41 #ifndef __OTE_NVCRYPTO_H
42 #define __OTE_NVCRYPTO_H
52 #define CRYPTO_SERVICE_SANITY_CHECK 0
53 #define CRYPTO_SERVICE_GET_KEYBOX 1
54 #define CRYPTO_SERVICE_GET_STORAGE_KEY 2
55 #define CRYPTO_SERVICE_GET_ROLLBACK_KEY 3
56 #define CRYPTO_SERVICE_GET_RO_TRUST_KEY 4
57 #define CRYPTO_SERVICE_GET_WV_SIG_RSA_KEY 5
58 #define CRYPTO_SERVICE_GET_GS_SIG_KEY 6
59 #define CRYPTO_SERVICE_GET_VUDU_PLATFORM_KEY 7
60 #define CRYPTO_SERVICE_GET_HWRANDOM 8
61 #define CRYPTO_SERVICE_GET_EKS2_MAC_KEY 9U
62 #define CRYPTO_SERVICE_INSTALL_EKS2_KEYS 10U
63 #define CRYPTO_SERVICE_GET_WIDEVINE_KEY 11U
64 #define CRYPTO_SERVICE_GET_KEYBOX_ATTRIBUTE 12U
67 #define CRYPTO_SERVICE_GET_STORAGE_MASTER_KEY CRYPTO_SERVICE_GET_STORAGE_KEY // for compatibility
68 #define CRYPTO_SERVICE_GET_RANDOM_NUMBER CRYPTO_SERVICE_GET_HWRANDOM
69 #define CRYPTO_SERVICE_DERIVE_KEY 0x80
70 #define CRYPTO_SERVICE_UPDATE_SE_KEYSLOT 0x81
71 #define CRYPTO_SERVICE_RSA_RAW_PRIVATE_ENCRYPT 0x82
72 #define CRYPTO_SERVICE_DO_CRYPT_FUNCTIONS 0x83
73 #define CRYPTO_SERVICE_GET_EFS_MASTER_KEY 0x84
75 #define CRYPTO_SERVICE_REQUEST_SE_KEYSLOT 0x85
76 #define CRYPTO_SERVICE_RELEASE_SE_KEYSLOT 0x86
80 #define KEYSLOT_TYPE_AES 0
81 #define KEYSLOT_TYPE_RSA 1
200 #define MAX_HWRANDOM_SIZE 4096
257 const uint32_t src_buf_len, uint8_t *dest);
278 uint32_t access_control,
const uint32_t *pData, uint32_t pData_len);
297 uint8_t *pri_key,uint32_t pri_key_len, uint32_t *data_in,
298 uint32_t data_in_len, uint8_t* signedData, uint32_t signed_data_len);
317 uint32_t algo, uint32_t mode,
318 uint8_t *inbuf,uint32_t inbuf_len,
319 uint8_t *iv,uint32_t iv_len,
320 uint8_t *key,uint32_t key_len,
321 uint8_t *outbuf,uint32_t *outbuf_len);
te_error_t ote_nvcrypto_get_ro_trust_key(uint8_t *key, uint32_t key_size)
Gets the key derived from the root of trust.
te_error_t ote_nvcrypto_get_rollback_key(uint8_t *key, uint32_t key_size)
Gets the rollback key.
te_error_t ote_nvcrypto_get_gs_key(uint8_t *key, uint32_t *key_size)
Gets the vrr auth key.
te_error_t ote_nvcrypto_get_random(uint8_t *buf, uint32_t buf_len)
Gets SE HW random number generated data.
te_error_t ote_nvcrypto_get_storage_key(uint8_t *key, uint32_t key_size)
Gets the storage key.
te_error_t ote_nvcrypto_rsa_raw_private_encrypt(uint8_t *pri_key, uint32_t pri_key_len, uint32_t *data_in, uint32_t data_in_len, uint8_t *signedData, uint32_t signed_data_len)
Interface sign a data blob with a RSA key with no data padding.
NVIDIA Trusted Little Kernel Interface: Error Handling
te_error_t ote_nvcrypto_init(void)
Initializes and opens an nvcrypto service session.
te_error_t ote_nvcrypto_do_crypt_functions(uint32_t algo, uint32_t mode, uint8_t *inbuf, uint32_t inbuf_len, uint8_t *iv, uint32_t iv_len, uint8_t *key, uint32_t key_len, uint8_t *outbuf, uint32_t *outbuf_len)
Interface for crypto operations such as AES, SHA, and RSA using openssl library.
te_error_t ote_nvcrypto_get_wv_rsa_sig_key(uint8_t *key, uint32_t *key_size)
Gets the wv rsa sig key.
te_error_t ote_nvcrypto_get_key(uint8_t *key, uint32_t key_size, uint32_t key_type)
Gets the storage/rollback key.
te_error_t ote_nvcrypto_install_eks2_keys(const uint8_t *buf, uint32_t buf_len, uint32_t num_keys)
Installs EKS2 keys in NVCrypto key slots.
te_error_t ote_nvcrypto_deinit(void)
Closes an nvcrypto service session.
te_error_t ote_nvcrypto_update_se_keyslot(uint32_t KeySlotType, uint32_t KeySlotIdx, uint32_t access_control, const uint32_t *pData, uint32_t pData_len)
Updates the HW security engine AES/RSA keyslots with an input Key.
te_error_t ote_nvcrypto_get_eks2_mac_key(uint8_t *key, uint32_t *key_size)
Gets the EKS2 mac key, which is used to validate integrity of the EKS2 blob coming from the non-secur...
te_error_t ote_nvcrypto_get_keybox_size(uint32_t keybox_lookup_index, keystore_lookup_type lookup_type, uint32_t *len)
Gets the size of the key box provisioned in the EKS partition.
te_error_t ote_nvcrypto_get_widevine_key(uint8_t *key, uint32_t key_size)
Gets the Widevine Device Unique key.
te_error_t
Defines Open Trusted Environment (OTE) error codes.
te_error_t ote_nvcrypto_derive_key(const uint8_t *src_buffer, const uint32_t src_buf_len, uint8_t *dest)
Generates a unique encryption key by performing crypto operations on the src_buffer a predefined init...
te_error_t ote_nvcrypto_get_keybox(uint32_t keybox_lookup_index, keystore_lookup_type lookup_type, void *buf, uint32_t *len)
Gets the key box provisioned in the EKS partition.