]> git.proxmox.com Git - libtpms.git/blob - src/tpm12/tpm_structures.h
projects / libtpms.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Move common debug, memory & nvfile units to src/
[libtpms.git] / src / tpm12 / tpm_structures.h
1 /********************************************************************************/
2 /* */
3 /* TPM Structures */
4 /* Written by Ken Goldman */
5 /* IBM Thomas J. Watson Research Center */
6 /* $Id: tpm_structures.h 4528 2011-03-29 22:16:28Z kgoldman $ */
7 /* */
8 /* (c) Copyright IBM Corporation 2006, 2010. */
9 /* */
10 /* All rights reserved. */
11 /* */
12 /* Redistribution and use in source and binary forms, with or without */
13 /* modification, are permitted provided that the following conditions are */
14 /* met: */
15 /* */
16 /* Redistributions of source code must retain the above copyright notice, */
17 /* this list of conditions and the following disclaimer. */
18 /* */
19 /* Redistributions in binary form must reproduce the above copyright */
20 /* notice, this list of conditions and the following disclaimer in the */
21 /* documentation and/or other materials provided with the distribution. */
22 /* */
23 /* Neither the names of the IBM Corporation nor the names of its */
24 /* contributors may be used to endorse or promote products derived from */
25 /* this software without specific prior written permission. */
26 /* */
27 /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */
28 /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */
29 /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */
30 /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */
31 /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */
32 /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */
33 /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */
34 /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */
35 /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */
36 /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */
37 /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
38 /********************************************************************************/
39
40 #ifndef TPM_STRUCTURES_H
41 #define TPM_STRUCTURES_H
42
43 #include <limits.h>
44 #include "tpm_constants.h"
45 #include "tpm_memory.h"
46 #include "tpm_types.h"
47 #include "tpm_nvram_const.h"
48
49 /* Sanity check on build macros are centralized here, since any TPM will use this header */
50
51 #if !defined (TPM_POSIX) && !defined (TPM_WINDOWS) && !defined(TPM_SYSTEM_P)
52 #error "Must define either TPM_POSIX or TPM_WINDOWS or TPM_SYSTEM_P"
53 #endif
54
55 #if defined (TPM_NV_XCRYPTO_FLASH) && defined (TPM_NV_DISK)
56 #error "Cannot define TPM_NV_XCRYPTO_FLASH and TPM_NV_DISK"
57 #endif
58
59 #if defined (TPM_WINDOWS) && defined (TPM_UNIX_DOMAIN_SOCKET)
60 #error "Cannot define TPM_WINDOWS and TPM_UNIX_DOMAIN_SOCKET"
61 #endif
62
63 #if defined (TPM_USE_CHARDEV) && defined (TPM_UNIX_DOMAIN_SOCKET)
64 #error "Cannot define TPM_USE_CHARDEV and TPM_UNIX_DOMAIN_SOCKET"
65 #endif
66
67 #if defined (TPM_NV_XCRYPTO_FLASH) && defined (TPM_UNIX_DOMAIN_SOCKET)
68 #error "Cannot define TPM_NV_XCRYPTO_FLASH and TPM_UNIX_DOMAIN_SOCKET"
69 #endif
70
71 #if defined (TPM_XCRYPTO_USE_HW) && !defined(TPM_NV_XCRYPTO_FLASH)
72 #error "TPM_XCRYPTO_USE_HW requires TPM_NV_XCRYPTO_FLASH"
73 #endif
74
75 #if defined (TPM_VTPM) && defined (TPM_UNIX_DOMAIN_SOCKET)
76 #error "Cannot define TPM_VTPM and TPM_UNIX_DOMAIN_SOCKET"
77 #endif
78
79
80
81 #if defined (TPM_V11) && defined (TPM_V12)
82 #error "Cannot define TPM_V12 and TPM_V11"
83 #endif
84
85 #if !defined (TPM_V11) && !defined (TPM_V12)
86 #error "Must define either TPM_V12 or TPM_V11"
87 #endif
88
89 #if defined (TPM_DES) && defined (TPM_AES)
90 #error "Cannot define TPM_DES and TPM_AES"
91 #endif
92 #if !defined (TPM_DES) && !defined (TPM_AES)
93 #error "Must define either TPM_DES or TPM_AES"
94 #endif
95
96 /* This structure is typically a cast from a subset of a larger TPM structure. Two members - a 4
97 bytes size followed by a 4 bytes pointer to the data is a common TPM structure idiom. */
98
99 typedef struct tdTPM_SIZED_BUFFER {
100 uint32_t size;
101 BYTE *buffer;
102 } TPM_SIZED_BUFFER;
103
104 /* This structure implements a safe storage buffer, used throughout the code when serializing
105 structures to a stream.
106 */
107
108 typedef struct tdTPM_STORE_BUFFER {
109 unsigned char *buffer; /* beginning of buffer */
110 unsigned char *buffer_current; /* first empty position in buffer */
111 unsigned char *buffer_end; /* one past last valid position in buffer */
112 } TPM_STORE_BUFFER;
113
114 /* 5.1 TPM_STRUCT_VER rev 100
115
116 This indicates the version of the structure or TPM.
117
118 Version 1.2 deprecates the use of this structure in all other structures. The structure is not
119 deprecated as many of the structures that contain this structure are not deprecated.
120 */
121
122 #define TPM_MAJOR 0x01
123
124 #if defined TPM_V12
125 #define TPM_MINOR 0x02
126 #endif
127
128 #if defined TPM_V11
129 #define TPM_MINOR 0x01
130 #endif
131
132 typedef struct tdTPM_STRUCT_VER {
133 BYTE major; /* This SHALL indicate the major version of the structure. MUST be 0x01 */
134 BYTE minor; /* This SHALL indicate the minor version of the structure. MUST be 0x01 */
135 BYTE revMajor; /* This MUST be 0x00 on output, ignored on input */
136 BYTE revMinor; /* This MUST be 0x00 on output, ignored on input */
137 } TPM_STRUCT_VER;
138
139 /* 5.2 TPM_VERSION_BYTE rev 87
140
141 Allocating a byte for the version information is wasteful of space. The current allocation does
142 not provide sufficient resolution to indicate completely the version of the TPM. To allow for
143 backwards compatibility the size of the structure does not change from 1.1.
144
145 To enable minor version, or revision, numbers with 2-digit resolution, the byte representing a
146 version splits into two BDC encoded nibbles. The ordering of the low and high order provides
147 backwards compatibility with existing numbering.
148
149 An example of an implementation of this is; a version of 1.23 would have the value 2 in bit
150 positions 3-0 and the value 3 in bit positions 7-4.
151
152 TPM_VERSION_BYTE is a byte. The byte is broken up according to the following rule
153
154 7-4 leastSigVer Least significant nibble of the minor version. MUST be values within the range of
155 0000-1001
156 3-0 mostSigVer Most significant nibble of the minor version. MUST be values within the range of
157 0000-1001
158 */
159
160 /* 5.3 TPM_VERSION rev 116
161
162 This structure provides information relative the version of the TPM. This structure should only
163 be in use by TPM_GetCapability to provide the information relative to the TPM.
164 */
165
166 typedef struct tdTPM_VERSION {
167 TPM_VERSION_BYTE major; /* This SHALL indicate the major version of the TPM, mostSigVer MUST
168 be 0x1, leastSigVer MUST be 0x0 */
169 TPM_VERSION_BYTE minor; /* This SHALL indicate the minor version of the TPM, mostSigVer MUST
170 be 0x1 or 0x2, leastSigVer MUST be 0x0 */
171 BYTE revMajor; /* This SHALL be the value of the TPM_PERMANENT_DATA -> revMajor */
172 BYTE revMinor; /* This SHALL be the value of the TPM_PERMANENT_DATA -> revMinor */
173 } TPM_VERSION;
174
175 /* 5.4 TPM_DIGEST rev 111
176
177 The digest value reports the result of a hash operation.
178
179 In version 1 the hash algorithm is SHA-1 with a resulting hash result being 20 bytes or 160 bits.
180
181 It is understood that algorithm agility is lost due to fixing the hash at 20 bytes and on
182 SHA-1. The reason for fixing is due to the internal use of the digest. It is the authorization
183 values, it provides the secrets for the HMAC and the size of 20 bytes determines the values that
184 can be stored and encrypted. For this reason, the size is fixed and any changes to this value
185 require a new version of the specification.
186
187 The digestSize parameter MUST indicate the block size of the algorithm and MUST be 20 or greater.
188
189 For all TPM v1 hash operations, the hash algorithm MUST be SHA-1 and the digestSize parameter is
190 therefore equal to 20.
191 */
192
193 #define TPM_DIGEST_SIZE 20
194 typedef BYTE TPM_DIGEST[TPM_DIGEST_SIZE];
195
196 #if 0
197 /* kgold - This was designed as a structure with one element. Changed to a simple BYTE array, like
198 TPM_SECRET. */
199 typedef struct tdTPM_DIGEST {
200 BYTE digest[TPM_DIGEST_SIZE]; /* This SHALL be the actual digest information */
201 } TPM_DIGEST;
202 #endif
203
204 /* Redefinitions */
205
206 typedef TPM_DIGEST TPM_CHOSENID_HASH; /* This SHALL be the digest of the chosen identityLabel and
207 privacyCA for a new TPM identity.*/
208
209 typedef TPM_DIGEST TPM_COMPOSITE_HASH; /* This SHALL be the hash of a list of PCR indexes and PCR
210 values that a key or data is bound to. */
211
212 typedef TPM_DIGEST TPM_DIRVALUE; /* This SHALL be the value of a DIR register */
213
214 typedef TPM_DIGEST TPM_HMAC; /* This shall be the output of the HMAC algorithm */
215
216 typedef TPM_DIGEST TPM_PCRVALUE; /* The value inside of the PCR */
217
218 typedef TPM_DIGEST TPM_AUDITDIGEST; /* This SHALL be the value of the current internal audit
219 state */
220
221 /* 5.5 TPM_NONCE rev 99
222
223 A nonce is a random value that provides protection from replay and other attacks. Many of the
224 commands and protocols in the specification require a nonce. This structure provides a consistent
225 view of what a nonce is.
226 */
227
228 #define TPM_NONCE_SIZE 20
229 typedef BYTE TPM_NONCE[TPM_NONCE_SIZE];
230
231 #if 0
232 /* kgold - This was designed as a structure with one element. Changed to a simple BYTE array, like
233 TPM_SECRET. */
234 typedef struct tdTPM_NONCE {
235 BYTE nonce[TPM_NONCE_SIZE]; /* This SHALL be the 20 bytes of random data. When created by the
236 TPM the value MUST be the next 20 bytes from the RNG */
237 } TPM_NONCE;
238 #endif
239
240 typedef TPM_NONCE TPM_DAA_TPM_SEED; /* This SHALL be a random value generated by a TPM
241 immediately after the EK is installed in that TPM,
242 whenever an EK is installed in that TPM */
243 typedef TPM_NONCE TPM_DAA_CONTEXT_SEED; /* This SHALL be a random value */
244
245 /* 5.6 TPM_AUTHDATA rev 87
246
247 The authorization data is the information that is saved or passed to provide proof of ownership
248 of an entity. For version 1 this area is always 20 bytes.
249 */
250
251 #define TPM_AUTHDATA_SIZE 20
252 typedef BYTE TPM_AUTHDATA[TPM_AUTHDATA_SIZE];
253
254 #define TPM_SECRET_SIZE 20
255 typedef BYTE TPM_SECRET[TPM_SECRET_SIZE];
256
257 #if 0 /* kgold - define TPM_SECRET directly, so the size can be defined */
258 typedef TPM_AUTHDATA TPM_SECRET; /* A secret plain text value used in the authorization process. */
259 #endif
260
261 typedef TPM_AUTHDATA TPM_ENCAUTH; /* A cipher text (encrypted) version of authorization data. The
262 encryption mechanism depends on the context. */
263
264 /* 5.7 TPM_KEY_HANDLE_LIST rev 87
265
266 TPM_KEY_HANDLE_LIST is a structure used to describe the handles of all keys currently loaded into
267 a TPM.
268 */
269
270 #if 0 /* This is the version from the specification part 2 */
271 typedef struct tdTPM_KEY_HANDLE_LIST {
272 uint16_t loaded; /* The number of keys currently loaded in the TPM. */
273 [size_is(loaded)] TPM_KEY_HANDLE handle[]; /* An array of handles, one for each key currently
274 loaded in the TPM */
275 } TPM_KEY_HANDLE_LIST;
276 #endif
277
278 /* 5.11 TPM_CHANGEAUTH_VALIDATE rev 87
279
280 This structure provides an area that will stores the new authorization data and the challenger's
281 nonce.
282 */
283
284 typedef struct tdTPM_CHANGEAUTH_VALIDATE {
285 TPM_SECRET newAuthSecret; /* This SHALL be the new authorization data for the target entity */
286 TPM_NONCE n1; /* This SHOULD be a nonce, to enable the caller to verify that the
287 target TPM is on-line. */
288 } TPM_CHANGEAUTH_VALIDATE;
289
290
291
292 /* PCR */
293
294 /* NOTE: The TPM requires and the code assumes a multiple of CHAR_BIT (8). 48 registers (6 bytes)
295 may be a bad number, as it makes TPM_PCR_INFO and TPM_PCR_INFO_LONG indistinguishable in the
296 first two bytes. */
297
298 #if defined TPM_V11
299 #define TPM_NUM_PCR 16 /* Use PC Client specification values */
300 #endif
301
302 #if defined TPM_V12
303 #define TPM_NUM_PCR 24 /* Use PC Client specification values */
304 #endif
305
306 #if (CHAR_BIT != 8)
307 #error "CHAR_BIT must be 8"
308 #endif
309
310 #if ((TPM_NUM_PCR % 8) != 0)
311 #error "TPM_NUM_PCR must be a multiple of 8"
312 #endif
313
314 /* 8.1 TPM_PCR_SELECTION rev 110
315
316 This structure provides a standard method of specifying a list of PCR registers.
317 */
318
319 typedef struct tdTPM_PCR_SELECTION {
320 uint16_t sizeOfSelect; /* The size in bytes of the pcrSelect structure */
321 BYTE pcrSelect[TPM_NUM_PCR/CHAR_BIT]; /* This SHALL be a bit map that indicates if a PCR
322 is active or not */
323 } TPM_PCR_SELECTION;
324
325 /* 8.2 TPM_PCR_COMPOSITE rev 97
326
327 The composite structure provides the index and value of the PCR register to be used when creating
328 the value that SEALS an entity to the composite.
329 */
330
331 typedef struct tdTPM_PCR_COMPOSITE {
332 TPM_PCR_SELECTION select; /* This SHALL be the indication of which PCR values are active */
333 #if 0
334 uint32_t valueSize; /* This SHALL be the size of the pcrValue field (not the number of
335 PCR's) */
336 TPM_PCRVALUE *pcrValue; /* This SHALL be an array of TPM_PCRVALUE structures. The values
337 come in the order specified by the select parameter and are
338 concatenated into a single blob */
339 #endif
340 TPM_SIZED_BUFFER pcrValue;
341 } TPM_PCR_COMPOSITE;
342
343 /* 8.3 TPM_PCR_INFO rev 87
344
345 The TPM_PCR_INFO structure contains the information related to the wrapping of a key or the
346 sealing of data, to a set of PCRs.
347 */
348
349 typedef struct tdTPM_PCR_INFO {
350 TPM_PCR_SELECTION pcrSelection; /* This SHALL be the selection of PCRs to which the
351 data or key is bound. */
352 TPM_COMPOSITE_HASH digestAtRelease; /* This SHALL be the digest of the PCR indices and
353 PCR values to verify when revealing Sealed Data
354 or using a key that was wrapped to PCRs. NOTE:
355 This is passed in by the host, and used as
356 authorization to use the key */
357 TPM_COMPOSITE_HASH digestAtCreation; /* This SHALL be the composite digest value of the
358 PCR values, at the time when the sealing is
359 performed. NOTE: This is generated at key
360 creation, but is just informative to the host,
361 not used for authorization */
362 } TPM_PCR_INFO;
363
364 /* 8.6 TPM_LOCALITY_SELECTION rev 87
365
366 When used with localityAtCreation only one bit is set and it corresponds to the locality of the
367 command creating the structure.
