Candidate API list for Global Platform like RISC-V TEE. More...

#include "tee-common.h"

Include dependency graph for tee-ta-internal.h:

This graph shows which files directly or indirectly include this file:

Functions
void	__attribute__ ((noreturn)) TEE_Panic(unsigned long code)

void	TEE_GetREETime (TEE_Time *time)
	Core Functions, Time Functions. More...

void	TEE_GetSystemTime (TEE_Time *time)
	Core Functions, Time Functions. More...

TEE_Result	GetRelTimeStart (uint64_t start)
	Core Functions, Time Functions. More...

TEE_Result	GetRelTimeEnd (uint64_t end)
	Core Functions, Time Functions. More...

TEE_Result	TEE_CreatePersistentObject (uint32_t storageID, const void objectID, uint32_t objectIDLen, uint32_t flags, TEE_ObjectHandle attributes, const void initialData, uint32_t initialDataLen, TEE_ObjectHandle *object)
	Core Functions, Secure Storage Functions (data is isolated for each TA) More...

TEE_Result	TEE_OpenPersistentObject (uint32_t storageID, const void objectID, uint32_t objectIDLen, uint32_t flags, TEE_ObjectHandle object)
	Core Functions, Secure Storage Functions (data is isolated for each TA) More...

TEE_Result	TEE_GetObjectInfo1 (TEE_ObjectHandle object, TEE_ObjectInfo *objectInfo)
	Core Functions, Secure Storage Functions (data is isolated for each TA) More...

TEE_Result	TEE_WriteObjectData (TEE_ObjectHandle object, const void *buffer, uint32_t size)
	Core Functions, Secure Storage Functions (data is isolated for each TA) More...

TEE_Result	TEE_ReadObjectData (TEE_ObjectHandle object, void buffer, uint32_t size, uint32_t count)
	Core Functions, Secure Storage Functions (data is isolated for each TA) More...

void	TEE_CloseObject (TEE_ObjectHandle object)
	Core Functions, Secure Storage Functions (data is isolated for each TA) More...

void	TEE_GenerateRandom (void *randomBuffer, uint32_t randomBufferLen)
	Crypto, common. More...

TEE_Result	TEE_AllocateOperation (TEE_OperationHandle *operation, uint32_t algorithm, uint32_t mode, uint32_t maxKeySize)
	Crypto, for all Crypto Functions. More...

void	TEE_FreeOperation (TEE_OperationHandle operation)
	Crypto, for all Crypto Functions. More...

void	TEE_DigestUpdate (TEE_OperationHandle operation, const void *chunk, uint32_t chunkSize)
	Crypto, Message Digest Functions. More...

TEE_Result	TEE_DigestDoFinal (TEE_OperationHandle operation, const void chunk, uint32_t chunkLen, void hash, uint32_t *hashLen)

TEE_Result	TEE_SetOperationKey (TEE_OperationHandle operation, TEE_ObjectHandle key)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

TEE_Result	TEE_AEInit (TEE_OperationHandle operation, const void *nonce, uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, uint32_t payloadLen)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

TEE_Result	TEE_AEUpdate (TEE_OperationHandle operation, const void srcData, uint32_t srcLen, void destData, uint32_t *destLen)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

void	TEE_AEUpdateAAD (TEE_OperationHandle operation, const void *AADdata, uint32_t AADdataLen)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

TEE_Result	TEE_AEEncryptFinal (TEE_OperationHandle operation, const void srcData, uint32_t srcLen, void destData, uint32_t destLen, void tag, uint32_t *tagLen)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

TEE_Result	TEE_AEDecryptFinal (TEE_OperationHandle operation, const void srcData, uint32_t srcLen, void destData, uint32_t destLen, void tag, uint32_t tagLen)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

void	TEE_CipherInit (TEE_OperationHandle operation, const void *nonce, uint32_t nonceLen)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

TEE_Result	TEE_CipherUpdate (TEE_OperationHandle operation, const void srcData, uint32_t srcLen, void destData, uint32_t *destLen)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

TEE_Result	TEE_GenerateKey (TEE_ObjectHandle object, uint32_t keySize, const TEE_Attribute *params, uint32_t paramCount)
	Crypto, Asymmetric key Verification Functions. More...

