openharmony/interface_sdk_c
1
0
Fork 0
mirror of https://gitee.com/openharmony/interface_sdk_c synced 2024-11-23 06:39:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add TEE KIT API to SDK.

Browse Source 
Signed-off-by: wzr <wangzhiru1@huawei.com>
This commit is contained in:
wzr 2024-03-22 11:01:46 +08:00
parent a0129874bb
commit 4da300d570
30 changed files with 7665 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
tee/BUILD.gn Normal file
View File

@ -0,0 +1,77 @@
# Copyright (c) 2024 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//build/ohos.gni")
ohos_ndk_library("libteec") {
output_name = "teec"
output_extension = "so"
ndk_description_file = "./libteec.ndk.json"
min_compact_version = "12"
system_capability = "SystemCapability.Tee.TeeClient"
system_capability_headers = [
"./include/tee_client_api.h",
"./include/tee_client_constants.h",
"./include/tee_client_type.h",
]
}
ohos_ndk_headers("libtee_header") {
dest_dir = "$ndk_headers_out_dir/tee"
sources = [
"./include/oemkey.h",
"./include/rpmb_driver_rw_api.h",
"./include/rpmb_fcntl.h",
"./include/tee_arith_api.h",
"./include/tee_client_api.h",
"./include/tee_client_constants.h",
"./include/tee_client_type.h",
"./include/tee_core_api.h",
"./include/tee_crypto_api.h",
"./include/tee_crypto_hal.h",
"./include/tee_defines.h",
"./include/tee_drv_client.h",
"./include/tee_dynamic_srv.h",
"./include/tee_ext_api.h",
"./include/tee_hw_ext_api.h",
"./include/tee_hw_ext_api_legacy.h",
"./include/tee_internal_se_api.h",
"./include/tee_log.h",
"./include/tee_mem_mgmt_api.h",
"./include/tee_mem_monitoring_api.h",
"./include/tee_object_api.h",
"./include/tee_property_api.h",
"./include/tee_rtc_time_api.h",
"./include/tee_service_public.h",
"./include/tee_sharemem_ops.h",
"./include/tee_time_api.h",
"./include/tee_trusted_storage_api.h",
"./include/tee_tui_gp_api.h",
]
}
ohos_ndk_headers("libteec_header") {
dest_dir = "$ndk_headers_out_dir/tee_client"
sources = [
"./include/tee_client_api.h",
"./include/tee_client_constants.h",
"./include/tee_client_type.h",
]
}
group("tee_ndk_header") {
deps = [
":libtee_header",
":libteec_header",
]
}

65
tee/include/oemkey.h Normal file
View File

@ -0,0 +1,65 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OEMKEY_H
#define OEMKEY_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file oemkey.h
*
* @brief Provides the method for obtaining the hardware provision key.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include <stdint.h>
#include <stdlib.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Obtains the provision key.
*
* @param oem_key Indicates the pointer to the buffer for storing the provision key.
* @param key_size Indicates the length of the buffer used to store the provision key, which is 16.
*
* @return Returns <b>0</b> if the operation is successful.
* @return Returns other values otherwise.
*
* @since 12
*/
uint32_t tee_hal_get_provision_key(uint8_t *oem_key, size_t key_size);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

298
tee/include/rpmb_driver_rw_api.h Normal file
View File

@ -0,0 +1,298 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef RPMB_DRIVER_RW_API_H
#define RPMB_DRIVER_RW_API_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file rpmb_driver_rw_api.h
*
* @brief APIs related to RPMB driver read and write.
* Provides the function of reading and writing RPMB driver.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Defines the total block number.
*
* @since 12
* @version 1.0
*/
#define TOTAL_BLK 4
/**
* @brief Defines the size of block.
*
* @since 12
* @version 1.0
*/
#define BLK_SIZE 256
/**
* @brief Defines the size of the total block.
*
* @since 12
* @version 1.0
*/
#define TOTAL_BLK_SIZE (TOTAL_BLK * BLK_SIZE)
#define SEC_WRITE_PROTECT_ENTRY_NUM 4
#define SEC_WRITE_PROTECT_ENTRY_RESERVED_NUM 3
#define SEC_WRITE_PROTECT_ENTRY_RESERVED_SIZE 16
#define SEC_WRITE_PROTECT_FRAME_RESERVED_NUM 14
#define SEC_WRITE_PROTECT_FRAME_RESERVED_END_NUM 176
#define SEC_WRITE_PROTECT_BLK_SIZE 256
#define SEC_WRITE_PROTECT_LUN_MAX 5
/**
* @brief A WPF set to one specifies that the logical unit shall inhibit alteration of the medium for LBA within
* the range indicated by LOGICAL BLOCK ADDRESS field and NUMBER OF LOGICAL BLOCKS field.
* Commands requiring writes to the medium shall be terminated with CHECK CONDITION status,
* with the sense key set to DATA PROTECT, and the additional sense code set to WRITE PROTECTED.
*
* @since 12
* @version 1.0
*/
typedef enum {
SEC_WRITE_PROTECT_DISABLE = 0,
SEC_WRITE_PROTECT_ENABLE = 1,
} write_protect_flag;
/**
* @brief Write Protect Type specifies how WPF bit may be modified.
*
* @since 12
* @version 1.0
*/
typedef enum {
/** WPF bit is persistent through power cycle and hardware reset.
* WPF value may only be changed writing to Secure Write Protect Configuration Block.
*/
NV_TYPE = 0,
/** WPF bit is automatically cleared to 0b after power cycle or hardware reset. */
P_TYPE = 1,
/** WPF bit is automatically set to 1b after power cycle or hardware reset. */
NV_AWP_TYPE = 2,
} write_protect_type;
/**
* @brief Secure Write Protect Entry.
* +-----+---+---+---+---+---+---+---+----+
* | | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
* +-----+---+---+---+---+---+---+---+----+
* | 0 | Reserved | WFT | WPF| -> wp_data
* +-----+---+---+---+---+---+---+---+----+
* | 1 | Reserved |
* +-----+---+---+---+---+---+---+---+----+
* | 2 | Reserved |
* +-----+---+---+---+---+---+---+---+----+
* | 3 | Reserved |
* +-----+---+---+---+---+---+---+---+----+
* | 4 | LOGICAL BLOCK ADDRESS | -> logical_blk_addr
* +-----+ +
* | ... | |
* +-----+ +
* | 11 | |
* +-----+ +
* | 12 | |
* +-----+---+---+---+---+---+---+---+----+
* | ... | NUMBER OF LOGICAL BLOCKS | -> logical_blk_num
* +-----+---+---+---+---+---+---+---+----+
* | 15 | |
* +-----+---+---+---+---+---+---+---+----+
*
* @since 12
* @version 1.0
*/
struct rpmb_protect_cfg_blk_entry {
uint8_t wp_data;
uint8_t reserved[SEC_WRITE_PROTECT_ENTRY_RESERVED_NUM];
/** This field specifies the LBA of the first logical address of the Secure Write Protect ares. */
uint64_t logical_blk_addr;
/** This field specifies the number of contiguous logical size that belong to the Secure Write Protect. */
uint32_t logical_blk_num;
}__attribute__((packed));
/**
* @brief Secure Write Protect Configuration Block is supported by RPMB region 0 only.
* This block is used for configuring secure write protect areas in logical units.
* Each Secure Write Protect Configuration Block for each logical unit.
* Each entry represents one secure write protect area.
* If an entry is not used, then the related fields shall contain a value of zero.
* +-----+---+---+---+---+---+---+---+----+
* | | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
* +-----+---+---+---+---+---+---+---+----+
* | 0 | LUN |
* +-----+---+---+---+---+---+---+---+----+
* | 1 | DATA LENGTH |
* +-----+---+---+---+---+---+---+---+----+
* | 2 | |
* +-----+ +
* | ... | Reserved |
* +-----+ +
* | 15 | |
* +-----+---+---+---+---+---+---+---+----+
* | 16 | |
* +-----+ +
* | ... | Secure Write Protect Entry 0 |
* +-----+ +
* | 31 | |
* +-----+---+---+---+---+---+---+---+----+
* | 32 | |
* +-----+ +
* | ... | Secure Write Protect Entry 1 |
* +-----+ +
* | 47 | |
* +-----+---+---+---+---+---+---+---+----+
* | 48 | |
* +-----+ +
* | ... | Secure Write Protect Entry 1 |
* +-----+ +
* | 63 | |
* +-----+---+---+---+---+---+---+---+----+
* | 64 | |
* +-----+ +
* | ... | Secure Write Protect Entry 1 |
* +-----+ +
* | 79 | |
* +-----+---+---+---+---+---+---+---+----+
* | 80 | |
* +-----+ +
* | ... | Reserved |
* +-----+ +
* | 255 | |
* +-----+---+---+---+---+---+---+---+----+
*
* @since 12
* @version 1.0
*/
struct rpmb_protect_cfg_block {
uint8_t lun;
uint8_t data_length;
uint8_t reserved[SEC_WRITE_PROTECT_FRAME_RESERVED_NUM];
struct rpmb_protect_cfg_blk_entry entries[SEC_WRITE_PROTECT_ENTRY_NUM];
uint8_t reserved_end[SEC_WRITE_PROTECT_FRAME_RESERVED_END_NUM];
}__attribute__((packed));
/**
* @brief Write protect config block by RPMB driver.
*
* @param lun Indicates the logical unit to which secure write protection shall apply,
* and <b>0</b> <= lun <= {@code SEC_WRITE_PROTECT_LUN_MAX}
* @param entries Indicates the Secure Write Protect Entry array, The maximum length is 4.
* @param len Indicates the real length of the Secure Write Protect Entry array, which value is less than 4.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if the input parameter is incorrect.
* Returns {@code TEE_ERROR_OUT_OF_MEMORY} if the send message fail.
*
* @since 12
* @version 1.0
*/
TEE_Result tee_ext_rpmb_protect_cfg_blk_write(uint8_t lun, struct rpmb_protect_cfg_blk_entry *entries, uint32_t len);
/**
* @brief Read protect config block by RPMB driver.
*
* @param lun Indicates the logical unit to which secure read protection shall apply,
* and 0 <= lun <= <b>SEC_WRITE_PROTECT_LUN_MAX</b>.
* @param entries Indicates the Secure Read Protect Entry array, The maximum length is 4.
* @param len Indicates the real length of the Secure Read Protect Entry array, which value is less than 4.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if the input parameter is incorrect.
* Returns {@code TEE_ERROR_OUT_OF_MEMORY} if the send message fail.
*
* @since 12
* @version 1.0
*/
TEE_Result tee_ext_rpmb_protect_cfg_blk_read(uint8_t lun, struct rpmb_protect_cfg_blk_entry *entries, uint32_t *len);
/**
* @brief Write plaintext buffer to RPMB driver.
*
* @param buf Indicates the buffer for writing data.
* @param size Indicates the length of buffer, the maximum value is 1024.
* @param block Indicates the block index of the position of start block, the value is [0, 3].
* @param offset Indicates the offset bytes of data position, and the value of offest bytes is less than 256.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if the input parameter is incorrect.
* Returns {@code TEE_ERROR_OUT_OF_MEMORY} if the send message fail.
*
* @since 12
* @version 1.0
*/
TEE_Result tee_ext_rpmb_driver_write(const uint8_t *buf, size_t size, uint32_t block, uint32_t offset);
/**
* @brief Read plaintext buffer from RPMB driver.
*
* @param buf Indicates the buffer for read data.
* @param size Indicates the length of buffer, the maximum value is 1024.
* @param block Indicates the block index of the position of start block, the value is [0, 3].
* @param offset Indicates the offset bytes of data position, and the value of offest bytes is less than 256.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if the input parameter is incorrect.
* Returns {@code TEE_ERROR_OUT_OF_MEMORY} if the send message fail.
*
* @since 12
* @version 1.0
*/
TEE_Result tee_ext_rpmb_driver_read(uint8_t *buf, size_t size, uint32_t block, uint32_t offset);
/**
* @brief Remove data from RPMB driver.
*
* @param size Indicates the length of remove data, the maximum value is 1024.
* @param block Indicates the block index of the position of start block, the value is [0, 3].
* @param offset Indicates the offset bytes of data position, and the value of offest bytes is less than 256.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if the input parameter is incorrect.
* Returns {@code TEE_ERROR_OUT_OF_MEMORY} if the send message fail.
*
* @since 12
* @version 1.0
*/
TEE_Result tee_ext_rpmb_driver_remove(size_t size, uint32_t block, uint32_t offset);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

297
tee/include/rpmb_fcntl.h Normal file
View File

@ -0,0 +1,297 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef RPMB_RPMB_FCNTL_H
#define RPMB_RPMB_FCNTL_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file rpmb_fcntl.h
*
* @brief Provides the APIs related to RPMB service.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Partition initialization, perform RPMB Key writing and formatting operations.
*
* @attention This function only needs to be executed once.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_RPMB_GENERIC} if the RPMB controller general error.
* Returns {@code TEE_ERROR_RPMB_MAC_FAIL} if the RPMB controller MAC check error.
* Returns {@code TEE_ERROR_RPMB_RESP_UNEXPECT_MAC} if the RPMB response data MAC check error.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_RPMB_FS_Init(void);
/**
* @brief RPMB secure storage fully formatted operation.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_RPMB_GENERIC} if the RPMB controller general error.
* Returns {@code TEE_ERROR_RPMB_MAC_FAIL} if the RPMB controller MAC check error.
* Returns {@code TEE_ERROR_RPMB_RESP_UNEXPECT_MAC} if the RPMB response data MAC check error.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_RPMB_FS_Format(void);
/**
* @brief Write files to RPMB.
*
* @attention If you want to improve the performance of writing files, you need to define the heap size in TA's
* manifest to be at leaset 3 times the file size plus 256KB.
* For example: To write a file with a size of 100KB, the defined heap size is at least
* 556KB (3 * 100 + 256). If the heap size cannot be satisfied, the file writing will still succeed,
* but the performance will be poor.
*
* @param filename Indicates the file name of the data to be written, the maximum length is 64 bytes.
* @param buf Indicates the buffer for writting data.
* @param size Indicates the size of the written data, the maximum size is 160KB.
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect, or the file name is longer than 64
* bytes.
* Returns {@code TEE_ERROR_RPMB_NOSPC} if the RPMB partition has insufficient disk space.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_RPMB_FS_Write(const char *filename, const uint8_t *buf, size_t size);
/**
* @brief Read files from RPMB.
*
* @attention If you want to improve the performance of reading files, you need to define the heap size in TA's
* manifest to be at leaset 3 times the file size plus 256KB.
* For example: To read a file with a size of 100KB, the defined heap size is at least
* 556KB (3 * 100 + 256). If the heap size cannot be satisfied, the file reading will still succeed,
* but the performance will be poor.
*
* @param filename Indicates the file name of the data to be read, the maximum length is 64 bytes.
* @param buf Indicates the buffer for reading data.
* @param size Indicates the read data size.
* @param count Indicates the size of the actual read.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect, or the file name is longer than 64
* bytes.
* Returns {@code TEE_ERROR_RPMB_FILE_NOT_FOUND} if the file dose not exist.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_RPMB_FS_Read(const char *filename, uint8_t *buf, size_t size, uint32_t *count);
/**
* @brief Rename file name in RPMB.
*
* @param old_name Indicates the old file name.
* @param new_name Indicates the new file name.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect, or the file name is longer than 64
* bytes.
* Returns {@code TEE_ERROR_RPMB_FILE_NOT_FOUND} if the file dose not exist.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_RPMB_FS_Rename(const char *old_name, const char *new_name);
/**
* @brief Delete files in RPMB.
*
* @param filename Indicates the file name to be deleted.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect, or the file name is longer than 64
* bytes.
* Returns {@code TEE_ERROR_RPMB_FILE_NOT_FOUND} if the file dose not exist.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_RPMB_FS_Rm(const char *filename);
/**
* @brief File status stored in RPMB partition, used in {@code TEE_RPMB_FS_Stat}.
*
* @since 12
*/
struct rpmb_fs_stat {
/** Indicates the file size. */
uint32_t size;
uint32_t reserved;
};
/**
* @brief Get file status in RPMB.
*
* @param filename Indicates the file name in RPMB.
* @param stat Indicates the file status information obtained.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect, or the file name is longer than 64
* bytes.
* Returns {@code TEE_ERROR_RPMB_FILE_NOT_FOUND} if the file dose not exist.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_RPMB_FS_Stat(const char *filename, struct rpmb_fs_stat *stat);
/**
* @brief Disk status stored in RPMB partition, used in {@code TEE_RPMB_FS_StatDisk}.
*
* @since 12
*/
struct rpmb_fs_statdisk {
/** Indicates the total size of RPMB partition. */
uint32_t disk_size;
/** Indicates the TA used size. */
uint32_t ta_used_size;
/** Indicates the free size of the RPMB partition. */
uint32_t free_size;
uint32_t reserved;
};
/**
* @brief Get the disk status.
*
* @param stat Indicates the disk status information obtained.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_RPMB_FS_StatDisk(struct rpmb_fs_statdisk *stat);
/**
* @brief File attribute definition, which means that the file cannot be erased during the factory reset.
*
* @since 12
*/
#define TEE_RPMB_FMODE_NON_ERASURE (1U << 0)
/**
* @brief File attribute definition, which means the attribute value of the cleard file.
*
* @since 12
*/
#define TEE_RPMB_FMODE_CLEAR 0
/**
* @brief Set the file attribute in RPMB.
*
* @param filename Indicates the file name in RPMB.
* @param fmode Indicates the file attribute, currently supports {@code TEE_RPMB_FMODE_NON_ERASURE} and
* {@code TEE_RPMB_FMODE_CLEAR} two attributes, other values will return {@code TEE_ERROR_BAD_PARAMETERS}.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect,
* or the file name is longer than 64 bytes.
* Returns {@code TEE_ERROR_RPMB_FILE_NOT_FOUND} if the file dose not exist.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_RPMB_FS_SetAttr(const char *filename, uint32_t fmode);
/**
* @brief Format, delete file attribute is erasable file, keep the file attribute is an inerasable file.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_RPMB_GENERIC} if the RPMB controller general error.
* Returns {@code TEE_ERROR_RPMB_MAC_FAIL} if the RPMB controller MAC check error.
* Returns {@code TEE_ERROR_RPMB_RESP_UNEXPECT_MAC} if the RPMB response data MAC check error.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_RPMB_FS_Erase(void);
/**
* @brief Enumerates the types of RPMB key status, used in {@code TEE_RPMB_KEY_Status}.
*
* @since 12
*/
enum TEE_RPMB_KEY_STAT {
/** RPMB Key status is invalid. */
TEE_RPMB_KEY_INVALID = 0x0,
/** RPMB Key has been programmed and matched correctly. */
TEE_RPMB_KEY_SUCCESS,
/** RPMB Key is not programmed. */
TEE_RPMB_KEY_NOT_PROGRAM,
/** RPMB Key has been programmed but failed to match. */
TEE_RPMB_KEY_NOT_MATCH,
};
/**
* @brief Obtain RPMB Key status.
*
* @return Returns {@code TEE_RPMB_KEY_SUCCESS} if the RPMB Key has been programmed and matched correctly.
* Returns {@code TEE_RPMB_KEY_NOT_PROGRAM} if the RPMB Key is not programmed.
* Returns {@code TEE_RPMB_KEY_NOT_MATCH} if RPMB Key has been programmed but failed to match.
* Returns {@code TEE_RPMB_KEY_INVALID} if the RPMB Key status is invalid.
*
* @since 12
* @version 1.0
*/
uint32_t TEE_RPMB_KEY_Status(void);
/**
* @brief Process the current TA version information.
*
* @param ta_version Indicates the TA version.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
* Returns {@code TEE_ERROR_GENERIC} if the processing failed.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_RPMB_TAVERSION_Process(uint32_t ta_version);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

