores the property name obtained. + * @param nameBufferLen Indicates the pointer to the buffer length. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_ITEM_NOT_FOUND if the property is not found because the enumerator has not started + * or has reached the end of the property set. + * @return Returns TEE_ERROR_SHORT_BUFFER if the buffer is too small to hold the property name. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GetPropertyName(TEE_PropSetHandle enumerator, void *nameBuffer, size_t *nameBufferLen); + +/** + * @brief Obtains the next property in an enumerator. + * + * @param enumerator Indicates the handle on the enumerator. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_ITEM_NOT_FOUND if the property is not found because the enumerator + * has not started or has reached the end of the property set. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GetNextProperty(TEE_PropSetHandle enumerator); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_rtc_time_api.h b/TEEKit/include/tee/tee_rtc_time_api.h new file mode 100644 index 0000000000000000000000000000000000000000..9b9a2cbe16a78dac1d5d358455122fa95d344846 --- /dev/null +++ b/TEEKit/include/tee/tee_rtc_time_api.h @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_rtc_time_api.h + * + * @brief Provides APIs about rtc timer. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef __TEE_RTC_TIME_API_H +#define __TEE_RTC_TIME_API_H + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Create a secure timer. + * + * @param time_seconds Indicates the security duration. + * @param timer_property Indicates the property of the timer, where only need to specify the timer type. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns other values if the operation fails. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_create_timer(uint32_t time_seconds, TEE_timer_property *timer_property); + +/** + * @brief Destory a secure timer. + * + * @param timer_property Indicates the property of the timer, where only need to specify the timer type. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns other values if the operation fails. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_destory_timer(TEE_timer_property *timer_property); + +/** + * @brief Obtain the set timing duration. + * + * @param timer_property Indicates the property of the timer, where only need to specify the timer type. + * @param time_seconds Indicates the timing duration. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns other values if the operation fails. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_get_timer_expire(TEE_timer_property *timer_property, uint32_t *time_seconds); + +/** + * @brief Obtain the remain timing duration. + * + * @param timer_property Indicates the property of the timer, where only need to specify the timer type. + * @param time_seconds Indicates the remain timing duration. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns other values if the operation fails. + * + * @since 20 + * @version 1.0 + */ +TEE_Result tee_ext_get_timer_remain(TEE_timer_property *timer_property, uint32_t *time_seconds); + +/** + * @brief Obtain the current timing of the RTC clock. + * @attention The obtained time is in seconds and cannot be converted to universal time. + * + * @return The RTC clock count(in seconds). + * + * @since 20 + * @version 1.0 + */ +unsigned int tee_get_secure_rtc_time(void); +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_service_public.h b/TEEKit/include/tee/tee_service_public.h new file mode 100644 index 0000000000000000000000000000000000000000..8af761d603ec75d9da7f11848b4100956d884f32 --- /dev/null +++ b/TEEKit/include/tee/tee_service_public.h @@ -0,0 +1,195 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_service_public.h + * + * @brief Provides the TEE service public function for developers. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef _TEE_SERVICE_PUBLIC_H_ +#define _TEE_SERVICE_PUBLIC_H_ + +#include "tee_defines.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Defines a function pointer type. + * + * @since 20 + */ +typedef void (*func_ptr)(void); + +/** + * @brief Defines the size of the message queue for the TEE service + * + * @since 20 + */ +#define TEE_SERVICE_MSG_QUEUE_SIZE 100 + +/** + * @brief Defines the maximum size of the image hash. + * + * @since 20 + */ +#define MAX_IMAGE_HASH_SIZE 64 + +/** + * @brief Defines the arguments of a message. + * + * @since 20 + */ +typedef struct { + /** Argument 0. */ + uint64_t arg0; + /** Argument 1. */ + uint64_t arg1; + /** Argument 2. */ + uint64_t arg2; + /** Argument 3. */ + uint64_t arg3; + /** Argument 4. */ + uint64_t arg4; + /** Argument 5. */ + uint64_t arg5; + /** Argument 6. */ + uint64_t arg6; + /** Argument 7. */ + uint64_t arg7; +} args_t; + +/** + * @brief Defines the register information of TA. + * + * @since 20 + */ +struct reg_ta_info { + /** TA's task ID. */ + uint32_t taskid; + /** TA's UUID (Universally Unique Identifier). */ + TEE_UUID uuid; + /** User ID. */ + uint32_t userid; + /** Used only for SSA; other tasks should ignore this field. */ + bool ssa_enum_enable; +}; + +/** + * @brief Defines the IPC message of TEE service. + * + * @since 20 + */ +typedef union { + /** Parameter data. */ + args_t args_data; + /** TA's registration information. */ + struct reg_ta_info reg_ta; +} tee_service_ipc_msg; + +/** + * @brief Defines the IPC request message of TEE service. + * + * @since 20 + */ +struct tee_service_ipc_msg_req { + /** Command identifier for the request. */ + uint32_t cmd; + /** IPC message carried by the request. */ + tee_service_ipc_msg msg; +}; + +/** + * @brief Defines the IPC response message of TEE service. + * + * @since 20 + */ +typedef struct { + /** Return result of the request. */ + TEE_Result ret; + /** IPC message carried by the response. */ + tee_service_ipc_msg msg; +} tee_service_ipc_msg_rsp; + +/** + * @brief Defines the message of the TEE service. + * + * @since 20 + */ +typedef struct { + /** Message ID, a unique identifier for the message. */ + uint32_t msg_id; + /** Sender ID of the message. */ + uint32_t sender; + /** Message data. */ + tee_service_ipc_msg msg; +} tee_service_msg_t; + +/** + * @brief Defines the message queue for the TEE service. + * + * @since 20 + */ +typedef struct { + /** Pointer to the input position of the queue. */ + uint32_t in; + /** Pointer to the output position of the queue. */ + uint32_t out; + /** Array of messages, storing the messages in the queue. */ + tee_service_msg_t msg[TEE_SERVICE_MSG_QUEUE_SIZE]; +} tee_service_msg_queue_t; + +/** + * @brief Provides to send IPC synchronization messages to a specified service + * and receive responses from the service. + * + * @param task_name Indicates the task name of recipient. + * @param snd_cmd Indicates the command ID of the send message. + * @param snd_msg Indicates the send message. + * @param ack_cmd Indicates the ID of the ack cmd to be received. + * @param rsp_msg Indicates the service response message. + * + * @since 20 + * @version 1.0 + */ +void tee_common_ipc_proc_cmd(const char *task_name, + uint32_t snd_cmd, const tee_service_ipc_msg *snd_msg, + uint32_t ack_cmd, tee_service_ipc_msg_rsp *rsp_msg); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_sharemem_ops.h b/TEEKit/include/tee/tee_sharemem_ops.h new file mode 100644 index 0000000000000000000000000000000000000000..10a7ff75b94f1eacd66ff6adbe15b954da9b28e7 --- /dev/null +++ b/TEEKit/include/tee/tee_sharemem_ops.h @@ -0,0 +1,129 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_sharemem_ops.h + * + * @brief Provides APIs for developers to apply for shared memory. