1 /* Software-based Trusted Platform Module (TPM) Emulator
2 * Copyright (C) 2004-2010 Mario Strasser <mast@gmx.net>
3 * 2005-2008 Heiko Stamer <stamer@gaos.org>
4 *
5 * This module is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published
7 * by the Free Software Foundation; either version 2 of the License,
8 * or (at your option) any later version.
9 *
10 * This module is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * $Id: tpm_structures.h 467 2011-07-19 17:36:12Z mast $
16 */
17
18 #ifndef _TPM_STRUCTURES_H_
19 #define _TPM_STRUCTURES_H_
20
21 #include "tpm_emulator.h"
22 #include "crypto/rsa.h"
23
24 /*
25 * The following types and structures are specified in
26 * TPM Main Part 2 TPM Structures [TPM_Part2].
27 */
28
29 /*
30 * Basic Data Types ([TPM_Part2], Section 2.2.1 and 2.2.2)
31 */
32 typedef uint8_t BYTE;
33 typedef uint16_t UINT16;
34 typedef uint32_t UINT32;
35 typedef uint64_t UINT64;
36 typedef BYTE BOOL;
37 #define TRUE 0x01
38 #define FALSE 0x00
39
40 /*
41 * TPM Helper Data Types ([TPM_Part2], Section 2.2.3)
42 */
43 typedef BYTE TPM_AUTH_DATA_USAGE;
44 typedef BYTE TPM_PAYLOAD_TYPE;
45 typedef BYTE TPM_VERSION_BYTE;
46 typedef BYTE TPM_DA_STATE;
47 typedef UINT16 TPM_TAG;
48 typedef UINT16 TPM_PROTOCOL_ID;
49 typedef UINT16 TPM_STARTUP_TYPE;
50 typedef UINT16 TPM_ENC_SCHEME;
51 typedef UINT16 TPM_SIG_SCHEME;
52 typedef UINT16 TPM_MIGRATE_SCHEME;
53 typedef UINT16 TPM_PHYSICAL_PRESENCE;
54 typedef UINT16 TPM_ENTITY_TYPE;
55 typedef UINT16 TPM_KEY_USAGE;
56 typedef UINT16 TPM_EK_TYPE;
57 typedef UINT16 TPM_STRUCTURE_TAG;
58 typedef UINT16 TPM_PLATFORM_SPECIFIC;
59 typedef UINT32 TPM_COMMAND_CODE;
60 typedef UINT32 TPM_CAPABILITY_AREA;
61 typedef UINT32 TPM_KEY_FLAGS;
62 typedef UINT32 TPM_ALGORITHM_ID;
63 typedef UINT32 TPM_MODIFIER_INDICATOR;
64 typedef UINT32 TPM_ACTUAL_COUNT;
65 typedef UINT32 TPM_TRANSPORT_ATTRIBUTES;
66 typedef UINT32 TPM_AUTHHANDLE;
67 typedef UINT32 TPM_DIRINDEX;
68 typedef UINT32 TPM_KEY_HANDLE;
69 typedef UINT32 TPM_PCRINDEX;
70 typedef UINT32 TPM_RESULT;
71 typedef UINT32 TPM_RESOURCE_TYPE;
72 typedef UINT32 TPM_KEY_CONTROL;
73 typedef UINT32 TPM_NV_INDEX;
74 typedef UINT32 TPM_FAMILY_ID;
75 typedef UINT32 TPM_FAMILY_VERIFICATION;
76 typedef UINT32 TPM_STARTUP_EFFECTS;
77 typedef UINT32 TPM_SYM_MODE;
78 typedef UINT32 TPM_FAMILY_FLAGS;
79 typedef UINT32 TPM_DELEGATE_INDEX;
80 typedef UINT32 TPM_CMK_DELEGATE;
81 typedef UINT32 TPM_COUNT_ID;
82 typedef UINT32 TPM_REDIT_COMMAND;
83 typedef UINT32 TPM_TRANSHANDLE;
84 typedef UINT32 TPM_HANDLE;
85 typedef UINT32 TPM_FAMILY_OPERATION;
86
87 /*
88 * Vendor Specific ([TPM_Part2], Section 2.2.4)
89 */
90 #define TPM_Vendor_Specific32 0x00000400
91 #define TPM_Vendor_Specific8 0x80
92
93 /*
94 * Structure Tags ([TPM_Part2], Section 3.1)
95 * are defined together with the dedicated structures.
96 */
97
98 /*
99 * TPM_RESOURCE_TYPE ([TPM_Part2], Section 4.1)
100 * Specifies the resource type.
101 */
102 #define TPM_RT_KEY 0x00000001
103 #define TPM_RT_AUTH 0x00000002
104 #define TPM_RT_HASH 0x00000003
105 #define TPM_RT_TRANS 0x00000004
106 #define TPM_RT_CONTEXT 0x00000005
107 #define TPM_RT_COUNTER 0x00000006
108 #define TPM_RT_DELEGATE 0x00000007
109 #define TPM_RT_DAA_TPM 0x00000008
110 #define TPM_RT_DAA_V0 0x00000009
111 #define TPM_RT_DAA_V1 0x0000000A
112
113 /*
114 * TPM_PAYLOAD_TYPE ([TPM_Part2], Section 4.2)
115 * This specifies the type of payload in various messages.
116 */
117 #define TPM_PT_ASYM 0x01
118 #define TPM_PT_BIND 0x02
119 #define TPM_PT_MIGRATE 0x03
120 #define TPM_PT_MAINT 0x04
121 #define TPM_PT_SEAL 0x05
122 #define TPM_PT_MIGRATE_RESTRICTED 0x06
123 #define TPM_PT_MIGRATE_EXTERNAL 0x07
124 #define TPM_PT_CMK_MIGRATE 0x08
125 /* 0x09 - 0x7F Reserved for future use by TPM */
126 /* 0x80 - 0xFF Vendor specific payloads */
127 #define TPM_PT_NONE 0x00
128
129 /*
130 * TPM_ENTITY_TYPE ([TPM_Part2], Section 4.3)
131 * This specifies the types of entity and ADIP encryption schemes
132 * that are supported by the TPM.
133 *
134 * The LSB is used to indicate the entity type. The MSB is used to
135 * indicate the ADIP encryption scheme when applicable.
136 *
137 * For compatibility with TPM 1.1, some values are maintained.
138 */
139 /* LSB Values */
140 #define TPM_ET_KEYHANDLE 0x01
141 #define TPM_ET_OWNER 0x02
142 #define TPM_ET_DATA 0x03
143 #define TPM_ET_SRK 0x04
144 #define TPM_ET_KEY 0x05
145 #define TPM_ET_REVOKE 0x06
146 #define TPM_ET_DEL_OWNER_BLOB 0x07
147 #define TPM_ET_DEL_ROW 0x08
148 #define TPM_ET_DEL_KEY_BLOB 0x09
149 #define TPM_ET_COUNTER 0x0A
150 #define TPM_ET_NV 0x0B
151 #define TPM_ET_OPERATOR 0x0C
152 #define TPM_ET_VERIFICATION_AUTH 0x0D
153 #define TPM_ET_RESERVED_HANDLE 0x40
154 /* MSB Values */
155 #define TPM_ET_XOR 0x00
156 #define TPM_ET_AES128_CTR 0x06
157
158 /*
159 * Reserved Key Handles ([TPM_Part2], Section 4.4.1)
160 * These values specify specific keys or specific actions for the TPM.
161 */
162 #define TPM_KH_SRK 0x40000000
163 #define TPM_KH_OWNER 0x40000001
164 #define TPM_KH_REVOKE 0x40000002
165 #define TPM_KH_TRANSPORT 0x40000003
166 #define TPM_KH_OPERATOR 0x40000004
167 #define TPM_KH_ADMIN 0x40000005
168 #define TPM_KH_EK 0x40000006
169
170 /*
171 * TPM_STARTUP_TYPE ([TPM_Part2], Section 4.5)
172 * To specify what type of startup is occurring.
173 */
174 #define TPM_ST_CLEAR 0x0001
175 #define TPM_ST_STATE 0x0002
176 #define TPM_ST_DEACTIVATED 0x0003
177
178 /*
179 * TPM_STARTUP_EFFECTS ([TPM_Part2], Section 4.6)
180 * This structure lists for the various resources and sessions on a TPM
181 * the affect that TPM_Startup has on the values.
182 */
183 /* 31-8 reserved and must be 0 */
184 #define TPM_STARTUP_RT_DAA_TPM_ST_STATE (1 << 8)
185 #define TPM_STARTUP_AUDIT_DIGEST_IGNORE (1 << 7)
186 #define TPM_STARTUP_AUDIT_DIGEST_ST_CLEAR (1 << 6)
187 #define TPM_STARTUP_AUDIT_DIGEST_ST_ANY (1 << 5)
188 #define TPM_STARTUP_RT_KEY_ST_ANY (1 << 4)
189 #define TPM_STARTUP_RT_AUTH_ST_STATE (1 << 3)
190 #define TPM_STARTUP_RT_HASH_ST_STATE (1 << 2)
191 #define TPM_STARTUP_RT_TRANS_ST_STATE (1 << 1)
192 #define TPM_STARTUP_RT_CONTEXT_ST_STATE (1 << 0)
193
194 /*
195 * TPM_PROTOCOL_ID ([TPM_Part2], Section 4.7)
196 * This value identifies the protocol in use.
197 */
198 #define TPM_PID_OIAP 0x0001
199 #define TPM_PID_OSAP 0x0002
200 #define TPM_PID_ADIP 0x0003
201 #define TPM_PID_ADCP 0x0004
202 #define TPM_PID_OWNER 0x0005
203 #define TPM_PID_DSAP 0x0006
204 #define TPM_PID_TRANSPORT 0x0007
205
206 /*
207 * TPM_ALGORITHM_ID ([TPM_Part2], Section 4.8)
208 * This table defines the types of algorithms which may be supported by the TPM.
209 */
210 #define TPM_ALG_RSA 0x00000001
211 #define TPM_ALG_DES 0x00000002
212 #define TPM_ALG_3DES 0x00000003
213 #define TPM_ALG_SHA 0x00000004
214 #define TPM_ALG_HMAC 0x00000005
215 #define TPM_ALG_AES128 0x00000006
216 #define TPM_ALG_MGF1 0x00000007
217 #define TPM_ALG_AES192 0x00000008
218 #define TPM_ALG_AES256 0x00000009
219 #define TPM_ALG_XOR 0x0000000A
220
221 /*
222 * TPM_PHYSICAL_PRESENCE ([TPM_Part2], Section 4.9)
223 * Values to setup the Physical Presence
224 */
225 #define TPM_PHYSICAL_PRESENCE_HW_DISABLE 0x0200
226 #define TPM_PHYSICAL_PRESENCE_CMD_DISABLE 0x0100
227 #define TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK 0x0080
228 #define TPM_PHYSICAL_PRESENCE_HW_ENABLE 0x0040
229 #define TPM_PHYSICAL_PRESENCE_CMD_ENABLE 0x0020
230 #define TPM_PHYSICAL_PRESENCE_NOTPRESENT 0x0010
231 #define TPM_PHYSICAL_PRESENCE_PRESENT 0x0008
232 #define TPM_PHYSICAL_PRESENCE_LOCK 0x0004
233
234 /*
235 * TPM_MIGRATE_SCHEME ([TPM_Part2], Section 4.10)
236 * Indicates how the StartMigrate command should handle the
237 * migration of the encrypted blob.
238 */
239 #define TPM_MS_MIGRATE 0x0001
240 #define TPM_MS_REWRAP 0x0002
241 #define TPM_MS_MAINT 0x0003
242 #define TPM_MS_RESTRICT_MIGRATE 0x0004
243 #define TPM_MS_RESTRICT_APPROVE 0x0005
244
245 /*
246 * TPM_EK_TYPE ([TPM_Part2], Section 4.11)
247 * Indicates what type of information that the EK is dealing with.
248 */
249 #define TPM_EK_TYPE_ACTIVATE 0x0001
250 #define TPM_EK_TYPE_AUTH 0x0002
251
252 /*
253 * TPM_PLATFORM_SPECIFIC ([TPM_Part2], Section 4.12)
254 * Indicates the platform specific spec that the information relates to.
