]>
Commit | Line | Data |
---|---|---|
a0098eda CB |
1 | /********************************************************************************/ |
2 | /* */ | |
3 | /* TPM Structures */ | |
4 | /* Written by Ken Goldman */ | |
5 | /* IBM Thomas J. Watson Research Center */ | |
6 | /* $Id: tpm_structures.h 4528 2011-03-29 22:16:28Z kgoldman $ */ | |
7 | /* */ | |
8 | /* (c) Copyright IBM Corporation 2006, 2010. */ | |
9 | /* */ | |
10 | /* All rights reserved. */ | |
11 | /* */ | |
12 | /* Redistribution and use in source and binary forms, with or without */ | |
13 | /* modification, are permitted provided that the following conditions are */ | |
14 | /* met: */ | |
15 | /* */ | |
16 | /* Redistributions of source code must retain the above copyright notice, */ | |
17 | /* this list of conditions and the following disclaimer. */ | |
18 | /* */ | |
19 | /* Redistributions in binary form must reproduce the above copyright */ | |
20 | /* notice, this list of conditions and the following disclaimer in the */ | |
21 | /* documentation and/or other materials provided with the distribution. */ | |
22 | /* */ | |
23 | /* Neither the names of the IBM Corporation nor the names of its */ | |
24 | /* contributors may be used to endorse or promote products derived from */ | |
25 | /* this software without specific prior written permission. */ | |
26 | /* */ | |
27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ | |
28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ | |
29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ | |
30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ | |
31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ | |
32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ | |
33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ | |
34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ | |
35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ | |
36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ | |
37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ | |
38 | /********************************************************************************/ | |
39 | ||
40 | #ifndef TPM_STRUCTURES_H | |
41 | #define TPM_STRUCTURES_H | |
42 | ||
43 | #include <limits.h> | |
44 | #include "tpm_constants.h" | |
e60c35ec | 45 | #include "tpm_memory.h" |
a0098eda CB |
46 | #include "tpm_types.h" |
47 | #include "tpm_nvram_const.h" | |
48 | ||
49 | /* Sanity check on build macros are centralized here, since any TPM will use this header */ | |
50 | ||
51 | #if !defined (TPM_POSIX) && !defined (TPM_WINDOWS) && !defined(TPM_SYSTEM_P) | |
52 | #error "Must define either TPM_POSIX or TPM_WINDOWS or TPM_SYSTEM_P" | |
53 | #endif | |
54 | ||
55 | #if defined (TPM_NV_XCRYPTO_FLASH) && defined (TPM_NV_DISK) | |
56 | #error "Cannot define TPM_NV_XCRYPTO_FLASH and TPM_NV_DISK" | |
57 | #endif | |
58 | ||
59 | #if defined (TPM_WINDOWS) && defined (TPM_UNIX_DOMAIN_SOCKET) | |
60 | #error "Cannot define TPM_WINDOWS and TPM_UNIX_DOMAIN_SOCKET" | |
61 | #endif | |
62 | ||
63 | #if defined (TPM_USE_CHARDEV) && defined (TPM_UNIX_DOMAIN_SOCKET) | |
64 | #error "Cannot define TPM_USE_CHARDEV and TPM_UNIX_DOMAIN_SOCKET" | |
65 | #endif | |
66 | ||
67 | #if defined (TPM_NV_XCRYPTO_FLASH) && defined (TPM_UNIX_DOMAIN_SOCKET) | |
68 | #error "Cannot define TPM_NV_XCRYPTO_FLASH and TPM_UNIX_DOMAIN_SOCKET" | |
69 | #endif | |
70 | ||
71 | #if defined (TPM_XCRYPTO_USE_HW) && !defined(TPM_NV_XCRYPTO_FLASH) | |
72 | #error "TPM_XCRYPTO_USE_HW requires TPM_NV_XCRYPTO_FLASH" | |
73 | #endif | |
74 | ||
75 | #if defined (TPM_VTPM) && defined (TPM_UNIX_DOMAIN_SOCKET) | |
76 | #error "Cannot define TPM_VTPM and TPM_UNIX_DOMAIN_SOCKET" | |
77 | #endif | |
78 | ||
79 | ||
80 | ||
81 | #if defined (TPM_V11) && defined (TPM_V12) | |
82 | #error "Cannot define TPM_V12 and TPM_V11" | |
83 | #endif | |
84 | ||
85 | #if !defined (TPM_V11) && !defined (TPM_V12) | |
86 | #error "Must define either TPM_V12 or TPM_V11" | |
87 | #endif | |
88 | ||
89 | #if defined (TPM_DES) && defined (TPM_AES) | |
90 | #error "Cannot define TPM_DES and TPM_AES" | |
91 | #endif | |
92 | #if !defined (TPM_DES) && !defined (TPM_AES) | |
93 | #error "Must define either TPM_DES or TPM_AES" | |
94 | #endif | |
95 | ||
96 | /* This structure is typically a cast from a subset of a larger TPM structure. Two members - a 4 | |
97 | bytes size followed by a 4 bytes pointer to the data is a common TPM structure idiom. */ | |
98 | ||
99 | typedef struct tdTPM_SIZED_BUFFER { | |
100 | uint32_t size; | |
101 | BYTE *buffer; | |
102 | } TPM_SIZED_BUFFER; | |
103 | ||
104 | /* This structure implements a safe storage buffer, used throughout the code when serializing | |
105 | structures to a stream. | |
106 | */ | |
107 | ||
108 | typedef struct tdTPM_STORE_BUFFER { | |
109 | unsigned char *buffer; /* beginning of buffer */ | |
110 | unsigned char *buffer_current; /* first empty position in buffer */ | |
111 | unsigned char *buffer_end; /* one past last valid position in buffer */ | |
112 | } TPM_STORE_BUFFER; | |
113 | ||
114 | /* 5.1 TPM_STRUCT_VER rev 100 | |
115 | ||
116 | This indicates the version of the structure or TPM. | |
117 | ||
118 | Version 1.2 deprecates the use of this structure in all other structures. The structure is not | |
119 | deprecated as many of the structures that contain this structure are not deprecated. | |
120 | */ | |
121 | ||
122 | #define TPM_MAJOR 0x01 | |
123 | ||
124 | #if defined TPM_V12 | |
125 | #define TPM_MINOR 0x02 | |
126 | #endif | |
127 | ||
128 | #if defined TPM_V11 | |
129 | #define TPM_MINOR 0x01 | |
130 | #endif | |
131 | ||
132 | typedef struct tdTPM_STRUCT_VER { | |
133 | BYTE major; /* This SHALL indicate the major version of the structure. MUST be 0x01 */ | |
134 | BYTE minor; /* This SHALL indicate the minor version of the structure. MUST be 0x01 */ | |
135 | BYTE revMajor; /* This MUST be 0x00 on output, ignored on input */ | |
136 | BYTE revMinor; /* This MUST be 0x00 on output, ignored on input */ | |
137 | } TPM_STRUCT_VER; | |
138 | ||
139 | /* 5.2 TPM_VERSION_BYTE rev 87 | |
140 | ||
141 | Allocating a byte for the version information is wasteful of space. The current allocation does | |
142 | not provide sufficient resolution to indicate completely the version of the TPM. To allow for | |
143 | backwards compatibility the size of the structure does not change from 1.1. | |
144 | ||
145 | To enable minor version, or revision, numbers with 2-digit resolution, the byte representing a | |
146 | version splits into two BDC encoded nibbles. The ordering of the low and high order provides | |
147 | backwards compatibility with existing numbering. | |
148 | ||
149 | An example of an implementation of this is; a version of 1.23 would have the value 2 in bit | |
150 | positions 3-0 and the value 3 in bit positions 7-4. | |
151 | ||
152 | TPM_VERSION_BYTE is a byte. The byte is broken up according to the following rule | |
153 | ||
154 | 7-4 leastSigVer Least significant nibble of the minor version. MUST be values within the range of | |
155 | 0000-1001 | |
156 | 3-0 mostSigVer Most significant nibble of the minor version. MUST be values within the range of | |
157 | 0000-1001 | |
158 | */ | |
159 | ||
160 | /* 5.3 TPM_VERSION rev 116 | |
161 | ||
162 | This structure provides information relative the version of the TPM. This structure should only | |
163 | be in use by TPM_GetCapability to provide the information relative to the TPM. | |
164 | */ | |
165 | ||
166 | typedef struct tdTPM_VERSION { | |
167 | TPM_VERSION_BYTE major; /* This SHALL indicate the major version of the TPM, mostSigVer MUST | |
168 | be 0x1, leastSigVer MUST be 0x0 */ | |
169 | TPM_VERSION_BYTE minor; /* This SHALL indicate the minor version of the TPM, mostSigVer MUST | |
170 | be 0x1 or 0x2, leastSigVer MUST be 0x0 */ | |
171 | BYTE revMajor; /* This SHALL be the value of the TPM_PERMANENT_DATA -> revMajor */ | |
172 | BYTE revMinor; /* This SHALL be the value of the TPM_PERMANENT_DATA -> revMinor */ | |
173 | } TPM_VERSION; | |
174 | ||
175 | /* 5.4 TPM_DIGEST rev 111 | |
176 | ||
177 | The digest value reports the result of a hash operation. | |
178 | ||
179 | In version 1 the hash algorithm is SHA-1 with a resulting hash result being 20 bytes or 160 bits. | |
180 | ||
181 | It is understood that algorithm agility is lost due to fixing the hash at 20 bytes and on | |
182 | SHA-1. The reason for fixing is due to the internal use of the digest. It is the authorization | |
183 | values, it provides the secrets for the HMAC and the size of 20 bytes determines the values that | |
184 | can be stored and encrypted. For this reason, the size is fixed and any changes to this value | |
185 | require a new version of the specification. | |
186 | ||
187 | The digestSize parameter MUST indicate the block size of the algorithm and MUST be 20 or greater. | |
188 | ||
189 | For all TPM v1 hash operations, the hash algorithm MUST be SHA-1 and the digestSize parameter is | |
190 | therefore equal to 20. | |
191 | */ | |
192 | ||
193 | #define TPM_DIGEST_SIZE 20 | |
194 | typedef BYTE TPM_DIGEST[TPM_DIGEST_SIZE]; | |
195 | ||
196 | #if 0 | |
197 | /* kgold - This was designed as a structure with one element. Changed to a simple BYTE array, like | |
198 | TPM_SECRET. */ | |
199 | typedef struct tdTPM_DIGEST { | |
200 | BYTE digest[TPM_DIGEST_SIZE]; /* This SHALL be the actual digest information */ | |
201 | } TPM_DIGEST; | |
202 | #endif | |
203 | ||
204 | /* Redefinitions */ | |
205 | ||
206 | typedef TPM_DIGEST TPM_CHOSENID_HASH; /* This SHALL be the digest of the chosen identityLabel and | |
207 | privacyCA for a new TPM identity.*/ | |
208 | ||
209 | typedef TPM_DIGEST TPM_COMPOSITE_HASH; /* This SHALL be the hash of a list of PCR indexes and PCR | |
210 | values that a key or data is bound to. */ | |
211 | ||
212 | typedef TPM_DIGEST TPM_DIRVALUE; /* This SHALL be the value of a DIR register */ | |
213 | ||
214 | typedef TPM_DIGEST TPM_HMAC; /* This shall be the output of the HMAC algorithm */ | |
215 | ||
216 | typedef TPM_DIGEST TPM_PCRVALUE; /* The value inside of the PCR */ | |
217 | ||
218 | typedef TPM_DIGEST TPM_AUDITDIGEST; /* This SHALL be the value of the current internal audit | |
219 | state */ | |
220 | ||
221 | /* 5.5 TPM_NONCE rev 99 | |
222 | ||
223 | A nonce is a random value that provides protection from replay and other attacks. Many of the | |
224 | commands and protocols in the specification require a nonce. This structure provides a consistent | |
225 | view of what a nonce is. | |
226 | */ | |
227 | ||
228 | #define TPM_NONCE_SIZE 20 | |
229 | typedef BYTE TPM_NONCE[TPM_NONCE_SIZE]; | |
230 | ||
231 | #if 0 | |
232 | /* kgold - This was designed as a structure with one element. Changed to a simple BYTE array, like | |
233 | TPM_SECRET. */ | |
234 | typedef struct tdTPM_NONCE { | |
235 | BYTE nonce[TPM_NONCE_SIZE]; /* This SHALL be the 20 bytes of random data. When created by the | |
236 | TPM the value MUST be the next 20 bytes from the RNG */ | |
237 | } TPM_NONCE; | |
238 | #endif | |
239 | ||
240 | typedef TPM_NONCE TPM_DAA_TPM_SEED; /* This SHALL be a random value generated by a TPM | |
241 | immediately after the EK is installed in that TPM, | |
242 | whenever an EK is installed in that TPM */ | |
243 | typedef TPM_NONCE TPM_DAA_CONTEXT_SEED; /* This SHALL be a random value */ | |
244 | ||
245 | /* 5.6 TPM_AUTHDATA rev 87 | |
246 | ||
247 | The authorization data is the information that is saved or passed to provide proof of ownership | |
248 | of an entity. For version 1 this area is always 20 bytes. | |
249 | */ | |
250 | ||
251 | #define TPM_AUTHDATA_SIZE 20 | |
252 | typedef BYTE TPM_AUTHDATA[TPM_AUTHDATA_SIZE]; | |
253 | ||
254 | #define TPM_SECRET_SIZE 20 | |
255 | typedef BYTE TPM_SECRET[TPM_SECRET_SIZE]; | |
256 | ||
257 | #if 0 /* kgold - define TPM_SECRET directly, so the size can be defined */ | |
258 | typedef TPM_AUTHDATA TPM_SECRET; /* A secret plain text value used in the authorization process. */ | |
259 | #endif | |
260 | ||
261 | typedef TPM_AUTHDATA TPM_ENCAUTH; /* A cipher text (encrypted) version of authorization data. The | |
262 | encryption mechanism depends on the context. */ | |
263 | ||
264 | /* 5.7 TPM_KEY_HANDLE_LIST rev 87 | |
265 | ||
266 | TPM_KEY_HANDLE_LIST is a structure used to describe the handles of all keys currently loaded into | |
267 | a TPM. | |
268 | */ | |
269 | ||
270 | #if 0 /* This is the version from the specification part 2 */ | |
271 | typedef struct tdTPM_KEY_HANDLE_LIST { | |
272 | uint16_t loaded; /* The number of keys currently loaded in the TPM. */ | |
273 | [size_is(loaded)] TPM_KEY_HANDLE handle[]; /* An array of handles, one for each key currently | |
274 | loaded in the TPM */ | |
275 | } TPM_KEY_HANDLE_LIST; | |
276 | #endif | |
277 | ||
278 | /* 5.11 TPM_CHANGEAUTH_VALIDATE rev 87 | |
279 | ||
280 | This structure provides an area that will stores the new authorization data and the challenger's | |
281 | nonce. | |
282 | */ | |
283 | ||
284 | typedef struct tdTPM_CHANGEAUTH_VALIDATE { | |
285 | TPM_SECRET newAuthSecret; /* This SHALL be the new authorization data for the target entity */ | |
286 | TPM_NONCE n1; /* This SHOULD be a nonce, to enable the caller to verify that the | |
287 | target TPM is on-line. */ | |
288 | } TPM_CHANGEAUTH_VALIDATE; | |
289 | ||
290 | ||
291 | ||
292 | /* PCR */ | |
293 | ||
294 | /* NOTE: The TPM requires and the code assumes a multiple of CHAR_BIT (8). 48 registers (6 bytes) | |
295 | may be a bad number, as it makes TPM_PCR_INFO and TPM_PCR_INFO_LONG indistinguishable in the | |
296 | first two bytes. */ | |
297 | ||
298 | #if defined TPM_V11 | |
299 | #define TPM_NUM_PCR 16 /* Use PC Client specification values */ | |
300 | #endif | |
301 | ||
302 | #if defined TPM_V12 | |
303 | #define TPM_NUM_PCR 24 /* Use PC Client specification values */ | |
304 | #endif | |
305 | ||
306 | #if (CHAR_BIT != 8) | |
307 | #error "CHAR_BIT must be 8" | |
308 | #endif | |
309 | ||
310 | #if ((TPM_NUM_PCR % 8) != 0) | |
311 | #error "TPM_NUM_PCR must be a multiple of 8" | |
312 | #endif | |
313 | ||
314 | /* 8.1 TPM_PCR_SELECTION rev 110 | |
315 | ||
316 | This structure provides a standard method of specifying a list of PCR registers. | |
317 | */ | |
318 | ||
319 | typedef struct tdTPM_PCR_SELECTION { | |
320 | uint16_t sizeOfSelect; /* The size in bytes of the pcrSelect structure */ | |
321 | BYTE pcrSelect[TPM_NUM_PCR/CHAR_BIT]; /* This SHALL be a bit map that indicates if a PCR | |
322 | is active or not */ | |
323 | } TPM_PCR_SELECTION; | |
324 | ||
325 | /* 8.2 TPM_PCR_COMPOSITE rev 97 | |
326 | ||
327 | The composite structure provides the index and value of the PCR register to be used when creating | |
328 | the value that SEALS an entity to the composite. | |
329 | */ | |
330 | ||
331 | typedef struct tdTPM_PCR_COMPOSITE { | |
332 | TPM_PCR_SELECTION select; /* This SHALL be the indication of which PCR values are active */ | |
333 | #if 0 | |
334 | uint32_t valueSize; /* This SHALL be the size of the pcrValue field (not the number of | |
335 | PCR's) */ | |
336 | TPM_PCRVALUE *pcrValue; /* This SHALL be an array of TPM_PCRVALUE structures. The values | |
337 | come in the order specified by the select parameter and are | |
338 | concatenated into a single blob */ | |
339 | #endif | |
340 | TPM_SIZED_BUFFER pcrValue; | |
341 | } TPM_PCR_COMPOSITE; | |
342 | ||
343 | /* 8.3 TPM_PCR_INFO rev 87 | |
344 | ||
345 | The TPM_PCR_INFO structure contains the information related to the wrapping of a key or the | |
346 | sealing of data, to a set of PCRs. | |
347 | */ | |
348 | ||
349 | typedef struct tdTPM_PCR_INFO { | |
350 | TPM_PCR_SELECTION pcrSelection; /* This SHALL be the selection of PCRs to which the | |
351 | data or key is bound. */ | |
352 | TPM_COMPOSITE_HASH digestAtRelease; /* This SHALL be the digest of the PCR indices and | |
353 | PCR values to verify when revealing Sealed Data | |
354 | or using a key that was wrapped to PCRs. NOTE: | |
355 | This is passed in by the host, and used as | |
356 | authorization to use the key */ | |
357 | TPM_COMPOSITE_HASH digestAtCreation; /* This SHALL be the composite digest value of the | |
358 | PCR values, at the time when the sealing is | |
359 | performed. NOTE: This is generated at key | |