368
369 When used with localityAtRelease the bits indicate which localities CAN perform the release.
370 */
371
372 typedef BYTE TPM_LOCALITY_SELECTION;
373
374 #define TPM_LOC_FOUR 0x10 /* Locality 4 */
375 #define TPM_LOC_THREE 0x08 /* Locality 3 */
376 #define TPM_LOC_TWO 0x04 /* Locality 2 */
377 #define TPM_LOC_ONE 0x02 /* Locality 1 */
378 #define TPM_LOC_ZERO 0x01 /* Locality 0. This is the same as the legacy interface. */
379
380 #define TPM_LOC_ALL 0x1f /* kgold - added all localities */
381 #define TPM_LOC_MAX 4 /* kgold - maximum value for TPM_MODIFIER_INDICATOR */
382
383
384 /* 8.4 TPM_PCR_INFO_LONG rev 109
385
386 The TPM_PCR_INFO structure contains the information related to the wrapping of a key or the
387 sealing of data, to a set of PCRs.
388
389 The LONG version includes information necessary to properly define the configuration that creates
390 the blob using the PCR selection.
391 */
392
393 typedef struct tdTPM_PCR_INFO_LONG {
394 #ifdef TPM_USE_TAG_IN_STRUCTURE
395 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_PCR_INFO_LONG */
396 #endif
397 TPM_LOCALITY_SELECTION localityAtCreation; /* This SHALL be the locality modifier of the
398 function that creates the PCR info structure */
399 TPM_LOCALITY_SELECTION localityAtRelease; /* This SHALL be the locality modifier required to
400 reveal Sealed Data or use a key that was wrapped
401 to PCRs */
402 TPM_PCR_SELECTION creationPCRSelection; /* This SHALL be the selection of PCRs active when
403 the blob is created */
404 TPM_PCR_SELECTION releasePCRSelection; /* This SHALL be the selection of PCRs to which the
405 data or key is bound. */
406 TPM_COMPOSITE_HASH digestAtCreation; /* This SHALL be the composite digest value of the
407 PCR values, at the time when the sealing is
408 performed. */
409 TPM_COMPOSITE_HASH digestAtRelease; /* This SHALL be the digest of the PCR indices and
410 PCR values to verify when revealing Sealed Data
411 or using a key that was wrapped to PCRs. */
412 } TPM_PCR_INFO_LONG;
413
414 /* 8.5 TPM_PCR_INFO_SHORT rev 87
415
416 This structure is for defining a digest at release when the only information that is necessary is
417 the release configuration.
418 */
419
420 typedef struct tdTPM_PCR_INFO_SHORT {
421 TPM_PCR_SELECTION pcrSelection; /* This SHALL be the selection of PCRs that specifies the
422 digestAtRelease */
423 TPM_LOCALITY_SELECTION localityAtRelease; /* This SHALL be the locality modifier required to
424 release the information. This value must not be
425 zero (0). */
426 TPM_COMPOSITE_HASH digestAtRelease; /* This SHALL be the digest of the PCR indices and
427 PCR values to verify when revealing auth data */
428 } TPM_PCR_INFO_SHORT;
429
430 /* 8.8 TPM_PCR_ATTRIBUTES rev 107
431
432 These attributes are available on a per PCR basis.
433
434 The TPM is not required to maintain this structure internally to the TPM.
435
436 When a challenger evaluates a PCR an understanding of this structure is vital to the proper
437 understanding of the platform configuration. As this structure is static for all platforms of the
438 same type the structure does not need to be reported with each quote.
439 */
440
441 typedef struct tdTPM_PCR_ATTRIBUTES {
442 TPM_BOOL pcrReset; /* A value of TRUE SHALL indicate that the PCR register can be reset
443 using the TPM_PCR_RESET command. */
444 TPM_LOCALITY_SELECTION pcrExtendLocal; /* An indication of which localities can perform
445 extends on the PCR. */
446 TPM_LOCALITY_SELECTION pcrResetLocal; /* An indication of which localities can reset the
447 PCR */
448 } TPM_PCR_ATTRIBUTES;
449
450 /*
451 9. Storage Structures
452 */
453
454 /* 9.1 TPM_STORED_DATA rev 87
455
456 The definition of this structure is necessary to ensure the enforcement of security properties.
457
458 This structure is in use by the TPM_Seal and TPM_Unseal commands to identify the PCR index and
459 values that must be present to properly unseal the data.
460
461 This structure only provides 1.1 data store and uses PCR_INFO
462
463 1. This structure is created during the TPM_Seal process. The confidential data is encrypted
464 using a nonmigratable key. When the TPM_Unseal decrypts this structure the TPM_Unseal uses the
465 public information in the structure to validate the current configuration and release the
466 decrypted data
467
468 2. When sealInfoSize is not 0 sealInfo MUST be TPM_PCR_INFO
469 */
470
471 typedef struct tdTPM_STORED_DATA {
472 TPM_STRUCT_VER ver; /* This MUST be 1.1.0.0 */
473 TPM_SIZED_BUFFER sealInfo;
474 #if 0
475 uint32_t sealInfoSize; /* Size of the sealInfo parameter */
476 BYTE* sealInfo; /* This SHALL be a structure of type TPM_PCR_INFO or a 0 length
477 array if the data is not bound to PCRs. */
478 #endif
479 TPM_SIZED_BUFFER encData;
480 #if 0
481 uint32_t encDataSize; /* This SHALL be the size of the encData parameter */
482 BYTE* encData; /* This shall be an encrypted TPM_SEALED_DATA structure containing
483 the confidential part of the data. */
484 #endif
485 /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */
486 TPM_PCR_INFO *tpm_seal_info;
487 } TPM_STORED_DATA;
488
489
490 /* 9.2 TPM_STORED_DATA12 rev 101
491
492 The definition of this structure is necessary to ensure the enforcement of security properties.
493 This structure is in use by the TPM_Seal and TPM_Unseal commands to identify the PCR index and
494 values that must be present to properly unseal the data.
495
496 1. This structure is created during the TPM_Seal process. The confidential data is encrypted
497 using a nonmigratable key. When the TPM_Unseal decrypts this structure the TPM_Unseal uses the
498 public information in the structure to validate the current configuration and release the
499 decrypted data.
500
501 2. If sealInfoSize is not 0 then sealInfo MUST be TPM_PCR_INFO_LONG
502 */
503
504 typedef struct tdTPM_STORED_DATA12 {
505 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_STORED_DATA12 */
506 TPM_ENTITY_TYPE et; /* The type of blob */
507 TPM_SIZED_BUFFER sealInfo;
508 #if 0
509 uint32_t sealInfoSize; /* Size of the sealInfo parameter */
510 BYTE* sealInfo; /* This SHALL be a structure of type TPM_PCR_INFO_LONG or a 0 length
511 array if the data is not bound to PCRs. */
512 #endif
513 TPM_SIZED_BUFFER encData;
514 #if 0
515 uint32_t encDataSize; /* This SHALL be the size of the encData parameter */
516 BYTE* encData; /* This shall be an encrypted TPM_SEALED_DATA structure containing
517 the confidential part of the data. */
518 #endif
519 /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */
520 TPM_PCR_INFO_LONG *tpm_seal_info_long;
521 } TPM_STORED_DATA12;
522
523 /* 9.3 TPM_SEALED_DATA rev 87
524
525 This structure contains confidential information related to sealed data, including the data
526 itself.
527
528 1. To tie the TPM_STORED_DATA structure to the TPM_SEALED_DATA structure this structure contains
529 a digest of the containing TPM_STORED_DATA structure.
530
531 2. The digest calculation does not include the encDataSize and encData parameters.
532 */
533
534 typedef struct tdTPM_SEALED_DATA {
535 TPM_PAYLOAD_TYPE payload; /* This SHALL indicate the payload type of TPM_PT_SEAL */
536 TPM_SECRET authData; /* This SHALL be the authorization data for this value */
537 TPM_SECRET tpmProof; /* This SHALL be a copy of TPM_PERMANENT_FLAGS -> tpmProof */
538 TPM_DIGEST storedDigest; /* This SHALL be a digest of the TPM_STORED_DATA structure,
539 excluding the fields TPM_STORED_DATA -> encDataSize and
540 TPM_STORED_DATA -> encData. */
541 TPM_SIZED_BUFFER data; /* This SHALL be the data to be sealed */
542 #if 0
543 uint32_t dataSize; /* This SHALL be the size of the data parameter */
544 BYTE* data; /* This SHALL be the data to be sealed */
545 #endif
546 } TPM_SEALED_DATA;
547
548
549 /* 9.4 TPM_SYMMETRIC_KEY rev 87
550
551 This structure describes a symmetric key, used during the process "Collating a Request for a
552 Trusted Platform Module Identity".
553 */
554
555 typedef struct tdTPM_SYMMETRIC_KEY {
556 TPM_ALGORITHM_ID algId; /* This SHALL be the algorithm identifier of the symmetric key. */
557 TPM_ENC_SCHEME encScheme; /* This SHALL fully identify the manner in which the key will be
558 used for encryption operations. */
559 uint16_t size; /* This SHALL be the size of the data parameter in bytes */
560 BYTE* data; /* This SHALL be the symmetric key data */
561 /* NOTE Cannot make this a TPM_SIZED_BUFFER because uint16_t */
562 } TPM_SYMMETRIC_KEY;
563
564 /* 9.5 TPM_BOUND_DATA rev 87
565
566 This structure is defined because it is used by a TPM_UnBind command in a consistency check.
567
568 The intent of TCG is to promote "best practice" heuristics for the use of keys: a signing key
569 shouldn't be used for storage, and so on. These heuristics are used because of the potential
570 threats that arise when the same key is used in different ways. The heuristics minimize the
571 number of ways in which a given key can be used.
572
573 One such heuristic is that a key of type TPM_KEY_BIND, and no other type of key, should always be
574 used to create the blob that is unwrapped by TPM_UnBind. Binding is not a TPM function, so the
575 only choice is to perform a check for the correct payload type when a blob is unwrapped by a key
576 of type TPM_KEY_BIND. This requires the blob to have internal structure.
577
578 Even though payloadData has variable size, TPM_BOUND_DATA deliberately does not include the size
579 of payloadData. This is to maximise the size of payloadData that can be encrypted when
580 TPM_BOUND_DATA is encrypted in a single block. When using TPM-UnBind to obtain payloadData, the
581 size of payloadData is deduced as a natural result of the (RSA) decryption process.
582
583 1. This structure MUST be used for creating data when (wrapping with a key of type TPM_KEY_BIND)
584 or (wrapping using the encryption algorithm TPM_ES_RSAESOAEP_SHA1_MGF1). If it is not, the
585 TPM_UnBind command will fail.
586 */
587
588 typedef struct tdTPM_BOUND_DATA {
589 TPM_STRUCT_VER ver; /* This MUST be 1.1.0.0 */
590 TPM_PAYLOAD_TYPE payload; /* This SHALL be the value TPM_PT_BIND */
591 uint32_t payloadDataSize; /* NOTE: added, not part of serialization */
592 BYTE *payloadData; /* The bound data */
593 } TPM_BOUND_DATA;
594
595 /*
596 10. TPM_KEY Complex
597 */
598
599 /* 10.1.1 TPM_RSA_KEY_PARMS rev 87
600
601 This structure describes the parameters of an RSA key.
602 */
603
604 /* TPM_RSA_KEY_LENGTH_MAX restricts the maximum size of an RSA key. It has two uses:
605 - bounds the size of the TPM state
606 - protects against a denial of service attack where the attacker creates a very large key
607 */
608
609 #ifdef TPM_RSA_KEY_LENGTH_MAX /* if the builder defines a value */
610 #if ((TPM_RSA_KEY_LENGTH_MAX % 16) != 0)
611 #error "TPM_RSA_KEY_LENGTH_MAX must be a multiple of 16"
612 #endif
613 #if (TPM_RSA_KEY_LENGTH_MAX < 2048)
614 #error "TPM_RSA_KEY_LENGTH_MAX must be at least 2048"
615 #endif
616 #endif /* TPM_RSA_KEY_LENGTH_MAX */
617
618 #ifndef TPM_RSA_KEY_LENGTH_MAX /* default if the builder does not define a value */
619 #define TPM_RSA_KEY_LENGTH_MAX 2048
620 #endif
621
622 typedef struct tdTPM_RSA_KEY_PARMS {
623 uint32_t keyLength; /* This specifies the size of the RSA key in bits */
624 uint32_t numPrimes; /* This specifies the number of prime factors used by this RSA key. */
625 #if 0
626 uint32_t exponentSize; /* This SHALL be the size of the exponent. If the key is using the
627 default exponent then the exponentSize MUST be 0. */
628 BYTE *exponent; /* The public exponent of this key */
629 #endif
630 TPM_SIZED_BUFFER exponent; /* The public exponent of this key */
631
632 } TPM_RSA_KEY_PARMS;
633
634
635 /* 10.1 TPM_KEY_PARMS rev 87
636
637 This provides a standard mechanism to define the parameters used to generate a key pair, and to
638 store the parts of a key shared between the public and private key parts.
639 */
640
641 typedef struct tdTPM_KEY_PARMS {
642 TPM_ALGORITHM_ID algorithmID; /* This SHALL be the key algorithm in use */
643 TPM_ENC_SCHEME encScheme; /* This SHALL be the encryption scheme that the key uses to encrypt
644 information */
645 TPM_SIG_SCHEME sigScheme; /* This SHALL be the signature scheme that the key uses to perform
646 digital signatures */
647 #if 0
648 uint32_t parmSize; /* This SHALL be the size of the parms field in bytes */
649 BYTE* parms; /* This SHALL be the parameter information dependent upon the key
650 algorithm. */
651 #endif
652 TPM_SIZED_BUFFER parms; /* This SHALL be the parameter information dependent upon the key
653 algorithm. */
654 /* NOTE: kgold - Added this structure. It acts as a cache of the result of parms and parmSize
655 deserialization when non-NULL. */
656 TPM_RSA_KEY_PARMS *tpm_rsa_key_parms;
657 } TPM_KEY_PARMS;
658
659 /* 10.1.2 TPM_SYMMETRIC_KEY_PARMS rev 87
660
661 This structure describes the parameters for symmetric algorithms
662 */
663
664 typedef struct tdTPM_SYMMETRIC_KEY_PARMS {
665 uint32_t keyLength; /* This SHALL indicate the length of the key in bits */
666 uint32_t blockSize; /* This SHALL indicate the block size of the algorithm*/
667 uint32_t ivSize; /* This SHALL indicate the size of the IV */
668 BYTE *IV; /* The initialization vector */
669 } TPM_SYMMETRIC_KEY_PARMS;
670
671 #if 0
672 /* 10.4 TPM_STORE_PUBKEY rev 99
673
674 This structure can be used in conjunction with a corresponding TPM_KEY_PARMS to construct a
675 public key which can be unambiguously used.
676 */
677
678 typedef struct tdTPM_STORE_PUBKEY {
679 uint32_t keyLength; /* This SHALL be the length of the key field. */
680 BYTE *key; /* This SHALL be a structure interpreted according to the algorithm Id in
681 the corresponding TPM_KEY_PARMS structure. */
682 } TPM_STORE_PUBKEY;
683 #endif
684
685 /* 10.7 TPM_STORE_PRIVKEY rev 87
686
687 This structure can be used in conjunction with a corresponding TPM_PUBKEY to construct a private
688 key which can be unambiguously used.
689 */
690
691 #if 0
692 typedef struct tdTPM_STORE_PRIVKEY {
693 uint32_t keyLength; /* This SHALL be the length of the key field. */
694 BYTE* key; /* This SHALL be a structure interpreted according to the algorithm Id in
695 the corresponding TPM_KEY structure. */
696 } TPM_STORE_PRIVKEY;
697 #endif
698
699 /* NOTE: Hard coded for RSA keys. This will change if other algorithms are supported */
700
701 typedef struct tdTPM_STORE_PRIVKEY {
702 TPM_SIZED_BUFFER d_key; /* private key */
703 TPM_SIZED_BUFFER p_key; /* private prime factor */
704 TPM_SIZED_BUFFER q_key; /* private prime factor */
705 } TPM_STORE_PRIVKEY;
706
707 /* 10.6 TPM_STORE_ASYMKEY rev 87
708
709 The TPM_STORE_ASYMKEY structure provides the area to identify the confidential information
710 related to a key. This will include the private key factors for an asymmetric key.
711
712 The structure is designed so that encryption of a TPM_STORE_ASYMKEY structure containing a 2048
713 bit RSA key can be done in one operation if the encrypting key is 2048 bits.
714
715 Using typical RSA notation the structure would include P, and when loading the key include the
716 unencrypted P*Q which would be used to recover the Q value.