255 */
256 #define TPM_PS_PC_11 0x0001
257 #define TPM_PS_PC_12 0x0002
258 #define TPM_PS_PDA_12 0x0003
259 #define TPM_PS_Server_12 0x0004
260 #define TPM_PS_Mobile_12 0x0005
261
262 /*
263 * TPM Basic Structures
264 */
265
266 /*
267 * TPM_STRUCT_VER ([TPM_Part2], Section 5.1)
268 * This indicates the version of the structure.
269 */
270 typedef struct tdTPM_STRUCT_VER {
271 BYTE major;
272 BYTE minor;
273 BYTE revMajor;
274 BYTE revMinor;
275 } TPM_STRUCT_VER;
276
277 /*
278 * TPM_VERSION ([TPM_Part2], Section 5.3)
279 * This structure provides information relative the version of the TPM.
280 * This structure should only be in use by TPM_GetCapability to provide
281 * the information relative to the TPM.
282 */
283 typedef struct tdTPM_VERSION {
284 TPM_VERSION_BYTE major;
285 TPM_VERSION_BYTE minor;
286 BYTE revMajor;
287 BYTE revMinor;
288 } TPM_VERSION;
289 #define sizeof_TPM_VERSION(s) (4)
290
291 /*
292 * TPM_DIGEST ([TPM_Part2], Section 5.4)
293 * The digest value reports the result of a hash operation.
294 * In version 1 the hash algorithm is SHA-1 (20 bytes resp. 160 bits).
295 */
296 typedef struct tdTPM_DIGEST {
297 BYTE digest[20];
298 } TPM_DIGEST;
299
300 /* Redefinitions */
301 typedef TPM_DIGEST TPM_CHOSENID_HASH;
302 typedef TPM_DIGEST TPM_COMPOSITE_HASH;
303 typedef TPM_DIGEST TPM_DIRVALUE;
304 typedef TPM_DIGEST TPM_HMAC;
305 typedef TPM_DIGEST TPM_PCRVALUE;
306 typedef TPM_DIGEST TPM_AUDITDIGEST;
307
308 /*
309 * TPM_NONCE ([TPM_Part2], Section 5.5)
310 * A random value that provides protection from replay and other attacks.
311 */
312 typedef struct tdTPM_NONCE{
313 BYTE nonce[20];
314 } TPM_NONCE;
315
316 /* Redefinitions */
317 typedef TPM_NONCE TPM_DAA_TPM_SEED;
318 typedef TPM_NONCE TPM_DAA_CONTEXT_SEED;
319
320 /*
321 * TPM_AUTHDATA ([TPM_Part2], Section 5.6)
322 * Information that is saved or passed to provide proof of ownership of an
323 * entity. For version 1 this area is always 20 bytes.
324 */
325 typedef BYTE TPM_AUTHDATA[20];
326
327 /* Redefinitions */
328 typedef TPM_AUTHDATA TPM_SECRET;
329 typedef TPM_AUTHDATA TPM_ENCAUTH;
330
331 /*
332 * TPM_KEY_HANDLE_LIST ([TPM_Part2], Section 5.7)
333 * Structure used to describe the handles of all keys currently
334 * loaded into a TPM.
335 */
336 typedef struct tdTPM_KEY_HANDLE_LIST {
337 UINT16 loaded;
338 TPM_KEY_HANDLE *handle;
339 } TPM_KEY_HANDLE_LIST;
340
341 /*
342 * TPM_KEY_USAGE ([TPM_Part2], Section 5.8)
343 * Defines the types of keys that are possible.
344 */
345 #define TPM_KEY_SIGNING 0x0010
346 #define TPM_KEY_STORAGE 0x0011
347 #define TPM_KEY_IDENTITY 0x0012
348 #define TPM_KEY_AUTHCHANGE 0x0013
349 #define TPM_KEY_BIND 0x0014
350 #define TPM_KEY_LEGACY 0x0015
351 #define TPM_KEY_MIGRATE 0x0016
352
353 /*
354 * Encryption Schemes ([TPM_Part2], Section 5.8.1)
355 */
356 #define TPM_ES_NONE 0x0001
357 #define TPM_ES_RSAESPKCSv15 0x0002
358 #define TPM_ES_RSAESOAEP_SHA1_MGF1 0x0003
359 #define TPM_ES_SYM_CTR 0x0004
360 #define TPM_ES_SYM_OFB 0x0005
361
362 /*
363 * Signature Schemes ([TPM_Part2], Section 5.8.1)
364 */
365 #define TPM_SS_NONE 0x0001
366 #define TPM_SS_RSASSAPKCS1v15_SHA1 0x0002
367 #define TPM_SS_RSASSAPKCS1v15_DER 0x0003
368 #define TPM_SS_RSASSAPKCS1v15_INFO 0x0004
369
370 /*
371 * TPM_AUTH_DATA_USAGE ([TPM_Part2], Section 5.9)
372 * Indication when authorization sessions for an entity are required.
373 */
374 #define TPM_AUTH_NEVER 0x00
375 #define TPM_AUTH_ALWAYS 0x01
376 #define TPM_AUTH_PRIV_USE_ONLY 0x03
377
378 /*
379 * TPM_KEY_FLAGS ([TPM_Part2], Section 5.10)
380 * This table defines the meanings of the bits in a TPM_KEY_FLAGS structure.
381 */
382 #define TPM_KEY_FLAG_REDIRECT 0x00000001
383 #define TPM_KEY_FLAG_MIGRATABLE 0x00000002
384 #define TPM_KEY_FLAG_VOLATILE 0x00000004
385 #define TPM_KEY_FLAG_PCR_IGNORE 0x00000008
386 #define TPM_KEY_FLAG_AUTHORITY 0x00000010
387 /* to use with TPM_KEY_DATA only! */
388 #define TPM_KEY_FLAG_HAS_PCR 0x10000000
389 #define TPM_KEY_FLAG_MASK 0x0fffffff
390
391 /*
392 * TPM_CHANGEAUTH_VALIDATE ([TPM_Part2], Section 5.11)
393 * To store the new authorization data and the challenger's nonce.
394 */
395 typedef struct tdTPM_CHANGEAUTH_VALIDATE {
396 TPM_SECRET newAuthSecret;
397 TPM_NONCE n1;
398 } TPM_CHANGEAUTH_VALIDATE;
399 #define sizeof_TPM_CHANGEAUTH_VALIDATE(s) (20 + 20)
400
401 /*
402 * TPM_COUNTER_VALUE ([TPM_Part2], Section 5.13)
403 * This structure returns the counter value.
404 * For interoperability, the value size should be 4 bytes.
405 */
406 #define TPM_TAG_COUNTER_VALUE 0x000E
407 typedef struct tdTPM_COUNTER_VALUE {
408 TPM_STRUCTURE_TAG tag;
409 BYTE label[4];
410 TPM_ACTUAL_COUNT counter;
411 /* additional, not marshalled data */
412 TPM_SECRET usageAuth;
413 BOOL valid;
414 } TPM_COUNTER_VALUE;
415 #define sizeof_TPM_COUNTER_VALUE(s) (2 + 4 + 4)
416 #define sizeof_TPM_COUNTER_VALUE2(s) (2 + 4 + 4 + 20 + 1)
417
418 /*
419 * TPM_SIGN_INFO Structure ([TPM_Part2], Section 5.14)
420 * To provide the mechanism to quote the current values of a list of PCRs.
421 */
422 #define TPM_TAG_SIGNINFO 0x0005
423 typedef struct tdTPM_SIGN_INFO {
424 TPM_STRUCTURE_TAG tag;
425 BYTE fixed[4];
426 TPM_NONCE replay;
427 UINT32 dataLen;
428 BYTE* data;
429 } TPM_SIGN_INFO;
430
431 #define MAX_MSA_COMPOSITE_ENTRIES 16
432
433 /*
434 * TPM_MSA_COMPOSITE ([TPM_Part2], Section 5.15)
435 * Contains an arbitrary number of digests of public keys belonging to
436 * Migration Authorities.
437 */
438 typedef struct tdTPM_MSA_COMPOSITE {
439 UINT32 MSAlist;
440 TPM_DIGEST migAuthDigest[MAX_MSA_COMPOSITE_ENTRIES];
441 } TPM_MSA_COMPOSITE;
442 #define sizeof_TPM_MSA_COMPOSITE(s) (4 + s.MSAlist * 20)
443
444 /*
445 * TPM_CMK_AUTH ([TPM_Part2], Section 5.16)
446 */
447 typedef struct tdTPM_CMK_AUTH {
448 TPM_DIGEST migrationAuthorityDigest;
449 TPM_DIGEST destinationKeyDigest;
450 TPM_DIGEST sourceKeyDigest;
451 } TPM_CMK_AUTH;
452 #define sizeof_TPM_CMK_AUTH(s) (3 * 20)
453
454 /*
455 * TPM_CMK_DELEGATE ([TPM_Part2], Section 5.17)
456 * Determine how to respond to delegated requests to manipulate a
457 * restricted-migration key.
458 */
459 #define TPM_CMK_DELEGATE_SIGNING (1 << 31)
460 #define TPM_CMK_DELEGATE_STORAGE (1 << 30)
461 #define TPM_CMK_DELEGATE_BIND (1 << 29)
462 #define TPM_CMK_DELEGATE_LEGACY (1 << 28)
463 #define TPM_CMK_DELEGATE_MIGRATE (1 << 27)
464 /* bits 26-0 are reserved and must be 0 */
465
466 /*
467 * TPM_SELECT_SIZE ([TPM_Part2], Section 5.18)
468 * Indication for the version and size of TPM_SELECTION in TPM_GetCapability.
469 */
470 typedef struct tdTPM_SELECT_SIZE {
471 BYTE major;
472 BYTE minor;
473 UINT16 reqSize;
474 } TPM_SELECT_SIZE;
475
476 /*
477 * TPM_CMK_MIGAUTH ([TPM_Part2], Section 5.19)
478 * Structure to keep track of the CMK migration authorization.
479 */
480 #define TPM_TAG_CMK_MIGAUTH 0x0033
481 typedef struct tdTPM_CMK_MIGAUTH {
482 TPM_STRUCTURE_TAG tag;
483 TPM_DIGEST msaDigest;
484 TPM_DIGEST pubKeyDigest;
485 } TPM_CMK_MIGAUTH;
486
487 /*
488 * TPM_CMK_SIGTICKET ([TPM_Part2], Section 5.20)
489 * Structure to keep track of the CMK migration authorization.
490 */
491 #define TPM_TAG_CMK_SIGTICKET 0x0034
492 typedef struct tdTPM_CMK_SIGTICKET {
493 TPM_STRUCTURE_TAG tag;
494 TPM_DIGEST verKeyDigest;
495 TPM_DIGEST signedData;
496 } TPM_CMK_SIGTICKET;
497
498 /*
499 * TPM_CMK_MA_APPROVAL ([TPM_Part2], Section 5.21)
500 * Structure to keep track of the CMK migration authorization.
501 */
502 #define TPM_TAG_CMK_MA_APPROVAL 0x0035
503 typedef struct tdTPM_CMK_MA_APPROVAL {
504 TPM_STRUCTURE_TAG tag;
505 TPM_DIGEST migrationAuthorityDigest;
506 } TPM_CMK_MA_APPROVAL;
507
508 /*
509 * Command Tags ([TPM_Part2], Section 6)
510 * Indicate the construction of the command either as input or as output.
511 */
512 #define TPM_TAG_RQU_COMMAND 0x00C1
513 #define TPM_TAG_RQU_AUTH1_COMMAND 0x00C2
514 #define TPM_TAG_RQU_AUTH2_COMMAND 0x00C3
515 #define TPM_TAG_RSP_COMMAND 0x00C4
516 #define TPM_TAG_RSP_AUTH1_COMMAND 0x00C5
517 #define TPM_TAG_RSP_AUTH2_COMMAND 0x00C6
518
519 /*
520 * Ordinals ([TPM_Part2], Section 17)
521 * The command ordinals provide the index value for each command.