360 | creation, but is just informative to the host, | |
361 | not used for authorization */ | |
362 | } TPM_PCR_INFO; | |
363 | ||
364 | /* 8.6 TPM_LOCALITY_SELECTION rev 87 | |
365 | ||
366 | When used with localityAtCreation only one bit is set and it corresponds to the locality of the | |
367 | command creating the structure. | |
368 | ||
369 | When used with localityAtRelease the bits indicate which localities CAN perform the release. | |
370 | */ | |
371 | ||
372 | typedef BYTE TPM_LOCALITY_SELECTION; | |
373 | ||
374 | #define TPM_LOC_FOUR 0x10 /* Locality 4 */ | |
375 | #define TPM_LOC_THREE 0x08 /* Locality 3 */ | |
376 | #define TPM_LOC_TWO 0x04 /* Locality 2 */ | |
377 | #define TPM_LOC_ONE 0x02 /* Locality 1 */ | |
378 | #define TPM_LOC_ZERO 0x01 /* Locality 0. This is the same as the legacy interface. */ | |
379 | ||
380 | #define TPM_LOC_ALL 0x1f /* kgold - added all localities */ | |
381 | #define TPM_LOC_MAX 4 /* kgold - maximum value for TPM_MODIFIER_INDICATOR */ | |
382 | ||
383 | ||
384 | /* 8.4 TPM_PCR_INFO_LONG rev 109 | |
385 | ||
386 | The TPM_PCR_INFO structure contains the information related to the wrapping of a key or the | |
387 | sealing of data, to a set of PCRs. | |
388 | ||
389 | The LONG version includes information necessary to properly define the configuration that creates | |
390 | the blob using the PCR selection. | |
391 | */ | |
392 | ||
393 | typedef struct tdTPM_PCR_INFO_LONG { | |
394 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
395 | TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_PCR_INFO_LONG */ | |
396 | #endif | |
397 | TPM_LOCALITY_SELECTION localityAtCreation; /* This SHALL be the locality modifier of the | |
398 | function that creates the PCR info structure */ | |
399 | TPM_LOCALITY_SELECTION localityAtRelease; /* This SHALL be the locality modifier required to | |
400 | reveal Sealed Data or use a key that was wrapped | |
401 | to PCRs */ | |
402 | TPM_PCR_SELECTION creationPCRSelection; /* This SHALL be the selection of PCRs active when | |
403 | the blob is created */ | |
404 | TPM_PCR_SELECTION releasePCRSelection; /* This SHALL be the selection of PCRs to which the | |
405 | data or key is bound. */ | |
406 | TPM_COMPOSITE_HASH digestAtCreation; /* This SHALL be the composite digest value of the | |
407 | PCR values, at the time when the sealing is | |
408 | performed. */ | |
409 | TPM_COMPOSITE_HASH digestAtRelease; /* This SHALL be the digest of the PCR indices and | |
410 | PCR values to verify when revealing Sealed Data | |
411 | or using a key that was wrapped to PCRs. */ | |
412 | } TPM_PCR_INFO_LONG; | |
413 | ||
414 | /* 8.5 TPM_PCR_INFO_SHORT rev 87 | |
415 | ||
416 | This structure is for defining a digest at release when the only information that is necessary is | |
417 | the release configuration. | |
418 | */ | |
419 | ||
420 | typedef struct tdTPM_PCR_INFO_SHORT { | |
421 | TPM_PCR_SELECTION pcrSelection; /* This SHALL be the selection of PCRs that specifies the | |
422 | digestAtRelease */ | |
423 | TPM_LOCALITY_SELECTION localityAtRelease; /* This SHALL be the locality modifier required to | |
424 | release the information. This value must not be | |
425 | zero (0). */ | |
426 | TPM_COMPOSITE_HASH digestAtRelease; /* This SHALL be the digest of the PCR indices and | |
427 | PCR values to verify when revealing auth data */ | |
428 | } TPM_PCR_INFO_SHORT; | |
429 | ||
430 | /* 8.8 TPM_PCR_ATTRIBUTES rev 107 | |
431 | ||
432 | These attributes are available on a per PCR basis. | |
433 | ||
434 | The TPM is not required to maintain this structure internally to the TPM. | |
435 | ||
436 | When a challenger evaluates a PCR an understanding of this structure is vital to the proper | |
437 | understanding of the platform configuration. As this structure is static for all platforms of the | |
438 | same type the structure does not need to be reported with each quote. | |
439 | */ | |
440 | ||
441 | typedef struct tdTPM_PCR_ATTRIBUTES { | |
442 | TPM_BOOL pcrReset; /* A value of TRUE SHALL indicate that the PCR register can be reset | |
443 | using the TPM_PCR_RESET command. */ | |
444 | TPM_LOCALITY_SELECTION pcrExtendLocal; /* An indication of which localities can perform | |
445 | extends on the PCR. */ | |
446 | TPM_LOCALITY_SELECTION pcrResetLocal; /* An indication of which localities can reset the | |
447 | PCR */ | |
448 | } TPM_PCR_ATTRIBUTES; | |
449 | ||
450 | /* | |
451 | 9. Storage Structures | |
452 | */ | |
453 | ||
454 | /* 9.1 TPM_STORED_DATA rev 87 | |
455 | ||
456 | The definition of this structure is necessary to ensure the enforcement of security properties. | |
457 | ||
458 | This structure is in use by the TPM_Seal and TPM_Unseal commands to identify the PCR index and | |
459 | values that must be present to properly unseal the data. | |
460 | ||
461 | This structure only provides 1.1 data store and uses PCR_INFO | |
462 | ||
463 | 1. This structure is created during the TPM_Seal process. The confidential data is encrypted | |
464 | using a nonmigratable key. When the TPM_Unseal decrypts this structure the TPM_Unseal uses the | |
465 | public information in the structure to validate the current configuration and release the | |
466 | decrypted data | |
467 | ||
468 | 2. When sealInfoSize is not 0 sealInfo MUST be TPM_PCR_INFO | |
469 | */ | |
470 | ||
471 | typedef struct tdTPM_STORED_DATA { | |
472 | TPM_STRUCT_VER ver; /* This MUST be 1.1.0.0 */ | |
473 | TPM_SIZED_BUFFER sealInfo; | |
474 | #if 0 | |
475 | uint32_t sealInfoSize; /* Size of the sealInfo parameter */ | |
476 | BYTE* sealInfo; /* This SHALL be a structure of type TPM_PCR_INFO or a 0 length | |
477 | array if the data is not bound to PCRs. */ | |
478 | #endif | |
479 | TPM_SIZED_BUFFER encData; | |
480 | #if 0 | |
481 | uint32_t encDataSize; /* This SHALL be the size of the encData parameter */ | |
482 | BYTE* encData; /* This shall be an encrypted TPM_SEALED_DATA structure containing | |
483 | the confidential part of the data. */ | |
484 | #endif | |
485 | /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */ | |
486 | TPM_PCR_INFO *tpm_seal_info; | |
487 | } TPM_STORED_DATA; | |
488 | ||
489 | ||
490 | /* 9.2 TPM_STORED_DATA12 rev 101 | |
491 | ||
492 | The definition of this structure is necessary to ensure the enforcement of security properties. | |
493 | This structure is in use by the TPM_Seal and TPM_Unseal commands to identify the PCR index and | |
494 | values that must be present to properly unseal the data. | |
495 | ||
496 | 1. This structure is created during the TPM_Seal process. The confidential data is encrypted | |
497 | using a nonmigratable key. When the TPM_Unseal decrypts this structure the TPM_Unseal uses the | |
498 | public information in the structure to validate the current configuration and release the | |
499 | decrypted data. | |
500 | ||
501 | 2. If sealInfoSize is not 0 then sealInfo MUST be TPM_PCR_INFO_LONG | |
502 | */ | |
503 | ||
504 | typedef struct tdTPM_STORED_DATA12 { | |
505 | TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_STORED_DATA12 */ | |
506 | TPM_ENTITY_TYPE et; /* The type of blob */ | |
507 | TPM_SIZED_BUFFER sealInfo; | |
508 | #if 0 | |
509 | uint32_t sealInfoSize; /* Size of the sealInfo parameter */ | |
510 | BYTE* sealInfo; /* This SHALL be a structure of type TPM_PCR_INFO_LONG or a 0 length | |
511 | array if the data is not bound to PCRs. */ | |
512 | #endif | |
513 | TPM_SIZED_BUFFER encData; | |
514 | #if 0 | |
515 | uint32_t encDataSize; /* This SHALL be the size of the encData parameter */ | |
516 | BYTE* encData; /* This shall be an encrypted TPM_SEALED_DATA structure containing | |
517 | the confidential part of the data. */ | |
518 | #endif | |
519 | /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */ | |
520 | TPM_PCR_INFO_LONG *tpm_seal_info_long; | |
521 | } TPM_STORED_DATA12; | |
522 | ||
523 | /* 9.3 TPM_SEALED_DATA rev 87 | |
524 | ||
525 | This structure contains confidential information related to sealed data, including the data | |
526 | itself. | |
527 | ||
528 | 1. To tie the TPM_STORED_DATA structure to the TPM_SEALED_DATA structure this structure contains | |
529 | a digest of the containing TPM_STORED_DATA structure. | |
530 | ||
531 | 2. The digest calculation does not include the encDataSize and encData parameters. | |
532 | */ | |
533 | ||
534 | typedef struct tdTPM_SEALED_DATA { | |
535 | TPM_PAYLOAD_TYPE payload; /* This SHALL indicate the payload type of TPM_PT_SEAL */ | |
536 | TPM_SECRET authData; /* This SHALL be the authorization data for this value */ | |
537 | TPM_SECRET tpmProof; /* This SHALL be a copy of TPM_PERMANENT_FLAGS -> tpmProof */ | |
538 | TPM_DIGEST storedDigest; /* This SHALL be a digest of the TPM_STORED_DATA structure, | |
539 | excluding the fields TPM_STORED_DATA -> encDataSize and | |
540 | TPM_STORED_DATA -> encData. */ | |
541 | TPM_SIZED_BUFFER data; /* This SHALL be the data to be sealed */ | |
542 | #if 0 | |
543 | uint32_t dataSize; /* This SHALL be the size of the data parameter */ | |
544 | BYTE* data; /* This SHALL be the data to be sealed */ | |
545 | #endif | |
546 | } TPM_SEALED_DATA; | |
547 | ||
548 | ||
549 | /* 9.4 TPM_SYMMETRIC_KEY rev 87 | |
550 | ||
551 | This structure describes a symmetric key, used during the process "Collating a Request for a | |
552 | Trusted Platform Module Identity". | |
553 | */ | |
554 | ||
555 | typedef struct tdTPM_SYMMETRIC_KEY { | |
556 | TPM_ALGORITHM_ID algId; /* This SHALL be the algorithm identifier of the symmetric key. */ | |
557 | TPM_ENC_SCHEME encScheme; /* This SHALL fully identify the manner in which the key will be | |
558 | used for encryption operations. */ | |
559 | uint16_t size; /* This SHALL be the size of the data parameter in bytes */ | |
560 | BYTE* data; /* This SHALL be the symmetric key data */ | |
561 | /* NOTE Cannot make this a TPM_SIZED_BUFFER because uint16_t */ | |
562 | } TPM_SYMMETRIC_KEY; | |
563 | ||
564 | /* 9.5 TPM_BOUND_DATA rev 87 | |
565 | ||
566 | This structure is defined because it is used by a TPM_UnBind command in a consistency check. | |
567 | ||
568 | The intent of TCG is to promote "best practice" heuristics for the use of keys: a signing key | |
569 | shouldn't be used for storage, and so on. These heuristics are used because of the potential | |
570 | threats that arise when the same key is used in different ways. The heuristics minimize the | |
571 | number of ways in which a given key can be used. | |
572 | ||
573 | One such heuristic is that a key of type TPM_KEY_BIND, and no other type of key, should always be | |
574 | used to create the blob that is unwrapped by TPM_UnBind. Binding is not a TPM function, so the | |
575 | only choice is to perform a check for the correct payload type when a blob is unwrapped by a key | |
576 | of type TPM_KEY_BIND. This requires the blob to have internal structure. | |
577 | ||
578 | Even though payloadData has variable size, TPM_BOUND_DATA deliberately does not include the size | |
579 | of payloadData. This is to maximise the size of payloadData that can be encrypted when | |
580 | TPM_BOUND_DATA is encrypted in a single block. When using TPM-UnBind to obtain payloadData, the | |
581 | size of payloadData is deduced as a natural result of the (RSA) decryption process. | |
582 | ||
583 | 1. This structure MUST be used for creating data when (wrapping with a key of type TPM_KEY_BIND) | |
584 | or (wrapping using the encryption algorithm TPM_ES_RSAESOAEP_SHA1_MGF1). If it is not, the | |
585 | TPM_UnBind command will fail. | |
586 | */ | |
587 | ||
588 | typedef struct tdTPM_BOUND_DATA { | |
589 | TPM_STRUCT_VER ver; /* This MUST be 1.1.0.0 */ | |
590 | TPM_PAYLOAD_TYPE payload; /* This SHALL be the value TPM_PT_BIND */ | |
591 | uint32_t payloadDataSize; /* NOTE: added, not part of serialization */ | |
592 | BYTE *payloadData; /* The bound data */ | |
593 | } TPM_BOUND_DATA; | |
594 | ||
595 | /* | |
596 | 10. TPM_KEY Complex | |
597 | */ | |
598 | ||
599 | /* 10.1.1 TPM_RSA_KEY_PARMS rev 87 | |
600 | ||
601 | This structure describes the parameters of an RSA key. | |
602 | */ | |
603 | ||
604 | /* TPM_RSA_KEY_LENGTH_MAX restricts the maximum size of an RSA key. It has two uses: | |
605 | - bounds the size of the TPM state | |
606 | - protects against a denial of service attack where the attacker creates a very large key | |
607 | */ | |
608 | ||
609 | #ifdef TPM_RSA_KEY_LENGTH_MAX /* if the builder defines a value */ | |
610 | #if ((TPM_RSA_KEY_LENGTH_MAX % 16) != 0) | |
611 | #error "TPM_RSA_KEY_LENGTH_MAX must be a multiple of 16" | |
612 | #endif | |
613 | #if (TPM_RSA_KEY_LENGTH_MAX < 2048) | |
614 | #error "TPM_RSA_KEY_LENGTH_MAX must be at least 2048" | |
615 | #endif | |
616 | #endif /* TPM_RSA_KEY_LENGTH_MAX */ | |
617 | ||
618 | #ifndef TPM_RSA_KEY_LENGTH_MAX /* default if the builder does not define a value */ | |
619 | #define TPM_RSA_KEY_LENGTH_MAX 2048 | |
620 | #endif | |
621 | ||
622 | typedef struct tdTPM_RSA_KEY_PARMS { | |
623 | uint32_t keyLength; /* This specifies the size of the RSA key in bits */ | |
624 | uint32_t numPrimes; /* This specifies the number of prime factors used by this RSA key. */ | |
625 | #if 0 | |
626 | uint32_t exponentSize; /* This SHALL be the size of the exponent. If the key is using the | |
627 | default exponent then the exponentSize MUST be 0. */ | |
628 | BYTE *exponent; /* The public exponent of this key */ | |
629 | #endif | |
630 | TPM_SIZED_BUFFER exponent; /* The public exponent of this key */ | |
631 | ||
632 | } TPM_RSA_KEY_PARMS; | |
633 | ||
634 | ||
635 | /* 10.1 TPM_KEY_PARMS rev 87 | |
636 | ||
637 | This provides a standard mechanism to define the parameters used to generate a key pair, and to | |
638 | store the parts of a key shared between the public and private key parts. | |
639 | */ | |
640 | ||
641 | typedef struct tdTPM_KEY_PARMS { | |
642 | TPM_ALGORITHM_ID algorithmID; /* This SHALL be the key algorithm in use */ | |
643 | TPM_ENC_SCHEME encScheme; /* This SHALL be the encryption scheme that the key uses to encrypt | |
644 | information */ | |
645 | TPM_SIG_SCHEME sigScheme; /* This SHALL be the signature scheme that the key uses to perform | |
646 | digital signatures */ | |
647 | #if 0 | |
648 | uint32_t parmSize; /* This SHALL be the size of the parms field in bytes */ | |
649 | BYTE* parms; /* This SHALL be the parameter information dependent upon the key | |
650 | algorithm. */ | |
651 | #endif | |
652 | TPM_SIZED_BUFFER parms; /* This SHALL be the parameter information dependent upon the key | |
653 | algorithm. */ | |
654 | /* NOTE: kgold - Added this structure. It acts as a cache of the result of parms and parmSize | |
655 | deserialization when non-NULL. */ | |
656 | TPM_RSA_KEY_PARMS *tpm_rsa_key_parms; | |
657 | } TPM_KEY_PARMS; | |
658 | ||
659 | /* 10.1.2 TPM_SYMMETRIC_KEY_PARMS rev 87 | |
660 | ||
661 | This structure describes the parameters for symmetric algorithms | |
662 | */ | |
663 | ||
664 | typedef struct tdTPM_SYMMETRIC_KEY_PARMS { | |
665 | uint32_t keyLength; /* This SHALL indicate the length of the key in bits */ | |
666 | uint32_t blockSize; /* This SHALL indicate the block size of the algorithm*/ | |
667 | uint32_t ivSize; /* This SHALL indicate the size of the IV */ | |
668 | BYTE *IV; /* The initialization vector */ | |
669 | } TPM_SYMMETRIC_KEY_PARMS; | |
670 | ||
671 | #if 0 | |
672 | /* 10.4 TPM_STORE_PUBKEY rev 99 | |
673 | ||
674 | This structure can be used in conjunction with a corresponding TPM_KEY_PARMS to construct a | |
675 | public key which can be unambiguously used. | |
676 | */ | |
677 | ||
678 | typedef struct tdTPM_STORE_PUBKEY { | |
679 | uint32_t keyLength; /* This SHALL be the length of the key field. */ | |
680 | BYTE *key; /* This SHALL be a structure interpreted according to the algorithm Id in | |
681 | the corresponding TPM_KEY_PARMS structure. */ | |
682 | } TPM_STORE_PUBKEY; | |
683 | #endif | |
684 | ||
685 | /* 10.7 TPM_STORE_PRIVKEY rev 87 | |
686 | ||
687 | This structure can be used in conjunction with a corresponding TPM_PUBKEY to construct a private | |
688 | key which can be unambiguously used. | |
689 | */ | |
690 | ||
691 | #if 0 | |
692 | typedef struct tdTPM_STORE_PRIVKEY { | |
693 | uint32_t keyLength; /* This SHALL be the length of the key field. */ | |