TEE_Result	TEE_AllocateTransientObject (TEE_ObjectType objectType, uint32_t maxKeySize, TEE_ObjectHandle *object)
	Crypto, Asymmetric key Verification Functions. More...

void	TEE_InitRefAttribute (TEE_Attribute attr, uint32_t attributeID, const void buffer, uint32_t length)
	Crypto, Asymmetric key Verification Functions. More...

void	TEE_InitValueAttribute (TEE_Attribute *attr, uint32_t attributeID, uint32_t a, uint32_t b)
	Crypto, Asymmetric key Verification Functions. More...

void	TEE_FreeTransientObject (TEE_ObjectHandle object)
	Crypto, Asymmetric key Verification Functions. More...

TEE_Result	TEE_AsymmetricSignDigest (TEE_OperationHandle operation, const TEE_Attribute params, uint32_t paramCount, const void digest, uint32_t digestLen, void signature, uint32_t signatureLen)
	Crypto, Asymmetric key Verification Functions. More...

TEE_Result	TEE_AsymmetricVerifyDigest (TEE_OperationHandle operation, const TEE_Attribute params, uint32_t paramCount, const void digest, uint32_t digestLen, const void *signature, uint32_t signatureLen)
	Crypto, Asymmetric key Verification Functions. More...

Detailed Description

Candidate API list for Global Platform like RISC-V TEE.

draft RISC-V Internal TEE API

Author: Akira Tsukamoto, AIST

Date: 2019/09/25

Function Documentation

◆ attribute()

void __attribute__ ( (noreturn) )

TEE_Panic() - Raises a panic in the Trusted Application instance.

When a Trusted Application calls the TEE_Panic function, the current instance shall be destroyed and all the resources opened by the instance shall be reclaimed. All sessions opened from the panicking instance on another TA shall be gracefully closed and all cryptographic objects and operations shall be closed properly.

Parameters

code	An informative panic code defined by the TA.

Returns: panic code will be returned.

TEE_Panic() - Raises a Panic in the Trusted Application instance

When a Trusted Application calls the TEE_Panic function, the current instance shall be destroyed and all the resources opened by the instance shall be reclaimed.

Parameters

ec	An informative panic code defined by the TA. May be displayed in traces if traces are available.

◆ GetRelTimeEnd()

TEE_Result GetRelTimeEnd ( uint64_t end )

Core Functions, Time Functions.

Return the elapsed.

GetRelTimeEnd() - finds the real time of the end timing.

This function prints the ending time.

Parameters

end	End timing

Returns: 0 If success

GetRelTimeStart() - find the real time of the end timing.

This function prints the End timing.

Parameters

end	End timing

Returns: 0 if success else error occured

◆ GetRelTimeStart()

TEE_Result GetRelTimeStart ( uint64_t start )

Core Functions, Time Functions.

Fast relative Time function which guarantees no hart switch or context switch between Trusted and Untrusted sides.

Most of the time ending up writing similar functions when only measuring the relative time in usec resolution which do not require the quality of the time itself but the distance of the two points.
For the usage above, the function does not have to return wall clock time.
Not prepared in both Keystone and GP.

GetRelTimeStart() - Gets the real time of the start timing.

This function prints the starting time.

Parameters

start Start timing

Returns: 0 on success

GetRelTimeStart() - Gets the real time of the start timing.

Ths function prints the start timing.

Parameters

start start timing

Returns: 0 if success else error occured.

◆ TEE_AEDecryptFinal()

TEE_Result TEE_AEDecryptFinal	(	TEE_OperationHandle	operation,
		const void *	srcData,
		uint32_t	srcLen,
		void *	destData,
		uint32_t *	destLen,
		void *	tag,
		uint32_t	tagLen
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

Supports TEE_ALG_AES_CCM, TEE_ALG_AES_GCM.

TEE_AEDecryptFinal() - Processes data that has not been processed by previous calls to TEE_AEUpdate as well as data supplied in srcData.

This function completes the AE operation and compares the computed tag with the tag supplied in the parameter tag .The operation handle can be reused or newly initialized.The buffers srcData and destData shall be either completely disjoint or equal in their starting positions.The operation may be in either initial or active state and enters initial state afterwards.

Parameters

operation	Handle of a running AE operation
srcData	Reference to final chunk of input data to be encrypted
srcLen	length of the input data
destData	Output buffer. Can be omitted if the output is to be discarded.
destLen	length of the buffer.
tag	Output buffer filled with the computed tag
tagLen	length of the tag.

Returns: 0 on success.; TEE_ERROR_SHORT_BUFFER If the output buffer is not large enough to contain the output; TEE_ERROR_MAC_INVALID If the computed tag does not match the supplied tag

◆ TEE_AEEncryptFinal()

TEE_Result TEE_AEEncryptFinal	(	TEE_OperationHandle	operation,
		const void *	srcData,
		uint32_t	srcLen,
		void *	destData,
		uint32_t *	destLen,
		void *	tag,
		uint32_t *	tagLen
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

Supports TEE_ALG_AES_CCM, TEE_ALG_AES_GCM.