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_SHAREMEM_OPS_H +#define TEE_SHAREMEM_OPS_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Alloc shared memory in TEE. + * + * @param uuid Indicates the UUID of TA. + * @param size Indicates the size of the requested shared memory. + * + * @return Returns a pointer to the newly allocated space if the operation is successful. + * Returns a NULL pointer if the allocation fails. + * + * @since 20 + * @version 1.0 + */ +void *tee_alloc_sharemem_aux(const struct tee_uuid *uuid, uint32_t size); + +/** + * @brief Alloc continuous shared memory in TEE. + * + * @param uuid Indicates the UUID of TA. + * @param size Indicates the size of the requested shared memory. + * + * @return Returns a pointer to the newly allocated space if the operation is successful. + * Returns a NULL pointer if the allocation fails. + * + * @since 20 + * @version 1.0 + */ +void *tee_alloc_coherent_sharemem_aux(const struct tee_uuid *uuid, uint32_t size); + +/** + * @brief Free the shared memory in TEE. + * + * @param addr Indicates the shared memory address that will be freed. + * @param size Indicates the size of the shared memory. + * + * @return Returns 0 if the operation is successful. + * Returns others if the operation is failed. + * + * @since 20 + * @version 1.0 + */ +uint32_t tee_free_sharemem(void *addr, uint32_t size); + +/** + * @brief Copy shared memory from source task. + * + * @param src_task Indicates the pid of the source task. + * @param src Indicates the address of the source buffer. + * @param src_size Indicates the size of the source buffer. + * @param dst Indicates the address of the destination buffer. + * @param dst_size Indicates the size of the destination buffer. + * + * @return Returns 0 if the operation is successful. + * Returns -1 if the operation is failed. + * + * @since 20 + * @version 1.0 + */ +int32_t copy_from_sharemem(uint32_t src_task, uint64_t src, uint32_t src_size, uintptr_t dst, uint32_t dst_size); + +/** + * @brief Copy shared memory to destination task. + * + * @param src Indicates the address of the source buffer. + * @param src_size Indicates the size of the source buffer. + * @param dst_task Indicates the pid of the destination task. + * @param dst Indicates the address of the destination buffer. + * @param dst_size Indicates the size of the destination buffer. + * + * @return Returns 0 if the operation is successful. + * Returns -1 if the operation is failed. + * + * @since 20 + * @version 1.0 + */ +int32_t copy_to_sharemem(uintptr_t src, uint32_t src_size, uint32_t dst_task, uint64_t dst, uint32_t dst_size); +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_time_api.h b/TEEKit/include/tee/tee_time_api.h new file mode 100644 index 0000000000000000000000000000000000000000..6ecfffefb0d452b7afe2b4c4edabe09c7bcc4b3e --- /dev/null +++ b/TEEKit/include/tee/tee_time_api.h @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_time_api.h + * + * @brief Provides APIs for managing the Trusted Execution Environment (TEE) time. + * + * You can use these APIs to implement time-related features in a TEE. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef __TEE_TIME_API_H +#define __TEE_TIME_API_H + +#include "tee_defines.h" +#include "tee_rtc_time_api.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Get current TEE system rtc time. + * + * @param time [OUT] current TEE system rtc time. + * + * @since 20 + * @version 1.0 + */ +void get_sys_rtc_time(TEE_Time *time); + +/** + * @brief Obtains the current TEE system time. + * + * @param time Indicates the pointer to the current system time obtained. + * + * @since 20 + * @version 1.0 + */ +void TEE_GetSystemTime(TEE_Time *time); + +/** + * @brief Waits for the specified period of time, in milliseconds. + * + * @param timeout Indicates the period of time to wait, in milliseconds. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_CANCEL if the wait is canceled. + * @return Returns TEE_ERROR_OUT_OF_MEMORY if the memory is not sufficient to complete the operation. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_Wait(uint32_t timeout); + +/** + * @brief Obtains the persistent time of this trusted application (TA). + * + * @param time Indicates the pointer to the persistent time of the TA. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_TIME_NOT_SET if the persistent time has not been set. + * @return Returns TEE_ERROR_TIME_NEEDS_RESET if the persistent time is corrupted and + * the application is not longer trusted. + * @return Returns TEE_ERROR_OVERFLOW if the number of seconds in the TA persistent time + * exceeds the range of uint32_t. + * @return Returns TEE_ERROR_OUT_OF_MEMORY if the memory is not sufficient to complete the operation. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GetTAPersistentTime(TEE_Time *time); + +/** + * @brief Sets the persistent time for this TA. + * + * @param time Indicates the pointer to the persistent time of the TA. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * @return Returns TEE_ERROR_OUT_OF_MEMORY if the memory is not sufficient to complete the operation. + * @return Returns TEE_ERROR_STORAGE_NO_SPACE if the storage space is not sufficient to complete the operation. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SetTAPersistentTime(TEE_Time *time); + +/** + * @brief Obtains the current Rich Execution Environment (REE) system time. + * + * @param time Indicates the pointer to the REE system time obtained. + * + * @since 20 + * @version 1.0 + */ +void TEE_GetREETime(TEE_Time *time); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_trusted_storage_api.h b/TEEKit/include/tee/tee_trusted_storage_api.h new file mode 100644 index 0000000000000000000000000000000000000000..43483951d6476b068aeae973374ecdf634e4ba2c --- /dev/null +++ b/TEEKit/include/tee/tee_trusted_storage_api.h @@ -0,0 +1,427 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_trusted_storage_api.h + * + * @brief Provides trusted storage APIs. + * + * You can use these APIs to implement trusted storage features. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef __TEE_TRUSTED_STORAGE_API_H +#define __TEE_TRUSTED_STORAGE_API_H + +#include "tee_defines.h" +#include "tee_object_api.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Defines the start position in the data stream associated with an object. + * It is used in the TEE_SeekObjectData function. + * + * @since 20 + */ +enum __TEE_Whence { + /** Set the start position to the beginning of the data stream. */ + TEE_DATA_SEEK_SET = 0, + /** Set the start position to the current data stream position. */ + TEE_DATA_SEEK_CUR, + /** Set the start position to the end of the data stream. */ + TEE_DATA_SEEK_END +}; + +/** + * @brief Defines the handle for enumerating objects. + * + * @since 20 + */ +struct __TEE_ObjectEnumHandle; + +/** + * @brief Defines the type for the data stream position. + * + * @since 20 + */ +typedef uint32_t TEE_Whence; + +/** + * @brief Defines the storage ID, which identifies the storage space of the application. + * + * @since 20 + */ +enum Object_Storage_Constants { + /** Separate private storage space for each application. */ + TEE_OBJECT_STORAGE_PRIVATE = 0x00000001, + /** Separate personal storage space for application. */ + TEE_OBJECT_STORAGE_PERSO = 0x00000002, + /** Space for secure flash storage. */ + TEE_OBJECT_SEC_FLASH = 0x80000000, + /** Space for RPMB storage. */ + TEE_OBJECT_STORAGE_RPMB = 0x80000001, + /** Credential encrypted storage space. */ + TEE_OBJECT_STORAGE_CE = 0x80000002, + /** Anti-rollback storage space. */ + TEE_OBJECT_STORAGE_ANTIROLLBACK = 0x80000003, +}; + +/** + * @brief Defines the system resource constraints, such as the maximum value for the data stream position indicator. + * + * @since 20 + */ +enum Miscellaneous_Constants { + /** Maximum length that the position indicator of the data stream can take. */ + TEE_DATA_MAX_POSITION = 0xFFFFFFFF, + /** Maximum length of the object ID, which can extend to 128 bytes. */ + TEE_OBJECT_ID_MAX_LEN = 64, +}; + +/** + * @brief Defines the maximum number of bytes that can be held in a data stream. + * + * @since 20 + */ +enum TEE_DATA_Size { + TEE_DATA_OBJECT_MAX_SIZE = 0xFFFFFFFF +}; + +/** + * @brief Defines the handleFlags of a TEE_ObjectHandle. + * The handleFlags determines the access permissions to the data stream associated with the object. + * + * @since 20 + */ +enum Data_Flag_Constants { + /** The data stream can be read. */ + TEE_DATA_FLAG_ACCESS_READ = 0x00000001, + /** The data stream can be written or truncated. */ + TEE_DATA_FLAG_ACCESS_WRITE = 0x00000002, + /** The data stream can be deleted or renamed. */ + TEE_DATA_FLAG_ACCESS_WRITE_META = 0x00000004, + /** Multiple TEE_ObjectHandles can be opened for concurrent read. */ + TEE_DATA_FLAG_SHARE_READ = 0x00000010, + /** Multiple TEE_ObjectHandles can be opened for concurrent write. */ + TEE_DATA_FLAG_SHARE_WRITE = 0x00000020, + /** Reserved. */ + TEE_DATA_FLAG_CREATE = 0x00000200, + /** + * Protect the existing file with the same name. Throw an error if the file with the same name exists; + * create a data file otherwise. + */ + TEE_DATA_FLAG_EXCLUSIVE = 0x00000400, + /** + * Protect the existing file with the same name. Throw an error if the file with the same name exists; + * create a data file otherwise. + */ + TEE_DATA_FLAG_OVERWRITE = 0x00000400, + /** If the bit25 is set to 1, it means deriving TA root key by using gid */ + TEE_DATA_FLAG_GID = 0x02000000, + /** If the bit26 is set to 1, it