1 /*++ 2 3 Global defines for TSS. 4 5 --*/ 6 7 #ifndef __TSS_DEFINES_H__ 8 #define __TSS_DEFINES_H__ 9 10 #include <tss/platform.h> 11 #include <tss/tpm.h> 12 13 14 ////////////////////////////////////////////////////////////////////////// 15 // Object types: 16 ////////////////////////////////////////////////////////////////////////// 17 18 // 19 // definition of the object types that can be created via CreateObject 20 // 21 #define TSS_OBJECT_TYPE_POLICY (0x01) // Policy object 22 #define TSS_OBJECT_TYPE_RSAKEY (0x02) // RSA-Key object 23 #define TSS_OBJECT_TYPE_ENCDATA (0x03) // Encrypted data object 24 #define TSS_OBJECT_TYPE_PCRS (0x04) // PCR composite object 25 #define TSS_OBJECT_TYPE_HASH (0x05) // Hash object 26 #define TSS_OBJECT_TYPE_DELFAMILY (0x06) // Delegation Family object 27 #define TSS_OBJECT_TYPE_NV (0x07) // NV object 28 #define TSS_OBJECT_TYPE_MIGDATA (0x08) // CMK Migration data object 29 #define TSS_OBJECT_TYPE_DAA_CERTIFICATE (0x09) // DAA credential 30 #define TSS_OBJECT_TYPE_DAA_ISSUER_KEY (0x0a) // DAA cred. issuer keypair 31 #define TSS_OBJECT_TYPE_DAA_ARA_KEY (0x0b) // DAA anonymity revocation 32 // authority keypair 33 34 35 ////////////////////////////////////////////////////////////////////////// 36 // CreateObject: Flags 37 ////////////////////////////////////////////////////////////////////////// 38 39 40 //************************************ 41 // Flags for creating RSAKEY object: * 42 //************************************ 43 44 // 45 // 46 // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 47 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 48 // --------------------------------------------------------------- 49 // |x x|Auth 50 // |x| Volatility 51 // |x| Migration 52 // |x x x x| Type 53 // |x x x x| Size 54 // |x x| CMK 55 // |x x x| Version 56 // |0 0 0 0 0 0 0 0 0| Reserved 57 // |x x x x x x| Fixed Type 58 // 59 60 // Authorization: 61 // 62 // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 63 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 64 // --------------------------------------------------------------- 65 // 66 // Never |0 0| 67 // Always |0 1| 68 // Private key always |1 0| 69 // 70 #define TSS_KEY_NO_AUTHORIZATION (0x00000000) // no auth needed 71 // for this key 72 #define TSS_KEY_AUTHORIZATION (0x00000001) // key needs auth 73 // for all ops 74 #define TSS_KEY_AUTHORIZATION_PRIV_USE_ONLY (0x00000002) // key needs auth 75 // for privkey ops, 76 // noauth for pubkey 77 78 // 79 // Volatility 80 // 81 // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 82 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 83 // --------------------------------------------------------------- 84 // 85 // Non Volatile |0| 86 // Volatile |1| 87 // 88 #define TSS_KEY_NON_VOLATILE (0x00000000) // Key is non-volatile 89 #define TSS_KEY_VOLATILE (0x00000004) // Key is volatile 90 91 // 92 // Migration 93 // 94 // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 95 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 96 // --------------------------------------------------------------- 97 // 98 // Non Migratable |0| 99 // Migratable |1| 100 // 101 #define TSS_KEY_NOT_MIGRATABLE (0x00000000) // key is not migratable 102 #define TSS_KEY_MIGRATABLE (0x00000008) // key is migratable 103 104 // 105 // Usage 106 // 107 // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 108 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 109 // --------------------------------------------------------------- 110 // 111 // Default (Legacy) |0 0 0 0| 112 // Signing |0 0 0 1| 113 // Storage |0 0 1 0| 114 // Identity |0 0 1 1| 115 // AuthChange |0 1 0 0| 116 // Bind |0 1 0 1| 117 // Legacy |0 1 1 0| 118 // 119 #define TSS_KEY_TYPE_DEFAULT (0x00000000) // indicate a default key 120 // (Legacy-Key) 121 #define TSS_KEY_TYPE_SIGNING (0x00000010) // indicate a signing key 122 #define TSS_KEY_TYPE_STORAGE (0x00000020) // used as storage key 123 #define TSS_KEY_TYPE_IDENTITY (0x00000030) // indicate an idendity key 124 #define TSS_KEY_TYPE_AUTHCHANGE (0x00000040) // indicate an ephemeral key 125 #define TSS_KEY_TYPE_BIND (0x00000050) // indicate a key for TPM_Bind 126 #define TSS_KEY_TYPE_LEGACY (0x00000060) // indicate a key that can 127 // perform signing and binding 128 #define TSS_KEY_TYPE_MIGRATE (0x00000070) // indicate a key that can 129 // act as a CMK MA 130 #define TSS_KEY_TYPE_BITMASK (0x000000F0) // mask to extract key type 131 132 // 133 // Key size 134 // 135 // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 136 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 137 // --------------------------------------------------------------- 138 // 139 // DEFAULT |0 0 0 0| 140 // 512 |0 0 0 1| 141 // 1024 |0 0 1 0| 142 // 2048 |0 0 1 1| 143 // 4096 |0 1 0 0| 144 // 8192 |0 1 0 1| 145 // 16384 |0 1 1 0| 146 // 147 #define TSS_KEY_SIZE_DEFAULT (UINT32)(0x00000000) // indicate tpm-specific size 148 #define TSS_KEY_SIZE_512 (UINT32)(0x00000100) // indicate a 512-bit key 149 #define TSS_KEY_SIZE_1024 (UINT32)(0x00000200) // indicate a 1024-bit key 150 #define TSS_KEY_SIZE_2048 (UINT32)(0x00000300) // indicate a 2048-bit key 151 #define TSS_KEY_SIZE_4096 (UINT32)(0x00000400) // indicate a 4096-bit key 152 #define TSS_KEY_SIZE_8192 (UINT32)(0x00000500) // indicate a 8192-bit key 153 #define TSS_KEY_SIZE_16384 (UINT32)(0x00000600) // indicate a 16384-bit key 154 #define TSS_KEY_SIZE_BITMASK (UINT32)(0x00000F00) // mask to extract key size 155 156 // 157 // Certified Migratability 158 // 159 // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 160 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 161 // --------------------------------------------------------------- 162 // 163 // DEFAULT |0 0| 164 // Not Certified Migratable |0 0| 165 // Certified Migratable |0 1| 166 // 167 #define TSS_KEY_NOT_CERTIFIED_MIGRATABLE (UINT32)(0x00000000) 168 #define TSS_KEY_CERTIFIED_MIGRATABLE (UINT32)(0x00001000) 169 170 // 171 // Specification version 172 // 173 // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 174 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 175 // --------------------------------------------------------------- 176 // 177 // Context default |0 0 0| 178 // TPM_KEY 1.1b key |0 0 1| 179 // TPM_KEY12 1.2 key |0 1 0| 180 // 181 #define TSS_KEY_STRUCT_DEFAULT (UINT32)(0x00000000) 182 #define TSS_KEY_STRUCT_KEY (UINT32)(0x00004000) 183 #define TSS_KEY_STRUCT_KEY12 (UINT32)(0x00008000) 184 #define TSS_KEY_STRUCT_BITMASK (UINT32)(0x0001C000) 185 186 187 // 188 // fixed KeyTypes (templates) 189 // 190 // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 191 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 192 // --------------------------------------------------------------- 193 // 194 // |0 0 0 0 0 0| Empty Key 195 // |0 0 0 0 0 1| Storage Root Key 196 // 197 #define TSS_KEY_EMPTY_KEY (0x00000000) // no TPM key template 198 // (empty TSP key object) 199 #define TSS_KEY_TSP_SRK (0x04000000) // use a TPM SRK template 200 // (TSP key object for SRK) 201 #define TSS_KEY_TEMPLATE_BITMASK (0xFC000000) // bitmask to extract key 202 // template 203 204 205 //************************************* 206 // Flags for creating ENCDATA object: * 207 //************************************* 208 209 // 210 // Type 211 // 212 // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 213 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 214 // --------------------------------------------------------------- 215 // 216 // Seal |0 0 1| 217 // Bind |0 1 0| 218 // Legacy |0 1 1| 219 // 220 // ENCDATA Reserved: 221 // |x x x x x x x x x x x x x x x x x x x x x x x x x x x x x| 222 // 223 #define TSS_ENCDATA_SEAL (0x00000001) // data for seal operation 224 #define TSS_ENCDATA_BIND (0x00000002) // data for bind operation 225 #define TSS_ENCDATA_LEGACY (0x00000003) // data for legacy bind operation 226 227 228 //********************************** 229 // Flags for creating HASH object: * 230 //********************************** 231 232 // 233 // Algorithm 234 // 235 // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 236 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 237 // --------------------------------------------------------------- 238 // 239 // DEFAULT 240 // |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0| 241 // SHA1 242 // |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1| 243 // OTHER 244 // |1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1| 245 // 246 #define TSS_HASH_DEFAULT (0x00000000) // Default hash algorithm 247 #define TSS_HASH_SHA1 (0x00000001) // SHA-1 with 20 bytes 248 #define TSS_HASH_OTHER (0xFFFFFFFF) // Not-specified hash algorithm 249 250 251 //************************************ 252 // Flags for creating POLICY object: * 253 //************************************ 254 255 // 256 // Type 257 // 258 // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 259 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 260 // --------------------------------------------------------------- 261 // 262 // Usage |0 0 1| 263 // Migration |0 1 0| 264 // Operator |0 1 1| 265 // 266 // POLICY Reserved: 267 // |x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x| 268 269 #define TSS_POLICY_USAGE (0x00000001) // usage policy object 270 #define TSS_POLICY_MIGRATION (0x00000002) // migration policy object 271 #define TSS_POLICY_OPERATOR (0x00000003) // migration policy object 272 273 274 //****************************************** 275 // Flags for creating PCRComposite object: * 276 //****************************************** 277 278 // 279 // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 280 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 281 // --------------------------------------------------------------- 282 // |x x| Struct 283 // |x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x| Reserved 284 // 285 286 // PCRComposite Version: 287 // 288 // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 289 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 290 // --------------------------------------------------------------- 291 // TPM_PCR_DEFAULT |0 0 0| 292 // TPM_PCR_INFO |0 0 1| 293 // TPM_PCR_INFO_LONG |0 1 0| 294 // TPM_PCR_INFO_SHORT |0 1 1| 295 // 296 297 #define TSS_PCRS_STRUCT_DEFAULT (0x00000000) // depends on context 298 #define TSS_PCRS_STRUCT_INFO (0x00000001) // TPM_PCR_INFO 299 #define TSS_PCRS_STRUCT_INFO_LONG (0x00000002) // TPM_PCR_INFO_LONG 300 #define TSS_PCRS_STRUCT_INFO_SHORT (0x00000003) // TPM_PCR_INFO_SHORT 301 302 303 304 ////////////////////////////////////////////////////////////////////////// 305 // Attribute Flags, Subflags, and Values 306 ////////////////////////////////////////////////////////////////////////// 307 308 309 //****************** 310 // Context object: * 311 //****************** 312 313 // 314 // Attributes 315 // 316 #define TSS_TSPATTRIB_CONTEXT_SILENT_MODE (0x00000001) 317 // dialog display control 318 #define TSS_TSPATTRIB_CONTEXT_MACHINE_NAME (0x00000002) 319 // remote machine name 320 #define TSS_TSPATTRIB_CONTEXT_VERSION_MODE (0x00000003) 321 // context version 322 #define TSS_TSPATTRIB_CONTEXT_TRANSPORT (0x00000004) 323 // transport control 324 #define TSS_TSPATTRIB_CONTEXT_CONNECTION_VERSION (0x00000005) 325 // connection version 326 #define TSS_TSPATTRIB_SECRET_HASH_MODE (0x00000006) 327 // flag indicating whether 328 // NUL is included in the 329 // hash of the password 330 // 331 // SubFlags for Flag TSS_TSPATTRIB_CONTEXT_TRANSPORT 332 // 333 #define TSS_TSPATTRIB_CONTEXTTRANS_CONTROL (0x00000008) 334 #define TSS_TSPATTRIB_CONTEXTTRANS_MODE (0x00000010) 335 336 // 337 // Values for the TSS_TSPATTRIB_CONTEXT_SILENT_MODE attribute 338 // 339 #define TSS_TSPATTRIB_CONTEXT_NOT_SILENT (0x00000000) // TSP dialogs enabled 340 #define TSS_TSPATTRIB_CONTEXT_SILENT (0x00000001) // TSP dialogs disabled 341 342 // 343 // Values for the TSS_TSPATTRIB_CONTEXT_VERSION_MODE attribute 344 // 345 #define TSS_TSPATTRIB_CONTEXT_VERSION_AUTO (0x00000001) 346 #define TSS_TSPATTRIB_CONTEXT_VERSION_V1_1 (0x00000002) 347 #define TSS_TSPATTRIB_CONTEXT_VERSION_V1_2 (0x00000003) 348 349 // 350 // Values for the subflag TSS_TSPATTRIB_CONTEXT_TRANS_CONTROL 351 // 352 #define TSS_TSPATTRIB_DISABLE_TRANSPORT (0x00000016) 353 #define TSS_TSPATTRIB_ENABLE_TRANSPORT (0x00000032) 354 355 // 356 // Values for the subflag TSS_TSPATTRIB_CONTEXT_TRANS_MODE 357 // 358 #define TSS_TSPATTRIB_TRANSPORT_NO_DEFAULT_ENCRYPTION (0x00000000) 359 #define TSS_TSPATTRIB_TRANSPORT_DEFAULT_ENCRYPTION (0x00000001) 360 #define TSS_TSPATTRIB_TRANSPORT_AUTHENTIC_CHANNEL (0x00000002) 361 #define TSS_TSPATTRIB_TRANSPORT_EXCLUSIVE (0x00000004) 362 #define TSS_TSPATTRIB_TRANSPORT_STATIC_AUTH (0x00000008) 363 364 // 365 // Values for the TSS_TSPATTRIB_CONTEXT_CONNECTION_VERSION attribute 366 // 367 #define TSS_CONNECTION_VERSION_1_1 (0x00000001) 368 #define TSS_CONNECTION_VERSION_1_2 (0x00000002) 369 370 371 // 372 // Subflags of TSS_TSPATTRIB_SECRET_HASH_MODE 373 // 374 #define TSS_TSPATTRIB_SECRET_HASH_MODE_POPUP (0x00000001) 375 376 // 377 // Values for TSS_TSPATTRIB_SECRET_HASH_MODE_POPUP subflag 378 // 379 #define TSS_TSPATTRIB_HASH_MODE_NOT_NULL (0x00000000) 380 #define TSS_TSPATTRIB_HASH_MODE_NULL (0x00000001) 381 382 383 // ************* 384 // TPM object: * 385 // ************* 386 387 // 388 // Attributes: 389 // 390 #define TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY 0x00000001 391 #define TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY 0x00000002 392 #define TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS 0x00000003 393 #define TSS_TSPATTRIB_TPM_CREDENTIAL 0x00001000 394 395 // 396 // Subflags for TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS 397 // 398 #define TPM_CAP_PROP_TPM_CLEAR_ORDINAL_AUDIT 0x00000000 399 #define TPM_CAP_PROP_TPM_SET_ORDINAL_AUDIT 0x00000001 400 401 // 402 // Subflags for TSS_TSPATTRIB_TPM_CREDENTIAL 403 // 404 #define TSS_TPMATTRIB_EKCERT 0x00000001 405 #define TSS_TPMATTRIB_TPM_CC 0x00000002 406 #define TSS_TPMATTRIB_PLATFORMCERT 0x00000003 407 #define TSS_TPMATTRIB_PLATFORM_CC 0x00000004 408 409 410 //***************** 411 // Policy object: * 412 //***************** 413 414 // 415 // Attributes 416 // 417 #define TSS_TSPATTRIB_POLICY_CALLBACK_HMAC (0x00000080) 418 // enable/disable callback function 419 420 #define TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC (0x00000100) 421 // enable/disable callback function 422 423 #define TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP (0x00000180) 424 // enable/disable callback function 425 426 #define TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM (0x00000200) 427 // enable/disable callback function 428 429 #define TSS_TSPATTRIB_POLICY_SECRET_LIFETIME (0x00000280) 430 // set lifetime mode for policy secret 431 432 #define TSS_TSPATTRIB_POLICY_POPUPSTRING (0x00000300) 433 // set a NULL terminated UNICODE string 434 // which is displayed in the TSP policy 435 // popup dialog 436 #define TSS_TSPATTRIB_POLICY_CALLBACK_SEALX_MASK (0x00000380) 437 // enable/disable callback function 438 #if 0 439 /* This attribute flag is defined earlier with the context attributes. 440 * It is valid for both context and policy objects. It is copied 441 * here as a reminder to avoid collisions. 442 */ 443 #define TSS_TSPATTRIB_SECRET_HASH_MODE (0x00000006) 444 // flag indicating whether 445 // NUL is included in the 446 // hash of the password 447 #endif 448 449 450 #define TSS_TSPATTRIB_POLICY_DELEGATION_INFO (0x00000001) 451 #define TSS_TSPATTRIB_POLICY_DELEGATION_PCR (0x00000002) 452 453 // 454 // SubFlags for Flag TSS_TSPATTRIB_POLICY_SECRET_LIFETIME 455 // 456 #define TSS_SECRET_LIFETIME_ALWAYS (0x00000001) // secret will not be 457 // invalidated 458 #define TSS_SECRET_LIFETIME_COUNTER (0x00000002) // secret lifetime 459 // controlled by counter 460 #define TSS_SECRET_LIFETIME_TIMER (0x00000003) // secret lifetime 461 // controlled by time 462 #define TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS TSS_SECRET_LIFETIME_ALWAYS 463 #define TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER TSS_SECRET_LIFETIME_COUNTER 464 #define TSS_TSPATTRIB_POLSECRET_LIFETIME_TIMER TSS_SECRET_LIFETIME_TIMER 465 466 // Alternate names misspelled in the 1.1 TSS spec. 467 #define TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS TSS_SECRET_LIFETIME_ALWAYS 468 #define TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER TSS_SECRET_LIFETIME_COUNTER 469 #define TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER TSS_SECRET_LIFETIME_TIMER 470 471 // 472 // Subflags of TSS_TSPATTRIB_POLICY_DELEGATION_INFO 473 // 474 #define TSS_TSPATTRIB_POLDEL_TYPE (0x00000001) 475 #define TSS_TSPATTRIB_POLDEL_INDEX (0x00000002) 476 #define TSS_TSPATTRIB_POLDEL_PER1 (0x00000003) 477 #define TSS_TSPATTRIB_POLDEL_PER2 (0x00000004) 478 #define TSS_TSPATTRIB_POLDEL_LABEL (0x00000005) 479 #define TSS_TSPATTRIB_POLDEL_FAMILYID (0x00000006) 480 #define TSS_TSPATTRIB_POLDEL_VERCOUNT (0x00000007) 481 #define TSS_TSPATTRIB_POLDEL_OWNERBLOB (0x00000008) 482 #define TSS_TSPATTRIB_POLDEL_KEYBLOB (0x00000009) 483 484 // 485 // Subflags of TSS_TSPATTRIB_POLICY_DELEGATION_PCR 486 // 487 #define TSS_TSPATTRIB_POLDELPCR_LOCALITY (0x00000001) 488 #define TSS_TSPATTRIB_POLDELPCR_DIGESTATRELEASE (0x00000002) 489 #define TSS_TSPATTRIB_POLDELPCR_SELECTION (0x00000003) 490 491 // 492 // Values for the Policy TSS_TSPATTRIB_POLDEL_TYPE attribute 493 // 494 #define TSS_DELEGATIONTYPE_NONE (0x00000001) 495 #define TSS_DELEGATIONTYPE_OWNER (0x00000002) 496 #define TSS_DELEGATIONTYPE_KEY (0x00000003) 497 498 499 500 // 501 // Flags used for the 'mode' parameter in Tspi_Policy_SetSecret() 502 // 503 #define TSS_SECRET_MODE_NONE (0x00000800) // No authorization will be 504 // processed 505 #define TSS_SECRET_MODE_SHA1 (0x00001000) // Secret string will not be 506 // touched by TSP 507 #define TSS_SECRET_MODE_PLAIN (0x00001800) // Secret string will be hashed 508 // using SHA1 509 #define TSS_SECRET_MODE_POPUP (0x00002000) // TSS SP will ask for a