TEE_AEEncryptFinal() - processes data that has not been processed by previous calls to TEE_AEUpdate as well as data supplied in srcData .

TEE_AEEncryptFinal completes the AE operation and computes the tag. The operation handle can be reused or newly initialized. The buffers srcData and destData SHALL be either completely disjoint or equal in their starting positions.The operation may be in either initial or active state and enters initial state afterwards.

Parameters

operation	Handle of a running AE operation
srcData	Reference to final chunk of input data to be encrypted
srcLen	length of the input data
destData	Output buffer. Can be omitted if the output is to be discarded.
destLen	length of the buffer.
tag	Output buffer filled with the computed tag
tagLen	length of the tag.

Returns: 0 on success.; TEE_ERROR_SHORT_BUFFER If the output or tag buffer is not large enoughto contain the output.

◆ TEE_AEInit()

TEE_Result TEE_AEInit	(	TEE_OperationHandle	operation,
		const void *	nonce,
		uint32_t	nonceLen,
		uint32_t	tagLen,
		uint32_t	AADLen,
		uint32_t	payloadLen
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

Supports TEE_ALG_AES_CCM, TEE_ALG_AES_GCM.

TEE_AEInit() - Initializes an Authentication Encryption operation.

The operation must be in initial state and remains in the initial state afterwards.

Parameters

operation	A handle on the operation.
nonce	The operation nonce or IV
nonceLen	length of nonce
tagLen	Size in bits of the tag
AADLen	Length in bytes of the AAD
payloadLen	Length in bytes of the payload.

Returns: 0 on success.; TEE_ERROR_NOT_SUPPORTED If the tag length is not supported by the algorithm.

◆ TEE_AEUpdate()

TEE_Result TEE_AEUpdate	(	TEE_OperationHandle	operation,
		const void *	srcData,
		uint32_t	srcLen,
		void *	destData,
		uint32_t *	destLen
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

Supports TEE_ALG_AES_CCM, TEE_ALG_AES_GCM.

TEE_AEUpdate() - Accumulates data for an Authentication Encryption operation

This function describes Input data does not have to be a multiple of block size. Subsequent calls to this function are possible. Unless one or more calls of this function have supplied sufficient input data,no output is generated. when using this routine to decrypt the returned data may be corrupt since the integrity check is not performed until all the data has been processed. If this is a concern then only use the TEE_AEDecryptFinal routine.

Parameters

operation	Handle of a running AE operation.
srcData	Input data buffer to be encrypted or decrypted
srcLen	length of the input buffer.
destData	Output buffer
destLen	length of the out put buffer.

Returns: 0 on success.; TEE_ERROR_SHORT_BUFFER if the output buffer is not large enough to contain the output.

◆ TEE_AEUpdateAAD()

void TEE_AEUpdateAAD	(	TEE_OperationHandle	operation,
		const void *	AADdata,
		uint32_t	AADdataLen
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

Supports TEE_ALG_AES_CCM, TEE_ALG_AES_GCM.

TEE_AEUpdateAAD() - Feeds a new chunk of Additional Authentication Data (AAD) to the AE operation. Subsequent calls to this function are possible.

The TEE_AEUpdateAAD function feeds a new chunk of Additional Authentication Data (AAD) to the AE operation. Subsequent calls to this function are possible.The buffers srcData and destData shall be either completely disjoint or equal in their starting positions.The operation SHALL be in initial state and remains in initial state afterwards.

Parameters

operation	Handle on the AE operation
AADdata	Input buffer containing the chunk of AAD
AADdataLen	length of the chunk of AAD.

◆ TEE_AllocateOperation()

TEE_Result TEE_AllocateOperation	(	TEE_OperationHandle *	operation,
		uint32_t	algorithm,
		uint32_t	mode,
		uint32_t	maxKeySize
	)

Crypto, for all Crypto Functions.

All Crypto Functions use TEE_OperationHandle* operation instances.
Create Crypto instance.

TEE_AllocateOperation() - Allocates a handle for a new cryptographic operation and sets the mode and algorithm type.

