1 /* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef __TEE_TRUSTED_STORAGE_API_H 17 #define __TEE_TRUSTED_STORAGE_API_H 18 19 /** 20 * @addtogroup TeeTrusted 21 * @{ 22 * 23 * @brief TEE(Trusted Excution Environment) API. 24 * Provides security capability APIs such as trusted storage, encryption and decryption, 25 * and trusted time for trusted application development. 26 * 27 * @since 12 28 */ 29 30 /** 31 * @file tee_trusted_storage_api.h 32 * 33 * @brief Provides trusted storage APIs. 34 * 35 * You can use these APIs to implement trusted storage features. 36 * 37 * @library NA 38 * @kit TEE Kit 39 * @syscap SystemCapability.Tee.TeeClient 40 * @since 12 41 * @version 1.0 42 */ 43 44 #include "tee_defines.h" 45 #include "tee_object_api.h" 46 47 #ifdef __cplusplus 48 extern "C" { 49 #endif 50 51 /** 52 * @brief Defines the start position in the data stream associated with an object. 53 * It is used in the <b>TEE_SeekObjectData</b> function. 54 * 55 * @since 12 56 */ 57 enum __TEE_Whence { 58 /* Set the start position to the beginning of the data stream. */ 59 TEE_DATA_SEEK_SET = 0, 60 /* Set the start position to the current data stream position. */ 61 TEE_DATA_SEEK_CUR, 62 /* Set the start position to the end of the data stream. */ 63 TEE_DATA_SEEK_END 64 }; 65 66 struct __TEE_ObjectEnumHandle; 67 68 /** 69 * @brief Defines the pointer to <b>TEE_ObjectEnumHandle</b>. 70 * 71 * @see __TEE_ObjectEnumHandle 72 * 73 * @since 12 74 */ 75 typedef struct __TEE_ObjectEnumHandle *TEE_ObjectEnumHandle; 76 77 typedef uint32_t TEE_Whence; 78 79 /** 80 * @brief Defines the storage ID, which identifies the storage space of the application. 81 * 82 * @since 12 83 */ 84 enum Object_Storage_Constants { 85 /* Separate private storage space for each application. */ 86 TEE_OBJECT_STORAGE_PRIVATE = 0x00000001, 87 /* Separate personal storage space for application. */ 88 TEE_OBJECT_STORAGE_PERSO = 0x00000002, 89 /* Space for secure flash storage. */ 90 TEE_OBJECT_SEC_FLASH = 0x80000000, 91 /* Credential encrypted storage space. */ 92 TEE_OBJECT_STORAGE_CE = 0x80000002, 93 }; 94 95 /** 96 * @brief Defines the system resource constraints, such as the maximum value for the data stream position indicator. 97 * 98 * @since 12 99 */ 100 enum Miscellaneous_Constants { 101 /* Maximum length that the position indicator of the data stream can take. */ 102 TEE_DATA_MAX_POSITION = 0xFFFFFFFF, 103 /* Maximum length of the object ID, which can extend to 128 bytes. */ 104 TEE_OBJECT_ID_MAX_LEN = 64, 105 }; 106 107 /** 108 * @brief Defines the maximum number of bytes that can be held in a data stream. 109 * 110 * @since 12 111 */ 112 enum TEE_DATA_Size { 113 TEE_DATA_OBJECT_MAX_SIZE = 0xFFFFFFFF 114 }; 115 116 /** 117 * @brief Defines the <b>handleFlags</b> of a <b>TEE_ObjectHandle</b>. 118 * The <b>handleFlags</b> determines the access permissions to the data stream associated with the object. 119 * 120 * @since 12 121 */ 122 enum Data_Flag_Constants { 123 /** The data stream can be read. */ 124 TEE_DATA_FLAG_ACCESS_READ = 0x00000001, 125 /** The data stream can be written or truncated. */ 126 TEE_DATA_FLAG_ACCESS_WRITE = 0x00000002, 127 /** The data stream can be deleted or renamed. */ 128 TEE_DATA_FLAG_ACCESS_WRITE_META = 0x00000004, 129 /** Multiple TEE_ObjectHandles can be opened for concurrent read. */ 130 TEE_DATA_FLAG_SHARE_READ = 0x00000010, 131 /** Multiple TEE_ObjectHandles can be opened for concurrent write. */ 132 TEE_DATA_FLAG_SHARE_WRITE = 0x00000020, 133 /** Reserved. */ 134 TEE_DATA_FLAG_CREATE = 0x00000200, 135 /** 136 * Protect the existing file with the same name. Throw an error if the file with the same name exists; 137 * create a data file otherwise. 138 */ 139 TEE_DATA_FLAG_EXCLUSIVE = 0x00000400, 140 /** 141 * Protect the existing file with the same name. Throw an error if the file with the same name exists; 142 * create a data file otherwise. 143 */ 144 TEE_DATA_FLAG_OVERWRITE = 0x00000400, 145 /** Use AES256 if bit 28 is 1; use AES128 if bit 28 is 0. */ 146 TEE_DATA_FLAG_AES256 = 0x10000000, 147 /** If bit 29 is set to 1, open the earlier version preferentially. */ 148 TEE_DATA_FLAG_OPEN_AESC = 0x20000000, 149 }; 150 151 /** 152 * @brief Creates a persistent object. 