522 */
523 #define TPM_PROTECTED_COMMAND 0x00000000
524 #define TPM_UNPROTECTED_COMMAND 0x80000000
525 #define TPM_CONNECTION_COMMAND 0x40000000
526 #define TPM_VENDOR_COMMAND 0x20000000
527
528 #define TPM_MAIN 0x00
529 #define TPM_PC 0x01
530 #define TPM_PDA 0x02
531 #define TPM_CELL_PHONE 0x03
532 #define TPM_SERVER 0x04
533
534 #define TPM_PROTECTED_ORDINAL (TPM_PROTECTED_COMMAND | TPM_MAIN)
535 #define TPM_UNPROTECTED_ORDINAL (TPM_UNPROTECTED_COMMAND | TPM_MAIN)
536 #define TPM_CONNECTION_ORDINAL (TPM_CONNECTION_COMMAND | TPM_MAIN)
537
538 #define TPM_ORD_INDEX_MASK 0x0000FFFF
539
540 #define TPM_ORD_OIAP 10
541 #define TPM_ORD_OSAP 11
542 #define TPM_ORD_ChangeAuth 12
543 #define TPM_ORD_TakeOwnership 13
544 #define TPM_ORD_ChangeAuthAsymStart 14
545 #define TPM_ORD_ChangeAuthAsymFinish 15
546 #define TPM_ORD_ChangeAuthOwner 16
547 #define TPM_ORD_DSAP 17
548 #define TPM_ORD_CMK_CreateTicket 18
549 #define TPM_ORD_CMK_CreateKey 19
550 #define TPM_ORD_Extend 20
551 #define TPM_ORD_PCRRead 21
552 #define TPM_ORD_Quote 22
553 #define TPM_ORD_Seal 23
554 #define TPM_ORD_Unseal 24
555 #define TPM_ORD_DirWriteAuth 25
556 #define TPM_ORD_DirRead 26
557 #define TPM_ORD_CMK_CreateBlob 27
558 #define TPM_ORD_CMK_SetRestrictions 28
559 #define TPM_ORD_CMK_ApproveMA 29
560 #define TPM_ORD_UnBind 30
561 #define TPM_ORD_CreateWrapKey 31
562 #define TPM_ORD_LoadKey 32
563 #define TPM_ORD_GetPubKey 33
564 #define TPM_ORD_EvictKey 34
565 #define TPM_ORD_KeyControlOwner 35
566 #define TPM_ORD_CMK_ConvertMigration 36
567 #define TPM_ORD_MigrateKey 37
568 #define TPM_ORD_CreateMigrationBlob 40
569 #define TPM_ORD_DAA_Join 41
570 #define TPM_ORD_ConvertMigrationBlob 42
571 #define TPM_ORD_AuthorizeMigrationKey 43
572 #define TPM_ORD_CreateMaintenanceArchive 44
573 #define TPM_ORD_LoadMaintenanceArchive 45
574 #define TPM_ORD_KillMaintenanceFeature 46
575 #define TPM_ORD_LoadManuMaintPub 47
576 #define TPM_ORD_ReadManuMaintPub 48
577 #define TPM_ORD_DAA_Sign 49
578 #define TPM_ORD_CertifyKey 50
579 #define TPM_ORD_CertifyKey2 51
580 #define TPM_ORD_Sign 60
581 #define TPM_ORD_Sealx 61
582 #define TPM_ORD_Quote2 62
583 #define TPM_ORD_SetCapability 63
584 #define TPM_ORD_ResetLockValue 64
585 #define TPM_ORD_LoadKey2 65
586 #define TPM_ORD_GetRandom 70
587 #define TPM_ORD_StirRandom 71
588 #define TPM_ORD_SelfTestFull 80
589 #define TPM_ORD_ContinueSelfTest 83
590 #define TPM_ORD_GetTestResult 84
591 #define TPM_ORD_Reset 90
592 #define TPM_ORD_OwnerClear 91
593 #define TPM_ORD_DisableOwnerClear 92
594 #define TPM_ORD_ForceClear 93
595 #define TPM_ORD_DisableForceClear 94
596 #define TPM_ORD_GetCapability 101
597 #define TPM_ORD_GetCapabilityOwner 102
598 #define TPM_ORD_OwnerSetDisable 110
599 #define TPM_ORD_PhysicalEnable 111
600 #define TPM_ORD_PhysicalDisable 112
601 #define TPM_ORD_SetOwnerInstall 113
602 #define TPM_ORD_PhysicalSetDeactivated 114
603 #define TPM_ORD_SetTempDeactivated 115
604 #define TPM_ORD_SetOperatorAuth 116
605 #define TPM_ORD_SetOwnerPointer 117
606 #define TPM_ORD_CreateEndorsementKeyPair 120
607 #define TPM_ORD_MakeIdentity 121
608 #define TPM_ORD_ActivateIdentity 122
609 #define TPM_ORD_ReadPubek 124
610 #define TPM_ORD_OwnerReadPubek 125
611 #define TPM_ORD_DisablePubekRead 126
612 #define TPM_ORD_CreateRevocableEK 127
613 #define TPM_ORD_RevokeTrust 128
614 #define TPM_ORD_OwnerReadInternalPub 129
615 #define TPM_ORD_GetAuditDigest 133
616 #define TPM_ORD_GetAuditDigestSigned 134
617 #define TPM_ORD_SetOrdinalAuditStatus 141
618 #define TPM_ORD_Terminate_Handle 150
619 #define TPM_ORD_Init 151
620 #define TPM_ORD_SaveState 152
621 #define TPM_ORD_Startup 153
622 #define TPM_ORD_SetRedirection 154
623 #define TPM_ORD_SHA1Start 160
624 #define TPM_ORD_SHA1Update 161
625 #define TPM_ORD_SHA1Complete 162
626 #define TPM_ORD_SHA1CompleteExtend 163
627 #define TPM_ORD_FieldUpgrade 170
628 #define TPM_ORD_SaveKeyContext 180
629 #define TPM_ORD_LoadKeyContext 181
630 #define TPM_ORD_SaveAuthContext 182
631 #define TPM_ORD_LoadAuthContext 183
632 #define TPM_ORD_SaveContext 184
633 #define TPM_ORD_LoadContext 185
634 #define TPM_ORD_FlushSpecific 186
635 #define TPM_ORD_PCR_Reset 200
636 #define TPM_ORD_NV_DefineSpace 204
637 #define TPM_ORD_NV_WriteValue 205
638 #define TPM_ORD_NV_WriteValueAuth 206
639 #define TPM_ORD_NV_ReadValue 207
640 #define TPM_ORD_NV_ReadValueAuth 208
641 #define TPM_ORD_Delegate_UpdateVerification 209
642 #define TPM_ORD_Delegate_Manage 210
643 #define TPM_ORD_Delegate_CreateKeyDelegation 212
644 #define TPM_ORD_Delegate_CreateOwnerDelegation 213
645 #define TPM_ORD_Delegate_VerifyDelegation 214
646 #define TPM_ORD_Delegate_LoadOwnerDelegation 216
647 #define TPM_ORD_Delegate_ReadAuth 217
648 #define TPM_ORD_Delegate_ReadTable 219
649 #define TPM_ORD_CreateCounter 220
650 #define TPM_ORD_IncrementCounter 221
651 #define TPM_ORD_ReadCounter 222
652 #define TPM_ORD_ReleaseCounter 223
653 #define TPM_ORD_ReleaseCounterOwner 224
654 #define TPM_ORD_EstablishTransport 230
655 #define TPM_ORD_ExecuteTransport 231
656 #define TPM_ORD_ReleaseTransportSigned 232
657 #define TPM_ORD_GetTicks 241
658 #define TPM_ORD_TickStampBlob 242
659 #define TPM_ORD_MAX 256
660
661 /*
662 * TCS Ordinals ([TPM_Part2], Section 17.1)
663 *
664 * The TSC ordinals are optional in the main specification.
665 * They are mandatory in the PC Client specification.
666 *
667 * The connection commands manage the TPM's connection to the TBB.
668 */
669 #define TSC_ORD_PhysicalPresence (10 + TPM_CONNECTION_COMMAND)
670 #define TSC_ORD_ResetEstablishmentBit (11 + TPM_CONNECTION_COMMAND)
671
672 /*
673 * PCR Structures
674 */
675
676 /*
677 * Number of PCRs of the TPM (must be a multiple of eight)
678 */
679 #define TPM_NUM_PCR 24
680
681 /*
682 * TPM_PCR_SELECTION ([TPM_Part2], Section 8.1)
683 * Provides a standard method of specifying a list of PCR registers.
684 * Note: An error is reported if sizeOfSelect > sizeof(pcrSelect).
685 */
686 typedef struct tdTPM_PCR_SELECTION {
687 UINT16 sizeOfSelect;
688 BYTE pcrSelect[TPM_NUM_PCR/8];
689 } TPM_PCR_SELECTION;
690 #define sizeof_TPM_PCR_SELECTION(s) (2 + s.sizeOfSelect)
691
692 /*
693 * TPM_PCR_COMPOSITE ([TPM_Part2], Section 8.2)
694 * The composite structure provides the index and value of the PCR register
695 * to be used when creating the value that SEALS an entity to the composite.
696 */
697 typedef struct tdTPM_PCR_COMPOSITE {
698 TPM_PCR_SELECTION select;
699 UINT32 valueSize;
700 TPM_PCRVALUE pcrValue[TPM_NUM_PCR];
701 } TPM_PCR_COMPOSITE;
702 #define sizeof_TPM_PCR_COMPOSITE(s) (sizeof_TPM_PCR_SELECTION(s.select) \
703 + 4 + s.valueSize)
704
705 /*
706 * TPM_LOCALITY_SELECTION ([TPM_Part2], Section 8.6)
707 * When used with localityAtCreation only one bit is set and it corresponds
708 * to the locality of the command creating the structure.
709 * When used with localityAtRelease the bits indicate which localities
710 * CAN perform the release.
711 */
712 typedef BYTE TPM_LOCALITY_SELECTION;
713 /* 5-7 are reserved and must be 0 */
714 #define TPM_LOC_FOUR (1 << 4)
715 #define TPM_LOC_THREE (1 << 3)
716 #define TPM_LOC_TWO (1 << 2)
717 #define TPM_LOC_ONE (1 << 1)
718 #define TPM_LOC_ZERO (1 << 0)
719
720 /*
721 * TPM_PCR_INFO ([TPM_Part2], Section 8.3)
722 * Contains the information related to the wrapping of a key or the sealing
723 * of data, to a set of PCRs.
724 *
725 * TPM_PCR_INFO_LONG ([TPM_Part2], Section 8.4)
726 * This structure includes information necessary to properly define the
727 * configuration that creates the blob using the PCR selection.
728 */
729 #define TPM_TAG_PCR_INFO_LONG 0x0006
730 typedef struct tdTPM_PCR_INFO {
731 TPM_STRUCTURE_TAG tag;
732 TPM_LOCALITY_SELECTION localityAtCreation;
733 TPM_LOCALITY_SELECTION localityAtRelease;
734 TPM_PCR_SELECTION creationPCRSelection;
735 TPM_PCR_SELECTION releasePCRSelection;
736 TPM_COMPOSITE_HASH digestAtCreation;
737 TPM_COMPOSITE_HASH digestAtRelease;
738 } TPM_PCR_INFO;
739 #define sizeof_TPM_PCR_INFO(s) (2 + 1 + 1 \
740 + sizeof_TPM_PCR_SELECTION(s.creationPCRSelection) \
741 + sizeof_TPM_PCR_SELECTION(s.releasePCRSelection) + 20 + 20)
742
743 /*
744 * TPM_PCR_INFO_SHORT ([TPM_Part2], Section 8.5)
745 * Defines a digest at release when the only information that is necessary
746 * is the release configuration.
747 */
748 typedef struct tdTPM_PCR_INFO_SHORT {
749 TPM_PCR_SELECTION pcrSelection;
750 TPM_LOCALITY_SELECTION localityAtRelease;
751 TPM_COMPOSITE_HASH digestAtRelease;
752 } TPM_PCR_INFO_SHORT;
753 #define sizeof_TPM_PCR_INFO_SHORT(s) ( \
754 sizeof_TPM_PCR_SELECTION(s.pcrSelection) + 1 + 20)
755
756 /*
757 * TPM_PCR_ATTRIBUTES ([TPM_Part2], Section 8.8)
758 * These attributes are available on a per PCR basis.