If this function does not return with TEE_SUCCESS then there is no valid handle value.Once a cryptographic operation has been created, the implementation shall guarantee that all resources necessary for the operation are allocated and that any operation with a key of at most maxKeySize bits can be performed. For algorithms that take multiple keys, for example the AES XTS algorithm, the maxKeySize parameter specifies the size of the largest key. It is up to the implementation to properly allocate space for multiple keys if the algorithm so requires.

Parameters

operation	reference to generated operation handle.
algorithm	One of the cipher algorithms.
mode	The operation mode.
maxKeySize	Maximum key size in bits for the operation.

Returns: 0 in case of success; TEE_ERROR_OUT_OF_MEMORY If there are not enough resources to allocate the operation.; TEE_ERROR_NOT_SUPPORTED If the mode is not compatible with the algorithm or key size or if the algorithm is not one of the listed algorithms or if maxKeySize is not appropriate for the algorithm.

◆ TEE_AllocateTransientObject()

TEE_Result TEE_AllocateTransientObject	(	TEE_ObjectType	objectType,
		uint32_t	maxKeySize,
		TEE_ObjectHandle *	object
	)

Crypto, Asymmetric key Verification Functions.

Create object storing asymmetric key.

TEE_AllocateTransientObject() - Allocates an uninitialized transient object. Transient objects are used to hold a cryptographic object (key or key-pair).

The value TEE_KEYSIZE_NO_KEY should be used for maxObjectSize for object types that do not require a key so that all the container resources can be pre-allocated. As allocated, the container is uninitialized. It can be initialized by subsequently importing the object material,generating an object, deriving an object, or loading an object from the Trusted Storage.

Parameters

objectType	Type of uninitialized object container to be created
maxKeySize	Key Size of the object.
object	Filled with a handle on the newly created key container.

Returns: 0 on success; TEE_ERROR_OUT_OF_MEMORY If not enough resources are available to allocate the object handle.; TEE_ERROR_NOT_SUPPORTED If the key size is not supported or the object
type is not supported.

◆ TEE_AsymmetricSignDigest()

TEE_Result TEE_AsymmetricSignDigest	(	TEE_OperationHandle	operation,
		const TEE_Attribute *	params,
		uint32_t	paramCount,
		const void *	digest,
		uint32_t	digestLen,
		void *	signature,
		uint32_t *	signatureLen
	)

Crypto, Asymmetric key Verification Functions.

Sign a message digest within an asymmetric key operation.
Keystone has ed25519_sign().
Equivalent in openssl is EVP_DigestSign().

TEE_AsymmetricSignDigest() - Signs a message digest within an asymmetric operation.

Parameters

operation	Handle on the operation, which SHALL have been suitably set up with an operation key.
params	Optional operation parameters
paramCount	size of param
digest	Input buffer containing the input message digest
digestLen	length of input buffer.
signature	Output buffer written with the signature of the digest
signatureLen	length of output buffer.

Returns: 0 on sccess; TEE_ERROR_SHORT_BUFFER If the signature buffer is not large enough to hold the result

◆ TEE_AsymmetricVerifyDigest()

TEE_Result TEE_AsymmetricVerifyDigest	(	TEE_OperationHandle	operation,
		const TEE_Attribute *	params,
		uint32_t	paramCount,
		const void *	digest,
		uint32_t	digestLen,
		const void *	signature,
		uint32_t	signatureLen
	)

Crypto, Asymmetric key Verification Functions.

Verifies a message digest signature within an asymmetric key operation.
Keystone has ed25519_verify().
Equivalent in openssl is EVP_DigestVerify().

TEE_AsymmetricVerifyDigest() - verifies a message digest signature within an asymmetric operation.

This function describes the message digest signature verify by calling ed25519_verify().

Parameters

operation	Handle on the operation, which SHALL have been suitably set up with an operation key.
params	Optional operation parameters
paramCount	size of param.
digest	Input buffer containing the input message digest
digestLen	length of input buffer.
signature	Output buffer written with the signature of the digest
signatureLen	length of output buffer.

Returns: TEE_SUCCESS on success; TEE_ERROR_SIGNATURE_INVALID if the signature is invalid.

◆ TEE_CipherInit()

void TEE_CipherInit	(	TEE_OperationHandle	operation,
		const void *	nonce,
		uint32_t	nonceLen
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

Supports TEE_ALG_AES_CBC.

TEE_CipherInit() - starts the symmetric cipher operation.

The operation shall have been associated with a key. If the operation is in active state, it is reset and then initialized. If the operation is in initial state, it is moved to active state.