secret 510 #define TSS_SECRET_MODE_CALLBACK (0x00002800) // Application has to provide a 511 // call back function 512 513 514 515 //****************** 516 // EncData object: * 517 //****************** 518 519 // 520 // Attributes 521 // 522 #define TSS_TSPATTRIB_ENCDATA_BLOB (0x00000008) 523 #define TSS_TSPATTRIB_ENCDATA_PCR (0x00000010) 524 #define TSS_TSPATTRIB_ENCDATA_PCR_LONG (0x00000018) 525 #define TSS_TSPATTRIB_ENCDATA_SEAL (0x00000020) 526 527 // 528 // SubFlags for Flag TSS_TSPATTRIB_ENCDATA_BLOB 529 // 530 #define TSS_TSPATTRIB_ENCDATABLOB_BLOB (0x00000001) // encrypted data blob 531 532 // 533 // SubFlags for Flag TSS_TSPATTRIB_ENCDATA_PCR 534 // 535 #define TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATCREATION (0x00000002) 536 #define TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATRELEASE (0x00000003) 537 #define TSS_TSPATTRIB_ENCDATAPCR_SELECTION (0x00000004) 538 // support typo from 1.1 headers 539 #define TSS_TSPATTRIB_ENCDATAPCR_DIGEST_RELEASE \ 540 TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATRELEASE 541 542 #define TSS_TSPATTRIB_ENCDATAPCRLONG_LOCALITY_ATCREATION (0x00000005) 543 #define TSS_TSPATTRIB_ENCDATAPCRLONG_LOCALITY_ATRELEASE (0x00000006) 544 #define TSS_TSPATTRIB_ENCDATAPCRLONG_CREATION_SELECTION (0x00000007) 545 #define TSS_TSPATTRIB_ENCDATAPCRLONG_RELEASE_SELECTION (0x00000008) 546 #define TSS_TSPATTRIB_ENCDATAPCRLONG_DIGEST_ATCREATION (0x00000009) 547 #define TSS_TSPATTRIB_ENCDATAPCRLONG_DIGEST_ATRELEASE (0x0000000A) 548 549 550 // 551 // Attribute subflags TSS_TSPATTRIB_ENCDATA_SEAL 552 // 553 #define TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE (0x00000001) 554 555 // 556 // Attribute values for 557 // TSS_TSPATTRIB_ENCDATA_SEAL/TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE 558 // 559 #define TSS_TSPATTRIB_ENCDATASEAL_NOPROTECT (0x00000000) 560 #define TSS_TSPATTRIB_ENCDATASEAL_PROTECT (0x00000001) 561 562 // Accounting for typos in original header files 563 #define TSS_TSPATTRIB_ENCDATASEAL_NO_PROTECT \ 564 TSS_TSPATTRIB_ENCDATASEAL_NOPROTECT 565 566 //************* 567 // NV object: * 568 //************* 569 570 // 571 // Attributes 572 // 573 #define TSS_TSPATTRIB_NV_INDEX (0x00000001) 574 #define TSS_TSPATTRIB_NV_PERMISSIONS (0x00000002) 575 #define TSS_TSPATTRIB_NV_STATE (0x00000003) 576 #define TSS_TSPATTRIB_NV_DATASIZE (0x00000004) 577 #define TSS_TSPATTRIB_NV_PCR (0x00000005) 578 579 #define TSS_TSPATTRIB_NVSTATE_READSTCLEAR (0x00100000) 580 #define TSS_TSPATTRIB_NVSTATE_WRITESTCLEAR (0x00200000) 581 #define TSS_TSPATTRIB_NVSTATE_WRITEDEFINE (0x00300000) 582 583 #define TSS_TSPATTRIB_NVPCR_READPCRSELECTION (0x01000000) 584 #define TSS_TSPATTRIB_NVPCR_READDIGESTATRELEASE (0x02000000) 585 #define TSS_TSPATTRIB_NVPCR_READLOCALITYATRELEASE (0x03000000) 586 #define TSS_TSPATTRIB_NVPCR_WRITEPCRSELECTION (0x04000000) 587 #define TSS_TSPATTRIB_NVPCR_WRITEDIGESTATRELEASE (0x05000000) 588 #define TSS_TSPATTRIB_NVPCR_WRITELOCALITYATRELEASE (0x06000000) 589 590 /* NV index flags 591 * 592 * From the TPM spec, Part 2, Section 19.1. 593 * 594 * 3 2 1 595 * 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 596 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 597 * |T|P|U|D| resvd | Purview | Index | 598 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 599 */ 600 #define TSS_NV_TPM (0x80000000) // TPM mfr reserved bit 601 #define TSS_NV_PLATFORM (0x40000000) // Platform mfr reserved bit 602 #define TSS_NV_USER (0x20000000) // User reserved bit 603 #define TSS_NV_DEFINED (0x10000000) // "Defined permanently" flag 604 #define TSS_NV_MASK_TPM (0x80000000) // mask to extract 'T' 605 #define TSS_NV_MASK_PLATFORM (0x40000000) // mask to extract 'P' 606 #define TSS_NV_MASK_USER (0x20000000) // mask to extract 'U' 607 #define TSS_NV_MASK_DEFINED (0x10000000) // mask to extract 'D' 608 #define TSS_NV_MASK_RESERVED (0x0f000000) // mask to extract reserved bits 609 #define TSS_NV_MASK_PURVIEW (0x00ff0000) // mask to extract purview byte 610 #define TSS_NV_MASK_INDEX (0x0000ffff) // mask to extract index byte 611 612 // This is the index of the NV storage area where the number of sessions 613 // per locality is stored. 614 #define TSS_NV_INDEX_SESSIONS (0x00011101) 615 616 617 //****************** 618 // MigData object: * 619 //****************** 620 621 // 622 // Attributes 623 // 624 #define TSS_MIGATTRIB_MIGRATIONBLOB (0x00000010) 625 #define TSS_MIGATTRIB_MIGRATIONTICKET (0x00000020) 626 #define TSS_MIGATTRIB_AUTHORITY_DATA (0x00000030) 627 #define TSS_MIGATTRIB_MIG_AUTH_DATA (0x00000040) 628 #define TSS_MIGATTRIB_TICKET_DATA (0x00000050) 629 #define TSS_MIGATTRIB_PAYLOAD_TYPE (0x00000060) 630 631 // 632 // Attribute subflags TSS_MIGATTRIB_MIGRATIONBLOB 633 // 634 #define TSS_MIGATTRIB_MIGRATION_XOR_BLOB (0x00000101) 635 #define TSS_MIGATTRIB_MIGRATION_REWRAPPED_BLOB (0x00000102) 636 #define TSS_MIGATTRIB_MIG_MSALIST_PUBKEY_BLOB (0x00000103) 637 #define TSS_MIGATTRIB_MIG_AUTHORITY_PUBKEY_BLOB (0x00000104) 638 #define TSS_MIGATTRIB_MIG_DESTINATION_PUBKEY_BLOB (0x00000105) 639 #define TSS_MIGATTRIB_MIG_SOURCE_PUBKEY_BLOB (0x00000106) 640 #define TSS_MIGATTRIB_MIG_REWRAPPED_BLOB TSS_MIGATTRIB_MIGRATION_REWRAPPED_BLOB 641 #define TSS_MIGATTRIB_MIG_XOR_BLOB TSS_MIGATTRIB_MIGRATION_XOR_BLOB 642 643 // 644 // Attribute subflags TSS_MIGATTRIB_MIGRATIONTICKET 645 // 646 // none 647 648 // 649 // Attribute subflags TSS_MIGATTRIB_AUTHORITY_DATA 650 // 651 #define TSS_MIGATTRIB_AUTHORITY_DIGEST (0x00000301) 652 #define TSS_MIGATTRIB_AUTHORITY_APPROVAL_HMAC (0x00000302) 653 #define TSS_MIGATTRIB_AUTHORITY_MSALIST (0x00000303) 654 655 // 656 // Attribute subflags TSS_MIGATTRIB_MIG_AUTH_DATA 657 // 658 #define TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST (0x00000401) 659 #define TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST (0x00000402) 660 #define TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST (0x00000403) 661 662 // 663 // Attribute subflags TSS_MIGATTRIB_TICKET_DATA 664 // 665 #define TSS_MIGATTRIB_TICKET_SIG_DIGEST (0x00000501) 666 #define TSS_MIGATTRIB_TICKET_SIG_VALUE (0x00000502) 667 #define TSS_MIGATTRIB_TICKET_SIG_TICKET (0x00000503) 668 #define TSS_MIGATTRIB_TICKET_RESTRICT_TICKET (0x00000504) 669 670 // 671 // Attribute subflags TSS_MIGATTRIB_PAYLOAD_TYPE 672 // 673 #define TSS_MIGATTRIB_PT_MIGRATE_RESTRICTED (0x00000601) 674 #define TSS_MIGATTRIB_PT_MIGRATE_EXTERNAL (0x00000602) 675 676 677 678 679 //*************** 680 // Hash object: * 681 //*************** 682 683 // 684 // Attributes 685 // 686 #define TSS_TSPATTRIB_HASH_IDENTIFIER (0x00001000) // Hash algorithm identifier 687 #define TSS_TSPATTRIB_ALG_IDENTIFIER (0x00002000) // ASN.1 alg identifier 688 689 690 691 //*************** 692 // PCRs object: * 693 //*************** 694 695 // 696 // Attributes 697 // 698 #define TSS_TSPATTRIB_PCRS_INFO (0x00000001) // info 699 700 // 701 // Subflags for TSS_TSPATTRIB_PCRS_INFO flag 702 // 703 #define TSS_TSPATTRIB_PCRSINFO_PCRSTRUCT (0x00000001) // type of pcr struct 704 // TSS_PCRS_STRUCT_TYPE_XX 705 706 //**************************** 707 // Delegation Family object: * 708 //**************************** 709 710 // 711 // Attributes 712 // 713 #define TSS_TSPATTRIB_DELFAMILY_STATE (0x00000001) 714 #define TSS_TSPATTRIB_DELFAMILY_INFO (0x00000002) 715 716 // DELFAMILY_STATE sub-attributes 717 #define TSS_TSPATTRIB_DELFAMILYSTATE_LOCKED (0x00000001) 718 #define TSS_TSPATTRIB_DELFAMILYSTATE_ENABLED (0x00000002) 719 720 // DELFAMILY_INFO sub-attributes 721 #define TSS_TSPATTRIB_DELFAMILYINFO_LABEL (0x00000003) 722 #define TSS_TSPATTRIB_DELFAMILYINFO_VERCOUNT (0x00000004) 723 #define TSS_TSPATTRIB_DELFAMILYINFO_FAMILYID (0x00000005) 724 725 // Bitmasks for the 'ulFlags' argument to Tspi_TPM_Delegate_CreateDelegation. 726 // Only one bit used for now. 727 #define TSS_DELEGATE_INCREMENTVERIFICATIONCOUNT ((UINT32)1) 728 729 // Bitmasks for the 'ulFlags' argument to 730 // Tspi_TPM_Delegate_CacheOwnerDelegation. Only 1 bit is used for now. 731 #define TSS_DELEGATE_CACHEOWNERDELEGATION_OVERWRITEEXISTING ((UINT32)1) 732 733 734 735 //************************* 736 // DAA Credential Object: * 737 //************************* 738 739 // 740 // Attribute flags 741 // 742 #define TSS_TSPATTRIB_DAACRED_COMMIT (0x00000001) 743 #define TSS_TSPATTRIB_DAACRED_ATTRIB_GAMMAS (0x00000002) 744 #define TSS_TSPATTRIB_DAACRED_CREDENTIAL_BLOB (0x00000003) 745 #define TSS_TSPATTRIB_DAACRED_CALLBACK_SIGN (0x00000004) 746 #define TSS_TSPATTRIB_DAACRED_CALLBACK_VERIFYSIGNATURE (0x00000005) 747 748 // 749 // Subflags for TSS_TSPATTRIB_DAACRED_COMMIT 750 // 751 #define TSS_TSPATTRIB_DAACOMMIT_NUMBER (0x00000001) 752 #define TSS_TSPATTRIB_DAACOMMIT_SELECTION (0x00000002) 753 #define TSS_TSPATTRIB_DAACOMMIT_COMMITMENTS (0x00000003) 754 755 // 756 // Subflags for TSS_TSPATTRIB_DAACRED_ATTRIB_GAMMAS 757 // 758 #define TSS_TSPATTRIB_DAAATTRIBGAMMAS_BLOB (0xffffffff) 759 760 761 762 //************************* 763 // DAA Issuer Key Object: * 764 //************************* 765 766 // 767 // Attribute flags 768 // 769 #define TSS_TSPATTRIB_DAAISSUERKEY_BLOB (0x00000001) 770 #define TSS_TSPATTRIB_DAAISSUERKEY_PUBKEY (0x00000002) 771 772 // 773 // Subflags for TSS_TSPATTRIB_DAAISSUERKEY_BLOB 774 // 775 #define TSS_TSPATTRIB_DAAISSUERKEYBLOB_PUBLIC_KEY (0x00000001) 776 #define TSS_TSPATTRIB_DAAISSUERKEYBLOB_SECRET_KEY (0x00000002) 777 #define TSS_TSPATTRIB_DAAISSUERKEYBLOB_KEYBLOB (0x00000003) 778 #define TSS_TSPATTRIB_DAAISSUERKEYBLOB_PROOF (0x00000004) 779 780 // 781 // Subflags for TSS_TSPATTRIB_DAAISSUERKEY_PUBKEY 782 // 783 #define TSS_TSPATTRIB_DAAISSUERKEYPUBKEY_NUM_ATTRIBS (0x00000001) 784 #define TSS_TSPATTRIB_DAAISSUERKEYPUBKEY_NUM_PLATFORM_ATTRIBS (0x00000002) 785 #define TSS_TSPATTRIB_DAAISSUERKEYPUBKEY_NUM_ISSUER_ATTRIBS (0x00000003) 786 787 788 789 //*************************************** 790 // DAA Anonymity Revocation Key Object: * 791 //*************************************** 792 793 // 794 // Attribute flags 795 // 796 #define TSS_TSPATTRIB_DAAARAKEY_BLOB (0x00000001) 797 798 // 799 // Subflags for TSS_TSPATTRIB_DAAARAKEY_BLOB 800 // 801 #define TSS_TSPATTRIB_DAAARAKEYBLOB_PUBLIC_KEY (0x00000001) 802 #define TSS_TSPATTRIB_DAAARAKEYBLOB_SECRET_KEY (0x00000002) 803 #define TSS_TSPATTRIB_DAAARAKEYBLOB_KEYBLOB (0x00000003) 804 805 806 807 // 808 // Structure payload flags for TSS_DAA_PSEUDONYM, 809 // (TSS_DAA_PSEUDONYM.payloadFlag) 810 // 811 #define TSS_FLAG_DAA_PSEUDONYM_PLAIN (0x00000000) 812 #define TSS_FLAG_DAA_PSEUDONYM_ENCRYPTED (0x00000001) 813 814 815 //************** 816 // Key Object: * 817 //************** 818 819 // 820 // Attribute flags 821 // 822 #define TSS_TSPATTRIB_KEY_BLOB (0x00000040) // key info as blob data 823 #define TSS_TSPATTRIB_KEY_INFO (0x00000080) // keyparam info as blob data 824 #define TSS_TSPATTRIB_KEY_UUID (0x000000C0) // key UUID info as blob data 825 #define TSS_TSPATTRIB_KEY_PCR (0x00000100) // composite digest value for 826 // the key 827 #define TSS_TSPATTRIB_RSAKEY_INFO (0x00000140) // public key info 828 #define TSS_TSPATTRIB_KEY_REGISTER (0x00000180) // register location 829 #define TSS_TSPATTRIB_KEY_PCR_LONG (0x000001c0) // PCR_INFO_LONG for the key 830 #define TSS_TSPATTRIB_KEY_CONTROLBIT (0x00000200) // key control flags 831 #define TSS_TSPATTRIB_KEY_CMKINFO (0x00000400) // CMK info 832 833 // 834 // SubFlags for Flag TSS_TSPATTRIB_KEY_BLOB 835 // 836 #define TSS_TSPATTRIB_KEYBLOB_BLOB (0x00000008) // key info using the 837 // key blob 838 #define TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY (0x00000010) // public key info 839 // using the blob 840 #define TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY (0x00000028) // encrypted private key 841 // blob 842 843 // 844 // SubFlags for Flag TSS_TSPATTRIB_KEY_INFO 845 // 846 #define TSS_TSPATTRIB_KEYINFO_SIZE (0x00000080) // key size in bits 847 #define TSS_TSPATTRIB_KEYINFO_USAGE (0x00000100) // key usage info 848 #define TSS_TSPATTRIB_KEYINFO_KEYFLAGS (0x00000180) // key flags 849 #define TSS_TSPATTRIB_KEYINFO_AUTHUSAGE (0x00000200) // key auth usage info 850 #define TSS_TSPATTRIB_KEYINFO_ALGORITHM (0x00000280) // key algorithm ID 851 #define TSS_TSPATTRIB_KEYINFO_SIGSCHEME (0x00000300) // key sig scheme 852 #define TSS_TSPATTRIB_KEYINFO_ENCSCHEME (0x00000380) // key enc scheme 853 #define TSS_TSPATTRIB_KEYINFO_MIGRATABLE (0x00000400) // if true then key is 854 // migratable 855 #define TSS_TSPATTRIB_KEYINFO_REDIRECTED (0x00000480) // key is redirected 856 #define TSS_TSPATTRIB_KEYINFO_VOLATILE (0x00000500) // if true key is 857 // volatile 858 #define TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE (0x00000580) // if true auth is 859 // required 860 #define TSS_TSPATTRIB_KEYINFO_VERSION (0x00000600) // version info as TSS 861 // version struct 862 #define TSS_TSPATTRIB_KEYINFO_CMK (0x00000680) // if true then key 863 // is certified 864 // migratable 865 #define TSS_TSPATTRIB_KEYINFO_KEYSTRUCT (0x00000700) // type of key struct 866 // used for this key 867 // (TPM_KEY or 868 // TPM_KEY12) 869 #define TSS_TSPATTRIB_KEYCONTROL_OWNEREVICT (0x00000780) // Get current status 870 // of owner evict flag 871 872 // 873 // SubFlags for Flag TSS_TSPATTRIB_RSAKEY_INFO 874 // 875 #define TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT (0x00001000) 876 #define TSS_TSPATTRIB_KEYINFO_RSA_MODULUS (0x00002000) 877 #define TSS_TSPATTRIB_KEYINFO_RSA_KEYSIZE (0x00003000) 878 #define TSS_TSPATTRIB_KEYINFO_RSA_PRIMES (0x00004000) 879 880 // 881 // SubFlags for Flag TSS_TSPATTRIB_KEY_PCR 882 // 883 #define TSS_TSPATTRIB_KEYPCR_DIGEST_ATCREATION (0x00008000) 884 #define TSS_TSPATTRIB_KEYPCR_DIGEST_ATRELEASE (0x00010000) 885 #define TSS_TSPATTRIB_KEYPCR_SELECTION (0x00018000) 886 887 // 888 // SubFlags for TSS_TSPATTRIB_KEY_REGISTER 889 // 890 #define TSS_TSPATTRIB_KEYREGISTER_USER (0x02000000) 891 #define TSS_TSPATTRIB_KEYREGISTER_SYSTEM (0x04000000) 892 #define TSS_TSPATTRIB_KEYREGISTER_NO (0x06000000) 893 894 // 895 // SubFlags for Flag TSS_TSPATTRIB_KEY_PCR_LONG 896 // 897 #define TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATCREATION (0x00040000) /* UINT32 */ 898 #define TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATRELEASE (0x00080000) /* UINT32 */ 899 #define TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION (0x000C0000) /* DATA */ 900 #define TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION (0x00100000) /* DATA */ 901 #define TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION (0x00140000) /* DATA */ 902 #define TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE (0x00180000) /* DATA */ 903 904 // 905 // SubFlags for Flag TSS_TSPATTRIB_KEY_CMKINFO 906 // 907 #define TSS_TSPATTRIB_KEYINFO_CMK_MA_APPROVAL (0x00000010) 908 #define TSS_TSPATTRIB_KEYINFO_CMK_MA_DIGEST (0x00000020) 909 910 911 // 912 // Attribute Values 913 // 914 915 // 916 // key size definitions 917 // 918 #define TSS_KEY_SIZEVAL_512BIT (0x0200) 919 #define TSS_KEY_SIZEVAL_1024BIT (0x0400) 920 #define TSS_KEY_SIZEVAL_2048BIT (0x0800) 921 #define TSS_KEY_SIZEVAL_4096BIT (0x1000) 922 #define TSS_KEY_SIZEVAL_8192BIT (0x2000) 923 #define TSS_KEY_SIZEVAL_16384BIT (0x4000) 924 925 // 926 // key usage definitions 927 // Values intentionally moved away from corresponding TPM values to avoid 928 // possible misuse 929 // 930 #define TSS_KEYUSAGE_BIND (0x00) 931 #define TSS_KEYUSAGE_IDENTITY (0x01) 932 #define TSS_KEYUSAGE_LEGACY (0x02) 933 #define TSS_KEYUSAGE_SIGN (0x03) 934 #define TSS_KEYUSAGE_STORAGE (0x04) 935 #define TSS_KEYUSAGE_AUTHCHANGE (0x05) 936 #define TSS_KEYUSAGE_MIGRATE (0x06) 937 938 // 939 // key flag definitions 940 // 941 #define TSS_KEYFLAG_REDIRECTION (0x00000001) 942 #define TSS_KEYFLAG_MIGRATABLE (0x00000002) 943 #define TSS_KEYFLAG_VOLATILEKEY (0x00000004) 944 #define TSS_KEYFLAG_CERTIFIED_MIGRATABLE (0x00000008) 945 946 // 947 // algorithm ID definitions 948 // 949 // This table defines the algo id's 950 // Values intentionally moved away from corresponding TPM values to avoid 951 // possible misuse 952 // 953 #define TSS_ALG_RSA (0x20) 954 #define TSS_ALG_DES (0x21) 955 #define TSS_ALG_3DES (0x22) 956 #define TSS_ALG_SHA (0x23) 957 #define TSS_ALG_HMAC (0x24) 958 #define TSS_ALG_AES128 (0x25) 959 #define TSS_ALG_AES192 (0x26) 960 #define TSS_ALG_AES256 (0x27) 961 #define TSS_ALG_XOR (0x28) 962 #define TSS_ALG_MGF1 (0x29) 963 964 #define TSS_ALG_AES TSS_ALG_AES128 965 966 // Special values for 967 // Tspi_Context_GetCapability(TSS_TSPCAP_ALG) 968 // Tspi_Context_GetCapability(TSS_TCSCAP_ALG) 969 #define TSS_ALG_DEFAULT (0xfe) 970 #define TSS_ALG_DEFAULT_SIZE (0xff) 971 972 973 // 974 // key signature scheme definitions 975 // 976 #define TSS_SS_NONE (0x10) 977 #define TSS_SS_RSASSAPKCS1V15_SHA1 (0x11) 978 #define TSS_SS_RSASSAPKCS1V15_DER (0x12) 979 #define TSS_SS_RSASSAPKCS1V15_INFO (0x13) 980 981 // 982 // key encryption scheme definitions 983 // 984 #define TSS_ES_NONE (0x10) 985 #define TSS_ES_RSAESPKCSV15 (0x11) 986 #define TSS_ES_RSAESOAEP_SHA1_MGF1 (0x12) 987 #define TSS_ES_SYM_CNT (0x13) 988 #define TSS_ES_SYM_OFB (0x14) 989 #define TSS_ES_SYM_CBC_PKCS5PAD (0x15) 990 991 992 // 993 // persistent storage registration definitions 994 // 995 #define TSS_PS_TYPE_USER (1) // Key is registered persistantly in the user 996 // storage database. 997 #define TSS_PS_TYPE_SYSTEM (2) // Key is registered persistantly in the system 998 // storage database. 