• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /**
2  * @file   tlTeeKeymaster_Api.h
3  * @brief  Contains TCI command definitions and data structures
4  *
5  * Copyright Giesecke & Devrient GmbH 2012
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. The name of the author may not be used to endorse or promote
16  *    products derived from this software without specific prior
17  *    written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
20  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
23  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
25  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
28  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
29  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30  */
31 
32 #ifndef __TLTEEKEYMASTERAPI_H__
33 #define __TLTEEKEYMASTERAPI_H__
34 
35 #include "tci.h"
36 
37 
38 
39 /**
40  * Command ID's
41  */
42 #define CMD_ID_TEE_RSA_GEN_KEY_PAIR   1
43 #define CMD_ID_TEE_RSA_SIGN           2
44 #define CMD_ID_TEE_RSA_VERIFY         3
45 #define CMD_ID_TEE_HMAC_GEN_KEY       4
46 #define CMD_ID_TEE_HMAC_SIGN          5
47 #define CMD_ID_TEE_HMAC_VERIFY        6
48 #define CMD_ID_TEE_KEY_IMPORT         7
49 #define CMD_ID_TEE_GET_PUB_KEY        8
50 /*... add more command ids when needed */
51 
52 
53 /**
54  * Command message.
55  *
56  * @param len Length of the data to process.
57  * @param data Data to be processed
58  */
59 typedef struct {
60     tciCommandHeader_t  header;     /**< Command header */
61     uint32_t            len;        /**< Length of data to process */
62 } command_t;
63 
64 
65 /**
66  * Response structure
67  */
68 typedef struct {
69     tciResponseHeader_t header;     /**< Response header */
70     uint32_t            len;
71 } response_t;
72 
73 
74 /**
75  * Generate key data
76  * Response data contains generated RSA key pair data is
77  * wrapped as below:
78  *
79  * |-- Key metadata --|-- Public key (plaintext) --|-- Private key (encrypted) --|
80  */
81 typedef struct {
82     uint32_t type;           /**< Key pair type. RSA or RSACRT */
83     uint32_t keysize;        /**< Key size in bits, e.g. 1024, 2048,.. */
84     uint32_t exponent;       /**< Exponent number */
85     uint32_t keydata;        /**< Key data buffer passed by TLC  */
86     uint32_t keydatalen;     /**< Length of key data buffer */
87     uint32_t solen;          /**< Secure object length  (of key data) (provided by the trustlet)  */
88 } rsagenkey_t;
89 
90 
91 /**
92  *  RSA sign data structure
93  */
94 typedef struct {
95     uint32_t keydata;           /**< Key data buffer */
96     uint32_t keydatalen;        /**< Length of key data buffer */
97     uint32_t plaindata;         /**< Plaintext data buffer */
98     uint32_t plaindatalen;      /**< Length of plaintext data buffer */
99     uint32_t signaturedata;     /**< Signature data buffer */
100     uint32_t signaturedatalen;  /**< Length of signature data buffer */
101     uint32_t algorithm;         /**< Signing algorithm */
102 } rsasign_t;
103 
104 
105 /**
106  *  RSA signature verify data structure
107  */
108 typedef struct {
109     uint32_t keydata;           /**< Key data buffer */
110     uint32_t keydatalen;        /**< Length of key data buffer */
111     uint32_t plaindata;         /**< Plaintext data buffer */
112     uint32_t plaindatalen;      /**< Length of plaintext data buffer */
113     uint32_t signaturedata;     /**< Signature data buffer */
114     uint32_t signaturedatalen;  /**< Length of signature data buffer */
115     uint32_t algorithm;         /**< Signing algorithm */
116     bool     validity;          /**< Signature validity */
117 } rsaverify_t;
118 
119 
120 /**
121  * Generate HMAC key data
122  * Response data contains generated HMAC key data that is
123  * wrapped as below:
124  *
125  * |-- HMAC key (encrypted) --|
126  */
127 typedef struct {
128     uint32_t keydata;        /**< Key data buffer passed by TLC  */
129     uint32_t keydatalen;     /**< Length of key data buffer */
130     uint32_t solen;          /**< Secure object length  (of key data) (provided by the trustlet)  */
131 } hmacgenkey_t;
132 
133 
134 /**
135  *  HMAC sign data structure