Parameters

operation	A handle on an opened cipher operation setup with a key
nonce	Buffer containing the operation Initialization Vector as appropriate.
nonceLen	length of the buffer

◆ TEE_CipherUpdate()

TEE_Result TEE_CipherUpdate	(	TEE_OperationHandle	operation,
		const void *	srcData,
		uint32_t	srcLen,
		void *	destData,
		uint32_t *	destLen
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

Supports TEE_ALG_AES_CBC.

TEE_CipherUpdate() - encrypts or decrypts input data.

Input data does not have to be a multiple of block size. Subsequent calls to this function are possible. Unless one or more calls of this function have supplied sufficient input data, no output is generated. The cipher operation is finalized with a call to TEE_CipherDoFinal .The buffers srcData and destData SHALL be either completely disjoint or equal in their starting positions.The operation SHALL be in active state.

Parameters

operation	Handle of a running Cipher operation
srcData	Input data buffer to be encrypted or decrypted
srcLen	length of input buffer
destData	output buffer
destLen	ouput buffer length.

Returns: 0 on success else; TEE_ERROR_SHORT_BUFFER If the output buffer is not large enough to contain the output. In this case, the input is not fed into the algorithm.

◆ TEE_CloseObject()

void TEE_CloseObject ( TEE_ObjectHandle object )

Core Functions, Secure Storage Functions (data is isolated for each TA)

Destroy object (key, key-pair or Data).

TEE_CloseObject() - Closes an opened object handle.

The object can be persistent or transient.For transient objects, TEE_CloseObject is equivalent to TEE_FreeTransientObject.

Parameters

object Handle of the object.

Returns: TEE_SUCCESS if success else error occured.

TEE_CloseObject() - Function closes an opened object handle.

The object can be persistent or transient.For transient objects, TEE_CloseObject is equivalent to TEE_FreeTransientObject.

Parameters

object Handle of the object

Returns: TEE_SUCCESS if success else error occured.

◆ TEE_CreatePersistentObject()

TEE_Result TEE_CreatePersistentObject	(	uint32_t	storageID,
		const void *	objectID,
		uint32_t	objectIDLen,
		uint32_t	flags,
		TEE_ObjectHandle	attributes,
		const void *	initialData,
		uint32_t	initialDataLen,
		TEE_ObjectHandle *	object
	)

Core Functions, Secure Storage Functions (data is isolated for each TA)

Create persistent object (key, key-pair or Data).
For the people who have not written code on GP then probably do not need to care the meaning of what is Persistent Object is, since the following are enough to use secure storage feature.

TEE_CreatePersistentObject() - Creates a persistent object with initial attributes.

In this function an initial data stream content returns either a handle on the created object or TEE_HANDLE_NULL upon failure.

Parameters

storageID	The storage to use.
objectID	The object identifier
objectIDLen	The object identifier
flags	The flags which determine the settings under which the object is opened.
attributes	A handle on a persistent object or an initialized transient object from which to take the persistent object attributes
initialData	The initial data content of the persistent object
initialDataLen	The initial data content of the persistent object
object	A pointer to the handle which contains the opened handle upon successful completion

Returns: 0 if success else error occured.

TEE_CreatePersistentObject() - Creates a persistent object with initial attributes.

An initial data stream content, and optionally returns either a handle on the created object, or TEE_HANDLE_NULL upon failure.

Parameters

storageID	The storage to use.
objectID	The object identifier
objectIDLen	The object identifier
flags	The flags which determine the settings under which the object is opened.
attributes	A handle on a persistent object or an initialized transient object from which to take the persistent object attributes
initialData	The initial data content of the persistent object
initialDataLen	The initial data content of the persistent object
object	A pointer to the handle, which contains the opened handle upon successful completion

Returns: 0 if success, else error occured.

◆ TEE_DigestDoFinal()

TEE_Result TEE_DigestDoFinal	(	TEE_OperationHandle	operation,
		const void *	chunk,
		uint32_t	chunkLen,
		void *	hash,
		uint32_t *	hashLen
	)

Function accumulates message data for hashing.

TEE_DigestDoFinal() - Finalizes the message digest operation and produces the message hash.

This function finalizes the message digest operation and produces the message hash. Afterwards the Message Digest operation is reset to initial state and can be reused.

Parameters

operation	Handle of a running Message Digest operation.
chunk	Chunk of data to be hashed.
chunkLen	size of the chunk.
hash	Output buffer filled with the message hash.
hashLen	lenth of the mesaage hash.

Returns: 0 on success; TEE_ERROR_SHORT_BUFFER If the output buffer is too small. In this case, the operation is not finalized.