694 | BYTE* key; /* This SHALL be a structure interpreted according to the algorithm Id in | |
695 | the corresponding TPM_KEY structure. */ | |
696 | } TPM_STORE_PRIVKEY; | |
697 | #endif | |
698 | ||
699 | /* NOTE: Hard coded for RSA keys. This will change if other algorithms are supported */ | |
700 | ||
701 | typedef struct tdTPM_STORE_PRIVKEY { | |
702 | TPM_SIZED_BUFFER d_key; /* private key */ | |
703 | TPM_SIZED_BUFFER p_key; /* private prime factor */ | |
704 | TPM_SIZED_BUFFER q_key; /* private prime factor */ | |
705 | } TPM_STORE_PRIVKEY; | |
706 | ||
707 | /* 10.6 TPM_STORE_ASYMKEY rev 87 | |
708 | ||
709 | The TPM_STORE_ASYMKEY structure provides the area to identify the confidential information | |
710 | related to a key. This will include the private key factors for an asymmetric key. | |
711 | ||
712 | The structure is designed so that encryption of a TPM_STORE_ASYMKEY structure containing a 2048 | |
713 | bit RSA key can be done in one operation if the encrypting key is 2048 bits. | |
714 | ||
715 | Using typical RSA notation the structure would include P, and when loading the key include the | |
716 | unencrypted P*Q which would be used to recover the Q value. | |
717 | ||
718 | To accommodate the future use of multiple prime RSA keys the specification of additional prime | |
719 | factors is an optional capability. | |
720 | ||
721 | This structure provides the basis of defining the protection of the private key. Changes in this | |
722 | structure MUST be reflected in the TPM_MIGRATE_ASYMKEY structure (section 10.8). | |
723 | */ | |
724 | ||
725 | typedef struct tdTPM_STORE_ASYMKEY { | |
726 | TPM_PAYLOAD_TYPE payload; /* This SHALL set to TPM_PT_ASYM to indicate an asymmetric | |
727 | key. If used in TPM_CMK_ConvertMigration the value SHALL | |
728 | be TPM_PT_MIGRATE_EXTERNAL. If used in TPM_CMK_CreateKey | |
729 | the value SHALL be TPM_PT_MIGRATE_RESTRICTED */ | |
730 | TPM_SECRET usageAuth; /* This SHALL be the authorization data necessary to | |
731 | authorize the use of this value */ | |
732 | TPM_SECRET migrationAuth; /* This SHALL be the migration authorization data for a | |
733 | migratable key, or the TPM secret value tpmProof for a | |
734 | non-migratable key created by the TPM. | |
735 | ||
736 | If the TPM sets this parameter to the value tpmProof, | |
737 | then the TPM_KEY.keyFlags.migratable of the corresponding | |
738 | TPM_KEY structure MUST be set to 0. | |
739 | ||
740 | If this parameter is set to the migration authorization | |
741 | data for the key in parameter PrivKey, then the | |
742 | TPM_KEY.keyFlags.migratable of the corresponding TPM_KEY | |
743 | structure SHOULD be set to 1. */ | |
744 | TPM_DIGEST pubDataDigest; /* This SHALL be the digest of the corresponding TPM_KEY | |
745 | structure, excluding the fields TPM_KEY.encSize and | |
746 | TPM_KEY.encData. | |
747 | ||
748 | When TPM_KEY -> pcrInfoSize is 0 then the digest | |
749 | calculation has no input from the pcrInfo field. The | |
750 | pcrInfoSize field MUST always be part of the digest | |
751 | calculation. | |
752 | */ | |
753 | TPM_STORE_PRIVKEY privKey; /* This SHALL be the private key data. The privKey can be a | |
754 | variable length which allows for differences in the key | |
755 | format. The maximum size of the area would be 151 | |
756 | bytes. */ | |
757 | } TPM_STORE_ASYMKEY; | |
758 | ||
759 | /* 10.8 TPM_MIGRATE_ASYMKEY rev 87 | |
760 | ||
761 | The TPM_MIGRATE_ASYMKEY structure provides the area to identify the private key factors of a | |
762 | asymmetric key while the key is migrating between TPM's. | |
763 | ||
764 | This structure provides the basis of defining the protection of the private key. | |
765 | ||
766 | k1k2 - 132 privkey.key (128 + 4) | |
767 | k1 - 20, OAEP seed | |
768 | k2 - 112, partPrivKey | |
769 | TPM_STORE_PRIVKEY 4 partPrivKey.keyLength | |
770 | 108 partPrivKey.key (128 - 20) | |
771 | */ | |
772 | ||
773 | typedef struct tdTPM_MIGRATE_ASYMKEY { | |
774 | TPM_PAYLOAD_TYPE payload; /* This SHALL set to TPM_PT_MIGRATE or TPM_PT_CMK_MIGRATE to | |
775 | indicate an migrating asymmetric key or TPM_PT_MAINT to indicate | |
776 | a maintenance key. */ | |
777 | TPM_SECRET usageAuth; /* This SHALL be a copy of the usageAuth from the TPM_STORE_ASYMKEY | |
778 | structure. */ | |
779 | TPM_DIGEST pubDataDigest; /* This SHALL be a copy of the pubDataDigest from the | |
780 | TPM_STORE_ASYMKEY structure. */ | |
781 | #if 0 | |
782 | uint32_t partPrivKeyLen; /* This SHALL be the size of the partPrivKey field */ | |
783 | BYTE *partPrivKey; /* This SHALL be the k2 area as described in TPM_CreateMigrationBlob | |
784 | */ | |
785 | #endif | |
786 | TPM_SIZED_BUFFER partPrivKey; | |
787 | } TPM_MIGRATE_ASYMKEY; | |
788 | ||
789 | /* 10.2 TPM_KEY rev 87 | |
790 | ||
791 | The TPM_KEY structure provides a mechanism to transport the entire asymmetric key pair. The | |
792 | private portion of the key is always encrypted. | |
793 | ||
794 | The reason for using a size and pointer for the PCR info structure is save space when the key is | |
795 | not bound to a PCR. The only time the information for the PCR is kept with the key is when the | |
796 | key needs PCR info. | |
797 | ||
798 | The 1.2 version has a change in the PCRInfo area. For 1.2 the structure uses the | |
799 | TPM_PCR_INFO_LONG structure to properly define the PCR registers in use. | |
800 | */ | |
801 | ||
802 | typedef struct tdTPM_KEY { | |
803 | TPM_STRUCT_VER ver; /* This MUST be 1.1.0.0 */ | |
804 | TPM_KEY_USAGE keyUsage; /* This SHALL be the TPM key usage that determines the operations | |
805 | permitted with this key */ | |
806 | TPM_KEY_FLAGS keyFlags; /* This SHALL be the indication of migration, redirection etc.*/ | |
807 | TPM_AUTH_DATA_USAGE authDataUsage; /* This SHALL Indicate the conditions where it is required | |
808 | that authorization be presented.*/ | |
809 | TPM_KEY_PARMS algorithmParms; /* This SHALL be the information regarding the algorithm for | |
810 | this key*/ | |
811 | #if 0 | |
812 | uint32_t PCRInfoSize; /* This SHALL be the length of the pcrInfo parameter. If the key is | |
813 | not bound to a PCR this value SHOULD be 0.*/ | |
814 | BYTE* PCRInfo; /* This SHALL be a structure of type TPM_PCR_INFO, or an empty array | |
815 | if the key is not bound to PCRs.*/ | |
816 | TPM_STORE_PUBKEY pubKey; /* This SHALL be the public portion of the key */ | |
817 | uint32_t encDataSize; /* This SHALL be the size of the encData parameter. */ | |
818 | BYTE* encData; /* This SHALL be an encrypted TPM_STORE_ASYMKEY structure or | |
819 | TPM_MIGRATE_ASYMKEY structure */ | |
820 | #endif | |
821 | TPM_SIZED_BUFFER pcrInfo; | |
822 | TPM_SIZED_BUFFER pubKey; | |
823 | TPM_SIZED_BUFFER encData; | |
824 | /* This SHALL be an encrypted TPM_STORE_ASYMKEY structure or TPM_MIGRATE_ASYMKEY structure */ | |
825 | /* NOTE: kgold - Added these structures, a cache of PCRInfo when not NULL */ | |
826 | TPM_PCR_INFO *tpm_pcr_info; /* for TPM_KEY */ | |
827 | TPM_PCR_INFO_LONG *tpm_pcr_info_long; /* for TPM_KEY12 */ | |
828 | /* NOTE: kgold - Added these structures. They act as a cache of the result of encData | |
829 | decryption when non-NULL. In the case of internal keys (e.g. SRK) there is no encData, so | |
830 | these structures are always non-NULL. */ | |
831 | TPM_STORE_ASYMKEY *tpm_store_asymkey; | |
832 | TPM_MIGRATE_ASYMKEY *tpm_migrate_asymkey; | |
833 | } TPM_KEY; | |
834 | ||
835 | /* 10.3 TPM_KEY12 rev 87 | |
836 | ||
837 | This provides the same functionality as TPM_KEY but uses the new PCR_INFO_LONG structures and the | |
838 | new structure tagging. In all other aspects this is the same structure. | |
839 | */ | |
840 | ||
841 | /* NOTE: The TPM_KEY12 structure is never instantiated. It is just needed for the cast of TPM_KEY | |
842 | to get the TPM_KEY12->tag member. */ | |
843 | ||
844 | typedef struct tdTPM_KEY12 { | |
845 | TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_KEY12 */ | |
846 | uint16_t fill; /* MUST be 0x0000 */ | |
847 | TPM_KEY_USAGE keyUsage; /* This SHALL be the TPM key usage that determines the operations | |
848 | permitted with this key */ | |
849 | TPM_KEY_FLAGS keyFlags; /* This SHALL be the indication of migration, redirection etc. */ | |
850 | TPM_AUTH_DATA_USAGE authDataUsage; /* This SHALL Indicate the conditions where it is required | |
851 | that authorization be presented. */ | |
852 | TPM_KEY_PARMS algorithmParms; /* This SHALL be the information regarding the algorithm for | |
853 | this key */ | |
854 | #if 0 | |
855 | uint32_t PCRInfoSize; /* This SHALL be the length of the pcrInfo parameter. If the key is | |
856 | not bound to a PCR this value SHOULD be 0. */ | |
857 | BYTE* PCRInfo; /* This SHALL be a structure of type TPM_PCR_INFO_LONG, or an empty | |
858 | array if the key is not bound to PCRs. */ | |
859 | TPM_STORE_PUBKEY pubKey; /* This SHALL be the public portion of the key */ | |
860 | uint32_t encDataSize; /* This SHALL be the size of the encData parameter. */ | |
861 | BYTE* encData; /* This SHALL be an encrypted TPM_STORE_ASYMKEY structure | |
862 | TPM_MIGRATE_ASYMKEY structure */ | |
863 | #endif | |
864 | TPM_SIZED_BUFFER pcrInfo; | |
865 | TPM_SIZED_BUFFER pubKey; | |
866 | TPM_SIZED_BUFFER encData; | |
867 | } TPM_KEY12; | |
868 | ||
869 | ||
870 | /* 10.5 TPM_PUBKEY rev 99 | |
871 | ||
872 | The TPM_PUBKEY structure contains the public portion of an asymmetric key pair. It contains all | |
873 | the information necessary for its unambiguous usage. It is possible to construct this structure | |
874 | from a TPM_KEY, using the algorithmParms and pubKey fields. | |
875 | ||
876 | The pubKey member of this structure shall contain the public key for a specific algorithm. | |
877 | */ | |
878 | ||
879 | typedef struct tdTPM_PUBKEY { | |
880 | TPM_KEY_PARMS algorithmParms; /* This SHALL be the information regarding this key */ | |
881 | #if 0 | |
882 | TPM_STORE_PUBKEY pubKey; /* This SHALL be the public key information */ | |
883 | #endif | |
884 | TPM_SIZED_BUFFER pubKey; | |
885 | } TPM_PUBKEY; | |
886 | ||
887 | /* 5.b. The TPM must support a minimum of 2 key slots. */ | |
888 | ||
889 | #ifdef TPM_KEY_HANDLES | |
890 | #if (TPM_KEY_HANDLES < 2) | |
891 | #error "TPM_KEY_HANDLES minimum is 2" | |
892 | #endif | |
893 | #endif | |
894 | ||
895 | /* Set the default to 3 so that there can be one owner evict key */ | |
896 | ||
897 | #ifndef TPM_KEY_HANDLES | |
898 | #define TPM_KEY_HANDLES 3 /* entries in global TPM_KEY_HANDLE_ENTRY array */ | |
899 | #endif | |
900 | ||
901 | /* TPM_GetCapability uses a uint_16 for the number of key slots */ | |
902 | ||
903 | #if (TPM_KEY_HANDLES > 0xffff) | |
904 | #error "TPM_KEY_HANDLES must be less than 0x10000" | |
905 | #endif | |
906 | ||
bbd7b75d | 907 | /* The TPM does not have to support any minimum number of owner evict keys. Adjust this value to |
a0098eda CB |
908 | match the amount of NV space available. An owner evict key consumes about 512 bytes. |
909 | ||
910 | A value greater than (TPM_KEY_HANDLES - 2) is useless, as the TPM reserves 2 key slots for | |
911 | non-owner evict keys to avoid blocking. | |
912 | */ | |
913 | ||
914 | #ifndef TPM_OWNER_EVICT_KEY_HANDLES | |
915 | #define TPM_OWNER_EVICT_KEY_HANDLES 1 | |
916 | #endif | |
917 | ||
918 | #if (TPM_OWNER_EVICT_KEY_HANDLES > (TPM_KEY_HANDLES - 2)) | |
919 | #error "TPM_OWNER_EVICT_KEY_HANDLES too large for TPM_KEY_HANDLES" | |
920 | #endif | |
921 | ||
922 | /* This is the version used by the TPM implementation. It is part of the global TPM state */ | |
923 | ||
924 | /* kgold: Added TPM_KEY member. There needs to be a mapping between a key handle | |
925 | and the pointer to TPM_KEY objects, and this seems to be the right place for it. */ | |
926 | ||
927 | typedef struct tdTPM_KEY_HANDLE_ENTRY { | |
928 | TPM_KEY_HANDLE handle; /* Handles for a key currently loaded in the TPM */ | |
929 | TPM_KEY *key; /* Pointer to the key object */ | |
930 | TPM_BOOL parentPCRStatus; /* TRUE if parent of this key uses PCR's */ | |
931 | TPM_KEY_CONTROL keyControl; /* Attributes that can control various aspects of key usage and | |
932 | manipulation. */ | |
933 | } TPM_KEY_HANDLE_ENTRY; | |
934 | ||
935 | /* 5.12 TPM_MIGRATIONKEYAUTH rev 87 | |
936 | ||
937 | This structure provides the proof that the associated public key has TPM Owner authorization to | |
938 | be a migration key. | |
939 | */ | |
940 | ||
941 | typedef struct tdTPM_MIGRATIONKEYAUTH { | |
942 | TPM_PUBKEY migrationKey; /* This SHALL be the public key of the migration facility */ | |
943 | TPM_MIGRATE_SCHEME migrationScheme; /* This shall be the type of migration operation.*/ | |
944 | TPM_DIGEST digest; /* This SHALL be the digest value of the concatenation of | |
945 | migration key, migration scheme and tpmProof */ | |
946 | } TPM_MIGRATIONKEYAUTH; | |
947 | ||
948 | /* 5.13 TPM_COUNTER_VALUE rev 87 | |
949 | ||
950 | This structure returns the counter value. For interoperability, the value size should be 4 bytes. | |
951 | */ | |
952 | ||
953 | #define TPM_COUNTER_LABEL_SIZE 4 | |
954 | #define TPM_COUNT_ID_NULL 0xffffffff /* unused value TPM_CAP_PROP_ACTIVE_COUNTER expects this | |
955 | value if no counter is active */ | |
956 | #define TPM_COUNT_ID_ILLEGAL 0xfffffffe /* after releasing an active counter */ | |
957 | ||
958 | typedef struct tdTPM_COUNTER_VALUE { | |
959 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
960 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_COUNTER_VALUE */ | |
961 | #endif | |
962 | BYTE label[TPM_COUNTER_LABEL_SIZE]; /* The label for the counter */ | |
963 | TPM_ACTUAL_COUNT counter; /* The 32-bit counter value. */ | |
964 | /* NOTE: Added. TPMWG email says the specification structure is the public part, but these are | |
965 | vendor specific private members. */ | |
966 | TPM_SECRET authData; /* Authorization secret for counter */ | |
967 | TPM_BOOL valid; | |
968 | TPM_DIGEST digest; /* for OSAP comparison */ | |
969 | } TPM_COUNTER_VALUE; | |
970 | ||
971 | /* 5.14 TPM_SIGN_INFO Structure rev 102 | |
972 | ||
973 | This is an addition in 1.2 and is the structure signed for certain commands (e.g., | |
974 | TPM_ReleaseTransportSigned). Some commands have a structure specific to that command (e.g., | |
975 | TPM_Quote uses TPM_QUOTE_INFO) and do not use TPM_SIGN_INFO. | |
976 | ||
977 | TPM_Sign uses this structure when the signature scheme is TPM_SS_RSASSAPKCS1v15_INFO. | |
978 | */ | |
979 | ||
980 | #define TPM_SIGN_INFO_FIXED_SIZE 4 | |
981 | ||
982 | typedef struct tdTPM_SIGN_INFO { | |
983 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
984 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_SIGNINFO */ | |
985 | #endif | |
986 | BYTE fixed[TPM_SIGN_INFO_FIXED_SIZE]; /* The ASCII text that identifies what function was | |
987 | performing the signing operation*/ | |
988 | TPM_NONCE replay; /* Nonce provided by caller to prevent replay attacks */ | |
989 | #if 0 | |
990 | uint32_t dataLen; /* The length of the data area */ | |
991 | BYTE* data; /* The data that is being signed */ | |
992 | #endif | |
993 | TPM_SIZED_BUFFER data; /* The data that is being signed */ | |
994 | } TPM_SIGN_INFO; | |
995 | ||
996 | /* 5.15 TPM_MSA_COMPOSITE Structure rev 87 | |
997 | ||
998 | TPM_MSA_COMPOSITE contains an arbitrary number of digests of public keys belonging to Migration | |
999 | Authorities. An instance of TPM_MSA_COMPOSITE is incorporated into the migrationAuth value of a | |
1000 | certified-migration-key (CMK), and any of the Migration Authorities specified in that instance is | |
1001 | able to approve the migration of that certified-migration-key. | |
1002 | ||
1003 | TPMs MUST support TPM_MSA_COMPOSITE structures with MSAlist of four (4) or less, and MAY support | |
1004 | larger values of MSAlist. | |
1005 | */ | |
1006 | ||
1007 | typedef struct tdTPM_MSA_COMPOSITE { | |
1008 | uint32_t MSAlist; /* The number of migAuthDigests. MSAlist MUST be one (1) or | |
1009 | greater. */ | |
1010 | TPM_DIGEST *migAuthDigest; /* An arbitrary number of digests of public keys belonging | |
1011 | to Migration Authorities. */ | |
1012 | } TPM_MSA_COMPOSITE; | |
1013 | ||
1014 | /* 5.16 TPM_CMK_AUTH | |
1015 | ||
1016 | The signed digest of TPM_CMK_AUTH is a ticket to prove that the entity with public key | |
