• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License"),
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 /**
17  * @addtogroup TeeTrusted
18  * @{
19  *
20  * @brief TEE(Trusted Excution Environment) API.
21  * Provides security capability APIs such as trusted storage, encryption and decryption,
22  * and trusted time for trusted application development.
23  *
24  * @since 20
25  */
26 
27 /**
28  * @file tee_hw_ext_api_legacy.h
29  *
30  * @brief Provides extended interfaces.
31  *
32  * @library NA
33  * @kit TEEKit
34  * @syscap SystemCapability.Tee.TeeClient
35  * @since 20
36  */
37 
38 #ifndef __TEE_HW_EXT_API_LEGACY_H__
39 #define __TEE_HW_EXT_API_LEGACY_H__
40 
41 #include "tee_defines.h"
42 #include "tee_crypto_api.h"
43 
44 #ifdef __cplusplus
45 extern "C" {
46 #endif
47 
48 /**
49  * @brief Derive key from device root key.
50  *
51  * @param salt [IN] Indicates the data for salt.
52  * @param size [IN] Indicates the length of salt.
53  * @param key [OUT] Indicates the pointer where key is saved.
54  * @param key_size [IN] Indicates the size of the key, which must be integer times of 16.
55  *
56  * @return Returns {@code TEE_SUCCESS} if the operation is successful.
57  *         Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
58  *         Returns {@code TEE_ERROR_GENERIC} if the processing failed.
59  *
60  * @since 20
61  */
62 TEE_Result TEE_EXT_DeriveTARootKey(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t key_size);
63 
64 /**
65  * @brief Derive key from device root key by HUK2.
66  * @attention If the device does not support HUK2, the key is derived by HUK.
67  *
68  * @param secret [IN] Indicates the input secret.
69  * @param secret_len [IN] Indicates the length of the input secret.
70  * @param key [OUT] Indicates the derived key.
71  * @param key_len [IN] Indicates the length of the derived key.
72  *
73  * @return Returns {@code TEE_SUCCESS} if the operation is successful.
74  *         Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
75  *         Returns {@code TEE_ERROR_GENERIC} if the processing failed.
76  *
77  * @since 20
78  */
79 TEE_Result tee_ext_root_derive_key2_by_huk2(const uint8_t *secret, uint32_t secret_len, uint8_t *key, uint32_t key_len);
80 
81 /**
82  * @brief Derive key from device root key and UUID of the current task by HUK2.
83  * @attention If the device does not support HUK2, the key is derived by HUK.
84  *
85  * @param salt [IN] Indicates the data for salt.
86  * @param size [IN] Indicates the length of salt.
87  * @param key [OUT] Indicates the pointer where key is saved.
88  * @param key_size [IN] Indicates the size of the generated key, fix-size 32 bytes.
89  *
90  * @return Returns {@code TEE_SUCCESS} if the operation is successful.
91  *         Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
92  *         Returns {@code TEE_ERROR_GENERIC} if the processing failed.
93  *
94  * @since 20
95  */
96 TEE_Result tee_ext_root_uuid_derive_key_by_huk2(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t *key_size);
97 
98 /**
99  * @brief using root key to derive key for keymaster using huk2 enhance
100  *
101  * @param secret [IN] input secret
102  * @param secret_len [IN] input secret size
103  * @param key [OUT] derived key
104  * @param key_len [OUT] derived key size
105  *
106  * @return Returns {@code TEE_SUCCESS} if the operation is successful.
107  *         Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
108  *         Returns {@code TEE_ERROR_GENERIC} if the processing failed.
109  *
110  * @since 20
111  */
112 TEE_Result tee_ext_root_derive_key2_by_huk2_enhance(const uint8_t *secret, uint32_t secret_len, uint8_t *key,
113                                                     uint32_t key_len);
114 
115 /**
116  * @brief derive key from device rootkey and UUID of the current task using huk2 enhance
117  *
118  * @param salt [IN] data for salt
119  * @param size [IN] salt length
120  * @param key [OUT] pointer where key is saved
121  * @param key_size [OUT] size of generated key, fix-size 32 bytes
122  *
123  * @return Returns {@code TEE_SUCCESS} if the operation is successful.
124  *         Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
125  *         Returns {@code TEE_ERROR_GENERIC} if the processing failed.
126  *
127  * @since 20
128  */
129 TEE_Result tee_ext_root_uuid_derive_key_by_huk2_enhance(const uint8_t *salt, uint32_t size, uint8_t *key,
130                                                         uint32_t *key_size);
131 
132 #ifdef __cplusplus
133 }
134 #endif
135 
136 #endif
137 /** @} */