717
718 To accommodate the future use of multiple prime RSA keys the specification of additional prime
719 factors is an optional capability.
720
721 This structure provides the basis of defining the protection of the private key. Changes in this
722 structure MUST be reflected in the TPM_MIGRATE_ASYMKEY structure (section 10.8).
723 */
724
725 typedef struct tdTPM_STORE_ASYMKEY {
726 TPM_PAYLOAD_TYPE payload; /* This SHALL set to TPM_PT_ASYM to indicate an asymmetric
727 key. If used in TPM_CMK_ConvertMigration the value SHALL
728 be TPM_PT_MIGRATE_EXTERNAL. If used in TPM_CMK_CreateKey
729 the value SHALL be TPM_PT_MIGRATE_RESTRICTED */
730 TPM_SECRET usageAuth; /* This SHALL be the authorization data necessary to
731 authorize the use of this value */
732 TPM_SECRET migrationAuth; /* This SHALL be the migration authorization data for a
733 migratable key, or the TPM secret value tpmProof for a
734 non-migratable key created by the TPM.
735
736 If the TPM sets this parameter to the value tpmProof,
737 then the TPM_KEY.keyFlags.migratable of the corresponding
738 TPM_KEY structure MUST be set to 0.
739
740 If this parameter is set to the migration authorization
741 data for the key in parameter PrivKey, then the
742 TPM_KEY.keyFlags.migratable of the corresponding TPM_KEY
743 structure SHOULD be set to 1. */
744 TPM_DIGEST pubDataDigest; /* This SHALL be the digest of the corresponding TPM_KEY
745 structure, excluding the fields TPM_KEY.encSize and
746 TPM_KEY.encData.
747
748 When TPM_KEY -> pcrInfoSize is 0 then the digest
749 calculation has no input from the pcrInfo field. The
750 pcrInfoSize field MUST always be part of the digest
751 calculation.
752 */
753 TPM_STORE_PRIVKEY privKey; /* This SHALL be the private key data. The privKey can be a
754 variable length which allows for differences in the key
755 format. The maximum size of the area would be 151
756 bytes. */
757 } TPM_STORE_ASYMKEY;
758
759 /* 10.8 TPM_MIGRATE_ASYMKEY rev 87
760
761 The TPM_MIGRATE_ASYMKEY structure provides the area to identify the private key factors of a
762 asymmetric key while the key is migrating between TPM's.
763
764 This structure provides the basis of defining the protection of the private key.
765
766 k1k2 - 132 privkey.key (128 + 4)
767 k1 - 20, OAEP seed
768 k2 - 112, partPrivKey
769 TPM_STORE_PRIVKEY 4 partPrivKey.keyLength
770 108 partPrivKey.key (128 - 20)
771 */
772
773 typedef struct tdTPM_MIGRATE_ASYMKEY {
774 TPM_PAYLOAD_TYPE payload; /* This SHALL set to TPM_PT_MIGRATE or TPM_PT_CMK_MIGRATE to
775 indicate an migrating asymmetric key or TPM_PT_MAINT to indicate
776 a maintenance key. */
777 TPM_SECRET usageAuth; /* This SHALL be a copy of the usageAuth from the TPM_STORE_ASYMKEY
778 structure. */
779 TPM_DIGEST pubDataDigest; /* This SHALL be a copy of the pubDataDigest from the
780 TPM_STORE_ASYMKEY structure. */
781 #if 0
782 uint32_t partPrivKeyLen; /* This SHALL be the size of the partPrivKey field */
783 BYTE *partPrivKey; /* This SHALL be the k2 area as described in TPM_CreateMigrationBlob
784 */
785 #endif
786 TPM_SIZED_BUFFER partPrivKey;
787 } TPM_MIGRATE_ASYMKEY;
788
789 /* 10.2 TPM_KEY rev 87
790
791 The TPM_KEY structure provides a mechanism to transport the entire asymmetric key pair. The
792 private portion of the key is always encrypted.
793
794 The reason for using a size and pointer for the PCR info structure is save space when the key is
795 not bound to a PCR. The only time the information for the PCR is kept with the key is when the
796 key needs PCR info.
797
798 The 1.2 version has a change in the PCRInfo area. For 1.2 the structure uses the
799 TPM_PCR_INFO_LONG structure to properly define the PCR registers in use.
800 */
801
802 typedef struct tdTPM_KEY {
803 TPM_STRUCT_VER ver; /* This MUST be 1.1.0.0 */
804 TPM_KEY_USAGE keyUsage; /* This SHALL be the TPM key usage that determines the operations
805 permitted with this key */
806 TPM_KEY_FLAGS keyFlags; /* This SHALL be the indication of migration, redirection etc.*/
807 TPM_AUTH_DATA_USAGE authDataUsage; /* This SHALL Indicate the conditions where it is required
808 that authorization be presented.*/
809 TPM_KEY_PARMS algorithmParms; /* This SHALL be the information regarding the algorithm for
810 this key*/
811 #if 0
812 uint32_t PCRInfoSize; /* This SHALL be the length of the pcrInfo parameter. If the key is
813 not bound to a PCR this value SHOULD be 0.*/
814 BYTE* PCRInfo; /* This SHALL be a structure of type TPM_PCR_INFO, or an empty array
815 if the key is not bound to PCRs.*/
816 TPM_STORE_PUBKEY pubKey; /* This SHALL be the public portion of the key */
817 uint32_t encDataSize; /* This SHALL be the size of the encData parameter. */
818 BYTE* encData; /* This SHALL be an encrypted TPM_STORE_ASYMKEY structure or
819 TPM_MIGRATE_ASYMKEY structure */
820 #endif
821 TPM_SIZED_BUFFER pcrInfo;
822 TPM_SIZED_BUFFER pubKey;
823 TPM_SIZED_BUFFER encData;
824 /* This SHALL be an encrypted TPM_STORE_ASYMKEY structure or TPM_MIGRATE_ASYMKEY structure */
825 /* NOTE: kgold - Added these structures, a cache of PCRInfo when not NULL */
826 TPM_PCR_INFO *tpm_pcr_info; /* for TPM_KEY */
827 TPM_PCR_INFO_LONG *tpm_pcr_info_long; /* for TPM_KEY12 */
828 /* NOTE: kgold - Added these structures. They act as a cache of the result of encData
829 decryption when non-NULL. In the case of internal keys (e.g. SRK) there is no encData, so
830 these structures are always non-NULL. */
831 TPM_STORE_ASYMKEY *tpm_store_asymkey;
832 TPM_MIGRATE_ASYMKEY *tpm_migrate_asymkey;
833 } TPM_KEY;
834
835 /* 10.3 TPM_KEY12 rev 87
836
837 This provides the same functionality as TPM_KEY but uses the new PCR_INFO_LONG structures and the
838 new structure tagging. In all other aspects this is the same structure.
839 */
840
841 /* NOTE: The TPM_KEY12 structure is never instantiated. It is just needed for the cast of TPM_KEY
842 to get the TPM_KEY12->tag member. */
843
844 typedef struct tdTPM_KEY12 {
845 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_KEY12 */
846 uint16_t fill; /* MUST be 0x0000 */
847 TPM_KEY_USAGE keyUsage; /* This SHALL be the TPM key usage that determines the operations
848 permitted with this key */
849 TPM_KEY_FLAGS keyFlags; /* This SHALL be the indication of migration, redirection etc. */
850 TPM_AUTH_DATA_USAGE authDataUsage; /* This SHALL Indicate the conditions where it is required
851 that authorization be presented. */
852 TPM_KEY_PARMS algorithmParms; /* This SHALL be the information regarding the algorithm for
853 this key */
854 #if 0
855 uint32_t PCRInfoSize; /* This SHALL be the length of the pcrInfo parameter. If the key is
856 not bound to a PCR this value SHOULD be 0. */
857 BYTE* PCRInfo; /* This SHALL be a structure of type TPM_PCR_INFO_LONG, or an empty
858 array if the key is not bound to PCRs. */
859 TPM_STORE_PUBKEY pubKey; /* This SHALL be the public portion of the key */
860 uint32_t encDataSize; /* This SHALL be the size of the encData parameter. */
861 BYTE* encData; /* This SHALL be an encrypted TPM_STORE_ASYMKEY structure
862 TPM_MIGRATE_ASYMKEY structure */
863 #endif
864 TPM_SIZED_BUFFER pcrInfo;
865 TPM_SIZED_BUFFER pubKey;
866 TPM_SIZED_BUFFER encData;
867 } TPM_KEY12;
868
869
870 /* 10.5 TPM_PUBKEY rev 99
871
872 The TPM_PUBKEY structure contains the public portion of an asymmetric key pair. It contains all
873 the information necessary for its unambiguous usage. It is possible to construct this structure
874 from a TPM_KEY, using the algorithmParms and pubKey fields.
875
876 The pubKey member of this structure shall contain the public key for a specific algorithm.
877 */
878
879 typedef struct tdTPM_PUBKEY {
880 TPM_KEY_PARMS algorithmParms; /* This SHALL be the information regarding this key */
881 #if 0
882 TPM_STORE_PUBKEY pubKey; /* This SHALL be the public key information */
883 #endif
884 TPM_SIZED_BUFFER pubKey;
885 } TPM_PUBKEY;
886
887 /* 5.b. The TPM must support a minimum of 2 key slots. */
888
889 #ifdef TPM_KEY_HANDLES
890 #if (TPM_KEY_HANDLES < 2)
891 #error "TPM_KEY_HANDLES minimum is 2"
892 #endif
893 #endif
894
895 /* Set the default to 3 so that there can be one owner evict key */
896
897 #ifndef TPM_KEY_HANDLES
898 #define TPM_KEY_HANDLES 3 /* entries in global TPM_KEY_HANDLE_ENTRY array */
899 #endif
900
901 /* TPM_GetCapability uses a uint_16 for the number of key slots */
902
903 #if (TPM_KEY_HANDLES > 0xffff)
904 #error "TPM_KEY_HANDLES must be less than 0x10000"
905 #endif
906
907 /* The TPM does not have to support any minimum number of owner evict keys. Adjust this value to
908 match the amount of NV space available. An owner evict key consumes about 512 bytes.
909
910 A value greater than (TPM_KEY_HANDLES - 2) is useless, as the TPM reserves 2 key slots for
911 non-owner evict keys to avoid blocking.
912 */
913
914 #ifndef TPM_OWNER_EVICT_KEY_HANDLES
915 #define TPM_OWNER_EVICT_KEY_HANDLES 1
916 #endif
917
918 #if (TPM_OWNER_EVICT_KEY_HANDLES > (TPM_KEY_HANDLES - 2))
919 #error "TPM_OWNER_EVICT_KEY_HANDLES too large for TPM_KEY_HANDLES"
920 #endif
921
922 /* This is the version used by the TPM implementation. It is part of the global TPM state */
923
924 /* kgold: Added TPM_KEY member. There needs to be a mapping between a key handle
925 and the pointer to TPM_KEY objects, and this seems to be the right place for it. */
926
927 typedef struct tdTPM_KEY_HANDLE_ENTRY {
928 TPM_KEY_HANDLE handle; /* Handles for a key currently loaded in the TPM */
929 TPM_KEY *key; /* Pointer to the key object */
930 TPM_BOOL parentPCRStatus; /* TRUE if parent of this key uses PCR's */
931 TPM_KEY_CONTROL keyControl; /* Attributes that can control various aspects of key usage and
932 manipulation. */
933 } TPM_KEY_HANDLE_ENTRY;
934
935 /* 5.12 TPM_MIGRATIONKEYAUTH rev 87
936
937 This structure provides the proof that the associated public key has TPM Owner authorization to
938 be a migration key.
939 */
940
941 typedef struct tdTPM_MIGRATIONKEYAUTH {
942 TPM_PUBKEY migrationKey; /* This SHALL be the public key of the migration facility */
943 TPM_MIGRATE_SCHEME migrationScheme; /* This shall be the type of migration operation.*/
944 TPM_DIGEST digest; /* This SHALL be the digest value of the concatenation of
945 migration key, migration scheme and tpmProof */
946 } TPM_MIGRATIONKEYAUTH;
947
948 /* 5.13 TPM_COUNTER_VALUE rev 87
949
950 This structure returns the counter value. For interoperability, the value size should be 4 bytes.
951 */
952
953 #define TPM_COUNTER_LABEL_SIZE 4
954 #define TPM_COUNT_ID_NULL 0xffffffff /* unused value TPM_CAP_PROP_ACTIVE_COUNTER expects this
955 value if no counter is active */
956 #define TPM_COUNT_ID_ILLEGAL 0xfffffffe /* after releasing an active counter */
957
958 typedef struct tdTPM_COUNTER_VALUE {
959 #ifdef TPM_USE_TAG_IN_STRUCTURE
960 TPM_STRUCTURE_TAG tag; /* TPM_TAG_COUNTER_VALUE */
961 #endif
962 BYTE label[TPM_COUNTER_LABEL_SIZE]; /* The label for the counter */
963 TPM_ACTUAL_COUNT counter; /* The 32-bit counter value. */
964 /* NOTE: Added. TPMWG email says the specification structure is the public part, but these are
965 vendor specific private members. */
966 TPM_SECRET authData; /* Authorization secret for counter */
967 TPM_BOOL valid;
968 TPM_DIGEST digest; /* for OSAP comparison */
969 } TPM_COUNTER_VALUE;
970
971 /* 5.14 TPM_SIGN_INFO Structure rev 102
972
973 This is an addition in 1.2 and is the structure signed for certain commands (e.g.,
974 TPM_ReleaseTransportSigned). Some commands have a structure specific to that command (e.g.,
975 TPM_Quote uses TPM_QUOTE_INFO) and do not use TPM_SIGN_INFO.
976
977 TPM_Sign uses this structure when the signature scheme is TPM_SS_RSASSAPKCS1v15_INFO.
978 */
979
980 #define TPM_SIGN_INFO_FIXED_SIZE 4
981
982 typedef struct tdTPM_SIGN_INFO {
983 #ifdef TPM_USE_TAG_IN_STRUCTURE
984 TPM_STRUCTURE_TAG tag; /* TPM_TAG_SIGNINFO */
985 #endif
986 BYTE fixed[TPM_SIGN_INFO_FIXED_SIZE]; /* The ASCII text that identifies what function was
987 performing the signing operation*/
988 TPM_NONCE replay; /* Nonce provided by caller to prevent replay attacks */
989 #if 0
990 uint32_t dataLen; /* The length of the data area */
991 BYTE* data; /* The data that is being signed */
992 #endif
993 TPM_SIZED_BUFFER data; /* The data that is being signed */
994 } TPM_SIGN_INFO;
995
996 /* 5.15 TPM_MSA_COMPOSITE Structure rev 87
997
998 TPM_MSA_COMPOSITE contains an arbitrary number of digests of public keys belonging to Migration
999 Authorities. An instance of TPM_MSA_COMPOSITE is incorporated into the migrationAuth value of a
1000 certified-migration-key (CMK), and any of the Migration Authorities specified in that instance is
1001 able to approve the migration of that certified-migration-key.
1002
1003 TPMs MUST support TPM_MSA_COMPOSITE structures with MSAlist of four (4) or less, and MAY support
1004 larger values of MSAlist.
1005 */
1006
1007 typedef struct tdTPM_MSA_COMPOSITE {
1008 uint32_t MSAlist; /* The number of migAuthDigests. MSAlist MUST be one (1) or
1009 greater. */
1010 TPM_DIGEST *migAuthDigest; /* An arbitrary number of digests of public keys belonging
1011 to Migration Authorities. */
1012 } TPM_MSA_COMPOSITE;
1013
1014 /* 5.16 TPM_CMK_AUTH
1015
1016 The signed digest of TPM_CMK_AUTH is a ticket to prove that the entity with public key
1017 "migrationAuthority" has approved the public key "destination Key" as a migration destination for
1018 the key with public key "sourceKey".
1019
1020 Normally the digest of TPM_CMK_AUTH is signed by the private key corresponding to
1021 "migrationAuthority".
1022
1023 To reduce data size, TPM_CMK_AUTH contains just the digests of "migrationAuthority",
1024 "destinationKey" and "sourceKey".