means deriving TA root key by using huk2 */ + TEE_DATA_FLAG_HUK2 = 0x04000000, + /** + * If the bit27 os set to 1, it means deriving the 32-bytes TA root key at one time, + * if it is 0, it means deriving TA root keys and combined them together. + */ + TEE_DATA_FLAG_DERIVE_32BYTES_KEY_ONCE = 0x08000000, + /** Use AES256 if bit 28 is 1; use AES128 if bit 28 is 0. */ + TEE_DATA_FLAG_AES256 = 0x10000000, + /** If bit 29 is set to 1, open the earlier version preferentially. */ + TEE_DATA_FLAG_OPEN_AESC = 0x20000000, + /** If bit30 is set to 1, it means use GM algorithm to protect data */ + TEE_DATA_FLAG_GM = 0x40000000, +}; + +/** + * @brief Creates a persistent object. + * + * This function creates a persistent object with initialized TEE_Attribute and data stream. + * You can use the returned handle to access the TEE_Attribute and data stream of the object. + * + * @param storageID Indicates the storage to use. The value is specified by Object_Storage_Constants. + * @param ojbectID Indicates the pointer to the object identifier, that is, the name of the object to create. + * @param objectIDLen Indicates the length of the object identifier, in bytes. It cannot exceed 128 bytes. + * @param flags Indicates the flags of the object created. The value can be + * one or more of Data_Flag_Constants or Handle_Flag_Constants. + * @param attributes Indicates the TEE_ObjectHandle of a transient object from which to take + * TEE_Attribute. It can be TEE_HANDLE_NULL if the persistent object contains no attribute. + * @param initialData Indicates the pointer to the initial data used to initialize the data stream data. + * @param initialDataLen Indicates the length of the initial data, in bytes. + * @param object Indicates the pointer to the TEE_ObjectHandle returned + * after the function is successfully executed. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_ITEM_NOT_FOUND if the storage specified by storageID does not exist. + * Returns TEE_ERROR_ACCESS_CONFLICT if an access conflict occurs. + * Returns TEE_ERROR_OUT_OF_MEMORY if the memory is not sufficient to complete the operation. + * Returns TEE_ERROR_STORAGE_NO_SPACE if there is no enough space to create the object. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_CreatePersistentObject(uint32_t storageID, const void *objectID, size_t objectIDLen, uint32_t flags, + TEE_ObjectHandle attributes, const void *initialData, size_t initialDataLen, + TEE_ObjectHandle *object); + +/** + * @brief Opens an existing persistent object. + * + * The handle returned can be used to access the TEE_Attribute and data stream of the object. + * + * @param storageID Indicates the storage to use. The value is specified by Object_Storage_Constants. + * @param ojbectID Indicates the pointer to the object identifier, that is, the name of the object to open. + * @param objectIDLen Indicates the length of the object identifier, in bytes. It cannot exceed 128 bytes. + * @param flags Indicates the flags of the object opened. + * The value can be one or more of Data_Flag_Constants or Handle_Flag_Constants. + * @param object Indicates the pointer to the TEE_ObjectHandle returned + * after the function is successfully executed. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_ITEM_NOT_FOUND if the storage specified by storageID does not exist + * or the object identifier cannot be found in the storage. + * Returns TEE_ERROR_ACCESS_CONFLICT if an access conflict occurs. + * Returns TEE_ERROR_OUT_OF_MEMORY if the memory is not sufficient to complete the operation. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_OpenPersistentObject(uint32_t storageID, const void *objectID, size_t objectIDLen, uint32_t flags, + TEE_ObjectHandle *object); + +/** + * @brief Reads data from the data stream associated with an object into the buffer. + * + * The TEE_ObjectHandle of the object must have been opened with the TEE_DATA_FLAG_ACCESS_READ permission. + * + * @param ojbect Indicates the TEE_ObjectHandle of the object to read. + * @param buffer Indicates the pointer to the buffer used to store the data read. + * @param size Indicates the number of bytes to read. + * @param count Indicates the pointer to the variable that contains the number of bytes read. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_OUT_OF_MEMORY if the memory is not sufficient to complete the operation. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_ReadObjectData(TEE_ObjectHandle object, void *buffer, size_t size, uint32_t *count); + +/** + * @brief Writes bytes from the buffer to the data stream associated with an object. + * + * The TEE_ObjectHandle must have been opened with the TEE_DATA_FLAG_ACCESS_WRITE permission. + * + * @param ojbect Indicates the TEE_ObjectHandle of the object. + * @param buffer Indicates the pointer to the buffer that stores the data to be written. + * @param size Indicates the number of bytes to be written. It cannot exceed 4096 bytes. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_OUT_OF_MEMORY if the memory is not sufficient to complete the operation. + * Returns TEE_ERROR_STORAGE_NO_SPACE if the storage space is not sufficient to complete the operation. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_WriteObjectData(TEE_ObjectHandle object, const void *buffer, size_t size); + +/** + * @brief Changes the size of a data stream. + * + * If the size is less than the current size of the data stream, all bytes beyond size are deleted. If the size + * is greater than the current size of the data stream, add 0s at the end of the stream to extend the stream. + * The object handle must be opened with the TEE_DATA_FLAG_ACCESS_WRITE permission. + * + * @param object Indicates the TEE_ObjectHandle of the object. + * @param size Indicates the new size of the data stream. It cannot exceed 4096 bytes. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_STORAGE_NO_SPACE if the storage space is not sufficient to complete the operation. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_TruncateObjectData(TEE_ObjectHandle object, size_t size); + +/** + * @brief Sets the position of the data stream to which TEE_ObjectHandle points. + * + * The data position indicator is determined by the start position and an offset together. + * The whence parameter determines the start position. Its value is set in TEE_Whence as follows: + * TEE_DATA_SEEK_SET = 0: The start position is the beginning of the data stream. + * TEE_DATA_SEEK_CUR: The start position is the current position of the data stream. + * TEE_DATA_SEEK_END: The start position is the end of the data stream. + * If the parameter offset is a positive number, the data position is moved forward. + * If offset is a negative number, the data position is moved backward. + * + * @param object Indicates the TEE_ObjectHandle of the object. + * @param offset Indicates the number of bytes to move the data position. It cannot exceed 4096 bytes. + * @param whence Indicates the start position in the data stream to calculate the new position. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_OVERFLOW if the position indicator resulting from this operation + * is greater than TEE_DATA_MAX_POSIT. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SeekObjectData(TEE_ObjectHandle object, int32_t offset, TEE_Whence whence); + +/** + * @brief Synchronizes the opened TEE_ObjectHandle and the corresponding security attribute file to the disk. + * + * @param object Indicates the TEE_ObjectHandle of the object. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_SyncPersistentObject(TEE_ObjectHandle object); + +/** + * @brief Changes the object identifier. + * + * The TEE_ObjectHandle must have been opened with the TEE_DATA_FLAG_ACCESS_WRITE_META permission. + * + * @param object Indicates the handle of the target object. + * @param newObjectID Indicates the pointer to the new object identifier. + * @param newObjectIDLen Indicates the length of the new object identifier. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_RenamePersistentObject(TEE_ObjectHandle object, void *newObjectID, size_t newObjectIDLen); + +/** + * @brief Allocates a handle on an uninitialized object enumerator. + * + * @param obj_enumerator Indicates the pointer to the handle of the newly created object enumerator. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_OUT_OF_MEMORY if the memory is not sufficient to complete the operation. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_AllocatePersistentObjectEnumerator(TEE_ObjectEnumHandle *obj_enumerator); + +/** + * @brief Releases all resources associated with an object enumerator handle. + * + * After this function is called, the object handle is no longer valid and all resources associated with + * the object enumerator handle will be reclaimed. + * TEE_FreePersistentObjectEnumerator and TEE_AllocatePersistentObjectEnumeratorare used in pairs. + * + * @param obj_enumerator Indicates the TEE_ObjectEnumHandle to release. + * + * @since 20 + * @version 1.0 + */ +void TEE_FreePersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator); + +/** + * @brief Resets an object enumerator handle to its initial state after allocation. + * + * @param obj_enumerator Indicates the TEE_ObjectEnumHandle of the object enumerator to reset. + * + * @since 20 + * @version 1.0 + */ +void TEE_ResetPersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator); + +/** + * @brief Starts the enumeration of all the objects in the given trusted storage. + * + * The object information can be obtained by using TEE_GetNextPersistentObject. + * + * @param obj_enumerator Indicates the TEE_ObjectEnumHandle of the object enumerator. + * @param storage_id Indicates the storage, in which the objects are enumerated. + * The value is specified by Object_Storage_Constants. + * Currently, only TEE_STORAGE_PRIVATE is supported. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ITEM_NOT_FOUND if storageID is not TEE_STORAGE_PRIVATE + * or there is no object in the specified storage. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_StartPersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator, uint32_t storage_id); + +/** + * @brief Obtains the next object in the object enumerator. + * + * Information such as TEE_ObjectInfo, objectID, and objectIDLen will be obtained. + * + * @param obj_enumerator Indicates the TEE_ObjectEnumHandle of the object enumerator. + * @param object_info Indicates the pointer to the obtainedTEE_ObjectInfo. + * @param object_id Indicates the pointer to the buffer used to store the obtained objectID. + * @param object_id_len Indicates the pointer to the objectIDLen. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ITEM_NOT_FOUND if the object enumerator has no element + * or the enumerator has not been initialized. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_GetNextPersistentObject(TEE_ObjectEnumHandle obj_enumerator, + TEE_ObjectInfo *object_info, void *object_id, size_t *object_id_len); + +/** + * @brief Closes a TEE_ObjectHandle and deletes the object. + * + * The object must be a persistent object, and the object handle must have been opened with + * the TEE_DATA_FLAG_ACCESS_WRITE_META permission. + * + * @param object Indicates the object handle to close. + * + * @return Returns TEE_SUCCESS if the operation is successful. + * Returns TEE_ERROR_STORAGE_NOT_AVAILABLE if the object is stored + * in a storage area that is inaccessible currently. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_CloseAndDeletePersistentObject1(TEE_ObjectHandle object); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee/tee_tui_gp_api.h b/TEEKit/include/tee/tee_tui_gp_api.h new file mode 100644 index 0000000000000000000000000000000000000000..0ee06dc26545b6e2309efdaceff9014621d5dd61 --- /dev/null +++ b/TEEKit/include/tee/tee_tui_gp_api.h @@ -0,0 +1,486 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeTrusted + * @{ + * + * @brief TEE(Trusted Excution Environment) API. + * Provides security capability APIs such as trusted storage, encryption and decryption, + * and trusted time for trusted application development. + * + * @since 20 + */ + +/** + * @file tee_tui_gp_api.h + * + * @brief Provides APIs for operating big integers. + * + * @library NA + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TASK_TUI_GP_API_H +#define TASK_TUI_GP_API_H + +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Defines the number of button types in TUI. + * + * @since 20 + */ +#define TEE_TUI_NUMBER_BUTTON_TYPES 0x00000006 + +/** + * @brief Defines the private storage type. + * + * @since 20 + */ +#define TEE_STORAGE_PRIVATE 0x00000001 + +/** + * @brief Defines the default maximum number of entry fields. + * + * @since 20 + */ +#define DEFAULT_MAX_ENTRY_FIELDS 3 + +/** + * @brief Defines the identifier for the exit operation. + * + * @since 20 + */ +#define TUI_EXIT 8 + +/** + * @brief Enumerates the modes supported when displaying characters within an input entry field. + * + * @since 20 + */ +typedef enum { + /** Never visible, displayed as '*'. */ + TEE_TUI_HIDDEN_MODE = 0, + /** Always visible. */ + TEE_TUI_CLEAR_MODE, + /** Visible then hidden. */ + TEE_TUI_TEMPORARY_CLEAR_MODE +} TEE_TUIEntryFieldMode; + +/** + * @brief Enumerates the input types supported of the TUI entry field. + * + * @since 20 + */ +typedef enum { + /** When the field accepts only digits as inputs. */ + TEE_TUI_NUMERICAL = 0, + /** When the field accepts characters and digits as inputs. */ + TEE_TUI_ALPHANUMERICAL, +} TEE_TUIEntryFieldType; + +/** + * @brief Enumerates the TUI screen orientation. + * @attention Currently {@code TEE_TUI_LANDSCAPE} is not supported. + * + * @since 20 + */ +typedef enum { + /** Displayed as a portrait, i.e. vertically. */ + TEE_TUI_PORTRAIT = 0, + /** Displayed as a landscape, i.e. horizontally. */ + TEE_TUI_LANDSCAPE, +} TEE_TUIScreenOrientation; + +/** + * @brief Enumerates the types of the button. + * + * @since 20 + */ +typedef enum { + /** Used to delete the previous input digit. */ + TEE_TUI_CORRECTION = 0, + /** Exits the interface. */ + TEE_TUI_OK, + /** Cancels the operation and exits the interface. */ + TEE_TUI_CANCEL, + /** Used to trigger PIN verifcation and exit the interface.*/ + TEE_TUI_VALIDATE, + /** Exit the current interface and ask the TA to display the previous interface. */ + TEE_TUI_PREVIOUS, + /** Exit the current interface and ask the TA to display the next interface. */ + TEE_TUI_NEXT, +} TEE_TUIButtonType; + +/** + * @brief Enumerates source of the uesd image. + * + * @since 20 + */ +typedef enum { + /** No picture provided in the input. */ + TEE_TUI_NO_SOURCE = 0, + /** The picture provided as a memory pointer. */ + TEE_TUI_REF_SOURCE, + /** The picture provided by an object in the secure storage. */ + TEE_TUI_OBJECT_SOURCE, + /** The picture provided as a file. */ + TEE_TUI_FILE_SOURCE = 0x8001 +} TEE_TUIImageSource; + +/** + * @brief Represents the image in PNG format. + * + * @since 20 + */ +typedef struct { + /** Represents the source of the image. */ + TEE_TUIImageSource source; + /** Contains the image data and its length. */ + struct { + /** Pointer to the image data. */ + void *image; + /** The length of the image data. */ + size_t imageLength; + } ref; + /** Represents the object storage information. */ + struct { + /** The storage ID where the image is stored. */ + uint32_t storageID; + /** Pointer to the object ID where the image is stored. */ + void *objectID; + /** The length of the object ID. */ + size_t objectIDLen; + } object; + /** Represents the number of pixels in the width of the image. */ + uint32_t width; + /** Represents the number of pixels in the height of the image. */ + uint32_t height; +} TEE_TUIImage; + +/** + * @brief Enumerates the GP color index. + * + * @since 20 + */ +enum gp_color_idx { + /** Red color index. */ + RED_IDX = 0, + /** Green color index. */ + GREEN_IDX = 1, + /** Blue color index. */ + BLUE_IDX = 2, + /** RGB color index. */ + RGB_COLOR_IDX = 3, +}; + +/** + * @brief Represents the label for TA branding/message, generally on the top of screen. + * + * @since 20 + */ +typedef struct { + /** It's the string to put in the label area, which can be NULL. */ + char *text; + /** X-coordinate of the upper left corner of the text information. */ + uint32_t textXOffset; + /** Y-coordinate of the upper left corner of the text information. */ + uint32_t textYOffset; + /** RGB color used for displaying the text information. */ + uint8_t textColor[RGB_COLOR_IDX]; + /** The image is placed in the label area. */ + TEE_TUIImage image; + /** X-coordinate of the upper left corner of the image to be displayed. */ + uint32_t imageXOffset; + /** Y-coordinate of the upper left corner of the image to be displayed. */ + uint32_t imageYOffset; +} TEE_TUIScreenLabel; + +/** + * @brief Represents the content displayed on a button. + * + * @since 20 + */ +typedef struct { + /** It's the string to associate with the button, which can be NULL. */ + char *text; + /** The image to associate with the button. */ + TEE_TUIImage image; +} TEE_TUIButton; + +/** + * @brief Represents the configuration about the TUI screen. + * + * @since 20 + */ +typedef struct { + /** The requested screen orientation. */ + TEE_TUIScreenOrientation screenOrientation; + /** The specifies label of the screen.