153 * 154 * This function creates a persistent object with initialized <b>TEE_Attribute</b> and data stream. 155 * You can use the returned handle to access the <b>TEE_Attribute</b> and data stream of the object. 156 * 157 * @param storageID Indicates the storage to use. The value is specified by <b>Object_Storage_Constants</b>. 158 * @param ojbectID Indicates the pointer to the object identifier, that is, the name of the object to create. 159 * @param objectIDLen Indicates the length of the object identifier, in bytes. It cannot exceed 128 bytes. 160 * @param flags Indicates the flags of the object created. The value can be 161 * one or more of <b>Data_Flag_Constants</b> or <b>Handle_Flag_Constants</b>. 162 * @param attributes Indicates the <b>TEE_ObjectHandle</b> of a transient object from which to take 163 * <b>TEE_Attribute</b>. It can be <b>TEE_HANDLE_NULL</b> if the persistent object contains no attribute. 164 * @param initialData Indicates the pointer to the initial data used to initialize the data stream data. 165 * @param initialDataLen Indicates the length of the initial data, in bytes. 166 * @param object Indicates the pointer to the <b>TEE_ObjectHandle</b> returned 167 * after the function is successfully executed. 168 * 169 * @return Returns <b>TEE_SUCCESS</b> if the operation is successful. 170 * Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the storage specified by <b>storageID</b> does not exist. 171 * Returns <b>TEE_ERROR_ACCESS_CONFLICT</b> if an access conflict occurs. 172 * Returns <b>TEE_ERROR_OUT_OF_MEMORY</b> if the memory is not sufficient to complete the operation. 173 * Returns <b>TEE_ERROR_STORAGE_NO_SPACE</b> if there is no enough space to create the object. 174 * 175 * @since 12 176 * @version 1.0 177 */ 178 TEE_Result TEE_CreatePersistentObject(uint32_t storageID, const void *ojbectID, size_t objectIDLen, uint32_t flags, 179 TEE_ObjectHandle attributes, const void *initialData, size_t initialDataLen, 180 TEE_ObjectHandle *object); 181 182 /** 183 * @brief Opens an existing persistent object. 184 * 185 * The handle returned can be used to access the <b>TEE_Attribute</b> and data stream of the object. 186 * 187 * @param storageID Indicates the storage to use. The value is specified by <b>Object_Storage_Constants</b>. 188 * @param ojbectID Indicates the pointer to the object identifier, that is, the name of the object to open. 189 * @param objectIDLen Indicates the length of the object identifier, in bytes. It cannot exceed 128 bytes. 190 * @param flags Indicates the flags of the object opened. 191 * The value can be one or more of <b>Data_Flag_Constants</b> or <b>Handle_Flag_Constants</b>. 192 * @param object Indicates the pointer to the <b>TEE_ObjectHandle</b> returned 193 * after the function is successfully executed. 194 * 195 * @return Returns <b>TEE_SUCCESS</b> if the operation is successful. 196 * Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the storage specified by <b>storageID</b> does not exist 197 * or the object identifier cannot be found in the storage. 198 * Returns <b>TEE_ERROR_ACCESS_CONFLICT</b> if an access conflict occurs. 199 * Returns <b>TEE_ERROR_OUT_OF_MEMORY</b> if the memory is not sufficient to complete the operation. 200 * 201 * @since 12 202 * @version 1.0 203 */ 204 TEE_Result TEE_OpenPersistentObject(uint32_t storageID, const void *ojbectID, size_t objectIDLen, uint32_t flags, 205 TEE_ObjectHandle *object); 206 207 /** 208 * @brief Reads data from the data stream associated with an object into the buffer. 209 * 210 * The <b>TEE_ObjectHandle</b> of the object must have been opened with the <b>TEE_DATA_FLAG_ACCESS_READ</b> permission. 211 * 212 * @param ojbect Indicates the <b>TEE_ObjectHandle</b> of the object to read. 213 * @param buffer Indicates the pointer to the buffer used to store the data read. 214 * @param size Indicates the number of bytes to read. 215 * @param count Indicates the pointer to the variable that contains the number of bytes read. 216 * 217 * @return Returns <b>TEE_SUCCESS</b> if the operation is successful. 218 * Returns <b>TEE_ERROR_OUT_OF_MEMORY</b> if the memory is not sufficient to complete the operation. 