1025 */
1026
1027 typedef struct tdTPM_CMK_AUTH {
1028 TPM_DIGEST migrationAuthorityDigest; /* The digest of the public key of a Migration
1029 Authority */
1030 TPM_DIGEST destinationKeyDigest; /* The digest of a TPM_PUBKEY structure that is an
1031 approved destination key for the private key
1032 associated with "sourceKey"*/
1033 TPM_DIGEST sourceKeyDigest; /* The digest of a TPM_PUBKEY structure whose
1034 corresponding private key is approved by the
1035 Migration Authority to be migrated as a child to
1036 the destinationKey. */
1037 } TPM_CMK_AUTH;
1038
1039 /* 5.18 TPM_SELECT_SIZE rev 87
1040
1041 This structure provides the indication for the version and sizeOfSelect structure in GetCapability
1042 */
1043
1044 typedef struct tdTPM_SELECT_SIZE {
1045 BYTE major; /* This SHALL indicate the major version of the TPM. This MUST be 0x01 */
1046 BYTE minor; /* This SHALL indicate the minor version of the TPM. This MAY be 0x01 or
1047 0x02 */
1048 uint16_t reqSize; /* This SHALL indicate the value for a sizeOfSelect field in the
1049 TPM_SELECTION structure */
1050 } TPM_SELECT_SIZE;
1051
1052 /* 5.19 TPM_CMK_MIGAUTH rev 89
1053
1054 Structure to keep track of the CMK migration authorization
1055 */
1056
1057 typedef struct tdTPM_CMK_MIGAUTH {
1058 #ifdef TPM_USE_TAG_IN_STRUCTURE
1059 TPM_STRUCTURE_TAG tag; /* Set to TPM_TAG_CMK_MIGAUTH */
1060 #endif
1061 TPM_DIGEST msaDigest; /* The digest of a TPM_MSA_COMPOSITE structure containing the
1062 migration authority public key and parameters. */
1063 TPM_DIGEST pubKeyDigest; /* The hash of the associated public key */
1064 } TPM_CMK_MIGAUTH;
1065
1066 /* 5.20 TPM_CMK_SIGTICKET rev 87
1067
1068 Structure to keep track of the CMK migration authorization
1069 */
1070
1071 typedef struct tdTPM_CMK_SIGTICKET {
1072 #ifdef TPM_USE_TAG_IN_STRUCTURE
1073 TPM_STRUCTURE_TAG tag; /* Set to TPM_TAG_CMK_SIGTICKET */
1074 #endif
1075 TPM_DIGEST verKeyDigest; /* The hash of a TPM_PUBKEY structure containing the public key and
1076 parameters of the key that can verify the ticket */
1077 TPM_DIGEST signedData; /* The ticket data */
1078 } TPM_CMK_SIGTICKET;
1079
1080 /* 5.21 TPM_CMK_MA_APPROVAL rev 87
1081
1082 Structure to keep track of the CMK migration authorization
1083 */
1084
1085 typedef struct tdTPM_CMK_MA_APPROVAL {
1086 #ifdef TPM_USE_TAG_IN_STRUCTURE
1087 TPM_STRUCTURE_TAG tag; /* Set to TPM_TAG_CMK_MA_APPROVAL */
1088 #endif
1089 TPM_DIGEST migrationAuthorityDigest; /* The hash of a TPM_MSA_COMPOSITE structure
1090 containing the hash of one or more migration
1091 authority public keys and parameters. */
1092 } TPM_CMK_MA_APPROVAL;
1093
1094 /* 20.2 Delegate Definitions rev 101
1095
1096 The delegations are in a 64-bit field. Each bit describes a capability that the TPM Owner can
1097 delegate to a trusted process by setting that bit. Each delegation bit setting is independent of
1098 any other delegation bit setting in a row.
1099
1100 If a TPM command is not listed in the following table, then the TPM Owner cannot delegate that
1101 capability to a trusted process. For the TPM commands that are listed in the following table, if
1102 the bit associated with a TPM command is set to zero in the row of the table that identifies a
1103 trusted process, then that process has not been delegated to use that TPM command.
1104
1105 The minimum granularity for delegation is at the ordinal level. It is not possible to delegate an
1106 option of an ordinal. This implies that if the options present a difficulty and there is a need
1107 to separate the delegations then there needs to be a split into two separate ordinals.
1108 */
1109
1110 #define TPM_DEL_OWNER_BITS 0x00000001
1111 #define TPM_DEL_KEY_BITS 0x00000002
1112
1113 typedef struct tdTPM_DELEGATIONS {
1114 #ifdef TPM_USE_TAG_IN_STRUCTURE
1115 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_DELEGATIONS */
1116 #endif
1117 uint32_t delegateType; /* Owner or key */
1118 uint32_t per1; /* The first block of permissions */
1119 uint32_t per2; /* The second block of permissions */
1120 } TPM_DELEGATIONS;
1121
1122 /* 20.4 TPM_FAMILY_LABEL rev 85
1123
1124 Used in the family table to hold a one-byte numeric value (sequence number) that software can map
1125 to a string of bytes that can be displayed or used by applications.
1126
1127 This is not sensitive data.
1128 */
1129
1130 #if 0
1131 typedef struct tdTPM_FAMILY_LABEL {
1132 BYTE label; /* A sequence number that software can map to a string of bytes that can be
1133 displayed or used by the applications. This MUST not contain sensitive
1134 information. */
1135 } TPM_FAMILY_LABEL;
1136 #endif
1137
1138 typedef BYTE TPM_FAMILY_LABEL; /* NOTE: No need for a structure here */
1139
1140 /* 20.5 TPM_FAMILY_TABLE_ENTRY rev 101
1141
1142 The family table entry is an individual row in the family table. There are no sensitive values in
1143 a family table entry.
1144
1145 Each family table entry contains values to facilitate table management: the familyID sequence
1146 number value that associates a family table row with one or more delegate table rows, a
1147 verification sequence number value that identifies when rows in the delegate table were last
1148 verified, and BYTE family label value that software can map to an ASCII text description of the
1149 entity using the family table entry
1150 */
1151
1152 typedef struct tdTPM_FAMILY_TABLE_ENTRY {
1153 #ifdef TPM_USE_TAG_IN_STRUCTURE
1154 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_FAMILY_TABLE_ENTRY */
1155 #endif
1156 TPM_FAMILY_LABEL familyLabel; /* A sequence number that software can map to a string of
1157 bytes that can be displayed of used by the applications.
1158 This MUST not contain sensitive information. */
1159 TPM_FAMILY_ID familyID; /* The family ID in use to tie values together. This is not
1160 a sensitive value. */
1161 TPM_FAMILY_VERIFICATION verificationCount; /* The value inserted into delegation rows to
1162 indicate that they are the current generation of
1163 rows. Used to identify when a row in the delegate
1164 table was last verified. This is not a sensitive
1165 value. */
1166 TPM_FAMILY_FLAGS flags; /* See section on TPM_FAMILY_FLAGS. */
1167 /* NOTE Added */
1168 TPM_BOOL valid;
1169 } TPM_FAMILY_TABLE_ENTRY;
1170
1171 /* 20.6 TPM_FAMILY_TABLE rev 87
1172
1173 The family table is stored in a TPM shielded location. There are no confidential values in the
1174 family table. The family table contains a minimum of 8 rows.
1175 */
1176
1177 #ifdef TPM_NUM_FAMILY_TABLE_ENTRY_MIN
1178 #if (TPM_NUM_FAMILY_TABLE_ENTRY_MIN < 8)
1179 #error "TPM_NUM_FAMILY_TABLE_ENTRY_MIN minimum is 8"
1180 #endif
1181 #endif
1182
1183 #ifndef TPM_NUM_FAMILY_TABLE_ENTRY_MIN
1184 #define TPM_NUM_FAMILY_TABLE_ENTRY_MIN 8
1185 #endif
1186
1187 typedef struct tdTPM_FAMILY_TABLE {
1188 TPM_FAMILY_TABLE_ENTRY famTableRow[TPM_NUM_FAMILY_TABLE_ENTRY_MIN];
1189 } TPM_FAMILY_TABLE;
1190
1191 /* 20.7 TPM_DELEGATE_LABEL rev 87
1192
1193 Used in both the delegate table and the family table to hold a string of bytes that can be
1194 displayed or used by applications. This is not sensitive data.
1195 */
1196
1197 #if 0
1198 typedef struct tdTPM_DELEGATE_LABEL {
1199 BYTE label; /* A byte that can be displayed or used by the applications. This MUST not
1200 contain sensitive information. */
1201 } TPM_DELEGATE_LABEL;
1202 #endif
1203
1204 typedef BYTE TPM_DELEGATE_LABEL; /* NOTE: No need for structure */
1205
1206 /* 20.8 TPM_DELEGATE_PUBLIC rev 101
1207
1208 The information of a delegate row that is public and does not have any sensitive information.
1209
1210 PCR_INFO_SHORT is appropriate here as the command to create this is done using owner
1211 authorization, hence the owner authorized the command and the delegation. There is no need to
1212 validate what configuration was controlling the platform during the blob creation.
1213 */
1214
1215 typedef struct tdTPM_DELEGATE_PUBLIC {
1216 #ifdef TPM_USE_TAG_IN_STRUCTURE
1217 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_DELEGATE_PUBLIC */
1218 #endif
1219 TPM_DELEGATE_LABEL rowLabel; /* This SHALL be the label for the row. It
1220 MUST not contain any sensitive information. */
1221 TPM_PCR_INFO_SHORT pcrInfo; /* This SHALL be the designation of the process that can use
1222 the permission. This is a not sensitive
1223 value. PCR_SELECTION may be NULL.
1224
1225 If selected the pcrInfo MUST be checked on each use of
1226 the delegation. Use of the delegation is where the
1227 delegation is passed as an authorization handle. */
1228 TPM_DELEGATIONS permissions; /* This SHALL be the permissions that are allowed to the
1229 indicated process. This is not a sensitive value. */
1230 TPM_FAMILY_ID familyID; /* This SHALL be the family ID that identifies which family
1231 the row belongs to. This is not a sensitive value. */
1232 TPM_FAMILY_VERIFICATION verificationCount; /* A copy of verificationCount from the associated
1233 family table. This is not a sensitive value. */
1234 } TPM_DELEGATE_PUBLIC;
1235
1236
1237 /* 20.9 TPM_DELEGATE_TABLE_ROW rev 101
1238
1239 A row of the delegate table.
1240 */
1241
1242 typedef struct tdTPM_DELEGATE_TABLE_ROW {
1243 #ifdef TPM_USE_TAG_IN_STRUCTURE
1244 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_DELEGATE_TABLE_ROW */
1245 #endif
1246 TPM_DELEGATE_PUBLIC pub; /* This SHALL be the public information for a table row. */
1247 TPM_SECRET authValue; /* This SHALL be the authorization value that can use the
1248 permissions. This is a sensitive value. */
1249 /* NOTE Added */
1250 TPM_BOOL valid;
1251 } TPM_DELEGATE_TABLE_ROW;
1252
1253 /* 20.10 TPM_DELEGATE_TABLE rev 87
1254
1255 This is the delegate table. The table contains a minimum of 2 rows.
1256
1257 This will be an entry in the TPM_PERMANENT_DATA structure.
1258 */
1259
1260 #ifdef TPM_NUM_DELEGATE_TABLE_ENTRY_MIN
1261 #if (TPM_NUM_DELEGATE_TABLE_ENTRY_MIN < 2)
1262 #error "TPM_NUM_DELEGATE_TABLE_ENTRY_MIN minimum is 2"
1263 #endif
1264 #endif
1265
1266 #ifndef TPM_NUM_DELEGATE_TABLE_ENTRY_MIN
1267 #define TPM_NUM_DELEGATE_TABLE_ENTRY_MIN 2
1268 #endif
1269
1270
1271 typedef struct tdTPM_DELEGATE_TABLE {
1272 TPM_DELEGATE_TABLE_ROW delRow[TPM_NUM_DELEGATE_TABLE_ENTRY_MIN]; /* The array of delegations */
1273 } TPM_DELEGATE_TABLE;
1274
1275 /* 20.11 TPM_DELEGATE_SENSITIVE rev 115
1276
1277 The TPM_DELEGATE_SENSITIVE structure is the area of a delegate blob that contains sensitive
1278 information.
1279
1280 This structure is normative for loading unencrypted blobs before there is an owner. It is
1281 informative for TPM_CreateOwnerDelegation and TPM_LoadOwnerDelegation after there is an owner and
1282 encrypted blobs are used, since the structure is under complete control of the TPM.
1283 */
1284
1285 typedef struct tdTPM_DELEGATE_SENSITIVE {
1286 #ifdef TPM_USE_TAG_IN_STRUCTURE
1287 TPM_STRUCTURE_TAG tag; /* This MUST be TPM_TAG_DELEGATE_SENSITIVE */
1288 #endif
1289 TPM_SECRET authValue; /* AuthData value */
1290 } TPM_DELEGATE_SENSITIVE;
1291
1292 /* 20.12 TPM_DELEGATE_OWNER_BLOB rev 87
1293
1294 This data structure contains all the information necessary to externally store a set of owner
1295 delegation rights that can subsequently be loaded or used by this TPM.
1296
1297 The encryption mechanism for the sensitive area is a TPM choice. The TPM may use asymmetric
1298 encryption and the SRK for the key. The TPM may use symmetric encryption and a secret key known
1299 only to the TPM.
1300 */
1301
1302 typedef struct tdTPM_DELEGATE_OWNER_BLOB {
1303 #ifdef TPM_USE_TAG_IN_STRUCTURE
1304 TPM_STRUCTURE_TAG tag; /* This MUST be TPM_TAG_DELG_OWNER_BLOB */
1305 #endif
1306 TPM_DELEGATE_PUBLIC pub; /* The public information for this blob */
1307 TPM_DIGEST integrityDigest; /* The HMAC to guarantee the integrity of the entire structure */
1308 TPM_SIZED_BUFFER additionalArea; /* An area that the TPM can add to the blob which MUST NOT
1309 contain any sensitive information. This would include any
1310 IV material for symmetric encryption */
1311 TPM_SIZED_BUFFER sensitiveArea; /* The area that contains the encrypted
1312 TPM_DELEGATE_SENSITIVE */
1313 } TPM_DELEGATE_OWNER_BLOB;
1314
1315 /* 20.13 TPM_DELEGATE_KEY_BLOB rev 87
1316
1317 A structure identical to TPM_DELEGATE_OWNER_BLOB but which stores delegation information for user
1318 keys. As compared to TPM_DELEGATE_OWNER_BLOB, it adds a hash of the corresponding public key
1319 value to the public information.
1320 */
1321
1322 typedef struct tdTPM_DELEGATE_KEY_BLOB {
1323 #ifdef TPM_USE_TAG_IN_STRUCTURE
1324 TPM_STRUCTURE_TAG tag; /* This MUST be TPM_TAG_DELG_KEY_BLOB */
1325 #endif
1326 TPM_DELEGATE_PUBLIC pub; /* The public information for this blob */
1327 TPM_DIGEST integrityDigest; /* The HMAC to guarantee the integrity of the entire
1328 structure */
1329 TPM_DIGEST pubKeyDigest; /* The digest, that uniquely identifies the key for which
1330 this usage delegation applies. */
1331 TPM_SIZED_BUFFER additionalArea; /* An area that the TPM can add to the blob which MUST NOT
1332 contain any sensitive information. This would include any
1333 IV material for symmetric encryption */
1334 TPM_SIZED_BUFFER sensitiveArea; /* The area that contains the encrypted
1335 TPM_DELEGATE_SENSITIVE */
1336 } TPM_DELEGATE_KEY_BLOB;
1337
1338 /* 15.1 TPM_CURRENT_TICKS rev 110
1339
1340 This structure holds the current number of time ticks in the TPM. The value is the number of time
1341 ticks from the start of the current session. Session start is a variable function that is
1342 platform dependent. Some platforms may have batteries or other power sources and keep the TPM
1343 clock session across TPM initialization sessions.
1344
1345 The <tickRate> element of the TPM_CURRENT_TICKS structure provides the number of microseconds per
1346 tick. The platform manufacturer must satisfy input clock requirements set by the TPM vendor to
1347 ensure the accuracy of the tickRate.
1348
1349 No external entity may ever set the current number of time ticks held in TPM_CURRENT_TICKS. This
1350 value is always reset to 0 when a new clock session starts and increments under control of the
1351 TPM.
1352
1353 Maintaining the relationship between the number of ticks counted by the TPM and some real world
1354 clock is a task for external software.