759 */
760 typedef struct tdTPM_PCR_ATTRIBUTES {
761 BOOL pcrReset;
762 TPM_LOCALITY_SELECTION pcrExtendLocal;
763 TPM_LOCALITY_SELECTION pcrResetLocal;
764 } TPM_PCR_ATTRIBUTES;
765 #define sizeof_TPM_PCR_ATTRIBUTES(s) (1 + 1 + 1)
766
767 /*
768 * Storage Structures
769 */
770
771 /*
772 * TPM_STORED_DATA ([TPM_Part2], Section 9.1)
773 * TPM_STORED_DATA12 ([TPM_Part2], Section 9.2)
774 * The definition of this structure is necessary to ensure
775 * the enforcement of security properties.
776 */
777 #define TPM_TAG_STORED_DATA12 0x0016
778 typedef struct tdTPM_STORED_DATA {
779 TPM_STRUCTURE_TAG tag;
780 TPM_ENTITY_TYPE et;
781 UINT32 sealInfoSize;
782 TPM_PCR_INFO sealInfo;
783 UINT32 encDataSize;
784 BYTE* encData;
785 } TPM_STORED_DATA;
786 #define sizeof_TPM_STORED_DATA(s) (2 + 2 + 4 + s.sealInfoSize \
787 + 4 + s.encDataSize)
788 #define free_TPM_STORED_DATA(s) { \
789 if (s.encDataSize > 0) tpm_free(s.encData); }
790
791 /*
792 * TPM_SEALED_DATA ([TPM_Part2], Section 9.3)
793 * This structure contains confidential information related
794 * to sealed data, including the data itself.
795 */
796 typedef struct tdTPM_SEALED_DATA {
797 TPM_PAYLOAD_TYPE payload;
798 TPM_SECRET authData;
799 TPM_NONCE tpmProof;
800 TPM_DIGEST storedDigest;
801 UINT32 dataSize;
802 BYTE* data;
803 } TPM_SEALED_DATA;
804 #define sizeof_TPM_SEALED_DATA(s) (1 + 20 + 20 + 20 + 4 + s.dataSize)
805 #define free_TPM_SEALED_DATA(s) { if (s.dataSize > 0) tpm_free(s.data); }
806
807 /*
808 * TPM_SYMMETRIC_KEY ([TPM_Part2], Section 9.4)
809 * Describes a symmetric key.
810 */
811 typedef struct tdTPM_SYMMETRIC_KEY {
812 TPM_ALGORITHM_ID algId;
813 TPM_ENC_SCHEME encScheme;
814 UINT16 size;
815 BYTE* data;
816 } TPM_SYMMETRIC_KEY;
817 #define sizeof_TPM_SYMMETRIC_KEY(s) (4 + 2 + 2 + s.size)
818 #define free_TPM_SYMMETRIC_KEY(s) { if (s.size > 0) tpm_free(s.data); }
819
820 /*
821 * TPM_BOUND_DATA ([TPM_Part2], Section 9.5)
822 * This structure is used by a TPM_UnBind command in a consistency check.
823 */
824 typedef struct tdTPM_BOUND_DATA {
825 TPM_STRUCT_VER ver;
826 TPM_PAYLOAD_TYPE payload;
827 BYTE* payloadData;
828 } TPM_BOUND_DATA;
829
830 /*
831 * TPM_KEY complex ([TPM_Part2], Section 10)
832 * The TPA_KEY complex is where all of the information regarding keys
833 * is kept. These structures combine to fully define and protect the
834 * information regarding an asymmetric key.
835 */
836
837 /*
838 * TPM_RSA_KEY_PARMS ([TPM_Part2], Section 10.1.1)
839 * This structure describes the parameters of an RSA key.
840 */
841 typedef struct tdTPM_RSA_KEY_PARMS {
842 UINT32 keyLength;
843 UINT32 numPrimes;
844 UINT32 exponentSize;
845 BYTE* exponent;
846 } TPM_RSA_KEY_PARMS;
847 #define sizeof_TPM_RSA_KEY_PARMS(s) (4 + 4 + 4 + s.exponentSize)
848 #define free_TPM_RSA_KEY_PARMS(s) { \
849 if (s.exponentSize > 0) tpm_free(s.exponent); }
850
851 /*
852 * TPM_SYMMETRIC_KEY_PARMS ([TPM_Part2], Section 10.1.2)
853 * This structure describes the parameters for symmetric algorithms.
854 */
855 typedef struct tdTPM_SYMMETRIC_KEY_PARMS {
856 UINT32 keyLength;
857 UINT32 blockSize;
858 UINT32 ivSize;
859 BYTE* IV;
860 } TPM_SYMMETRIC_KEY_PARMS;
861 #define sizeof_TPM_SYMMETRIC_KEY_PARMS(s) (4 + 4 + 4 + s.ivSize)
862 #define free_TPM_SYMMETRIC_KEY_PARMS(s) { if (s.ivSize > 0) tpm_free(s.IV); }
863
864 /*
865 * TPM_KEY_PARMS ([TPM_Part2], Section 10.1)
866 * This provides a standard mechanism to define the parameters used to
867 * generate a key pair.
868 */
869 typedef struct tdTPM_KEY_PARMS {
870 TPM_ALGORITHM_ID algorithmID;
871 TPM_ENC_SCHEME encScheme;
872 TPM_SIG_SCHEME sigScheme;
873 UINT32 parmSize;
874 union {
875 BYTE* raw;
876 TPM_RSA_KEY_PARMS rsa;
877 TPM_SYMMETRIC_KEY_PARMS skp;
878 } parms;
879 } TPM_KEY_PARMS;
880 #define sizeof_TPM_KEY_PARMS(s) (4 + 2 + 2 + 4 + s.parmSize)
881 #define free_TPM_KEY_PARMS(s) { if (s.parmSize > 0) { \
882 switch (s.algorithmID) { \
883 case TPM_ALG_RSA: free_TPM_RSA_KEY_PARMS(s.parms.rsa); break; \
884 case TPM_ALG_DES: case TPM_ALG_3DES: \
885 case TPM_ALG_AES192: case TPM_ALG_AES256: \
886 free_TPM_SYMMETRIC_KEY_PARMS(s.parms.skp); break; \
887 default: tpm_free(s.parms.raw); } } }
888
889 /*
890 * TPM_STORE_PUBKEY ([TPM_Part2], Section 10.4)
891 * This structure can be used in conjunction with a corresponding
892 * TPM_KEY_PARMS to construct a public key which can be unambiguously used.
893 */
894 typedef struct tdTPM_STORE_PUBKEY {
895 UINT32 keyLength;
896 BYTE* key;
897 } TPM_STORE_PUBKEY;
898 #define sizeof_TPM_STORE_PUBKEY(s) (4 + s.keyLength)
899 #define free_TPM_STORE_PUBKEY(s) { if (s.keyLength > 0) tpm_free(s.key); }
900
901 /*
902 * TPM_KEY ([TPM_Part2], Section 10.2)
903 * The TPM_KEY structure provides a mechanism to transport the entire
904 * asymmetric key pair. The private portion of the key is always encrypted.
905 * The TPM_KEY12 ([TPM_Part2], Section 10.3) structure uses the new
906 * TPM_PCR_INFO_LONG structures and the new structure tagging.
907 */
908
909 #define TPM_TAG_KEY12 0x0028
910 typedef struct tdTPM_KEY {
911 TPM_STRUCTURE_TAG tag;
912 UINT16 fill;
913 TPM_KEY_USAGE keyUsage;
914 TPM_KEY_FLAGS keyFlags;
915 TPM_AUTH_DATA_USAGE authDataUsage;
916 TPM_KEY_PARMS algorithmParms;
917 UINT32 PCRInfoSize;
918 TPM_PCR_INFO PCRInfo;
919 TPM_STORE_PUBKEY pubKey;
920 UINT32 encDataSize;
921 BYTE* encData;
922 } TPM_KEY;
923 #define sizeof_TPM_KEY(s) (4 + 2 + 4 + 1 \
924 + sizeof_TPM_KEY_PARMS(s.algorithmParms) \
925 + 4 + s.PCRInfoSize + sizeof_TPM_STORE_PUBKEY(s.pubKey) \
926 + 4 + s.encDataSize)
927 #define free_TPM_KEY(s) { if (s.encDataSize > 0) tpm_free(s.encData); \
928 free_TPM_KEY_PARMS(s.algorithmParms); free_TPM_STORE_PUBKEY(s.pubKey); }
929
930 /*
931 * TPM_PUBKEY ([TPM_Part2], Section 10.5)
932 * Public portion of an asymmetric key pair.
933 */
934 typedef struct tdTPM_PUBKEY {
935 TPM_KEY_PARMS algorithmParms;
936 TPM_STORE_PUBKEY pubKey;
937 } TPM_PUBKEY;
938 #define sizeof_TPM_PUBKEY(s) (sizeof_TPM_KEY_PARMS(s.algorithmParms) \
939 + sizeof_TPM_STORE_PUBKEY(s.pubKey))
940 #define free_TPM_PUBKEY(s) { free_TPM_KEY_PARMS(s.algorithmParms); \
941 free_TPM_STORE_PUBKEY(s.pubKey); }
942
943 /*
944 * TPM_STORE_PRIVKEY ([TPM_Part2], Section 10.7)
945 * This structure can be used in conjunction with a corresponding TPM_PUBKEY
946 * to construct a private key which can be unambiguously used.
947 */
948 typedef struct tdTPM_STORE_PRIVKEY {
949 UINT32 keyLength;
950 BYTE* key;
951 } TPM_STORE_PRIVKEY;
952 #define sizeof_TPM_STORE_PRIVKEY(s) (4 + s.keyLength)
953 #define free_TPM_STORE_PRIVKEY(s) { if (s.keyLength > 0) tpm_free(s.key); }
954
955 /*
956 * TPM_STORE_ASYMKEY ([TPM_Part2], Section 10.6)
957 * The TPM_STORE_ASYMKEY structure provides the area to identify the
958 * confidential information related to a key.
959 */
960 typedef struct tdTPM_STORE_ASYMKEY {
961 TPM_PAYLOAD_TYPE payload;
962 TPM_SECRET usageAuth;
963 TPM_SECRET migrationAuth;
964 TPM_DIGEST pubDataDigest;
965 TPM_STORE_PRIVKEY privKey;
966 } TPM_STORE_ASYMKEY;
967 #define sizeof_TPM_STORE_ASYMKEY(s) (1 + 20 + 20 + 20 \
968 + sizeof_TPM_STORE_PRIVKEY(s.privKey))
969 #define free_TPM_STORE_ASYMKEY(s) { free_TPM_STORE_PRIVKEY(s.privKey); }
970
971 /*
972 * TPM_MIGRATE_ASYMKEY ([TPM_Part2], Section 10.8)
973 * The TPM_MIGRATE_ASYMKEY structure provides the area to identify the private
974 * key factors of a asymmetric key while the key is migrating between TPM's.
975 */
976 typedef struct tdTPM_MIGRATE_ASYMKEY {
977 TPM_PAYLOAD_TYPE payload;
978 TPM_SECRET usageAuth;
979 TPM_DIGEST pubDataDigest;
980 UINT32 partPrivKeyLen;
981 BYTE *partPrivKey;
982 } TPM_MIGRATE_ASYMKEY;
983 #define sizeof_TPM_MIGRATE_ASYMKEY(s) (1 + 20 + 20 + 4 + s.partPrivKeyLen)
984 #define free_TPM_MIGRATE_ASYMKEY(s) { tpm_free(s.partPrivKey); }
985
986 /*
987 * TPM_MIGRATIONKEYAUTH ([TPM_Part2], Section 5.12)
988 * Provides the proof that the associated public key has authorization to
989 * be a migration key.
990 */
991 typedef struct tdTPM_MIGRATIONKEYAUTH {
992 TPM_PUBKEY migrationKey;
993 TPM_MIGRATE_SCHEME migrationScheme;
994 TPM_DIGEST digest;
995 } TPM_MIGRATIONKEYAUTH;
996 #define sizeof_TPM_MIGRATIONKEYAUTH(s) (sizeof_TPM_PUBKEY(s.migrationKey) \
997 + 2 + 20)
998 #define free_TPM_MIGRATIONKEYAUTH(s) { free_TPM_PUBKEY(s.migrationKey); }
999
1000 /*
1001 * TPM_KEY_CONTROL ([TPM_Part2], Section 10.9)
1002 * Attributes that can control various aspects of key usage and manipulation.