578
tee/include/tee_arith_api.h Normal file
View File

@ -0,0 +1,578 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TEE_ARITH_API_H
#define TEE_ARITH_API_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_arith_api.h
*
* @brief Provides APIs for operating big integers.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include <tee_defines.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef uint32_t TEE_BigInt;
typedef uint32_t TEE_BigIntFMM;
typedef uint32_t TEE_BigIntFMMContext;
/**
* @brief Obtains the size of the array of uint32_t values required to represent a <b>BigInt</b>.
*
* @param n Indicates the <b>TEE_BigInt</b> type.
*
* @return Returns the <b>BigInt</b> size obtained.
*
* @since 12
* @version 1.0
*/
#define TEE_BigIntSizeInU32(n) ((((n) + 31) / 32) + 2)
/**
* @brief Obtains the size of the array of uint32_t values.
*
* @param modulusSizeInBits Indicates the modulus size, in bits.
*
* @return Returns the number of bytes required to store a <b>TEE_BigIntFMM</b>,
* given a modulus of length <b>modSizeInBits</b>.
*
* @since 12
* @version 1.0
*/
size_t TEE_BigIntFMMSizeInU32(size_t modulusSizeInBits);
/**
* @brief Obtains the size of an array of uint32_t values required to represent a fast modular context.
*
* @param modulusSizeInBits Indicates the modulus size, in bits.
*
* @return Returns the number of bytes required to store a <b>TEE_BigIntFMMContext</b>,
* given a modulus of length <b>modSizeInBits</b>.
*
* @since 12
* @version 1.0
*/
size_t TEE_BigIntFMMContextSizeInU32(size_t modulusSizeInBits);
/**
* @brief Initializes a <b>TEE_BigInt</b>.
*
* @param bigInt Indicates the pointer to the <b>TEE_BigInt</b> to initialize.
* @param len Indicates the size of the memory pointed to by <b>TEE_BigInt</b>, in uint32_t.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntInit(TEE_BigInt *bigInt, size_t len);
/**
* @brief Calculates the necessary prerequisites for fast modular multiplication and stores them in a context.
*
* @param context Indicates the pointer to the <b>TEE_BigIntFMMContext</b> to initialize.
* @param len Indicates the size of the memory pointed to by <b>context</b>, in uint32_t.
* @param modulus Indicates the pointer to the modulus.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntInitFMMContext(TEE_BigIntFMMContext *context, size_t len, const TEE_BigInt *modulus);
/**
* @brief Calculates the necessary prerequisites for fast modular multiplication and stores them in a context.
*
* @param context Indicates the pointer to the <b>TEE_BigIntFMMContext</b> to initialize.
* @param len Indicates the size of the memory pointed to by <b>context</b>, in uint32_t.
* @param modulus Indicates the pointer to the modulus.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns other values if the operation fails.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_BigIntInitFMMContext1(TEE_BigIntFMMContext *context, size_t len, const TEE_BigInt *modulus);
/**
* @brief Initializes a <b>TEE_BigIntFMM</b> and sets its represented value to zero.
*
* @param bigIntFMM Indicates the pointer to the <b>TEE_BigIntFMM</b> to initialize.
* @param len Indicates the size of the memory pointed to by <b>bigIntFMM</b>, in uint32_t.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntInitFMM(TEE_BigIntFMM *bigIntFMM, size_t len);
/**
* @brief Converts an octet string buffer into the <b>TEE_BigInt</b> format.
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> that holds the result.
* @param buffer Indicates the pointer to the buffer that holds the octet string representation of the integer.
* @param bufferLen Indicates the buffer length, in bytes.
* @param sign Indicates the sign of <b>dest</b>, which is set to the sign of <b>sign</b>.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_OVERFLOW</b> if the memory allocated for <b>dest</b> is too small.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_BigIntConvertFromOctetString(TEE_BigInt *dest, const uint8_t *buffer, size_t bufferLen, int32_t sign);
/**
* @brief Converts the absolute value of an integer in <b>TEE_BigInt</b> format into an octet string.
*
* @param buffer Indicates the pointer to the output buffer that holds the converted octet string representation
* of the integer.
* @param bufferLen Indicates the pointer to the buffer length, in bytes.
* @param bigInt Indicates the pointer to the integer to convert.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_SHORT_BUFFER</b> if the output buffer is too small to hold the octet string.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_BigIntConvertToOctetString(void *buffer, size_t *bufferLen, const TEE_BigInt *bigInt);
/**
* @brief Sets <b>dest</b> to the value <b>shortVal</b>.
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> that holds the result.
* @param shortVal Indicates the value to set.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntConvertFromS32(TEE_BigInt *dest, int32_t shortVal);
/**
* @brief Sets <b>dest</b> to the value of <b>src</b>, including the sign of <b>src</b>.
*
* @param dest Indicates the pointer to the <b> int32_t</b> that holds the result.
* @param src Indicates the pointer to the value to set.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_OVERFLOW</b> if <b>src</b> does not fit within an <b> int32_t</b>.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_BigIntConvertToS32(int32_t *dest, const TEE_BigInt *src);
/**
* @brief Checks whether op1 > op2, op1 == op2, or op1 < op2.
*
* @param op1 Indicates the pointer to the first operand.
* @param op2 Indicates the pointer to the second operand.
*
* @return Returns <b>0</b> if op1 == op2.
* Returns a positive number if op1 > op2.
*
* @since 12
* @version 1.0
*/
int32_t TEE_BigIntCmp(const TEE_BigInt *op1, const TEE_BigInt *op2);
/**
* @brief Checks whether op > shortVal, op == shortVal, or op < shortVal.
*
* @param op Indicates the pointer to the first operand.
* @param shortVal Indicates the pointer to the second operand.
*
* @return Returns <b>0</b> if op1 == shortVal.
* Returns a positive number if op1 > shortVal.
*
* @since 12
* @version 1.0
*/
int32_t TEE_BigIntCmpS32(const TEE_BigInt *op, int32_t shortVal);
/**
* @brief Computes |dest| = |op| >> bits.
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> that holds the shifted result.
* @param op Indicates the pointer to the operand to be shifted.
* @param bits Indicates the number of bits to shift.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntShiftRight(TEE_BigInt *dest, const TEE_BigInt *op, size_t bits);
/**
* @brief Obtains the <b>bitIndex</b> bit of the natural binary representation of |src|.
*
* @param src Indicates the pointer to the integer.
* @param bitIndex Indicates the offset of the bit to read, starting from offset <b>0</b> of the least significant bit.
*
* @return Returns the Boolean value of <b>bitIndexth</b> in |src|. The value <b>true</b> represents a <b>1</b>,
* and <b>false</b> represents a <b>0</b>.
*
* @since 12
* @version 1.0
*/
bool TEE_BigIntGetBit(const TEE_BigInt *src, uint32_t bitIndex);
/**
* @brief Obtains the number of bits in the natural binary representation of |src|,
* that is, the magnitude of <b>src</b>.
*
* @param src Indicates the pointer to the integer.
*
* @return Returns <b>0</b> if <b>src</b> is <b>0</b>.
* Returns the number of bits in the natural binary representation of <b>src</b>.
*
* @since 12
* @version 1.0
*/
uint32_t TEE_BigIntGetBitCount(const TEE_BigInt *src);
#if defined(API_LEVEL) && (API_LEVEL >= API_LEVEL1_2)
/**
* @brief Sets the first bit of <b>bitIndex</b> in the natural binary representation of <b>op</b> to
* <b>1</b> or <b>0</b>.
*
* @param op Indicates the pointer to the integer.
* @param bitIndex Indicates the offset of the bit to set, starting from offset <b>0</b> of the least significant bit.
* @param value Indicates the bit value to set. The value <b>true</b> represents a <b>1</b>, and the value <b>false</b>
* represents a <b>0</b>.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_OVERFLOW bitIndexth</b> if the <b>bitIndexth</b> bit is larger than the allocated bit
* length of <b>op</b>.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_BigIntSetBit(TEE_BigInt *op, uint32_t bitIndex, bool value);
/**
* @brief Assigns the value of <b>src</b> to <b>dest</b>.
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> to be assigned.
* @param src Indicates the pointer to the source operand.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_OVERFLOW</b> if the <b>dest</b> operand cannot hold the value of <b>src</b>.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_BigIntAssign(TEE_BigInt *dest, const TEE_BigInt *src);
/**
* @brief Assigns the value of <b>src</b> to <b>dest</b>.
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> to be assigned.
* @param src Indicates the pointer to the source operand.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_OVERFLOW</b> if the <b>dest</b> operand cannot hold the value of <b>src</b>.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_BigIntAbs(TEE_BigInt *dest, const TEE_BigInt *src);
#endif /* API_LEVEL */
/**
* @brief Computes dest = op1 + op2.
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> that holds the sum of <b>op1</b> and <b>op2</b>.
* @param op1 Indicates the pointer to the first operand.
* @param op2 Indicates the pointer to the second operand.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntAdd(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2);
/**
* @brief Computes dest = op1 op2.
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> that holds the difference between <b>op1</b>
* and <b>op2</b>.
* @param op1 Indicates the pointer to the first operand.
* @param op2 Indicates the pointer to the second operand.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntSub(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2);
/**
* @brief Negates an operand: dest = op.
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> that holds the result op.
* @param op Indicates the pointer to the operand to be negated.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntNeg(TEE_BigInt *dest, const TEE_BigInt *op);
/**
* @brief Computes dest = op1 * op2.
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> that holds the product of <b>op1</b> and <b>op2</b>.
* @param op1 Indicates the pointer to the first operand.
* @param op2 Indicates the pointer to the second operand.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntMul(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2);
/**
* @brief Computes dest = op * op.
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> that holds the result op * op.
* @param op Indicates the pointer to the operand to be squared.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntSquare(TEE_BigInt *dest, const TEE_BigInt *op);
/**
* @brief Computes <b>dest_r</b> and <b>dest_q</b> to make op1 = dest_q* op2 + dest_r.
*
* @param dest_q Indicates the pointer to the <b>TEE_BigInt</b> that holds the quotient.
* @param dest_r Indicates the pointer to the <b>TEE_BigInt</b> that holds the remainder.
* @param op1 Indicates the pointer to the first operand, which is the dividend.
* @param op2 Indicates the pointer to the second operand, which is the divisor.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_BAD_PARAMETERS</b> if at least one parameter is null.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntDiv(TEE_BigInt *dest_q, TEE_BigInt *dest_r, const TEE_BigInt *op1, const TEE_BigInt *op2);
/**
* @brief Computes dest = op (mod n) to make 0 <= dest < n.
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> that holds the result op (mod n).
* @param op Indicates the pointer to the operand to be reduced mod n.
* @param n [IN] Indicates the pointer to the modulus, which must be greater than 1.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntMod(TEE_BigInt *dest, const TEE_BigInt *op, const TEE_BigInt *n);
/**
* @brief Computes dest = (op1 + op2) (mod n).
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> that holds the result op (op1 + op2)(mod n).
* @param op1 Indicates the pointer to the first operand.
* @param op2 Indicates the pointer to the second operand.
* @param n Indicates the pointer to the modulus, which must be greater than 1.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntAddMod(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2, const TEE_BigInt *n);
/**
* @brief Computes dest = (op1 op2) (mod n).
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> that holds the result op (op1 op2)(mod n).
* @param op1 Indicates the pointer to the first operand.
* @param op2 Indicates the pointer to the second operand.
* @param n Indicates the pointer to the modulus, which must be greater than 1.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntSubMod(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2, const TEE_BigInt *n);
/**
* @brief Computes dest = (op1* op2)(mod n).
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> that holds the result op (op1 * op2)(mod n).
* @param op1 Indicates the pointer to the first operand.
* @param op2 Indicates the pointer to the second operand.
* @param n Indicates the pointer to the modulus, which must be greater than 1.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntMulMod(TEE_BigInt *dest, const TEE_BigInt *op1, const TEE_BigInt *op2, const TEE_BigInt *n);
/**
* @brief Computes dest = (op * op) (mod n).
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> that holds the result op (op * op)(mod n).
* @param op Indicates the pointer to the operand.
* @param n [IN] Indicates the pointer to the modulus, which must be greater than 1.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntSquareMod(TEE_BigInt *dest, const TEE_BigInt *op, const TEE_BigInt *n);
/**
* @brief Computes <b>dest</b> to make dest* op = 1 (mod n).
*
* @param dest Indicates the pointer to the <b>TEE_BigInt</b> that holds the result (op^1)(mod n).
* @param op Indicates the pointer to the operand.
* @param n [IN] Indicates the pointer to the modulus, which must be greater than 1.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntInvMod(TEE_BigInt *dest, const TEE_BigInt *op, const TEE_BigInt *n);
/**
* @brief Checks whether gcd(op1, op2) == 1.
*
* @param op1 Indicates the pointer to the first operand.
* @param op2 Indicates the pointer to the second operand.
*
* @return Returns <b>true</b> if gcd(op1, op2) == 1.
* Returns <b>false</b> if gcd(op1, op2) != 1.
*
* @since 12
* @version 1.0
*/
bool TEE_BigIntRelativePrime(const TEE_BigInt *op1, const TEE_BigInt *op2);
/**
* @brief Computes the greatest common divisor of <b>op1</b> and <b>op2</b>.
*
* @param gcd Indicates the pointer to the <b>TEE_BigInt</b> that holds the greatest common divisor of <b>op1</b>
* and <b>op2</b>.
* @param u Indicates the pointer to the <b>TEE_BigInt</b> that holds the first coefficient.
* @param v Indicates the pointer to the <b>TEE_BigInt</b> that holds the second coefficient.
* @param op1 Indicates the pointer to the first operand.
* @param op2 Indicates the pointer to the second operand.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntComputeExtendedGcd(TEE_BigInt *gcd, TEE_BigInt *u, TEE_BigInt *v, const TEE_BigInt *op1,
const TEE_BigInt *op2);
/**
* @brief Performs a probabilistic primality test on <b>op</b>.
*
* @param op Indicates the pointer to the candidate number that is tested for primality.
* @param confidenceLevel Indicates the expected confidence level for a non-conclusive test.
*
* @return Returns <b>0</b> if <b>op</b> is a composite number.
* Returns <b>1</b> if <b>op</b> is a prime number.
* Returns <b>1</b> if the test is non-conclusive but the probability that <b>op</b> is composite is
* less than 2^(-confidenceLevel).
*
* @since 12
* @version 1.0
*/
int32_t TEE_BigIntIsProbablePrime(const TEE_BigInt *op, uint32_t confidenceLevel);
/**
* @brief Converts <b>src</b> into a representation suitable for doing fast modular multiplication.
*
* @param dest Indicates the pointer to an initialized <b>TEE_BigIntFMM</b> memory area.
* @param src Indicates the pointer to the <b>TEE_BigInt</b> to convert.
* @param n Indicates the pointer to the modulus.
* @param context Indicates the pointer to the context that is previously initialized using
* {@link TEE_BigIntInitFMMContext1}.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntConvertToFMM(TEE_BigIntFMM *dest, const TEE_BigInt *src, const TEE_BigInt *n,
const TEE_BigIntFMMContext *context);
/**
* @brief Converts <b>src</b> in the fast modular multiplication representation back to a
* <b>TEE_BigInt</b> representation.
*
* @param dest Indicates the pointer to an initialized <b>TEE_BigIntFMM</b> memory area to store the converted result.
* @param src Indicates the pointer to a <b>TEE_BigIntFMM</b> holding the value in the fast modular multiplication
* representation.
* @param n Indicates the pointer to the modulus.
* @param context Indicates the pointer to the context that is previously initialized using
* {@link TEE_BigIntInitFMMContext1}.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntConvertFromFMM(TEE_BigInt *dest, const TEE_BigIntFMM *src, const TEE_BigInt *n,
const TEE_BigIntFMMContext *context);
/**
* @brief Computes dest = op1* op2 in the fast modular multiplication representation.
*
* @param dest Indicates the pointer to the <b>TEE_BigIntFMM</b> that holds the result op1* op2.
* @param op1 Indicates the pointer to the first operand.
* @param op2 Indicates the pointer to the second operand.
* @param n Indicates the pointer to the modulus.
* @param context Indicates the pointer to the context that is previously initialized using
* {@link TEE_BigIntInitFMMContext1}.
*
* @since 12
* @version 1.0
*/
void TEE_BigIntComputeFMM(TEE_BigIntFMM *dest, const TEE_BigIntFMM *op1, const TEE_BigIntFMM *op2, const TEE_BigInt *n,
const TEE_BigIntFMMContext *context);
/**
* @brief Computes dest = (op1 ^ op2)(mod n).
*
* @param des Indicates the pointer to the <b>TEE_BigInt</b> that holds the result (op1 ^ op2)(mod n).
* @param op1 Indicates the pointer to the first operand.
* @param op2 Indicates the pointer to the second operand.
* @param n Indicates the pointer to the modulus.
* @param context Indicates the pointer to the context that is previously initialized using
* {@link TEE_BigIntInitFMMContext1} or initialized to null.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_NOT_SUPPORTED</b> if the value of <b>n</b> is not supported.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_BigIntExpMod(TEE_BigInt *des, TEE_BigInt *op1, const TEE_BigInt *op2, const TEE_BigInt *n,
TEE_BigIntFMMContext *context);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

245
tee/include/tee_client_api.h Normal file
View File

@ -0,0 +1,245 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TEE_CLIENT_API_H
#define TEE_CLIENT_API_H
/**
* @addtogroup TeeClient
* @{
*
* @brief Provides APIs for the client applications (CAs) in the Rich Execution Environment (normal mode) to
* access the trusted applications (TAs) in a Trusted Execution Environment (TEE).
*
* @since 12
* @version 1.0
*/
/**
* @file tee_client_api.h
*
* @brief Defines APIs for CAs to access TAs.
*
* <p> Example:
* <p>1. Initialize a TEE: Call <b>TEEC_InitializeContext</b> to initialize the TEE.
* <p>2. Open a session: Call <b>TEEC_OpenSession</b> with the Universal Unique Identifier (UUID) of the TA.
* <p>3. Send a command: Call <b>TEEC_InvokeCommand</b> to send a command to the TA.
* <p>4. Close the session: Call <b>TEEC_CloseSession</b> to close the session.
* <p>5. Close the TEE: Call <b>TEEC_FinalizeContext</b> to close the TEE.
*
* @library libteec.so
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include <string.h>
#include "tee_client_type.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Defines the values of the parameters transmitted between the REE and TEE.
*
* @since 12
* @version 1.0
*/
#define TEEC_PARAM_TYPES(param0Type, param1Type, param2Type, param3Type) \
((param3Type) << 12 | (param2Type) << 8 | (param1Type) << 4 | (param0Type))
/**
* @brief Defines the value of the parameter specified by <b>paramTypes</b> and <b>index</b>.
*
* @since 12
* @version 1.0
*/
#define TEEC_PARAM_TYPE_GET(paramTypes, index) \
(((paramTypes) >> (4*(index))) & 0x0F)
/**
* @brief Initializes a TEE.
*
* The TEE must be initialized before a session is open or commands are sent.
* After the initialization, a connection is set up between the CA and the TEE.
*
* @param name [IN] Indicates the pointer to the TEE path.
* @param context [IN/OUT] Indicates the context pointer, which is the handle of the TEE.
*
* @return Returns {@code TEEC_SUCCESS} if the TEE is successfully initialized.
* Returns {@code TEEC_ERROR_BAD_PARAMETERS} if <b>name</b> is incorrect or <b>context</b> is null.
* Returns {@code TEEC_ERROR_GENERIC} if the available system resources are insufficient.
*
* @since 12
* @version 1.0
*/
TEEC_Result TEEC_InitializeContext(const char *name, TEEC_Context *context);
/**
* @brief Closes the TEE.
*
* After the TEE is closed, the CA is disconnected from the TEE.
*
* @param context [IN/OUT] Indicates the pointer to the TEE that is successfully initialized.
*
* @since 12
* @version 1.0
*/
void TEEC_FinalizeContext(TEEC_Context *context);
/**
* @brief Opens a session.
*
* This function is used to set up a connection between the CA and the TA of the specified UUID in the specified TEE
* context. The data to be transferred is contained in <b>operation</b>.
* If a session is opened successfully, <b>session</b> is returned providing a description of the connection.
* If the session fails to open, <b>returnOrigin</b> is returned indicating the cause of the failure.
*
* @param context [IN/OUT] Indicates the pointer to the TEE that is successfully initialized.
* @param session [OUT] Indicates the pointer to the session. The value cannot be null.
* @param destination [IN] Indicates the pointer to the UUID of the target TA. Each TA has a unique UUID.
* @param connectionMethod [IN] Indicates the connection method. For details, see {@link TEEC_LoginMethod}.
* @param connectionData [IN] Indicates the pointer to the connection data, which varies with the connection mode.
* If the connection mode is {@code TEEC_LOGIN_PUBLIC}, {@code TEEC_LOGIN_USER},
* {@code TEEC_LOGIN_USER_APPLICATION}, or {@code TEEC_LOGIN_GROUP_APPLICATION}, the connection data must be null.
* If the connection mode is {@code TEEC_LOGIN_GROUP} or {@code TEEC_LOGIN_GROUP_APPLICATION},
* the connection data must point to data of the uint32_t type, which indicates the target group user to be connected
* by the CA.
* @param operation [IN/OUT] Indicates the pointer to the data to be transmitted between the CA and TA.
* @param returnOrigin [IN/OUT] Indicates the pointer to the error source.
* For details, see {@code TEEC_ReturnCodeOrigin}.
*
* @return Returns {@code TEEC_SUCCESS} if the session is open successfully.
* Returns {@code TEEC_ERROR_BAD_PARAMETERS} if <b>context</b>, <b>session</b>, or <b>destination</b> is null.
* Returns {@code TEEC_ERROR_ACCESS_DENIED} if the access request is denied.
* Returns {@code TEEC_ERROR_OUT_OF_MEMORY} if the available system resources are insufficient.
* Returns {@code TEEC_ERROR_TRUSTED_APP_LOAD_ERROR} if the TA failed to be loaded.
* For details about other return values, see {@code TEEC_ReturnCode}.
*
* @since 12
* @version 1.0
*/
TEEC_Result TEEC_OpenSession(TEEC_Context *context, TEEC_Session *session, const TEEC_UUID *destination,
uint32_t connectionMethod, const void *connectionData, TEEC_Operation *operation, uint32_t *returnOrigin);
/**
* @brief Closes a session.
*
* After the session is closed, the CA is disconnected from the TA.
*
* @param session [IN/OUT] Indicates the pointer to the session to close.
*
* @since 12
* @version 1.0
*/
void TEEC_CloseSession(TEEC_Session *session);
/**
* @brief Sends a command to a TA.
*
* The CA sends the command ID to the TA through the specified session.
*
* @param session [IN/OUT] Indicates the pointer to the session opened.
* @param commandID [IN] Indicates the command ID supported by the TA. It is defined by the TA.
* @param operation [IN/OUT] Indicates the pointer to the data to be sent from the CA to the TA.
* @param returnOrigin [IN/OUT] Indicates the pointer to the error source.
* For details, see {@code TEEC_ReturnCodeOrigin}.
*
* @return Returns {@code TEEC_SUCCESS} if the command is sent successfully.
* Returns {@code TEEC_ERROR_BAD_PARAMETERS} if <b>session</b> is null or
* <b>operation</b> is in incorrect format.
* Returns {@code TEEC_ERROR_ACCESS_DENIED} if the access request is denied.
* Returns {@code TEEC_ERROR_OUT_OF_MEMORY} if the available system resources are insufficient.
* For details about other return values, see {@code TEEC_ReturnCode}.
*
* @since 12
* @version 1.0
*/
TEEC_Result TEEC_InvokeCommand(TEEC_Session *session, uint32_t commandID,
TEEC_Operation *operation, uint32_t *returnOrigin);
/**
* @brief Registers shared memory in the specified TEE context.
*
* The registered shared memory can implement zero-copy.
* The zero-copy function, however, also requires support by the operating system.
* At present, zero-copy cannot be implemented in this manner.
*
* @param context [IN/OUT] Indicates the pointer to the TEE that is successfully initialized.
* @param sharedMem [IN/OUT] Indicates the pointer to the shared memory.
* The pointed shared memory cannot be null and the size cannot be 0.
*
* @return Returns {@code TEEC_SUCCESS} if the operation is successful.
* Returns {@code TEEC_ERROR_BAD_PARAMETERS} if <b>context</b> or <b>sharedMem</b> is null or
* the pointed memory is empty.
*
* @since 12
* @version 1.0
*/
TEEC_Result TEEC_RegisterSharedMemory(TEEC_Context *context, TEEC_SharedMemory *sharedMem);
/**
* @brief Requests shared memory in the specified TEE context.
*
* The shared memory can be used to implement zero-copy during data transmission between the REE and TEE.
* The zero-copy function, however, also requires support by the operating system.
* At present, zero-copy cannot be implemented in this manner.
*
* @attention If the <b>size</b> field of the input parameter <b>sharedMem</b> is set to <b>0</b>, <b>TEEC_SUCCESS</b>
* will be returned but the shared memory cannot be used because this memory has neither an address nor size.
* @param context [IN/OUT] Indicates the pointer to the TEE that is successfully initialized.
* @param sharedMem [IN/OUT] Indicates the pointer to the shared memory. The size of the shared memory cannot be 0.
*
* @return Returns {@code TEEC_SUCCESS} if the operation is successful.
* Returns {@code TEEC_ERROR_BAD_PARAMETERS} if <b>context</b> or <b>sharedMem</b> is null.
* Returns {@code TEEC_ERROR_OUT_OF_MEMORY} if the available system resources are insufficient.
*
* @since 12
* @version 1.0
*/
TEEC_Result TEEC_AllocateSharedMemory(TEEC_Context *context, TEEC_SharedMemory *sharedMem);
/**
* @brief Releases the shared memory registered or acquired.
*
* @attention If the shared memory is acquired by using {@code TEEC_AllocateSharedMemory},
* the memory released will be reclaimed. If the shared memory is acquired by using {@code TEEC_RegisterSharedMemory},
* the local memory released will not be reclaimed.
* @param sharedMem [IN/OUT] Indicates the pointer to the shared memory to release.
*
* @since 12
* @version 1.0
*/
void TEEC_ReleaseSharedMemory(TEEC_SharedMemory *sharedMem);
/**
* @brief Cancels an operation.
*
* @attention This operation is only used to send a cancel message. Whether to perform the cancel operation is
* determined by the TEE or TA.
* At present, the cancel operation does not take effect.
* @param operation [IN/OUT] Indicates the pointer to the data to be sent from the CA to the TA.
*
* @since 12
* @version 1.0
*/
void TEEC_RequestCancellation(TEEC_Operation *operation);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