1355 */
1356
1357 /* This is not a true UINT64, but a special structure to hold currentTicks */
1358
1359 typedef struct tdTPM_UINT64 {
1360 uint32_t sec;
1361 uint32_t usec;
1362 } TPM_UINT64;
1363
1364 typedef struct tdTPM_CURRENT_TICKS {
1365 #ifdef TPM_USE_TAG_IN_STRUCTURE
1366 TPM_STRUCTURE_TAG tag; /* TPM_TAG_CURRENT_TICKS */
1367 #endif
1368 TPM_UINT64 currentTicks; /* The number of ticks since the start of this tick session */
1369 /* upper is seconds, lower is useconds */
1370 uint16_t tickRate; /* The number of microseconds per tick. The maximum resolution of
1371 the TPM tick counter is thus 1 microsecond. The minimum
1372 resolution SHOULD be 1 millisecond. */
1373 TPM_NONCE tickNonce; /* TPM_NONCE tickNonce The nonce created by the TPM when resetting
1374 the currentTicks to 0. This indicates the beginning of a time
1375 session. This value MUST be valid before the first use of
1376 TPM_CURRENT_TICKS. The value can be set at TPM_Startup or just
1377 prior to first use. */
1378 /* NOTE Added */
1379 TPM_UINT64 initialTime; /* Time from TPM_GetTimeOfDay() */
1380 } TPM_CURRENT_TICKS;
1381
1382 /*
1383 13. Transport Structures
1384 */
1385
1386 /* 13.1 TPM _TRANSPORT_PUBLIC rev 87
1387
1388 The public information relative to a transport session
1389 */
1390
1391 typedef struct tdTPM_TRANSPORT_PUBLIC {
1392 #ifdef TPM_USE_TAG_IN_STRUCTURE
1393 TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_PUBLIC */
1394 #endif
1395 TPM_TRANSPORT_ATTRIBUTES transAttributes; /* The attributes of this session */
1396 TPM_ALGORITHM_ID algId; /* This SHALL be the algorithm identifier of the
1397 symmetric key. */
1398 TPM_ENC_SCHEME encScheme; /* This SHALL fully identify the manner in which the
1399 key will be used for encryption operations. */
1400 } TPM_TRANSPORT_PUBLIC;
1401
1402 /* 13.2 TPM_TRANSPORT_INTERNAL rev 88
1403
1404 The internal information regarding transport session
1405 */
1406
1407 /* 7.6 TPM_STANY_DATA */
1408
1409 #ifdef TPM_MIN_TRANS_SESSIONS
1410 #if (TPM_MIN_TRANS_SESSIONS < 3)
1411 #error "TPM_MIN_TRANS_SESSIONS minimum is 3"
1412 #endif
1413 #endif
1414
1415 #ifndef TPM_MIN_TRANS_SESSIONS
1416 #define TPM_MIN_TRANS_SESSIONS 3
1417 #endif
1418
1419 typedef struct tdTPM_TRANSPORT_INTERNAL {
1420 #ifdef TPM_USE_TAG_IN_STRUCTURE
1421 TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_INTERNAL */
1422 #endif
1423 TPM_AUTHDATA authData; /* The shared secret for this session */
1424 TPM_TRANSPORT_PUBLIC transPublic; /* The public information of this session */
1425 TPM_TRANSHANDLE transHandle; /* The handle for this session */
1426 TPM_NONCE transNonceEven; /* The even nonce for the rolling protocol */
1427 TPM_DIGEST transDigest; /* The log of transport events */
1428 /* added kgold */
1429 TPM_BOOL valid; /* entry is valid */
1430 } TPM_TRANSPORT_INTERNAL;
1431
1432 /* 13.3 TPM_TRANSPORT_LOG_IN rev 87
1433
1434 The logging of transport commands occurs in two steps, before execution with the input
1435 parameters and after execution with the output parameters.
1436
1437 This structure is in use for input log calculations.
1438 */
1439
1440 typedef struct tdTPM_TRANSPORT_LOG_IN {
1441 #ifdef TPM_USE_TAG_IN_STRUCTURE
1442 TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_LOG_IN */
1443 #endif
1444 TPM_DIGEST parameters; /* The actual parameters contained in the digest are subject to the
1445 rules of the command using this structure. To find the exact
1446 calculation refer to the actions in the command using this
1447 structure. */
1448 TPM_DIGEST pubKeyHash; /* The hash of any keys in the transport command */
1449 } TPM_TRANSPORT_LOG_IN;
1450
1451 /* 13.4 TPM_TRANSPORT_LOG_OUT rev 88
1452
1453 The logging of transport commands occurs in two steps, before execution with the input parameters
1454 and after execution with the output parameters.
1455
1456 This structure is in use for output log calculations.
1457
1458 This structure is in use for the INPUT logging during releaseTransport.
1459 */
1460
1461 typedef struct tdTPM_TRANSPORT_LOG_OUT {
1462 #ifdef TPM_USE_TAG_IN_STRUCTURE
1463 TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_LOG_OUT */
1464 #endif
1465 TPM_CURRENT_TICKS currentTicks; /* The current tick count. This SHALL be the value of the
1466 current TPM tick counter. */
1467 TPM_DIGEST parameters; /* The actual parameters contained in the digest are subject
1468 to the rules of the command using this structure. To find
1469 the exact calculation refer to the actions in the command
1470 using this structure. */
1471 TPM_MODIFIER_INDICATOR locality; /* The locality that called TPM_ExecuteTransport */
1472 } TPM_TRANSPORT_LOG_OUT;
1473
1474 /* 13.5 TPM_TRANSPORT_AUTH structure rev 87
1475
1476 This structure provides the validation for the encrypted AuthData value.
1477 */
1478
1479 typedef struct tdTPM_TRANSPORT_AUTH {
1480 #ifdef TPM_USE_TAG_IN_STRUCTURE
1481 TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_AUTH */
1482 #endif
1483 TPM_AUTHDATA authData; /* The AuthData value */
1484 } TPM_TRANSPORT_AUTH;
1485
1486 /* 22.3 TPM_DAA_ISSUER rev 91
1487
1488 This structure is the abstract representation of non-secret settings controlling a DAA
1489 context. The structure is required when loading public DAA data into a TPM. TPM_DAA_ISSUER
1490 parameters are normally held outside the TPM as plain text data, and loaded into a TPM when a DAA
1491 session is required. A TPM_DAA_ISSUER structure contains no integrity check: the TPM_DAA_ISSUER
1492 structure at time of JOIN is indirectly verified by the issuer during the JOIN process, and a
1493 digest of the verified TPM_DAA_ISSUER structure is held inside the TPM_DAA_TPM structure created
1494 by the JOIN process. Parameters DAA_digest_X are digests of public DAA_generic_X parameters, and
1495 used to verify that the correct value of DAA_generic_X has been loaded. DAA_generic_q is stored
1496 in its native form to reduce command complexity.
1497 */
1498
1499 typedef struct tdTPM_DAA_ISSUER {
1500 #ifdef TPM_USE_TAG_IN_STRUCTURE
1501 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_ISSUER */
1502 #endif
1503 TPM_DIGEST DAA_digest_R0; /* A digest of the parameter "R0", which is not secret and may be
1504 common to many TPMs. */
1505 TPM_DIGEST DAA_digest_R1; /* A digest of the parameter "R1", which is not secret and may be
1506 common to many TPMs. */
1507 TPM_DIGEST DAA_digest_S0; /* A digest of the parameter "S0", which is not secret and may be
1508 common to many TPMs. */
1509 TPM_DIGEST DAA_digest_S1; /* A digest of the parameter "S1", which is not secret and may be
1510 common to many TPMs. */
1511 TPM_DIGEST DAA_digest_n; /* A digest of the parameter "n", which is not secret and may be
1512 common to many TPMs. */
1513 TPM_DIGEST DAA_digest_gamma; /* A digest of the parameter "gamma", which is not secret
1514 and may be common to many TPMs. */
1515 BYTE DAA_generic_q[26]; /* The parameter q, which is not secret and may be common to
1516 many TPMs. Note that q is slightly larger than a digest,
1517 but is stored in its native form to simplify the
1518 TPM_DAA_join command. Otherwise, JOIN requires 3 input
1519 parameters. */
1520 } TPM_DAA_ISSUER;
1521
1522 /* 22.4 TPM_DAA_TPM rev 91
1523
1524 This structure is the abstract representation of TPM specific parameters used during a DAA
1525 context. TPM-specific DAA parameters may be stored outside the TPM, and hence this
1526 structure is needed to save private DAA data from a TPM, or load private DAA data into a
1527 TPM.
1528
1529 If a TPM_DAA_TPM structure is stored outside the TPM, it is stored in a confidential format that
1530 can be interpreted only by the TPM created it. This is to ensure that secret parameters are
1531 rendered confidential, and that both secret and non-secret data in TPM_DAA_TPM form a
1532 self-consistent set.
1533
1534 TPM_DAA_TPM includes a digest of the public DAA parameters that were used during creation of the
1535 TPM_DAA_TPM structure. This is needed to verify that a TPM_DAA_TPM is being used with the public
1536 DAA parameters used to create the TPM_DAA_TPM structure. Parameters DAA_digest_v0 and
1537 DAA_digest_v1 are digests of public DAA_private_v0 and DAA_private_v1 parameters, and used to
1538 verify that the correct private parameters have been loaded.
1539
1540 Parameter DAA_count is stored in its native form, because it is smaller than a digest, and is
1541 required to enforce consistency.
1542 */
1543
1544 typedef struct tdTPM_DAA_TPM {
1545 #ifdef TPM_USE_TAG_IN_STRUCTURE
1546 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_TPM */
1547 #endif
1548 TPM_DIGEST DAA_digestIssuer; /* A digest of a TPM_DAA_ISSUER structure that contains the
1549 parameters used to generate this TPM_DAA_TPM
1550 structure. */
1551 TPM_DIGEST DAA_digest_v0; /* A digest of the parameter "v0", which is secret and specific to
1552 this TPM. "v0" is generated during a JOIN phase. */
1553 TPM_DIGEST DAA_digest_v1; /* A digest of the parameter "v1", which is secret and specific to
1554 this TPM. "v1" is generated during a JOIN phase. */
1555 TPM_DIGEST DAA_rekey; /* A digest related to the rekeying process, which is not secret but
1556 is specific to this TPM, and must be consistent across JOIN/SIGN
1557 sessions. "rekey" is generated during a JOIN phase. */
1558 uint32_t DAA_count; /* The parameter "count", which is not secret but must be consistent
1559 across JOIN/SIGN sessions. "count" is an input to the TPM from
1560 the host system. */
1561 } TPM_DAA_TPM;
1562
1563 /* 22.5 TPM_DAA_CONTEXT rev 91
1564
1565 TPM_DAA_CONTEXT structure is created and used inside a TPM, and never leaves the TPM. This
1566 entire section is informative as the TPM does not expose this structure. TPM_DAA_CONTEXT
1567 includes a digest of the public and private DAA parameters that were used during creation of the
1568 TPM_DAA_CONTEXT structure. This is needed to verify that a TPM_DAA_CONTEXT is being used with the
1569 public and private DAA parameters used to create the TPM_DAA_CONTEXT structure.
1570 */
1571
1572 typedef struct tdTPM_DAA_CONTEXT {
1573 #ifdef TPM_USE_TAG_IN_STRUCTURE
1574 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_CONTEXT */
1575 #endif
1576 TPM_DIGEST DAA_digestContext; /* A digest of parameters used to generate this
1577 structure. The parameters vary, depending on whether the
1578 session is a JOIN session or a SIGN session. */
1579 TPM_DIGEST DAA_digest; /* A running digest of certain parameters generated during DAA
1580 computation; operationally the same as a PCR (which holds a
1581 running digest of integrity metrics). */
1582 TPM_DAA_CONTEXT_SEED DAA_contextSeed; /* The seed used to generate other DAA
1583 session parameters */
1584 BYTE DAA_scratch[256]; /* Memory used to hold different parameters at different
1585 times of DAA computation, but only one parameter at a
1586 time. The maximum size of this field is 256 bytes */
1587 BYTE DAA_stage; /* A counter, indicating the stage of DAA computation that was most
1588 recently completed. The value of the counter is zero if the TPM
1589 currently contains no DAA context.
1590
1591 When set to zero (0) the TPM MUST clear all other fields in this
1592 structure.
1593
1594 The TPM MUST set DAA_stage to 0 on TPM_Startup(ANY) */
1595 TPM_BOOL DAA_scratch_null;
1596 } TPM_DAA_CONTEXT;
1597
1598 /* 22.6 TPM_DAA_JOINDATA rev 91
1599
1600 This structure is the abstract representation of data that exists only during a specific JOIN
1601 session.
1602 */
1603
1604 typedef struct tdTPM_DAA_JOINDATA {
1605 BYTE DAA_join_u0[128]; /* A TPM-specific secret "u0", used during the JOIN phase,
1606 and discarded afterwards. */
1607 BYTE DAA_join_u1[138]; /* A TPM-specific secret "u1", used during the JOIN phase,
1608 and discarded afterwards. */
1609 TPM_DIGEST DAA_digest_n0; /* A digest of the parameter "n0", which is an RSA public key with
1610 exponent 2^16 +1 */
1611 } TPM_DAA_JOINDATA;
1612
1613 /* DAA Session structure
1614
1615 */
1616
1617 #ifdef TPM_MIN_DAA_SESSIONS
1618 #if (TPM_MIN_DAA_SESSIONS < 1)
1619 #error "TPM_MIN_DAA_SESSIONS minimum is 1"
1620 #endif
1621 #endif
1622
1623 #ifndef TPM_MIN_DAA_SESSIONS
1624 #define TPM_MIN_DAA_SESSIONS 1
1625 #endif
1626
1627 typedef struct tdTPM_DAA_SESSION_DATA {
1628 TPM_DAA_ISSUER DAA_issuerSettings; /* A set of DAA issuer parameters controlling a DAA
1629 session. (non-secret) */
1630 TPM_DAA_TPM DAA_tpmSpecific; /* A set of DAA parameters associated with a
1631 specific TPM. (secret) */
1632 TPM_DAA_CONTEXT DAA_session; /* A set of DAA parameters associated with a DAA
1633 session. (secret) */
1634 TPM_DAA_JOINDATA DAA_joinSession; /* A set of DAA parameters used only during the JOIN
1635 phase of a DAA session, and generated by the
1636 TPM. (secret) */
1637 /* added kgold */
1638 TPM_HANDLE daaHandle; /* DAA session handle */
1639 TPM_BOOL valid; /* array entry is valid */
1640 /* FIXME should have handle type Join or Sign */
1641 } TPM_DAA_SESSION_DATA;
1642
1643 /* 22.8 TPM_DAA_BLOB rev 98
1644
1645 The structure passed during the join process
1646 */
1647
1648 typedef struct tdTPM_DAA_BLOB {
1649 #ifdef TPM_USE_TAG_IN_STRUCTURE
1650 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_BLOB */
1651 #endif
1652 TPM_RESOURCE_TYPE resourceType; /* The resource type: enc(DAA_tpmSpecific) or enc(v0) or
1653 enc(v1) */
1654 BYTE label[16]; /* Label for identification of the blob. Free format
1655 area. */
1656 TPM_DIGEST blobIntegrity; /* The integrity of the entire blob including the sensitive
1657 area. This is a HMAC calculation with the entire
1658 structure (including sensitiveData) being the hash and
1659 daaProof is the secret */
1660 TPM_SIZED_BUFFER additionalData; /* Additional information set by the TPM that helps define
1661 and reload the context. The information held in this area
1662 MUST NOT expose any information held in shielded
1663 locations. This should include any IV for symmetric
1664 encryption */
1665 TPM_SIZED_BUFFER sensitiveData; /* A TPM_DAA_SENSITIVE structure */
1666 #if 0
1667 uint32_t additionalSize;
1668 [size_is(additionalSize)] BYTE* additionalData;
1669 uint32_t sensitiveSize;
1670 [size_is(sensitiveSize)] BYTE* sensitiveData;
1671 #endif
1672 } TPM_DAA_BLOB;
1673
1674 /* 22.9 TPM_DAA_SENSITIVE rev 91
1675
1676 The encrypted area for the DAA parameters
1677 */
1678
1679 typedef struct tdTPM_DAA_SENSITIVE {
1680 #ifdef TPM_USE_TAG_IN_STRUCTURE
1681 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_SENSITIVE */
1682 #endif
1683 TPM_SIZED_BUFFER internalData; /* DAA_tpmSpecific or DAA_private_v0 or DAA_private_v1 */
1684 #if 0
1685 uint32_t internalSize;
1686 [size_is(internalSize)] BYTE* internalData;
1687 #endif
1688 } TPM_DAA_SENSITIVE;
1689
1690 /* 7.1 TPM_PERMANENT_FLAGS rev 110
1691
1692 These flags maintain state information for the TPM. The values are not affected by any
1693 TPM_Startup command.
1694
1695 The flag history includes:
1696
1697 Rev 62 specLevel 1 errataRev 0: 15 BOOLs
1698 Rev 85 specLevel 2 errataRev 0: 19 BOOLs
1699 Added: nvLocked, readSRKPub, tpmEstablished, maintenanceDone
1700 Rev 94 specLevel 2 errataRev 1: 19 BOOLs
1701 Rev 103 specLevel 2 errataRev 2: 20 BOOLs
1702 Added: disableFullDALogicInfo
1703 */
1704
1705 typedef struct tdTPM_PERMANENT_FLAGS {
1706 #ifdef TPM_USE_TAG_IN_STRUCTURE
1707 TPM_STRUCTURE_TAG tag; /* TPM_TAG_PERMANENT_FLAGS */
1708 #endif
1709 TPM_BOOL disable; /* disable The state of the disable flag. The default state is TRUE
1710 */
1711 TPM_BOOL ownership; /* The ability to install an owner. The default state is TRUE. */
1712 TPM_BOOL deactivated; /* The state of the inactive flag. The default state is TRUE. */
1713 TPM_BOOL readPubek; /* The ability to read the PUBEK without owner authorization. The
1714 default state is TRUE.