*/ + TEE_TUIScreenLabel label; + /** Customizes the buttons compared to the default. */ + TEE_TUIButton *buttons[TEE_TUI_NUMBER_BUTTON_TYPES]; + /** Specifes which buttons to be displayed. */ + bool requestedButtons[TEE_TUI_NUMBER_BUTTON_TYPES]; +} TEE_TUIScreenConfiguration; + +/** + * @brief Represents the information about a TUI screen button. + * @attention The {@code buttonTextCustom} and {@code buttonImageCustom} cannot be set to true at the same time. + * + * @since 20 + */ +typedef struct { + /** Defaut label value of the button text. If the value is NULL means the parameter is unavailable. */ + const char *buttonText; + /** The pixel width of the button. + * If the text or image on the button cannot be customized, the value is 0. + */ + uint32_t buttonWidth; + /** The pixel height of the button. + * If the text or image on the button cannot be customized, the value is 0. + */ + uint32_t buttonHeight; + /** If the text on the button cannot be customized, the value is true. */ + bool buttonTextCustom; + /** If the image on the button cannot be customized, the value is true. */ + bool buttonImageCustom; +} TEE_TUIScreenButtonInfo; + +/** + * @brief Represents the information displayed on the TUI. + * + * @since 20 + */ +typedef struct { + /** Available grayscale. */ + uint32_t grayscaleBitsDepth; + /** Available red depth level. */ + uint32_t redBitsDepth; + /** Available green depth level. */ + uint32_t greenBitsDepth; + /** Available blue depth level. */ + uint32_t blueBitsDepth; + /** Indicates the number of pixels per inch in the width direction. */ + uint32_t widthInch; + /** Indicates the number of pixels per inch in the height direction. */ + uint32_t heightInch; + /** Indicates the maximum number of entries that can be displayed on the TUI. */ + uint32_t maxEntryFields; + /** Indicates the pixel width of the input region label. */ + uint32_t entryFieldLabelWidth; + /** Indicates the pixel height of the input region label. */ + uint32_t entryFieldLabelHeight; + /** Indicates the maximum number of characters that can be entered in the entry field. */ + uint32_t maxEntryFieldLength; + /** RGB value of the default label canvas. */ + uint8_t labelColor[RGB_COLOR_IDX]; + /** Indicates the pixel width of the label canvas. */ + uint32_t labelWidth; + /** Indicates the pixel height of the label canvas. */ + uint32_t labelHeight; + /** Indicates the information of the buttons on the interface. */ + TEE_TUIScreenButtonInfo buttonInfo[TEE_TUI_NUMBER_BUTTON_TYPES]; +} TEE_TUIScreenInfo; + +/** + * @brief Represents the information in an entry field that requires user input. + * + * @since 20 + */ +typedef struct { + /** Indicates the label of the entry field. */ + char *label; + /** Indicates the mode used to display characters. */ + TEE_TUIEntryFieldMode mode; + /** Indicates the type of the characters can be entered in the entry field. */ + TEE_TUIEntryFieldType type; + /** The minimum number of characters to be entered. */ + uint32_t minExpectedLength; + /** The maximum number of characters to be entered. */ + uint32_t maxExpectedLength; + /** Contains the content entered by user. */ + char *buffer; + /** Indicates the length of the buffer. */ + size_t bufferLength; +} TEE_TUIEntryField; + +/** + * @brief Initializing the TUI resources. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * Returns {@code TEE_ERROR_NOT_SUPPORTED} if the device is not support TUI. + * Returns {@code TEE_ERROR_BUSY} if the TUI resources cannot be reserved. + * Returns {@code TEE_ERROR_OUT_OF_MEMORY} if the system ran out of the resources. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_TUIInitSession(void); + + +/** + * @brief Releases TUI resources previously acquired. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_STATE} if the current TA is not within a TUI session initially + * started by a successful call to {@code TEE_TUIInitSession}. + * Returns {@code TEE_ERROR_BUSY} if the TUI resources currently are in use. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_TUICloseSession(void); + +/** + * @brief Allows a TA to check whether a given text can be rendered by the current implementation and + * retrieves information about the size and width that is needed to render it. + * + * @param text Indicates the string to be checked. + * @param width Indicates the width in pixels needed to render the text. + * @param height Indicates the height in pixels needed to render the text. + * @param last_index Indicates the last character that has been checked + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_NOT_SUPPORTED} if at least one of the characters present + * in the text string cannot be rendered. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_TUICheckTextFormat(const char *text, uint32_t *width, uint32_t *height, uint32_t *last_index); + +/** + * @brief Retrieves information about the screen depending on its orientation and + * the number of required entry fields. + * + * @param screenOrientation Defines for which orientation screen information is requested. + * @param nbEntryFields Indicates the number of the requested entry fields. + * @param screenInfo Indicates the information on the requested screen for a given orientation. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_NOT_SUPPORTED} if the number of entry fields is not supported. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_TUIGetScreenInfo(TEE_TUIScreenOrientation screenOrientation, + uint32_t nbEntryFields, + TEE_TUIScreenInfo *screenInfo); +/** + * @brief Display a TUI screen. + * + * @param screenConfiguration Indicates the configuration of the labels and optional buttons on the display interface. + * @param closeTUISession If the value is true, the TUI session will automatically closed when exiting the function. + * @param entryFields Indicates the information of entry field. + * @param entryFieldCount Indicates the count of the entry fields. + * @param selectedButton Indicates which button has been selected by the user to exit the TUI screen. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_OUT_OF_MEMORY} if the system ran out of the resources. + * Returns {@code TEE_ERROR_ITEM_NOT_FOUND} if at least one image provided by the TA refers to a storage + * denoted by a storageID which dose not exist or if the corresponding object identifier cannot be found in the storage. + * Returns {@code TEE_ERROR_ACCESS_CONFLICT} if at least one image provided by the TA refers to a data + * object in the trusted storage and an access right conflict was detected while opening the object. + * Returns {@code TEE_ERROR_BAD_FORMAT} if at least one input image is not compliant with PNG format. + * Returns {@code TEE_ERROR_BAD_STATE} if the current TA is not within a TUI session + * initially started by a successful call to {@code TEE_TUIInitSession}. + * Returns {@code TEE_ERROR_BUSY} if the TUI resources are currently in use, i.e. a TUI screen is displayed. + * Returns {@code TEE_ERROR_CANCEL} if the operation has been cancelled while a TUI screen is currently + * displayed. + * Returns {@code TEE_ERROR_EXTERNAL_CANCEL} if the operation has been cancelled by an external event which + * occurred in the REE while a TUI screen is currently displayed. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_TUIDisplayScreen(TEE_TUIScreenConfiguration *screenConfiguration, + bool closeTUISession, + TEE_TUIEntryField *entryFields, + uint32_t entryFieldCount, + TEE_TUIButtonType *selectedButton); + +/** + * @brief Fringerprint identification port. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_NOT_SUPPORTED} if the device is not support TUI. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_TUINotify_fp(void); + +/** + * @brief Set the Chinese character encoding. The system supports UTF-8 by default. + * + * @param type Indicates the encoding type. The value 1 indicates GBK. Other values are not supported. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_NOT_SUPPORTED} if the device is not support this function. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_TUISetInfo(int32_t type); + +/** + * @brief Send message to TUI. + * + * @param type Indicates the messages send to the TUI. Only support {@code TUI_EXIT}. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_TUISendEvent(int32_t type); + +/** + * @brief Setting the TUI background image. + * + * @param label Configure the background image information in the label variable. + * The image must be a PNG image in array format. + * @param len Indicates the label size. + * + * @return Returns {@code TEE_SUCCESS} if the operation is successful. + * Returns {@code TEE_ERROR_GENERIC} if input parameter is incorrect. + * Returns {@code TEE_ERROR_ACCESS_DENIED} if the permission verification failed. + * + * @since 20 + * @version 1.0 + */ +TEE_Result TEE_TUISetLabel(TEE_TUIScreenLabel *label, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee_client/tee_client_api.h b/TEEKit/include/tee_client/tee_client_api.h new file mode 100644 index 0000000000000000000000000000000000000000..900bfe0ca304c4760e239fb690696428027e33ce --- /dev/null +++ b/TEEKit/include/tee_client/tee_client_api.h @@ -0,0 +1,247 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeClient + * @{ + * + * @brief Provides APIs for the client applications (CAs) in the Rich Execution Environment (normal mode) to + * access the trusted applications (TAs) in a Trusted Execution Environment (TEE). + * + * @since 20 + * @version 1.0 + */ + +/** + * @file tee_client_api.h + * + * @brief Defines APIs for CAs to access TAs. + * + *