1003 */
1004 /* 31:-1 reserved and must be 0 */
1005 #define TPM_KEY_CONTROL_OWNER_EVICT (1 << 0)
1006
1007 /*
1008 * Signed Structures
1009 */
1010
1011 /*
1012 * TPM_AUTH ([TPM_Part1], Section ??.?)
1013 * Authorization Protocol Input/Output Parameter
1014 */
1015 typedef struct tdTPM_AUTH {
1016 TPM_AUTHHANDLE authHandle;
1017 TPM_NONCE nonceEven;
1018 TPM_NONCE nonceOdd;
1019 BOOL continueAuthSession;
1020 TPM_AUTHDATA auth;
1021 /* additional NOT marshalled parameters */
1022 TPM_SECRET secret;
1023 BYTE digest[20];
1024 TPM_COMMAND_CODE ordinal;
1025 } TPM_AUTH;
1026
1027 /*
1028 * TPM_CERTIFY_INFO Structure ([TPM_Part2], Section 11.1)
1029 * TPM_CERTIFY_INFO2 Structure ([TPM_Part2], Section 11.2)
1030 * This structure provides the mechanism to provide a signature with a TPM
1031 * identity key on information that describes that key.
1032 */
1033 #define TPM_TAG_CERTIFY_INFO2 0x0029
1034 typedef struct tdTPM_CERTIFY_INFO {
1035 TPM_STRUCTURE_TAG tag;
1036 BYTE fill;
1037 TPM_PAYLOAD_TYPE payloadType;
1038 TPM_KEY_USAGE keyUsage;
1039 TPM_KEY_FLAGS keyFlags;
1040 TPM_AUTH_DATA_USAGE authDataUsage;
1041 TPM_KEY_PARMS algorithmParms;
1042 TPM_DIGEST pubkeyDigest;
1043 TPM_NONCE data;
1044 BOOL parentPCRStatus;
1045 UINT32 PCRInfoSize;
1046 TPM_PCR_INFO PCRInfo;
1047 UINT32 migrationAuthoritySize;
1048 BYTE* migrationAuthority;
1049 } TPM_CERTIFY_INFO;
1050 #define sizeof_TPM_CERTIFY_INFO(s) (4 + 2 + 4 + 1 + \
1051 sizeof_TPM_KEY_PARMS(s.algorithmParms) + 20 + 20 + 1 + 4 \
1052 + s.PCRInfoSize \
1053 + (s.tag == TPM_TAG_CERTIFY_INFO2 ? 4 + s.migrationAuthoritySize : 0))
1054 #define free_TPM_CERTIFY_INFO(s) { free_TPM_KEY_PARMS(s.algorithmParms); \
1055 if (s.migrationAuthoritySize > 0) tpm_free(s.migrationAuthority); }
1056
1057 /*
1058 * TPM_QUOTE_INFO Structure ([TPM_Part2], Section 11.3)
1059 * This structure provides the mechanism for the TPM to quote the
1060 * current values of a list of PCRs.
1061 */
1062 typedef struct tdTPM_QUOTE_INFO {
1063 TPM_STRUCT_VER version;
1064 BYTE fixed[4];
1065 TPM_COMPOSITE_HASH digestValue;
1066 TPM_NONCE externalData;
1067 } TPM_QUOTE_INFO;
1068
1069 /*
1070 * TPM_QUOTE_INFO2 Structure ([TPM_Part2], Section 11.4)
1071 * This structure provides the mechanism for the TPM to quote the
1072 * current values of a list of PCRs.
1073 */
1074 #define TPM_TAG_QUOTE_INFO2 0x0036
1075 typedef struct tdTPM_QUOTE_INFO2 {
1076 TPM_STRUCTURE_TAG tag;
1077 BYTE fixed[4];
1078 TPM_NONCE externalData;
1079 TPM_PCR_INFO_SHORT infoShort;
1080 } TPM_QUOTE_INFO2;
1081 #define sizeof_TPM_QUOTE_INFO2(s) (2 + 4 + 20 + \
1082 sizeof_TPM_PCR_INFO_SHORT(s.infoShort))
1083
1084 /*
1085 * Identity Structures
1086 */
1087
1088 /*
1089 * TPM_EK_BLOB ([TPM_Part2], Section 12.1)
1090 * This structure provides a wrapper to each type of structure that
1091 * will be in use when the endorsement key is in use.
1092 */
1093 #define TPM_TAG_EK_BLOB 0x000C
1094 typedef struct tdTPM_EK_BLOB {
1095 TPM_STRUCTURE_TAG tag;
1096 TPM_EK_TYPE ekType;
1097 UINT32 blobSize;
1098 BYTE* blob;
1099 } TPM_EK_BLOB;
1100
1101 /*
1102 * TPM_EK_BLOB_ACTIVATE ([TPM_Part2], Section 12.2)
1103 * This structure contains the symmetric key to encrypt the identity
1104 * credential. This structure always is contained in a TPM_EK_BLOB.
1105 */
1106 #define TPM_TAG_EK_BLOB_ACTIVATE 0x002B
1107 typedef struct tdTPM_EK_BLOB_ACTIVATE {
1108 TPM_STRUCTURE_TAG tag;
1109 TPM_SYMMETRIC_KEY sessionKey;
1110 TPM_DIGEST idDigest;
1111 TPM_PCR_INFO_SHORT pcrInfo;
1112 } TPM_EK_BLOB_ACTIVATE;
1113
1114 /*
1115 * TPM_EK_BLOB_AUTH ([TPM_Part2], Section 12.3)
1116 * This structure contains the symmetric key to encrypt the identity
1117 * credential. This structure always is contained in a TPM_EK_BLOB.
1118 */
1119 #define TPM_TAG_EK_BLOB_AUTH 0x000D
1120 typedef struct tdTPM_EK_BLOB_AUTH {
1121 TPM_STRUCTURE_TAG tag;
1122 TPM_SECRET authValue;
1123 } TPM_EK_BLOB_AUTH;
1124
1125 /*
1126 * TPM_IDENTITY_CONTENTS ([TPM_Part2], Section 12.5)
1127 * TPM_MakeIdentity uses this structure and the signature of this structure
1128 * goes to a privacy CA during the certification process.
1129 */
1130 typedef struct tdTPM_IDENTITY_CONTENTS {
1131 TPM_STRUCT_VER ver;
1132 UINT32 ordinal;
1133 TPM_CHOSENID_HASH labelPrivCADigest;
1134 TPM_PUBKEY identityPubKey;
1135 } TPM_IDENTITY_CONTENTS;
1136 #define sizeof_TPM_IDENTITY_CONTENTS(s) (4 + 4 + 20 + \
1137 sizeof_TPM_PUBKEY(s.identityPubKey))
1138
1139 /*
1140 * TPM_IDENTITY_REQ ([TPM_Part2], Section 12.6)
1141 * This structure is sent by the TSS to the Privacy CA to create the
1142 * identity credential. This structure is informative only.
1143 */
1144
1145 /*
1146 * TPM_IDENTITY_PROOF ([TPM_Part2], Section 12.7)
1147 * Structure in use during the AIK credential process.
1148 */
1149
1150 /*
1151 * TPM_ASYM_CA_CONTENTS ([TPM_Part2], Section 12.8)
1152 * Contains the symmetric key to encrypt the identity credential.
1153 */
1154 typedef struct tdTPM_ASYM_CA_CONTENTS {
1155 TPM_SYMMETRIC_KEY sessionKey;
1156 TPM_DIGEST idDigest;
1157 } TPM_ASYM_CA_CONTENTS;
1158
1159 /*
1160 * TPM_SYM_CA_ATTESTATION ([TPM_Part2], Section 12.9)
1161 * This structure returned by the Privacy CA with the encrypted
1162 * identity credential.
1163 */
1164
1165 /*
1166 * Tick Structures
1167 */
1168
1169 /*
1170 * TPM_CURRENT_TICKS ([TPM_Part2], Section 15.1)
1171 * This structure holds the current number of time ticks in the TPM.
1172 */
1173 #define TPM_TAG_CURRENT_TICKS 0x0014
1174 typedef struct tdTPM_CURRENT_TICKS {
1175 TPM_STRUCTURE_TAG tag;
1176 UINT64 currentTicks;
1177 UINT16 tickRate;
1178 TPM_NONCE tickNonce;
1179 } TPM_CURRENT_TICKS;
1180 #define sizeof_TPM_CURRENT_TICKS(s) (2 + 8 + 2 + 20)
1181
1182 /*
1183 * Transport Structures
1184 */
1185
1186 /*
1187 * TPM_TRANSPORT_PUBLIC ([TPM_Part2], Section 13.1)
1188 * The public information relative to a transport session.
1189 */
1190 #define TPM_TAG_TRANSPORT_PUBLIC 0x001E
1191 typedef struct tdTPM_TRANSPORT_PUBLIC {
1192 TPM_STRUCTURE_TAG tag;
1193 TPM_TRANSPORT_ATTRIBUTES transAttributes;
1194 TPM_ALGORITHM_ID algID;
1195 TPM_ENC_SCHEME encScheme;
1196 } TPM_TRANSPORT_PUBLIC;
1197 #define sizeof_TPM_TRANSPORT_PUBLIC(s) (2 + 4 + 4 + 2)
1198
1199 /* TPM_TRANSPORT_ATTRIBUTES Definitions ([TPM_Part2], Section 13.1.1) */
1200 #define TPM_TRANSPORT_ENCRYPT 0x00000001
1201 #define TPM_TRANSPORT_LOG 0x00000002
1202 #define TPM_TRANSPORT_EXCLUSIVE 0x00000004
1203
1204 /*
1205 * TPM_TRANSPORT_INTERNAL ([TPM_Part2], Section 13.2)
1206 * The internal information regarding transport session.
1207 */
1208 #define TPM_TAG_TRANSPORT_INTERNAL 0x000F
1209 typedef struct tdTPM_TRANSPORT_INTERNAL {
1210 TPM_STRUCTURE_TAG tag;
1211 TPM_AUTHDATA authData;
1212 TPM_TRANSPORT_PUBLIC transPublic;
1213 TPM_TRANSHANDLE transHandle;
1214 TPM_NONCE transNonceEven;
1215 TPM_DIGEST transDigest;
1216 } TPM_TRANSPORT_INTERNAL;
1217 #define sizeof_TPM_TRANSPORT_INTERNAL(s) (2 + 20 + 4 + 20 + 20 \
1218 + sizeof_TPM_TRANSPORT_PUBLIC(s.transPublic))
1219
1220 /*
1221 * TPM_TRANSPORT_LOG_IN structure ([TPM_Part2], Section 13.3)
1222 * This structure is in use for input log calculations.
1223 */
1224 #define TPM_TAG_TRANSPORT_LOG_IN 0x0010
1225 typedef struct tdTPM_TRANSPORT_LOG_IN {
1226 TPM_STRUCTURE_TAG tag;
1227 TPM_DIGEST parameters;
1228 TPM_DIGEST pubKeyHash;
1229 } TPM_TRANSPORT_LOG_IN;
1230 #define sizeof_TPM_TRANSPORT_LOG_IN(s) (2 + 20 + 20)
1231
1232 /*
1233 * TPM_TRANSPORT_LOG_OUT structure ([TPM_Part2], Section 13.4)
1234 * This structure is in use for output log calculations.
1235 * This structure is in use for the INPUT logging during releaseTransport.
1236 */
1237 #define TPM_TAG_TRANSPORT_LOG_OUT 0x0011
1238 typedef struct tdTPM_TRANSPORT_LOG_OUT {
1239 TPM_STRUCTURE_TAG tag;
1240 TPM_CURRENT_TICKS currentTicks;
1241 TPM_DIGEST parameters;
1242 TPM_MODIFIER_INDICATOR locality;
1243 } TPM_TRANSPORT_LOG_OUT;
1244 #define sizeof_TPM_TRANSPORT_LOG_OUT(s) (2 + 20 + 4 \
1245 + sizeof_TPM_CURRENT_TICKS(s.currentTicks))
1246
1247 /*
1248 * TPM_TRANSPORT_AUTH structure ([TPM_Part2], Section 13.5)
1249 * Provides the validation for the encrypted authorization value.