◆ TEE_DigestUpdate()

void TEE_DigestUpdate	(	TEE_OperationHandle	operation,
		const void *	chunk,
		uint32_t	chunkSize
	)

Crypto, Message Digest Functions.

Function accumulates message data for hashing.

TEE_DigestUpdate()- Accumulates message data for hashing.

This function describes the message does not have to be block aligned. Subsequent calls to this function are possible.The operation may be in either initial or active state and becomes active.

Parameters

operation	Handle of a running Message Digest operation.
chunk	Chunk of data to be hashed
chunkSize	size of the chunk.

◆ TEE_FreeOperation()

void TEE_FreeOperation ( TEE_OperationHandle operation )

Crypto, for all Crypto Functions.

All Crypto Functions use TEE_OperationHandle* operation instances.
Destroy Crypto instance.

TEE_FreeOperation() - Deallocates all resources associated with an operation handle.

This function deallocates all resources associated with an operation handle. After this function is called, the operation handle is no longer valid. All cryptographic material in the operation is destroyed. The function does nothing if operation is TEE_HANDLE_NULL.

Parameters

operation Reference to operation handle.

Returns: nothing after the operation free.

◆ TEE_FreeTransientObject()

void TEE_FreeTransientObject ( TEE_ObjectHandle object )

Crypto, Asymmetric key Verification Functions.

Destroy object storing asymmetric key.

TEE_FreeTransientObject() - Deallocates a transient object previously allocated with TEE_AllocateTransientObject .

this function describes the object handle is no longer valid and all resources associated with the transient object shall have been reclaimed after the TEE_AllocateTransientObject() call.

Parameters

object Handle on the object to free.

◆ TEE_GenerateKey()

TEE_Result TEE_GenerateKey	(	TEE_ObjectHandle	object,
		uint32_t	keySize,
		const TEE_Attribute *	params,
		uint32_t	paramCount
	)

Crypto, Asymmetric key Verification Functions.

Generate asymmetric keypair.

TEE_GenerateKey () - Generates a random key or a key-pair and populates a transient key object with the generated key material.

The size of the desired key is passed in the keySize parameter and shall be less than or equal to the maximum key size specified when the transient object was created.

Parameters

object	Handle on an uninitialized transient key to populate with the generated key.
keySize	Requested key size shall be less than or equal to the maximum key size specified when the object container was created
params	Parameters for the key generation.
paramCount	The values of all parameters are copied nto the object so that the params array and all the memory buffers it points to may be freed after this routine returns without affecting the object.

Returns: 0 on succes; TEE_ERROR_BAD_PARAMETERS If an incorrect or inconsistent attribute is detected. The checks that are performed depend on the implementation.

◆ TEE_GenerateRandom()

void TEE_GenerateRandom	(	void *	randomBuffer,
		uint32_t	randomBufferLen
	)

Crypto, common.

Random Data Generation Function. The quality of the random is implementation dependent.
I am not sure this should be in Keystone or not, but it is very handy.
Good to have adding a way to check the quality of the random implementation.

TEE_GenerateRandom() - Generates random data.

This function generates random data of random buffer length and is stored in to random Buffer by calling wc_RNG_GenerateBlock().If ret is not equal
to 0 then TEE_Panic is called.

Parameters

randomBuffer	Reference to generated random data
randomBufferLen	Byte length of requested random data

Returns: random data random data will be returned.

TEE_GenerateRandom() - Generates random data.

This function generates random data of random bufferlength and is stored in to randomBuffer by calling sgx_read_rand().

Parameters

randomBuffer	Reference to generated random data
randomBufferLen	Byte length of requested random data

◆ TEE_GetObjectInfo1()

TEE_Result TEE_GetObjectInfo1	(	TEE_ObjectHandle	object,
		TEE_ObjectInfo *	objectInfo
	)

Core Functions, Secure Storage Functions (data is isolated for each TA)

Get length of object required before reading the object.

TEE_GetObjectInfo1() - Returns the characteristics of an object.

This function returns a handle which can be used to access the object’s attributes and data stream.

Parameters

objectInfo	Pointer to a structure filled with the object information
object	Handle of the object

Returns: 0 if success else error occured.

TEE_GetObjectInfo1() - Function returns the characteristics of an object.

It returns a handle that can be used to access the object’s attributes and data stream.

Parameters

objectInfo	Pointer to a structure filled with the object information
object	Handle of the object

Returns: 0 if success else error occured.

◆ TEE_GetREETime()

void TEE_GetREETime ( TEE_Time * time )

Core Functions, Time Functions.