1017 | "migrationAuthority" has approved the public key "destination Key" as a migration destination for | |
1018 | the key with public key "sourceKey". | |
1019 | ||
1020 | Normally the digest of TPM_CMK_AUTH is signed by the private key corresponding to | |
1021 | "migrationAuthority". | |
1022 | ||
1023 | To reduce data size, TPM_CMK_AUTH contains just the digests of "migrationAuthority", | |
1024 | "destinationKey" and "sourceKey". | |
1025 | */ | |
1026 | ||
1027 | typedef struct tdTPM_CMK_AUTH { | |
1028 | TPM_DIGEST migrationAuthorityDigest; /* The digest of the public key of a Migration | |
1029 | Authority */ | |
1030 | TPM_DIGEST destinationKeyDigest; /* The digest of a TPM_PUBKEY structure that is an | |
1031 | approved destination key for the private key | |
1032 | associated with "sourceKey"*/ | |
1033 | TPM_DIGEST sourceKeyDigest; /* The digest of a TPM_PUBKEY structure whose | |
1034 | corresponding private key is approved by the | |
1035 | Migration Authority to be migrated as a child to | |
1036 | the destinationKey. */ | |
1037 | } TPM_CMK_AUTH; | |
1038 | ||
1039 | /* 5.18 TPM_SELECT_SIZE rev 87 | |
1040 | ||
1041 | This structure provides the indication for the version and sizeOfSelect structure in GetCapability | |
1042 | */ | |
1043 | ||
1044 | typedef struct tdTPM_SELECT_SIZE { | |
1045 | BYTE major; /* This SHALL indicate the major version of the TPM. This MUST be 0x01 */ | |
1046 | BYTE minor; /* This SHALL indicate the minor version of the TPM. This MAY be 0x01 or | |
1047 | 0x02 */ | |
1048 | uint16_t reqSize; /* This SHALL indicate the value for a sizeOfSelect field in the | |
1049 | TPM_SELECTION structure */ | |
1050 | } TPM_SELECT_SIZE; | |
1051 | ||
1052 | /* 5.19 TPM_CMK_MIGAUTH rev 89 | |
1053 | ||
1054 | Structure to keep track of the CMK migration authorization | |
1055 | */ | |
1056 | ||
1057 | typedef struct tdTPM_CMK_MIGAUTH { | |
1058 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1059 | TPM_STRUCTURE_TAG tag; /* Set to TPM_TAG_CMK_MIGAUTH */ | |
1060 | #endif | |
1061 | TPM_DIGEST msaDigest; /* The digest of a TPM_MSA_COMPOSITE structure containing the | |
1062 | migration authority public key and parameters. */ | |
1063 | TPM_DIGEST pubKeyDigest; /* The hash of the associated public key */ | |
1064 | } TPM_CMK_MIGAUTH; | |
1065 | ||
1066 | /* 5.20 TPM_CMK_SIGTICKET rev 87 | |
1067 | ||
1068 | Structure to keep track of the CMK migration authorization | |
1069 | */ | |
1070 | ||
1071 | typedef struct tdTPM_CMK_SIGTICKET { | |
1072 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1073 | TPM_STRUCTURE_TAG tag; /* Set to TPM_TAG_CMK_SIGTICKET */ | |
1074 | #endif | |
1075 | TPM_DIGEST verKeyDigest; /* The hash of a TPM_PUBKEY structure containing the public key and | |
1076 | parameters of the key that can verify the ticket */ | |
1077 | TPM_DIGEST signedData; /* The ticket data */ | |
1078 | } TPM_CMK_SIGTICKET; | |
1079 | ||
1080 | /* 5.21 TPM_CMK_MA_APPROVAL rev 87 | |
1081 | ||
1082 | Structure to keep track of the CMK migration authorization | |
1083 | */ | |
1084 | ||
1085 | typedef struct tdTPM_CMK_MA_APPROVAL { | |
1086 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1087 | TPM_STRUCTURE_TAG tag; /* Set to TPM_TAG_CMK_MA_APPROVAL */ | |
1088 | #endif | |
1089 | TPM_DIGEST migrationAuthorityDigest; /* The hash of a TPM_MSA_COMPOSITE structure | |
1090 | containing the hash of one or more migration | |
1091 | authority public keys and parameters. */ | |
1092 | } TPM_CMK_MA_APPROVAL; | |
1093 | ||
1094 | /* 20.2 Delegate Definitions rev 101 | |
1095 | ||
1096 | The delegations are in a 64-bit field. Each bit describes a capability that the TPM Owner can | |
1097 | delegate to a trusted process by setting that bit. Each delegation bit setting is independent of | |
1098 | any other delegation bit setting in a row. | |
1099 | ||
1100 | If a TPM command is not listed in the following table, then the TPM Owner cannot delegate that | |
1101 | capability to a trusted process. For the TPM commands that are listed in the following table, if | |
1102 | the bit associated with a TPM command is set to zero in the row of the table that identifies a | |
1103 | trusted process, then that process has not been delegated to use that TPM command. | |
1104 | ||
1105 | The minimum granularity for delegation is at the ordinal level. It is not possible to delegate an | |
1106 | option of an ordinal. This implies that if the options present a difficulty and there is a need | |
1107 | to separate the delegations then there needs to be a split into two separate ordinals. | |
1108 | */ | |
1109 | ||
1110 | #define TPM_DEL_OWNER_BITS 0x00000001 | |
1111 | #define TPM_DEL_KEY_BITS 0x00000002 | |
1112 | ||
1113 | typedef struct tdTPM_DELEGATIONS { | |
1114 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1115 | TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_DELEGATIONS */ | |
1116 | #endif | |
1117 | uint32_t delegateType; /* Owner or key */ | |
1118 | uint32_t per1; /* The first block of permissions */ | |
1119 | uint32_t per2; /* The second block of permissions */ | |
1120 | } TPM_DELEGATIONS; | |
1121 | ||
1122 | /* 20.4 TPM_FAMILY_LABEL rev 85 | |
1123 | ||
1124 | Used in the family table to hold a one-byte numeric value (sequence number) that software can map | |
1125 | to a string of bytes that can be displayed or used by applications. | |
1126 | ||
1127 | This is not sensitive data. | |
1128 | */ | |
1129 | ||
1130 | #if 0 | |
1131 | typedef struct tdTPM_FAMILY_LABEL { | |
1132 | BYTE label; /* A sequence number that software can map to a string of bytes that can be | |
1133 | displayed or used by the applications. This MUST not contain sensitive | |
1134 | information. */ | |
1135 | } TPM_FAMILY_LABEL; | |
1136 | #endif | |
1137 | ||
1138 | typedef BYTE TPM_FAMILY_LABEL; /* NOTE: No need for a structure here */ | |
1139 | ||
1140 | /* 20.5 TPM_FAMILY_TABLE_ENTRY rev 101 | |
1141 | ||
1142 | The family table entry is an individual row in the family table. There are no sensitive values in | |
1143 | a family table entry. | |
1144 | ||
1145 | Each family table entry contains values to facilitate table management: the familyID sequence | |
1146 | number value that associates a family table row with one or more delegate table rows, a | |
1147 | verification sequence number value that identifies when rows in the delegate table were last | |
1148 | verified, and BYTE family label value that software can map to an ASCII text description of the | |
1149 | entity using the family table entry | |
1150 | */ | |
1151 | ||
1152 | typedef struct tdTPM_FAMILY_TABLE_ENTRY { | |
1153 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1154 | TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_FAMILY_TABLE_ENTRY */ | |
1155 | #endif | |
1156 | TPM_FAMILY_LABEL familyLabel; /* A sequence number that software can map to a string of | |
1157 | bytes that can be displayed of used by the applications. | |
bbd7b75d | 1158 | This MUST not contain sensitive information. */ |
a0098eda CB |
1159 | TPM_FAMILY_ID familyID; /* The family ID in use to tie values together. This is not |
1160 | a sensitive value. */ | |
1161 | TPM_FAMILY_VERIFICATION verificationCount; /* The value inserted into delegation rows to | |
1162 | indicate that they are the current generation of | |
1163 | rows. Used to identify when a row in the delegate | |
1164 | table was last verified. This is not a sensitive | |
1165 | value. */ | |
1166 | TPM_FAMILY_FLAGS flags; /* See section on TPM_FAMILY_FLAGS. */ | |
1167 | /* NOTE Added */ | |
1168 | TPM_BOOL valid; | |
1169 | } TPM_FAMILY_TABLE_ENTRY; | |
1170 | ||
1171 | /* 20.6 TPM_FAMILY_TABLE rev 87 | |
1172 | ||
1173 | The family table is stored in a TPM shielded location. There are no confidential values in the | |
1174 | family table. The family table contains a minimum of 8 rows. | |
1175 | */ | |
1176 | ||
1177 | #ifdef TPM_NUM_FAMILY_TABLE_ENTRY_MIN | |
1178 | #if (TPM_NUM_FAMILY_TABLE_ENTRY_MIN < 8) | |
1179 | #error "TPM_NUM_FAMILY_TABLE_ENTRY_MIN minimum is 8" | |
1180 | #endif | |
1181 | #endif | |
1182 | ||
1183 | #ifndef TPM_NUM_FAMILY_TABLE_ENTRY_MIN | |
1184 | #define TPM_NUM_FAMILY_TABLE_ENTRY_MIN 8 | |
1185 | #endif | |
1186 | ||
1187 | typedef struct tdTPM_FAMILY_TABLE { | |
1188 | TPM_FAMILY_TABLE_ENTRY famTableRow[TPM_NUM_FAMILY_TABLE_ENTRY_MIN]; | |
1189 | } TPM_FAMILY_TABLE; | |
1190 | ||
1191 | /* 20.7 TPM_DELEGATE_LABEL rev 87 | |
1192 | ||
1193 | Used in both the delegate table and the family table to hold a string of bytes that can be | |
1194 | displayed or used by applications. This is not sensitive data. | |
1195 | */ | |
1196 | ||
1197 | #if 0 | |
1198 | typedef struct tdTPM_DELEGATE_LABEL { | |
1199 | BYTE label; /* A byte that can be displayed or used by the applications. This MUST not | |
1200 | contain sensitive information. */ | |
1201 | } TPM_DELEGATE_LABEL; | |
1202 | #endif | |
1203 | ||
1204 | typedef BYTE TPM_DELEGATE_LABEL; /* NOTE: No need for structure */ | |
1205 | ||
1206 | /* 20.8 TPM_DELEGATE_PUBLIC rev 101 | |
1207 | ||
1208 | The information of a delegate row that is public and does not have any sensitive information. | |
1209 | ||
1210 | PCR_INFO_SHORT is appropriate here as the command to create this is done using owner | |
1211 | authorization, hence the owner authorized the command and the delegation. There is no need to | |
1212 | validate what configuration was controlling the platform during the blob creation. | |
1213 | */ | |
1214 | ||
1215 | typedef struct tdTPM_DELEGATE_PUBLIC { | |
1216 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1217 | TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_DELEGATE_PUBLIC */ | |
1218 | #endif | |
1219 | TPM_DELEGATE_LABEL rowLabel; /* This SHALL be the label for the row. It | |
1220 | MUST not contain any sensitive information. */ | |
1221 | TPM_PCR_INFO_SHORT pcrInfo; /* This SHALL be the designation of the process that can use | |
1222 | the permission. This is a not sensitive | |
1223 | value. PCR_SELECTION may be NULL. | |
1224 | ||
1225 | If selected the pcrInfo MUST be checked on each use of | |
1226 | the delegation. Use of the delegation is where the | |
1227 | delegation is passed as an authorization handle. */ | |
1228 | TPM_DELEGATIONS permissions; /* This SHALL be the permissions that are allowed to the | |
1229 | indicated process. This is not a sensitive value. */ | |
1230 | TPM_FAMILY_ID familyID; /* This SHALL be the family ID that identifies which family | |
1231 | the row belongs to. This is not a sensitive value. */ | |
1232 | TPM_FAMILY_VERIFICATION verificationCount; /* A copy of verificationCount from the associated | |
1233 | family table. This is not a sensitive value. */ | |
1234 | } TPM_DELEGATE_PUBLIC; | |
1235 | ||
1236 | ||
1237 | /* 20.9 TPM_DELEGATE_TABLE_ROW rev 101 | |
1238 | ||
1239 | A row of the delegate table. | |
1240 | */ | |
1241 | ||
1242 | typedef struct tdTPM_DELEGATE_TABLE_ROW { | |
1243 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1244 | TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_DELEGATE_TABLE_ROW */ | |
1245 | #endif | |
1246 | TPM_DELEGATE_PUBLIC pub; /* This SHALL be the public information for a table row. */ | |
1247 | TPM_SECRET authValue; /* This SHALL be the authorization value that can use the | |
1248 | permissions. This is a sensitive value. */ | |
1249 | /* NOTE Added */ | |
1250 | TPM_BOOL valid; | |
1251 | } TPM_DELEGATE_TABLE_ROW; | |
1252 | ||
1253 | /* 20.10 TPM_DELEGATE_TABLE rev 87 | |
1254 | ||
1255 | This is the delegate table. The table contains a minimum of 2 rows. | |
1256 | ||
1257 | This will be an entry in the TPM_PERMANENT_DATA structure. | |
1258 | */ | |
1259 | ||
1260 | #ifdef TPM_NUM_DELEGATE_TABLE_ENTRY_MIN | |
1261 | #if (TPM_NUM_DELEGATE_TABLE_ENTRY_MIN < 2) | |
1262 | #error "TPM_NUM_DELEGATE_TABLE_ENTRY_MIN minimum is 2" | |
1263 | #endif | |
1264 | #endif | |
1265 | ||
1266 | #ifndef TPM_NUM_DELEGATE_TABLE_ENTRY_MIN | |
1267 | #define TPM_NUM_DELEGATE_TABLE_ENTRY_MIN 2 | |
1268 | #endif | |
1269 | ||
1270 | ||
1271 | typedef struct tdTPM_DELEGATE_TABLE { | |
1272 | TPM_DELEGATE_TABLE_ROW delRow[TPM_NUM_DELEGATE_TABLE_ENTRY_MIN]; /* The array of delegations */ | |
1273 | } TPM_DELEGATE_TABLE; | |
1274 | ||
1275 | /* 20.11 TPM_DELEGATE_SENSITIVE rev 115 | |
1276 | ||
1277 | The TPM_DELEGATE_SENSITIVE structure is the area of a delegate blob that contains sensitive | |
1278 | information. | |
1279 | ||
1280 | This structure is normative for loading unencrypted blobs before there is an owner. It is | |
1281 | informative for TPM_CreateOwnerDelegation and TPM_LoadOwnerDelegation after there is an owner and | |
1282 | encrypted blobs are used, since the structure is under complete control of the TPM. | |
1283 | */ | |
1284 | ||
1285 | typedef struct tdTPM_DELEGATE_SENSITIVE { | |
1286 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1287 | TPM_STRUCTURE_TAG tag; /* This MUST be TPM_TAG_DELEGATE_SENSITIVE */ | |
1288 | #endif | |
1289 | TPM_SECRET authValue; /* AuthData value */ | |
1290 | } TPM_DELEGATE_SENSITIVE; | |
1291 | ||
1292 | /* 20.12 TPM_DELEGATE_OWNER_BLOB rev 87 | |
1293 | ||
1294 | This data structure contains all the information necessary to externally store a set of owner | |
1295 | delegation rights that can subsequently be loaded or used by this TPM. | |
1296 | ||
1297 | The encryption mechanism for the sensitive area is a TPM choice. The TPM may use asymmetric | |
1298 | encryption and the SRK for the key. The TPM may use symmetric encryption and a secret key known | |
1299 | only to the TPM. | |
1300 | */ | |
1301 | ||
1302 | typedef struct tdTPM_DELEGATE_OWNER_BLOB { | |
1303 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1304 | TPM_STRUCTURE_TAG tag; /* This MUST be TPM_TAG_DELG_OWNER_BLOB */ | |
1305 | #endif | |
1306 | TPM_DELEGATE_PUBLIC pub; /* The public information for this blob */ | |
1307 | TPM_DIGEST integrityDigest; /* The HMAC to guarantee the integrity of the entire structure */ | |
1308 | TPM_SIZED_BUFFER additionalArea; /* An area that the TPM can add to the blob which MUST NOT | |
1309 | contain any sensitive information. This would include any | |
1310 | IV material for symmetric encryption */ | |
1311 | TPM_SIZED_BUFFER sensitiveArea; /* The area that contains the encrypted | |
1312 | TPM_DELEGATE_SENSITIVE */ | |
1313 | } TPM_DELEGATE_OWNER_BLOB; | |
1314 | ||
1315 | /* 20.13 TPM_DELEGATE_KEY_BLOB rev 87 | |
1316 | ||
1317 | A structure identical to TPM_DELEGATE_OWNER_BLOB but which stores delegation information for user | |
1318 | keys. As compared to TPM_DELEGATE_OWNER_BLOB, it adds a hash of the corresponding public key | |
1319 | value to the public information. | |
1320 | */ | |
1321 | ||
1322 | typedef struct tdTPM_DELEGATE_KEY_BLOB { | |
1323 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1324 | TPM_STRUCTURE_TAG tag; /* This MUST be TPM_TAG_DELG_KEY_BLOB */ | |
1325 | #endif | |
1326 | TPM_DELEGATE_PUBLIC pub; /* The public information for this blob */ | |
1327 | TPM_DIGEST integrityDigest; /* The HMAC to guarantee the integrity of the entire | |
1328 | structure */ | |
1329 | TPM_DIGEST pubKeyDigest; /* The digest, that uniquely identifies the key for which | |
1330 | this usage delegation applies. */ | |
1331 | TPM_SIZED_BUFFER additionalArea; /* An area that the TPM can add to the blob which MUST NOT | |
1332 | contain any sensitive information. This would include any | |
1333 | IV material for symmetric encryption */ | |
1334 | TPM_SIZED_BUFFER sensitiveArea; /* The area that contains the encrypted | |
1335 | TPM_DELEGATE_SENSITIVE */ | |
1336 | } TPM_DELEGATE_KEY_BLOB; | |
1337 | ||
1338 | /* 15.1 TPM_CURRENT_TICKS rev 110 | |
1339 | ||
1340 | This structure holds the current number of time ticks in the TPM. The value is the number of time | |
1341 | ticks from the start of the current session. Session start is a variable function that is | |
1342 | platform dependent. Some platforms may have batteries or other power sources and keep the TPM | |
1343 | clock session across TPM initialization sessions. | |
1344 | ||
1345 | The <tickRate> element of the TPM_CURRENT_TICKS structure provides the number of microseconds per | |