1250 */
1251 #define TPM_TAG_TRANSPORT_AUTH 0x001D
1252 typedef struct tdTPM_TRANSPORT_AUTH {
1253 TPM_STRUCTURE_TAG tag;
1254 TPM_AUTHDATA authData;
1255 } TPM_TRANSPORT_AUTH;
1256 #define sizeof_TPM_TRANSPORT_AUTH(s) (2 + 20)
1257
1258 /*
1259 * Audit Structures
1260 */
1261
1262 /*
1263 * TPM_AUDIT_EVENT_IN structure ([TPM_Part2], Section 14.1)
1264 * This structure provides the auditing of the command upon receipt of
1265 * the command. It provides the information regarding the input parameters.
1266 */
1267 #define TPM_TAG_AUDIT_EVENT_IN 0x0012
1268 typedef struct tdTPM_AUDIT_EVENT_IN {
1269 TPM_STRUCTURE_TAG tag;
1270 TPM_DIGEST inputParms;
1271 TPM_COUNTER_VALUE auditCount;
1272 } TPM_AUDIT_EVENT_IN;
1273 #define sizeof_TPM_AUDIT_EVENT_IN(s) (2 + 20 \
1274 + sizeof_TPM_COUNTER_VALUE(s.auditCount))
1275
1276 /*
1277 * TPM_AUDIT_EVENT_OUT structure ([TPM_Part2], Section 14.2)
1278 * This structure reports the results of the command execution.
1279 * It includes the return code and the output parameters.
1280 */
1281 #define TPM_TAG_AUDIT_EVENT_OUT 0x0013
1282 typedef struct tdTPM_AUDIT_EVENT_OUT {
1283 TPM_STRUCTURE_TAG tag;
1284 TPM_DIGEST outputParms;
1285 TPM_COUNTER_VALUE auditCount;
1286 } TPM_AUDIT_EVENT_OUT;
1287 #define sizeof_TPM_AUDIT_EVENT_OUT(s) (2 + 20 \
1288 + sizeof_TPM_COUNTER_VALUE(s.auditCount))
1289
1290 /*
1291 * TPM Return Codes ([TPM_Part2], Section 16)
1292 */
1293 #define TPM_NON_FATAL 0x00000800
1294 #define TPM_BASE 0x00000000
1295
1296 #define TPM_SUCCESS (TPM_BASE + 0)
1297 #define TPM_AUTHFAIL (TPM_BASE + 1)
1298 #define TPM_BADINDEX (TPM_BASE + 2)
1299 #define TPM_BAD_PARAMETER (TPM_BASE + 3)
1300 #define TPM_AUDITFAILURE (TPM_BASE + 4)
1301 #define TPM_CLEAR_DISABLED (TPM_BASE + 5)
1302 #define TPM_DEACTIVATED (TPM_BASE + 6)
1303 #define TPM_DISABLED (TPM_BASE + 7)
1304 #define TPM_DISABLED_CMD (TPM_BASE + 8)
1305 #define TPM_FAIL (TPM_BASE + 9)
1306 #define TPM_BAD_ORDINAL (TPM_BASE + 10)
1307 #define TPM_INSTALL_DISABLED (TPM_BASE + 11)
1308 #define TPM_INVALID_KEYHANDLE (TPM_BASE + 12)
1309 #define TPM_KEYNOTFOUND (TPM_BASE + 13)
1310 #define TPM_INAPPROPRIATE_ENC (TPM_BASE + 14)
1311 #define TPM_MIGRATEFAIL (TPM_BASE + 15)
1312 #define TPM_INVALID_PCR_INFO (TPM_BASE + 16)
1313 #define TPM_NOSPACE (TPM_BASE + 17)
1314 #define TPM_NOSRK (TPM_BASE + 18)
1315 #define TPM_NOTSEALED_BLOB (TPM_BASE + 19)
1316 #define TPM_OWNER_SET (TPM_BASE + 20)
1317 #define TPM_RESOURCES (TPM_BASE + 21)
1318 #define TPM_SHORTRANDOM (TPM_BASE + 22)
1319 #define TPM_SIZE (TPM_BASE + 23)
1320 #define TPM_WRONGPCRVAL (TPM_BASE + 24)
1321 #define TPM_BAD_PARAM_SIZE (TPM_BASE + 25)
1322 #define TPM_SHA_THREAD (TPM_BASE + 26)
1323 #define TPM_SHA_ERROR (TPM_BASE + 27)
1324 #define TPM_FAILEDSELFTEST (TPM_BASE + 28)
1325 #define TPM_AUTH2FAIL (TPM_BASE + 29)
1326 #define TPM_BADTAG (TPM_BASE + 30)
1327 #define TPM_IOERROR (TPM_BASE + 31)
1328 #define TPM_ENCRYPT_ERROR (TPM_BASE + 32)
1329 #define TPM_DECRYPT_ERROR (TPM_BASE + 33)
1330 #define TPM_INVALID_AUTHHANDLE (TPM_BASE + 34)
1331 #define TPM_NO_ENDORSEMENT (TPM_BASE + 35)
1332 #define TPM_INVALID_KEYUSAGE (TPM_BASE + 36)
1333 #define TPM_WRONG_ENTITYTYPE (TPM_BASE + 37)
1334 #define TPM_INVALID_POSTINIT (TPM_BASE + 38)
1335 #define TPM_INAPPROPRIATE_SIG (TPM_BASE + 39)
1336 #define TPM_BAD_KEY_PROPERTY (TPM_BASE + 40)
1337 #define TPM_BAD_MIGRATION (TPM_BASE + 41)
1338 #define TPM_BAD_SCHEME (TPM_BASE + 42)
1339 #define TPM_BAD_DATASIZE (TPM_BASE + 43)
1340 #define TPM_BAD_MODE (TPM_BASE + 44)
1341 #define TPM_BAD_PRESENCE (TPM_BASE + 45)
1342 #define TPM_BAD_VERSION (TPM_BASE + 46)
1343 #define TPM_NO_WRAP_TRANSPORT (TPM_BASE + 47)
1344 #define TPM_AUDITFAIL_UNSUCCESSFUL (TPM_BASE + 48)
1345 #define TPM_AUDITFAIL_SUCCESSFUL (TPM_BASE + 49)
1346 #define TPM_NOTRESETABLE (TPM_BASE + 50)
1347 #define TPM_NOTLOCAL (TPM_BASE + 51)
1348 #define TPM_BAD_TYPE (TPM_BASE + 52)
1349 #define TPM_INVALID_RESOURCE (TPM_BASE + 53)
1350 #define TPM_NOTFIPS (TPM_BASE + 54)
1351 #define TPM_INVALID_FAMILY (TPM_BASE + 55)
1352 #define TPM_NO_NV_PERMISSION (TPM_BASE + 56)
1353 #define TPM_REQUIRES_SIGN (TPM_BASE + 57)
1354 #define TPM_KEY_NOTSUPPORTED (TPM_BASE + 58)
1355 #define TPM_AUTH_CONFLICT (TPM_BASE + 59)
1356 #define TPM_AREA_LOCKED (TPM_BASE + 60)
1357 #define TPM_BAD_LOCALITY (TPM_BASE + 61)
1358 #define TPM_READ_ONLY (TPM_BASE + 62)
1359 #define TPM_PER_NOWRITE (TPM_BASE + 63)
1360 #define TPM_FAMILYCOUNT (TPM_BASE + 64)
1361 #define TPM_WRITE_LOCKED (TPM_BASE + 65)
1362 #define TPM_BAD_ATTRIBUTES (TPM_BASE + 66)
1363 #define TPM_INVALID_STRUCTURE (TPM_BASE + 67)
1364 #define TPM_KEY_OWNER_CONTROL (TPM_BASE + 68)
1365 #define TPM_BAD_COUNTER (TPM_BASE + 69)
1366 #define TPM_NOT_FULLWRITE (TPM_BASE + 70)
1367 #define TPM_CONTEXT_GAP (TPM_BASE + 71)
1368 #define TPM_MAXNVWRITES (TPM_BASE + 72)
1369 #define TPM_NOOPERATOR (TPM_BASE + 73)
1370 #define TPM_RESOURCEMISSING (TPM_BASE + 74)
1371 #define TPM_DELEGATE_LOCK (TPM_BASE + 75)
1372 #define TPM_DELEGATE_FAMILY (TPM_BASE + 76)
1373 #define TPM_DELEGATE_ADMIN (TPM_BASE + 77)
1374 #define TPM_TRANSPORT_NOTEXCLUSIVE (TPM_BASE + 78)
1375 #define TPM_OWNER_CONTROL (TPM_BASE + 79)
1376 #define TPM_DAA_RESOURCES (TPM_BASE + 80)
1377 #define TPM_DAA_INPUT_DATA0 (TPM_BASE + 81)
1378 #define TPM_DAA_INPUT_DATA1 (TPM_BASE + 82)
1379 #define TPM_DAA_ISSUER_SETTINGS (TPM_BASE + 83)
1380 #define TPM_DAA_TPM_SETTINGS (TPM_BASE + 84)
1381 #define TPM_DAA_STAGE (TPM_BASE + 85)
1382 #define TPM_DAA_ISSUER_VALIDITY (TPM_BASE + 86)
1383 #define TPM_DAA_WRONG_W (TPM_BASE + 87)
1384 #define TPM_BAD_HANDLE (TPM_BASE + 88)
1385 #define TPM_BAD_DELEGATE (TPM_BASE + 89)
1386 #define TPM_BADCONTEXT (TPM_BASE + 90)
1387 #define TPM_TOOMANYCONTEXTS (TPM_BASE + 91)
1388 #define TPM_MA_TICKET_SIGNATURE (TPM_BASE + 92)
1389 #define TPM_MA_DESTINATION (TPM_BASE + 93)
1390 #define TPM_MA_SOURCE (TPM_BASE + 94)
1391 #define TPM_MA_AUTHORITY (TPM_BASE + 95)
1392 #define TPM_PERMANENTEK (TPM_BASE + 97)
1393 #define TPM_BAD_SIGNATURE (TPM_BASE + 98)
1394 #define TPM_NOCONTEXTSPACE (TPM_BASE + 99)
1395 #define TPM_RETRY (TPM_BASE + TPM_NON_FATAL)
1396 #define TPM_NEEDS_SELFTEST (TPM_BASE + TPM_NON_FATAL + 1)
1397 #define TPM_DOING_SELFTEST (TPM_BASE + TPM_NON_FATAL + 2)
1398 #define TPM_DEFEND_LOCK_RUNNING (TPM_BASE + TPM_NON_FATAL + 3)
1399
1400 /*
1401 * NV Storage Structures
1402 */
1403
1404 /*
1405 * Required TPM_NV_INDEX values ([TPM_Part2], Section 19.1.1)
1406 * The required index values must be found on each TPM regardless
1407 * of platform. These areas are always present and do not require
1408 * a TPM_NV_DefineSpace command to allocate.
1409 */
1410 #define TPM_NV_INDEX_LOCK 0xFFFFFFFF
1411 #define TPM_NV_INDEX0 0x00000000
1412 #define TPM_NV_INDEX_DIR 0x10000001
1413
1414 #define TPM_NV_INDEX_T (1 << 31)
1415 #define TPM_NV_INDEX_P (1 << 30)
1416 #define TPM_NV_INDEX_U (1 << 29)
1417 #define TPM_NV_INDEX_D (1 << 28)
1418
1419 /*
1420 * Reserved Index values ([TPM_Part2], Section 19.1.2)
1421 * The reserved values are defined to avoid index collisions. These
1422 * values are not in each and every TPM.
