# APIs

The security APIs offer the ability to interface with the Linux kernel
and the device hardware. They also facilitate various software services
that can be executed in a trusted execution environment.

## User space APIs

The user space APIs are the functions that the Linux OS accesses to
interact with the kernel.

This feature is available to licensed developers with authorized access.
If you have access, see [User space APIs](https://docs.qualcomm.com/bundle/resource/topics/80-70017-11A/user-space-apis.html).

## Interfaces exposed for PKCS#11

See [Cryptographic Token Interface Usage Guide](http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.html)
and [Cryptographic Token Interface Base Specification](http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html).

## Kernel APIs

The kernel APIs are the functions that allow the Qualcomm Linux software
to interact with the device hardware.

**Crypto APIs**

The `qcrypto.ko` driver is on the device at
`/lib/modules/<version>/kernel/drivers/crypto/qce`. Both kernel-level and
user-level APIs can access the crypto engine. For the APIs, see the
kernel crypto documentation at
[https://www.kernel.org/doc/Documentation/crypto/](https://www.kernel.org/doc/Documentation/crypto/).

The following cryptographic algorithms are supported:

- RFC 4309 (CCCM (AES))
- CCM (AES)
- Authenc (HMAC (SHA-256), CBC (AES))
- Authenc (HMAC (SHA-256), CBC (DES3\_EDE))
- Authenc (HMAC (SHA-256), CBC (DES))
- Authenc (HMAC (SHA-1), CBC (DES3\_EDE))
- Authenc (HMAC (SHA-1), CBC (DES))
- HMAC (SHA-256)
- HMAC (SHA-1)
- SHA-256
- SHA-1
- CBC (DES3\_EDE)
- ECB (DES3\_EDE)
- CBC (DES)
- ECB (DES)
- XTS (AES)
- CTR (AES)
- CBC (AES)
- ECB (AES)

For more information on the Qualcomm crypto core,
see [Cryptography](https://docs.qualcomm.com/bundle/publicresource/topics/80-70017-11/crypto-core.html).

For more information, see [Crypto
API](https://www.kernel.org/doc/html/v6.6/crypto/index.html).

**Hardware random generator APIs**

Qualcomm Linux supports a true random number generator using the
`qcom-rng` Linux driver. The random number generated from `qcom-rng`
uses Kernel crypto for the random number generator API.

In the user space, a random number can be accessed at `/dev/hwrng`.
For more information on the hardware random number generator, see the
kernel documentation at `https://www.kernel.org/doc/Documentation/hw_random.txt`.

For PRNG APIs,
see [Pseudo-random number generator APIs](https://docs.qualcomm.com/bundle/resource/topics/80-70017-11A/prng-apis.html). This feature is available to licensed developers with authorized access.

## Qualcomm TEE APIs

Qualcomm TEE provides a collection of APIs that offer services to secure
applications. These services include heap management, logging, secure
file system access, listener interactions, and cryptography and hashing
functions.

This feature is available to licensed developers with authorized access.
If you have access, see [Qualcomm Linux Security Guide - Addendum → Qualcomm TEE APIs](https://docs.qualcomm.com/bundle/resource/topics/80-70017-11A/trusted-execution-environment-apis.html).

Last Published: Jan 30, 2025

[Previous Topic
Architecture](https://docs.qualcomm.com/bundle/publicresource/80-70017-11/topics/architecture.md) [Next Topic
Develop](https://docs.qualcomm.com/bundle/publicresource/80-70017-11/topics/develop_lru.md)