#ifndef __VK_CONSTANTS_H__ #define __VK_CONSTANTS_H__ #define VK_TA_API_LEVEL 1 /* * ============================================================ * Vault Command (Unsigned int) * ============================================================ */ /* COMMAND TYPE OF CLIENT */ #define VK_CMD_MIN 0x00000C01 #define VK_CMD_REGISTERED 0x00000C01 #define VK_CMD_CHECK_INITIALIZED 0x00000C02 #define VK_CMD_INITIALIZE 0x00000C03 #define VK_CMD_VAULT_DESTROY 0x00000C04 #define VK_CMD_READ_UNSHELTERED 0x00000C05 #define VK_CMD_READ_SHELTERED 0x00000C06 #define VK_CMD_WRITE_UNSHELTERED 0x00000C07 #define VK_CMD_WRITE_SHELTERED 0x00000C08 #define VK_CMD_ENCRYPT_MSG 0x00000C09 #define VK_CMD_VERIFY_CERT 0x00000C10 #define VK_CMD_MIGRATION 0x00000C11 #define VK_CMD_CHECK_MIGRATION 0x00000C12 #define VK_CMD_READ_SBOX 0x00000C13 #define VK_CMD_SENSITIVE_NONCE 0x00000C14 #define VK_CMD_SENSITIVE_WB 0x00000C15 #define VK_CMD_SENSITIVE_EMTOKEN 0x00000C16 #define VK_CMD_SENSITIVE_AID 0x00000C17 #define VK_CMD_SENSITIVE_BIN_TYPE 0x00000C18 #define VK_CMD_SENSITIVE_COMMERCIAL_DEVICE 0x00000C19 #define VK_CMD_SENSITIVE_FIRST_API_LEVEL 0x00000C1A #define VK_CMD_SENSITIVE_CUSTOM_KERNEL 0x00000C1B #define VK_CMD_SENSITIVE_VK_API_LEVEL 0x00000C1C #define VK_CMD_SENSITIVE_WRAPPED_AID 0x00000C1E #define VK_CMD_CHECK_DATA_WRITABLE 0x00000C1F #define VK_CMD_GENERATE_HOTP_CODE 0x00000C20 #define VK_CMD_MAX 0x00000C20 #define BL_CMD_READ_RMM_STATE 0x0000BC01 #define BL_CMD_READ_KG_STATE 0x0000BC02 #define BL_CMD_READ_AID 0x0000BC03 #define BL_CMD_READ_FMM 0x0000BC04 /* PROTOCOL TYPE OF CLIENT */ #define CMD_PROTOCOL_VK 0xC0DE0001 #define CMD_PROTOCOL_BL 0xC0DE0003 /* * ============================================================ * Sensitive Item Type (Unsigned int) * ============================================================ */ #define SENSITIVE_TYPE_BASE 0x00000C13 // (VK_CMD_READ_SBOX) #define SENSITIVE_TYPE_MIN 0x00000001 #define SENSITIVE_TYPE_NONCE 0x00000001 #define SENSITIVE_TYPE_WB 0x00000002 #define SENSITIVE_TYPE_EMT 0x00000003 #define SENSITIVE_TYPE_AID 0x00000004 #define SENSITIVE_TYPE_BIN_TYPE 0x00000005 #define SENSITIVE_TYPE_COMMERCIAL_DEVICE 0x00000006 #define SENSITIVE_TYPE_FIRST_API_LEVEL 0x00000007 #define SENSITIVE_TYPE_CUSTOM_KERNEL 0x00000008 #define SENSITIVE_TYPE_VK_API_LEVEL 0x00000009 #define SENSITIVE_TYPE_ALL 0x0000000A #define SENSITIVE_TYPE_WRAPPED_AID 0x0000000B #define SENSITIVE_TYPE_MAX 0x0000000B #define VK_TYPE_READ_BASE 0x00000C04 // (VK_CMD_READ_UNSHELTERED - 1) #define VK_TYPE_WRITE_BASE 0x00000C06 // (VK_CMD_WRITE_UNSHELTERED - 1) #define VK_TYPE_UNSHELTERED 0x00000001 #define VK_TYPE_SHELTERED 0x00000002 /* * ============================================================ * Common Constants * ============================================================ */ #define VAULT_SINGLE_BLOCK_LEN 256 // Vault Structure #define UNSHELTERED_ENTRY 0 #define UNSHELTERED_DATA_OFFSET 0 #define MAX_UNSHELTERED_DATA_LEN 32 #define SHELTERED_VAULT_DATA_LEN_OFFSET (UNSHELTERED_DATA_OFFSET + MAX_UNSHELTERED_DATA_LEN) #define SHELTERED_VAULT_DATA_LEN_SIZE 