Example: + *

1. Initialize a TEE: Call TEEC_InitializeContext to initialize the TEE. + *

2. Open a session: Call TEEC_OpenSession with the Universal Unique Identifier (UUID) of the TA. + *

3. Send a command: Call TEEC_InvokeCommand to send a command to the TA. + *

4. Close the session: Call TEEC_CloseSession to close the session. + *

5. Close the TEE: Call TEEC_FinalizeContext to close the TEE. + * + * @library libteec.so + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_CLIENT_API_H +#define TEE_CLIENT_API_H + +#include +#include "tee_client_type.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Defines the values of the parameters transmitted between the REE and TEE. + * + * @since 20 + * @version 1.0 + */ +#define TEEC_PARAM_TYPES(param0Type, param1Type, param2Type, param3Type) \ + ((param3Type) << 12 | (param2Type) << 8 | (param1Type) << 4 | (param0Type)) + +/** + * @brief Defines the value of the parameter specified by paramTypes and index. + * + * @since 20 + * @version 1.0 + */ +#define TEEC_PARAM_TYPE_GET(paramTypes, index) \ + (((paramTypes) >> (4*(index))) & 0x0F) + +/** + * @brief Initializes a TEE. + * + * The TEE must be initialized before a session is open or commands are sent. + * After the initialization, a connection is set up between the CA and the TEE. + * + * @param name [IN] Indicates the pointer to the TEE path. + * @param context [IN/OUT] Indicates the context pointer, which is the handle of the TEE. + * + * @return Returns {@code TEEC_SUCCESS} if the TEE is successfully initialized. + * Returns {@code TEEC_ERROR_BAD_PARAMETERS} if name is incorrect or context is null. + * Returns {@code TEEC_ERROR_GENERIC} if the available system resources are insufficient. + * + * @since 20 + * @version 1.0 + */ +TEEC_Result TEEC_InitializeContext(const char *name, TEEC_Context *context); + +/** + * @brief Closes the TEE. + * + * After the TEE is closed, the CA is disconnected from the TEE. + * + * @param context [IN/OUT] Indicates the pointer to the TEE that is successfully initialized. + * + * @since 20 + * @version 1.0 + */ +void TEEC_FinalizeContext(TEEC_Context *context); + +/** + * @brief Opens a session. + * + * This function is used to set up a connection between the CA and the TA of the specified UUID in the specified TEE + * context. The data to be transferred is contained in operation. + * If a session is opened successfully, session is returned providing a description of the connection. + * If the session fails to open, returnOrigin is returned indicating the cause of the failure. + * + * @param context [IN/OUT] Indicates the pointer to the TEE that is successfully initialized. + * @param session [OUT] Indicates the pointer to the session. The value cannot be null. + * @param destination [IN] Indicates the pointer to the UUID of the target TA. Each TA has a unique UUID. + * @param connectionMethod [IN] Indicates the connection method. For details, see {@link TEEC_LoginMethod}. + * @param connectionData [IN] Indicates the pointer to the connection data, which varies with the connection mode. + * If the connection mode is {@code TEEC_LOGIN_PUBLIC}, {@code TEEC_LOGIN_USER}, + * {@code TEEC_LOGIN_USER_APPLICATION}, or {@code TEEC_LOGIN_GROUP_APPLICATION}, the connection data must be null. + * If the connection mode is {@code TEEC_LOGIN_GROUP} or {@code TEEC_LOGIN_GROUP_APPLICATION}, + * the connection data must point to data of the uint32_t type, which indicates the target group user to be connected + * by the CA. + * @param operation [IN/OUT] Indicates the pointer to the data to be transmitted between the CA and TA. + * @param returnOrigin [IN/OUT] Indicates the pointer to the error source. + * For details, see {@code TEEC_ReturnCodeOrigin}. + * + * @return Returns {@code TEEC_SUCCESS} if the session is open successfully. + * Returns {@code TEEC_ERROR_BAD_PARAMETERS} if context, session, or destination is null. + * Returns {@code TEEC_ERROR_ACCESS_DENIED} if the access request is denied. + * Returns {@code TEEC_ERROR_OUT_OF_MEMORY} if the available system resources are insufficient. + * Returns {@code TEEC_ERROR_TRUSTED_APP_LOAD_ERROR} if the TA failed to be loaded. + * For details about other return values, see {@code TEEC_ReturnCode}. + * + * @since 20 + * @version 1.0 + */ +TEEC_Result TEEC_OpenSession(TEEC_Context *context, TEEC_Session *session, const TEEC_UUID *destination, + uint32_t connectionMethod, const void *connectionData, TEEC_Operation *operation, uint32_t *returnOrigin); + +/** + * @brief Closes a session. + * + * After the session is closed, the CA is disconnected from the TA. + * + * @param session [IN/OUT] Indicates the pointer to the session to close. + * + * @since 20 + * @version 1.0 + */ +void TEEC_CloseSession(TEEC_Session *session); + +/** + * @brief Sends a command to a TA. + * + * The CA sends the command ID to the TA through the specified session. + * + * @param session [IN/OUT] Indicates the pointer to the session opened. + * @param commandID [IN] Indicates the command ID supported by the TA. It is defined by the TA. + * @param operation [IN/OUT] Indicates the pointer to the data to be sent from the CA to the TA. + * @param returnOrigin [IN/OUT] Indicates the pointer to the error source. + * For details, see {@code TEEC_ReturnCodeOrigin}. + * + * @return Returns {@code TEEC_SUCCESS} if the command is sent successfully. + * Returns {@code TEEC_ERROR_BAD_PARAMETERS} if session is null or + * operation is in incorrect format. + * Returns {@code TEEC_ERROR_ACCESS_DENIED} if the access request is denied. + * Returns {@code TEEC_ERROR_OUT_OF_MEMORY} if the available system resources are insufficient. + * For details about other return values, see {@code TEEC_ReturnCode}. + * + * @since 20 + * @version 1.0 + */ +TEEC_Result TEEC_InvokeCommand(TEEC_Session *session, uint32_t commandID, + TEEC_Operation *operation, uint32_t *returnOrigin); + +/** + * @brief Registers shared memory in the specified TEE context. + * + * The registered shared memory can implement zero-copy. + * The zero-copy function, however, also requires support by the operating system. + * At present, zero-copy cannot be implemented in this manner. + * + * @param context [IN/OUT] Indicates the pointer to the TEE that is successfully initialized. + * @param sharedMem [IN/OUT] Indicates the pointer to the shared memory. + * The pointed shared memory cannot be null and the size cannot be 0. + * + * @return Returns {@code TEEC_SUCCESS} if the operation is successful. + * Returns {@code TEEC_ERROR_BAD_PARAMETERS} if context or sharedMem is null or + * the pointed memory is empty. + * + * @since 20 + * @version 1.0 + */ +TEEC_Result TEEC_RegisterSharedMemory(TEEC_Context *context, TEEC_SharedMemory *sharedMem); + +/** + * @brief Requests shared memory in the specified TEE context. + * + * The shared memory can be used to implement zero-copy during data transmission between the REE and TEE. + * The zero-copy function, however, also requires support by the operating system. + * At present, zero-copy cannot be implemented in this manner. + * + * @attention If the size field of the input parameter sharedMem is set to 0, TEEC_SUCCESS + * will be returned but the shared memory cannot be used because this memory has neither an address nor size. + * @param context [IN/OUT] Indicates the pointer to the TEE that is successfully initialized. + * @param sharedMem [IN/OUT] Indicates the pointer to the shared memory. The size of the shared