Wall clock time of host OS, expressed in the number of seconds since 1970-01-01 UTC.
This could be implemented on Keystone using ocall.

TEE_GetREETime() - Retrieves the current REE system time.

This function retrieves the current time as seen from the point of view of
the REE.

Parameters

time	Filled with the number of seconds and milliseconds

TEE_GetREETime() - Function retrieves the current REE system time.

This function retrieves the current time as seen from the point of view of the REE.

Parameters

time	Filled with the number of seconds and milliseconds.

◆ TEE_GetSystemTime()

void TEE_GetSystemTime ( TEE_Time * time )

Core Functions, Time Functions.

Time of TEE-controlled secure timer or Host OS time, implementation dependent.

TEE_GetSystemTime() - Retrieves the current system time.

This function describes the system time has an arbitrary implementation
defined origin that can vary across TA instances. The minimum guarantee
is that the system time shall be monotonic for a given TA instance.

Parameters

time	Filled with the number of seconds and milliseconds

TEE_GetSystemTime() - Retrieves the current system time.

The system time has an arbitrary implementation-defined origin that can vary across TA instances

Parameters

time	Filled with the number of seconds and milliseconds.

◆ TEE_InitRefAttribute()

void TEE_InitRefAttribute	(	TEE_Attribute *	attr,
		uint32_t	attributeID,
		const void *	buffer,
		uint32_t	length
	)

Crypto, Asymmetric key Verification Functions.

Storing asymmetric key.

TEE_InitRefAttribute() - The helper function can be used to populate a single attribute either with a reference to a buffer or with integer values.

In TEE_InitRefAttribute () only the buffer pointer is copied, not the content of the buffer. This means that the attribute structure maintains a pointer back to the supplied buffer. It is the responsibility of the TA author to ensure that the contents of the buffer maintain their value until the attributes array is no longer in use.

Parameters

attr	attribute structure to initialize.
attributeID	Identifier of the attribute to populate.
buffer	input buffer that holds the content of the attribute.
length	buffer length.

◆ TEE_InitValueAttribute()

void TEE_InitValueAttribute	(	TEE_Attribute *	attr,
		uint32_t	attributeID,
		uint32_t	a,
		uint32_t	b
	)

Crypto, Asymmetric key Verification Functions.

Storing asymmetric key.

TEE_InitValueAttribute() - The helper function can be used to populate a single attribute either with a reference to a buffer or with integer values.

Parameters

attr	attribute structure to initialize.
attributeID	Identifier of the attribute to populate.
a	unsigned integer value to assign to the a member of the attribute structure.
b	unsigned integer value to assign to the b member of the attribute structure

◆ TEE_OpenPersistentObject()

TEE_Result TEE_OpenPersistentObject	(	uint32_t	storageID,
		const void *	objectID,
		uint32_t	objectIDLen,
		uint32_t	flags,
		TEE_ObjectHandle *	object
	)

Core Functions, Secure Storage Functions (data is isolated for each TA)

Open persistent object.

TEE_OpenPersistentObject() - Opens a handle on an existing persistent object.

This function returns a handle which can be used to access the object’s attributes and data stream.

Parameters

storageID	The storage to use
objectID	The object identifier
objectIDLen	The object identifier
flags	The flags which determine the settings under which the object is opened.
object	A pointer to the handle, which contains the opened handle upon successful completion

Returns: 0 if success else error occured.

TEE_OpenPersistentObject() - Opens a handle on an existing persistent object.

This function returns a handle that can be used to access the object’s attributes and data stream.

Parameters

storageID	The storage to use.
objectID	The object identifier
objectIDLen	The object identifier
flags	The flags which determine the settings under which the object is opened.
object	A pointer to the handle, which contains the opened handle upon successful completion

Returns: 0 if success, else error occured.

◆ TEE_ReadObjectData()

TEE_Result TEE_ReadObjectData	(	TEE_ObjectHandle	object,
		void *	buffer,
		uint32_t	size,
		uint32_t *	count
	)

Core Functions, Secure Storage Functions (data is isolated for each TA)

Read object.

TEE_ReadObjectData() - Attempts to read size bytes from the data stream associated with the object into the buffer pointed to by buffer.

The bytes are read starting at the position in the data stream currently stored in the object handle. The handle’s position is incremented by the number of bytes actually read. On completion of TEE_ReadObjectData sets the number of bytes actually read in the "uint32_t" pointed to by count. The value written to *count may be less than size if the number of bytes until the end-of3067 stream is less than size. It is set to 0 if the position at the start of the read operation is at or beyond the end-of-stream. These are the only cases where *count may be less than size.