1715
1716 set TRUE on owner clear
1717 set FALSE on take owner, disablePubekRead
1718 */
1719 TPM_BOOL disableOwnerClear; /* Whether the owner authorized clear commands are active. The
1720 default state is FALSE. */
1721 TPM_BOOL allowMaintenance; /* Whether the TPM Owner may create a maintenance archive. The
1722 default state is TRUE. */
1723 TPM_BOOL physicalPresenceLifetimeLock; /* This bit can only be set to TRUE; it cannot be set to
1724 FALSE except during the manufacturing process.
1725
1726 FALSE: The state of either physicalPresenceHWEnable or
1727 physicalPresenceCMDEnable MAY be changed. (DEFAULT)
1728
1729 TRUE: The state of either physicalPresenceHWEnable or
1730 physicalPresenceCMDEnable MUST NOT be changed for the
1731 life of the TPM. */
1732 TPM_BOOL physicalPresenceHWEnable; /* FALSE: Disable the hardware signal indicating physical
1733 presence. (DEFAULT)
1734
1735 TRUE: Enables the hardware signal indicating physical
1736 presence. */
1737 TPM_BOOL physicalPresenceCMDEnable; /* FALSE: Disable the command indicating physical
1738 presence. (DEFAULT)
1739
1740 TRUE: Enables the command indicating physical
1741 presence. */
1742 TPM_BOOL CEKPUsed; /* TRUE: The PRIVEK and PUBEK were created using
1743 TPM_CreateEndorsementKeyPair.
1744
1745 FALSE: The PRIVEK and PUBEK were created using a manufacturer's
1746 process. NOTE: This flag has no default value as the key pair
1747 MUST be created by one or the other mechanism. */
1748 TPM_BOOL TPMpost; /* TRUE: After TPM_Startup, if there is a call to
1749 TPM_ContinueSelfTest the TPM MUST execute the actions of
1750 TPM_SelfTestFull
1751
1752 FALSE: After TPM_Startup, if there is a call to
1753 TPM_ContinueSelfTest the TPM MUST execute TPM_ContinueSelfTest
1754
1755 If the TPM supports the implicit invocation of
1756 TPM_ContinueSelftTest upon the use of an untested resource, the
1757 TPM MUST use the TPMPost flag to call either TPM_ContinueSelfTest
1758 or TPM_SelfTestFull
1759
1760 The TPM manufacturer sets this bit during TPM manufacturing and
1761 the bit is unchangeable after shipping the TPM
1762
1763 The default state is FALSE */
1764 TPM_BOOL TPMpostLock; /* With the clarification of TPMPost TPMpostLock is now
1765 unnecessary.
1766 This flag is now deprecated */
1767 TPM_BOOL FIPS; /* TRUE: This TPM operates in FIPS mode
1768 FALSE: This TPM does NOT operate in FIPS mode */
1769 TPM_BOOL tpmOperator; /* TRUE: The operator authorization value is valid
1770 FALSE: the operator authorization value is not set */
1771 TPM_BOOL enableRevokeEK; /* TRUE: The TPM_RevokeTrust command is active
1772 FALSE: the TPM RevokeTrust command is disabled */
1773 TPM_BOOL nvLocked; /* TRUE: All NV area authorization checks are active
1774 FALSE: No NV area checks are performed, except for maxNVWrites.
1775 FALSE is the default value */
1776 TPM_BOOL readSRKPub; /* TRUE: GetPubKey will return the SRK pub key
1777 FALSE: GetPubKey will not return the SRK pub key
1778 Default SHOULD be FALSE */
1779 TPM_BOOL tpmEstablished; /* TRUE: TPM_HASH_START has been executed at some time
1780 FALSE: TPM_HASH_START has not been executed at any time
1781 Default is FALSE - resets using TPM_ResetEstablishmentBit */
1782 TPM_BOOL maintenanceDone; /* TRUE: A maintenance archive has been created for the current
1783 SRK */
1784 #if (TPM_REVISION >= 103) /* added for rev 103 */
1785 TPM_BOOL disableFullDALogicInfo; /* TRUE: The full dictionary attack TPM_GetCapability info is
1786 deactivated. The returned structure is TPM_DA_INFO_LIMITED.
1787 FALSE: The full dictionary attack TPM_GetCapability info is
1788 activated. The returned structure is TPM_DA_INFO.
1789 Default is FALSE.
1790 */
1791 #endif
1792 /* NOTE: Cannot add vendor specific flags here, since TPM_GetCapability() returns the serialized
1793 structure */
1794 } TPM_PERMANENT_FLAGS;
1795
1796 /* 7.2 TPM_STCLEAR_FLAGS rev 109
1797
1798 These flags maintain state that is reset on each TPM_Startup(ST_Clear) command. The values are
1799 not affected by TPM_Startup(ST_State) commands.
1800 */
1801
1802 typedef struct tdTPM_STCLEAR_FLAGS {
1803 #ifdef TPM_USE_TAG_IN_STRUCTURE
1804 TPM_STRUCTURE_TAG tag; /* TPM_TAG_STCLEAR_FLAGS */
1805 #endif
1806 TPM_BOOL deactivated; /* Prevents the operation of most capabilities. There is no
1807 default state. It is initialized by TPM_Startup to the
1808 same value as TPM_PERMANENT_FLAGS ->
1809 deactivated. TPM_SetTempDeactivated sets it to TRUE. */
1810 TPM_BOOL disableForceClear; /* Prevents the operation of TPM_ForceClear when TRUE. The
1811 default state is FALSE. TPM_DisableForceClear sets it to
1812 TRUE. */
1813 TPM_BOOL physicalPresence; /* Command assertion of physical presence. The default state
1814 is FALSE. This flag is affected by the
1815 TSC_PhysicalPresence command but not by the hardware
1816 signal. */
1817 TPM_BOOL physicalPresenceLock; /* Indicates whether changes to the TPM_STCLEAR_FLAGS ->
1818 physicalPresence flag are permitted.
1819 TPM_Startup(ST_CLEAR) sets PhysicalPresenceLock to its
1820 default state of FALSE (allow changes to the
1821 physicalPresence flag). When TRUE, the physicalPresence
1822 flag is FALSE. TSC_PhysicalPresence can change the state
1823 of physicalPresenceLock. */
1824 TPM_BOOL bGlobalLock; /* Set to FALSE on each TPM_Startup(ST_CLEAR). Set to TRUE
1825 when a write to NV_Index =0 is successful */
1826 /* NOTE: Cannot add vendor specific flags here, since TPM_GetCapability() returns the serialized
1827 structure */
1828 } TPM_STCLEAR_FLAGS;
1829
1830
1831 /* 7.3 TPM_STANY_FLAGS rev 87
1832
1833 These flags reset on any TPM_Startup command.
1834 */
1835
1836 typedef struct tdTPM_STANY_FLAGS {
1837 #ifdef TPM_USE_TAG_IN_STRUCTURE
1838 TPM_STRUCTURE_TAG tag; /* TPM_TAG_STANY_FLAGS */
1839 #endif
1840 TPM_BOOL postInitialise; /* Prevents the operation of most capabilities. There is no default
1841 state. It is initialized by TPM_Init to TRUE. TPM_Startup sets it
1842 to FALSE. */
1843 TPM_MODIFIER_INDICATOR localityModifier; /*This SHALL indicate for each command the presence of
1844 a locality modifier for the command. It MUST be set
1845 to NULL after the TPM executes each command. */
1846 #if 0
1847 TPM_BOOL transportExclusive; /* Defaults to FALSE. TRUE when there is an exclusive transport
1848 session active. Execution of ANY command other than
1849 TPM_ExecuteTransport or TPM_ReleaseTransportSigned MUST
1850 invalidate the exclusive transport session. */
1851 #endif
1852 TPM_TRANSHANDLE transportExclusive; /* Defaults to 0x00000000, Set to the handle when an
1853 exclusive transport session is active */
1854 TPM_BOOL TOSPresent; /* Defaults to FALSE
1855 Set to TRUE on TPM_HASH_START
1856 set to FALSE using setCapability */
1857 /* NOTE: Added kgold */
1858 TPM_BOOL stateSaved; /* Defaults to FALSE
1859 Set to TRUE on TPM_SaveState
1860 Set to FALSE on any other ordinal
1861
1862 This is an optimization flag, so the file need not be deleted if
1863 it does not exist.
1864 */
1865 } TPM_STANY_FLAGS;
1866
1867 /* 7.4 TPM_PERMANENT_DATA rev 105
1868
1869 This structure contains the data fields that are permanently held in the TPM and not affected by
1870 TPM_Startup(any).
1871
1872 Many of these fields contain highly confidential and privacy sensitive material. The TPM must
1873 maintain the protections around these fields.
1874 */
1875
1876 #ifdef TPM_MIN_COUNTERS
1877 #if (TPM_MIN_COUNTERS < 4)
1878 #error "TPM_MIN_COUNTERS minimum is 4"
1879 #endif
1880 #endif
1881
1882 #ifndef TPM_MIN_COUNTERS
1883 #define TPM_MIN_COUNTERS 4 /* the minimum number of counters is 4 */
1884 #endif
1885
1886 #define TPM_DELEGATE_KEY TPM_KEY
1887 #define TPM_MAX_NV_WRITE_NOOWNER 64
1888
1889 /* Although the ordinal is 32 bits, only the lower 8 bits seem to be used. So for now, define an
1890 array of 256/8 bytes for ordinalAuditStatus - kgold */
1891
1892 #define TPM_ORDINALS_MAX 256 /* assumes a multiple of CHAR_BIT */
1893 #define TPM_AUTHDIR_SIZE 1 /* Number of DIR registers */
1894
1895
1896
1897
1898 typedef struct tdTPM_PERMANENT_DATA {
1899 #ifdef TPM_USE_TAG_IN_STRUCTURE
1900 TPM_STRUCTURE_TAG tag; /* TPM_TAG_PERMANENT_DATA */
1901 #endif
1902 BYTE revMajor; /* This is the TPM major revision indicator. This SHALL be set by
1903 the TPME, only. The default value is manufacturer-specific. */
1904 BYTE revMinor; /* This is the TPM minor revision indicator. This SHALL be set by
1905 the TPME, only. The default value is manufacturer-specific. */
1906 TPM_SECRET tpmProof; /* This is a random number that each TPM maintains to validate blobs
1907 in the SEAL and other processes. The default value is
1908 manufacturer-specific. */
1909 TPM_NONCE EKReset; /* Nonce held by TPM to validate TPM_RevokeTrust. This value is set
1910 as the next 20 bytes from the TPM RNG when the EK is set
1911 (was fipsReset - kgold) */
1912 TPM_SECRET ownerAuth; /* This is the TPM-Owner's authorization data. The default value is
1913 manufacturer-specific. */
1914 TPM_SECRET operatorAuth; /* The value that allows the execution of the SetTempDeactivated
1915 command */
1916 TPM_DIRVALUE authDIR; /* The array of TPM Owner authorized DIR. Points to the same
1917 location as the NV index value. (kgold - was array of 1) */
1918 #ifndef TPM_NOMAINTENANCE
1919 TPM_PUBKEY manuMaintPub; /* This is the manufacturer's public key to use in the maintenance
1920 operations. The default value is manufacturer-specific. */
1921 #endif
1922 TPM_KEY endorsementKey; /* This is the TPM's endorsement key pair. */
1923 TPM_KEY srk; /* This is the TPM's StorageRootKey. */
1924 TPM_SYMMETRIC_KEY_TOKEN contextKey; /* This is the key in use to perform context saves. The key
1925 may be symmetric or asymmetric. The key size is
1926 predicated by the algorithm in use. */
1927 TPM_SYMMETRIC_KEY_TOKEN delegateKey; /* This key encrypts delegate rows that are stored
1928 outside the TPM. */
1929 TPM_COUNTER_VALUE auditMonotonicCounter; /* This SHALL be the audit monotonic counter for the
1930 TPM. This value starts at 0 and increments
1931 according to the rules of auditing */
1932 TPM_COUNTER_VALUE monotonicCounter[TPM_MIN_COUNTERS]; /* This SHALL be the monotonic
1933 counters for the TPM. The
1934 individual counters start and
1935 increment according to the rules
1936 of monotonic counters. */
1937 TPM_PCR_ATTRIBUTES pcrAttrib[TPM_NUM_PCR]; /* The attributes for all of the PCR registers
1938 supported by the TPM. */
1939 BYTE ordinalAuditStatus[TPM_ORDINALS_MAX/CHAR_BIT]; /* Table indicating which ordinals are being
1940 audited. */
1941 #if 0
1942 /* kgold - The xcrypto RNG is good enough that this is not needed */
1943 BYTE* rngState; /* State information describing the random number
1944 generator. */
1945 #endif
1946 TPM_FAMILY_TABLE familyTable; /* The family table in use for delegations */
1947 TPM_DELEGATE_TABLE delegateTable; /* The delegate table */
1948 uint32_t lastFamilyID; /* A value that sets the high water mark for family ID's. Set to 0
1949 during TPM manufacturing and never reset. */
1950 uint32_t noOwnerNVWrite; /* The count of NV writes that have occurred when there is no TPM
1951 Owner.
1952
1953 This value starts at 0 in manufacturing and after each
1954 TPM_OwnerClear. If the value exceeds 64 the TPM returns
1955 TPM_MAXNVWRITES to any command attempting to manipulate the NV
1956 storage. */
1957 TPM_CMK_DELEGATE restrictDelegate; /* The settings that allow for the delegation and
1958 use on CMK keys. Default value is false. */
1959 TPM_DAA_TPM_SEED tpmDAASeed; /* This SHALL be a random value generated after generation
1960 of the EK.
1961
1962 tpmDAASeed does not change during TPM Owner changes. If
1963 the EK is removed (RevokeTrust) then the TPM MUST
1964 invalidate the tpmDAASeed. The owner can force a change
1965 in the value through TPM_SetCapability.
1966
1967 (linked to daaProof) */
1968 TPM_NONCE daaProof; /* This is a random number that each TPM maintains to validate blobs
1969 in the DAA processes. The default value is manufacturer-specific.
1970
1971 The value is not changed when the owner is changed. It is
1972 changed when the EK changes. The owner can force a change in the
1973 value through TPM_SetCapability. */
1974 TPM_SYMMETRIC_KEY_TOKEN daaBlobKey; /* This is the key in use to perform DAA encryption and
1975 decryption. The key may be symmetric or asymmetric. The
1976 key size is predicated by the algorithm in use.