memory cannot be 0. + * + * @return Returns {@code TEEC_SUCCESS} if the operation is successful. + * Returns {@code TEEC_ERROR_BAD_PARAMETERS} if context or sharedMem is null. + * Returns {@code TEEC_ERROR_OUT_OF_MEMORY} if the available system resources are insufficient. + * + * @since 20 + * @version 1.0 + */ +TEEC_Result TEEC_AllocateSharedMemory(TEEC_Context *context, TEEC_SharedMemory *sharedMem); + +/** + * @brief Releases the shared memory registered or acquired. + * + * @attention If the shared memory is acquired by using {@code TEEC_AllocateSharedMemory}, + * the memory released will be reclaimed. If the shared memory is acquired by using {@code TEEC_RegisterSharedMemory}, + * the local memory released will not be reclaimed. + * @param sharedMem [IN/OUT] Indicates the pointer to the shared memory to release. + * + * @since 20 + * @version 1.0 + */ +void TEEC_ReleaseSharedMemory(TEEC_SharedMemory *sharedMem); + +/** + * @brief Cancels an operation. + * + * @attention This operation is only used to send a cancel message. Whether to perform the cancel operation is + * determined by the TEE or TA. + * At present, the cancel operation does not take effect. + * @param operation [IN/OUT] Indicates the pointer to the data to be sent from the CA to the TA. + * + * @since 20 + * @version 1.0 + */ +void TEEC_RequestCancellation(TEEC_Operation *operation); + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee_client/tee_client_constants.h b/TEEKit/include/tee_client/tee_client_constants.h new file mode 100644 index 0000000000000000000000000000000000000000..50a3d73bf71c4cd2e4b34cbc4f02c4e0bf2e6fbe --- /dev/null +++ b/TEEKit/include/tee_client/tee_client_constants.h @@ -0,0 +1,236 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeClient + * @{ + * + * @brief Provides APIs for the client applications (CAs) in the Rich Execution Environment (normal mode) to + * access the trusted applications (TAs) in a Trusted Execution Environment (TEE). + * + * @since 20 + * @version 1.0 + */ + +/** + * @file tee_client_constants.h + * + * @brief Defines public data and constants. + * + * @library libteec.so + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_CLIENT_CONSTANTS_H +#define TEE_CLIENT_CONSTANTS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Defines the number of TEEC_Parameters in TEEC_Operation. + * + * @since 20 + * @version 1.0 + */ +#define TEEC_PARAM_NUM 4 + +/** + * @brief Defines the error codes returned. + * + * @since 20 + * @version 1.0 + */ +enum TEEC_ReturnCode { + /** The operation is successful. */ + TEEC_SUCCESS = 0x0, + /** Invalid command. The command is not supported by the TA. */ + TEEC_ERROR_INVALID_CMD, + /** The TA does not exist. */ + TEEC_ERROR_SERVICE_NOT_EXIST, + /** The session between the CA and TA does not exist. */ + TEEC_ERROR_SESSION_NOT_EXIST, + /** The number of connections to the TA has reached the limit. */ + TEEC_ERROR_SESSION_MAXIMUM, + /** The TA to be registered already exists. */ + TEEC_ERROR_REGISTER_EXIST_SERVICE, + /** Secure OS framework error. */ + TEEC_ERROR_TAGET_DEAD_FATAL, + /** Failed to read the file. */ + TEEC_ERROR_READ_DATA, + /** Failed to write the file. */ + TEEC_ERROR_WRITE_DATA, + /** Failed to truncate the file. */ + TEEC_ERROR_TRUNCATE_OBJECT, + /** Failed to seek data. */ + TEEC_ERROR_SEEK_DATA, + /** File synchronization error. */ + TEEC_ERROR_FSYNC_DATA, + /** Failed to rename the file. */ + TEEC_ERROR_RENAME_OBJECT, + /** Failed to load the TA when opening a session. */ + TEEC_ERROR_TRUSTED_APP_LOAD_ERROR, + /** Failed to initialize the TA. */ + TEEC_ERROR_GENERIC = 0xFFFF0000, + /** Permission verification failed. Permission verification is performed before a TEE or session is opened or + a command is sent. */ + TEEC_ERROR_ACCESS_DENIED = 0xFFFF0001, + /** The operation is canceled. This error code is returned when you operate the parameter with + the cancallation flag. */ + TEEC_ERROR_CANCEL = 0xFFFF0002, + /** Concurrent access causes permission conflict. Concurrent access to files in the trusted storage + service may cause this error. */ + TEEC_ERROR_ACCESS_CONFLICT = 0xFFFF0003, + /** Too much data is passed in the requested operation for the TA to parse. */ + TEEC_ERROR_EXCESS_DATA = 0xFFFF0004, + /** Incorrect data format. The TA failed to parse the parameters sent from the CA. */ + TEEC_ERROR_BAD_FORMAT = 0xFFFF0005, + /** Invalid parameter. The input parameter is null or invalid. */ + TEEC_ERROR_BAD_PARAMETERS = 0xFFFF0006, + /** The operation in the current state is invalid. This error code is returned if the trusted storage service is not + initialized when a trusted storage service operation is requested. */ + TEEC_ERROR_BAD_STATE = 0xFFFF0007, + /** The requested data is not found. */ + TEEC_ERROR_ITEM_NOT_FOUND = 0xFFFF0008, + /** The requested operation has not been implemented yet. This error code is returned when + TEEC_RequestCancellation is called. */ + TEEC_ERROR_NOT_IMPLEMENTED = 0xFFFF0009, + /** The requested operation is valid but is not supported in this implementation. This error code is returned + when certain algorithms of the secure encryption and decryption service, such as DSA, are requested. */ + TEEC_ERROR_NOT_SUPPORTED = 0xFFFF000A, + /** Expected data for the requested operation is not found. */ + TEEC_ERROR_NO_DATA = 0xFFFF000B, + /** The available system resources are insufficient. */ + TEEC_ERROR_OUT_OF_MEMORY = 0xFFFF000C, + /** The system is busy. Some resources are exclusively used by the system. */ + TEEC_ERROR_BUSY = 0xFFFF000D, + /** Communication between an application in the REE and a TA failed. */ + TEEC_ERROR_COMMUNICATION = 0xFFFF000E, + /** A security fault is detected in the TEE. */ + TEEC_ERROR_SECURITY = 0xFFFF000F, + /** The supplied buffer is too short for the output generated. + This error may occur when {@code TEEC_MEMREF_TEMP_OUTPUT} is used. */ + TEEC_ERROR_SHORT_BUFFER = 0xFFFF0010, + /** MAC value check error. */ + TEEC_ERROR_MAC_INVALID = 0xFFFF3071, + /** The TA crashed. */ + TEEC_ERROR_TARGET_DEAD = 0xFFFF3024, + /** Common error. */ + TEEC_FAIL = 0xFFFF5002 +}; + +/** + * @brief Defines the sources of the error codes returned. + * + * @since 20 + * @version 1.0 + */ +enum TEEC_ReturnCodeOrigin { + /** The error code indicates an error originated from the client API. */ + TEEC_ORIGIN_API = 0x1, + /** The error code indicates an error originated from the communication between the REE and TEE. */ + TEEC_ORIGIN_COMMS = 0x2, + /** The error code indicates an error originated within the TEE code. */ + TEEC_ORIGIN_TEE = 0x3, + /** The error code indicates an error originated within the TA code. */ + TEEC_ORIGIN_TRUSTED_APP = 0x4, +}; + +/** + * @brief Defines the identifiers of the shared memory. + * + * @since 20 + * @version 1.0 + */ +enum TEEC_SharedMemCtl { + /** The shared memory can carry data from CAs to TAs. */ + TEEC_MEM_INPUT = 0x1, + /** The shared memory can carry data from TAs to CAs. */ + TEEC_MEM_OUTPUT = 0x2, + /** The shared memory can carry data transmitted between CAs and TAs. */ + TEEC_MEM_INOUT = 0x3, +}; + +/** + * @brief Defines the parameter types. + * + * @since 20 + * @version 1.0 + */ +enum TEEC_ParamType { + /** The parameter is not used. */ + TEEC_NONE = 0x0, + /** The parameter is a {@code TEEC_Value} tagged as input. Data flows from a CA to a TA. */ + TEEC_VALUE_INPUT = 0x01, + /** The parameter is a {@code TEEC_Value} tagged as output. Data flows from a TA to a CA. */ + TEEC_VALUE_OUTPUT = 0x02, + /** The parameter is a {@code TEEC_Value} tagged as both input and output. */ + TEEC_VALUE_INOUT = 0x03, + /** The parameter is a {@code TEEC_TempMemoryReference} tagged as input. Data flows from a CA to a TA. */ + TEEC_MEMREF_TEMP_INPUT = 0x05, + /** The parameter is a {@code TEEC_TempMemoryReference} tagged as output. Data flows from a TA to a CA. */ + TEEC_MEMREF_TEMP_OUTPUT = 0x06, + /** The parameter is a {@code TEEC_TempMemoryReference} tagged as both input and output. + Data is transmitted between a TA and a CA. */ + TEEC_MEMREF_TEMP_INOUT = 0x07, + /** The parameter is a {@code TEEC_IonReference} tagged as input. Data flows from a CA to a TA**/ + TEEC_ION_INPUT = 0x08, + /** The parameter is a {@code TEEC_IonSglistReference} tagged as input. Data flows from a CA to a TA**/ + TEEC_ION_SGLIST_INPUT = 0x09, + /** The parameter is a {@code TEEC_RegisteredMemoryReference} that refers to the entire memory block. + The data flow is the same as that of {@code TEEC_SharedMemCtl}. */ + TEEC_MEMREF_WHOLE = 0xc, + /** The parameter is a {@code TEEC_RegisteredMemoryReference} tagged as