227
tee/include/tee_client_constants.h Normal file
View File

@ -0,0 +1,227 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TEE_CLIENT_CONSTANTS_H
#define TEE_CLIENT_CONSTANTS_H
/**
* @addtogroup TeeClient
* @{
*
* @brief Provides APIs for the client applications (CAs) in the Rich Execution Environment (normal mode) to
* access the trusted applications (TAs) in a Trusted Execution Environment (TEE).
*
* @since 12
* @version 1.0
*/
/**
* @file tee_client_constants.h
*
* @brief Defines public data and constants.
*
* @library libteec.so
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
/**
* @brief Defines the number of <b>TEEC_Parameter</b>s in <b>TEEC_Operation</b>.
*
* @since 12
* @version 1.0
*/
#define TEEC_PARAM_NUM 4
/**
* @brief Defines the error codes returned.
*
* @since 12
* @version 1.0
*/
enum TEEC_ReturnCode {
/** The operation is successful. */
TEEC_SUCCESS = 0x0,
/** Invalid command. The command is not supported by the TA. */
TEEC_ERROR_INVALID_CMD,
/** The TA does not exist. */
TEEC_ERROR_SERVICE_NOT_EXIST,
/** The session between the CA and TA does not exist. */
TEEC_ERROR_SESSION_NOT_EXIST,
/** The number of connections to the TA has reached the limit. */
TEEC_ERROR_SESSION_MAXIMUM,
/** The TA to be registered already exists. */
TEEC_ERROR_REGISTER_EXIST_SERVICE,
/** Secure OS framework error. */
TEEC_ERROR_TAGET_DEAD_FATAL,
/** Failed to read the file. */
TEEC_ERROR_READ_DATA,
/** Failed to write the file. */
TEEC_ERROR_WRITE_DATA,
/** Failed to truncate the file. */
TEEC_ERROR_TRUNCATE_OBJECT,
/** Failed to seek data. */
TEEC_ERROR_SEEK_DATA,
/** File synchronization error. */
TEEC_ERROR_FSYNC_DATA,
/** Failed to rename the file. */
TEEC_ERROR_RENAME_OBJECT,
/** Failed to load the TA when opening a session. */
TEEC_ERROR_TRUSTED_APP_LOAD_ERROR,
/** Failed to initialize the TA. */
TEEC_ERROR_GENERIC = 0xFFFF0000,
/** Permission verification failed. Permission verification is performed before a TEE or session is opened or
a command is sent. */
TEEC_ERROR_ACCESS_DENIED = 0xFFFF0001,
/** The operation is canceled. This error code is returned when you operate the parameter with
the cancallation flag. */
TEEC_ERROR_CANCEL = 0xFFFF0002,
/** Concurrent access causes permission conflict. Concurrent access to files in the trusted storage
service may cause this error. */
TEEC_ERROR_ACCESS_CONFLICT = 0xFFFF0003,
/** Too much data is passed in the requested operation for the TA to parse. */
TEEC_ERROR_EXCESS_DATA = 0xFFFF0004,
/** Incorrect data format. The TA failed to parse the parameters sent from the CA. */
TEEC_ERROR_BAD_FORMAT = 0xFFFF0005,
/** Invalid parameter. The input parameter is null or invalid. */
TEEC_ERROR_BAD_PARAMETERS = 0xFFFF0006,
/** The operation in the current state is invalid. This error code is returned if the trusted storage service is not
initialized when a trusted storage service operation is requested. */
TEEC_ERROR_BAD_STATE = 0xFFFF0007,
/** The requested data is not found. */
TEEC_ERROR_ITEM_NOT_FOUND = 0xFFFF0008,
/** The requested operation has not been implemented yet. This error code is returned when
<b>TEEC_RequestCancellation</b> is called. */
TEEC_ERROR_NOT_IMPLEMENTED = 0xFFFF0009,
/** The requested operation is valid but is not supported in this implementation. This error code is returned
when certain algorithms of the secure encryption and decryption service, such as DSA, are requested. */
TEEC_ERROR_NOT_SUPPORTED = 0xFFFF000A,
/** Expected data for the requested operation is not found. */
TEEC_ERROR_NO_DATA = 0xFFFF000B,
/** The available system resources are insufficient. */
TEEC_ERROR_OUT_OF_MEMORY = 0xFFFF000C,
/** The system is busy. Some resources are exclusively used by the system. */
TEEC_ERROR_BUSY = 0xFFFF000D,
/** Communication between an application in the REE and a TA failed. */
TEEC_ERROR_COMMUNICATION = 0xFFFF000E,
/** A security fault is detected in the TEE. */
TEEC_ERROR_SECURITY = 0xFFFF000F,
/** The supplied buffer is too short for the output generated.
This error may occur when {@code TEEC_MEMREF_TEMP_OUTPUT} is used. */
TEEC_ERROR_SHORT_BUFFER = 0xFFFF0010,
/** MAC value check error. */
TEEC_ERROR_MAC_INVALID = 0xFFFF3071,
/** The TA crashed. */
TEEC_ERROR_TARGET_DEAD = 0xFFFF3024,
/** Common error. */
TEEC_FAIL = 0xFFFF5002
};
/**
* @brief Defines the sources of the error codes returned.
*
* @since 12
* @version 1.0
*/
enum TEEC_ReturnCodeOrigin {
/** The error code indicates an error originated from the client API. */
TEEC_ORIGIN_API = 0x1,
/** The error code indicates an error originated from the communication between the REE and TEE. */
TEEC_ORIGIN_COMMS = 0x2,
/** The error code indicates an error originated within the TEE code. */
TEEC_ORIGIN_TEE = 0x3,
/** The error code indicates an error originated within the TA code. */
TEEC_ORIGIN_TRUSTED_APP = 0x4,
};
/**
* @brief Defines the identifiers of the shared memory.
*
* @since 12
* @version 1.0
*/
enum TEEC_SharedMemCtl {
/** The shared memory can carry data from CAs to TAs. */
TEEC_MEM_INPUT = 0x1,
/** The shared memory can carry data from TAs to CAs. */
TEEC_MEM_OUTPUT = 0x2,
/** The shared memory can carry data transmitted between CAs and TAs. */
TEEC_MEM_INOUT = 0x3,
};
/**
* @brief Defines the parameter types.
*
* @since 12
* @version 1.0
*/
enum TEEC_ParamType {
/** The parameter is not used. */
TEEC_NONE = 0x0,
/** The parameter is a {@code TEEC_Value} tagged as input. Data flows from a CA to a TA. */
TEEC_VALUE_INPUT = 0x01,
/** The parameter is a {@code TEEC_Value} tagged as output. Data flows from a TA to a CA. */
TEEC_VALUE_OUTPUT = 0x02,
/** The parameter is a {@code TEEC_Value} tagged as both input and output. */
TEEC_VALUE_INOUT = 0x03,
/** The parameter is a {@code TEEC_TempMemoryReference} tagged as input. Data flows from a CA to a TA. */
TEEC_MEMREF_TEMP_INPUT = 0x05,
/** The parameter is a {@code TEEC_TempMemoryReference} tagged as output. Data flows from a TA to a CA. */
TEEC_MEMREF_TEMP_OUTPUT = 0x06,
/** The parameter is a {@code TEEC_TempMemoryReference} tagged as both input and output.
Data is transmitted between a TA and a CA. */
TEEC_MEMREF_TEMP_INOUT = 0x07,
/** The parameter is a {@code TEEC_IonReference} tagged as input. Data flows from a CA to a TA**/
TEEC_ION_INPUT = 0x08,
/** The parameter is a {@code TEEC_IonSglistReference} tagged as input. Data flows from a CA to a TA**/
TEEC_ION_SGLIST_INPUT = 0x09,
/** The parameter is a {@code TEEC_RegisteredMemoryReference} that refers to the entire memory block.
The data flow is the same as that of {@code TEEC_SharedMemCtl}. */
TEEC_MEMREF_WHOLE = 0xc,
/** The parameter is a {@code TEEC_RegisteredMemoryReference} tagged as input. Data flows from a CA to a TA. */
TEEC_MEMREF_PARTIAL_INPUT = 0xd,
/** The parameter is a {@code TEEC_RegisteredMemoryReference} tagged as output. Data flows from a TA to a CA. */
TEEC_MEMREF_PARTIAL_OUTPUT = 0xe,
/** The parameter is a {@code TEEC_RegisteredMemoryReference} tagged as both input and output.
Data is transmitted between a TA and a CA. */
TEEC_MEMREF_PARTIAL_INOUT = 0xf
};
/**
* @brief Defines the login methods.
*
* @since 12
* @version 1.0
*/
enum TEEC_LoginMethod {
/** No login data is provided. */
TEEC_LOGIN_PUBLIC = 0x0,
/** The login data about the user running the CA process is provided. */
TEEC_LOGIN_USER,
/** The login data about the group running the CA process is provided. */
TEEC_LOGIN_GROUP,
/** The login data about the running CA is provided. */
TEEC_LOGIN_APPLICATION = 0x4,
/** The login data about the user running the CA process and about the CA are provided. */
TEEC_LOGIN_USER_APPLICATION = 0x5,
/** The login data about the group running the CA process and about the CA are provided. */
TEEC_LOGIN_GROUP_APPLICATION = 0x6,
/** Login method reserved for TEEOS. */
TEEC_LOGIN_IDENTIFY = 0x7,
};
/** @} */
#endif

212
tee/include/tee_client_type.h Normal file
View File

@ -0,0 +1,212 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TEE_CLIENT_TYPE_H
#define TEE_CLIENT_TYPE_H
/**
* @addtogroup TeeClient
* @{
*
* @brief Provides APIs for the client applications (CAs) in the Rich Execution Environment (normal mode) to
* access the trusted applications (TAs) in a Trusted Execution Environment (TEE).
*
* @since 12
* @version 1.0
*/
/**
* @file tee_client_type.h
*
* @brief Defines basic data types and data structures.
*
* @library libteec.so
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include <semaphore.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include "tee_client_constants.h"
/**
* @brief Defines the linked list type.
*
* @since 12
* @version 1.0
*/
struct ListNode {
struct ListNode *next;
struct ListNode *prev;
};
/**
* @brief Defines the return values.
*
* @since 12
* @version 1.0
*/
typedef enum TEEC_ReturnCode TEEC_Result;
/**
* @brief Defines the universally unique identifier (UUID) as defined in RFC4122 [2].
* The UUIDs are used to identify TAs.
*
* @since 12
* @version 1.0
*/
typedef struct {
uint32_t timeLow;
uint16_t timeMid;
uint16_t timeHiAndVersion;
uint8_t clockSeqAndNode[8];
} TEEC_UUID;
/**
* @brief Defines the context, a logical connection between a CA and a TEE.
*
* @since 12
* @version 1.0
*/
typedef struct {
int32_t fd;
uint8_t *ta_path;
struct ListNode session_list;
struct ListNode shrd_mem_list;
union {
struct {
void *buffer;
sem_t buffer_barrier;
} share_buffer;
uint64_t imp;
};
} TEEC_Context;
/**
* @brief Defines the session between a CA and a TA.
*
* @since 12
* @version 1.0
*/
typedef struct {
uint32_t session_id;
TEEC_UUID service_id;
uint32_t ops_cnt;
union {
struct ListNode head;
uint64_t imp;
};
TEEC_Context *context;
} TEEC_Session;
/**
* @brief Defines a shared memory block, which can be registered or allocated.
*
* @since 12
* @version 1.0
*/
typedef struct {
void *buffer;
uint32_t size;
uint32_t flags;
uint32_t ops_cnt;
bool is_allocated;
union {
struct ListNode head;
void* imp;
};
TEEC_Context *context;
} TEEC_SharedMemory;
/**
* @brief Defines a pointer to a temporary buffer.
*
* @since 12
* @version 1.0
*/
typedef struct {
void *buffer;
uint32_t size;
} TEEC_TempMemoryReference;
/**
* @brief Defines a pointer to the shared memory that is registered or allocated.
*
* @since 12
* @version 1.0
*/
typedef struct {
TEEC_SharedMemory *parent;
uint32_t size;
uint32_t offset;
} TEEC_RegisteredMemoryReference;
/**
* @brief Describes a parameter that carries small raw data passed by <b>value</b>.
*
* @since 12
* @version 1.0
*/
typedef struct {
uint32_t a;
uint32_t b;
} TEEC_Value;
/**
* @brief Describes the size and handle of the ION memory.
*
* @since 12
* @version 1.0
*/
typedef struct {
int ionShareFd;
uint32_t ionSize;
} TEEC_IonReference;
/**
* @brief Defines a parameter of {@code TEEC_Operation}.
*
* @since 12
* @version 1.0
*/
typedef union {
TEEC_TempMemoryReference tmpref;
TEEC_RegisteredMemoryReference memref;
TEEC_Value value;
TEEC_IonReference ionref;
} TEEC_Parameter;
/**
* @brief Defines the parameters for opening a session or sending a command.
*
* @since 12
* @version 1.0
*/
typedef struct {
/** The value 0 means to cancel the command, and other values mean to execute the command. */
uint32_t started;
/** Use {@code TEEC_PARAM_TYPES} to create this parameter. */
uint32_t paramTypes;
TEEC_Parameter params[TEEC_PARAM_NUM];
TEEC_Session *session;
bool cancel_flag;
} TEEC_Operation;
/** @} */
#endif

124
tee/include/tee_core_api.h Normal file
View File

@ -0,0 +1,124 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __TEE_CORE_API_H
#define __TEE_CORE_API_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
* @version 1.0
*/
/**
* @file tee_core_api.h
*
* @brief Provides APIs for managing trusted application (TA) sessions.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include "tee_defines.h"
#ifdef __cplusplus
extern "C" {
#endif
#ifndef _TEE_TA_SESSION_HANDLE
#define _TEE_TA_SESSION_HANDLE
/**
* @brief Defines the handle of TA session.
*
* @since 12
*/
typedef uint32_t TEE_TASessionHandle;
#endif
/**
* @brief Raises a panic in the TA instance.
*
* @param panicCode Indicates an informative panic code defined by the TA.
*
* @since 12
* @version 1.0
*/
void TEE_Panic(TEE_Result panicCode);
/**
* @brief Opens a new session with a TA.
*
* @param destination Indicates the pointer to the <b>TEE_UUID</b> structure that contains
* the Universal Unique Identifier (UUID) of the target TA.
* @param cancellationRequestTimeout Indicates the timeout period in milliseconds or a special value
* if there is no timeout.
* @param paramTypes Indicates the types of all parameters passed in the operation.
* @param params Indicates the parameters passed in the operation.
* @param session Indicates the pointer to the variable that will receive the client session handle.
* @param returnOrigin Indicates the pointer to the variable that holds the return origin.
*
* @return Returns <b>TEE_SUCCESS</b> if the session is opened.
* Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the TA cannot be found in the Trusted Execution Environment (TEE).
* Returns <b>TEE_ERROR_ACCESS_DENIED</b> if the access request to the TA is denied.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_OpenTASession(const TEE_UUID *destination, uint32_t cancellationRequestTimeout, uint32_t paramTypes,
TEE_Param params[TEE_PARAMS_NUM], TEE_TASessionHandle *session, uint32_t *returnOrigin);
/**
* @brief Closes a client session.
*
* @param session Indicates the handle of the session to close.
*
* @since 12
* @version 1.0
*/
void TEE_CloseTASession(TEE_TASessionHandle session);
/**
* @brief Invokes a command in a session opened between this client TA instance and a target TA instance.
*
* @param session Indicates the handle of the opened session.
* @param cancellationRequestTimeout Indicates the timeout period in milliseconds or a special value
* if there is no timeout.
* @param commandID Indicates the identifier of the command to invoke.
* @param paramTypes Indicates the types of all parameters passed in the operation.
* @param params Indicates the parameters passed in the operation.
* @param returnOrigin Indicates the pointer to the variable that holds the return origin.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_ACCESS_DENIED</b> if the command fails to be invoked.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_InvokeTACommand(TEE_TASessionHandle session, uint32_t cancellationRequestTimeout, uint32_t commandID,
uint32_t paramTypes, TEE_Param params[TEE_PARAMS_NUM], uint32_t *returnOrigin);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

1045
tee/include/tee_crypto_api.h Normal file
View File

File diff suppressed because it is too large Load Diff

93
tee/include/tee_crypto_hal.h Normal file
View File

@ -0,0 +1,93 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TEE_CRYPTO_HAL_H
#define TEE_CRYPTO_HAL_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_crypto_hal.h
*
* @brief Provides APIs for cryptographic operations.
*
* You can use these APIs to implement encryption and decryption.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include "tee_crypto_api.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Enumerates the types of the crypto engine.
*
* @since 12
*/
enum CRYPTO_ENGINE {
SOFT_CRYPTO = 2,
CRYPTO_ENGINE_MAX = 1024,
};
/**
* @brief Sets the encryption and decryption engines to an operation.
*
* @param operation Indicates the handle of the operation to set.
* @param crypto Indicates the engines to set.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_BAD_PARAMETERS</b> if <b>operation</b> is null or <b>crypto</b> is invalid.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SetCryptoFlag(TEE_OperationHandle operation, uint32_t crypto);
/**
* @brief Sets the encryption and decryption engines to an object.
*
* @param object Indicates the handle of the object to set.
* @param crypto Indicates the engines to set.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_BAD_PARAMETERS</b> if <b>object</b> is null or <b>crypto</b> is invalid.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SetObjectFlag(TEE_ObjectHandle object, uint32_t crypto);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