1977
1978 This value MUST be changed when daaProof changes.
1979
1980 This key MUST NOT be a copy of the EK or SRK.
1981
1982 (linked to daaProof) */
1983 /* NOTE: added kgold */
1984 TPM_BOOL ownerInstalled; /* TRUE: The TPM has an owner installed.
1985 FALSE: The TPM has no owner installed. (default) */
1986 BYTE tscOrdinalAuditStatus; /* extra byte to track TSC ordinals */
1987 TPM_BOOL allowLoadMaintPub; /* TRUE allows the TPM_LoadManuMaintPub command */
1988
1989 } TPM_PERMANENT_DATA;
1990
1991 /* 7.6 TPM_STANY_DATA */
1992
1993 #ifdef TPM_MIN_AUTH_SESSIONS
1994 #if (TPM_MIN_AUTH_SESSIONS < 3)
1995 #error "TPM_MIN_AUTH_SESSIONS minimum is 3"
1996 #endif
1997 #endif
1998
1999 #ifndef TPM_MIN_AUTH_SESSIONS
2000 #define TPM_MIN_AUTH_SESSIONS 3
2001 #endif
2002
2003 /* NOTE: Vendor specific */
2004
2005 typedef struct tdTPM_AUTH_SESSION_DATA {
2006 /* vendor specific */
2007 TPM_AUTHHANDLE handle; /* Handle for a session */
2008 TPM_PROTOCOL_ID protocolID; /* TPM_PID_OIAP, TPM_PID_OSAP, TPM_PID_DSAP */
2009 TPM_ENT_TYPE entityTypeByte; /* The type of entity in use (TPM_ET_SRK, TPM_ET_OWNER,
2010 TPM_ET_KEYHANDLE ... */
2011 TPM_ADIP_ENC_SCHEME adipEncScheme; /* ADIP encryption scheme */
2012 TPM_NONCE nonceEven; /* OIAP, OSAP, DSAP */
2013 TPM_SECRET sharedSecret; /* OSAP */
2014 TPM_DIGEST entityDigest; /* OSAP tracks which entity established the OSAP session */
2015 TPM_DELEGATE_PUBLIC pub; /* DSAP */
2016 TPM_BOOL valid; /* added kgold: array entry is valid */
2017 } TPM_AUTH_SESSION_DATA;
2018
2019
2020 /* 3. contextList MUST support a minimum of 16 entries, it MAY support more. */
2021
2022 #ifdef TPM_MIN_SESSION_LIST
2023 #if (TPM_MIN_SESSION_LIST < 16)
2024 #error "TPM_MIN_SESSION_LIST minimum is 16"
2025 #endif
2026 #endif
2027
2028 #ifndef TPM_MIN_SESSION_LIST
2029 #define TPM_MIN_SESSION_LIST 16
2030 #endif
2031
2032 /* 7.5 TPM_STCLEAR_DATA rev 101
2033
2034 This is an informative structure and not normative. It is purely for convenience of writing the
2035 spec.
2036
2037 Most of the data in this structure resets on TPM_Startup(ST_Clear). A TPM may implement rules
2038 that provide longer-term persistence for the data. The TPM reflects how it handles the data in
2039 various TPM_GetCapability fields including startup effects.
2040 */
2041
2042 typedef struct tdTPM_STCLEAR_DATA {
2043 #ifdef TPM_USE_TAG_IN_STRUCTURE
2044 TPM_STRUCTURE_TAG tag; /* TPM_TAG_STCLEAR_DATA */
2045 #endif
2046 TPM_NONCE contextNonceKey; /* This is the nonce in use to properly identify saved key context
2047 blobs This SHALL be set to all zeros on each TPM_Startup
2048 (ST_Clear).
2049 */
2050 TPM_COUNT_ID countID; /* This is the handle for the current monotonic counter. This SHALL
2051 be set to zero on each TPM_Startup(ST_Clear). */
2052 uint32_t ownerReference; /* Points to where to obtain the owner secret in OIAP and OSAP
2053 commands. This allows a TSS to manage 1.1 applications on a 1.2
2054 TPM where delegation is in operation. */
2055 TPM_BOOL disableResetLock; /* Disables TPM_ResetLockValue upon authorization failure.
2056 The value remains TRUE for the timeout period.
2057
2058 Default is FALSE.
2059
2060 The value is in the STCLEAR_DATA structure as the
2061 implementation of this flag is TPM vendor specific. */
2062 TPM_PCRVALUE PCRS[TPM_NUM_PCR]; /* Platform configuration registers */
2063 #if (TPM_REVISION >= 103) /* added for rev 103 */
2064 uint32_t deferredPhysicalPresence; /* The value can save the assertion of physicalPresence.
2065 Individual bits indicate to its ordinal that
2066 physicalPresence was previously asserted when the
2067 software state is such that it can no longer be asserted.
2068 Set to zero on each TPM_Startup(ST_Clear). */
2069 #endif
2070 /* NOTE: Added for dictionary attack mitigation */
2071 uint32_t authFailCount; /* number of authorization failures without a TPM_ResetLockValue */
2072 uint32_t authFailTime; /* time of threshold failure in seconds */
2073 /* NOTE: Moved from TPM_STANY_DATA. Saving this state is optional. This implementation
2074 does. */
2075 TPM_AUTH_SESSION_DATA authSessions[TPM_MIN_AUTH_SESSIONS]; /* List of current
2076 sessions. Sessions can be OSAP,
2077 OIAP, DSAP and Transport */
2078 /* NOTE: Added for transport */
2079 TPM_TRANSPORT_INTERNAL transSessions[TPM_MIN_TRANS_SESSIONS];
2080 /* 22.7 TPM_STANY_DATA Additions (for DAA) - moved to TPM_STCLEAR_DATA for startup state */
2081 TPM_DAA_SESSION_DATA daaSessions[TPM_MIN_DAA_SESSIONS];
2082 /* 1. The group of contextNonceSession, contextCount, contextList MUST reset at the same
2083 time. */
2084 TPM_NONCE contextNonceSession; /* This is the nonce in use to properly identify saved
2085 session context blobs. This MUST be set to all zeros on
2086 each TPM_Startup (ST_Clear). The nonce MAY be set to
2087 null on TPM_Startup( any). */
2088 uint32_t contextCount; /* This is the counter to avoid session context blob replay
2089 attacks. This MUST be set to 0 on each TPM_Startup
2090 (ST_Clear). The value MAY be set to 0 on TPM_Startup
2091 (any). */
2092 uint32_t contextList[TPM_MIN_SESSION_LIST]; /* This is the list of outstanding session blobs.
2093 All elements of this array MUST be set to 0 on
2094 each TPM_Startup (ST_Clear). The values MAY be
2095 set to 0 on TPM_Startup (any). */
2096 /* NOTE Added auditDigest effect, saved with ST_STATE */
2097 TPM_DIGEST auditDigest; /* This is the extended value that is the audit log. This
2098 SHALL be set to all zeros at the start of each audit
2099 session. */
2100 /* NOTE Storage for the ordinal response */
2101 TPM_STORE_BUFFER ordinalResponse; /* outgoing response buffer for this ordinal */
2102 } TPM_STCLEAR_DATA;
2103
2104 /* 7.6 TPM_STANY_DATA rev 87
2105
2106 This is an informative structure and not normative. It is purely for convenience of writing the
2107 spec.
2108
2109 Most of the data in this structure resets on TPM_Startup(ST_State). A TPM may implement rules
2110 that provide longer-term persistence for the data. The TPM reflects how it handles the data in
2111 various getcapability fields including startup effects.
2112 */
2113
2114 typedef struct tdTPM_STANY_DATA {
2115 #ifdef TPM_USE_TAG_IN_STRUCTURE
2116 TPM_STRUCTURE_TAG tag; /* TPM_TAG_STANY_DATA */
2117 #endif
2118 TPM_CURRENT_TICKS currentTicks; /* This is the current tick counter. This is reset to 0
2119 according to the rules when the TPM can tick. See the
2120 section on the tick counter for details. */
2121 } TPM_STANY_DATA;
2122
2123 /* 11. Signed Structures */
2124
2125 /* 11.1 TPM_CERTIFY_INFO rev 101
2126
2127 When the TPM certifies a key, it must provide a signature with a TPM identity key on information
2128 that describes that key. This structure provides the mechanism to do so.
2129
2130 Key usage and keyFlags must have their upper byte set to zero to avoid collisions with the other
2131 signature headers.
2132 */
2133
2134 typedef struct tdTPM_CERTIFY_INFO {
2135 TPM_STRUCT_VER version; /* This MUST be 1.1.0.0 */
2136 TPM_KEY_USAGE keyUsage; /* This SHALL be the same value that would be set in a
2137 TPM_KEY representation of the key to be certified. The
2138 upper byte MUST be zero */
2139 TPM_KEY_FLAGS keyFlags; /* This SHALL be set to the same value as the corresponding
2140 parameter in the TPM_KEY structure that describes the
2141 public key that is being certified. The upper byte MUST
2142 be zero */
2143 TPM_AUTH_DATA_USAGE authDataUsage; /* This SHALL be the same value that would be set in a
2144 TPM_KEY representation of the key to be certified */
2145 TPM_KEY_PARMS algorithmParms; /* This SHALL be the same value that would be set in a
2146 TPM_KEY representation of the key to be certified */
2147 TPM_DIGEST pubkeyDigest; /* This SHALL be a digest of the value TPM_KEY -> pubKey ->
2148 key in a TPM_KEY representation of the key to be
2149 certified */
2150 TPM_NONCE data; /* This SHALL be externally provided data. */
2151 TPM_BOOL parentPCRStatus; /* This SHALL indicate if any parent key was wrapped to a
2152 PCR */
2153 TPM_SIZED_BUFFER pcrInfo; /* */
2154 #if 0
2155 uint32_t PCRInfoSize; /* This SHALL be the size of the pcrInfo parameter. A value
2156 of zero indicates that the key is not wrapped to a PCR */
2157 BYTE* PCRInfo; /* This SHALL be the TPM_PCR_INFO structure. */
2158 #endif
2159 /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */
2160 TPM_PCR_INFO *tpm_pcr_info;
2161 } TPM_CERTIFY_INFO;
2162
2163 /* 11.2 TPM_CERTIFY_INFO2 rev 101
2164
2165 When the TPM certifies a key, it must provide a signature with a TPM identity key on information
2166 that describes that key. This structure provides the mechanism to do so.
2167
2168 Key usage and keyFlags must have their upper byte set to zero to avoid collisions with the other
2169 signature headers.
2170 */
2171
2172 typedef struct tdTPM_CERTIFY_INFO2 {
2173 #ifdef TPM_USE_TAG_IN_STRUCTURE
2174 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CERTIFY_INFO2 */
2175 #endif
2176 BYTE fill; /* MUST be 0x00 */
2177 TPM_PAYLOAD_TYPE payloadType; /* This SHALL be the same value that would be set in a
2178 TPM_KEY representation of the key to be certified */
2179 TPM_KEY_USAGE keyUsage; /* This SHALL be the same value that would be set in a
2180 TPM_KEY representation of the key to be certified. The
2181 upper byte MUST be zero */
2182 TPM_KEY_FLAGS keyFlags; /* This SHALL be set to the same value as the corresponding
2183 parameter in the TPM_KEY structure that describes the
2184 public key that is being certified. The upper byte MUST
2185 be zero. */
2186 TPM_AUTH_DATA_USAGE authDataUsage; /* This SHALL be the same value that would be set in a
2187 TPM_KEY representation of the key to be certified */
2188 TPM_KEY_PARMS algorithmParms; /* This SHALL be the same value that would be set in a
2189 TPM_KEY representation of the key to be certified */
2190 TPM_DIGEST pubkeyDigest; /* This SHALL be a digest of the value TPM_KEY -> pubKey ->
2191 key in a TPM_KEY representation of the key to be
2192 certified */
2193 TPM_NONCE data; /* This SHALL be externally provided data. */
2194 TPM_BOOL parentPCRStatus; /* This SHALL indicate if any parent key was wrapped to a
2195 PCR */
2196 #if 0
2197 uint32_t PCRInfoSize; /* This SHALL be the size of the pcrInfo parameter. A value
2198 of zero indicates that the key is not wrapped to a PCR */
2199 BYTE* PCRInfo; /* This SHALL be the TPM_PCR_INFO_SHORT structure. */
2200 #endif
2201 TPM_SIZED_BUFFER pcrInfo;
2202 #if 0
2203 uint32_t migrationAuthoritySize; /* This SHALL be the size of migrationAuthority */
2204 BYTE *migrationAuthority; /* If the key to be certified has [payload ==
2205 TPM_PT_MIGRATE_RESTRICTED or payload
2206 ==TPM_PT_MIGRATE_EXTERNAL], migrationAuthority is the
2207 digest of the TPM_MSA_COMPOSITE and has TYPE ==
2208 TPM_DIGEST. Otherwise it is NULL. */
2209 #endif
2210 TPM_SIZED_BUFFER migrationAuthority;
2211 /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */
2212 TPM_PCR_INFO_SHORT *tpm_pcr_info_short;
2213 } TPM_CERTIFY_INFO2;
2214
2215 /* 11.3 TPM_QUOTE_INFO rev 87
2216
2217 This structure provides the mechanism for the TPM to quote the current values of a list of PCRs.
2218 */
2219
2220 typedef struct tdTPM_QUOTE_INFO {
2221 TPM_STRUCT_VER version; /* This MUST be 1.1.0.0 */
2222 BYTE fixed[4]; /* This SHALL always be the string 'QUOT' */
2223 TPM_COMPOSITE_HASH digestValue; /* This SHALL be the result of the composite hash algorithm
2224 using the current values of the requested PCR indices. */
2225 TPM_NONCE externalData; /* 160 bits of externally supplied data */
2226 } TPM_QUOTE_INFO;
2227
2228 /* 11.4 TPM_QUOTE_INFO2 rev 87
2229
2230 This structure provides the mechanism for the TPM to quote the current values of a list of PCRs.
2231 */
2232
2233 typedef struct tdTPM_QUOTE_INFO2 {
2234 #ifdef TPM_USE_TAG_IN_STRUCTURE
2235 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_QUOTE_INFO2 */
2236 #endif
2237 BYTE fixed[4]; /* This SHALL always be the string 'QUT2' */
2238 TPM_NONCE externalData; /* 160 bits of externally supplied data */
2239 TPM_PCR_INFO_SHORT infoShort; /* */
2240 } TPM_QUOTE_INFO2;
2241
2242 /* 12.1 TPM_EK_BLOB rev 87
2243
2244 This structure provides a wrapper to each type of structure that will be in use when the
2245 endorsement key is in use.
2246 */
2247
2248 typedef struct tdTPM_EK_BLOB {
2249 #ifdef TPM_USE_TAG_IN_STRUCTURE
2250 TPM_STRUCTURE_TAG tag; /* TPM_TAG_EK_BLOB */
2251 #endif
2252 TPM_EK_TYPE ekType; /* This SHALL be set to reflect the type of blob in use */
2253 TPM_SIZED_BUFFER blob; /* The blob of information depending on the type */
2254 #if 0
2255 uint32_t blobSize; /* */
2256 [size_is(blobSize)] byte* blob; /* */
2257 #endif
2258 } TPM_EK_BLOB;
2259
2260 /* 12.2 TPM_EK_BLOB_ACTIVATE rev 87
2261
2262 This structure contains the symmetric key to encrypt the identity credential. This structure
2263 always is contained in a TPM_EK_BLOB.
2264 */
2265
2266 typedef struct tdTPM_EK_BLOB_ACTIVATE {
2267 #ifdef TPM_USE_TAG_IN_STRUCTURE
2268 TPM_STRUCTURE_TAG tag; /* TPM_TAG_EK_BLOB_ACTIVATE */
2269 #endif
2270 TPM_SYMMETRIC_KEY sessionKey; /* This SHALL be the session key used by the CA to encrypt
2271 the TPM_IDENTITY_CREDENTIAL */
2272 TPM_DIGEST idDigest; /* This SHALL be the digest of the TPM identity public key
2273 that is being certified by the CA */
2274 TPM_PCR_INFO_SHORT pcrInfo; /* This SHALL indicate the PCR's and localities */
2275 } TPM_EK_BLOB_ACTIVATE;
2276
2277 /* 12.3 TPM_EK_BLOB_AUTH rev 87
2278
2279 This structure contains the symmetric key to encrypt the identity credential. This structure
2280 always is contained in a TPM_EK_BLOB.
2281 */
2282
2283 typedef struct tdTPM_EK_BLOB_AUTH {
2284 #ifdef TPM_USE_TAG_IN_STRUCTURE
2285 TPM_STRUCTURE_TAG tag; /* TPM_TAG_EK_BLOB_AUTH */
2286 #endif
2287 TPM_SECRET authValue; /* This SHALL be the authorization value */
2288 } TPM_EK_BLOB_AUTH;
2289
2290 /* 12.5 TPM_IDENTITY_CONTENTS rev 87
2291
2292 TPM_MakeIdentity uses this structure and the signature of this structure goes to a privacy CA
2293 during the certification process.