input. Data flows from a CA to a TA. */ + TEEC_MEMREF_PARTIAL_INPUT = 0xd, + /** The parameter is a {@code TEEC_RegisteredMemoryReference} tagged as output. Data flows from a TA to a CA. */ + TEEC_MEMREF_PARTIAL_OUTPUT = 0xe, + /** The parameter is a {@code TEEC_RegisteredMemoryReference} tagged as both input and output. + Data is transmitted between a TA and a CA. */ + TEEC_MEMREF_PARTIAL_INOUT = 0xf +}; + +/** + * @brief Defines the login methods. + * + * @since 20 + * @version 1.0 +*/ +enum TEEC_LoginMethod { + /** No login data is provided. */ + TEEC_LOGIN_PUBLIC = 0x0, + /** The login data about the user running the CA process is provided. */ + TEEC_LOGIN_USER, + /** The login data about the group running the CA process is provided. */ + TEEC_LOGIN_GROUP, + /** The login data about the running CA is provided. */ + TEEC_LOGIN_APPLICATION = 0x4, + /** The login data about the user running the CA process and about the CA are provided. */ + TEEC_LOGIN_USER_APPLICATION = 0x5, + /** The login data about the group running the CA process and about the CA are provided. */ + TEEC_LOGIN_GROUP_APPLICATION = 0x6, + /** Login method reserved for TEEOS. */ + TEEC_LOGIN_IDENTIFY = 0x7, +}; + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file diff --git a/TEEKit/include/tee_client/tee_client_type.h b/TEEKit/include/tee_client/tee_client_type.h new file mode 100644 index 0000000000000000000000000000000000000000..db06ecf20317b1778c0023384a32255297954b21 --- /dev/null +++ b/TEEKit/include/tee_client/tee_client_type.h @@ -0,0 +1,293 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"), + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup TeeClient + * @{ + * + * @brief Provides APIs for the client applications (CAs) in the Rich Execution Environment (normal mode) to + * access the trusted applications (TAs) in a Trusted Execution Environment (TEE). + * + * @since 20 + * @version 1.0 + */ + +/** + * @file tee_client_type.h + * + * @brief Defines basic data types and data structures. + * + * @library libteec.so + * @kit TEEKit + * @syscap SystemCapability.Tee.TeeClient + * @since 20 + * @version 1.0 + */ + +#ifndef TEE_CLIENT_TYPE_H +#define TEE_CLIENT_TYPE_H + +#include +#include +#include +#include +#include +#include "tee_client_constants.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Defines the linked list type. + * + * @since 20 + * @version 1.0 + */ +struct ListNode { + /** Pointer to the next node in the list. */ + struct ListNode *next; + /** Pointer to the previous node in the list. */ + struct ListNode *prev; +}; + +/** + * @brief Defines the return values. + * + * @since 20 + * @version 1.0 + */ +typedef enum TEEC_ReturnCode TEEC_Result; + +/** + * @brief Defines the universally unique identifier (UUID) as defined in RFC4122 [2]. + * The UUIDs are used to identify TAs. + * + * @since 20 + * @version 1.0 + */ +typedef struct { + /** The low part of the time field. */ + uint32_t timeLow; + /** The middle part of the time field. */ + uint16_t timeMid; + /** The high part of the time field and version information. */ + uint16_t timeHiAndVersion; + /** The clock sequence and node field (8 bytes). */ + uint8_t clockSeqAndNode[8]; +} TEEC_UUID; + +/** + * @brief Defines the context, a logical connection between a CA and a TEE. + * + * @since 20 + * @version 1.0 + */ +typedef struct { + /** File descriptor for the TA. */ + int32_t fd; + /** Path to the Trusted Application (TA). */ + uint8_t *ta_path; + /** Linked list of sessions associated with the context. */ + struct ListNode session_list; + /** Linked list of shared memory regions associated with the context. */ + struct ListNode shrd_mem_list; + /** Union for either shared buffer or implementation data. */ + union { + struct { + /** Pointer to the shared buffer. */ + void *buffer; + /** Semaphore for synchronization of the shared buffer. */ + sem_t buffer_barrier; + } share_buffer; + /** Implementation-specific data. */ + uint64_t imp; + }; +} TEEC_Context; + +/** + * @brief Defines the session between a CA and a TA. + * + * @since 20 + * @version 1.0 + */ +typedef struct { + /** Session ID for the session. */ + uint32_t session_id; + /** UUID representing the service associated with the session. */ + TEEC_UUID service_id; + /** The number of operations associated with the session. */ + uint32_t ops_cnt; + /** Union for either a linked list head or implementation-specific data. */ + union { + /** Linked list head for session-related data. */ + struct ListNode head; + /** Implementation-specific data. */ + uint64_t imp; + }; + /** Pointer to the TEEC context associated with the session. */ + TEEC_Context *context; +} TEEC_Session; + +/** + * @brief Defines a shared memory block, which can be registered or allocated. + * + * @since 20 + * @version 1.0 + */ +typedef struct { + /** Pointer to the shared memory buffer. */ + void *buffer; + /** Size of the shared memory buffer. */ + uint32_t size; + /** Flags associated with the shared memory. */ + uint32_t flags; + /** The number of operations associated with the shared memory. */ + uint32_t ops_cnt; + /** Indicates whether the memory has been allocated. */ + bool is_allocated; + /** Union for either a linked list head or implementation-specific data. */ + union { + /** Linked list head for shared memory-related data. */ + struct ListNode head; + /** Implementation-specific data. */ + void* imp; + }; + /** Pointer to the TEEC context associated with the shared memory. */ + TEEC_Context *context; +} TEEC_SharedMemory; + +/** + * @brief Defines a pointer to a temporary buffer. + * + * @since 20 + * @version 1.0 + */ +typedef struct { + /** Pointer to the temporary memory buffer. */ + void *buffer; + /** Size of the temporary memory buffer. */ + uint32_t size; +} TEEC_TempMemoryReference; + +/** + * @brief Defines a pointer to the shared memory that is registered or allocated. + * + * @since 20 + * @version 1.0 + */ +typedef struct { + /** Pointer to the parent shared memory. */ + TEEC_SharedMemory *parent; + /** Size of the registered memory reference. */ + uint32_t size; + /** Offset within the parent shared memory. */ + uint32_t offset; +} TEEC_RegisteredMemoryReference; + +/** + * @brief Describes a parameter that carries small raw data passed by value. + * + * @since 20 + * @version 1.0 + */ +typedef struct { + /** The first value. */ + uint32_t a; + /** The second value. */ + uint32_t b; +} TEEC_Value; + +/** + * @brief Describes the size and handle of the ION memory. + * + * @since 20 + * @version 1.0 + */ +typedef struct { + /** File descriptor for the shared ion memory. */ + int ion_share_fd; + /** Size of the ion memory. */ + uint32_t ion_size; +} TEEC_IonReference; + +/** + * @brief Defines a parameter of {@code TEEC_Operation}. + * + * @since 20 + * @version 1.0 + */ +typedef union { + /** Temporary memory reference. */ + TEEC_TempMemoryReference tmpref; + /** Registered memory reference. */ + TEEC_RegisteredMemoryReference memref; + /** A value containing two 32-bit values. */ + TEEC_Value value; + /** Ion memory reference. */ + TEEC_IonReference ionref; +} TEEC_Parameter; + +/** + * @brief Defines the parameters for the Trusted User Interface (TUI). + * + * @since 20 + */ +typedef struct { + /** TUI event type. */ + uint32_t event_type; + /** Return value, is keycode if TUI event is getKeycode. */ + uint32_t value; + /** Notch size of the screen for the TUI. */ + uint32_t notch; + /** Width of the foldable screen for the TUI. */ + uint32_t width; + /** Height of the foldable screen for the TUI. */ + uint32_t height; + /** State of the foldable screen for the TUI. */ + uint32_t fold_state; + /** One state of the folded screen for the TUI. */ + uint32_t display_state; + /** Real width of the mobile device for the TUI. */ + uint32_t phy_width; + /** Real height of the mobile device for the TUI. */ + uint32_t phy_height; +} TEEC_TUI_Parameter; + +/** + * @brief Defines the parameters for opening a session or sending a command. + * + * @since 20 + * @version 1.0 + */ +typedef struct { + /** The value 0 means to cancel the command, and other values mean to execute the command. */ + uint32_t started; + /** Use {@code TEEC_PARAM_TYPES} to create this parameter. */ + uint32_t paramTypes; + /** Array of parameters for the operation. */ + TEEC_Parameter params[TEEC_PARAM_NUM]; + /** Pointer to the session associated with the operation. */ + TEEC_Session *session; + /** Flag indicating whether the operation is canceled. */ + bool cancel_flag; +} TEEC_Operation; + +#ifdef __cplusplus +} +#endif + +#endif +/** @} */ \ No newline at end of file