1 /** 2 * @file tlTeeKeymaster_Api.h 3 * @brief Contains TCI command definitions and data structures 4 * 5 * Copyright Giesecke & Devrient GmbH 2012 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. The name of the author may not be used to endorse or promote 16 * products derived from this software without specific prior 17 * written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS 20 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 21 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 23 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 25 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 27 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 28 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 29 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #ifndef __TLTEEKEYMASTERAPI_H__ 33 #define __TLTEEKEYMASTERAPI_H__ 34 35 #include "tci.h" 36 37 38 39 /** 40 * Command ID's 41 */ 42 #define CMD_ID_TEE_RSA_GEN_KEY_PAIR 1 43 #define CMD_ID_TEE_RSA_SIGN 2 44 #define CMD_ID_TEE_RSA_VERIFY 3 45 #define CMD_ID_TEE_HMAC_GEN_KEY 4 46 #define CMD_ID_TEE_HMAC_SIGN 5 47 #define CMD_ID_TEE_HMAC_VERIFY 6 48 #define CMD_ID_TEE_KEY_IMPORT 7 49 #define CMD_ID_TEE_GET_PUB_KEY 8 50 /*... add more command ids when needed */ 51 52 53 /** 54 * Command message. 55 * 56 * @param len Length of the data to process. 57 * @param data Data to be processed 58 */ 59 typedef struct { 60 tciCommandHeader_t header; /**< Command header */ 61 uint32_t len; /**< Length of data to process */ 62 } command_t; 63 64 65 /** 66 * Response structure 67 */ 68 typedef struct { 69 tciResponseHeader_t header; /**< Response header */ 70 uint32_t len; 71 } response_t; 72 73 74 /** 75 * Generate key data 76 * Response data contains generated RSA key pair data is 77 * wrapped as below: 78 * 79 * |-- Key metadata --|-- Public key (plaintext) --|-- Private key (encrypted) --| 80 */ 81 typedef struct { 82 uint32_t type; /**< Key pair type. RSA or RSACRT */ 83 uint32_t keysize; /**< Key size in bits, e.g. 1024, 2048,.. */ 84 uint32_t exponent; /**< Exponent number */ 85 uint32_t keydata; /**< Key data buffer passed by TLC */ 86 uint32_t keydatalen; /**< Length of key data buffer */ 87 uint32_t solen; /**< Secure object length (of key data) (provided by the trustlet) */ 88 } rsagenkey_t; 89 90 91 /** 92 * RSA sign data structure 93 */ 94 typedef struct { 95 uint32_t keydata; /**< Key data buffer */ 96 uint32_t keydatalen; /**< Length of key data buffer */ 97 uint32_t plaindata; /**< Plaintext data buffer */ 98 uint32_t plaindatalen; /**< Length of plaintext data buffer */ 99 uint32_t signaturedata; /**< Signature data buffer */ 100 uint32_t signaturedatalen; /**< Length of signature data buffer */ 101 uint32_t algorithm; /**< Signing algorithm */ 102 } rsasign_t; 103 104 105 /** 106 * RSA signature verify data structure 107 */ 108 typedef struct { 109 uint32_t keydata; /**< Key data buffer */ 110 uint32_t keydatalen; /**< Length of key data buffer */ 111 uint32_t plaindata; /**< Plaintext data buffer */ 112 uint32_t plaindatalen; /**< Length of plaintext data buffer */ 113 uint32_t signaturedata; /**< Signature data buffer */ 114 uint32_t signaturedatalen; /**< Length of signature data buffer */ 115 uint32_t algorithm; /**< Signing algorithm */ 116 bool validity; /**< Signature validity */ 117 } rsaverify_t; 118 119 120 /** 121 * Generate HMAC key data 122 * Response data contains generated HMAC key data that is 123 * wrapped as below: 124 * 125 * |-- HMAC key (encrypted) --| 126 */ 127 typedef struct { 128 uint32_t keydata; /**< Key data buffer passed by TLC */ 129 uint32_t keydatalen; /**< Length of key data buffer */ 