1346 | tick. The platform manufacturer must satisfy input clock requirements set by the TPM vendor to | |
1347 | ensure the accuracy of the tickRate. | |
1348 | ||
1349 | No external entity may ever set the current number of time ticks held in TPM_CURRENT_TICKS. This | |
1350 | value is always reset to 0 when a new clock session starts and increments under control of the | |
1351 | TPM. | |
1352 | ||
1353 | Maintaining the relationship between the number of ticks counted by the TPM and some real world | |
1354 | clock is a task for external software. | |
1355 | */ | |
1356 | ||
1357 | /* This is not a true UINT64, but a special structure to hold currentTicks */ | |
1358 | ||
1359 | typedef struct tdTPM_UINT64 { | |
1360 | uint32_t sec; | |
1361 | uint32_t usec; | |
1362 | } TPM_UINT64; | |
1363 | ||
1364 | typedef struct tdTPM_CURRENT_TICKS { | |
1365 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1366 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_CURRENT_TICKS */ | |
1367 | #endif | |
1368 | TPM_UINT64 currentTicks; /* The number of ticks since the start of this tick session */ | |
1369 | /* upper is seconds, lower is useconds */ | |
1370 | uint16_t tickRate; /* The number of microseconds per tick. The maximum resolution of | |
1371 | the TPM tick counter is thus 1 microsecond. The minimum | |
1372 | resolution SHOULD be 1 millisecond. */ | |
1373 | TPM_NONCE tickNonce; /* TPM_NONCE tickNonce The nonce created by the TPM when resetting | |
1374 | the currentTicks to 0. This indicates the beginning of a time | |
1375 | session. This value MUST be valid before the first use of | |
1376 | TPM_CURRENT_TICKS. The value can be set at TPM_Startup or just | |
1377 | prior to first use. */ | |
1378 | /* NOTE Added */ | |
1379 | TPM_UINT64 initialTime; /* Time from TPM_GetTimeOfDay() */ | |
1380 | } TPM_CURRENT_TICKS; | |
1381 | ||
1382 | /* | |
1383 | 13. Transport Structures | |
1384 | */ | |
1385 | ||
1386 | /* 13.1 TPM _TRANSPORT_PUBLIC rev 87 | |
1387 | ||
1388 | The public information relative to a transport session | |
1389 | */ | |
1390 | ||
1391 | typedef struct tdTPM_TRANSPORT_PUBLIC { | |
1392 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1393 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_PUBLIC */ | |
1394 | #endif | |
1395 | TPM_TRANSPORT_ATTRIBUTES transAttributes; /* The attributes of this session */ | |
1396 | TPM_ALGORITHM_ID algId; /* This SHALL be the algorithm identifier of the | |
1397 | symmetric key. */ | |
1398 | TPM_ENC_SCHEME encScheme; /* This SHALL fully identify the manner in which the | |
1399 | key will be used for encryption operations. */ | |
1400 | } TPM_TRANSPORT_PUBLIC; | |
1401 | ||
1402 | /* 13.2 TPM_TRANSPORT_INTERNAL rev 88 | |
1403 | ||
1404 | The internal information regarding transport session | |
1405 | */ | |
1406 | ||
1407 | /* 7.6 TPM_STANY_DATA */ | |
1408 | ||
1409 | #ifdef TPM_MIN_TRANS_SESSIONS | |
1410 | #if (TPM_MIN_TRANS_SESSIONS < 3) | |
1411 | #error "TPM_MIN_TRANS_SESSIONS minimum is 3" | |
1412 | #endif | |
1413 | #endif | |
1414 | ||
1415 | #ifndef TPM_MIN_TRANS_SESSIONS | |
1416 | #define TPM_MIN_TRANS_SESSIONS 3 | |
1417 | #endif | |
1418 | ||
1419 | typedef struct tdTPM_TRANSPORT_INTERNAL { | |
1420 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1421 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_INTERNAL */ | |
1422 | #endif | |
1423 | TPM_AUTHDATA authData; /* The shared secret for this session */ | |
1424 | TPM_TRANSPORT_PUBLIC transPublic; /* The public information of this session */ | |
1425 | TPM_TRANSHANDLE transHandle; /* The handle for this session */ | |
1426 | TPM_NONCE transNonceEven; /* The even nonce for the rolling protocol */ | |
1427 | TPM_DIGEST transDigest; /* The log of transport events */ | |
1428 | /* added kgold */ | |
1429 | TPM_BOOL valid; /* entry is valid */ | |
1430 | } TPM_TRANSPORT_INTERNAL; | |
1431 | ||
1432 | /* 13.3 TPM_TRANSPORT_LOG_IN rev 87 | |
1433 | ||
1434 | The logging of transport commands occurs in two steps, before execution with the input | |
1435 | parameters and after execution with the output parameters. | |
1436 | ||
1437 | This structure is in use for input log calculations. | |
1438 | */ | |
1439 | ||
1440 | typedef struct tdTPM_TRANSPORT_LOG_IN { | |
1441 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1442 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_LOG_IN */ | |
1443 | #endif | |
1444 | TPM_DIGEST parameters; /* The actual parameters contained in the digest are subject to the | |
1445 | rules of the command using this structure. To find the exact | |
1446 | calculation refer to the actions in the command using this | |
1447 | structure. */ | |
1448 | TPM_DIGEST pubKeyHash; /* The hash of any keys in the transport command */ | |
1449 | } TPM_TRANSPORT_LOG_IN; | |
1450 | ||
1451 | /* 13.4 TPM_TRANSPORT_LOG_OUT rev 88 | |
1452 | ||
1453 | The logging of transport commands occurs in two steps, before execution with the input parameters | |
1454 | and after execution with the output parameters. | |
1455 | ||
1456 | This structure is in use for output log calculations. | |
1457 | ||
1458 | This structure is in use for the INPUT logging during releaseTransport. | |
1459 | */ | |
1460 | ||
1461 | typedef struct tdTPM_TRANSPORT_LOG_OUT { | |
1462 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1463 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_LOG_OUT */ | |
1464 | #endif | |
1465 | TPM_CURRENT_TICKS currentTicks; /* The current tick count. This SHALL be the value of the | |
1466 | current TPM tick counter. */ | |
1467 | TPM_DIGEST parameters; /* The actual parameters contained in the digest are subject | |
1468 | to the rules of the command using this structure. To find | |
1469 | the exact calculation refer to the actions in the command | |
1470 | using this structure. */ | |
1471 | TPM_MODIFIER_INDICATOR locality; /* The locality that called TPM_ExecuteTransport */ | |
1472 | } TPM_TRANSPORT_LOG_OUT; | |
1473 | ||
1474 | /* 13.5 TPM_TRANSPORT_AUTH structure rev 87 | |
1475 | ||
1476 | This structure provides the validation for the encrypted AuthData value. | |
1477 | */ | |
1478 | ||
1479 | typedef struct tdTPM_TRANSPORT_AUTH { | |
1480 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1481 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_AUTH */ | |
1482 | #endif | |
1483 | TPM_AUTHDATA authData; /* The AuthData value */ | |
1484 | } TPM_TRANSPORT_AUTH; | |
1485 | ||
1486 | /* 22.3 TPM_DAA_ISSUER rev 91 | |
1487 | ||
1488 | This structure is the abstract representation of non-secret settings controlling a DAA | |
1489 | context. The structure is required when loading public DAA data into a TPM. TPM_DAA_ISSUER | |
1490 | parameters are normally held outside the TPM as plain text data, and loaded into a TPM when a DAA | |
1491 | session is required. A TPM_DAA_ISSUER structure contains no integrity check: the TPM_DAA_ISSUER | |
1492 | structure at time of JOIN is indirectly verified by the issuer during the JOIN process, and a | |
1493 | digest of the verified TPM_DAA_ISSUER structure is held inside the TPM_DAA_TPM structure created | |
1494 | by the JOIN process. Parameters DAA_digest_X are digests of public DAA_generic_X parameters, and | |
1495 | used to verify that the correct value of DAA_generic_X has been loaded. DAA_generic_q is stored | |
1496 | in its native form to reduce command complexity. | |
1497 | */ | |
1498 | ||
1499 | typedef struct tdTPM_DAA_ISSUER { | |
1500 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1501 | TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_ISSUER */ | |
1502 | #endif | |
1503 | TPM_DIGEST DAA_digest_R0; /* A digest of the parameter "R0", which is not secret and may be | |
1504 | common to many TPMs. */ | |
1505 | TPM_DIGEST DAA_digest_R1; /* A digest of the parameter "R1", which is not secret and may be | |
1506 | common to many TPMs. */ | |
1507 | TPM_DIGEST DAA_digest_S0; /* A digest of the parameter "S0", which is not secret and may be | |
1508 | common to many TPMs. */ | |
1509 | TPM_DIGEST DAA_digest_S1; /* A digest of the parameter "S1", which is not secret and may be | |
1510 | common to many TPMs. */ | |
1511 | TPM_DIGEST DAA_digest_n; /* A digest of the parameter "n", which is not secret and may be | |
1512 | common to many TPMs. */ | |
1513 | TPM_DIGEST DAA_digest_gamma; /* A digest of the parameter "gamma", which is not secret | |
1514 | and may be common to many TPMs. */ | |
1515 | BYTE DAA_generic_q[26]; /* The parameter q, which is not secret and may be common to | |
1516 | many TPMs. Note that q is slightly larger than a digest, | |
1517 | but is stored in its native form to simplify the | |
1518 | TPM_DAA_join command. Otherwise, JOIN requires 3 input | |
1519 | parameters. */ | |
1520 | } TPM_DAA_ISSUER; | |
1521 | ||
1522 | /* 22.4 TPM_DAA_TPM rev 91 | |
1523 | ||
1524 | This structure is the abstract representation of TPM specific parameters used during a DAA | |
1525 | context. TPM-specific DAA parameters may be stored outside the TPM, and hence this | |
1526 | structure is needed to save private DAA data from a TPM, or load private DAA data into a | |
1527 | TPM. | |
1528 | ||
1529 | If a TPM_DAA_TPM structure is stored outside the TPM, it is stored in a confidential format that | |
1530 | can be interpreted only by the TPM created it. This is to ensure that secret parameters are | |
1531 | rendered confidential, and that both secret and non-secret data in TPM_DAA_TPM form a | |
1532 | self-consistent set. | |
1533 | ||
1534 | TPM_DAA_TPM includes a digest of the public DAA parameters that were used during creation of the | |
1535 | TPM_DAA_TPM structure. This is needed to verify that a TPM_DAA_TPM is being used with the public | |
1536 | DAA parameters used to create the TPM_DAA_TPM structure. Parameters DAA_digest_v0 and | |
1537 | DAA_digest_v1 are digests of public DAA_private_v0 and DAA_private_v1 parameters, and used to | |
1538 | verify that the correct private parameters have been loaded. | |
1539 | ||
1540 | Parameter DAA_count is stored in its native form, because it is smaller than a digest, and is | |
1541 | required to enforce consistency. | |
1542 | */ | |
1543 | ||
1544 | typedef struct tdTPM_DAA_TPM { | |
1545 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1546 | TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_TPM */ | |
1547 | #endif | |
1548 | TPM_DIGEST DAA_digestIssuer; /* A digest of a TPM_DAA_ISSUER structure that contains the | |
1549 | parameters used to generate this TPM_DAA_TPM | |
1550 | structure. */ | |
1551 | TPM_DIGEST DAA_digest_v0; /* A digest of the parameter "v0", which is secret and specific to | |
1552 | this TPM. "v0" is generated during a JOIN phase. */ | |
1553 | TPM_DIGEST DAA_digest_v1; /* A digest of the parameter "v1", which is secret and specific to | |
1554 | this TPM. "v1" is generated during a JOIN phase. */ | |
1555 | TPM_DIGEST DAA_rekey; /* A digest related to the rekeying process, which is not secret but | |
1556 | is specific to this TPM, and must be consistent across JOIN/SIGN | |
1557 | sessions. "rekey" is generated during a JOIN phase. */ | |
1558 | uint32_t DAA_count; /* The parameter "count", which is not secret but must be consistent | |
1559 | across JOIN/SIGN sessions. "count" is an input to the TPM from | |
1560 | the host system. */ | |
1561 | } TPM_DAA_TPM; | |
1562 | ||
1563 | /* 22.5 TPM_DAA_CONTEXT rev 91 | |
1564 | ||
1565 | TPM_DAA_CONTEXT structure is created and used inside a TPM, and never leaves the TPM. This | |
1566 | entire section is informative as the TPM does not expose this structure. TPM_DAA_CONTEXT | |
1567 | includes a digest of the public and private DAA parameters that were used during creation of the | |
1568 | TPM_DAA_CONTEXT structure. This is needed to verify that a TPM_DAA_CONTEXT is being used with the | |
1569 | public and private DAA parameters used to create the TPM_DAA_CONTEXT structure. | |
1570 | */ | |
1571 | ||
1572 | typedef struct tdTPM_DAA_CONTEXT { | |
1573 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1574 | TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_CONTEXT */ | |
1575 | #endif | |
1576 | TPM_DIGEST DAA_digestContext; /* A digest of parameters used to generate this | |
1577 | structure. The parameters vary, depending on whether the | |
1578 | session is a JOIN session or a SIGN session. */ | |
1579 | TPM_DIGEST DAA_digest; /* A running digest of certain parameters generated during DAA | |
1580 | computation; operationally the same as a PCR (which holds a | |
1581 | running digest of integrity metrics). */ | |
1582 | TPM_DAA_CONTEXT_SEED DAA_contextSeed; /* The seed used to generate other DAA | |
1583 | session parameters */ | |
1584 | BYTE DAA_scratch[256]; /* Memory used to hold different parameters at different | |
1585 | times of DAA computation, but only one parameter at a | |
1586 | time. The maximum size of this field is 256 bytes */ | |
1587 | BYTE DAA_stage; /* A counter, indicating the stage of DAA computation that was most | |
1588 | recently completed. The value of the counter is zero if the TPM | |
1589 | currently contains no DAA context. | |
1590 | ||
1591 | When set to zero (0) the TPM MUST clear all other fields in this | |
1592 | structure. | |
1593 | ||
1594 | The TPM MUST set DAA_stage to 0 on TPM_Startup(ANY) */ | |
1595 | TPM_BOOL DAA_scratch_null; | |
1596 | } TPM_DAA_CONTEXT; | |
1597 | ||
1598 | /* 22.6 TPM_DAA_JOINDATA rev 91 | |
1599 | ||
1600 | This structure is the abstract representation of data that exists only during a specific JOIN | |
1601 | session. | |
1602 | */ | |
1603 | ||
1604 | typedef struct tdTPM_DAA_JOINDATA { | |
1605 | BYTE DAA_join_u0[128]; /* A TPM-specific secret "u0", used during the JOIN phase, | |
1606 | and discarded afterwards. */ | |
1607 | BYTE DAA_join_u1[138]; /* A TPM-specific secret "u1", used during the JOIN phase, | |
1608 | and discarded afterwards. */ | |
1609 | TPM_DIGEST DAA_digest_n0; /* A digest of the parameter "n0", which is an RSA public key with | |
1610 | exponent 2^16 +1 */ | |
1611 | } TPM_DAA_JOINDATA; | |
1612 | ||
1613 | /* DAA Session structure | |
1614 | ||
1615 | */ | |
1616 | ||
1617 | #ifdef TPM_MIN_DAA_SESSIONS | |
1618 | #if (TPM_MIN_DAA_SESSIONS < 1) | |
1619 | #error "TPM_MIN_DAA_SESSIONS minimum is 1" | |
1620 | #endif | |
1621 | #endif | |
1622 | ||
1623 | #ifndef TPM_MIN_DAA_SESSIONS | |
1624 | #define TPM_MIN_DAA_SESSIONS 1 | |
1625 | #endif | |
1626 | ||
1627 | typedef struct tdTPM_DAA_SESSION_DATA { | |
1628 | TPM_DAA_ISSUER DAA_issuerSettings; /* A set of DAA issuer parameters controlling a DAA | |
1629 | session. (non-secret) */ | |
1630 | TPM_DAA_TPM DAA_tpmSpecific; /* A set of DAA parameters associated with a | |
1631 | specific TPM. (secret) */ | |
1632 | TPM_DAA_CONTEXT DAA_session; /* A set of DAA parameters associated with a DAA | |
1633 | session. (secret) */ | |
1634 | TPM_DAA_JOINDATA DAA_joinSession; /* A set of DAA parameters used only during the JOIN | |
1635 | phase of a DAA session, and generated by the | |
1636 | TPM. (secret) */ | |
1637 | /* added kgold */ | |
1638 | TPM_HANDLE daaHandle; /* DAA session handle */ | |
1639 | TPM_BOOL valid; /* array entry is valid */ | |
1640 | /* FIXME should have handle type Join or Sign */ | |
1641 | } TPM_DAA_SESSION_DATA; | |
1642 | ||
1643 | /* 22.8 TPM_DAA_BLOB rev 98 | |
1644 | ||
1645 | The structure passed during the join process | |
1646 | */ | |
1647 | ||
1648 | typedef struct tdTPM_DAA_BLOB { | |
1649 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1650 | TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_BLOB */ | |
1651 | #endif | |
1652 | TPM_RESOURCE_TYPE resourceType; /* The resource type: enc(DAA_tpmSpecific) or enc(v0) or | |
1653 | enc(v1) */ | |
1654 | BYTE label[16]; /* Label for identification of the blob. Free format | |
1655 | area. */ | |
1656 | TPM_DIGEST blobIntegrity; /* The integrity of the entire blob including the sensitive | |
1657 | area. This is a HMAC calculation with the entire | |
1658 | structure (including sensitiveData) being the hash and | |
1659 | daaProof is the secret */ | |
1660 | TPM_SIZED_BUFFER additionalData; /* Additional information set by the TPM that helps define | |
1661 | and reload the context. The information held in this area | |