607
tee/include/tee_defines.h Normal file
View File

@ -0,0 +1,607 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __TEE_DEFINES_H
#define __TEE_DEFINES_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_defines.h
*
* @brief Defines basic data types and data structures of TEE.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
#ifndef TA_EXPORT
#define TA_EXPORT
#endif
/**
* @brief Defines the tee mutex handle.
*
* @since 12
*/
typedef int *tee_mutex_handle;
#define API_LEVEL1_1_1 2
#define API_LEVEL1_2 3
#define TEE_PARAMS_NUM 4
#undef true
#define true 1
#undef false
#define false 0
#ifndef NULL
#define NULL ((void *)0)
#endif
#define PARAM_NOT_USED(val) ((void)(val))
/**
* @brief Enumerates the TEE parameter.
*
* @since 12
*/
typedef union {
struct {
void *buffer;
size_t size;
} memref;
struct {
unsigned int a;
unsigned int b;
} value;
struct {
void *buffer;
size_t size;
} sharedmem;
} TEE_Param;
#define TEE_PARAM_TYPES(param0Type, param1Type, param2Type, param3Type) \
(((param3Type) << 12) | ((param2Type) << 8) | ((param1Type) << 4) | (param0Type))
#define TEE_PARAM_TYPE_GET(paramTypes, index) (((paramTypes) >> (4U * (index))) & 0x0F)
/**
* @brief Checks parameter types.
*
* @param param_to_check Indicates the expected parameter values.
* @param valid0 Indicates the first parameter type to check.
* @param valid1 Indicates the second parameter type to check.
* @param valid2 Indicates the third parameter type to check.
* @param valid3 Indicates the fourth parameter type to check.
*
* @return Returns <b>true</b> if the parameter types are correct.
* Returns <b>false</b> otherwise.
* @since 12
*/
static inline bool check_param_type(uint32_t param_to_check, uint32_t valid0, uint32_t valid1, uint32_t valid2,
uint32_t valid3)
{
return (TEE_PARAM_TYPES(valid0, valid1, valid2, valid3) == param_to_check);
}
/**
* @brief Enumerates the types of the TEE parameter.
*
* @since 12
*/
enum TEE_ParamType {
TEE_PARAM_TYPE_NONE = 0x0,
TEE_PARAM_TYPE_VALUE_INPUT = 0x1,
TEE_PARAM_TYPE_VALUE_OUTPUT = 0x2,
TEE_PARAM_TYPE_VALUE_INOUT = 0x3,
TEE_PARAM_TYPE_MEMREF_INPUT = 0x5,
TEE_PARAM_TYPE_MEMREF_OUTPUT = 0x6,
TEE_PARAM_TYPE_MEMREF_INOUT = 0x7,
TEE_PARAM_TYPE_ION_INPUT = 0x8,
TEE_PARAM_TYPE_ION_SGLIST_INPUT = 0x9,
TEE_PARAM_TYPE_MEMREF_SHARED_INOUT = 0xa,
TEE_PARAM_TYPE_RESMEM_INPUT = 0xc,
TEE_PARAM_TYPE_RESMEM_OUTPUT = 0xd,
TEE_PARAM_TYPE_RESMEM_INOUT = 0xe,
};
#define S_VAR_NOT_USED(variable) \
do { \
(void)(variable); \
} while (0)
/**
* @brief Defines an object information.
*
* @since 12
*/
typedef struct {
uint32_t objectType;
uint32_t objectSize;
uint32_t maxObjectSize;
uint32_t objectUsage;
uint32_t dataSize;
uint32_t dataPosition;
uint32_t handleFlags;
} TEE_ObjectInfo;
/**
* @brief Defines an object attribute.
*
* @since 12
*/
typedef struct {
uint32_t attributeID;
union {
struct {
void *buffer;
size_t length;
} ref;
struct {
uint32_t a;
uint32_t b;
} value;
} content;
} TEE_Attribute;
/**
* @brief Enumerates the types of object attribute.
*
* @since 12
*/
enum TEE_ObjectAttribute {
TEE_ATTR_SECRET_VALUE = 0xC0000000,
TEE_ATTR_RSA_MODULUS = 0xD0000130,
TEE_ATTR_RSA_PUBLIC_EXPONENT = 0xD0000230,
TEE_ATTR_RSA_PRIVATE_EXPONENT = 0xC0000330,
TEE_ATTR_RSA_PRIME1 = 0xC0000430,
TEE_ATTR_RSA_PRIME2 = 0xC0000530,
TEE_ATTR_RSA_EXPONENT1 = 0xC0000630,
TEE_ATTR_RSA_EXPONENT2 = 0xC0000730,
TEE_ATTR_RSA_COEFFICIENT = 0xC0000830,
TEE_ATTR_RSA_MGF1_HASH = 0xF0000830,
TEE_ATTR_DSA_PRIME = 0xD0001031,
TEE_ATTR_DSA_SUBPRIME = 0xD0001131,
TEE_ATTR_DSA_BASE = 0xD0001231,
TEE_ATTR_DSA_PUBLIC_VALUE = 0xD0000131,
TEE_ATTR_DSA_PRIVATE_VALUE = 0xC0000231,
TEE_ATTR_DH_PRIME = 0xD0001032,
TEE_ATTR_DH_SUBPRIME = 0xD0001132,
TEE_ATTR_DH_BASE = 0xD0001232,
TEE_ATTR_DH_X_BITS = 0xF0001332,
TEE_ATTR_DH_PUBLIC_VALUE = 0xD0000132,
TEE_ATTR_DH_PRIVATE_VALUE = 0xC0000232,
TEE_ATTR_RSA_OAEP_LABEL = 0xD0000930,
TEE_ATTR_RSA_PSS_SALT_LENGTH = 0xF0000A30,
TEE_ATTR_ECC_PUBLIC_VALUE_X = 0xD0000141,
TEE_ATTR_ECC_PUBLIC_VALUE_Y = 0xD0000241,
TEE_ATTR_ECC_PRIVATE_VALUE = 0xC0000341,
TEE_ATTR_ECC_CURVE = 0xF0000441,
TEE_ATTR_ED25519_CTX = 0xD0000643,
TEE_ATTR_ED25519_PUBLIC_VALUE = 0xD0000743,
TEE_ATTR_ED25519_PRIVATE_VALUE = 0xC0000843,
TEE_ATTR_ED25519_PH = 0xF0000543,
TEE_ATTR_X25519_PUBLIC_VALUE = 0xD0000944,
TEE_ATTR_X25519_PRIVATE_VALUE = 0xC0000A44,
TEE_ATTR_PBKDF2_HMAC_PASSWORD = 0xD0000133,
TEE_ATTR_PBKDF2_HMAC_SALT = 0xD0000134,
TEE_ATTR_PBKDF2_HMAC_DIGEST = 0xF0000135,
};
/**
* @brief Enumerates the types of object.
*
* @since 12
*/
enum TEE_ObjectType {
TEE_TYPE_AES = 0xA0000010,
TEE_TYPE_DES = 0xA0000011,
TEE_TYPE_DES3 = 0xA0000013,
TEE_TYPE_HMAC_MD5 = 0xA0000001,
TEE_TYPE_HMAC_SHA1 = 0xA0000002,
TEE_TYPE_HMAC_SHA224 = 0xA0000003,
TEE_TYPE_HMAC_SHA256 = 0xA0000004,
TEE_TYPE_HMAC_SHA384 = 0xA0000005,
TEE_TYPE_HMAC_SHA512 = 0xA0000006,
TEE_TYPE_RSA_PUBLIC_KEY = 0xA0000030,
TEE_TYPE_RSA_KEYPAIR = 0xA1000030,
TEE_TYPE_DSA_PUBLIC_KEY = 0xA0000031,
TEE_TYPE_DSA_KEYPAIR = 0xA1000031,
TEE_TYPE_DH_KEYPAIR = 0xA1000032,
TEE_TYPE_GENERIC_SECRET = 0xA0000000,
TEE_TYPE_DATA = 0xA1000033,
TEE_TYPE_DATA_GP1_1 = 0xA00000BF,
TEE_TYPE_ECDSA_PUBLIC_KEY = 0xA0000041,
TEE_TYPE_ECDSA_KEYPAIR = 0xA1000041,
TEE_TYPE_ECDH_PUBLIC_KEY = 0xA0000042,
TEE_TYPE_ECDH_KEYPAIR = 0xA1000042,
TEE_TYPE_ED25519_PUBLIC_KEY = 0xA0000043,
TEE_TYPE_ED25519_KEYPAIR = 0xA1000043,
TEE_TYPE_X25519_PUBLIC_KEY = 0xA0000044,
TEE_TYPE_X25519_KEYPAIR = 0xA1000044,
TEE_TYPE_SM2_DSA_PUBLIC_KEY = 0xA0000045,
TEE_TYPE_SM2_DSA_KEYPAIR = 0xA1000045,
TEE_TYPE_SM2_KEP_PUBLIC_KEY = 0xA0000046,
TEE_TYPE_SM2_KEP_KEYPAIR = 0xA1000046,
TEE_TYPE_SM2_PKE_PUBLIC_KEY = 0xA0000047,
TEE_TYPE_SM2_PKE_KEYPAIR = 0xA1000047,
TEE_TYPE_HMAC_SM3 = 0xA0000007,
TEE_TYPE_SM4 = 0xA0000014,
TEE_TYPE_SIP_HASH = 0xF0000002,
TEE_TYPE_PBKDF2_HMAC = 0xF0000004,
TEE_TYPE_CORRUPTED_OBJECT = 0xA00000BE,
};
#define OBJECT_NAME_LEN_MAX 255
/**
* @brief Defines an object handle.
*
* @since 12
*/
struct __TEE_ObjectHandle {
void *dataPtr;
uint32_t dataLen;
uint8_t dataName[OBJECT_NAME_LEN_MAX];
TEE_ObjectInfo *ObjectInfo;
TEE_Attribute *Attribute;
uint32_t attributesLen;
uint32_t CRTMode;
void *infoattrfd;
uint32_t generate_flag;
uint32_t storage_id;
};
/**
* @brief Defines the <b>__TEE_ObjectHandle</b> struct.
*
* @see __TEE_ObjectHandle
*
* @since 12
*/
typedef struct __TEE_ObjectHandle *TEE_ObjectHandle;
#define NODE_LEN 8
/**
* @brief Defines an UUID of TA.
*
* @since 12
*/
typedef struct tee_uuid {
uint32_t timeLow;
uint16_t timeMid;
uint16_t timeHiAndVersion;
uint8_t clockSeqAndNode[NODE_LEN];
} TEE_UUID;
/**
* @brief Defines the type of spawn UUID.
*
* @since 12
*/
typedef struct spawn_uuid {
uint64_t uuid_valid;
TEE_UUID uuid;
} spawn_uuid_t;
/**
* @brief Enumerates the result codes used in the TEE Kit APIs.
*
* @since 12
*/
enum TEE_Result_Value {
/* The operation is successful. */
TEE_SUCCESS = 0x00000000,
/* The command is invalid. */
TEE_ERROR_INVALID_CMD = 0x00000001,
/* The service does not exist. */
TEE_ERROR_SERVICE_NOT_EXIST = 0x00000002,
/* The session does not exist. */
TEE_ERROR_SESSION_NOT_EXIST = 0x00000003,
/* The number of sessions exceeds the limit. */
TEE_ERROR_SESSION_MAXIMUM = 0x00000004,
/* The service has been already registered. */
TEE_ERROR_REGISTER_EXIST_SERVICE = 0x00000005,
/* An internal error occurs. */
TEE_ERROR_TARGET_DEAD_FATAL = 0x00000006,
/* Failed to read data. */
TEE_ERROR_READ_DATA = 0x00000007,
/* Failed to write data. */
TEE_ERROR_WRITE_DATA = 0x00000008,
/* Failed to truncate data. */
TEE_ERROR_TRUNCATE_OBJECT = 0x00000009,
/* Failed to seek data. */
TEE_ERROR_SEEK_DATA = 0x0000000A,
/* Failed to synchronize data. */
TEE_ERROR_SYNC_DATA = 0x0000000B,
/* Failed to rename the file. */
TEE_ERROR_RENAME_OBJECT = 0x0000000C,
/* An error occurs when the TA is loaded. */
TEE_ERROR_TRUSTED_APP_LOAD_ERROR = 0x0000000D,
/* An I/O error occurs when data is stored. */
TEE_ERROR_STORAGE_EIO = 0x80001001,
/* The storage section is unavailable. */
TEE_ERROR_STORAGE_EAGAIN = 0x80001002,
/* The operation target is not a directory. */
TEE_ERROR_STORAGE_ENOTDIR = 0x80001003,
/* This operation cannot be performed on a directory. */
TEE_ERROR_STORAGE_EISDIR = 0x80001004,
/* The number of opened files exceeds the limit in system. */
TEE_ERROR_STORAGE_ENFILE = 0x80001005,
/* The number of files opened for the process exceeds the limit.*/
TEE_ERROR_STORAGE_EMFILE = 0x80001006,
/* The storage section is read only. */
TEE_ERROR_STORAGE_EROFS = 0x80001007,
/* The file path is not correct. */
TEE_ERROR_STORAGE_PATH_WRONG = 0x8000100A,
/* The service message queue overflows. */
TEE_ERROR_MSG_QUEUE_OVERFLOW = 0x8000100B,
/* The file object is corrupted. */
TEE_ERROR_CORRUPT_OBJECT = 0xF0100001,
/* The storage section is unavailable. */
TEE_ERROR_STORAGE_NOT_AVAILABLE = 0xF0100003,
/* The cipher text is incorrect. */
TEE_ERROR_CIPHERTEXT_INVALID = 0xF0100006,
/* Protocol error in socket connection. */
TEE_ISOCKET_ERROR_PROTOCOL = 0xF1007001,
/* The socket is closed by the remote end. */
TEE_ISOCKET_ERROR_REMOTE_CLOSED = 0xF1007002,
/* The socket connection timed out. */
TEE_ISOCKET_ERROR_TIMEOUT = 0xF1007003,
/* There is no resource available for the socket connection. */
TEE_ISOCKET_ERROR_OUT_OF_RESOURCES = 0xF1007004,
/* The buffer is too large for the socket connection. */
TEE_ISOCKET_ERROR_LARGE_BUFFER = 0xF1007005,
/* A warning is given in the socket connection. */
TEE_ISOCKET_WARNING_PROTOCOL = 0xF1007006,
/* Generic error. */
TEE_ERROR_GENERIC = 0xFFFF0000,
/* The access is denied. */
TEE_ERROR_ACCESS_DENIED = 0xFFFF0001,
/* The operation has been canceled. */
TEE_ERROR_CANCEL = 0xFFFF0002,
/* An access conflict occurs. */
TEE_ERROR_ACCESS_CONFLICT = 0xFFFF0003,
/* The data size exceeds the maximum. */
TEE_ERROR_EXCESS_DATA = 0xFFFF0004,
/* Incorrect data format. */
TEE_ERROR_BAD_FORMAT = 0xFFFF0005,
/* Incorrect parameters. */
TEE_ERROR_BAD_PARAMETERS = 0xFFFF0006,
/* The current state does not support the operation. */
TEE_ERROR_BAD_STATE = 0xFFFF0007,
/* Failed to find the target item. */
TEE_ERROR_ITEM_NOT_FOUND = 0xFFFF0008,
/* The API is not implemented. */
TEE_ERROR_NOT_IMPLEMENTED = 0xFFFF0009,
/* The API is not supported. */
TEE_ERROR_NOT_SUPPORTED = 0xFFFF000A,
/* There is no data available for this operation. */
TEE_ERROR_NO_DATA = 0xFFFF000B,
/* There is no memory available for this operation. */
TEE_ERROR_OUT_OF_MEMORY = 0xFFFF000C,
/* The system does not respond to this operation. */
TEE_ERROR_BUSY = 0xFFFF000D,
/* Failed to communicate with the target. */
TEE_ERROR_COMMUNICATION = 0xFFFF000E,
/* A security error occurs. */
TEE_ERROR_SECURITY = 0xFFFF000F,
/* The buffer is insufficient for this operation. */
TEE_ERROR_SHORT_BUFFER = 0xFFFF0010,
/* The operation has been canceled. */
TEE_ERROR_EXTERNAL_CANCEL = 0xFFFF0011,
/* The service is in the pending state (asynchronous state). */
TEE_PENDING = 0xFFFF2000,
/* The service is in the pending state(). */
TEE_PENDING2 = 0xFFFF2001,
/* Reserved. */
TEE_PENDING3 = 0xFFFF2002,
/* The operation timed out. */
TEE_ERROR_TIMEOUT = 0xFFFF3001,
/* Overflow occurs. */
TEE_ERROR_OVERFLOW = 0xFFFF300f,
/* The TA is crashed. */
TEE_ERROR_TARGET_DEAD = 0xFFFF3024,
/* There is no enough space to store data. */
TEE_ERROR_STORAGE_NO_SPACE = 0xFFFF3041,
/* The MAC operation failed. */
TEE_ERROR_MAC_INVALID = 0xFFFF3071,
/* The signature verification failed. */
TEE_ERROR_SIGNATURE_INVALID = 0xFFFF3072,
/* Interrupted by CFC. Broken control flow is detected. */
TEE_CLIENT_INTR = 0xFFFF4000,
/* Time is not set. */
TEE_ERROR_TIME_NOT_SET = 0xFFFF5000,
/* Time needs to be reset. */
TEE_ERROR_TIME_NEEDS_RESET = 0xFFFF5001,
/* System error. */
TEE_FAIL = 0xFFFF5002,
/* Base value of the timer error code. */
TEE_ERROR_TIMER = 0xFFFF6000,
/* Failed to create the timer. */
TEE_ERROR_TIMER_CREATE_FAILED = 0xFFFF6001,
/* Failed to destroy the timer. */
TEE_ERROR_TIMER_DESTORY_FAILED = 0xFFFF6002,
/* The timer is not found. */
TEE_ERROR_TIMER_NOT_FOUND = 0xFFFF6003,
/* Generic error of RPMB operations. */
TEE_ERROR_RPMB_GENERIC = 0xFFFF7001,
/* Verify MAC failed in RPMB operations. */
TEE_ERROR_RPMB_MAC_FAIL = 0xFFFF7002,
/* Incorrect message data MAC in RPMB response. */
TEE_ERROR_RPMB_RESP_UNEXPECT_MAC = 0xFFFF7105,
/* The file is not found in RPMB. */
TEE_ERROR_RPMB_FILE_NOT_FOUND = 0xFFFF7106,
/* No spece left for RPMB operations. */
TEE_ERROR_RPMB_NOSPC = 0xFFFF7107,
/* sec flash is not available. */
TEE_ERROR_SEC_FLASH_NOT_AVAILABLE = 0xFFFF7118,
/* The BIO service is not available. */
TEE_ERROR_BIOSRV_NOT_AVAILABLE = 0xFFFF711A,
/* The ROT service is not available. */
TEE_ERROR_ROTSRV_NOT_AVAILABLE = 0xFFFF711B,
/* The TA Anti-Rollback service is not available. */
TEE_ERROR_ARTSRV_NOT_AVAILABLE = 0xFFFF711C,
/* The HSM service is not available. */
TEE_ERROR_HSMSRV_NOT_AVAILABLE = 0xFFFF711D,
/* Failed to verify AntiRoot response. */
TEE_ERROR_ANTIROOT_RSP_FAIL = 0xFFFF9110,
/* AntiRoot error in invokeCmd(). */
TEE_ERROR_ANTIROOT_INVOKE_ERROR = 0xFFFF9111,
/* Audit failed. */
TEE_ERROR_AUDIT_FAIL = 0xFFFF9112,
/* Unused. */
TEE_FAIL2 = 0xFFFF9113,
};
/**
* @brief Login type definitions
*
* @since 12
*/
enum TEE_LoginMethod {
TEE_LOGIN_PUBLIC = 0x0,
TEE_LOGIN_USER,
TEE_LOGIN_GROUP,
TEE_LOGIN_APPLICATION = 0x4,
TEE_LOGIN_USER_APPLICATION = 0x5,
TEE_LOGIN_GROUP_APPLICATION = 0x6,
TEE_LOGIN_IDENTIFY = 0x7, /* Customized login type */
};
/**
* @brief Definitions the TEE Identity.
*
* @since 12
*/
typedef struct {
uint32_t login;
TEE_UUID uuid;
} TEE_Identity;
/**
* @brief Defines the return values.
*
* @since 12
* @version 1.0
*/
typedef uint32_t TEE_Result;
/**
* @brief Defines the return values.
*
* @since 12
* @version 1.0
*/
typedef TEE_Result TEEC_Result;
#define TEE_ORIGIN_TEE 0x00000003
#define TEE_ORIGIN_TRUSTED_APP 0x00000004
#ifndef _TEE_TA_SESSION_HANDLE
#define _TEE_TA_SESSION_HANDLE
/**
* @brief Defines the handle of TA session.
*
* @since 12
*/
typedef uint32_t TEE_TASessionHandle;
#endif
/**
* @brief Defines the pointer to <b>TEE_ObjectEnumHandle</b>.
*
* @see __TEE_ObjectEnumHandle
*
* @since 12
*/
typedef struct __TEE_ObjectEnumHandle *TEE_ObjectEnumHandle;
/**
* @brief Defines the pointer to <b>__TEE_OperationHandle</b>.
*
* @see __TEE_OperationHandle
*
* @since 12
*/
typedef struct __TEE_OperationHandle *TEE_OperationHandle;
#define TEE_TIMEOUT_INFINITE (0xFFFFFFFF)
/**
* @brief Definitions the TEE time.
*
* @since 12
*/
typedef struct {
uint32_t seconds;
uint32_t millis;
} TEE_Time;
/**
* @brief Definitions the date time of TEE.
*
* @since 12
*/
typedef struct {
int32_t seconds;
int32_t millis;
int32_t min;
int32_t hour;
int32_t day;
int32_t month;
int32_t year;
} TEE_Date_Time;
/**
* @brief Definitions the timer property of TEE.
*
* @since 12
*/
typedef struct {
uint32_t type;
uint32_t timer_id;
uint32_t timer_class;
uint32_t reserved2;
} TEE_timer_property;
#ifdef __cplusplus
}
#endif
/** @} */
#endif

96
tee/include/tee_drv_client.h Normal file
View File

@ -0,0 +1,96 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TEE_DRV_CLIENT_H
#define TEE_DRV_CLIENT_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_drv_client.h
*
* @brief Declare tee driver client API.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Open the specified driver in the TEE.
*
* @param drv_name [IN] The driver name.
* @param param [IN] The parameter information.
* @param param_len [IN] The length of the parameter.
*
* @return Returns greater than 0, which means the fd of the corresponding driver.
* Returns less than or equal to 0, which means falied to open the driver.
*
* @since 12
* @version 1.0
*/
int64_t tee_drv_open(const char *drv_name, const void *param, uint32_t param_len);
/**
* @brief Cancels an operation.
*
* @param fd [IN] The file descriptor of the driver.
* @param cmd_id [IN] The command id.
* @param param [IN] The parameter information.
* @param param_len [IN] The length of the parameter.
*
* @return Returns <b>0</b> if the operation is successful.
* Returns <b>-1</b> if the operation is failed.
*
* @since 12
* @version 1.0
*/
int64_t tee_drv_ioctl(int64_t fd, uint32_t cmd_id, const void *param, uint32_t param_len);
/**
* @brief Open the specified driver in the TEE.
*
* @param fd [IN] The file descriptor of the driver.
*
* @return Returns <b>0</b> if the operation is successful.
* Returns <b>-1</b> if the operation is failed.
*
* @since 12
* @version 1.0
*/
int64_t tee_drv_close(int64_t fd);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

134
tee/include/tee_dynamic_srv.h Normal file
View File

@ -0,0 +1,134 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef _TEE_DYNAMIC_SRV_H_
#define _TEE_DYNAMIC_SRV_H_
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_dynamic_srv.h
*
* @brief Provides APIs related to dynamic service development.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include <pthread.h>
#include "tee_service_public.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Defines thread initialization information of the dynamic service.
*
* @since 12
*/
struct srv_thread_init_info {
void *(*func)(void *arg);
/** The maximum number of parallel threads. */
uint32_t max_thread;
int32_t shadow;
/** The stack size of the thread. */
uint32_t stack_size;
/** The timeout period for thread (in seconds).*/
uint32_t time_out_sec;
};
typedef void (*srv_dispatch_fn_t)(tee_service_ipc_msg *msg,
uint32_t sndr, tee_service_ipc_msg_rsp *rsp);
struct srv_dispatch_t {
uint32_t cmd;
srv_dispatch_fn_t fn;
};
/**
* @brief Get UUID by sender.
*
* @param sender [IN] Indicates the sender's task Id.
* @param uuid [OUT] Indicates the universally unique identifier.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if the input parameter is incorrect,
* or the file name is longer than 64 bytes.
* Returns {@code TEE_ERROR_ITEM_NOT_FOUND} if failed to find the corresponding UUID by sender.
* Returns {@code TEE_ERROR_GENERIC} if failed to obtain the UUID.
*
* @since 12
* @version 1.0
*/
TEE_Result tee_srv_get_uuid_by_sender(uint32_t sender, TEE_UUID *uuid);
/**
* @brief Releasing the object mapping of a specified address area.
*
* @param va_addr [IN] Indicates the address of the memory area to be released.
* @param size [IN] Indicates the size of the released memory area.
*
* @since 12
* @version 1.0
*/
void tee_srv_unmap_from_task(uint32_t va_addr, uint32_t size);
/**
* @brief Create a new mapping in the virtual address space of the calling process.
*
* @param in_task_id [IN] Indicates the task Id.
* @param va_addr [IN] Indicates the address of the memory area to be mapped.
* @param size [IN] Indicates the size of the memory area to be mapped.
* @param virt_addr [OUT] Indicates the new mapping vitural address.
*
* @return Returns <b>0</b> if the operation is successful.
* @return Returns <b>-1</b> if the operation is failed.
*
* @since 12
* @version 1.0
*/
int tee_srv_map_from_task(uint32_t in_task_id, uint32_t va_addr, uint32_t size, uint32_t *virt_addr);
/**
* @brief Dispatch task by task name.
*
* @param task_name [IN] Indicates the task name.
* @param dispatch [IN] Indicates the dispatch information.
* @param n_dispatch [IN] Indicates the dispatch number.
* @param cur_thread [IN] Indicates the current thread information.
*
* @since 12
* @version 1.0
*/
void tee_srv_cs_server_loop(const char *task_name, const struct srv_dispatch_t *dispatch,
uint32_t n_dispatch, struct srv_thread_init_info *cur_thread);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