219 * 220 * @since 12 221 * @version 1.0 222 */ 223 TEE_Result TEE_ReadObjectData(TEE_ObjectHandle ojbect, void *buffer, size_t size, uint32_t *count); 224 225 /** 226 * @brief Writes bytes from the buffer to the data stream associated with an object. 227 * 228 * The <b>TEE_ObjectHandle</b> must have been opened with the <b>TEE_DATA_FLAG_ACCESS_WRITE</b> permission. 229 * 230 * @param ojbect Indicates the <b>TEE_ObjectHandle</b> of the object. 231 * @param buffer Indicates the pointer to the buffer that stores the data to be written. 232 * @param size Indicates the number of bytes to be written. It cannot exceed 4096 bytes. 233 * 234 * @return Returns <b>TEE_SUCCESS</b> if the operation is successful. 235 * Returns <b>TEE_ERROR_OUT_OF_MEMORY</b> if the memory is not sufficient to complete the operation. 236 * Returns <b>TEE_ERROR_STORAGE_NO_SPACE</b> if the storage space is not sufficient to complete the operation. 237 * 238 * @since 12 239 * @version 1.0 240 */ 241 TEE_Result TEE_WriteObjectData(TEE_ObjectHandle ojbect, const void *buffer, size_t size); 242 243 /** 244 * @brief Changes the size of a data stream. 245 * 246 * If the size is less than the current size of the data stream, all bytes beyond <b>size</b> are deleted. If the size 247 * is greater than the current size of the data stream, add 0s at the end of the stream to extend the stream. 248 * The object handle must be opened with the <b>TEE_DATA_FLAG_ACCESS_WRITE</b> permission. 249 * 250 * @param object Indicates the <b>TEE_ObjectHandle</b> of the object. 251 * @param size Indicates the new size of the data stream. It cannot exceed 4096 bytes. 252 * 253 * @return Returns <b>TEE_SUCCESS</b> if the operation is successful. 254 * Returns <b>TEE_ERROR_STORAGE_NO_SPACE</b> if the storage space is not sufficient to complete the operation. 255 * 256 * @since 12 257 * @version 1.0 258 */ 259 TEE_Result TEE_TruncateObjectData(TEE_ObjectHandle object, size_t size); 260 261 /** 262 * @brief Sets the position of the data stream to which <b>TEE_ObjectHandle</b> points. 263 * 264 * The data position indicator is determined by the start position and an offset together. 265 * The <b>whence</b> parameter determines the start position. Its value is set in <b>TEE_Whence</b> as follows: 266 * <b>TEE_DATA_SEEK_SET = 0</b>: The start position is the beginning of the data stream. 267 * <b>TEE_DATA_SEEK_CUR</b>: The start position is the current position of the data stream. 268 * <b>TEE_DATA_SEEK_END</b>: The start position is the end of the data stream. 269 * If the parameter <b>offset</b> is a positive number, the data position is moved forward. 270 * If <b>offset</b> is a negative number, the data position is moved backward. 271 * 272 * @param object Indicates the <b>TEE_ObjectHandle</b> of the object. 273 * @param offset Indicates the number of bytes to move the data position. It cannot exceed 4096 bytes. 274 * @param whence Indicates the start position in the data stream to calculate the new position. 275 * 276 * @return Returns <b>TEE_SUCCESS</b> if the operation is successful. 277 * Returns <b>TEE_ERROR_OVERFLOW</b> if the position indicator resulting from this operation 278 * is greater than <b>TEE_DATA_MAX_POSIT</b>. 279 * 280 * @since 12 281 * @version 1.0 282 */ 283 TEE_Result TEE_SeekObjectData(TEE_ObjectHandle object, int32_t offset, TEE_Whence whence); 284 285 /** 286 * @brief Synchronizes the opened <b>TEE_ObjectHandle</b> and the corresponding security attribute file to the disk. 287 * 288 * @param object Indicates the <b>TEE_ObjectHandle</b> of the object. 289 * 290 * @return Returns <b>TEE_SUCCESS</b> if the operation is successful. 291 * 292 * @since 12 293 * @version 1.0 294 */ 295 TEE_Result TEE_SyncPersistentObject(TEE_ObjectHandle object); 296 297 /** 298 * @brief Changes the object identifier. 299 * 300 * The <b>TEE_ObjectHandle</b> must have been opened with the <b>TEE_DATA_FLAG_ACCESS_WRITE_META</b> permission. 301 * 302 * @param object Indicates the handle of the target object. 303 * @param newObjectID Indicates the pointer to the new object identifier. 304 * @param newObjectIDLen Indicates the length of the new object identifier. 305 * 306 * @return Returns <b>TEE_SUCCESS</b> if the operation is successful. 