1662 | MUST NOT expose any information held in shielded | |
1663 | locations. This should include any IV for symmetric | |
1664 | encryption */ | |
1665 | TPM_SIZED_BUFFER sensitiveData; /* A TPM_DAA_SENSITIVE structure */ | |
1666 | #if 0 | |
1667 | uint32_t additionalSize; | |
1668 | [size_is(additionalSize)] BYTE* additionalData; | |
1669 | uint32_t sensitiveSize; | |
1670 | [size_is(sensitiveSize)] BYTE* sensitiveData; | |
1671 | #endif | |
1672 | } TPM_DAA_BLOB; | |
1673 | ||
1674 | /* 22.9 TPM_DAA_SENSITIVE rev 91 | |
1675 | ||
1676 | The encrypted area for the DAA parameters | |
1677 | */ | |
1678 | ||
1679 | typedef struct tdTPM_DAA_SENSITIVE { | |
1680 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1681 | TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_SENSITIVE */ | |
1682 | #endif | |
1683 | TPM_SIZED_BUFFER internalData; /* DAA_tpmSpecific or DAA_private_v0 or DAA_private_v1 */ | |
1684 | #if 0 | |
1685 | uint32_t internalSize; | |
1686 | [size_is(internalSize)] BYTE* internalData; | |
1687 | #endif | |
1688 | } TPM_DAA_SENSITIVE; | |
1689 | ||
1690 | /* 7.1 TPM_PERMANENT_FLAGS rev 110 | |
1691 | ||
1692 | These flags maintain state information for the TPM. The values are not affected by any | |
1693 | TPM_Startup command. | |
1694 | ||
1695 | The flag history includes: | |
1696 | ||
1697 | Rev 62 specLevel 1 errataRev 0: 15 BOOLs | |
1698 | Rev 85 specLevel 2 errataRev 0: 19 BOOLs | |
1699 | Added: nvLocked, readSRKPub, tpmEstablished, maintenanceDone | |
1700 | Rev 94 specLevel 2 errataRev 1: 19 BOOLs | |
1701 | Rev 103 specLevel 2 errataRev 2: 20 BOOLs | |
1702 | Added: disableFullDALogicInfo | |
1703 | */ | |
1704 | ||
1705 | typedef struct tdTPM_PERMANENT_FLAGS { | |
1706 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1707 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_PERMANENT_FLAGS */ | |
1708 | #endif | |
1709 | TPM_BOOL disable; /* disable The state of the disable flag. The default state is TRUE | |
1710 | */ | |
1711 | TPM_BOOL ownership; /* The ability to install an owner. The default state is TRUE. */ | |
1712 | TPM_BOOL deactivated; /* The state of the inactive flag. The default state is TRUE. */ | |
1713 | TPM_BOOL readPubek; /* The ability to read the PUBEK without owner authorization. The | |
1714 | default state is TRUE. | |
1715 | ||
1716 | set TRUE on owner clear | |
1717 | set FALSE on take owner, disablePubekRead | |
1718 | */ | |
1719 | TPM_BOOL disableOwnerClear; /* Whether the owner authorized clear commands are active. The | |
1720 | default state is FALSE. */ | |
1721 | TPM_BOOL allowMaintenance; /* Whether the TPM Owner may create a maintenance archive. The | |
1722 | default state is TRUE. */ | |
1723 | TPM_BOOL physicalPresenceLifetimeLock; /* This bit can only be set to TRUE; it cannot be set to | |
1724 | FALSE except during the manufacturing process. | |
1725 | ||
1726 | FALSE: The state of either physicalPresenceHWEnable or | |
1727 | physicalPresenceCMDEnable MAY be changed. (DEFAULT) | |
1728 | ||
1729 | TRUE: The state of either physicalPresenceHWEnable or | |
1730 | physicalPresenceCMDEnable MUST NOT be changed for the | |
1731 | life of the TPM. */ | |
1732 | TPM_BOOL physicalPresenceHWEnable; /* FALSE: Disable the hardware signal indicating physical | |
1733 | presence. (DEFAULT) | |
1734 | ||
1735 | TRUE: Enables the hardware signal indicating physical | |
1736 | presence. */ | |
1737 | TPM_BOOL physicalPresenceCMDEnable; /* FALSE: Disable the command indicating physical | |
1738 | presence. (DEFAULT) | |
1739 | ||
1740 | TRUE: Enables the command indicating physical | |
1741 | presence. */ | |
1742 | TPM_BOOL CEKPUsed; /* TRUE: The PRIVEK and PUBEK were created using | |
1743 | TPM_CreateEndorsementKeyPair. | |
1744 | ||
1745 | FALSE: The PRIVEK and PUBEK were created using a manufacturer's | |
1746 | process. NOTE: This flag has no default value as the key pair | |
1747 | MUST be created by one or the other mechanism. */ | |
1748 | TPM_BOOL TPMpost; /* TRUE: After TPM_Startup, if there is a call to | |
1749 | TPM_ContinueSelfTest the TPM MUST execute the actions of | |
1750 | TPM_SelfTestFull | |
1751 | ||
1752 | FALSE: After TPM_Startup, if there is a call to | |
1753 | TPM_ContinueSelfTest the TPM MUST execute TPM_ContinueSelfTest | |
1754 | ||
1755 | If the TPM supports the implicit invocation of | |
1756 | TPM_ContinueSelftTest upon the use of an untested resource, the | |
1757 | TPM MUST use the TPMPost flag to call either TPM_ContinueSelfTest | |
1758 | or TPM_SelfTestFull | |
1759 | ||
1760 | The TPM manufacturer sets this bit during TPM manufacturing and | |
1761 | the bit is unchangeable after shipping the TPM | |
1762 | ||
1763 | The default state is FALSE */ | |
1764 | TPM_BOOL TPMpostLock; /* With the clarification of TPMPost TPMpostLock is now | |
1765 | unnecessary. | |
1766 | This flag is now deprecated */ | |
1767 | TPM_BOOL FIPS; /* TRUE: This TPM operates in FIPS mode | |
1768 | FALSE: This TPM does NOT operate in FIPS mode */ | |
1769 | TPM_BOOL tpmOperator; /* TRUE: The operator authorization value is valid | |
1770 | FALSE: the operator authorization value is not set */ | |
1771 | TPM_BOOL enableRevokeEK; /* TRUE: The TPM_RevokeTrust command is active | |
1772 | FALSE: the TPM RevokeTrust command is disabled */ | |
1773 | TPM_BOOL nvLocked; /* TRUE: All NV area authorization checks are active | |
1774 | FALSE: No NV area checks are performed, except for maxNVWrites. | |
1775 | FALSE is the default value */ | |
1776 | TPM_BOOL readSRKPub; /* TRUE: GetPubKey will return the SRK pub key | |
1777 | FALSE: GetPubKey will not return the SRK pub key | |
1778 | Default SHOULD be FALSE */ | |
1779 | TPM_BOOL tpmEstablished; /* TRUE: TPM_HASH_START has been executed at some time | |
1780 | FALSE: TPM_HASH_START has not been executed at any time | |
1781 | Default is FALSE - resets using TPM_ResetEstablishmentBit */ | |
1782 | TPM_BOOL maintenanceDone; /* TRUE: A maintenance archive has been created for the current | |
1783 | SRK */ | |
1784 | #if (TPM_REVISION >= 103) /* added for rev 103 */ | |
1785 | TPM_BOOL disableFullDALogicInfo; /* TRUE: The full dictionary attack TPM_GetCapability info is | |
1786 | deactivated. The returned structure is TPM_DA_INFO_LIMITED. | |
1787 | FALSE: The full dictionary attack TPM_GetCapability info is | |
1788 | activated. The returned structure is TPM_DA_INFO. | |
1789 | Default is FALSE. | |
1790 | */ | |
1791 | #endif | |
1792 | /* NOTE: Cannot add vendor specific flags here, since TPM_GetCapability() returns the serialized | |
1793 | structure */ | |
1794 | } TPM_PERMANENT_FLAGS; | |
1795 | ||
1796 | /* 7.2 TPM_STCLEAR_FLAGS rev 109 | |
1797 | ||
1798 | These flags maintain state that is reset on each TPM_Startup(ST_Clear) command. The values are | |
1799 | not affected by TPM_Startup(ST_State) commands. | |
1800 | */ | |
1801 | ||
1802 | typedef struct tdTPM_STCLEAR_FLAGS { | |
1803 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1804 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_STCLEAR_FLAGS */ | |
1805 | #endif | |
1806 | TPM_BOOL deactivated; /* Prevents the operation of most capabilities. There is no | |
1807 | default state. It is initialized by TPM_Startup to the | |
1808 | same value as TPM_PERMANENT_FLAGS -> | |
1809 | deactivated. TPM_SetTempDeactivated sets it to TRUE. */ | |
1810 | TPM_BOOL disableForceClear; /* Prevents the operation of TPM_ForceClear when TRUE. The | |
1811 | default state is FALSE. TPM_DisableForceClear sets it to | |
1812 | TRUE. */ | |
1813 | TPM_BOOL physicalPresence; /* Command assertion of physical presence. The default state | |
1814 | is FALSE. This flag is affected by the | |
1815 | TSC_PhysicalPresence command but not by the hardware | |
1816 | signal. */ | |
1817 | TPM_BOOL physicalPresenceLock; /* Indicates whether changes to the TPM_STCLEAR_FLAGS -> | |
1818 | physicalPresence flag are permitted. | |
1819 | TPM_Startup(ST_CLEAR) sets PhysicalPresenceLock to its | |
1820 | default state of FALSE (allow changes to the | |
1821 | physicalPresence flag). When TRUE, the physicalPresence | |
1822 | flag is FALSE. TSC_PhysicalPresence can change the state | |
1823 | of physicalPresenceLock. */ | |
1824 | TPM_BOOL bGlobalLock; /* Set to FALSE on each TPM_Startup(ST_CLEAR). Set to TRUE | |
1825 | when a write to NV_Index =0 is successful */ | |
1826 | /* NOTE: Cannot add vendor specific flags here, since TPM_GetCapability() returns the serialized | |
1827 | structure */ | |
1828 | } TPM_STCLEAR_FLAGS; | |
1829 | ||
1830 | ||
1831 | /* 7.3 TPM_STANY_FLAGS rev 87 | |
1832 | ||
1833 | These flags reset on any TPM_Startup command. | |
1834 | */ | |
1835 | ||
1836 | typedef struct tdTPM_STANY_FLAGS { | |
1837 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1838 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_STANY_FLAGS */ | |
1839 | #endif | |
1840 | TPM_BOOL postInitialise; /* Prevents the operation of most capabilities. There is no default | |
1841 | state. It is initialized by TPM_Init to TRUE. TPM_Startup sets it | |
1842 | to FALSE. */ | |
1843 | TPM_MODIFIER_INDICATOR localityModifier; /*This SHALL indicate for each command the presence of | |
1844 | a locality modifier for the command. It MUST be set | |
1845 | to NULL after the TPM executes each command. */ | |
1846 | #if 0 | |
1847 | TPM_BOOL transportExclusive; /* Defaults to FALSE. TRUE when there is an exclusive transport | |
1848 | session active. Execution of ANY command other than | |
1849 | TPM_ExecuteTransport or TPM_ReleaseTransportSigned MUST | |
1850 | invalidate the exclusive transport session. */ | |
1851 | #endif | |
1852 | TPM_TRANSHANDLE transportExclusive; /* Defaults to 0x00000000, Set to the handle when an | |
1853 | exclusive transport session is active */ | |
1854 | TPM_BOOL TOSPresent; /* Defaults to FALSE | |
1855 | Set to TRUE on TPM_HASH_START | |
1856 | set to FALSE using setCapability */ | |
1857 | /* NOTE: Added kgold */ | |
1858 | TPM_BOOL stateSaved; /* Defaults to FALSE | |
1859 | Set to TRUE on TPM_SaveState | |
1860 | Set to FALSE on any other ordinal | |
1861 | ||
1862 | This is an optimization flag, so the file need not be deleted if | |
1863 | it does not exist. | |
1864 | */ | |
1865 | } TPM_STANY_FLAGS; | |
1866 | ||
1867 | /* 7.4 TPM_PERMANENT_DATA rev 105 | |
1868 | ||
1869 | This structure contains the data fields that are permanently held in the TPM and not affected by | |
1870 | TPM_Startup(any). | |
1871 | ||
1872 | Many of these fields contain highly confidential and privacy sensitive material. The TPM must | |
1873 | maintain the protections around these fields. | |
1874 | */ | |
1875 | ||
1876 | #ifdef TPM_MIN_COUNTERS | |
1877 | #if (TPM_MIN_COUNTERS < 4) | |
bbd7b75d | 1878 | #error "TPM_MIN_COUNTERS minimum is 4" |
a0098eda CB |
1879 | #endif |
1880 | #endif | |
1881 | ||
1882 | #ifndef TPM_MIN_COUNTERS | |
1883 | #define TPM_MIN_COUNTERS 4 /* the minimum number of counters is 4 */ | |
1884 | #endif | |
1885 | ||
1886 | #define TPM_DELEGATE_KEY TPM_KEY | |
1887 | #define TPM_MAX_NV_WRITE_NOOWNER 64 | |
1888 | ||
1889 | /* Although the ordinal is 32 bits, only the lower 8 bits seem to be used. So for now, define an | |
1890 | array of 256/8 bytes for ordinalAuditStatus - kgold */ | |
1891 | ||
1892 | #define TPM_ORDINALS_MAX 256 /* assumes a multiple of CHAR_BIT */ | |
1893 | #define TPM_AUTHDIR_SIZE 1 /* Number of DIR registers */ | |
1894 | ||
1895 | ||
1896 | ||
1897 | ||
1898 | typedef struct tdTPM_PERMANENT_DATA { | |
1899 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
1900 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_PERMANENT_DATA */ | |
1901 | #endif | |
1902 | BYTE revMajor; /* This is the TPM major revision indicator. This SHALL be set by | |
1903 | the TPME, only. The default value is manufacturer-specific. */ | |
1904 | BYTE revMinor; /* This is the TPM minor revision indicator. This SHALL be set by | |
1905 | the TPME, only. The default value is manufacturer-specific. */ | |
1906 | TPM_SECRET tpmProof; /* This is a random number that each TPM maintains to validate blobs | |
1907 | in the SEAL and other processes. The default value is | |
1908 | manufacturer-specific. */ | |
1909 | TPM_NONCE EKReset; /* Nonce held by TPM to validate TPM_RevokeTrust. This value is set | |
1910 | as the next 20 bytes from the TPM RNG when the EK is set | |
1911 | (was fipsReset - kgold) */ | |
1912 | TPM_SECRET ownerAuth; /* This is the TPM-Owner's authorization data. The default value is | |
1913 | manufacturer-specific. */ | |
1914 | TPM_SECRET operatorAuth; /* The value that allows the execution of the SetTempDeactivated | |
1915 | command */ | |
1916 | TPM_DIRVALUE authDIR; /* The array of TPM Owner authorized DIR. Points to the same | |
1917 | location as the NV index value. (kgold - was array of 1) */ | |
1918 | #ifndef TPM_NOMAINTENANCE | |
1919 | TPM_PUBKEY manuMaintPub; /* This is the manufacturer's public key to use in the maintenance | |
1920 | operations. The default value is manufacturer-specific. */ | |
1921 | #endif | |
1922 | TPM_KEY endorsementKey; /* This is the TPM's endorsement key pair. */ | |
1923 | TPM_KEY srk; /* This is the TPM's StorageRootKey. */ | |
1924 | TPM_SYMMETRIC_KEY_TOKEN contextKey; /* This is the key in use to perform context saves. The key | |
1925 | may be symmetric or asymmetric. The key size is | |
1926 | predicated by the algorithm in use. */ | |
1927 | TPM_SYMMETRIC_KEY_TOKEN delegateKey; /* This key encrypts delegate rows that are stored | |
1928 | outside the TPM. */ | |
1929 | TPM_COUNTER_VALUE auditMonotonicCounter; /* This SHALL be the audit monotonic counter for the | |
1930 | TPM. This value starts at 0 and increments | |
1931 | according to the rules of auditing */ | |
1932 | TPM_COUNTER_VALUE monotonicCounter[TPM_MIN_COUNTERS]; /* This SHALL be the monotonic | |
1933 | counters for the TPM. The | |
1934 | individual counters start and | |
1935 | increment according to the rules | |
1936 | of monotonic counters. */ | |
1937 | TPM_PCR_ATTRIBUTES pcrAttrib[TPM_NUM_PCR]; /* The attributes for all of the PCR registers | |
1938 | supported by the TPM. */ | |
1939 | BYTE ordinalAuditStatus[TPM_ORDINALS_MAX/CHAR_BIT]; /* Table indicating which ordinals are being | |
1940 | audited. */ | |
1941 | #if 0 | |
1942 | /* kgold - The xcrypto RNG is good enough that this is not needed */ | |
1943 | BYTE* rngState; /* State information describing the random number | |
1944 | generator. */ | |
1945 | #endif | |
1946 | TPM_FAMILY_TABLE familyTable; /* The family table in use for delegations */ | |
1947 | TPM_DELEGATE_TABLE delegateTable; /* The delegate table */ | |
1948 | uint32_t lastFamilyID; /* A value that sets the high water mark for family ID's. Set to 0 | |
1949 | during TPM manufacturing and never reset. */ | |
1950 | uint32_t noOwnerNVWrite; /* The count of NV writes that have occurred when there is no TPM | |
1951 | Owner. | |
1952 | ||
1953 | This value starts at 0 in manufacturing and after each | |
1954 | TPM_OwnerClear. If the value exceeds 64 the TPM returns | |
1955 | TPM_MAXNVWRITES to any command attempting to manipulate the NV | |
1956 | storage. */ | |
1957 | TPM_CMK_DELEGATE restrictDelegate; /* The settings that allow for the delegation and | |
1958 | use on CMK keys. Default value is false. */ | |
1959 | TPM_DAA_TPM_SEED tpmDAASeed; /* This SHALL be a random value generated after generation | |
1960 | of the EK. | |
1961 | ||
1962 | tpmDAASeed does not change during TPM Owner changes. If | |
1963 | the EK is removed (RevokeTrust) then the TPM MUST | |
1964 | invalidate the tpmDAASeed. The owner can force a change | |
1965 | in the value through TPM_SetCapability. | |
1966 | ||
1967 | (linked to daaProof) */ | |
1968 | TPM_NONCE daaProof; /* This is a random number that each TPM maintains to validate blobs | |
1969 | in the DAA processes. The default value is manufacturer-specific. | |
1970 | ||
1971 | The value is not changed when the owner is changed. It is | |
1972 | changed when the EK changes. The owner can force a change in the | |
1973 | value through TPM_SetCapability. */ | |
1974 | TPM_SYMMETRIC_KEY_TOKEN daaBlobKey; /* This is the key in use to perform DAA encryption and | |
1975 | decryption. The key may be symmetric or asymmetric. The | |