4 #define CLIENT_CODE_OFFSET (SHELTERED_VAULT_DATA_LEN_OFFSET + SHELTERED_VAULT_DATA_LEN_SIZE) #define CLIENT_CODE_LEN 4 #define AES_IV_OFFSET (CLIENT_CODE_OFFSET + CLIENT_CODE_LEN) #define AES_IV_LEN 16 #define AES_IV_RESERVED 16 #define AES_GCM_TAG_OFFSET (AES_IV_OFFSET + AES_IV_LEN + AES_IV_RESERVED) #define AES_GCM_TAG_LEN 16 #define AES_GCM_TAG_RESERVED 16 #define UNSHELTERED_RESERVED_OFFSET (AES_GCM_TAG_OFFSET + AES_GCM_TAG_LEN + AES_GCM_TAG_RESERVED) #define UNSHELTERED_RESERVED 88 #define VAULT_META_OFFSET (UNSHELTERED_RESERVED_OFFSET + UNSHELTERED_RESERVED) #define VAULT_META_LEN 32 #define HASH_OFFSET (VAULT_META_OFFSET + VAULT_META_LEN) #define SHA256_DIGEST_LEN 32 #define HASHING_LEN (VAULT_SINGLE_BLOCK_LEN - SHA256_DIGEST_LEN) #define SHELTERED_ENTRY (HASH_OFFSET + SHA256_DIGEST_LEN) #define VAULT_KEY_OFFSET SHELTERED_ENTRY #define VAULT_KEY_LEN 32 #define VAULT_KEY2_OFFSET (VAULT_KEY_OFFSET + VAULT_KEY_LEN) #define SHELTERED_RESERVED 32 #define SHELTERED_DATA_OFFSET (VAULT_KEY_OFFSET + VAULT_KEY_LEN + VAULT_KEY_LEN + SHELTERED_RESERVED) #define VAULT_LEN_EXPECT_SHELTERED_DATA SHELTERED_DATA_OFFSET #define MAX_SHELTERED_DATA_LEN 20640 // end --- Vault Structure #define VAULT_NONCE_LEN 32 #define VAULT_CMD_LEN 4 #define VAULT_RESULT_LEN 4 #define HMAC_SHA256_LEN 32 #define VAULT_MSG_LEN 32 #define AES256_KEY_LEN 32 #define AES_BLOCK_LEN 16 #define RSA2048_SIGNATURE_LEN 256 #define MAX_ITEMS_IN_PAYLOAD 100 #define MAX_CRYPTO_CONTEXT_LEN 60 // 480bit #define MAX_CLIENT_NAME_LEN 128 #define MAX_VAULT_NAME_LEN 32 #define MAX_SERVER_CERT_LEN 2048 #define MAX_FILENAME_LEN 128 // MAX_CLIENT_MSG_LEN // Ref. VaultKeeperManager.cpp - VaultKeeperManager::initialize // KEY(32) + AUTH_MSG(20732) + Unsheltered data(32) + Server Certificate(2048) + RSA_SIG(256) + TLV-struct(10) #define MAX_CLIENT_MSG_LEN 23110 #define MAX_VAULT_LEN (82 * 256) #define MAX_VAULT_PAYLOAD_LEN (MAX_VAULT_LEN + VAULT_NONCE_LEN) #define MAX_INPUT_DATA_LEN_FOR_HMAC (MAX_UNSHELTERED_DATA_LEN + VAULT_KEY_LEN + VAULT_NONCE_LEN) #define CLIENT_MSG_LEN_SIZE 4 #define MAX_CLIENT_NONCE_NAME_LEN 30 #define BUILD_TYPE_USER 0 #define BUILD_TYPE_ENG 1 #define META_FUSE_BLOWN 0x01 #define META_FUSE_NOT_BLOWN 0x00 /* * ============================================================ * Prepare service * ============================================================ */ #define MAX_PROP_FIELD_LEN 8 #define MAX_BUILD_VER_FIELD_LEN 24 #define SHORT_BUILD_VER_LEN 3 /* * ============================================================ * Platform Property Type * ============================================================ */ #define PROP_RESULT_TRUE 0x00000001 #define PROP_RESULT_FALSE 0x00000002 #define MIN_PROP_TYPE 0x00000000 #define PROP_TYPE_FAC_BINARY 0x00000000 #define PROP_TYPE_EM_STATUS 0x00000001 #define PROP_TYPE_ENG_BINARY 0x00000002 #define PROP_TYPE_FIRST_API_LEVEL 0x00000003 #define PROP_TYPE_SDK_VERSION 0x00000004 #define PROP_TYPE_VEK_DIFF 0x00000005 // 'T' : VEK changed or 'F' #define PROP_TYPE_CUSTOM_KERNEL 0x00000006 // 'T' : Custom kernel or 'F' #define