307 * 308 * @since 12 309 * @version 1.0 310 */ 311 TEE_Result TEE_RenamePersistentObject(TEE_ObjectHandle object, void *newObjectID, size_t newObjectIDLen); 312 313 /** 314 * @brief Allocates a handle on an uninitialized object enumerator. 315 * 316 * @param obj_enumerator Indicates the pointer to the handle of the newly created object enumerator. 317 * 318 * @return Returns <b>TEE_SUCCESS</b> if the operation is successful. 319 * Returns <b>TEE_ERROR_OUT_OF_MEMORY</b> if the memory is not sufficient to complete the operation. 320 * 321 * @since 12 322 * @version 1.0 323 */ 324 TEE_Result TEE_AllocatePersistentObjectEnumerator(TEE_ObjectEnumHandle *obj_enumerator); 325 326 /** 327 * @brief Releases all resources associated with an object enumerator handle. 328 * 329 * After this function is called, the object handle is no longer valid and all resources associated with 330 * the object enumerator handle will be reclaimed. 331 * <b>TEE_FreePersistentObjectEnumerator</b> and <b>TEE_AllocatePersistentObjectEnumerator</b>are used in pairs. 332 * 333 * @param obj_enumerator Indicates the <b>TEE_ObjectEnumHandle</b> to release. 334 * 335 * @since 12 336 * @version 1.0 337 */ 338 void TEE_FreePersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator); 339 340 /** 341 * @brief Resets an object enumerator handle to its initial state after allocation. 342 * 343 * @param obj_enumerator Indicates the <b>TEE_ObjectEnumHandle</b> of the object enumerator to reset. 344 * 345 * @since 12 346 * @version 1.0 347 */ 348 void TEE_ResetPersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator); 349 350 /** 351 * @brief Starts the enumeration of all the objects in the given trusted storage. 352 * 353 * The object information can be obtained by using <b>TEE_GetNextPersistentObject</b>. 354 * 355 * @param obj_enumerator Indicates the <b>TEE_ObjectEnumHandle</b> of the object enumerator. 356 * @param storage_id Indicates the storage, in which the objects are enumerated. 357 * The value is specified by <b>Object_Storage_Constants</b>. 358 * Currently, only <b>TEE_STORAGE_PRIVATE</b> is supported. 359 * 360 * @return Returns <b>TEE_SUCCESS</b> if the operation is successful. 361 * Returns <b>TEE_ITEM_NOT_FOUND</b> if <b>storageID</b> is not <b>TEE_STORAGE_PRIVATE</b> 362 * or there is no object in the specified storage. 363 * 364 * @since 12 365 * @version 1.0 366 */ 367 TEE_Result TEE_StartPersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator, uint32_t storage_id); 368 369 /** 370 * @brief Obtains the next object in the object enumerator. 371 * 372 * Information such as <b>TEE_ObjectInfo</b>, <b>objectID</b>, and <b>objectIDLen</b> will be obtained. 373 * 374 * @param obj_enumerator Indicates the <b>TEE_ObjectEnumHandle</b> of the object enumerator. 375 * @param object_info Indicates the pointer to the obtained<b>TEE_ObjectInfo</b>. 376 * @param object_id Indicates the pointer to the buffer used to store the obtained <b>objectID</b>. 377 * @param object_id_len Indicates the pointer to the <b>objectIDLen</b>. 378 * 379 * @return Returns <b>TEE_SUCCESS</b> if the operation is successful. 380 * Returns <b>TEE_ITEM_NOT_FOUND</b> if the object enumerator has no element 381 * or the enumerator has not been initialized. 382 * 383 * @since 12 384 * @version 1.0 385 */ 386 TEE_Result TEE_GetNextPersistentObject(TEE_ObjectEnumHandle obj_enumerator, 387 TEE_ObjectInfo *object_info, void *object_id, size_t *object_id_len); 388 389 /** 390 * @brief Closes a <b>TEE_ObjectHandle</b> and deletes the object. 391 * 392 * The object must be a persistent object, and the object handle must have been opened with 393 * the <b>TEE_DATA_FLAG_ACCESS_WRITE_META</b> permission. 394 * 395 * @param object Indicates the object handle to close. 396 * 397 * @return Returns <b>TEE_SUCCESS</b> if the operation is successful. 398 * Returns <b>TEE_ERROR_STORAGE_NOT_AVAILABLE</b> if the object is stored 399 * in a storage area that is inaccessible currently. 400 * 401 * @since 12 402 * @version 1.0 403 */ 404 TEE_Result TEE_CloseAndDeletePersistentObject1(TEE_ObjectHandle object); 405 406 #ifdef __cplusplus 407 } 408 #endif 409 /** @} */ 410 #endif 411