1976 | key size is predicated by the algorithm in use. | |
1977 | ||
1978 | This value MUST be changed when daaProof changes. | |
1979 | ||
1980 | This key MUST NOT be a copy of the EK or SRK. | |
1981 | ||
1982 | (linked to daaProof) */ | |
1983 | /* NOTE: added kgold */ | |
1984 | TPM_BOOL ownerInstalled; /* TRUE: The TPM has an owner installed. | |
1985 | FALSE: The TPM has no owner installed. (default) */ | |
1986 | BYTE tscOrdinalAuditStatus; /* extra byte to track TSC ordinals */ | |
1987 | TPM_BOOL allowLoadMaintPub; /* TRUE allows the TPM_LoadManuMaintPub command */ | |
1988 | ||
1989 | } TPM_PERMANENT_DATA; | |
1990 | ||
1991 | /* 7.6 TPM_STANY_DATA */ | |
1992 | ||
1993 | #ifdef TPM_MIN_AUTH_SESSIONS | |
1994 | #if (TPM_MIN_AUTH_SESSIONS < 3) | |
1995 | #error "TPM_MIN_AUTH_SESSIONS minimum is 3" | |
1996 | #endif | |
1997 | #endif | |
1998 | ||
1999 | #ifndef TPM_MIN_AUTH_SESSIONS | |
2000 | #define TPM_MIN_AUTH_SESSIONS 3 | |
2001 | #endif | |
2002 | ||
2003 | /* NOTE: Vendor specific */ | |
2004 | ||
2005 | typedef struct tdTPM_AUTH_SESSION_DATA { | |
2006 | /* vendor specific */ | |
2007 | TPM_AUTHHANDLE handle; /* Handle for a session */ | |
2008 | TPM_PROTOCOL_ID protocolID; /* TPM_PID_OIAP, TPM_PID_OSAP, TPM_PID_DSAP */ | |
2009 | TPM_ENT_TYPE entityTypeByte; /* The type of entity in use (TPM_ET_SRK, TPM_ET_OWNER, | |
2010 | TPM_ET_KEYHANDLE ... */ | |
2011 | TPM_ADIP_ENC_SCHEME adipEncScheme; /* ADIP encryption scheme */ | |
2012 | TPM_NONCE nonceEven; /* OIAP, OSAP, DSAP */ | |
2013 | TPM_SECRET sharedSecret; /* OSAP */ | |
2014 | TPM_DIGEST entityDigest; /* OSAP tracks which entity established the OSAP session */ | |
2015 | TPM_DELEGATE_PUBLIC pub; /* DSAP */ | |
2016 | TPM_BOOL valid; /* added kgold: array entry is valid */ | |
2017 | } TPM_AUTH_SESSION_DATA; | |
2018 | ||
2019 | ||
2020 | /* 3. contextList MUST support a minimum of 16 entries, it MAY support more. */ | |
2021 | ||
2022 | #ifdef TPM_MIN_SESSION_LIST | |
2023 | #if (TPM_MIN_SESSION_LIST < 16) | |
2024 | #error "TPM_MIN_SESSION_LIST minimum is 16" | |
2025 | #endif | |
2026 | #endif | |
2027 | ||
2028 | #ifndef TPM_MIN_SESSION_LIST | |
2029 | #define TPM_MIN_SESSION_LIST 16 | |
2030 | #endif | |
2031 | ||
2032 | /* 7.5 TPM_STCLEAR_DATA rev 101 | |
2033 | ||
2034 | This is an informative structure and not normative. It is purely for convenience of writing the | |
2035 | spec. | |
2036 | ||
2037 | Most of the data in this structure resets on TPM_Startup(ST_Clear). A TPM may implement rules | |
2038 | that provide longer-term persistence for the data. The TPM reflects how it handles the data in | |
2039 | various TPM_GetCapability fields including startup effects. | |
2040 | */ | |
2041 | ||
2042 | typedef struct tdTPM_STCLEAR_DATA { | |
2043 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2044 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_STCLEAR_DATA */ | |
2045 | #endif | |
2046 | TPM_NONCE contextNonceKey; /* This is the nonce in use to properly identify saved key context | |
2047 | blobs This SHALL be set to all zeros on each TPM_Startup | |
2048 | (ST_Clear). | |
2049 | */ | |
2050 | TPM_COUNT_ID countID; /* This is the handle for the current monotonic counter. This SHALL | |
2051 | be set to zero on each TPM_Startup(ST_Clear). */ | |
2052 | uint32_t ownerReference; /* Points to where to obtain the owner secret in OIAP and OSAP | |
2053 | commands. This allows a TSS to manage 1.1 applications on a 1.2 | |
2054 | TPM where delegation is in operation. */ | |
2055 | TPM_BOOL disableResetLock; /* Disables TPM_ResetLockValue upon authorization failure. | |
2056 | The value remains TRUE for the timeout period. | |
2057 | ||
2058 | Default is FALSE. | |
2059 | ||
2060 | The value is in the STCLEAR_DATA structure as the | |
2061 | implementation of this flag is TPM vendor specific. */ | |
2062 | TPM_PCRVALUE PCRS[TPM_NUM_PCR]; /* Platform configuration registers */ | |
2063 | #if (TPM_REVISION >= 103) /* added for rev 103 */ | |
2064 | uint32_t deferredPhysicalPresence; /* The value can save the assertion of physicalPresence. | |
2065 | Individual bits indicate to its ordinal that | |
2066 | physicalPresence was previously asserted when the | |
2067 | software state is such that it can no longer be asserted. | |
2068 | Set to zero on each TPM_Startup(ST_Clear). */ | |
2069 | #endif | |
2070 | /* NOTE: Added for dictionary attack mitigation */ | |
2071 | uint32_t authFailCount; /* number of authorization failures without a TPM_ResetLockValue */ | |
2072 | uint32_t authFailTime; /* time of threshold failure in seconds */ | |
2073 | /* NOTE: Moved from TPM_STANY_DATA. Saving this state is optional. This implementation | |
2074 | does. */ | |
2075 | TPM_AUTH_SESSION_DATA authSessions[TPM_MIN_AUTH_SESSIONS]; /* List of current | |
2076 | sessions. Sessions can be OSAP, | |
2077 | OIAP, DSAP and Transport */ | |
2078 | /* NOTE: Added for transport */ | |
2079 | TPM_TRANSPORT_INTERNAL transSessions[TPM_MIN_TRANS_SESSIONS]; | |
2080 | /* 22.7 TPM_STANY_DATA Additions (for DAA) - moved to TPM_STCLEAR_DATA for startup state */ | |
2081 | TPM_DAA_SESSION_DATA daaSessions[TPM_MIN_DAA_SESSIONS]; | |
2082 | /* 1. The group of contextNonceSession, contextCount, contextList MUST reset at the same | |
2083 | time. */ | |
2084 | TPM_NONCE contextNonceSession; /* This is the nonce in use to properly identify saved | |
2085 | session context blobs. This MUST be set to all zeros on | |
2086 | each TPM_Startup (ST_Clear). The nonce MAY be set to | |
2087 | null on TPM_Startup( any). */ | |
2088 | uint32_t contextCount; /* This is the counter to avoid session context blob replay | |
2089 | attacks. This MUST be set to 0 on each TPM_Startup | |
2090 | (ST_Clear). The value MAY be set to 0 on TPM_Startup | |
2091 | (any). */ | |
2092 | uint32_t contextList[TPM_MIN_SESSION_LIST]; /* This is the list of outstanding session blobs. | |
2093 | All elements of this array MUST be set to 0 on | |
2094 | each TPM_Startup (ST_Clear). The values MAY be | |
2095 | set to 0 on TPM_Startup (any). */ | |
2096 | /* NOTE Added auditDigest effect, saved with ST_STATE */ | |
2097 | TPM_DIGEST auditDigest; /* This is the extended value that is the audit log. This | |
2098 | SHALL be set to all zeros at the start of each audit | |
2099 | session. */ | |
2100 | /* NOTE Storage for the ordinal response */ | |
2101 | TPM_STORE_BUFFER ordinalResponse; /* outgoing response buffer for this ordinal */ | |
2102 | } TPM_STCLEAR_DATA; | |
2103 | ||
2104 | /* 7.6 TPM_STANY_DATA rev 87 | |
2105 | ||
2106 | This is an informative structure and not normative. It is purely for convenience of writing the | |
2107 | spec. | |
2108 | ||
2109 | Most of the data in this structure resets on TPM_Startup(ST_State). A TPM may implement rules | |
2110 | that provide longer-term persistence for the data. The TPM reflects how it handles the data in | |
2111 | various getcapability fields including startup effects. | |
2112 | */ | |
2113 | ||
2114 | typedef struct tdTPM_STANY_DATA { | |
2115 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2116 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_STANY_DATA */ | |
2117 | #endif | |
2118 | TPM_CURRENT_TICKS currentTicks; /* This is the current tick counter. This is reset to 0 | |
2119 | according to the rules when the TPM can tick. See the | |
2120 | section on the tick counter for details. */ | |
2121 | } TPM_STANY_DATA; | |
2122 | ||
2123 | /* 11. Signed Structures */ | |
2124 | ||
2125 | /* 11.1 TPM_CERTIFY_INFO rev 101 | |
2126 | ||
2127 | When the TPM certifies a key, it must provide a signature with a TPM identity key on information | |
2128 | that describes that key. This structure provides the mechanism to do so. | |
2129 | ||
2130 | Key usage and keyFlags must have their upper byte set to zero to avoid collisions with the other | |
2131 | signature headers. | |
2132 | */ | |
2133 | ||
2134 | typedef struct tdTPM_CERTIFY_INFO { | |
2135 | TPM_STRUCT_VER version; /* This MUST be 1.1.0.0 */ | |
2136 | TPM_KEY_USAGE keyUsage; /* This SHALL be the same value that would be set in a | |
2137 | TPM_KEY representation of the key to be certified. The | |
2138 | upper byte MUST be zero */ | |
2139 | TPM_KEY_FLAGS keyFlags; /* This SHALL be set to the same value as the corresponding | |
2140 | parameter in the TPM_KEY structure that describes the | |
2141 | public key that is being certified. The upper byte MUST | |
2142 | be zero */ | |
2143 | TPM_AUTH_DATA_USAGE authDataUsage; /* This SHALL be the same value that would be set in a | |
2144 | TPM_KEY representation of the key to be certified */ | |
2145 | TPM_KEY_PARMS algorithmParms; /* This SHALL be the same value that would be set in a | |
2146 | TPM_KEY representation of the key to be certified */ | |
2147 | TPM_DIGEST pubkeyDigest; /* This SHALL be a digest of the value TPM_KEY -> pubKey -> | |
2148 | key in a TPM_KEY representation of the key to be | |
2149 | certified */ | |
2150 | TPM_NONCE data; /* This SHALL be externally provided data. */ | |
2151 | TPM_BOOL parentPCRStatus; /* This SHALL indicate if any parent key was wrapped to a | |
2152 | PCR */ | |
2153 | TPM_SIZED_BUFFER pcrInfo; /* */ | |
2154 | #if 0 | |
2155 | uint32_t PCRInfoSize; /* This SHALL be the size of the pcrInfo parameter. A value | |
2156 | of zero indicates that the key is not wrapped to a PCR */ | |
2157 | BYTE* PCRInfo; /* This SHALL be the TPM_PCR_INFO structure. */ | |
2158 | #endif | |
2159 | /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */ | |
2160 | TPM_PCR_INFO *tpm_pcr_info; | |
2161 | } TPM_CERTIFY_INFO; | |
2162 | ||
2163 | /* 11.2 TPM_CERTIFY_INFO2 rev 101 | |
2164 | ||
2165 | When the TPM certifies a key, it must provide a signature with a TPM identity key on information | |
2166 | that describes that key. This structure provides the mechanism to do so. | |
2167 | ||
2168 | Key usage and keyFlags must have their upper byte set to zero to avoid collisions with the other | |
2169 | signature headers. | |
2170 | */ | |
2171 | ||
2172 | typedef struct tdTPM_CERTIFY_INFO2 { | |
2173 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2174 | TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CERTIFY_INFO2 */ | |
2175 | #endif | |
2176 | BYTE fill; /* MUST be 0x00 */ | |
2177 | TPM_PAYLOAD_TYPE payloadType; /* This SHALL be the same value that would be set in a | |
2178 | TPM_KEY representation of the key to be certified */ | |
2179 | TPM_KEY_USAGE keyUsage; /* This SHALL be the same value that would be set in a | |
2180 | TPM_KEY representation of the key to be certified. The | |
2181 | upper byte MUST be zero */ | |
2182 | TPM_KEY_FLAGS keyFlags; /* This SHALL be set to the same value as the corresponding | |
2183 | parameter in the TPM_KEY structure that describes the | |
2184 | public key that is being certified. The upper byte MUST | |
2185 | be zero. */ | |
2186 | TPM_AUTH_DATA_USAGE authDataUsage; /* This SHALL be the same value that would be set in a | |
2187 | TPM_KEY representation of the key to be certified */ | |
2188 | TPM_KEY_PARMS algorithmParms; /* This SHALL be the same value that would be set in a | |
2189 | TPM_KEY representation of the key to be certified */ | |
2190 | TPM_DIGEST pubkeyDigest; /* This SHALL be a digest of the value TPM_KEY -> pubKey -> | |
2191 | key in a TPM_KEY representation of the key to be | |
2192 | certified */ | |
2193 | TPM_NONCE data; /* This SHALL be externally provided data. */ | |
2194 | TPM_BOOL parentPCRStatus; /* This SHALL indicate if any parent key was wrapped to a | |
2195 | PCR */ | |
2196 | #if 0 | |
2197 | uint32_t PCRInfoSize; /* This SHALL be the size of the pcrInfo parameter. A value | |
2198 | of zero indicates that the key is not wrapped to a PCR */ | |
2199 | BYTE* PCRInfo; /* This SHALL be the TPM_PCR_INFO_SHORT structure. */ | |
2200 | #endif | |
2201 | TPM_SIZED_BUFFER pcrInfo; | |
2202 | #if 0 | |
2203 | uint32_t migrationAuthoritySize; /* This SHALL be the size of migrationAuthority */ | |
2204 | BYTE *migrationAuthority; /* If the key to be certified has [payload == | |
2205 | TPM_PT_MIGRATE_RESTRICTED or payload | |
2206 | ==TPM_PT_MIGRATE_EXTERNAL], migrationAuthority is the | |
2207 | digest of the TPM_MSA_COMPOSITE and has TYPE == | |
2208 | TPM_DIGEST. Otherwise it is NULL. */ | |
2209 | #endif | |
2210 | TPM_SIZED_BUFFER migrationAuthority; | |
2211 | /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */ | |
2212 | TPM_PCR_INFO_SHORT *tpm_pcr_info_short; | |
2213 | } TPM_CERTIFY_INFO2; | |
2214 | ||
2215 | /* 11.3 TPM_QUOTE_INFO rev 87 | |
2216 | ||
2217 | This structure provides the mechanism for the TPM to quote the current values of a list of PCRs. | |
2218 | */ | |
2219 | ||
2220 | typedef struct tdTPM_QUOTE_INFO { | |
2221 | TPM_STRUCT_VER version; /* This MUST be 1.1.0.0 */ | |
2222 | BYTE fixed[4]; /* This SHALL always be the string 'QUOT' */ | |
2223 | TPM_COMPOSITE_HASH digestValue; /* This SHALL be the result of the composite hash algorithm | |
2224 | using the current values of the requested PCR indices. */ | |
2225 | TPM_NONCE externalData; /* 160 bits of externally supplied data */ | |
2226 | } TPM_QUOTE_INFO; | |
2227 | ||
2228 | /* 11.4 TPM_QUOTE_INFO2 rev 87 | |
2229 | ||
2230 | This structure provides the mechanism for the TPM to quote the current values of a list of PCRs. | |
2231 | */ | |
2232 | ||
2233 | typedef struct tdTPM_QUOTE_INFO2 { | |
2234 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2235 | TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_QUOTE_INFO2 */ | |
2236 | #endif | |
2237 | BYTE fixed[4]; /* This SHALL always be the string 'QUT2' */ | |
2238 | TPM_NONCE externalData; /* 160 bits of externally supplied data */ | |
2239 | TPM_PCR_INFO_SHORT infoShort; /* */ | |
2240 | } TPM_QUOTE_INFO2; | |
2241 | ||
2242 | /* 12.1 TPM_EK_BLOB rev 87 | |
2243 | ||
2244 | This structure provides a wrapper to each type of structure that will be in use when the | |
2245 | endorsement key is in use. | |
2246 | */ | |
2247 | ||
2248 | typedef struct tdTPM_EK_BLOB { | |
2249 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2250 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_EK_BLOB */ | |
2251 | #endif | |
2252 | TPM_EK_TYPE ekType; /* This SHALL be set to reflect the type of blob in use */ | |
2253 | TPM_SIZED_BUFFER blob; /* The blob of information depending on the type */ | |
2254 | #if 0 | |
2255 | uint32_t blobSize; /* */ | |
2256 | [size_is(blobSize)] byte* blob; /* */ | |
2257 | #endif | |
2258 | } TPM_EK_BLOB; | |
2259 | ||
2260 | /* 12.2 TPM_EK_BLOB_ACTIVATE rev 87 | |
2261 | ||
2262 | This structure contains the symmetric key to encrypt the identity credential. This structure | |
2263 | always is contained in a TPM_EK_BLOB. | |
2264 | */ | |
2265 | ||
2266 | typedef struct tdTPM_EK_BLOB_ACTIVATE { | |
2267 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2268 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_EK_BLOB_ACTIVATE */ | |
2269 | #endif | |
2270 | TPM_SYMMETRIC_KEY sessionKey; /* This SHALL be the session key used by the CA to encrypt | |
2271 | the TPM_IDENTITY_CREDENTIAL */ | |
2272 | TPM_DIGEST idDigest; /* This SHALL be the digest of the TPM identity public key | |
2273 | that is being certified by the CA */ | |
2274 | TPM_PCR_INFO_SHORT pcrInfo; /* This SHALL indicate the PCR's and localities */ | |
2275 | } TPM_EK_BLOB_ACTIVATE; | |
2276 | ||
2277 | /* 12.3 TPM_EK_BLOB_AUTH rev 87 | |
2278 | ||
2279 | This structure contains the symmetric key to encrypt the identity credential. This structure | |
2280 | always is contained in a TPM_EK_BLOB. | |
2281 | */ | |
2282 | ||
2283 | typedef struct tdTPM_EK_BLOB_AUTH { | |
2284 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2285 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_EK_BLOB_AUTH */ | |
2286 | #endif | |
2287 | TPM_SECRET authValue; /* This SHALL be the authorization value */ | |
2288 | } TPM_EK_BLOB_AUTH; | |
2289 | ||
2290 | /* 12.5 TPM_IDENTITY_CONTENTS rev 87 | |
2291 | ||
2292 | TPM_MakeIdentity uses this structure and the signature of this structure goes to a privacy CA | |
2293 | during the certification process. | |
2294 | */ | |
2295 | ||
2296 | typedef struct tdTPM_IDENTITY_CONTENTS { | |
2297 | TPM_STRUCT_VER ver; /* This MUST be 1.1.0.0 */ | |