136  */
137 typedef struct {
138     uint32_t keydata;           /**< Key data buffer */
139     uint32_t keydatalen;        /**< Length of key data buffer */
140     uint32_t plaindata;         /**< Plaintext data buffer */
141     uint32_t plaindatalen;      /**< Length of plaintext data buffer */
142     uint32_t signaturedata;     /**< Signature data buffer */
143     uint32_t signaturedatalen;  /**< Length of signature data buffer */
144     uint32_t digest;            /**< Digest algorithm */
145 } hmacsign_t;
146 
147 
148 /**
149  *  HMAC signature verify data structure
150  */
151 typedef struct {
152     uint32_t keydata;           /**< Key data buffer */
153     uint32_t keydatalen;        /**< Length of key data buffer */
154     uint32_t plaindata;         /**< Plaintext data buffer */
155     uint32_t plaindatalen;      /**< Length of plaintext data buffer */
156     uint32_t signaturedata;     /**< Signature data buffer */
157     uint32_t signaturedatalen;  /**< Length of signature data buffer */
158     uint32_t digest;            /**< Digest algorithm */
159     bool     validity;          /**< Signature validity */
160 } hmacverify_t;
161 
162 /**
163  * RSA private key metadata
164  */
165 typedef struct {
166     uint32_t     lenpriexp;     /**< Private key exponent length */
167 } rsaprivkeymeta_t;
168 
169 
170 /**
171  * RSA CRT private key metadata
172  */
173 typedef struct {
174     uint32_t     lenp;          /**< Prime p length */
175     uint32_t     lenq;          /**< Prime q length */
176     uint32_t     lendp;         /**< DP length */
177     uint32_t     lendq;         /**< DQ length */
178     uint32_t     lenqinv;       /**< QP length */
179 } rsacrtprivkeymeta_t;
180 
181 
182 /**
183  * Key metadata (key size, modulus/exponent lengths, etc..)
184  */
185 typedef struct {
186     uint32_t     keytype;          /**< RSA key pair type. RSA or RSA CRT */
187     uint32_t     keysize;          /**< RSA key size */
188     uint32_t     lenpubmod;        /**< Public key modulus length */
189     uint32_t     lenpubexp;        /**< Public key exponent length */
190     union {
191         rsaprivkeymeta_t    rsapriv;    /**< RSA private key */
192         rsacrtprivkeymeta_t rsacrtpriv; /**< RSA CRT private key */
193     };
194     uint32_t     rfu;          /**< Reserved for future use */
195     uint32_t     rfulen;       /**< Reserved for future use */
196 } rsakeymeta_t;
197 
198 /**
199  *  Key import data structure
200  */
201 typedef struct {
202     uint32_t     keydata;           /**< Key data buffer */
203     uint32_t     keydatalen;        /**< Length of key data buffer */
204     uint32_t     sodata;            /**< Wrapped buffer */
205     uint32_t     sodatalen;         /**< Length of wrapped data buffer */
206 } keyimport_t;
207 
208 
209 /**
210  *  Get public key data structure
211  */
212 typedef struct {
213     uint32_t type;              /**< Key type */
214     uint32_t keydata;           /**< Key data buffer */
215     uint32_t keydatalen;        /**< Length of key data buffer */
216     uint32_t modulus;           /**< Modulus */
217     uint32_t moduluslen;        /**< Modulus length */
218     uint32_t exponent;          /**< Exponent */
219     uint32_t exponentlen;       /**< Exponent length */
220 } getpubkey_t;
221 
222 
223 /**
224  * TCI message data.
225  */
226 typedef struct {
227     union {
228         command_t     command;
229         response_t    response;
230     };
231 
232     union {
233         rsagenkey_t  rsagenkey;
234         rsasign_t    rsasign;
235         rsaverify_t  rsaverify;
236         hmacgenkey_t hmacgenkey;
237         hmacsign_t   hmacsign;
238         hmacverify_t hmacverify;
239         keyimport_t  keyimport;
240         getpubkey_t  getpubkey;
241     };
242 
243 } tciMessage_t, *tciMessage_ptr;
244 
245 
246 /**
247  * Overall TCI structure.
248  */
249 typedef struct {
250     tciMessage_t message;   /**< TCI message */
251 } tci_t;
252 
253 
254 /**
255  * Trustlet UUID
256  */
257 #define TEE_KEYMASTER_TL_UUID { { 7, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } }
258 
259 
260 #endif // __TLTEEKEYMASTERAPI_H__
261