PROP_TYPE_AP_SN 0x00000007 // 'T' : AP S/N changed or 'F' #define MAX_PROP_TYPE 0x00000007 // Depend on Android API Level #define ANDROID_OS_U 33 #define ANDROID_OS_T 32 #define ANDROID_OS_S 31 #define ANDROID_OS_R 30 #define ANDROID_OS_Q 29 #define ANDROID_OS_P 28 /* * ============================================================ * RPMB * ============================================================ */ #define RPMB_TRANSFER_MLT_BLK_READ 1 #define RPMB_TRANSFER_MLT_BLK_WRITE 1 #if defined(VK_SWD_QSEE) #define RPMB_P1 201619 #define RPMB_P2 201957 #else #if (defined(VK_SWD_KINIBI) || defined(VK_SWD_TEEGRIS_V3)) && !defined(VK_SWD_MTK_RPMB) #define RPMB_P1 5 #define RPMB_P2 11 #else #define RPMB_P1 6 #ifdef VK_SWD_MTK_RPMB // MediatTek // USER ID - trustzone/common/hal/source/trustlets/rpmb/common/drv/core/rpmb_ops.c // TRANSFER_BLK - trustzone/common/hal/source/trustlets/rpmb/common/drv/public/drrpmb_Api.h // In case MTK-Kinibi, VaultKeeper uses only index 6 partition #define RPMB_P2 6 #else #define RPMB_P2 7 // reserved #endif #endif #endif #if defined(VK_RPMB_TRANSFER_MLT_BLK) #undef RPMB_TRANSFER_MLT_BLK_READ #undef RPMB_TRANSFER_MLT_BLK_WRITE #define RPMB_TRANSFER_MLT_BLK_READ 8 #define RPMB_TRANSFER_MLT_BLK_WRITE 1 #endif #define MAX_RPMB_BLK_INDEX 509 // 128Kb(a partition size)/256bytes - 2(reserved) #define RPMB_RESERVED_SECTOR_NUM 256 // 256 * 512(1 RPMB Sector) = 128 KBytes #define RPMB_SECTOR_UNIT_BYTES 512 #define VAULT_RPMB_BLOCK_UNIT 1 #define RPMB_NOT_PROVISIONED 0x00000000 #define RPMB_PROVISIONED 0x00000001 #define SECUREBOOT_DISABLED 0x00000002 // QSEE /* * ============================================================ * VaultKeeper Type (Unsigned int) * It distinguish data type in cpayload and dpayload * ============================================================ */ #define VK_PAYLOAD_BASE 0x0000 #define VK_PAYLOAD_TYPE_MIN 0x0001 #define VK_PAYLOAD_TYPE_UNSHELTERED 0x0001 #define VK_PAYLOAD_TYPE_SHELTERED 0x0002 #define VK_PAYLOAD_TYPE_PRIVATED 0x0003 #define VK_PAYLOAD_TYPE_AUTH_MSG 0x0004 #define VK_PAYLOAD_TYPE_KEY 0x0005 #define VK_PAYLOAD_TYPE_SERVER_CERT 0x0006 #define VK_PAYLOAD_TYPE_RSA_SIGNATURE 0x0007 #define VK_PAYLOAD_TYPE_HMAC 0x0008 #define VK_PAYLOAD_TYPE_MAX 0x0008 /* * ============================================================ * CP - VaultKeeper COMMAND Type (Unsigned int) * ============================================================ */ #define CP_CMD_CHECK_KEY_PROVISIONING 0xC0000000 #define CP_CMD_CHECK_KEY_PROVISIONING_ACK 0xC0000001 #define CP_CMD_KEY_PROVISIONING 0xC0000002 #define CP_CMD_KEY_PROVISIONING_ACK 0xC0000003 #define CP_CMD_READ_PREPARING 0xC0000004 #define CP_CMD_READ_PREPARING_ACK 0xC0000005 #define CP_CMD_READ_DATA 0xC0000006 #define CP_CMD_READ_DATA_ACK 0xC0000007 #define CP_CMD_WRITE_PREPARING 0xC0000008 #define CP_CMD_WRITE_PREPARING_ACK 0xC0000009 #define CP_CMD_WRITE_DATA 0xC000000A #define CP_CMD_WRITE_DATA_ACK 0xC000000B #define CP_CMD_READ_SBOX 0xC000000C #define CP_CMD_READ_SBOX_ACK 0xC000000D /* * ============================================================ * CP - VaultKeeper RPMB META TYPE (Unsigned int) * ============================================================ */ #define META_TYPE_MIN 0 #define META_VAULT_WRITTEN 0 #define META_CP_DATA_MIGRATION 1 #define META_CP_DATA_KPF 2 #define META_VAULT_USE_LEVEL2 3 #define META_TYPE_MAX 31 /* * ============================================================ * CP - VaultKeeper return Type (Unsigned int) * ============================================================ */ #define PROVISIONED 0xA0000001 #define NOT_PROVISIONED 0xA0000002 #define SUCCESS_READ 0xA0000003 #define SUCCESS_WRITE 0xA0000004 #define SUCCESS_GENERAL 0xA0000005 #define CASS_ERR_VAULTKEEPER 0xE0000001 #define ERR_READ 0xE0000002 #define ERR_WRITE 0xE0000003 #define ERR_MSG_DECRYPT 0xE0000004 #define ERR_VERIFICATION 0xE0000005 #define ERR_INVALID_ARGUMENT 0xE0000006 #define ERR_GET_NONCE 0xE0000007 #define ERR_READ_WB 0xE0000008 #define ERR_RPMB_NOT_AVAILABLE 0xE0000009 #define ERR_OUTSIDE_BOUNDARY_READ 0xE000000A #define ERR_CUSTOM_KERNEL 0xE000000B #define CASS_PAYLOAD_VER_LEN 4 #define CASS_PAYLOAD_VER_2 0x000ABC02 /* * ============================================================ * Activated ID Constants * ============================================================ */ #define AID_LEN 32 #if defined(VK_SWD_QSEE) #define SECURE_OBJECT_HEADER_LEN 120 #define FIXED_SECURE_OBJECT_AID_LEN (AID_LEN + SECURE_OBJECT_HEADER_LEN) #else #define SECURE_OBJECT_HEADER_LEN 72 #define FIXED_SECURE_OBJECT_AID_LEN (AID_LEN + SECURE_OBJECT_HEADER_LEN) #endif /* * ============================================================ * EM Token Constants * ============================================================ */ #define MAX_EMT_LEN 256 /* * ============================================================ * OTP Type * ============================================================ */ #define OTP_TYPE_WB 0x00000001 #define OTP_TYPE_CASS_KPF 0x00000002 #define OTP_TYPE_COMMERCIAL_DEVICE 0x00000003 #define OEM_FLAG_CUSTOM_KERNEL 0x000000C1 #define OEM_FLAG_NOT_CUSTOM_KERNEL 0x000000C2 /* * ============================================================ * Driver Command Type * ============================================================ */ #define MIN_DRV_CMD_TYPE 0xD0000001 #define DRV_CMD_SFR_WB 0xD0000002 #define DRV_CMD_SFR_COMMERCIAL_DEVICE 0xD0000003 #define DRV_CMD_SFR_CASS_KPF 0xD0000004 #define MAX_DRV_CMD_TYPE 0xD0000004 /* * ============================================================ * TZ Driven Item Type * ============================================================ */ #define VK_SECURE_ITEM_KEY 0x00000001 #define VK_SECURE_ITEM_IV 0x00000002 #define VK_SECURE_ITEM_NONCE 0x00000003 #define VK_SECURE_ITEM_LEGACY_FIXED_IV 0x00000004 /* * ============================================================ * etc * ============================================================ */ #define OTP_COUNT_LEN 4 #define VEK_LEN 32 #define AP_SN_LEN 12 #define MAX_ERROR_MSG_LEN 256 #define VK_ID_LEN 16 #ifdef __VK_TEST__ #define MAX_TEST_OPTION_STRING_LEN 32 #define TEST_OPTION_OFFSET 192 #endif #endif // __VK_CONSTANTS_H__