130 uint32_t solen; /**< Secure object length (of key data) (provided by the trustlet) */ 131 } hmacgenkey_t; 132 133 134 /** 135 * HMAC sign data structure 136 */ 137 typedef struct { 138 uint32_t keydata; /**< Key data buffer */ 139 uint32_t keydatalen; /**< Length of key data buffer */ 140 uint32_t plaindata; /**< Plaintext data buffer */ 141 uint32_t plaindatalen; /**< Length of plaintext data buffer */ 142 uint32_t signaturedata; /**< Signature data buffer */ 143 uint32_t signaturedatalen; /**< Length of signature data buffer */ 144 uint32_t digest; /**< Digest algorithm */ 145 } hmacsign_t; 146 147 148 /** 149 * HMAC signature verify data structure 150 */ 151 typedef struct { 152 uint32_t keydata; /**< Key data buffer */ 153 uint32_t keydatalen; /**< Length of key data buffer */ 154 uint32_t plaindata; /**< Plaintext data buffer */ 155 uint32_t plaindatalen; /**< Length of plaintext data buffer */ 156 uint32_t signaturedata; /**< Signature data buffer */ 157 uint32_t signaturedatalen; /**< Length of signature data buffer */ 158 uint32_t digest; /**< Digest algorithm */ 159 bool validity; /**< Signature validity */ 160 } hmacverify_t; 161 162 /** 163 * RSA private key metadata 164 */ 165 typedef struct { 166 uint32_t lenpriexp; /**< Private key exponent length */ 167 } rsaprivkeymeta_t; 168 169 170 /** 171 * RSA CRT private key metadata 172 */ 173 typedef struct { 174 uint32_t lenp; /**< Prime p length */ 175 uint32_t lenq; /**< Prime q length */ 176 uint32_t lendp; /**< DP length */ 177 uint32_t lendq; /**< DQ length */ 178 uint32_t lenqinv; /**< QP length */ 179 } rsacrtprivkeymeta_t; 180 181 182 /** 183 * Key metadata (key size, modulus/exponent lengths, etc..) 184 */ 185 typedef struct { 186 uint32_t keytype; /**< RSA key pair type. RSA or RSA CRT */ 187 uint32_t keysize; /**< RSA key size */ 188 uint32_t lenpubmod; /**< Public key modulus length */ 189 uint32_t lenpubexp; /**< Public key exponent length */ 190 union { 191 rsaprivkeymeta_t rsapriv; /**< RSA private key */ 192 rsacrtprivkeymeta_t rsacrtpriv; /**< RSA CRT private key */ 193 }; 194 uint32_t rfu; /**< Reserved for future use */ 195 uint32_t rfulen; /**< Reserved for future use */ 196 } rsakeymeta_t; 197 198 /** 199 * Key import data structure 200 */ 201 typedef struct { 202 uint32_t keydata; /**< Key data buffer */ 203 uint32_t keydatalen; /**< Length of key data buffer */ 204 uint32_t sodata; /**< Wrapped buffer */ 205 uint32_t sodatalen; /**< Length of wrapped data buffer */ 206 } keyimport_t; 207 208 209 /** 210 * Get public key data structure 211 */ 212 typedef struct { 213 uint32_t type; /**< Key type */ 214 uint32_t keydata; /**< Key data buffer */ 215 uint32_t keydatalen; /**< Length of key data buffer */ 216 uint32_t modulus; /**< Modulus */ 217 uint32_t moduluslen; /**< Modulus length */ 218 uint32_t exponent; /**< Exponent */ 219 uint32_t exponentlen; /**< Exponent length */ 220 } getpubkey_t; 221 222 223 /** 224 * TCI message data. 225 */ 226 typedef struct { 227 union { 228 command_t command; 229 response_t response; 230 }; 231 232 union { 233 rsagenkey_t rsagenkey; 234 rsasign_t rsasign; 235 rsaverify_t rsaverify; 236 hmacgenkey_t hmacgenkey; 237 hmacsign_t hmacsign; 238 hmacverify_t hmacverify; 239 keyimport_t keyimport; 240 getpubkey_t getpubkey; 241 }; 242 243 } tciMessage_t, *tciMessage_ptr; 244 245 246 /** 247 * Overall TCI structure. 248 */ 249 typedef struct { 250 tciMessage_t message; /**< TCI message */ 251 } tci_t; 252 253 254 /** 255 * Trustlet UUID 256 */ 257 #define TEE_KEYMASTER_TL_UUID { { 7, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } } 258 259 260 #endif // __TLTEEKEYMASTERAPI_H__ 261