2294 */
2295
2296 typedef struct tdTPM_IDENTITY_CONTENTS {
2297 TPM_STRUCT_VER ver; /* This MUST be 1.1.0.0 */
2298 uint32_t ordinal; /* This SHALL be the ordinal of the TPM_MakeIdentity
2299 command. */
2300 TPM_CHOSENID_HASH labelPrivCADigest; /* This SHALL be the result of hashing the chosen
2301 identityLabel and privacyCA for the new TPM
2302 identity */
2303 TPM_PUBKEY identityPubKey; /* This SHALL be the public key structure of the identity
2304 key */
2305 } TPM_IDENTITY_CONTENTS;
2306
2307 /* 12.8 TPM_ASYM_CA_CONTENTS rev 87
2308
2309 This structure contains the symmetric key to encrypt the identity credential.
2310 */
2311
2312 typedef struct tdTPM_ASYM_CA_CONTENTS {
2313 TPM_SYMMETRIC_KEY sessionKey; /* This SHALL be the session key used by the CA to encrypt
2314 the TPM_IDENTITY_CREDENTIAL */
2315 TPM_DIGEST idDigest; /* This SHALL be the digest of the TPM_PUBKEY of the key
2316 that is being certified by the CA */
2317 } TPM_ASYM_CA_CONTENTS;
2318
2319 /*
2320 14. Audit Structures
2321 */
2322
2323 /* 14.1 TPM_AUDIT_EVENT_IN rev 87
2324
2325 This structure provides the auditing of the command upon receipt of the command. It provides the
2326 information regarding the input parameters.
2327 */
2328
2329 typedef struct tdTPM_AUDIT_EVENT_IN {
2330 #ifdef TPM_USE_TAG_IN_STRUCTURE
2331 TPM_STRUCTURE_TAG tag; /* TPM_TAG_AUDIT_EVENT_IN */
2332 #endif
2333 TPM_DIGEST inputParms; /* Digest value according to the HMAC digest rules of the
2334 "above the line" parameters (i.e. the first HMAC digest
2335 calculation). When there are no HMAC rules, the input
2336 digest includes all parameters including and after the
2337 ordinal. */
2338 TPM_COUNTER_VALUE auditCount; /* The current value of the audit monotonic counter */
2339 } TPM_AUDIT_EVENT_IN;
2340
2341 /* 14.2 TPM_AUDIT_EVENT_OUT rev 87
2342
2343 This structure reports the results of the command execution. It includes the return code and the
2344 output parameters.
2345 */
2346
2347 typedef struct tdTPM_AUDIT_EVENT_OUT {
2348 #ifdef TPM_USE_TAG_IN_STRUCTURE
2349 TPM_STRUCTURE_TAG tag; /* TPM_TAG_AUDIT_EVENT_OUT */
2350 #endif
2351 TPM_DIGEST outputParms; /* Digest value according to the HMAC digest rules of the
2352 "above the line" parameters (i.e. the first HMAC digest
2353 calculation). When there are no HMAC rules, the output
2354 digest includes the return code, the ordinal, and all
2355 parameters after the return code. */
2356 TPM_COUNTER_VALUE auditCount; /* The current value of the audit monotonic counter */
2357 } TPM_AUDIT_EVENT_OUT;
2358
2359 /*
2360 18. Context structures
2361 */
2362
2363 /* 18.1 TPM_CONTEXT_BLOB rev 102
2364
2365 This is the header for the wrapped context. The blob contains all information necessary to reload
2366 the context back into the TPM.
2367
2368 The additional data is used by the TPM manufacturer to save information that will assist in the
2369 reloading of the context. This area must not contain any shielded data. For instance, the field
2370 could contain some size information that allows the TPM more efficient loads of the context. The
2371 additional area could not contain one of the primes for a RSA key.
2372
2373 To ensure integrity of the blob when using symmetric encryption the TPM vendor could use some
2374 valid cipher chaining mechanism. To ensure the integrity without depending on correct
2375 implementation, the TPM_CONTEXT_BLOB structure uses a HMAC of the entire structure using tpmProof
2376 as the secret value.
2377
2378 Since both additionalData and sensitiveData are informative, any or all of additionalData
2379 could be moved to sensitiveData.
2380 */
2381
2382 #define TPM_CONTEXT_LABEL_SIZE 16
2383
2384 typedef struct tdTPM_CONTEXT_BLOB {
2385 #ifdef TPM_USE_TAG_IN_STRUCTURE
2386 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CONTEXTBLOB */
2387 #endif
2388 TPM_RESOURCE_TYPE resourceType; /* The resource type */
2389 TPM_HANDLE handle; /* Previous handle of the resource */
2390 BYTE label[TPM_CONTEXT_LABEL_SIZE]; /* Label for identification of the blob. Free format
2391 area. */
2392 uint32_t contextCount; /* MUST be TPM_STANY_DATA -> contextCount when creating the
2393 structure. This value is ignored for context blobs that
2394 reference a key. */
2395 TPM_DIGEST integrityDigest; /* The integrity of the entire blob including the sensitive
2396 area. This is a HMAC calculation with the entire
2397 structure (including sensitiveData) being the hash and
2398 tpmProof is the secret */
2399 #if 0
2400 uint32_t additionalSize;
2401 [size_is(additionalSize)] BYTE* additionalData;
2402 uint32_t sensitiveSize;
2403 [size_is(sensitiveSize)] BYTE* sensitiveData;
2404 #endif
2405 TPM_SIZED_BUFFER additionalData; /* Additional information set by the TPM that helps define
2406 and reload the context. The information held in this area
2407 MUST NOT expose any information held in shielded
2408 locations. This should include any IV for symmetric
2409 encryption */
2410 TPM_SIZED_BUFFER sensitiveData; /* The normal information for the resource that can be
2411 exported */
2412 } TPM_CONTEXT_BLOB;
2413
2414 /* 18.2 TPM_CONTEXT_SENSITIVE rev 87
2415
2416 The internal areas that the TPM needs to encrypt and store off the TPM.
2417
2418 This is an informative structure and the TPM can implement in any manner they wish.
2419 */
2420
2421 typedef struct tdTPM_CONTEXT_SENSITIVE {
2422 #ifdef TPM_USE_TAG_IN_STRUCTURE
2423 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CONTEXT_SENSITIVE */
2424 #endif
2425 TPM_NONCE contextNonce; /* On context blobs other than keys this MUST be
2426 TPM_STANY_DATA - > contextNonceSession For keys the value
2427 is TPM_STCLEAR_DATA -> contextNonceKey */
2428 #if 0
2429 uint32_t internalSize;
2430 [size_is(internalSize)] BYTE* internalData;
2431 #endif
2432 TPM_SIZED_BUFFER internalData; /* The internal data area */
2433 } TPM_CONTEXT_SENSITIVE;
2434
2435 /* 19.2 TPM_NV_ATTRIBUTES rev 99
2436
2437 This structure allows the TPM to keep track of the data and permissions to manipulate the area.
2438 */
2439
2440 typedef struct tdTPM_NV_ATTRIBUTES {
2441 #ifdef TPM_USE_TAG_IN_STRUCTURE
2442 TPM_STRUCTURE_TAG tag; /* TPM_TAG_NV_ATTRIBUTES */
2443 #endif
2444 uint32_t attributes; /* The attribute area */
2445 } TPM_NV_ATTRIBUTES;
2446
2447 /* 19.3 TPM_NV_DATA_PUBLIC rev 110
2448
2449 This structure represents the public description and controls on the NV area.
2450
2451 bReadSTClear and bWriteSTClear are volatile, in that they are set FALSE at TPM_Startup(ST_Clear).
2452 bWriteDefine is persistent, in that it remains TRUE through startup.
2453
2454 A pcrSelect of 0 indicates that the digestAsRelease is not checked. In this case, the TPM is not
2455 required to consume NVRAM space to store the digest, although it may do so. When
2456 TPM_GetCapability (TPM_CAP_NV_INDEX) returns the structure, a TPM that does not store the digest
2457 can return zero. A TPM that does store the digest may return either the digest or zero.
2458 */
2459
2460 typedef struct tdTPM_NV_DATA_PUBLIC {
2461 #ifdef TPM_USE_TAG_IN_STRUCTURE
2462 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_NV_DATA_PUBLIC */
2463 #endif
2464 TPM_NV_INDEX nvIndex; /* The index of the data area */
2465 TPM_PCR_INFO_SHORT pcrInfoRead; /* The PCR selection that allows reading of the area */
2466 TPM_PCR_INFO_SHORT pcrInfoWrite; /* The PCR selection that allows writing of the area */
2467 TPM_NV_ATTRIBUTES permission; /* The permissions for manipulating the area */
2468 TPM_BOOL bReadSTClear; /* Set to FALSE on each TPM_Startup(ST_Clear) and set to
2469 TRUE after a ReadValuexxx with datasize of 0 */
2470 TPM_BOOL bWriteSTClear; /* Set to FALSE on each TPM_Startup(ST_CLEAR) and set to
2471 TRUE after a WriteValuexxx with a datasize of 0. */
2472 TPM_BOOL bWriteDefine; /* Set to FALSE after TPM_NV_DefineSpace and set to TRUE
2473 after a successful WriteValuexxx with a datasize of 0 */
2474 uint32_t dataSize; /* The size of the data area in bytes */
2475 } TPM_NV_DATA_PUBLIC;
2476
2477 /* 19.4 TPM_NV_DATA_SENSITIVE rev 101
2478
2479 This is an internal structure that the TPM uses to keep the actual NV data and the controls
2480 regarding the area.
2481 */
2482
2483 typedef struct tdTPM_NV_DATA_SENSITIVE {
2484 #ifdef TPM_USE_TAG_IN_STRUCTURE
2485 TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_NV_DATA_SENSITIVE */
2486 #endif
2487 TPM_NV_DATA_PUBLIC pubInfo; /* The public information regarding this area */
2488 TPM_AUTHDATA authValue; /* The authorization value to manipulate the value */
2489 BYTE *data; /* The data area. This MUST not contain any sensitive information as
2490 the TPM does not provide any confidentiality on the data. */
2491 /* NOTE Added kg */
2492 TPM_DIGEST digest; /* for OSAP comparison */
2493 } TPM_NV_DATA_SENSITIVE;
2494
2495 typedef struct tdTPM_NV_INDEX_ENTRIES {
2496 uint32_t nvIndexCount; /* number of entries */
2497 TPM_NV_DATA_SENSITIVE *tpm_nvindex_entry; /* array of TPM_NV_DATA_SENSITIVE */
2498 } TPM_NV_INDEX_ENTRIES;
2499
2500 /* TPM_NV_DATA_ST
2501
2502 This is a cache of the the NV defined space volatile flags, used during error rollback
2503 */
2504
2505 typedef struct tdTPM_NV_DATA_ST {
2506 TPM_NV_INDEX nvIndex; /* The index of the data area */
2507 TPM_BOOL bReadSTClear;
2508 TPM_BOOL bWriteSTClear;
2509 } TPM_NV_DATA_ST;
2510
2511 /*
2512 21. Capability areas
2513 */
2514
2515 /* 21.6 TPM_CAP_VERSION_INFO rev 99
2516
2517 This structure is an output from a TPM_GetCapability -> TPM_CAP_VERSION_VAL request. TPM returns
2518 the current version and revision of the TPM.
2519
2520 The specLevel and errataRev are defined in the document "Specification and File Naming
2521 Conventions"
2522
2523 The tpmVendorID is a value unique to each vendor. It is defined in the document "TCG Vendor
2524 Naming".
2525
2526 The vendor specific area allows the TPM vendor to provide support for vendor options. The TPM
2527 vendor may define the area to the TPM vendor's needs.
2528 */
2529
2530 typedef struct tdTPM_CAP_VERSION_INFO {
2531 #ifdef TPM_USE_TAG_IN_STRUCTURE
2532 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CAP_VERSION_INFO */
2533 #endif
2534 TPM_VERSION version; /* The version and revision */
2535 uint16_t specLevel; /* A number indicating the level of ordinals supported */
2536 BYTE errataRev; /* A number indicating the errata version of the specification */
2537 BYTE tpmVendorID[4]; /* The vendor ID unique to each TPM manufacturer. */
2538 uint16_t vendorSpecificSize; /* The size of the vendor specific area */
2539 BYTE* vendorSpecific; /* Vendor specific information */
2540 /* NOTE Cannot be TPM_SIZED_BUFFER, because of uint16_t */
2541 } TPM_CAP_VERSION_INFO;
2542
2543 /* 21.10 TPM_DA_ACTION_TYPE rev 100
2544
2545 This structure indicates the action taken when the dictionary attack mitigation logic is active,
2546 when TPM_DA_STATE is TPM_DA_STATE_ACTIVE.
2547 */
2548
2549 typedef struct tdTPM_DA_ACTION_TYPE {
2550 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DA_ACTION_TYPE */
2551 uint32_t actions; /* The action taken when TPM_DA_STATE is TPM_DA_STATE_ACTIVE. */
2552 } TPM_DA_ACTION_TYPE;
2553
2554 /* 21.7 TPM_DA_INFO rev 100
2555
2556 This structure is an output from a TPM_GetCapability -> TPM_CAP_DA_LOGIC request if
2557 TPM_PERMANENT_FLAGS -> disableFullDALogicInfo is FALSE.
2558
2559 It returns static information describing the TPM response to authorization failures that might
2560 indicate a dictionary attack and dynamic information regarding the current state of the
2561 dictionary attack mitigation logic.
2562 */
2563
2564 typedef struct tdTPM_DA_INFO {
2565 #ifdef TPM_USE_TAG_IN_STRUCTURE
2566 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DA_INFO */
2567 #endif
2568 TPM_DA_STATE state; /* Dynamic. The actual state of the dictionary attack mitigation
2569 logic. See 21.9. */
2570 uint16_t currentCount; /* Dynamic. The actual count of the authorization failure counter
2571 for the selected entity type */
2572 uint16_t thresholdCount; /* Static. Dictionary attack mitigation threshold count for the
2573 selected entity type */
2574 TPM_DA_ACTION_TYPE actionAtThreshold; /* Static Action of the TPM when currentCount passes
2575 thresholdCount. See 21.10. */
2576 uint32_t actionDependValue; /* Dynamic. Action being taken when the dictionary attack
2577 mitigation logic is active. E.g., when actionAtThreshold is
2578 TPM_DA_ACTION_TIMEOUT, this is the lockout time remaining in
2579 seconds. */
2580 TPM_SIZED_BUFFER vendorData; /* Vendor specific data field */
2581 } TPM_DA_INFO;
2582
2583 /* 21.8 TPM_DA_INFO_LIMITED rev 100
2584
2585 This structure is an output from a TPM_GetCapability -> TPM_CAP_DA_LOGIC request if
2586 TPM_PERMANENT_FLAGS -> disableFullDALogicInfo is TRUE.
2587
2588 It returns static information describing the TPM response to authorization failures that might
2589 indicate a dictionary attack and dynamic information regarding the current state of the
2590 dictionary attack mitigation logic. This structure omits information that might aid an attacker.
2591 */
2592
2593 typedef struct tdTPM_DA_INFO_LIMITED {
2594 #ifdef TPM_USE_TAG_IN_STRUCTURE
2595 TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DA_INFO_LIMITED */
2596 #endif
2597 TPM_DA_STATE state; /* Dynamic. The actual state of the dictionary attack mitigation
2598 logic. See 21.9. */
2599 TPM_DA_ACTION_TYPE actionAtThreshold; /* Static Action of the TPM when currentCount passes
2600 thresholdCount. See 21.10. */
2601 TPM_SIZED_BUFFER vendorData; /* Vendor specific data field */
2602 } TPM_DA_INFO_LIMITED;
2603
2604 #endif
2605
2606 /* Sanity check the size of the NV file vs. the maximum allocation size
2607
2608 The multipliers are very conservative
2609 */
2610
2611 #if (TPM_ALLOC_MAX < \
2612 (4000 + \
2613 (TPM_OWNER_EVICT_KEY_HANDLES * 2000) + \
2614 TPM_MAX_NV_DEFINED_SPACE))
2615 #error "TPM_ALLOC_MAX too small for NV file size"
2616 #endif
2617
2618 /* Sanity check the size of the volatile file vs. the maximum allocation size
2619
2620 The multipliers are very conservative
2621 */
2622
2623 #if (TPM_ALLOC_MAX < \
2624 (4000 + \
2625 TPM_KEY_HANDLES * 2000 + \
2626 TPM_MIN_TRANS_SESSIONS * 500 + \
2627 TPM_MIN_DAA_SESSIONS * 2000 + \
2628 TPM_MIN_AUTH_SESSIONS * 500))
2629 #error "TPM_ALLOC_MAX too small for volatile file size"
2630 #endif
Software TPM Library