1423 */
1424 #define TPM_NV_INDEX_EKCert 0x0000F000
1425 #define TPM_NV_INDEX_TPM_CC 0x0000F001
1426 #define TPM_NV_INDEX_PlatformCert 0x0000F002
1427 #define TPM_NV_INDEX_Platform_CC 0x0000F003
1428 #define TPM_NV_INDEX_TRIAL 0x0000F004
1429
1430 /*
1431 * TPM_NV_ATTRIBUTES ([TPM_Part2], Section 19.2)
1432 * This structure allows the TPM to keep track of the data and
1433 * permissions to manipulate the area.
1434 */
1435 #define TPM_TAG_NV_ATTRIBUTES 0x0017
1436 typedef struct tdTPM_NV_ATTRIBUTES {
1437 TPM_STRUCTURE_TAG tag;
1438 UINT32 attributes;
1439 } TPM_NV_ATTRIBUTES;
1440
1441 #define TPM_NV_PER_READ_STCLEAR (1 << 31)
1442 /* bits 30-19 are reserved and must be 0 */
1443 #define TPM_NV_PER_AUTHREAD (1 << 18)
1444 #define TPM_NV_PER_OWNERREAD (1 << 17)
1445 #define TPM_NV_PER_PPREAD (1 << 16)
1446 #define TPM_NV_PER_GLOBALLOCK (1 << 15)
1447 #define TPM_NV_PER_WRITE_STCLEAR (1 << 14)
1448 #define TPM_NV_PER_WRITEDEFINE (1 << 13)
1449 #define TPM_NV_PER_WRITEALL (1 << 12)
1450 /* bits 11-3 are reserved and must be 0 */
1451 #define TPM_NV_PER_AUTHWRITE (1 << 2)
1452 #define TPM_NV_PER_OWNERWRITE (1 << 1)
1453 #define TPM_NV_PER_PPWRITE (1 << 0)
1454
1455 /*
1456 * TPM_NV_DATA_PUBLIC ([TPM_Part2], Section 19.3)
1457 * Represents the public description and controls on the NV area.
1458 */
1459 #define TPM_TAG_NV_DATA_PUBLIC 0x0018
1460 typedef struct tdTPM_NV_DATA_PUBLIC {
1461 TPM_STRUCTURE_TAG tag;
1462 TPM_NV_INDEX nvIndex;
1463 TPM_PCR_INFO_SHORT pcrInfoRead;
1464 TPM_PCR_INFO_SHORT pcrInfoWrite;
1465 TPM_NV_ATTRIBUTES permission;
1466 BOOL bReadSTClear;
1467 BOOL bWriteSTClear;
1468 BOOL bWriteDefine;
1469 UINT32 dataSize;
1470 } TPM_NV_DATA_PUBLIC;
1471 #define sizeof_TPM_NV_DATA_PUBLIC(s) (2 + 4 + 6 + 1 + 1 + 1 + 4 \
1472 + sizeof_TPM_PCR_INFO_SHORT(s.pcrInfoRead) \
1473 + sizeof_TPM_PCR_INFO_SHORT(s.pcrInfoWrite))
1474
1475 /*
1476 * TPM_NV_DATA_SENSITIVE ([TPM_Part2], Section 19.4)
1477 * This is an internal structure that the TPM uses to keep the actual
1478 * NV data and the controls regarding the area.
1479 */
1480 #define TPM_TAG_NV_DATA_SENSITIVE 0x0019
1481 typedef struct tdTPM_NV_DATA_SENSITIVE {
1482 TPM_STRUCTURE_TAG tag;
1483 TPM_NV_DATA_PUBLIC pubInfo;
1484 TPM_AUTHDATA authValue;
1485 UINT32 dataIndex;
1486 /* additional data */
1487 BOOL valid;
1488 } TPM_NV_DATA_SENSITIVE;
1489 #define sizeof_TPM_NV_DATA_SENSITIVE(s) (2 \
1490 + sizeof_TPM_NV_DATA_PUBLIC(s.pubInfo) + 20 + 4)
1491
1492 /*
1493 * Max NV Size ([TPM_Part2], Section 19.5)
1494 * This is a value where the minimum value is set by the platform
1495 * specific specification. The TPM vendor can design a TPM with a
1496 * size that is larger than the minimum.
1497 */
1498 #define TPM_MAX_NV_SIZE 4096
1499
1500 /*
1501 * Delegate Structures
1502 */
1503
1504 /*
1505 * Delegate Definitions ([TPM_Part2], Section 20.2)
1506 * The delegations are in a 64-bit field. Each bit describes a capability
1507 * that the TPM Owner or an authorized key user can delegate to a trusted
1508 * process by setting that bit. Each delegation bit setting is independent
1509 * of any other delegation bit setting in a row.
1510 */
1511 #define TPM_DEL_OWNER_BITS 0x00000001
1512 #define TPM_DEL_KEY_BITS 0x00000002
1513
1514 #define TPM_TAG_DELEGATIONS 0x001A
1515 typedef struct tdTPM_DELEGATIONS {
1516 TPM_STRUCTURE_TAG tag;
1517 UINT32 delegateType;
1518 UINT32 per1;
1519 UINT32 per2;
1520 } TPM_DELEGATIONS;
1521 #define sizeof_TPM_DELEGATIONS(s) (2 + 4 + 4 + 4)
1522
1523 /*
1524 * Owner Permission Settings ([TPM_Part2], Section 20.2.1)
1525 * Defines the order of bits in the permission array.
1526 */
1527 /* Per1 bits */
1528 /* 31 reserved and must be 0 */
1529 #define TPM_DELEGATE_SetOrdinalAuditStatus (1 << 30)
1530 #define TPM_DELEGATE_DirWriteAuth (1 << 29)
1531 #define TPM_DELEGATE_CMK_ApproveMA (1 << 28)
1532 #define TPM_DELEGATE_NV_WriteValue (1 << 27)
1533 #define TPM_DELEGATE_CMK_CreateTicket (1 << 26)
1534 #define TPM_DELEGATE_NV_ReadValue (1 << 25)
1535 #define TPM_DELEGATE_Delegate_LoadOwnerDelegation (1 << 24)
1536 #define TPM_DELEGATE_DAA_Join (1 << 23)
1537 #define TPM_DELEGATE_AuthorizeMigrationKey (1 << 22)
1538 #define TPM_DELEGATE_CreateMaintenanceArchive (1 << 21)
1539 #define TPM_DELEGATE_LoadMaintenanceArchive (1 << 20)
1540 #define TPM_DELEGATE_KillMaintenanceFeature (1 << 19)
1541 #define TPM_DELEGATE_OwnerReadInternalPub (1 << 18)
1542 #define TPM_DELEGATE_ResetLockValue (1 << 17)
1543 #define TPM_DELEGATE_OwnerClear (1 << 16)
1544 #define TPM_DELEGATE_DisableOwnerClear (1 << 15)
1545 #define TPM_DELEGATE_NV_DefineSpace (1 << 14)
1546 #define TPM_DELEGATE_OwnerSetDisable (1 << 13)
1547 #define TPM_DELEGATE_SetCapability (1 << 12)
1548 #define TPM_DELEGATE_MakeIdentity (1 << 11)
1549 #define TPM_DELEGATE_ActivateIdentity (1 << 10)
1550 #define TPM_DELEGATE_OwnerReadPubek (1 << 9)
1551 #define TPM_DELEGATE_DisablePubekRead (1 << 8)
1552 #define TPM_DELEGATE_SetRedirection (1 << 7)
1553 #define TPM_DELEGATE_FieldUpgrade (1 << 6)
1554 #define TPM_DELEGATE_Delegate_UpdateVerification (1 << 5)
1555 #define TPM_DELEGATE_CreateCounter (1 << 4)
1556 #define TPM_DELEGATE_ReleaseCounterOwner (1 << 3)
1557 #define TPM_DELEGATE_Delegate_Manage (1 << 2)
1558 #define TPM_DELEGATE_Delegate_CreateOwnerDelegation (1 << 1)
1559 #define TPM_DELEGATE_DAA_Sign (1 << 0)
1560 /* Per2 bits */
1561 /* 31-0 reserved and must be 0 */
1562
1563 /*
1564 * Key Permission settings ([TPM_Part2], Section 20.2.3)
1565 * Defines the order of bits in the permission array.
1566 */
1567 /* Per1 bits */
1568 /* 31-29 reserved and must be 0 */
1569 #define TPM_KEY_DELEGATE_CMK_ConvertMigration (1 << 28)
1570 #define TPM_KEY_DELEGATE_TickStampBlob (1 << 27)
1571 #define TPM_KEY_DELEGATE_ChangeAuthAsymStart (1 << 26)
1572 #define TPM_KEY_DELEGATE_ChangeAuthAsymFinish (1 << 25)
1573 #define TPM_KEY_DELEGATE_CMK_CreateKey (1 << 24)
1574 #define TPM_KEY_DELEGATE_MigrateKey (1 << 23)
1575 #define TPM_KEY_DELEGATE_LoadKey2 (1 << 22)
1576 #define TPM_KEY_DELEGATE_EstablishTransport (1 << 21)
1577 #define TPM_KEY_DELEGATE_ReleaseTransportSigned (1 << 20)
1578 #define TPM_KEY_DELEGATE_Quote2 (1 << 19)
1579 #define TPM_KEY_DELEGATE_Sealx (1 << 18)
1580 #define TPM_KEY_DELEGATE_MakeIdentity (1 << 17)
1581 #define TPM_KEY_DELEGATE_ActivateIdentity (1 << 16)
1582 #define TPM_KEY_DELEGATE_GetAuditDigestSigned (1 << 15)
1583 #define TPM_KEY_DELEGATE_Sign (1 << 14)
1584 #define TPM_KEY_DELEGATE_CertifyKey2 (1 << 13)
1585 #define TPM_KEY_DELEGATE_CertifyKey (1 << 12)
1586 #define TPM_KEY_DELEGATE_CreateWrapKey (1 << 11)
1587 #define TPM_KEY_DELEGATE_CMK_CreateBlob (1 << 10)
1588 #define TPM_KEY_DELEGATE_CreateMigrationBlob (1 << 9)
1589 #define TPM_KEY_DELEGATE_ConvertMigrationBlob (1 << 8)
1590 #define TPM_KEY_DELEGATE_Delegate_CreateKeyDelegation (1 << 7)
1591 #define TPM_KEY_DELEGATE_ChangeAuth (1 << 6)
1592 #define TPM_KEY_DELEGATE_GetPubKey (1 << 5)
1593 #define TPM_KEY_DELEGATE_Unbind (1 << 4)
1594 #define TPM_KEY_DELEGATE_Quote (1 << 3)
1595 #define TPM_KEY_DELEGATE_Unseal (1 << 2)
1596 #define TPM_KEY_DELEGATE_Seal (1 << 1)
1597 #define TPM_KEY_DELEGATE_LoadKey (1 << 0)
1598 /* Per2 bits */
1599 /* 31-0 reserved and must be 0 */
1600
1601 /*
1602 * TPM_FAMILY_FLAGS ([TPM_Part2], Section 20.3)
1603 * These flags indicate the operational state of the delegation and
1604 * family table. These flags are additions to TPM_PERMANENT_FLAGS and
1605 * are not standalone values.
1606 */
1607 /* 31-2 reserved and must be 0 */
1608 #define TPM_DELEGATE_ADMIN_LOCK (1 << 1)
1609 #define TPM_FAMFLAG_ENABLED (1 << 0)
1610
1611 /*
1612 * TPM_FAMILY_LABEL ([TPM_Part2], Section 20.4)
1613 * Used in the family table to hold a one-byte numeric value (sequence number)
1614 * that software can map to a string of bytes.
1615 */
1616 typedef struct tdTPM_FAMILY_LABEL {
1617 BYTE label;
1618 } TPM_FAMILY_LABEL;
1619 #define sizeof_TPM_FAMILY_LABEL(s) (1)
1620
1621 /*
1622 * TPM_FAMILY_TABLE_ENTRY ([TPM_Part2], Section 20.5)
1623 * The family table entry is an individual row in the family table.