999 1000 // 1001 // migration scheme definitions 1002 // Values intentionally moved away from corresponding TPM values to avoid 1003 // possible misuse 1004 // 1005 #define TSS_MS_MIGRATE (0x20) 1006 #define TSS_MS_REWRAP (0x21) 1007 #define TSS_MS_MAINT (0x22) 1008 #define TSS_MS_RESTRICT_MIGRATE (0x23) 1009 #define TSS_MS_RESTRICT_APPROVE_DOUBLE (0x24) 1010 #define TSS_MS_RESTRICT_MIGRATE_EXTERNAL (0x25) 1011 1012 // 1013 // TPM key authorization 1014 // Values intentionally moved away from corresponding TPM values to avoid 1015 // possible misuse 1016 // 1017 #define TSS_KEYAUTH_AUTH_NEVER (0x10) 1018 #define TSS_KEYAUTH_AUTH_ALWAYS (0x11) 1019 #define TSS_KEYAUTH_AUTH_PRIV_USE_ONLY (0x12) 1020 1021 1022 // 1023 // Flags for TPM status information (GetStatus and SetStatus) 1024 // 1025 #define TSS_TPMSTATUS_DISABLEOWNERCLEAR (0x00000001) // persistent flag 1026 #define TSS_TPMSTATUS_DISABLEFORCECLEAR (0x00000002) // volatile flag 1027 #define TSS_TPMSTATUS_DISABLED (0x00000003) // persistent flag 1028 #define TSS_TPMSTATUS_DEACTIVATED (0x00000004) // volatile flag 1029 #define TSS_TPMSTATUS_OWNERSETDISABLE (0x00000005) // persistent flag 1030 // for SetStatus 1031 // (disable flag) 1032 #define TSS_TPMSTATUS_SETOWNERINSTALL (0x00000006) // persistent flag 1033 // (ownership flag) 1034 #define TSS_TPMSTATUS_DISABLEPUBEKREAD (0x00000007) // persistent flag 1035 #define TSS_TPMSTATUS_ALLOWMAINTENANCE (0x00000008) // persistent flag 1036 #define TSS_TPMSTATUS_PHYSPRES_LIFETIMELOCK (0x00000009) // persistent flag 1037 #define TSS_TPMSTATUS_PHYSPRES_HWENABLE (0x0000000A) // persistent flag 1038 #define TSS_TPMSTATUS_PHYSPRES_CMDENABLE (0x0000000B) // persistent flag 1039 #define TSS_TPMSTATUS_PHYSPRES_LOCK (0x0000000C) // volatile flag 1040 #define TSS_TPMSTATUS_PHYSPRESENCE (0x0000000D) // volatile flag 1041 #define TSS_TPMSTATUS_PHYSICALDISABLE (0x0000000E) // persistent flag 1042 // (SetStatus 1043 // disable flag) 1044 #define TSS_TPMSTATUS_CEKP_USED (0x0000000F) // persistent flag 1045 #define TSS_TPMSTATUS_PHYSICALSETDEACTIVATED (0x00000010) // persistent flag 1046 // (deactivated flag) 1047 #define TSS_TPMSTATUS_SETTEMPDEACTIVATED (0x00000011) // volatile flag 1048 // (deactivated flag) 1049 #define TSS_TPMSTATUS_POSTINITIALISE (0x00000012) // volatile flag 1050 #define TSS_TPMSTATUS_TPMPOST (0x00000013) // persistent flag 1051 #define TSS_TPMSTATUS_TPMPOSTLOCK (0x00000014) // persistent flag 1052 #define TSS_TPMSTATUS_DISABLEPUBSRKREAD (0x00000016) // persistent flag 1053 #define TSS_TPMSTATUS_MAINTENANCEUSED (0x00000017) // persistent flag 1054 #define TSS_TPMSTATUS_OPERATORINSTALLED (0x00000018) // persistent flag 1055 #define TSS_TPMSTATUS_OPERATOR_INSTALLED (TSS_TPMSTATUS_OPERATORINSTALLED) 1056 #define TSS_TPMSTATUS_FIPS (0x00000019) // persistent flag 1057 #define TSS_TPMSTATUS_ENABLEREVOKEEK (0x0000001A) // persistent flag 1058 #define TSS_TPMSTATUS_ENABLE_REVOKEEK (TSS_TPMSTATUS_ENABLEREVOKEEK) 1059 #define TSS_TPMSTATUS_NV_LOCK (0x0000001B) // persistent flag 1060 #define TSS_TPMSTATUS_TPM_ESTABLISHED (0x0000001C) // persistent flag 1061 #define TSS_TPMSTATUS_RESETLOCK (0x0000001D) // volatile flag 1062 #define TSS_TPMSTATUS_DISABLE_FULL_DA_LOGIC_INFO (0x0000001D) //persistent flag 1063 1064 1065 // 1066 // Capability flag definitions 1067 // 1068 // TPM capabilities 1069 // 1070 #define TSS_TPMCAP_ORD (0x10) 1071 #define TSS_TPMCAP_ALG (0x11) 1072 #define TSS_TPMCAP_FLAG (0x12) 1073 #define TSS_TPMCAP_PROPERTY (0x13) 1074 #define TSS_TPMCAP_VERSION (0x14) 1075 #define TSS_TPMCAP_VERSION_VAL (0x15) 1076 #define TSS_TPMCAP_NV_LIST (0x16) 1077 #define TSS_TPMCAP_NV_INDEX (0x17) 1078 #define TSS_TPMCAP_MFR (0x18) 1079 #define TSS_TPMCAP_SYM_MODE (0x19) 1080 #define TSS_TPMCAP_HANDLE (0x1a) 1081 #define TSS_TPMCAP_TRANS_ES (0x1b) 1082 #define TSS_TPMCAP_AUTH_ENCRYPT (0x1c) 1083 #define TSS_TPMCAP_SET_PERM_FLAGS (0x1d) // cf. TPM_SET_PERM_FLAGS 1084 #define TSS_TPMCAP_SET_VENDOR (0x1e) // cf. TPM_SET_VENDOR 1085 #define TSS_TPMCAP_DA_LOGIC (0x1f) 1086 1087 // 1088 // Sub-Capability Flags for TSS_TPMCAP_PROPERTY 1089 // 1090 #define TSS_TPMCAP_PROP_PCR (0x10) 1091 #define TSS_TPMCAP_PROP_DIR (0x11) 1092 #define TSS_TPMCAP_PROP_MANUFACTURER (0x12) 1093 #define TSS_TPMCAP_PROP_SLOTS (0x13) 1094 #define TSS_TPMCAP_PROP_KEYS TSS_TPMCAP_PROP_SLOTS 1095 #define TSS_TPMCAP_PROP_FAMILYROWS (0x14) 1096 #define TSS_TPMCAP_PROP_DELEGATEROWS (0x15) 1097 #define TSS_TPMCAP_PROP_OWNER (0x16) 1098 #define TSS_TPMCAP_PROP_MAXKEYS (0x18) 1099 #define TSS_TPMCAP_PROP_AUTHSESSIONS (0x19) 1100 #define TSS_TPMCAP_PROP_MAXAUTHSESSIONS (0x1a) 1101 #define TSS_TPMCAP_PROP_TRANSESSIONS (0x1b) 1102 #define TSS_TPMCAP_PROP_MAXTRANSESSIONS (0x1c) 1103 #define TSS_TPMCAP_PROP_SESSIONS (0x1d) 1104 #define TSS_TPMCAP_PROP_MAXSESSIONS (0x1e) 1105 #define TSS_TPMCAP_PROP_CONTEXTS (0x1f) 1106 #define TSS_TPMCAP_PROP_MAXCONTEXTS (0x20) 1107 #define TSS_TPMCAP_PROP_DAASESSIONS (0x21) 1108 #define TSS_TPMCAP_PROP_MAXDAASESSIONS (0x22) 1109 #define TSS_TPMCAP_PROP_DAA_INTERRUPT (0x23) 1110 #define TSS_TPMCAP_PROP_COUNTERS (0x24) 1111 #define TSS_TPMCAP_PROP_MAXCOUNTERS (0x25) 1112 #define TSS_TPMCAP_PROP_ACTIVECOUNTER (0x26) 1113 #define TSS_TPMCAP_PROP_MIN_COUNTER (0x27) 1114 #define TSS_TPMCAP_PROP_TISTIMEOUTS (0x28) 1115 #define TSS_TPMCAP_PROP_STARTUPEFFECTS (0x29) 1116 #define TSS_TPMCAP_PROP_MAXCONTEXTCOUNTDIST (0x2a) 1117 #define TSS_TPMCAP_PROP_CMKRESTRICTION (0x2b) 1118 #define TSS_TPMCAP_PROP_DURATION (0x2c) 1119 #define TSS_TPMCAP_PROP_MAXNVAVAILABLE (0x2d) 1120 #define TSS_TPMCAP_PROP_INPUTBUFFERSIZE (0x2e) 1121 #define TSS_TPMCAP_PROP_REVISION (0x2f) 1122 #define TSS_TPMCAP_PROP_LOCALITIES_AVAIL (0x32) 1123 1124 // 1125 // Resource type flags 1126 // Sub-Capability Flags for TSS_TPMCAP_HANDLE 1127 // 1128 #define TSS_RT_KEY ((UINT32)0x00000010) 1129 #define TSS_RT_AUTH ((UINT32)0x00000020) 1130 #define TSS_RT_TRANS ((UINT32)0x00000030) 1131 #define TSS_RT_COUNTER ((UINT32)0x00000040) 1132 1133 1134 // 1135 // TSS Core Service Capabilities 1136 // 1137 #define TSS_TCSCAP_ALG (0x00000001) 1138 #define TSS_TCSCAP_VERSION (0x00000002) 1139 #define TSS_TCSCAP_CACHING (0x00000003) 1140 #define TSS_TCSCAP_PERSSTORAGE (0x00000004) 1141 #define TSS_TCSCAP_MANUFACTURER (0x00000005) 1142 #define TSS_TCSCAP_PLATFORM_CLASS (0x00000006) 1143 #define TSS_TCSCAP_TRANSPORT (0x00000007) 1144 #define TSS_TCSCAP_PLATFORM_INFO (0x00000008) 1145 1146 // 1147 // Sub-Capability Flags TSS-CoreService-Capabilities 1148 // 1149 #define TSS_TCSCAP_PROP_KEYCACHE (0x00000100) 1150 #define TSS_TCSCAP_PROP_AUTHCACHE (0x00000101) 1151 #define TSS_TCSCAP_PROP_MANUFACTURER_STR (0x00000102) 1152 #define TSS_TCSCAP_PROP_MANUFACTURER_ID (0x00000103) 1153 #define TSS_TCSCAP_PLATFORM_VERSION (0x00001100) 1154 #define TSS_TCSCAP_PLATFORM_TYPE (0x00001101) 1155 #define TSS_TCSCAP_TRANS_EXCLUSIVE (0x00002100) 1156 #define TSS_TCSCAP_PROP_HOST_PLATFORM (0x00003001) 1157 #define TSS_TCSCAP_PROP_ALL_PLATFORMS (0x00003002) 1158 1159 // 1160 // TSS Service Provider Capabilities 1161 // 1162 #define TSS_TSPCAP_ALG (0x00000010) 1163 #define TSS_TSPCAP_VERSION (0x00000011) 1164 #define TSS_TSPCAP_PERSSTORAGE (0x00000012) 1165 #define TSS_TSPCAP_MANUFACTURER (0x00000013) 1166 #define TSS_TSPCAP_RETURNVALUE_INFO (0x00000015) 1167 #define TSS_TSPCAP_PLATFORM_INFO (0x00000016) 1168 1169 // Sub-Capability Flags for TSS_TSPCAP_MANUFACTURER 1170 // 1171 #define TSS_TSPCAP_PROP_MANUFACTURER_STR (0x00000102) 1172 #define TSS_TSPCAP_PROP_MANUFACTURER_ID (0x00000103) 1173 1174 // Sub-Capability Flags for TSS_TSPCAP_PLATFORM_INFO 1175 // 1176 #define TSS_TSPCAP_PLATFORM_TYPE (0x00000201) 1177 #define TSS_TSPCAP_PLATFORM_VERSION (0x00000202) 1178 1179 1180 1181 // Sub-Capability Flags for TSS_TSPCAP_RETURNVALUE_INFO 1182 // 1183 #define TSS_TSPCAP_PROP_RETURNVALUE_INFO (0x00000201) 1184 1185 // 1186 // Event type definitions 1187 // 1188 #define TSS_EV_CODE_CERT (0x00000001) 1189 #define TSS_EV_CODE_NOCERT (0x00000002) 1190 #define TSS_EV_XML_CONFIG (0x00000003) 1191 #define TSS_EV_NO_ACTION (0x00000004) 1192 #define TSS_EV_SEPARATOR (0x00000005) 1193 #define TSS_EV_ACTION (0x00000006) 1194 #define TSS_EV_PLATFORM_SPECIFIC (0x00000007) 1195 1196 1197 // 1198 // TSP random number limits 1199 // 1200 #define TSS_TSPCAP_RANDOMLIMIT (0x00001000) // Errata: Missing from spec 1201 1202 // 1203 // UUIDs 1204 // 1205 // Errata: This are not in the spec 1206 #define TSS_UUID_SRK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 1}} // Storage root key 1207 #define TSS_UUID_SK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 2}} // System key 1208 #define TSS_UUID_RK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 3}} // roaming key 1209 #define TSS_UUID_CRK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 8}} // CMK roaming key 1210 #define TSS_UUID_USK1 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 4}} // user storage key 1 1211 #define TSS_UUID_USK2 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 5}} // user storage key 2 1212 #define TSS_UUID_USK3 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 6}} // user storage key 3 1213 #define TSS_UUID_USK4 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 7}} // user storage key 4 1214 #define TSS_UUID_USK5 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 9}} // user storage key 5 1215 #define TSS_UUID_USK6 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 10}}// user storage key 6 1216 1217 // macro to derive UUIDs for keys whose "OwnerEvict" key is set. 1218 #define TSS_UUID_OWNEREVICT(i) {0, 0, 0, 0, 0, {0, 0, 0, 0, 1, (i)}} 1219 1220 1221 // 1222 // TPM well-known secret 1223 // 1224 #define TSS_WELL_KNOWN_SECRET \ 1225 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ 1226 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} 1227 1228 1229 // Values for the "direction" parameters in the Tspi_PcrComposite_XX functions. 1230 #define TSS_PCRS_DIRECTION_CREATION ((UINT32)1) 1231 #define TSS_PCRS_DIRECTION_RELEASE ((UINT32)2) 1232 1233 1234 // 1235 // TSS blob version definition for ASN.1 blobs 1236 // 1237 #define TSS_BLOB_STRUCT_VERSION 0x01 1238 1239 // 1240 // TSS blob type definitions for ASN.1 blobs 1241 // 1242 #define TSS_BLOB_TYPE_KEY 0x01 1243 #define TSS_BLOB_TYPE_PUBKEY 0x02 1244 #define TSS_BLOB_TYPE_MIGKEY 0x03 1245 #define TSS_BLOB_TYPE_SEALEDDATA 0x04 1246 #define TSS_BLOB_TYPE_BOUNDDATA 0x05 1247 #define TSS_BLOB_TYPE_MIGTICKET 0x06 1248 #define TSS_BLOB_TYPE_PRIVATEKEY 0x07 1249 #define TSS_BLOB_TYPE_PRIVATEKEY_MOD1 0x08 1250 #define TSS_BLOB_TYPE_RANDOM_XOR 0x09 1251 #define TSS_BLOB_TYPE_CERTIFY_INFO 0x0A 1252 #define TSS_BLOB_TYPE_KEY_1_2 0x0B 1253 #define TSS_BLOB_TYPE_CERTIFY_INFO_2 0x0C 1254 #define TSS_BLOB_TYPE_CMK_MIG_KEY 0x0D 1255 #define TSS_BLOB_TYPE_CMK_BYTE_STREAM 0x0E 1256 1257 1258 1259 // 1260 // Values for TPM_CMK_DELEGATE bitmasks 1261 // For now these are exactly the same values as the corresponding 1262 // TPM_CMK_DELEGATE_* bitmasks. 1263 // 1264 #define TSS_CMK_DELEGATE_SIGNING (((UINT32)1)<<31) 1265 #define TSS_CMK_DELEGATE_STORAGE (((UINT32)1)<<30) 1266 #define TSS_CMK_DELEGATE_BIND (((UINT32)1)<<29) 1267 #define TSS_CMK_DELEGATE_LEGACY (((UINT32)1)<<28) 1268 #define TSS_CMK_DELEGATE_MIGRATE (((UINT32)1)<<27) 1269 1270 1271 // 1272 // Constants for DAA 1273 // 1274 #define TSS_DAA_LENGTH_N 256 // Length of the RSA Modulus (2048 bits) 1275 #define TSS_DAA_LENGTH_F 13 // Length of the f_i's (information encoded into the certificate, 104 bits) 1276 #define TSS_DAA_LENGTH_E 46 // Length of the e's (exponents, part of certificate, 386 bits) 1277 #define TSS_DAA_LENGTH_E_PRIME 15 // Length of the interval the e's are chosen from (120 bits) 1278 #define TSS_DAA_LENGTH_V 317 // Length of the v's (random value, part of certificate, 2536 bits) 1279 #define TSS_DAA_LENGTH_SAFETY 10 // Length of the security parameter controlling the statistical zero-knowledge property (80 bits) 1280 #define TSS_DAA_LENGTH_HASH TPM_SHA1_160_HASH_LEN // Length of the output of the hash function SHA-1 used for the Fiat-Shamir heuristic(160 bits) 1281 #define TSS_DAA_LENGTH_S 128 // Length of the split large exponent for easier computations on the TPM (1024 bits) 1282 #define TSS_DAA_LENGTH_GAMMA 204 // Length of the modulus 'Gamma' (1632 bits) 1283 #define TSS_DAA_LENGTH_RHO 26 // Length of the order 'rho' of the sub group of Z*_Gamma that is used for roggue tagging (208 bits) 1284 #define TSS_DAA_LENGTH_MFG1_GAMMA 214 // Length of the output of MGF1 in conjunction with the modulus Gamma (1712 bits) 1285 #define TSS_DAA_LENGTH_MGF1_AR 25 // Length of the output of MGF1 used for anonymity revocation (200 bits) 1286 1287 1288 #endif // __TSS_DEFINES_H__ 1289