Parameters

object	Handle of the object
buffer	The buffer containing the data to be written
size	The number of bytes to write
count	size of the buffer.

Returns: TEE_SUCCESS if success else error occured.

TEE_ReadObjectData() - Attempts to read size bytes from the data stream associated with the object object into the buffer pointed to by buffer.

The bytes are read starting at the position in the data stream currently stored in the object handle. The handle’s position is incremented by the number of bytes actually read. On completion TEE_ReadObjectData sets the number of bytes actually read in the uint32_t pointed to by count. The value written to *count may be less than size if the number of bytes until the end-of3067 stream is less than size. It is set to 0 if the position at the start of the read operation is at or beyond the end-of-stream. These are the only cases where *count may be less than size.

Parameters

object	Handle of the object
buffer	The buffer containing the data to be written
size	The number of bytes to write
count	size of the buffer.

Returns: TEE_SUCCESS if success, else error occured.

◆ TEE_SetOperationKey()

TEE_Result TEE_SetOperationKey	(	TEE_OperationHandle	operation,
		TEE_ObjectHandle	key
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

Set symmetric key used in operation.

TEE_SetOperationKey() - Programs the key of an operation; that is, it associates an operation with a key.

The key material is copied from the key object handle into the operation. After the key has been set, there is no longer any link between the operation and the key object. The object handle can be closed or reset and this will not affect the operation. This copied material exists until the operation is freed using TEE_FreeOperation or another key is set into the operation.

Parameters

operation	Operation handle.
key	A handle on a key object.

Returns: 0 on success return; TEE_ERROR_CORRUPT_OBJECT If the object is corrupt. The object handle is closed.; TEE_ERROR_STORAGE_NOT_AVAILABLE If the persistent object is stored in a storage area which is currently inaccessible.

◆ TEE_WriteObjectData()

TEE_Result TEE_WriteObjectData	(	TEE_ObjectHandle	object,
		const void *	buffer,
		uint32_t	size
	)

Core Functions, Secure Storage Functions (data is isolated for each TA)

Write object.

TEE_WriteObjectData() - Writes the buffer data in to persistent objects.

In this function it checks if object is present or not, the encryption/ decryption buffer is taken by calling mbedtls_aes_crypt_cbc() then that buffer data is encrypted and mapped to object.On the base of object creation TEE_SUCCESS appears else TEE_ERROR_GENERIC appears.

Parameters

object	Handle of the object
buffer	The buffer containing the data to be written
size	The number of bytes to write

Returns: TEE_SUCCESS if success else error occured.

TEE_WriteObjectData() - writes size bytes from the buffer pointed to by buffer to the data stream associated with the open object handle object.

If the current data position points before the end-of-stream, then size bytes are written to the data stream, overwriting bytes starting at the current data position. If the current data position points beyond the stream’s end, then the data stream is first extended with zero bytes until the length indicated by the data position indicator is reached, and then size bytes are written to the stream.

Parameters

object	Handle of the object
buffer	The buffer containing the data to be written
size	The number of bytes to write

Returns: TEE_SUCCESS if success else error occured.

Functions

Detailed Description

Function Documentation

◆ __attribute__()

◆ GetRelTimeEnd()

◆ GetRelTimeStart()

◆ TEE_AEDecryptFinal()

◆ TEE_AEEncryptFinal()

◆ TEE_AEInit()

◆ TEE_AEUpdate()

◆ TEE_AEUpdateAAD()

◆ TEE_AllocateOperation()

◆ TEE_AllocateTransientObject()

◆ TEE_AsymmetricSignDigest()

◆ TEE_AsymmetricVerifyDigest()

◆ TEE_CipherInit()

◆ TEE_CipherUpdate()

◆ TEE_CloseObject()

◆ TEE_CreatePersistentObject()

◆ TEE_DigestDoFinal()

◆ TEE_DigestUpdate()

◆ TEE_FreeOperation()

◆ TEE_FreeTransientObject()

◆ TEE_GenerateKey()

◆ TEE_GenerateRandom()

◆ TEE_GetObjectInfo1()

◆ TEE_GetREETime()

◆ TEE_GetSystemTime()

◆ TEE_InitRefAttribute()

◆ TEE_InitValueAttribute()

◆ TEE_OpenPersistentObject()

◆ TEE_ReadObjectData()

◆ TEE_SetOperationKey()

◆ TEE_WriteObjectData()

◆ attribute()