209
tee/include/tee_ext_api.h Normal file
View File

@ -0,0 +1,209 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TEE_EXT_API_H
#define TEE_EXT_API_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_ext_api.h
*
* @brief Provides extended interfaces.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include "tee_defines.h"
#include "tee_hw_ext_api.h"
#ifdef __cplusplus
#if __cplusplus
extern "C" {
#endif /* __cpluscplus */
#endif /* __cpluscplus */
/**
* @brief Defines the value of invalid user ID.
*
* @since 12
*/
#define INVALID_USERID 0xFFFFFFFU
/**
* @brief Defines the SMC from user mode.
*
* @since 12
*/
#define TEE_SMC_FROM_USR 0
/**
* @brief Defines the SMC from kernel mode.
*
* @since 12
*/
#define TEE_SMC_FROM_KERNEL 1
/**
* @brief Defines the szie of reserved buffer.
*
* @since 12
*/
#define RESERVED_BUF_SIZE 32
/**
* @brief Defines the caller information.
*
* @since 12
*/
typedef struct ta_caller_info {
uint32_t session_type;
union {
struct {
TEE_UUID caller_uuid;
uint32_t group_id;
};
uint8_t ca_info[RESERVED_BUF_SIZE];
} caller_identity;
uint8_t smc_from_kernel_mode;
uint8_t reserved[RESERVED_BUF_SIZE - 1];
} caller_info;
/**
* @brief Get caller info of current session, refer caller_info struct for more details.
*
* @param ca_name Indicates the process name of the caller of the CA.
* @param ca_uid Indicates the UID of the caller.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns other information otherwise.
*
* @since 12
* @version 1.0
*/
TEE_Result tee_ext_get_caller_info(caller_info *caller_info_data, uint32_t length);
/**
* @brief Get user ID of current TA.
*
* @param user_id Indicates the user ID to be returned.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns other information otherwise.
*
* @since 12
* @version 1.0
*/
TEE_Result tee_ext_get_caller_userid(uint32_t *user_id);
/**
* @brief Adds information about a caller that can invoke this TA.
* This API applies to the client applications (CAs) in the binary executable file format.
*
* @param ca_name Indicates the process name of the caller of the CA.
* @param ca_uid Indicates the UID of the caller.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns other information otherwise.
*
* @since 12
* @version 1.0
*/
TEE_Result AddCaller_CA_exec(const char *ca_name, uint32_t ca_uid);
/**
* @brief Adds information about a caller that can invoke this TA.
* This API applies to the client applications (CAs) in the native CA and HAP format.
*
* @param cainfo_hash Indicates the hash value of the CA caller information.
* @param length Indicates the length of the hash value.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns other information otherwise.
*
* @since 12
* @version 1.0
*/
TEE_Result AddCaller_CA(const uint8_t *cainfo_hash, uint32_t length);
/**
* @brief TA call this API allow others TA open session with itself.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns other information otherwise.
*
* @since 12
* @version 1.0
*/
TEE_Result AddCaller_TA_all(void);
/**
* @brief Defines the session caller from CA.
*
* @since 12
*/
#define SESSION_FROM_CA 0
/**
* @brief Defines the session caller from TA.
*
* @since 12
*/
#define SESSION_FROM_TA 1
/**
* @brief Defines the TA task is not found, for example, from TA sub thread.
*
* @since 12
*/
#define SESSION_FROM_NOT_SUPPORTED 0xFE
/**
* @brief Defines the TA caller is not found.
*
* @since 12
*/
#define SESSION_FROM_UNKNOWN 0xFF
/**
* @brief Obtains the session type.
*
* @return Returns the session type obtained.
*
* @since 12
* @version 1.0
*/
uint32_t tee_get_session_type(void);
#ifdef __cplusplus
#if __cplusplus
}
#endif /* __cpluscplus */
#endif /* __cpluscplus */
#endif

92
tee/include/tee_hw_ext_api.h Normal file
View File

@ -0,0 +1,92 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TEE_HW_EXT_API_H
#define TEE_HW_EXT_API_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_hw_ext_api.h
*
* @brief Provides extended interfaces.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include "tee_defines.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Obtains the unique device ID from the TEE.
*
* @param device_unique_id Indicates the pointer to the buffer for storing the device ID.
* @param length Indicates the pointer to the buffer length.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns other information otherwise.
*
* @since 12
*/
TEE_Result tee_ext_get_device_unique_id(uint8_t *device_unique_id, uint32_t *length);
/**
* @brief Defines the memory information.
*
* @since 12
*/
struct meminfo_t {
uint64_t buffer;
uint32_t size;
};
/**
* @brief Derive key from device rootkey and UUID of the current task for iteration.
*
* @param salt [IN] Indicates the data for salt.
* @param key [OUT] Indicates the pointer where key is saved.
* @param outer_iter_num [IN] Indicates the iteration times in huk service.
* @param inner_iter_num [IN] Indicates the iteration times in platform driver.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
* Returns {@code TEE_ERROR_GENERIC} if the processing failed.
*
* @since 12
*/
TEE_Result tee_ext_derive_key_iter(const struct meminfo_t *salt, struct meminfo_t *key,
uint32_t outer_iter_num, uint32_t inner_iter_num);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

123
tee/include/tee_hw_ext_api_legacy.h Normal file
View File

@ -0,0 +1,123 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __TEE_HW_EXT_API_LEGACY_H__
#define __TEE_HW_EXT_API_LEGACY_H__
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_hw_ext_api_legacy.h
*
* @brief Provides extended interfaces.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include "tee_defines.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Derive key from device root key.
*
* @param salt [IN] Indicates the data for salt.
* @param size [IN] Indicates the length of salt.
* @param key [OUT] Indicates the pointer where key is saved.
* @param key_size [IN] Indicates the size of the key, which must be integer times of 16.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
* Returns {@code TEE_ERROR_GENERIC} if the processing failed.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_EXT_DeriveTARootKey(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t key_size);
/**
* @brief Derive key from device root key by HUK2.
* @attention If the device does not support HUK2, the key is derived by HUK.
*
* @param salt [IN] Indicates the data for salt.
* @param size [IN] Indicates the length of salt.
* @param key [OUT] Indicates the pointer where key is saved.
* @param key_size [IN] Indicates the size of the key, which must be integer times of 16.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
* Returns {@code TEE_ERROR_GENERIC} if the processing failed.
*
* @since 12
* @version 1.0
*/
TEE_Result tee_ext_derive_ta_root_key_by_huk2(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t key_size);
/**
* @brief Derive key from device root key by HUK2.
* @attention If the device does not support HUK2, the key is derived by HUK.
*
* @param secret [IN] Indicates the input secret.
* @param secret_len [IN] Indicates the length of the input secret.
* @param key [OUT] Indicates the derived key.
* @param key_len [IN] Indicates the length of the derived key.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
* Returns {@code TEE_ERROR_GENERIC} if the processing failed.
*
* @since 12
* @version 1.0
*/
TEE_Result tee_ext_root_derive_key2_by_huk2(const uint8_t *secret, uint32_t secret_len, uint8_t *key, uint32_t key_len);
/**
* @brief Derive key from device root key and UUID of the current task by HUK2.
* @attention If the device does not support HUK2, the key is derived by HUK.
*
* @param salt [IN] Indicates the data for salt.
* @param size [IN] Indicates the length of salt.
* @param key [OUT] Indicates the pointer where key is saved.
* @param key_size [IN] Indicates the size of the generated key, fix-size 32 bytes.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
* Returns {@code TEE_ERROR_GENERIC} if the processing failed.
*
* @since 12
* @version 1.0
*/
TEE_Result tee_ext_root_uuid_derive_key_by_huk2(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t key_size);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

498
tee/include/tee_internal_se_api.h Normal file
View File

@ -0,0 +1,498 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TEE_INTERNAL_SE_API_H
#define TEE_INTERNAL_SE_API_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_internal_se_api.h
*
* @brief Provides APIs related to the TEE Secure Element.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include "tee_defines.h"
#ifdef __cplusplus
extern "C" {
#endif
struct __TEE_SEServiceHandle;
struct __TEE_SEReaderHandle;
struct __TEE_SESessionHandle;
struct __TEE_SEChannelHandle;
typedef struct __TEE_SEServiceHandle *TEE_SEServiceHandle;
typedef struct __TEE_SEReaderHandle *TEE_SEReaderHandle;
typedef struct __TEE_SESessionHandle *TEE_SESessionHandle;
typedef struct __TEE_SEChannelHandle *TEE_SEChannelHandle;
#define ATR_LEN_MAX 32U
#define AID_LEN_MIN 5U
#define AID_LEN_MAX 16U
/**
* @brief Defines the maximum of the logic channel.
*
* @since 12
*/
#define SE_LOGIC_CHANNEL_MAX 8U
#define TEE_SC_TYPE_SCP03 0x01
#define BYTE_LEN 8
/**
* @brief Represents the properties of the SE reader.
*
* @since 12
*/
typedef struct __TEE_SEReaderProperties {
/** If an SE is present in the reader, the value is true. */
bool sePresent;
/** If this reader is only accessible via the TEE, the value is true. */
bool teeOnly;
/** If the response to a SELECT is available in the TEE, the value is true.*/
bool selectResponseEnable;
} TEE_SEReaderProperties;
/**
* @brief Defines the SE AID.
*
* @since 12
*/
typedef struct __TEE_SEAID {
/** The value of the applet's AID. */
uint8_t *buffer;
/** The lenght of the applet's AID. */
uint32_t bufferLen;
} TEE_SEAID;
/**
* @brief Enumerates the types of the key.
*
* @since 12
*/
typedef enum {
/** A base key acc. to SCP02. */
TEE_SC_BASE_KEY = 0,
/** A key set (key-MAC, key_ENC) acc. to SCP02, SCP03. */
TEE_SC_KEY_SET = 1
} TEE_SC_KeyType;
typedef struct __TEE_SC_KeySetRef {
/** Key-ENC (Static encryption key). */
TEE_ObjectHandle scKeyEncHandle;
/** Key-MAC (Static MAC key). */
TEE_ObjectHandle scKeyMacHandle;
} TEE_SC_KeySetRef;
/**
* @brief Enumerates the levels of the security.
*
* @since 12
*/
typedef enum {
/** Nothing will be applied. */
TEE_SC_NO_SECURE_MESSAGING = 0x00,
/** Command and response APDU not be secured. */
TEE_SC_AUTHENTICATE = 0x80,
/** Command APDU shall be MAC protected. */
TEE_SC_C_MAC = 0x01,
/** Response APDU shall be MAC protected. */
TEE_SC_R_MAC = 0x10,
/** Command and response APDU shall be MAC protected. */
TEE_SC_CR_MAC = 0x11,
/** Command APDU shall be encrypted and MAC protected. */
TEE_SC_C_ENC_MAC = 0x03,
/** Response APDU shall be encrypted and MAC protected. */
TEE_SC_R_ENC_MAC = 0x30,
/** Command and response APDU shall be encrypted and MAC protected. */
TEE_SC_CR_ENC_MAC = 0x33,
/** Command APDU shall be encrypted, and the command and response APDU shall be MAC protected.*/
TEE_SC_C_ENC_CR_MAC = 0x13
} TEE_SC_SecurityLevel;
#define TEE_AUTHENTICATE TEE_SC_AUTHENTICATE
/**
* @brief Represents the reference about SC card key.
*
* @since 12
*/
typedef struct __TEE_SC_CardKeyRef {
/** The key identifier of the SC card key. */
uint8_t scKeyID;
/** The key version if the SC card key. */
uint8_t scKeyVersion;
} TEE_SC_CardKeyRef;
/**
* @brief Represents the reference about the SC device key.
*
* @since 12
*/
typedef struct __TEE_SC_DeviceKeyRef {
TEE_SC_KeyType scKeyType;
union {
TEE_ObjectHandle scBaseKeyHandle;
TEE_SC_KeySetRef scKeySetRef;
} __TEE_key;
} TEE_SC_DeviceKeyRef;
/**
* @brief Defines the OID of the SC.
*
* @since 12
*/
typedef struct __TEE_SC_OID {
/** The value of the OID. */
uint8_t *buffer;
/** The length of the OID. */
uint32_t bufferLen;
} TEE_SC_OID;
/**
* @brief Represents the paramaters about the SC.
*
* @since 12
*/
typedef struct __TEE_SC_Params {
/** The SC type. */
uint8_t scType;
/** The SC type defined by OID. */
TEE_SC_OID scOID;
/** The SC security level. */
TEE_SC_SecurityLevel scSecurityLevel;
/** Reference to SC card keys. */
TEE_SC_CardKeyRef scCardKeyRef;
/** Reference to SC device keys. */
TEE_SC_DeviceKeyRef scDeviceKeyRef;
} TEE_SC_Params;
/**
* @brief Open the SE service.
*
* @param se_service_handle [IN] Indicates the handle of SE service.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
* Returns {@code TEE_ERROR_ACCESS_CONFLICT} if failed to access the SE service due to conflict.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SEServiceOpen(TEE_SEServiceHandle *se_service_handle);
/**
* @brief Close the SE service.
*
* @param se_service_handle [IN] Indicates the handle of SE service.
*
* @since 12
* @version 1.0
*/
void TEE_SEServiceClose(TEE_SEServiceHandle se_service_handle);
/**
* @brief Get the available readers handle of the SE service.
*
* @param se_service_handle [IN] Indicates the handle of SE service.
* @param se_reader_handle_list [OUT] Indicates the available readers handle list.
* @param se_reader_handle_list_len [OUT] Indicates the length of the handle list.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
* Returns {@code TEE_ITEM_NOT_FOUND} if cannot find the input SE service handle.
* Returns {@code TEE_ERROR_SHORT_BUFFER} if the provided buffer is too small to store the readers handle.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SEServiceGetReaders(TEE_SEServiceHandle se_service_handle, TEE_SEReaderHandle *se_reader_handle_list,
uint32_t *se_reader_handle_list_len);
/**
* @brief Get the available readers handle of the SE service.
*
* @param se_reader_handle [IN] Indicates the SE readers handle.
* @param reader_properties [OUT] Indicates the reader's properties.
*
* @since 12
* @version 1.0
*/
void TEE_SEReaderGetProperties(TEE_SEReaderHandle se_reader_handle, TEE_SEReaderProperties *reader_properties);
/**
* @brief Get the SE reader's name.
*
* @param se_reader_handle [IN] Indicates the SE readers handle.
* @param reader_name [OUT] Indicates the SE reader's name.
* @param reader_name_len [OUT] Indicates the length of the reader's name.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
* Returns {@code TEE_ITEM_NOT_FOUND} if cannot find the input SE reader handle.
* Returns {@code TEE_ERROR_BAD_FORMAT} if the input se_reader_handle points to the reader illegally.
* Returns {@code TEE_ERROR_SHORT_BUFFER} if the reader_name_len is too small to store the readers name.
* Returns {@code TEE_ERROR_SECURITY} if the security error is detected.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SEReaderGetName(TEE_SEReaderHandle se_reader_handle, char *reader_name, uint32_t *reader_name_len);
/**
* @brief Open a session between the SE reader to the SE.
*
* @param se_reader_handle Indicates the SE readers handle.
* @param se_session_handle Indicates the session handle.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
* Returns {@code TEE_ITEM_NOT_FOUND} if cannot find the input SE reader handle.
* Returns {@code TEE_ERROR_COMMUNICATION} if communicte failed with the SE.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SEReaderOpenSession(TEE_SEReaderHandle se_reader_handle, TEE_SESessionHandle *se_session_handle);
/**
* @brief Close sessions between the SE reader to the SE.
*
* @param se_reader_handle Indicates the SE readers handle.
*
* @since 12
* @version 1.0
*/
void TEE_SEReaderCloseSessions(TEE_SEReaderHandle se_reader_handle);
/**
* @brief Get the SE ATR.
*
* @param se_session_handle Indicates the session handle.
* @param atr Indicates the SE ATR.
* @param atrLen Indicates the length of ATR.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
* Returns {@code TEE_ERROR_SHORT_BUFFER} if the provided buffer is too small to store the ATR.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SESessionGetATR(TEE_SESessionHandle se_session_handle, void *atr, uint32_t *atrLen);
/**
* @brief Check whether the session is closed.
*
* @param se_session_handle Indicates the session handle.
*
* @return Returns {@code TEE_SUCCESS} if the session is closed or the input handle is invalid.
* Returns {@code TEE_ERROR_COMMUNICATION} if session state is invalid.
* Returns {@code TEE_ERROR_BAD_STATE} if the session is opened.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SESessionIsClosed(TEE_SESessionHandle se_session_handle);
/**
* @brief Close the SE session.
*
* @param se_session_handle Indicates the session handle.
*
* @since 12
* @version 1.0
*/
void TEE_SESessionClose(TEE_SESessionHandle se_session_handle);
/**
* @brief Close all channels which pointed to by the SE session.
*
* @param se_session_handle Indicates the session handle.
*
* @since 12
* @version 1.0
*/
void TEE_SESessionCloseChannels(TEE_SESessionHandle se_session_handle);
/**
* @brief Open a basic channel which pointed to by the SE session.
*
* @param se_session_handle Indicates the session handle.
* @param se_aid Indicates the SE AID.
* @param se_channel_handle Indicates the SE channel handle.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_STATE} if the session is closed.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
* Returns {@code TEE_ITEM_NOT_FOUND} if cannot find the input SE reader handle.
* Returns other when SE responding to the abnormal status word.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SESessionOpenBasicChannel(TEE_SESessionHandle se_session_handle, TEE_SEAID *se_aid,
TEE_SEChannelHandle *se_channel_handle);
/**
* @brief Open a logical channel which pointed to by the SE session.
*
* @param se_session_handle Indicates the session handle.
* @param se_aid Indicates the SE AID.
* @param se_channel_handle Indicates the SE channel handle.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_STATE} if the session is closed.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
* Returns {@code TEE_ITEM_NOT_FOUND} if cannot find the input SE reader handle.
* Returns other when SE responding to the abnormal status word.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SESessionOpenLogicalChannel(TEE_SESessionHandle se_session_handle, TEE_SEAID *se_aid,
TEE_SEChannelHandle *se_channel_handle);
/**
* @brief Close the channel which pointed to by the channel handle.
*
* @param se_channel_handle Indicates the SE channel handle.
*
* @since 12
* @version 1.0
*/
void TEE_SEChannelClose(TEE_SEChannelHandle se_channel_handle);
/**
* @brief Select the next SE service which pointed to by the channel handle.
*
* @param se_channel_handle Indicates the SE channel handle.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is invalid or the mode of SE is wrong.
* Returns other when SE responding to the abnormal status word.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SEChannelSelectNext(TEE_SEChannelHandle se_channel_handle);
/**
* @brief Get the SELECT command response of SE when open the channel handle.
*
* @param se_channel_handle Indicates the SE channel handle.
* @param response Indicates the response of SE.
* @param response_len Indicates the length of the response.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is invalid.
* Returns {@code TEE_ERROR_SHORT_BUFFER} if the provided buffer is too small to store the response.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SEChannelGetSelectResponse(TEE_SEChannelHandle se_channel_handle, void *response,
uint32_t *response_len);
/**
* @brief Transmit the command through the channle.
*
* @param se_channel_handle Indicates the SE channel handle.
* @param command Indicates the transmitted command.
* @param command_len Indicates the length of the command.
* @param response Indicates the response of SE.
* @param response_len Indicates the length of the response.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_COMMUNICATION} if length of command is less than 4.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is invalid.
* Returns {@code TEE_ERROR_BAD_STATE} if the channel is closed.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SEChannelTransmit(TEE_SEChannelHandle se_channel_handle, void *command, uint32_t command_len,
void *response, uint32_t *response_len);
/**
* @brief Open a SE secure channel based on the input channel handle.
* Thereafter, when the {@code TEE_SEChannelTransmit} is called, all APDUs(ENC/MAC protected) transmitted based on
* the handle are automatically protected based on the defined secure channel parameter options.
* Currently, only SCP03 is supported.
*
* @param se_channel_handle Indicates the SE channel handle.
* @param sc_params Indicates the parameter reference for the secure channel protocol.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_COMMUNICATION} if communicate failed with the SE.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is invalid or the mode of SE is wrong.
* Returns {@code TEE_ERROR_NOT_SUPPORTED} if the parameter of the sc_params is not supported
* Returns {@code TEE_ERROR_MAC_INVALID} if the verification failed.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SESecureChannelOpen(TEE_SEChannelHandle se_channel_handle, TEE_SC_Params *sc_params);
/**
* @brief Close the SE secure channel based on the input channel handle.
* The channel, which pointed to by the input channel handle, is not closed.
* It can be used for insecure communication, but the APDU that calls {@code TEE_SEChannelTransmit}
* transmission is not secure.
*
* @param se_channel_handle Indicates the SE channel handle.
*
* @since 12
* @version 1.0
*/
void TEE_SESecureChannelClose(TEE_SEChannelHandle se_channel_handle);
/**
* @brief Get the channel Id which pointed to by the input channel handle.
*
* @param se_channel_handle Indicates the SE channel handle.
* @param channel_id Indicates the SE channel Id.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is invalid.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SEChannelGetID(TEE_SEChannelHandle se_channel_handle, uint8_t *channel_id);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