2298 | uint32_t ordinal; /* This SHALL be the ordinal of the TPM_MakeIdentity | |
2299 | command. */ | |
2300 | TPM_CHOSENID_HASH labelPrivCADigest; /* This SHALL be the result of hashing the chosen | |
2301 | identityLabel and privacyCA for the new TPM | |
2302 | identity */ | |
2303 | TPM_PUBKEY identityPubKey; /* This SHALL be the public key structure of the identity | |
2304 | key */ | |
2305 | } TPM_IDENTITY_CONTENTS; | |
2306 | ||
2307 | /* 12.8 TPM_ASYM_CA_CONTENTS rev 87 | |
2308 | ||
2309 | This structure contains the symmetric key to encrypt the identity credential. | |
2310 | */ | |
2311 | ||
2312 | typedef struct tdTPM_ASYM_CA_CONTENTS { | |
2313 | TPM_SYMMETRIC_KEY sessionKey; /* This SHALL be the session key used by the CA to encrypt | |
2314 | the TPM_IDENTITY_CREDENTIAL */ | |
2315 | TPM_DIGEST idDigest; /* This SHALL be the digest of the TPM_PUBKEY of the key | |
2316 | that is being certified by the CA */ | |
2317 | } TPM_ASYM_CA_CONTENTS; | |
2318 | ||
2319 | /* | |
2320 | 14. Audit Structures | |
2321 | */ | |
2322 | ||
2323 | /* 14.1 TPM_AUDIT_EVENT_IN rev 87 | |
2324 | ||
2325 | This structure provides the auditing of the command upon receipt of the command. It provides the | |
2326 | information regarding the input parameters. | |
2327 | */ | |
2328 | ||
2329 | typedef struct tdTPM_AUDIT_EVENT_IN { | |
2330 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2331 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_AUDIT_EVENT_IN */ | |
2332 | #endif | |
2333 | TPM_DIGEST inputParms; /* Digest value according to the HMAC digest rules of the | |
2334 | "above the line" parameters (i.e. the first HMAC digest | |
2335 | calculation). When there are no HMAC rules, the input | |
2336 | digest includes all parameters including and after the | |
2337 | ordinal. */ | |
2338 | TPM_COUNTER_VALUE auditCount; /* The current value of the audit monotonic counter */ | |
2339 | } TPM_AUDIT_EVENT_IN; | |
2340 | ||
2341 | /* 14.2 TPM_AUDIT_EVENT_OUT rev 87 | |
2342 | ||
2343 | This structure reports the results of the command execution. It includes the return code and the | |
2344 | output parameters. | |
2345 | */ | |
2346 | ||
2347 | typedef struct tdTPM_AUDIT_EVENT_OUT { | |
2348 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2349 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_AUDIT_EVENT_OUT */ | |
2350 | #endif | |
2351 | TPM_DIGEST outputParms; /* Digest value according to the HMAC digest rules of the | |
2352 | "above the line" parameters (i.e. the first HMAC digest | |
2353 | calculation). When there are no HMAC rules, the output | |
2354 | digest includes the return code, the ordinal, and all | |
2355 | parameters after the return code. */ | |
2356 | TPM_COUNTER_VALUE auditCount; /* The current value of the audit monotonic counter */ | |
2357 | } TPM_AUDIT_EVENT_OUT; | |
2358 | ||
2359 | /* | |
2360 | 18. Context structures | |
2361 | */ | |
2362 | ||
2363 | /* 18.1 TPM_CONTEXT_BLOB rev 102 | |
2364 | ||
2365 | This is the header for the wrapped context. The blob contains all information necessary to reload | |
2366 | the context back into the TPM. | |
2367 | ||
2368 | The additional data is used by the TPM manufacturer to save information that will assist in the | |
2369 | reloading of the context. This area must not contain any shielded data. For instance, the field | |
2370 | could contain some size information that allows the TPM more efficient loads of the context. The | |
2371 | additional area could not contain one of the primes for a RSA key. | |
2372 | ||
2373 | To ensure integrity of the blob when using symmetric encryption the TPM vendor could use some | |
2374 | valid cipher chaining mechanism. To ensure the integrity without depending on correct | |
2375 | implementation, the TPM_CONTEXT_BLOB structure uses a HMAC of the entire structure using tpmProof | |
2376 | as the secret value. | |
2377 | ||
2378 | Since both additionalData and sensitiveData are informative, any or all of additionalData | |
2379 | could be moved to sensitiveData. | |
2380 | */ | |
2381 | ||
2382 | #define TPM_CONTEXT_LABEL_SIZE 16 | |
2383 | ||
2384 | typedef struct tdTPM_CONTEXT_BLOB { | |
2385 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2386 | TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CONTEXTBLOB */ | |
2387 | #endif | |
2388 | TPM_RESOURCE_TYPE resourceType; /* The resource type */ | |
2389 | TPM_HANDLE handle; /* Previous handle of the resource */ | |
2390 | BYTE label[TPM_CONTEXT_LABEL_SIZE]; /* Label for identification of the blob. Free format | |
2391 | area. */ | |
2392 | uint32_t contextCount; /* MUST be TPM_STANY_DATA -> contextCount when creating the | |
2393 | structure. This value is ignored for context blobs that | |
2394 | reference a key. */ | |
2395 | TPM_DIGEST integrityDigest; /* The integrity of the entire blob including the sensitive | |
2396 | area. This is a HMAC calculation with the entire | |
2397 | structure (including sensitiveData) being the hash and | |
2398 | tpmProof is the secret */ | |
2399 | #if 0 | |
2400 | uint32_t additionalSize; | |
2401 | [size_is(additionalSize)] BYTE* additionalData; | |
2402 | uint32_t sensitiveSize; | |
2403 | [size_is(sensitiveSize)] BYTE* sensitiveData; | |
2404 | #endif | |
2405 | TPM_SIZED_BUFFER additionalData; /* Additional information set by the TPM that helps define | |
2406 | and reload the context. The information held in this area | |
2407 | MUST NOT expose any information held in shielded | |
2408 | locations. This should include any IV for symmetric | |
2409 | encryption */ | |
2410 | TPM_SIZED_BUFFER sensitiveData; /* The normal information for the resource that can be | |
2411 | exported */ | |
2412 | } TPM_CONTEXT_BLOB; | |
2413 | ||
2414 | /* 18.2 TPM_CONTEXT_SENSITIVE rev 87 | |
2415 | ||
2416 | The internal areas that the TPM needs to encrypt and store off the TPM. | |
2417 | ||
2418 | This is an informative structure and the TPM can implement in any manner they wish. | |
2419 | */ | |
2420 | ||
2421 | typedef struct tdTPM_CONTEXT_SENSITIVE { | |
2422 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2423 | TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CONTEXT_SENSITIVE */ | |
2424 | #endif | |
2425 | TPM_NONCE contextNonce; /* On context blobs other than keys this MUST be | |
2426 | TPM_STANY_DATA - > contextNonceSession For keys the value | |
2427 | is TPM_STCLEAR_DATA -> contextNonceKey */ | |
2428 | #if 0 | |
2429 | uint32_t internalSize; | |
2430 | [size_is(internalSize)] BYTE* internalData; | |
2431 | #endif | |
2432 | TPM_SIZED_BUFFER internalData; /* The internal data area */ | |
2433 | } TPM_CONTEXT_SENSITIVE; | |
2434 | ||
2435 | /* 19.2 TPM_NV_ATTRIBUTES rev 99 | |
2436 | ||
2437 | This structure allows the TPM to keep track of the data and permissions to manipulate the area. | |
2438 | */ | |
2439 | ||
2440 | typedef struct tdTPM_NV_ATTRIBUTES { | |
2441 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2442 | TPM_STRUCTURE_TAG tag; /* TPM_TAG_NV_ATTRIBUTES */ | |
2443 | #endif | |
2444 | uint32_t attributes; /* The attribute area */ | |
2445 | } TPM_NV_ATTRIBUTES; | |
2446 | ||
2447 | /* 19.3 TPM_NV_DATA_PUBLIC rev 110 | |
2448 | ||
2449 | This structure represents the public description and controls on the NV area. | |
2450 | ||
2451 | bReadSTClear and bWriteSTClear are volatile, in that they are set FALSE at TPM_Startup(ST_Clear). | |
2452 | bWriteDefine is persistent, in that it remains TRUE through startup. | |
2453 | ||
2454 | A pcrSelect of 0 indicates that the digestAsRelease is not checked. In this case, the TPM is not | |
2455 | required to consume NVRAM space to store the digest, although it may do so. When | |
2456 | TPM_GetCapability (TPM_CAP_NV_INDEX) returns the structure, a TPM that does not store the digest | |
2457 | can return zero. A TPM that does store the digest may return either the digest or zero. | |
2458 | */ | |
2459 | ||
2460 | typedef struct tdTPM_NV_DATA_PUBLIC { | |
2461 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2462 | TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_NV_DATA_PUBLIC */ | |
2463 | #endif | |
2464 | TPM_NV_INDEX nvIndex; /* The index of the data area */ | |
2465 | TPM_PCR_INFO_SHORT pcrInfoRead; /* The PCR selection that allows reading of the area */ | |
2466 | TPM_PCR_INFO_SHORT pcrInfoWrite; /* The PCR selection that allows writing of the area */ | |
2467 | TPM_NV_ATTRIBUTES permission; /* The permissions for manipulating the area */ | |
2468 | TPM_BOOL bReadSTClear; /* Set to FALSE on each TPM_Startup(ST_Clear) and set to | |
2469 | TRUE after a ReadValuexxx with datasize of 0 */ | |
2470 | TPM_BOOL bWriteSTClear; /* Set to FALSE on each TPM_Startup(ST_CLEAR) and set to | |
2471 | TRUE after a WriteValuexxx with a datasize of 0. */ | |
2472 | TPM_BOOL bWriteDefine; /* Set to FALSE after TPM_NV_DefineSpace and set to TRUE | |
2473 | after a successful WriteValuexxx with a datasize of 0 */ | |
2474 | uint32_t dataSize; /* The size of the data area in bytes */ | |
2475 | } TPM_NV_DATA_PUBLIC; | |
2476 | ||
2477 | /* 19.4 TPM_NV_DATA_SENSITIVE rev 101 | |
2478 | ||
2479 | This is an internal structure that the TPM uses to keep the actual NV data and the controls | |
2480 | regarding the area. | |
2481 | */ | |
2482 | ||
2483 | typedef struct tdTPM_NV_DATA_SENSITIVE { | |
2484 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2485 | TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_NV_DATA_SENSITIVE */ | |
2486 | #endif | |
2487 | TPM_NV_DATA_PUBLIC pubInfo; /* The public information regarding this area */ | |
2488 | TPM_AUTHDATA authValue; /* The authorization value to manipulate the value */ | |
2489 | BYTE *data; /* The data area. This MUST not contain any sensitive information as | |
2490 | the TPM does not provide any confidentiality on the data. */ | |
2491 | /* NOTE Added kg */ | |
2492 | TPM_DIGEST digest; /* for OSAP comparison */ | |
2493 | } TPM_NV_DATA_SENSITIVE; | |
2494 | ||
2495 | typedef struct tdTPM_NV_INDEX_ENTRIES { | |
2496 | uint32_t nvIndexCount; /* number of entries */ | |
2497 | TPM_NV_DATA_SENSITIVE *tpm_nvindex_entry; /* array of TPM_NV_DATA_SENSITIVE */ | |
2498 | } TPM_NV_INDEX_ENTRIES; | |
2499 | ||
2500 | /* TPM_NV_DATA_ST | |
2501 | ||
2502 | This is a cache of the the NV defined space volatile flags, used during error rollback | |
2503 | */ | |
2504 | ||
2505 | typedef struct tdTPM_NV_DATA_ST { | |
2506 | TPM_NV_INDEX nvIndex; /* The index of the data area */ | |
2507 | TPM_BOOL bReadSTClear; | |
2508 | TPM_BOOL bWriteSTClear; | |
2509 | } TPM_NV_DATA_ST; | |
2510 | ||
2511 | /* | |
2512 | 21. Capability areas | |
2513 | */ | |
2514 | ||
2515 | /* 21.6 TPM_CAP_VERSION_INFO rev 99 | |
2516 | ||
2517 | This structure is an output from a TPM_GetCapability -> TPM_CAP_VERSION_VAL request. TPM returns | |
2518 | the current version and revision of the TPM. | |
2519 | ||
2520 | The specLevel and errataRev are defined in the document "Specification and File Naming | |
2521 | Conventions" | |
2522 | ||
2523 | The tpmVendorID is a value unique to each vendor. It is defined in the document "TCG Vendor | |
2524 | Naming". | |
2525 | ||
2526 | The vendor specific area allows the TPM vendor to provide support for vendor options. The TPM | |
2527 | vendor may define the area to the TPM vendor's needs. | |
2528 | */ | |
2529 | ||
2530 | typedef struct tdTPM_CAP_VERSION_INFO { | |
2531 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2532 | TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CAP_VERSION_INFO */ | |
2533 | #endif | |
2534 | TPM_VERSION version; /* The version and revision */ | |
2535 | uint16_t specLevel; /* A number indicating the level of ordinals supported */ | |
2536 | BYTE errataRev; /* A number indicating the errata version of the specification */ | |
2537 | BYTE tpmVendorID[4]; /* The vendor ID unique to each TPM manufacturer. */ | |
2538 | uint16_t vendorSpecificSize; /* The size of the vendor specific area */ | |
2539 | BYTE* vendorSpecific; /* Vendor specific information */ | |
2540 | /* NOTE Cannot be TPM_SIZED_BUFFER, because of uint16_t */ | |
2541 | } TPM_CAP_VERSION_INFO; | |
2542 | ||
2543 | /* 21.10 TPM_DA_ACTION_TYPE rev 100 | |
2544 | ||
2545 | This structure indicates the action taken when the dictionary attack mitigation logic is active, | |
2546 | when TPM_DA_STATE is TPM_DA_STATE_ACTIVE. | |
2547 | */ | |
2548 | ||
2549 | typedef struct tdTPM_DA_ACTION_TYPE { | |
2550 | TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DA_ACTION_TYPE */ | |
2551 | uint32_t actions; /* The action taken when TPM_DA_STATE is TPM_DA_STATE_ACTIVE. */ | |
2552 | } TPM_DA_ACTION_TYPE; | |
2553 | ||
2554 | /* 21.7 TPM_DA_INFO rev 100 | |
2555 | ||
2556 | This structure is an output from a TPM_GetCapability -> TPM_CAP_DA_LOGIC request if | |
2557 | TPM_PERMANENT_FLAGS -> disableFullDALogicInfo is FALSE. | |
2558 | ||
2559 | It returns static information describing the TPM response to authorization failures that might | |
2560 | indicate a dictionary attack and dynamic information regarding the current state of the | |
2561 | dictionary attack mitigation logic. | |
2562 | */ | |
2563 | ||
2564 | typedef struct tdTPM_DA_INFO { | |
2565 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2566 | TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DA_INFO */ | |
2567 | #endif | |
2568 | TPM_DA_STATE state; /* Dynamic. The actual state of the dictionary attack mitigation | |
2569 | logic. See 21.9. */ | |
2570 | uint16_t currentCount; /* Dynamic. The actual count of the authorization failure counter | |
2571 | for the selected entity type */ | |
2572 | uint16_t thresholdCount; /* Static. Dictionary attack mitigation threshold count for the | |
2573 | selected entity type */ | |
2574 | TPM_DA_ACTION_TYPE actionAtThreshold; /* Static Action of the TPM when currentCount passes | |
2575 | thresholdCount. See 21.10. */ | |
2576 | uint32_t actionDependValue; /* Dynamic. Action being taken when the dictionary attack | |
2577 | mitigation logic is active. E.g., when actionAtThreshold is | |
2578 | TPM_DA_ACTION_TIMEOUT, this is the lockout time remaining in | |
2579 | seconds. */ | |
2580 | TPM_SIZED_BUFFER vendorData; /* Vendor specific data field */ | |
2581 | } TPM_DA_INFO; | |
2582 | ||
2583 | /* 21.8 TPM_DA_INFO_LIMITED rev 100 | |
2584 | ||
2585 | This structure is an output from a TPM_GetCapability -> TPM_CAP_DA_LOGIC request if | |
2586 | TPM_PERMANENT_FLAGS -> disableFullDALogicInfo is TRUE. | |
2587 | ||
2588 | It returns static information describing the TPM response to authorization failures that might | |
2589 | indicate a dictionary attack and dynamic information regarding the current state of the | |
2590 | dictionary attack mitigation logic. This structure omits information that might aid an attacker. | |
2591 | */ | |
2592 | ||
2593 | typedef struct tdTPM_DA_INFO_LIMITED { | |
2594 | #ifdef TPM_USE_TAG_IN_STRUCTURE | |
2595 | TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DA_INFO_LIMITED */ | |
2596 | #endif | |
2597 | TPM_DA_STATE state; /* Dynamic. The actual state of the dictionary attack mitigation | |
2598 | logic. See 21.9. */ | |
2599 | TPM_DA_ACTION_TYPE actionAtThreshold; /* Static Action of the TPM when currentCount passes | |
2600 | thresholdCount. See 21.10. */ | |
2601 | TPM_SIZED_BUFFER vendorData; /* Vendor specific data field */ | |
2602 | } TPM_DA_INFO_LIMITED; | |
2603 | ||
2604 | #endif | |
2605 | ||
2606 | /* Sanity check the size of the NV file vs. the maximum allocation size | |
2607 | ||
2608 | The multipliers are very conservative | |
2609 | */ | |
2610 | ||
2611 | #if (TPM_ALLOC_MAX < \ | |
2612 | (4000 + \ | |
2613 | (TPM_OWNER_EVICT_KEY_HANDLES * 2000) + \ | |
2614 | TPM_MAX_NV_DEFINED_SPACE)) | |
2615 | #error "TPM_ALLOC_MAX too small for NV file size" | |
2616 | #endif | |
2617 | ||
2618 | /* Sanity check the size of the volatile file vs. the maximum allocation size | |
2619 | ||
2620 | The multipliers are very conservative | |
2621 | */ | |
2622 | ||
2623 | #if (TPM_ALLOC_MAX < \ | |
2624 | (4000 + \ | |
2625 | TPM_KEY_HANDLES * 2000 + \ | |
2626 | TPM_MIN_TRANS_SESSIONS * 500 + \ | |
2627 | TPM_MIN_DAA_SESSIONS * 2000 + \ | |
2628 | TPM_MIN_AUTH_SESSIONS * 500)) | |
2629 | #error "TPM_ALLOC_MAX too small for volatile file size" | |
2630 | #endif |