290
tee/include/tee_log.h Normal file
View File

@ -0,0 +1,290 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __TEE_LOG_H
#define __TEE_LOG_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_log.h
*
* @brief Provides TEE log APIs.
*
* Reference of TEE log APIs and internal definitions.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include "tee_defines.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Defines the ERROR level of the TA log.
*
* @since 12
*/
#define TA_LOG_LEVEL_ERROR 0
/**
* @brief Defines the WARNING level of the TA log.
*
* @since 12
*/
#define TA_LOG_LEVEL_WARNING 1
/**
* @brief Defines the INFO level of the TA log.
*
* @since 12
*/
#define TA_LOG_LEVEL_INFO 2
/**
* @brief Defines the DEBUG level of the TA log.
*
* @since 12
*/
#define TA_LOG_LEVEL_DEBUG 3
/**
* @brief Defines the VERBO level of the TA log.
*
* @since 12
*/
#define TA_LOG_LEVEL_VERBO 4
/**
* @brief Defines the default level of the TA log.
*
* @since 12
*/
#define TA_LOG_LEVEL_DEFAULT TA_LOG_LEVEL_INFO
/**
* @brief Defines the default level of the TA log.
* {@code TA_LOG_LEVEL} can be redefined by TA developers
*
* @since 12
*/
#ifndef TA_LOG_LEVEL
#define TA_LOG_LEVEL TA_LOG_LEVEL_DEFAULT
#endif
/**
* @brief Defines the tag of the VERBO level TA log.
*
* @since 12
*/
#define TAG_VERB "[verb]"
/**
* @brief Defines the tag of the DEBUG level TA log.
*
* @since 12
*/
#define TAG_DEBUG "[debug]"
/**
* @brief Defines the tag of the INFO level TA log.
*
* @since 12
*/
#define TAG_INFO "[info]"
/**
* @brief Defines the tag of the WARNING level TA log.
*
* @since 12
*/
#define TAG_WARN "[warn]"
/**
* @brief Defines the tag of the ERROR level TA log.
*
* @since 12
*/
#define TAG_ERROR "[error]"
/**
* @brief Enumerates the levels of the log.
*
* @since 12
*/
typedef enum {
LOG_LEVEL_ERROR = 0,
LOG_LEVEL_WARN = 1,
LOG_LEVEL_INFO = 2,
LOG_LEVEL_DEBUG = 3,
LOG_LEVEL_VERBO = 4,
LOG_LEVEL_ON = 5,
} LOG_LEVEL;
/**
* @brief Provides to print UART logs.
*
* @param fmt [IN] The log information.
*
* @since 12
*/
void uart_cprintf(const char *fmt, ...);
/**
* @brief Provides to print UART logs.
*
* @param fmt [IN] The log information.
*
* @since 12
*/
void uart_printf_func(const char *fmt, ...);
/**
* @brief Provides to print TEE logs.
*
* @param log_level [IN] The level of the log.
* @param fmt [IN] The log information.
*
* @since 12
*/
void tee_print(LOG_LEVEL log_level, const char *fmt, ...);
/**
* @brief Provides to print TEE driver logs.
*
* @param log_level [IN] The level of the log.
* @param log_tag [IN] The tag of the log.
* @param fmt [IN] The log information.
*
* @since 12
*/
void tee_print_driver(LOG_LEVEL log_level, const char *log_tag, const char *fmt, ...);
extern const char *g_debug_prefix;
/**
* @brief Defines the API to print TEE log at the VERBO level.
*
* @since 12
*/
#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO)
#ifdef DRIVER_LOG_TAG
#define tlogv(fmt, args...) \
tee_print_driver(LOG_LEVEL_VERBO, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_VERB, __LINE__, ##args)
#else
#define tlogv(fmt, args...) tee_print(LOG_LEVEL_VERBO, "%s %d:" fmt "", TAG_VERB, __LINE__, ##args)
#endif /* DRIVER_LOG_TAG */
#else
#define tlogv(fmt, args...) \
do { \
} while (0)
#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_VERBO */
/**
* @brief Defines the API to print TEE log at the DEBUG level.
*
* @since 12
*/
#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG)
#ifdef DRIVER_LOG_TAG
#define tlogd(fmt, args...) \
tee_print_driver(LOG_LEVEL_DEBUG, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args)
#else
#define tlogd(fmt, args...) tee_print(LOG_LEVEL_DEBUG, "%s %d:" fmt "", TAG_DEBUG, __LINE__, ##args)
#endif /* DRIVER_LOG_TAG */
#else
#define tlogd(fmt, args...) \
do { \
} while (0)
#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_DEBUG */
/**
* @brief Defines the API to print TEE log at the INFO level.
*
* @since 12
*/
#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO)
#ifdef DRIVER_LOG_TAG
#define tlogi(fmt, args...) \
tee_print_driver(LOG_LEVEL_INFO, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args)
#else
#define tlogi(fmt, args...) tee_print(LOG_LEVEL_INFO, "%s %d:" fmt "", TAG_INFO, __LINE__, ##args)
#endif /* DRIVER_LOG_TAG */
#else
#define tlogi(fmt, args...) \
do { \
} while (0)
#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_INFO */
/**
* @brief Defines the API to print TEE log at the WARNING level.
*
* @since 12
*/
#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING)
#ifdef DRIVER_LOG_TAG
#define tlogw(fmt, args...) \
tee_print_driver(LOG_LEVEL_WARN, DRIVER_LOG_TAG, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args)
#else
#define tlogw(fmt, args...) tee_print(LOG_LEVEL_WARN, "%s %d:" fmt "", TAG_WARN, __LINE__, ##args)
#endif /* DRIVER_LOG_TAG */
#else
#define tlogw(fmt, args...) \
do { \
} while (0)
#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_WARNING */
/**
* @brief Defines the API to print TEE log at the ERROR level.
*
* @since 12
*/
#if (TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR) /* Always meet this condition. */
#ifndef TLOGE_NO_TIMESTAMP
#ifdef DRIVER_LOG_TAG
#define tloge(fmt, args...) \
tee_print_driver(LOG_LEVEL_ERROR, DRIVER_LOG_TAG, "%s %d:" fmt " ", TAG_ERROR, __LINE__, ##args)
#else
#define tloge(fmt, args...) tee_print(LOG_LEVEL_ERROR, "%s %d:" fmt " ", TAG_ERROR, __LINE__, ##args)
#endif /* DRIVER_LOG_TAG */
#else
#define tloge(fmt, args...) printf("[%s] %s %d:" fmt " ", g_debug_prefix, TAG_ERROR, __LINE__, ##args)
#endif /* TLOGE_NO_TIMESTAMP */
#else
#define tloge(fmt, args...) \
do { \
} while (0)
#endif /* TA_LOG_LEVEL >= TA_LOG_LEVEL_ERROR */
#ifdef __cplusplus
}
#endif
/** @} */
#endif /* __TEE_LOG_H */

231
tee/include/tee_mem_mgmt_api.h Normal file
View File

@ -0,0 +1,231 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TEE_MEM_MGMT_API_H
#define TEE_MEM_MGMT_API_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_mem_mgmt_api.h
*
* @brief Provides APIs for memory management.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include "tee_defines.h"
#include "tee_mem_monitoring_api.h"
#ifdef __cplusplus
extern "C" {
#endif
/*
* The definitions below are defined by Global Platform or Platform SDK released previously
* for compatibility.
* Do not make any change to the content below.
*/
#ifndef ZERO_SIZE_PTR
#define ZERO_SIZE_PTR ((void *)16)
#define zero_or_null_ptr(x) ((unsigned long)(x) <= (unsigned long)ZERO_SIZE_PTR)
#endif
enum MALLOC_HINT {
ZERO = 0,
NOT_ZERO = 1,
ALIGN_004 = 0x80000002,
/* Buffer alignment */
ALIGN_008 = 0x80000003,
ALIGN_016 = 0x80000004,
ALIGN_032 = 0x80000005,
ALIGN_064 = 0x80000006,
ALIGN_128 = 0x80000007,
ALIGN_256 = 0x80000008,
ALIGN_004_ZERO = 0x80000012,
/* The buffer is 8-byte aligned and initialized to zeros. */
ALIGN_008_ZERO = 0x80000013,
ALIGN_016_ZERO = 0x80000014,
ALIGN_032_ZERO = 0x80000015,
ALIGN_064_ZERO = 0x80000016,
ALIGN_128_ZERO = 0x80000017,
ALIGN_256_ZERO = 0x80000018,
};
#define TEE_MALLOC_FILL_ZERO 0x00000000
#define TEE_MALLOC_NO_FILL 0x00000001
#define TEE_MALLOC_NO_SHARE 0x00000002
#define TEE_MEMORY_ACCESS_READ 0x00000001
#define TEE_MEMORY_ACCESS_WRITE 0x00000002
#define TEE_MEMORY_ACCESS_ANY_OWNER 0x00000004
#if defined(API_LEVEL) && (API_LEVEL >= API_LEVEL1_2)
/**
* @brief Fills <b>x</b> into the first <b>size</b> bytes of the buffer.
*
* @param buffer Indicates the pointer to the buffer.
* @param x Indicates the value to fill.
* @param size Indicates the number of bytes to fill.
*
* @since 12
* @version 1.0
*/
void TEE_MemFill(void *buffer, uint8_t x, size_t size);
#else
/**
* @brief Fills <b>x</b> into the first <b>size</b> bytes of the buffer.
*
* @param buffer Indicates the pointer to the buffer.
* @param x Indicates the value to fill.
* @param size Indicates the number of bytes to fill.
*
* @since 12
* @version 1.0
*/
void TEE_MemFill(void *buffer, uint32_t x, size_t size);
#endif
/**
* @brief Copies bytes.
*
* @param dest Indicates the pointer to the buffer that holds the bytes copied.
* @param src Indicates the pointer to the buffer that holds the bytes to copy.
* @param size Indicates the number of bytes to copy.
*
* @since 12
* @version 1.0
*/
void TEE_MemMove(void *dest, const void *src, size_t size);
/**
* @brief Allocates space of the specified size for an object.
*
* @param size Indicates the size of the memory to be allocated.
* @param hint Indicates a hint to the allocator. The value <b>0</b> indicates that the memory block
* returned is filled with "\0".
*
* @return Returns a pointer to the newly allocated space if the operation is successful.
* @return Returns a <b>NULL</b> pointer if the allocation fails.
*
* @since 12
* @version 1.0
*/
void *TEE_Malloc(size_t size, uint32_t hint);
/**
* @brief Releases the memory allocated by <b>TEE_Malloc</b>.
*
* If the buffer is a <b>NULL</b> pointer, <b>TEE_Free</b> does nothing.
* The buffer to be released must have been allocated by <b>TEE_Malloc</b> or <b>TEE_Realloc</b> and cannot be
* released repeatedly. Otherwise, unexpected result may be caused.
*
* @param buffer Indicates the pointer to the memory to release.
*
* @since 12
* @version 1.0
*/
void TEE_Free(void *buffer);
/**
* @brief Reallocates memory.
*
* If <b>new_size</b> is greater than the old size, the content of the original memory does not change
* and the space in excess of the old size contains unspecified content.
* If the new size of the memory object requires movement of the object, the space for the previous
* instantiation of the object is deallocated.
* If the space cannot be allocated, the original object remains allocated and this function
* returns a <b>NULL</b> pointer.
* If the buffer is <b>NULL</b>, this function is equivalent to <b>TEE_Malloc</b>.
*
* @param buffer Indicates the pointer to the memory to reallocate.
* @param new_size Indicates the new size required.
*
* @return Returns a pointer to the allocated memory if the operation is successful.
* @return Returns a <b>NULL</b> pointer if the operation fails.
*
* @since 12
* @version 1.0
*/
void *TEE_Realloc(void *buffer, size_t new_size);
/**
* @brief Compares memory content from the beginning.
*
* @param buffer1 Indicates the pointer to the first buffer.
* @param buffer2 Indicates the pointer to the second buffer.
* @param size Indicates the number of the bytes to compare.
*
* @return Returns <b>1</b> if buffer1 < buffer2.
* @return Returns <b>0</b> if buffer1 == buffer2.
* @return Returns <b>1</b> if buffer1 > buffer2.
*
* @since 12
* @version 1.0
*/
int32_t TEE_MemCompare(const void *buffer1, const void *buffer2, size_t size);
/**
* @brief Checks whether this TA has the requested permissions to access a buffer.
*
* @param accessFlags Indicates the access permissions to check.
* @param buffer Indicates the pointer to the target buffer.
* @param size Indicates the size of the buffer to check.
*
* @return Returns <b>TEE_SUCCESS</b> if the TA has the requested permissions.
* @return Returns <b>TEE_ERROR_ACCESS_DENIED</b> otherwise.
*/
TEE_Result TEE_CheckMemoryAccessRights(uint32_t accessFlags, const void *buffer, size_t size);
/**
* @brief Sets the TA instance data pointer.
*
* @param instanceData Indicates the pointer to the global TA instance data.
*
* @since 12
* @version 1.0
*/
void TEE_SetInstanceData(void *instanceData);
/**
* @brief Obtains the instance data pointer set by the TA using <b>TEE_SetInstanceData</b>.
*
* @return Returns the pointer to the instance data set by <b>TEE_SetInstanceData</b>
* @return or <b>NULL</b> if no instance data pointer has been set.
*
* @since 12
* @version 1.0
*/
void *TEE_GetInstanceData(void);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

64
tee/include/tee_mem_monitoring_api.h Normal file
View File

@ -0,0 +1,64 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TEE_MEM_MONITORING_API_H
#define TEE_MEM_MONITORING_API_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_mem_monitoring_api.h
*
* @brief Provides APIs for memory monitoring.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Obtains the heap usage of this trusted application (TA).
*
* @param show Indicates whether to print the result in the log file.
*
* @return Returns the heap usage in percentage.
*
* @since 12
* @version 1.0
*/
uint32_t get_heap_usage(bool show);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

384
tee/include/tee_object_api.h Normal file
View File

@ -0,0 +1,384 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __TEE_OBJECT_API_H
#define __TEE_OBJECT_API_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_object_api.h
*
* @brief Provides trusted storage APIs.
*
* You can use these APIs to implement trusted storage features.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include "tee_defines.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Defines <b>HANDLE_NULL</b>, which is used to denote the absence of a handle.
*
* @since 12
*/
#define TEE_HANDLE_NULL 0x00000000
/**
* @brief Enumerates the usages of the key of the <b>TEE_ObjectHandle</b>.
*
* @since 12
*/
enum Usage_Constants {
/** The object's key is extractable. */
TEE_USAGE_EXTRACTABLE = 0x00000001,
/** Used for encryption. */
TEE_USAGE_ENCRYPT = 0x00000002,
/** Used for decryption. */
TEE_USAGE_DECRYPT = 0x00000004,
/** Used for hash calculation. */
TEE_USAGE_MAC = 0x00000008,
/** Used for creating a signature. */
TEE_USAGE_SIGN = 0x00000010,
/** Used for signature verification. */
TEE_USAGE_VERIFY = 0x00000020,
/** Used for key derivation. */
TEE_USAGE_DERIVE = 0x00000040,
/** Used for object initialization, with all permissions assigned by default. */
TEE_USAGE_DEFAULT = 0xFFFFFFFF,
};
/**
* @brief Defines information about the object pointed to by the flag of the <b>TEE_ObjectHandle</b>,
* for example, whether the object is a persistent object or is initialized.
*
* @since 12
*/
enum Handle_Flag_Constants {
/** The object is a persistent object. */
TEE_HANDLE_FLAG_PERSISTENT = 0x00010000,
/** The object is initialized. */
TEE_HANDLE_FLAG_INITIALIZED = 0x00020000,
/** Reserved */
TEE_HANDLE_FLAG_KEY_SET = 0x00040000,
/** Reserved */
TEE_HANDLE_FLAG_EXPECT_TWO_KEYS = 0x00080000,
};
/**
* @brief Defines a value attribute identifier flag.
*
* @since 12
*/
#define TEE_ATTR_FLAG_VALUE 0x20000000
/**
* @brief Defines a public attribute identifier flag.
*
* @since 12
*/
#define TEE_ATTR_FLAG_PUBLIC 0x10000000
/**
* @brief Check whether the attribute is a buffer.
*
* @since 12
*/
#define TEE_ATTR_IS_BUFFER(attribute_id) ((((attribute_id) << 2) >> 31) == 0)
/**
* @brief Check whether the attribute is a value.
*
* @since 12
*/
#define TEE_ATTR_IS_VALUE(attribute_id) ((((attribute_id) << 2) >> 31) == 1)
/**
* @brief Check whether the attribute is protected.
*
* @since 12
*/
#define TEE_ATTR_IS_PROTECTED(attribute_id) ((((attribute_id) << 3) >> 31) == 0)
/**
* @brief Check whether the attribute is public.
*
* @since 12
*/
#define TEE_ATTR_IS_PUBLIC(attribute_id) ((((attribute_id) << 3) >> 31) == 1)
/**
* @brief Obtains a buffer attribute from the <b>TEE_Attribute</b> struct of the object pointed
* to by <b>TEE_ObjectHandle</b>.
*
* The members in the <b>TEE_Attribute</b> struct must be <b>ref</b>. If the <b>TEE_Attribute</b> is private,
* the <b>Usage_Constants</b> of the object must include <b>TEE_USAGE_EXTRACTABLE</b>.
*
* @param object Indicates the handle of the object.
* @param attributeID Indicates the ID of the attribute to obtain, for example, <b>TEE_ObjectAttribute</b>.
* The attribute ID can also be customized.
* @param buffer Indicates the pointer to the buffer that stores the attribute obtained.
* @param size Indicates the pointer to the length of the content stored.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the <b>TEE_Attribute</b> cannot be found in the object
* or the object is not initialized.
* @return Returns <b>TEE_ERROR_SHORT_BUFFER</b> if the buffer is too small to store the content obtained.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_GetObjectBufferAttribute(TEE_ObjectHandle object, uint32_t attributeID, void *buffer, size_t *size);
/**
* @brief Obtains a value attribute from the <b>TEE_Attribute</b> of an object.
*
* The members of the <b>TEE_Attribute</b> struct must be values. If the <b>TEE_Attribute</b> is private,
* the <b>Usage_Constants</b> of the object must include <b>TEE_USAGE_EXTRACTABLE</b>.
*
* @param object Indicates the handle of the object.
* @param attributeID Indicates the ID of the attribute to obtain, for example, <b>TEE_ObjectAttribute</b>.
* The attribute ID can also be customized.
* @param a Indicates the pointer to the placeholder filled with the attribute field <b>a</b>.
* @param b Indicates the pointer to the placeholder filled with the attribute field <b>b</b>.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the <b>TEE_Attribute</b> cannot be found in the object
* or the object is not initialized.
* @return Returns <b>TEE_ERROR_ACCESS_DENIED</b> if <b>TEE_Attribute</b> is private
* but the object <b>Usage_Constants</b> does not contain the <b>TEE_USAGE_EXTRACTABLE</b> flag.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_GetObjectValueAttribute(TEE_ObjectHandle object, uint32_t attributeID, uint32_t *a, uint32_t *b);
/**
* @brief Closes a <b>TEE_ObjectHandle</b> object.
*
* The object can be persistent or transient.
*
* @param object Indicates the <b>TEE_ObjectHandle</b> object to close.
*
* @since 12
* @version 1.0
*/
void TEE_CloseObject(TEE_ObjectHandle object);
/**
* @brief Allocates an uninitialized object to store keys.
*
* <b>objectType</b> and <b>maxObjectSize</b> must be specified.
*
* @param objectType Indicates the type of the object to create. The value is <b>TEE_ObjectType</b>.
* @param maxObjectSize Indicates the maximum number of bytes of the object.
* @param object Indicates the pointer to the handle of the newly created object.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_OUT_OF_MEMORY</b> if the memory is insufficient.
* @return Returns <b>TEE_ERROR_NOT_SUPPORTED</b> if the object type is not supported.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_AllocateTransientObject(uint32_t objectType, uint32_t maxObjectSize, TEE_ObjectHandle *object);
/**
* @brief Releases a transient object that is previously allocated with <b>TEE_AllocateTransientObject</b>.
*
* After the function is called, the handle becomes invalid and all allocated resources are released.
* <b>TEE_FreeTransientObject</b> and <b>TEE_AllocateTransientObject</b> are used in pairs.
*
* @param object Indicates the <b>TEE_ObjectHandle</b> to release.
*
* @since 12
* @version 1.0
*/
void TEE_FreeTransientObject(TEE_ObjectHandle object);
/**
* @brief Resets a transient object to its initial state after allocation.
*
* You can use an allocated object, which has not been initialized or used to store a key, to store a key.
*
* @param object Indicates the <b>TEE_ObjectHandle</b> to reset.
*
* @since 12
* @version 1.0
*/
void TEE_ResetTransientObject(TEE_ObjectHandle object);
/**
* @brief Populates an uninitialized object with object attributes passed by the TA in the <b>attrs</b> parameter.
*
* The object must be uninitialized. \n
* The <b>attrs</b> parameter is passed by a TA.
*
* @param object Indicates the handle on a created but uninitialized object.
* @param attrs Indicates the pointer to an array of object attributes, which can be one or more <b>TEE_Attribute</b>s.
* @param attrCount Indicates the number of members in the attribute array.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_BAD_PARAMETERS</b> if an incorrect or inconsistent attribute value is detected.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_PopulateTransientObject(TEE_ObjectHandle object, TEE_Attribute *attrs, uint32_t attrCount);
/**
* @brief Initializes the <b>TEE_Attribute</b> of the buffer type.
*
* The members in the <b>TEE_Attribute</b> struct must be <b>ref</b>.
*
* @param attr Indicates the pointer to the <b>TEE_Attribute</b> initialized.
* @param attributeID Indicates the ID assigned to the <b>TEE_Attribute</b>.
* @param buffer Indicates the pointer to the buffer that stores the content to be allocated.
* @param length Indicates the length of the assigned value, in bytes.
*
* @since 12
* @version 1.0
*/
void TEE_InitRefAttribute(TEE_Attribute *attr, uint32_t attributeID, void *buffer, size_t length);
/**
* @brief Initializes a <b>TEE_Attribute</b>.
*
* @param attr Indicates the pointer to the <b>TEE_Attribute</b> initialized.
* @param attributeID Indicates the ID assigned to the <b>TEE_Attribute</b>.
* @param a Indicates the value to be assigned to the member <b>a</b> in the <b>TEE_Attribute</b>.
* @param b Indicates the value to be assigned to the member <b>b</b> in the <b>TEE_Attribute</b>.
*
* @since 12
* @version 1.0
*/
void TEE_InitValueAttribute(TEE_Attribute *attr, uint32_t attributeID, uint32_t a, uint32_t b);
/**
* @brief Generates a random key or a key pair and populates a transient key object with the generated key.
*
* @param object Indicates a transient object used to hold the generated key.
* @param keySize Indicates the number of bytes of the key.
* @param params Indicates the pointer to the parameters for key generation.
* @param paramCount Indicates the number of parameters required for key generation.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_BAD_PARAMETERS</b> if the type of the key generated does not match
* the key that can be held in the transient object.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_GenerateKey(TEE_ObjectHandle object, uint32_t keySize, TEE_Attribute *params, uint32_t paramCount);
/**
* @brief Get the information of the object data part, the total length of the data part and the current
* position of the data stream.
*
* @param object Indicates the handle of the object.
* @param pos Indicates the data stream position.
* @param len Indicates the data stream length.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns others if the operation is failed.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_InfoObjectData(TEE_ObjectHandle object, uint32_t *pos, uint32_t *len);
/**
* @brief Obtains <b>TEE_ObjectInfo</b>.
*
* This function obtains <b>TEE_ObjectInfo</b> and copies the obtained information to the pre-allocated space
* pointed to by <b>objectInfo</b>.
*
* @param object Indicates the handle of the object.
* @param objectInfo Indicates the pointer to the <b>TEE_ObjectInfo</b> obtained.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_CORRUPT_OBJECT</b> if the object is corrupted and the object handle will be closed.
* @return Returns <b>TEE_ERROR_STORAGE_NOT_AVAILABLE</b> if the object is stored
* in a storage area that is inaccessible currently.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_GetObjectInfo1(TEE_ObjectHandle object, TEE_ObjectInfo *objectInfo);
/**
* @brief Assigns the <b>TEE_Attribute</b> of an initialized object to an uninitialized object.
*
* This function populates an uninitialized object with <b>TEE_Attribute</b>.
* That is, it copies <b>TEE_Attribute</b> of <b>srcobject</b> to <b>destobject</b>.
* The <b>TEE_Attribute</b> types and IDs of the two objects must match.
*
* @param destObject Indicates the uninitialized object.
* @param srcObject Indicates the initialized object.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_CORRUPT_OBJECT</b> if the object is corrupted and the object handle will be closed.
* @return Returns <b>TEE_ERROR_STORAGE_NOT_AVAILABLE</b> if the object is stored
* in a storage area that is inaccessible currently.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_CopyObjectAttributes1(TEE_ObjectHandle destObject, TEE_ObjectHandle srcObject);
/**
* @brief Restricts the <b>objectUse</b> bit of an object.
*
* This bit determines the usage of the key in the object. The value range is <b>Usage_Constant</b>.
* The bit in the <b>objectUse</b> parameter can be set as follows: \n
* If it is set to <b>1</b>, the corresponding usage flag in the object is left unchanged. \n
* If it is set to <b>0</b>, the corresponding usage flag in the object is cleared. \n
* The newly created object contains all <b>Usage_Constant</b>, and the usage flag can be cleared only.
*
* @param object Indicates the <b>TEE_ObjectHandle</b> of the target object.
* @param objectUsage Indicates the new object usage.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_CORRUPT_OBJECT</b> if the object is corrupted and the object handle will be closed.
* @return Returns <b>TEE_ERROR_STORAGE_NOT_AVAILABLE</b> if the object is stored
* in a storage area that is inaccessible currently.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_RestrictObjectUsage1(TEE_ObjectHandle object, uint32_t objectUsage);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

266
tee/include/tee_property_api.h Normal file
View File

@ -0,0 +1,266 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TEE_PROPERTY_API_H
#define TEE_PROPERTY_API_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_property_api.h
*
* @brief Reference of TEE object api definitions.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include "tee_defines.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* The definitions below are defined by Global Platform or Platform SDK released previously
* for compatibility.
* Do not make any change to the content below.
*/
/**
* @brief Enumerates the types of the property set.
*
* @since 12
*/
typedef enum {
TEE_PROPSET_UNKNOW = 0,
TEE_PROPSET_TEE_IMPLEMENTATION = 0xFFFFFFFD,
TEE_PROPSET_CURRENT_CLIENT = 0xFFFFFFFE,
TEE_PROPSET_CURRENT_TA = 0xFFFFFFFF,
} Pseudo_PropSetHandle;
typedef uint32_t TEE_PropSetHandle;
/**
* @brief Obtains a property from a property set and converts its value into a printable string.
*
*
* @param propsetOrEnumerator Indicates one of the TEE_PROPSET_XXX pseudo-handles or a handle on a property enumerator.
* @param name Indicates the pointer to the zero-terminated string containing the name of the property to obtain.
* @param valueBuffer Indicates the pointer to the buffer for holding the property value obtained.
* @param valueBufferLen Indicates the pointer to the buffer length.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the target property cannot be obtained.
* @return Returns <b>TEE_ERROR_SHORT_BUFFER</b> if the value buffer is too small to hold the property value obtained.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_GetPropertyAsString(TEE_PropSetHandle propsetOrEnumerator, const char *name, char *valueBuffer,
size_t *valueBufferLen);
/**
* @brief Obtains a property from a property set and converts its value into a Boolean value.
*
* @param propsetOrEnumerator Indicates one of the TEE_PROPSET_XXX pseudo-handles or a handle on a property enumerator.
* @param name Indicates the pointer to the zero-terminated string containing the name of the property to obtain.
* @param value Indicates the pointer to the variable that holds the property value obtained.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the target property cannot be obtained.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_GetPropertyAsBool(TEE_PropSetHandle propsetOrEnumerator, const char *name, bool *value);
/**
* @brief Obtains a property from a property set and converts its value into a 32-bit unsigned integer.
*
* @param propsetOrEnumerator Indicates one of the TEE_PROPSET_XXX pseudo-handles or a handle on a property enumerator.
* @param name Indicates the pointer to the zero-terminated string containing the name of the property to obtain.
* @param value Indicates the pointer to the variable that holds the property value obtained.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the target property cannot be obtained.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_GetPropertyAsU32(TEE_PropSetHandle propsetOrEnumerator, const char *name, uint32_t *value);
#if defined(API_LEVEL) && (API_LEVEL >= API_LEVEL1_2)
/**
* @brief Obtains a property from a property set and converts its value into a 64-bit unsigned integer.
*
* @param propsetOrEnumerator Indicates one of the TEE_PROPSET_XXX pseudo-handles or a handle on a property enumerator.
* @param name Indicates the pointer to the zero-terminated string containing the name of the property to obtain.
* @param value Indicates the pointer to the variable that holds the property value obtained.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the target property cannot be obtained.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_GetPropertyAsU64(TEE_PropSetHandle propsetOrEnumerator, const char *name, uint64_t *value);
#endif // API_LEVEL
/**
* @brief Obtains a property from a property set and converts its value into a binary block.
*
* @param propsetOrEnumerator Indicates one of the TEE_PROPSET_XXX pseudo-handles or a handle on a property enumerator.
* @param name Indicates the pointer to the zero-terminated string containing the name of the property to obtain.
* @param valueBuffer Indicates the pointer to the buffer for holding the property value obtained.
* @param valueBufferLen Indicates the pointer to the buffer length.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the target property cannot be obtained.
* @return TEE_ERROR_SHORT_BUFFER the value buffer is not large enough to hold the whole property value
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_GetPropertyAsBinaryBlock(TEE_PropSetHandle propsetOrEnumerator, const char *name, void *valueBuffer,
size_t *valueBufferLen);
/**
* @brief Obtains a property from a property set and converts its value to the <b>TEE_UUID</b> struct.
*
* @param propsetOrEnumerator Indicates one of the TEE_PROPSET_XXX pseudo-handles or a handle on a property enumerator.
* @param name Indicates the pointer to the zero-terminated string containing the name of the property to obtain.
* @param value Indicates the pointer to the variable that holds the property value obtained.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the target property cannot be obtained.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_GetPropertyAsUUID(TEE_PropSetHandle propsetOrEnumerator, const char *name, TEE_UUID *value);
/**
* @brief Obtains a property from a property set and converts its value to the <b>TEE_Identity</b> struct.
*
* @param propsetOrEnumerator Indicates one of the TEE_PROPSET_XXX pseudo-handles or a handle on a property enumerator.
* @param name Indicates the pointer to the zero-terminated string containing the name of the property to obtain.
* @param value Indicates the pointer to the variable that holds the property value obtained.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the target property cannot be obtained.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_GetPropertyAsIdentity(TEE_PropSetHandle propsetOrEnumerator, const char *name, TEE_Identity *value);
/**
* @brief Allocates a property enumerator object.
*
* @param enumerator Indicates the pointer to the property enumerator filled with an opaque handle.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_OUT_OF_MEMORY</b> if there is no enough resources to allocate the property enumerator.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_AllocatePropertyEnumerator(TEE_PropSetHandle *enumerator);
/**
* @brief Releases a property enumerator object.
*
* @param enumerator Indicates the handle on the property enumerator to release.
*
* @return void
*
* @since 12
* @version 1.0
*/
void TEE_FreePropertyEnumerator(TEE_PropSetHandle enumerator);
/**
* @brief Starts to enumerate the properties in an enumerator.
*
* @param enumerator Indicates the handle on the enumerator.
* @param propSet Indicates the pseudo-handle on the property set to enumerate.
*
* @return void
*
* @since 12
* @version 1.0
*/
void TEE_StartPropertyEnumerator(TEE_PropSetHandle enumerator, TEE_PropSetHandle propSet);
/**
* @brief Resets a property enumerator immediately after allocation.
*
* @param enumerator Indicates the handle on the enumerator to reset.
*
* @return void
*
* @since 12
* @version 1.0
*/
void TEE_ResetPropertyEnumerator(TEE_PropSetHandle enumerator);
/**
* @brief Obtains the name of this property in an enumerator.
*
* @param enumerator Indicates the handle on the enumerator.
* @param nameBuffer Indicates the pointer to the buffer that stores the property name obtained.
* @param nameBufferLen Indicates the pointer to the buffer length.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the property is not found because the enumerator has not started
* or has reached the end of the property set.
* @return Returns <b>TEE_ERROR_SHORT_BUFFER</b> if the buffer is too small to hold the property name.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_GetPropertyName(TEE_PropSetHandle enumerator, void *nameBuffer, size_t *nameBufferLen);
/**
* @brief Obtains the next property in an enumerator.
*
* @param enumerator Indicates the handle on the enumerator.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the property is not found because the enumerator
* has not started or has reached the end of the property set.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_GetNextProperty(TEE_PropSetHandle enumerator);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

117
tee/include/tee_rtc_time_api.h Normal file
View File

@ -0,0 +1,117 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __TEE_RTC_TIME_API_H
#define __TEE_RTC_TIME_API_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_rtc_time_api.h
*
* @brief Provides APIs about rtc timer.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include <tee_defines.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Create a secure timer.
*
* @param time_seconds Indicates the security duration.
* @param timer_property Indicates the property of the timer, where only need to specify the timer type.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns other values if the operation fails.
*
* @since 12
* @version 1.0
*/
TEE_Result tee_ext_create_timer(uint32_t time_seconds, TEE_timer_property *timer_property);
/**
* @brief Destory a secure timer.
*
* @param timer_property Indicates the property of the timer, where only need to specify the timer type.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns other values if the operation fails.
*
* @since 12
* @version 1.0
*/
TEE_Result tee_ext_destory_timer(TEE_timer_property *timer_property);
/**
* @brief Obtain the set timing duration.
*
* @param timer_property Indicates the property of the timer, where only need to specify the timer type.
* @param time_seconds Indicates the timing duration.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns other values if the operation fails.
*
* @since 12
* @version 1.0
*/
TEE_Result tee_ext_get_timer_expire(TEE_timer_property *timer_property, uint32_t *time_seconds);
/**
* @brief Obtain the remain timing duration.
*
* @param timer_property Indicates the property of the timer, where only need to specify the timer type.
* @param time_seconds Indicates the remain timing duration.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns other values if the operation fails.
*
* @since 12
* @version 1.0
*/
TEE_Result tee_ext_get_timer_remain(TEE_timer_property *timer_property, uint32_t *time_seconds);
/**
* @brief Obtain the current timing of the RTC clock.
* @attention The obtained time is in seconds and cannot be converted to universal time.
*
* @return The RTC clock count(in seconds).
*
* @since 12
* @version 1.0
*/
unsigned int tee_get_secure_rtc_time(void);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

159
tee/include/tee_service_public.h Normal file
View File

@ -0,0 +1,159 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef _TEE_SERVICE_PUBLIC_H_
#define _TEE_SERVICE_PUBLIC_H_
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_service_public.h
*
* @brief Provides the TEE service public function for developers.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include "tee_defines.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef void (*func_ptr)(void);
/**
* @brief Defines the size of the message queue for the TEE service
*
* @since 12
*/
#define TEE_SERVICE_MSG_QUEUE_SIZE 100
/**
* @brief Defines the arguments of a message.
*
* @since 12
*/
typedef struct {
uint64_t arg0;
uint64_t arg1;
uint64_t arg2;
uint64_t arg3;
uint64_t arg4;
uint64_t arg5;
uint64_t arg6;
uint64_t arg7;
} args_t;
/**
* @brief Defines the register information of TA.
*
* @since 12
*/
struct reg_ta_info {
uint32_t taskid;
TEE_UUID uuid;
uint32_t userid;
/** Just for ssa, other tasks shall ignore it. */
bool ssa_enum_enable;
};
/**
* @brief Defines the IPC message of TEE service.
*
* @since 12
*/
typedef union {
args_t args_data;
struct reg_ta_info reg_ta;
} tee_service_ipc_msg;
/**
* @brief Defines the IPC request message of TEE service.
*
* @since 12
*/
struct tee_service_ipc_msg_req {
uint32_t cmd;
tee_service_ipc_msg msg;
};
/**
* @brief Defines the IPC response message of TEE service.
*
* @since 12
*/
typedef struct {
TEE_Result ret;
tee_service_ipc_msg msg;
} tee_service_ipc_msg_rsp;
/**
* @brief Defines the message of the TEE service.
*
* @since 12
*/
typedef struct {
uint32_t msg_id;
uint32_t sender;
tee_service_ipc_msg msg;
} tee_service_msg_t;
/**
* @brief Defines the message queue for the TEE service.
*
* @since 12
*/
typedef struct {
uint32_t in;
uint32_t out;
tee_service_msg_t msg[TEE_SERVICE_MSG_QUEUE_SIZE];
} tee_service_msg_queue_t;
/**
* @brief Provides to send IPC synchronization messages to a specified service
* and receive responses from the service.
*
* @param task_name Indicates the task name of recipient.
* @param snd_cmd Indicates the command ID of the send message.
* @param snd_msg Indicates the send message.
* @param ack_cmd Indicates the ID of the ack cmd to be received.
* @param rsp_msg Indicates the service response message.
*
* @since 12
* @version 1.0
*/
void tee_common_ipc_proc_cmd(const char *task_name,
uint32_t snd_cmd, const tee_service_ipc_msg *snd_msg,
uint32_t ack_cmd, tee_service_ipc_msg_rsp *rsp_msg);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

128
tee/include/tee_sharemem_ops.h Normal file
View File

@ -0,0 +1,128 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TEE_SHAREMEM_OPS_H
#define TEE_SHAREMEM_OPS_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_sharemem_ops.h
*
* @brief Provides APIs for developers to apply for shared memory.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include <stdint.h>
#include <tee_defines.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Alloc shared memory in TEE.
*
* @param uuid Indicates the UUID of TA.
* @param size Indicates the size of the requested shared memory.
*
* @return Returns a pointer to the newly allocated space if the operation is successful.
* Returns a <b>NULL</b> pointer if the allocation fails.
*
* @since 12
* @version 1.0
*/
void *tee_alloc_sharemem_aux(const struct tee_uuid *uuid, uint32_t size);
/**
* @brief Alloc continuous shared memory in TEE.
*
* @param uuid Indicates the UUID of TA.
* @param size Indicates the size of the requested shared memory.
*
* @return Returns a pointer to the newly allocated space if the operation is successful.
* Returns a <b>NULL</b> pointer if the allocation fails.
*
* @since 12
* @version 1.0
*/
void *tee_alloc_coherent_sharemem_aux(const struct tee_uuid *uuid, uint32_t size);
/**
* @brief Free the shared memory in TEE.
*
* @param addr Indicates the shared memory address that will be freed.
* @param size Indicates the size of the shared memory.
*
* @return Returns <b>0</b> if the operation is successful.
* Returns others if the operation is failed.
*
* @since 12
* @version 1.0
*/
uint32_t tee_free_sharemem(void *addr, uint32_t size);
/**
* @brief Copy shared memory from source task.
*
* @param src_task Indicates the pid of the source task.
* @param src Indicates the address of the source buffer.
* @param src_size Indicates the size of the source buffer.
* @param dst Indicates the address of the destination buffer.
* @param dst_size Indicates the size of the destination buffer.
*
* @return Returns <b>0</b> if the operation is successful.
* Returns <b>-1</b> if the operation is failed.
*
* @since 12
* @version 1.0
*/
int32_t copy_from_sharemem(uint32_t src_task, uint64_t src, uint32_t src_size, uintptr_t dst, uint32_t dst_size);
/**
* @brief Copy shared memory to destination task.
*
* @param src Indicates the address of the source buffer.
* @param src_size Indicates the size of the source buffer.
* @param dst_task Indicates the pid of the destination task.
* @param dst Indicates the address of the destination buffer.
* @param dst_size Indicates the size of the destination buffer.
*
* @return Returns <b>0</b> if the operation is successful.
* Returns <b>-1</b> if the operation is failed.
*
* @since 12
* @version 1.0
*/
int32_t copy_to_sharemem(uintptr_t src, uint32_t src_size, uint32_t dst_task, uint64_t dst, uint32_t dst_size);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

131
tee/include/tee_time_api.h Normal file
View File

@ -0,0 +1,131 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __TEE_TIME_API_H
#define __TEE_TIME_API_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_time_api.h
*
* @brief Provides APIs for managing the Trusted Execution Environment (TEE) time.
*
* You can use these APIs to implement time-related features in a TEE.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include "tee_defines.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Obtains the current TEE system time.
*
* @param time Indicates the pointer to the current system time obtained.
*
* @since 12
* @version 1.0
*/
void TEE_GetSystemTime(TEE_Time *time);
/**
* @brief Waits for the specified period of time, in milliseconds.
*
* @param timeout Indicates the period of time to wait, in milliseconds.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_CANCEL</b> if the wait is canceled.
* @return Returns <b>TEE_ERROR_OUT_OF_MEMORY</b> if the memory is not sufficient to complete the operation.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_Wait(uint32_t timeout);
/**
* @brief Obtains the persistent time of this trusted application (TA).
*
* @param time Indicates the pointer to the persistent time of the TA.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_TIME_NOT_SET</b> if the persistent time has not been set.
* @return Returns <b>TEE_ERROR_TIME_NEEDS_RESET</b> if the persistent time is corrupted and
* the application is not longer trusted.
* @return Returns <b>TEE_ERROR_OVERFLOW</b> if the number of seconds in the TA persistent time
* exceeds the range of <b>uint32_t</b>.
* @return Returns <b>TEE_ERROR_OUT_OF_MEMORY</b> if the memory is not sufficient to complete the operation.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_GetTAPersistentTime(TEE_Time *time);
/**
* @brief Sets the persistent time for this TA.
*
* @param time Indicates the pointer to the persistent time of the TA.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* @return Returns <b>TEE_ERROR_OUT_OF_MEMORY</b> if the memory is not sufficient to complete the operation.
* @return Returns <b>TEE_ERROR_STORAGE_NO_SPACE</b> if the storage space is not sufficient to complete the operation.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SetTAPersistentTime(TEE_Time *time);
/**
* @brief Obtains the current Rich Execution Environment (REE) system time.
*
* @param time Indicates the pointer to the REE system time obtained.
*
* @since 12
* @version 1.0
*/
void TEE_GetREETime(TEE_Time *time);
/**
* @brief Obtains the string format of the current Rich Execution Environment (REE) system time.
*
* @param tim_str Indicates the REE system time string.
* @param time_str_len Indicates the length of the string.
*
* @since 12
* @version 1.0
*/
void TEE_GetREETimeStr(char *tim_str, uint32_t time_str_len);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

410
tee/include/tee_trusted_storage_api.h Normal file
View File

@ -0,0 +1,410 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __TEE_TRUSTED_STORAGE_API_H
#define __TEE_TRUSTED_STORAGE_API_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_trusted_storage_api.h
*
* @brief Provides trusted storage APIs.
*
* You can use these APIs to implement trusted storage features.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include "tee_defines.h"
#include "tee_object_api.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Defines the start position in the data stream associated with an object.
* It is used in the <b>TEE_SeekObjectData</b> function.
*
* @since 12
*/
enum __TEE_Whence {
/* Set the start position to the beginning of the data stream. */
TEE_DATA_SEEK_SET = 0,
/* Set the start position to the current data stream position. */
TEE_DATA_SEEK_CUR,
/* Set the start position to the end of the data stream. */
TEE_DATA_SEEK_END
};
struct __TEE_ObjectEnumHandle;
/**
* @brief Defines the pointer to <b>TEE_ObjectEnumHandle</b>.
*
* @see __TEE_ObjectEnumHandle
*
* @since 12
*/
typedef struct __TEE_ObjectEnumHandle *TEE_ObjectEnumHandle;
typedef uint32_t TEE_Whence;
/**
* @brief Defines the storage ID, which identifies the storage space of the application.
*
* @since 12
*/
enum Object_Storage_Constants {
/* Separate private storage space for each application. */
TEE_OBJECT_STORAGE_PRIVATE = 0x00000001,
/* Separate personal storage space for application. */
TEE_OBJECT_STORAGE_PERSO = 0x00000002,
/* Space for secure flash storage. */
TEE_OBJECT_SEC_FLASH = 0x80000000,
/* Credential encrypted storage space. */
TEE_OBJECT_STORAGE_CE = 0x80000002,
};
/**
* @brief Defines the system resource constraints, such as the maximum value for the data stream position indicator.
*
* @since 12
*/
enum Miscellaneous_Constants {
/* Maximum length that the position indicator of the data stream can take. */
TEE_DATA_MAX_POSITION = 0xFFFFFFFF,
/* Maximum length of the object ID, which can extend to 128 bytes. */
TEE_OBJECT_ID_MAX_LEN = 64,
};
/**
* @brief Defines the maximum number of bytes that can be held in a data stream.
*
* @since 12
*/
enum TEE_DATA_Size {
TEE_DATA_OBJECT_MAX_SIZE = 0xFFFFFFFF
};
/**
* @brief Defines the <b>handleFlags</b> of a <b>TEE_ObjectHandle</b>.
* The <b>handleFlags</b> determines the access permissions to the data stream associated with the object.
*
* @since 12
*/
enum Data_Flag_Constants {
/** The data stream can be read. */
TEE_DATA_FLAG_ACCESS_READ = 0x00000001,
/** The data stream can be written or truncated. */
TEE_DATA_FLAG_ACCESS_WRITE = 0x00000002,
/** The data stream can be deleted or renamed. */
TEE_DATA_FLAG_ACCESS_WRITE_META = 0x00000004,
/** Multiple TEE_ObjectHandles can be opened for concurrent read. */
TEE_DATA_FLAG_SHARE_READ = 0x00000010,
/** Multiple TEE_ObjectHandles can be opened for concurrent write. */
TEE_DATA_FLAG_SHARE_WRITE = 0x00000020,
/** Reserved. */
TEE_DATA_FLAG_CREATE = 0x00000200,
/**
* Protect the existing file with the same name. Throw an error if the file with the same name exists;
* create a data file otherwise.
*/
TEE_DATA_FLAG_EXCLUSIVE = 0x00000400,
/**
* Protect the existing file with the same name. Throw an error if the file with the same name exists;
* create a data file otherwise.
*/
TEE_DATA_FLAG_OVERWRITE = 0x00000400,
/** Use AES256 if bit 28 is 1; use AES128 if bit 28 is 0. */
TEE_DATA_FLAG_AES256 = 0x10000000,
/** If bit 29 is set to 1, open the earlier version preferentially. */
TEE_DATA_FLAG_OPEN_AESC = 0x20000000,
};
/**
* @brief Creates a persistent object.
*
* This function creates a persistent object with initialized <b>TEE_Attribute</b> and data stream.
* You can use the returned handle to access the <b>TEE_Attribute</b> and data stream of the object.
*
* @param storageID Indicates the storage to use. The value is specified by <b>Object_Storage_Constants</b>.
* @param ojbectID Indicates the pointer to the object identifier, that is, the name of the object to create.
* @param objectIDLen Indicates the length of the object identifier, in bytes. It cannot exceed 128 bytes.
* @param flags Indicates the flags of the object created. The value can be
* one or more of <b>Data_Flag_Constants</b> or <b>Handle_Flag_Constants</b>.
* @param attributes Indicates the <b>TEE_ObjectHandle</b> of a transient object from which to take
* <b>TEE_Attribute</b>. It can be <b>TEE_HANDLE_NULL</b> if the persistent object contains no attribute.
* @param initialData Indicates the pointer to the initial data used to initialize the data stream data.
* @param initialDataLen Indicates the length of the initial data, in bytes.
* @param object Indicates the pointer to the <b>TEE_ObjectHandle</b> returned
* after the function is successfully executed.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the storage specified by <b>storageID</b> does not exist.
* Returns <b>TEE_ERROR_ACCESS_CONFLICT</b> if an access conflict occurs.
* Returns <b>TEE_ERROR_OUT_OF_MEMORY</b> if the memory is not sufficient to complete the operation.
* Returns <b>TEE_ERROR_STORAGE_NO_SPACE</b> if there is no enough space to create the object.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_CreatePersistentObject(uint32_t storageID, const void *ojbectID, size_t objectIDLen, uint32_t flags,
TEE_ObjectHandle attributes, const void *initialData, size_t initialDataLen,
TEE_ObjectHandle *object);
/**
* @brief Opens an existing persistent object.
*
* The handle returned can be used to access the <b>TEE_Attribute</b> and data stream of the object.
*
* @param storageID Indicates the storage to use. The value is specified by <b>Object_Storage_Constants</b>.
* @param ojbectID Indicates the pointer to the object identifier, that is, the name of the object to open.
* @param objectIDLen Indicates the length of the object identifier, in bytes. It cannot exceed 128 bytes.
* @param flags Indicates the flags of the object opened.
* The value can be one or more of <b>Data_Flag_Constants</b> or <b>Handle_Flag_Constants</b>.
* @param object Indicates the pointer to the <b>TEE_ObjectHandle</b> returned
* after the function is successfully executed.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_ITEM_NOT_FOUND</b> if the storage specified by <b>storageID</b> does not exist
* or the object identifier cannot be found in the storage.
* Returns <b>TEE_ERROR_ACCESS_CONFLICT</b> if an access conflict occurs.
* Returns <b>TEE_ERROR_OUT_OF_MEMORY</b> if the memory is not sufficient to complete the operation.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_OpenPersistentObject(uint32_t storageID, const void *ojbectID, size_t objectIDLen, uint32_t flags,
TEE_ObjectHandle *object);
/**
* @brief Reads data from the data stream associated with an object into the buffer.
*
* The <b>TEE_ObjectHandle</b> of the object must have been opened with the <b>TEE_DATA_FLAG_ACCESS_READ</b> permission.
*
* @param ojbect Indicates the <b>TEE_ObjectHandle</b> of the object to read.
* @param buffer Indicates the pointer to the buffer used to store the data read.
* @param size Indicates the number of bytes to read.
* @param count Indicates the pointer to the variable that contains the number of bytes read.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_OUT_OF_MEMORY</b> if the memory is not sufficient to complete the operation.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_ReadObjectData(TEE_ObjectHandle ojbect, void *buffer, size_t size, uint32_t *count);
/**
* @brief Writes bytes from the buffer to the data stream associated with an object.
*
* The <b>TEE_ObjectHandle</b> must have been opened with the <b>TEE_DATA_FLAG_ACCESS_WRITE</b> permission.
*
* @param ojbect Indicates the <b>TEE_ObjectHandle</b> of the object.
* @param buffer Indicates the pointer to the buffer that stores the data to be written.
* @param size Indicates the number of bytes to be written. It cannot exceed 4096 bytes.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_OUT_OF_MEMORY</b> if the memory is not sufficient to complete the operation.
* Returns <b>TEE_ERROR_STORAGE_NO_SPACE</b> if the storage space is not sufficient to complete the operation.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_WriteObjectData(TEE_ObjectHandle ojbect, const void *buffer, size_t size);
/**
* @brief Changes the size of a data stream.
*
* If the size is less than the current size of the data stream, all bytes beyond <b>size</b> are deleted. If the size
* is greater than the current size of the data stream, add 0s at the end of the stream to extend the stream.
* The object handle must be opened with the <b>TEE_DATA_FLAG_ACCESS_WRITE</b> permission.
*
* @param object Indicates the <b>TEE_ObjectHandle</b> of the object.
* @param size Indicates the new size of the data stream. It cannot exceed 4096 bytes.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_STORAGE_NO_SPACE</b> if the storage space is not sufficient to complete the operation.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_TruncateObjectData(TEE_ObjectHandle object, size_t size);
/**
* @brief Sets the position of the data stream to which <b>TEE_ObjectHandle</b> points.
*
* The data position indicator is determined by the start position and an offset together.
* The <b>whence</b> parameter determines the start position. Its value is set in <b>TEE_Whence</b> as follows:
* <b>TEE_DATA_SEEK_SET = 0</b>: The start position is the beginning of the data stream.
* <b>TEE_DATA_SEEK_CUR</b>: The start position is the current position of the data stream.
* <b>TEE_DATA_SEEK_END</b>: The start position is the end of the data stream.
* If the parameter <b>offset</b> is a positive number, the data position is moved forward.
* If <b>offset</b> is a negative number, the data position is moved backward.
*
* @param object Indicates the <b>TEE_ObjectHandle</b> of the object.
* @param offset Indicates the number of bytes to move the data position. It cannot exceed 4096 bytes.
* @param whence Indicates the start position in the data stream to calculate the new position.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_OVERFLOW</b> if the position indicator resulting from this operation
* is greater than <b>TEE_DATA_MAX_POSIT</b>.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SeekObjectData(TEE_ObjectHandle object, int32_t offset, TEE_Whence whence);
/**
* @brief Synchronizes the opened <b>TEE_ObjectHandle</b> and the corresponding security attribute file to the disk.
*
* @param object Indicates the <b>TEE_ObjectHandle</b> of the object.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_SyncPersistentObject(TEE_ObjectHandle object);
/**
* @brief Changes the object identifier.
*
* The <b>TEE_ObjectHandle</b> must have been opened with the <b>TEE_DATA_FLAG_ACCESS_WRITE_META</b> permission.
*
* @param object Indicates the handle of the target object.
* @param newObjectID Indicates the pointer to the new object identifier.
* @param newObjectIDLen Indicates the length of the new object identifier.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_RenamePersistentObject(TEE_ObjectHandle object, void *newObjectID, size_t newObjectIDLen);
/**
* @brief Allocates a handle on an uninitialized object enumerator.
*
* @param obj_enumerator Indicates the pointer to the handle of the newly created object enumerator.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_OUT_OF_MEMORY</b> if the memory is not sufficient to complete the operation.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_AllocatePersistentObjectEnumerator(TEE_ObjectEnumHandle *obj_enumerator);
/**
* @brief Releases all resources associated with an object enumerator handle.
*
* After this function is called, the object handle is no longer valid and all resources associated with
* the object enumerator handle will be reclaimed.
* <b>TEE_FreePersistentObjectEnumerator</b> and <b>TEE_AllocatePersistentObjectEnumerator</b>are used in pairs.
*
* @param obj_enumerator Indicates the <b>TEE_ObjectEnumHandle</b> to release.
*
* @since 12
* @version 1.0
*/
void TEE_FreePersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator);
/**
* @brief Resets an object enumerator handle to its initial state after allocation.
*
* @param obj_enumerator Indicates the <b>TEE_ObjectEnumHandle</b> of the object enumerator to reset.
*
* @since 12
* @version 1.0
*/
void TEE_ResetPersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator);
/**
* @brief Starts the enumeration of all the objects in the given trusted storage.
*
* The object information can be obtained by using <b>TEE_GetNextPersistentObject</b>.
*
* @param obj_enumerator Indicates the <b>TEE_ObjectEnumHandle</b> of the object enumerator.
* @param storage_id Indicates the storage, in which the objects are enumerated.
* The value is specified by <b>Object_Storage_Constants</b>.
* Currently, only <b>TEE_STORAGE_PRIVATE</b> is supported.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ITEM_NOT_FOUND</b> if <b>storageID</b> is not <b>TEE_STORAGE_PRIVATE</b>
* or there is no object in the specified storage.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_StartPersistentObjectEnumerator(TEE_ObjectEnumHandle obj_enumerator, uint32_t storage_id);
/**
* @brief Obtains the next object in the object enumerator.
*
* Information such as <b>TEE_ObjectInfo</b>, <b>objectID</b>, and <b>objectIDLen</b> will be obtained.
*
* @param obj_enumerator Indicates the <b>TEE_ObjectEnumHandle</b> of the object enumerator.
* @param object_info Indicates the pointer to the obtained<b>TEE_ObjectInfo</b>.
* @param object_id Indicates the pointer to the buffer used to store the obtained <b>objectID</b>.
* @param object_id_len Indicates the pointer to the <b>objectIDLen</b>.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ITEM_NOT_FOUND</b> if the object enumerator has no element
* or the enumerator has not been initialized.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_GetNextPersistentObject(TEE_ObjectEnumHandle obj_enumerator,
TEE_ObjectInfo *object_info, void *object_id, size_t *object_id_len);
/**
* @brief Closes a <b>TEE_ObjectHandle</b> and deletes the object.
*
* The object must be a persistent object, and the object handle must have been opened with
* the <b>TEE_DATA_FLAG_ACCESS_WRITE_META</b> permission.
*
* @param object Indicates the object handle to close.
*
* @return Returns <b>TEE_SUCCESS</b> if the operation is successful.
* Returns <b>TEE_ERROR_STORAGE_NOT_AVAILABLE</b> if the object is stored
* in a storage area that is inaccessible currently.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_CloseAndDeletePersistentObject1(TEE_ObjectHandle object);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

454
tee/include/tee_tui_gp_api.h Normal file
View File

@ -0,0 +1,454 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TASK_TUI_GP_API_H
#define TASK_TUI_GP_API_H
/**
* @addtogroup TeeTrusted
* @{
*
* @brief TEE(Trusted Excution Environment) API.
* Provides security capability APIs such as trusted storage, encryption and decryption,
* and trusted time for trusted application development.
*
* @since 12
*/
/**
* @file tee_tui_gp_api.h
*
* @brief Provides APIs for operating big integers.
*
* @library NA
* @kit TEE Kit
* @syscap SystemCapability.Tee.TeeClient
* @since 12
* @version 1.0
*/
#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
#include <tee_defines.h>
#ifdef __cplusplus
extern "C" {
#endif
#define TEE_TUI_NUMBER_BUTTON_TYPES 0x00000006
#define TEE_STORAGE_PRIVATE 0x00000001
#define DEFAULT_MAX_ENTRY_FIELDS 3
#define TUI_EXIT 8
/**
* @brief Enumerates the modes supported when displaying characters within an input entry field.
*
* @since 12
*/
typedef enum {
/** Never visible, displayed as '*'. */
TEE_TUI_HIDDEN_MODE = 0,
/** Always visible. */
TEE_TUI_CLEAR_MODE,
/** Visible then hidden. */
TEE_TUI_TEMPORARY_CLEAR_MODE
} TEE_TUIEntryFieldMode;
/**
* @brief Enumerates the input types supported of the TUI entry field.
*
* @since 12
*/
typedef enum {
/** When the field accepts only digits as inputs. */
TEE_TUI_NUMERICAL = 0,
/** When the field accepts characters and digits as inputs. */
TEE_TUI_ALPHANUMERICAL,
} TEE_TUIEntryFieldType;
/**
* @brief Enumerates the TUI screen orientation.
* @attention Currently {@code TEE_TUI_LANDSCAPE} is not supported.
*
* @since 12
*/
typedef enum {
/** Displayed as a portrait, i.e. vertically. */
TEE_TUI_PORTRAIT = 0,
/** Displayed as a landscape, i.e. horizontally. */
TEE_TUI_LANDSCAPE,
} TEE_TUIScreenOrientation;
/**
* @brief Enumerates the types of the button.
*
* @since 12
*/
typedef enum {
/** Used to delete the previous input digit. */
TEE_TUI_CORRECTION = 0,
/** Exits the interface. */
TEE_TUI_OK,
/** Cancels the operation and exits the interface. */
TEE_TUI_CANCEL,
/** Used to trigger PIN verifcation and exit the interface.*/
TEE_TUI_VALIDATE,
/** Exit the current interface and ask the TA to display the previous interface. */
TEE_TUI_PREVIOUS,
/** Exit the current interface and ask the TA to display the next interface. */
TEE_TUI_NEXT,
} TEE_TUIButtonType;
/**
* @brief Enumerates source of the uesd image.
*
* @since 12
*/
typedef enum {
/** No picture provided in the input. */
TEE_TUI_NO_SOURCE = 0,
/** The picture provided as a memory pointer. */
TEE_TUI_REF_SOURCE,
/** The picture provided by an object in the secure storage. */
TEE_TUI_OBJECT_SOURCE,
/** The picture provided as a file. */
TEE_TUI_FILE_SOURCE = 0x8001
} TEE_TUIImageSource;
/**
* @brief Represents the image in PNG format.
*
* @since 12
*/
typedef struct {
TEE_TUIImageSource source;
struct {
void *image;
size_t imageLength;
} ref;
struct {
uint32_t storageID;
void *objectID;
size_t objectIDLen;
} object;
/** Represents the number of pixels of the width of the image. */
uint32_t width;
/** Represents the number of pixels of the height of the image. */
uint32_t height;
} TEE_TUIImage;
/**
* @brief Enumerates the GP color index.
*
* @since 12
*/
enum gp_color_idx {
/** Red color index. */
RED_IDX = 0,
/** Green color index. */
GREEN_IDX = 1,
/** Blue color index. */
BLUE_IDX = 2,
/** RGB color index. */
RGB_COLOR_IDX = 3,
};
/**
* @brief Represents the label for TA branding/message, generally on the top of screen.
*
* @since 12
*/
typedef struct {
/** It's the string to put in the label area, which can be NULL. */
char *text;
/** X-coordinate of the upper left corner of the text information. */
uint32_t textXOffset;
/** Y-coordinate of the upper left corner of the text information. */
uint32_t textYOffset;
/** RGB color used for displaying the text information. */
uint8_t textColor[RGB_COLOR_IDX];
/** The image is placed in the label area. */
TEE_TUIImage image;
/** X-coordinate of the upper left corner of the image to be displayed. */
uint32_t imageXOffset;
/** Y-coordinate of the upper left corner of the image to be displayed. */
uint32_t imageYOffset;
} TEE_TUIScreenLabel;
/**
* @brief Represents the content displayed on a button.
*
* @since 12
*/
typedef struct {
/** It's the string to associate with the button, which can be NULL. */
char *text;
/** The image to associate with the button. */
TEE_TUIImage image;
} TEE_TUIButton;
/**
* @brief Represents the configuration about the TUI screen.
*
* @since 12
*/
typedef struct {
/** The requested screen orientation. */
TEE_TUIScreenOrientation screenOrientation;
/** The specifies label of the screen.*/
TEE_TUIScreenLabel label;
/** Customizes the buttons compared to the default. */
TEE_TUIButton *buttons[TEE_TUI_NUMBER_BUTTON_TYPES];
/** Specifes which buttons to be displayed. */
bool requestedButtons[TEE_TUI_NUMBER_BUTTON_TYPES];
} TEE_TUIScreenConfiguration;
/**
* @brief Represents the information about a TUI screen button.
* @attention The {@code buttonTextCustom} and {@code buttonImageCustom} cannot be set to true at the same time.
*
* @since 12
*/
typedef struct {
/** Defaut label value of the button text. If the value is NULL means the parameter is unavailable. */
const char *buttonText;
/** The pixel width of the button.
* If the text or image on the button cannot be customized, the value is <b>0</b>.
*/
uint32_t buttonWidth;
/** The pixel height of the button.
* If the text or image on the button cannot be customized, the value is <b>0</b>.
*/
uint32_t buttonHeight;
/** If the text on the button cannot be customized, the value is true. */
bool buttonTextCustom;
/** If the image on the button cannot be customized, the value is true. */
bool buttonImageCustom;
} TEE_TUIScreenButtonInfo;
/**
* @brief Represents the information displayed on the TUI.
*
* @since 12
*/
typedef struct {
/** Available grayscale. */
uint32_t grayscaleBitsDepth;
/** Available red depth level. */
uint32_t redBitsDepth;
/** Available green depth level. */
uint32_t greenBitsDepth;
/** Available blue depth level. */
uint32_t blueBitsDepth;
/** Indicates the number of pixels per inch in the width direction. */
uint32_t widthInch;
/** Indicates the number of pixels per inch in the height direction. */
uint32_t heightInch;
/** Indicates the maximum number of entries that can be displayed on the TUI. */
uint32_t maxEntryFields;
/** Indicates the pixel width of the input region label. */
uint32_t entryFieldLabelWidth;
/** Indicates the pixel height of the input region label. */
uint32_t entryFieldLabelHeight;
/** Indicates the maximum number of characters that can be entered in the entry field. */
uint32_t maxEntryFieldLength;
/** RGB value of the default label canvas. */
uint8_t labelColor[RGB_COLOR_IDX];
/** Indicates the pixel width of the label canvas. */
uint32_t labelWidth;
/** Indicates the pixel height of the label canvas. */
uint32_t labelHeight;
/** Indicates the information of the buttons on the interface. */
TEE_TUIScreenButtonInfo buttonInfo[TEE_TUI_NUMBER_BUTTON_TYPES];
} TEE_TUIScreenInfo;
/**
* @brief Represents the information in an entry field that requires user input.
*
* @since 12
*/
typedef struct {
/** Indicates the label of the entry field. */
char *label;
/** Indicates the mode used to display characters. */
TEE_TUIEntryFieldMode mode;
/** Indicates the type of the characters can be entered in the entry field. */
TEE_TUIEntryFieldType type;
/** The minimum number of characters to be entered. */
uint32_t minExpectedLength;
/** The maximum number of characters to be entered. */
uint32_t maxExpectedLength;
/** Contains the content entered by user. */
char *buffer;
/** Indicates the length of the buffer. */
size_t bufferLength;
} TEE_TUIEntryField;
/**
* @brief Initializing the TUI resources.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
* Returns {@code TEE_ERROR_NOT_SUPPORTED} if the device is not support TUI.
* Returns {@code TEE_ERROR_BUSY} if the TUI resources cannot be reserved.
* Returns {@code TEE_ERROR_OUT_OF_MEMORY} if the system ran out of the resources.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_TUIInitSession(void);
/**
* @brief Releases TUI resources previously acquired.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_STATE} if the current TA is not within a TUI session initially
* started by a successful call to {@code TEE_TUIInitSession}.
* Returns {@code TEE_ERROR_BUSY} if the TUI resources currently are in use.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_TUICloseSession(void);
/**
* @brief Allows a TA to check whether a given text can be rendered by the current implementation and
* retrieves information about the size and width that is needed to render it.
*
* @param text Indicates the string to be checked.
* @param width Indicates the width in pixels needed to render the text.
* @param height Indicates the height in pixels needed to render the text.
* @param last_index Indicates the last character that has been checked
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_NOT_SUPPORTED} if at least one of the characters present
* in the text string cannot be rendered.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_TUICheckTextFormat(const char *text, uint32_t *width, uint32_t *height, uint32_t *last_index);
/**
* @brief Retrieves information about the screen depending on its orientation and
* the number of required entry fields.
*
* @param screenOrientation Defines for which orientation screen information is requested.
* @param nbEntryFields Indicates the number of the requested entry fields.
* @param screenInfo Indicates the information on the requested screen for a given orientation.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_NOT_SUPPORTED} if the number of entry fields is not supported.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_TUIGetScreenInfo(TEE_TUIScreenOrientation screenOrientation,
uint32_t nbEntryFields,
TEE_TUIScreenInfo *screenInfo);
/**
* @brief Display a TUI screen.
*
* @param screenConfiguration Indicates the configuration of the labels and optional buttons on the display interface.
* @param closeTUISession If the value is true, the TUI session will automatically closed when exiting the function.
* @param entryFields Indicates the information of entry field.
* @param entryFieldCount Indicates the count of the entry fields.
* @param selectedButton Indicates which button has been selected by the user to exit the TUI screen.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_OUT_OF_MEMORY} if the system ran out of the resources.
* Returns {@code TEE_ERROR_ITEM_NOT_FOUND} if at least one image provided by the TA refers to a storage
* denoted by a storageID which dose not exist or if the corresponding object identifier cannot be found in the storage.
* Returns {@code TEE_ERROR_ACCESS_CONFLICT} if at least one image provided by the TA refers to a data
* object in the trusted storage and an access right conflict was detected while opening the object.
* Returns {@code TEE_ERROR_BAD_FORMAT} if at least one input image is not compliant with PNG format.
* Returns {@code TEE_ERROR_BAD_STATE} if the current TA is not within a TUI session
* initially started by a successful call to {@code TEE_TUIInitSession}.
* Returns {@code TEE_ERROR_BUSY} if the TUI resources are currently in use, i.e. a TUI screen is displayed.
* Returns {@code TEE_ERROR_CANCEL} if the operation has been cancelled while a TUI screen is currently
* displayed.
* Returns {@code TEE_ERROR_EXTERNAL_CANCEL} if the operation has been cancelled by an external event which
* occurred in the REE while a TUI screen is currently displayed.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_TUIDisplayScreen(TEE_TUIScreenConfiguration *screenConfiguration,
bool closeTUISession,
TEE_TUIEntryField *entryFields,
uint32_t entryFieldCount,
TEE_TUIButtonType *selectedButton);
/**
* @brief Fringerprint identification port.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_NOT_SUPPORTED} if the device is not support TUI.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_TUINotify_fp(void);
/**
* @brief Set the Chinese character encoding. The system supports UTF-8 by default.
*
* @param type Indicates the encoding type. The value 1 indicates GBK. Other values are not supported.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_NOT_SUPPORTED} if the device is not support this function.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_TUISetInfo(int32_t type);
/**
* @brief Send message to TUI.
*
* @param type Indicates the messages send to the TUI. Only support {@code TUI_EXIT}.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_BAD_PARAMETERS} if input parameter is incorrect.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_TUISendEvent(int32_t type);
/**
* @brief Setting the TUI background image.
*
* @param label Configure the background image information in the label variable.
* The image must be a PNG image in array format.
* @param len Indicates the label size.
*
* @return Returns {@code TEE_SUCCESS} if the operation is successful.
* Returns {@code TEE_ERROR_GENERIC} if input parameter is incorrect.
* Returns {@code TEE_ERROR_ACCESS_DENIED} if the permission verification failed.
*
* @since 12
* @version 1.0
*/
TEE_Result TEE_TUISetLabel(TEE_TUIScreenLabel *label, uint32_t len);
#ifdef __cplusplus
}
#endif
/** @} */
#endif

11
tee/libteec.ndk.json Normal file
View File

@ -0,0 +1,11 @@
[
{ "name": "TEEC_InitializeContext" },
{ "name": "TEEC_FinalizeContext" },
{ "name": "TEEC_OpenSession" },
{ "name": "TEEC_CloseSession" },
{ "name": "TEEC_InvokeCommand" },
{ "name": "TEEC_RegisterSharedMemory" },
{ "name": "TEEC_AllocateSharedMemory" },
{ "name": "TEEC_ReleaseSharedMemory" },
{ "name": "TEEC_RequestCancellation" }
]