1624 */
1625 #define TPM_TAG_FAMILY_TABLE_ENTRY 0x0025
1626 typedef struct tdTPM_FAMILY_TABLE_ENTRY {
1627 TPM_STRUCTURE_TAG tag;
1628 TPM_FAMILY_LABEL familyLabel;
1629 TPM_FAMILY_ID familyID;
1630 TPM_FAMILY_VERIFICATION verificationCount;
1631 TPM_FAMILY_FLAGS flags;
1632 /* only for internal use */
1633 BOOL valid;
1634 } TPM_FAMILY_TABLE_ENTRY;
1635 #define sizeof_TPM_FAMILY_TABLE_ENTRY(s) (2 + 1 + 4 + 4 + 4)
1636
1637 /*
1638 * TPM_FAMILY_TABLE ([TPM_Part2], Section 20.6)
1639 * The family table is stored in a TPM shielded location. There are no
1640 * confidential values in the family table. The family table contains
1641 * a minimum of 8 rows.
1642 */
1643 #define TPM_NUM_FAMILY_TABLE_ENTRY 16
1644 typedef struct tdTPM_FAMILY_TABLE {
1645 TPM_FAMILY_TABLE_ENTRY famRow[TPM_NUM_FAMILY_TABLE_ENTRY];
1646 } TPM_FAMILY_TABLE;
1647
1648 /*
1649 * TPM_DELEGATE_LABEL ([TPM_Part2], Section 20.7)
1650 * Used in the delegate table to hold a byte that can be displayed or
1651 * used by applications.
1652 */
1653 typedef struct tdTPM_DELEGATE_LABEL {
1654 BYTE label;
1655 } TPM_DELEGATE_LABEL;
1656 #define sizeof_TPM_DELEGATE_LABEL(s) (1)
1657
1658 /*
1659 * TPM_DELEGATE_PUBLIC ([TPM_Part2], Section 20.8)
1660 * The information of a delegate row that is public and does not have any
1661 * sensitive information.
1662 */
1663 #define TPM_TAG_DELEGATE_PUBLIC 0x001B
1664 typedef struct tdTPM_DELEGATE_PUBLIC {
1665 TPM_STRUCTURE_TAG tag;
1666 TPM_DELEGATE_LABEL rowLabel;
1667 TPM_PCR_INFO_SHORT pcrInfo;
1668 TPM_DELEGATIONS permissions;
1669 TPM_FAMILY_ID familyID;
1670 TPM_FAMILY_VERIFICATION verificationCount;
1671 } TPM_DELEGATE_PUBLIC;
1672 #define sizeof_TPM_DELEGATE_PUBLIC(s) (2 + 1 \
1673 + sizeof_TPM_PCR_INFO_SHORT(s.pcrInfo) \
1674 + sizeof_TPM_DELEGATIONS(s.permissions) + 4 + 4)
1675
1676 /*
1677 * TPM_DELEGATE_TABLE_ROW ([TPM_Part2], Section 20.9)
1678 * A row of the delegate table.
1679 */
1680 #define TPM_TAG_DELEGATE_TABLE_ROW 0x001C
1681 typedef struct tdTPM_DELEGATE_TABLE_ROW {
1682 TPM_STRUCTURE_TAG tag;
1683 TPM_DELEGATE_PUBLIC pub;
1684 TPM_SECRET authValue;
1685 /* only for internal use */
1686 BOOL valid;
1687 } TPM_DELEGATE_TABLE_ROW;
1688 #define sizeof_TPM_DELEGATE_TABLE_ROW(s) (2 \
1689 + sizeof_TPM_DELEGATE_PUBLIC(s.pub) + 20)
1690
1691 /*
1692 * TPM_DELEGATE_TABLE ([TPM_Part2], Section 20.10)
1693 * This is the delegate table. The table contains a minimum of 2 rows.
1694 * This will be an entry in the TPM_PERSISTENT_DATA structure.
1695 */
1696 #define TPM_NUM_DELEGATE_TABLE_ENTRY 4
1697 typedef struct tdTPM_DELEGATE_TABLE {
1698 TPM_DELEGATE_TABLE_ROW delRow[TPM_NUM_DELEGATE_TABLE_ENTRY];
1699 } TPM_DELEGATE_TABLE;
1700
1701 /*
1702 * TPM_DELEGATE_SENSITIVE ([TPM_Part2], Section 20.11)
1703 * The TPM_DELEGATE_SENSITIVE structure is the area of a delegate
1704 * blob that contains sensitive information.
1705 */
1706 #define TPM_TAG_DELEGATE_SENSITIVE 0x0026
1707 typedef struct tdTPM_DELEGATE_SENSITIVE {
1708 TPM_STRUCTURE_TAG tag;
1709 TPM_SECRET authValue;
1710 } TPM_DELEGATE_SENSITIVE;
1711 #define sizeof_TPM_DELEGATE_SENSITIVE(s) (2 + 20)
1712
1713 /*
1714 * TPM_DELEGATE_OWNER_BLOB ([TPM_Part2], Section 20.12)
1715 * This data structure contains all the information necessary to
1716 * externally store a set of owner delegation rights.
1717 */
1718 #define TPM_TAG_DELEGATE_OWNER_BLOB 0x002A
1719 typedef struct tdTPM_DELEGATE_OWNER_BLOB {
1720 TPM_STRUCTURE_TAG tag;
1721 TPM_DELEGATE_PUBLIC pub;
1722 TPM_DIGEST integrityDigest;
1723 UINT32 additionalSize;
1724 BYTE* additionalArea;
1725 UINT32 sensitiveSize;
1726 BYTE* sensitiveArea;
1727 } TPM_DELEGATE_OWNER_BLOB;
1728 #define sizeof_TPM_DELEGATE_OWNER_BLOB(s) (2 \
1729 + sizeof_TPM_DELEGATE_PUBLIC(s.pub) + 20 \
1730 + 4 + s.additionalSize + 4 + s.sensitiveSize)
1731 #define free_TPM_DELEGATE_OWNER_BLOB(s) { \
1732 if (s.additionalSize > 0) tpm_free(s.additionalArea); \
1733 if (s.sensitiveSize > 0) tpm_free(s.sensitiveArea); }
1734
1735 /*
1736 * TPM_DELEGATE_KEY_BLOB ([TPM_Part2], Section 20.13)
1737 * A structure identical to TPM_DELEGATE_OWNER_BLOB but which stores
1738 * delegation information for user keys.
1739 */
1740 #define TPM_TAG_DELEGATE_KEY_BLOB 0x0027
1741 typedef struct tdTPM_DELEGATE_KEY_BLOB {
1742 TPM_STRUCTURE_TAG tag;
1743 TPM_DELEGATE_PUBLIC pub;
1744 TPM_DIGEST integrityDigest;
1745 TPM_DIGEST pubKeyDigest;
1746 UINT32 additionalSize;
1747 BYTE* additionalArea;
1748 UINT32 sensitiveSize;
1749 BYTE* sensitiveArea;
1750 } TPM_DELEGATE_KEY_BLOB;
1751 #define sizeof_TPM_DELEGATE_KEY_BLOB(s) (2 \
1752 + sizeof_TPM_DELEGATE_PUBLIC(s.pub) + 20 + 20 \
1753 + 4 + s.additionalSize + 4 + s.sensitiveSize)
1754 #define free_TPM_DELEGATE_KEY_BLOB(s) { \
1755 if (s.additionalSize > 0) tpm_free(s.additionalArea); \
1756 if (s.sensitiveSize > 0) tpm_free(s.sensitiveArea); }
1757
1758 /*
1759 * TPM_FAMILY_OPERATION Values ([TPM_Part2], Section 20.14)
1760 * These are the opFlag values used by TPM_Delegate_Manage.
1761 */
1762 #define TPM_FAMILY_CREATE 0x00000001
1763 #define TPM_FAMILY_ENABLE 0x00000002
1764 #define TPM_FAMILY_ADMIN 0x00000003
1765 #define TPM_FAMILY_INVALIDATE 0x00000004
1766
1767 /*
1768 * TPM_CAPABILITY_AREA Values for TPM_GetCapability ([TPM_Part2], Section 21.1)
1769 */
1770 #define TPM_CAP_ORD 0x00000001
1771 #define TPM_CAP_ALG 0x00000002
1772 #define TPM_CAP_PID 0x00000003
1773 #define TPM_CAP_FLAG 0x00000004
1774 #define TPM_CAP_PROPERTY 0x00000005
1775 #define TPM_CAP_VERSION 0x00000006
1776 #define TPM_CAP_KEY_HANDLE 0x00000007
1777 #define TPM_CAP_CHECK_LOADED 0x00000008
1778 #define TPM_CAP_SYM_MODE 0x00000009
1779 #define TPM_CAP_KEY_STATUS 0x0000000C
1780 #define TPM_CAP_NV_LIST 0x0000000D
1781 #define TPM_CAP_MFR 0x00000010
1782 #define TPM_CAP_NV_INDEX 0x00000011
1783 #define TPM_CAP_TRANS_ALG 0x00000012
1784 #define TPM_CAP_HANDLE 0x00000014
1785 #define TPM_CAP_TRANS_ES 0x00000015
1786 #define TPM_CAP_AUTH_ENCRYPT 0x00000017
1787 #define TPM_CAP_SELECT_SIZE 0x00000018
1788 #define TPM_CAP_DA_LOGIC 0x00000019
1789 #define TPM_CAP_VERSION_VAL 0x0000001A
1790
1791 /* subCap definitions ([TPM_Part2], Section 21.2) */
1792 #define TPM_CAP_PROP_PCR 0x00000101
1793 #define TPM_CAP_PROP_DIR 0x00000102
1794 #define TPM_CAP_PROP_MANUFACTURER 0x00000103
1795 #define TPM_CAP_PROP_KEYS 0x00000104
1796 #define TPM_CAP_PROP_MIN_COUNTER 0x00000107
1797 #define TPM_CAP_FLAG_PERMANENT 0x00000108
1798 #define TPM_CAP_FLAG_VOLATILE 0x00000109
1799 #define TPM_CAP_PROP_AUTHSESS 0x0000010A
1800 #define TPM_CAP_PROP_TRANSESS 0x0000010B
1801 #define TPM_CAP_PROP_COUNTERS 0x0000010C
1802 #define TPM_CAP_PROP_MAX_AUTHSESS 0x0000010D
1803 #define TPM_CAP_PROP_MAX_TRANSESS 0x0000010E
1804 #define TPM_CAP_PROP_MAX_COUNTERS 0x0000010F
1805 #define TPM_CAP_PROP_MAX_KEYS 0x00000110
1806 #define TPM_CAP_PROP_OWNER 0x00000111
1807 #define TPM_CAP_PROP_CONTEXT 0x00000112
1808 #define TPM_CAP_PROP_MAX_CONTEXT 0x00000113
1809 #define TPM_CAP_PROP_FAMILYROWS 0x00000114
1810 #define TPM_CAP_PROP_TIS_TIMEOUT 0x00000115
1811 #define TPM_CAP_PROP_STARTUP_EFFECT 0x00000116
1812 #define TPM_CAP_PROP_DELEGATE_ROW 0x00000117
1813 #define TPM_CAP_PROP_MAX_DAASESS 0x00000119
1814 #define TPM_CAP_PROP_DAASESS 0x0000011A
1815 #define TPM_CAP_PROP_CONTEXT_DIST 0x0000011B
1816 #define TPM_CAP_PROP_DAA_INTERRUPT 0x0000011C
1817 #define TPM_CAP_PROP_SESSIONS 0x0000011D
1818 #define TPM_CAP_PROP_MAX_SESSIONS 0x0000011E
1819 #define TPM_CAP_PROP_CMK_RESTRICTION 0x0000011F
1820 #define TPM_CAP_PROP_DURATION 0x00000120
1821 #define TPM_CAP_PROP_ACTIVE_COUNTER 0x00000122
1822 #define TPM_CAP_PROP_MAX_NV_AVAILABLE 0x00000123
1823 #define TPM_CAP_PROP_INPUT_BUFFER 0x00000124
1824
1825 /*
1826 * TPM_CAPABILITY_AREA Values for TPM_SetCapability ([TPM_Part2], Section 21.4)
1827 */
1828 #define TPM_SET_PERM_FLAGS 0x00000001
1829 #define TPM_SET_PERM_DATA 0x00000002
1830 #define TPM_SET_STCLEAR_FLAGS 0x00000003
1831 #define TPM_SET_STCLEAR_DATA 0x00000004
1832 #define TPM_SET_STANY_FLAGS 0x00000005
1833 #define TPM_SET_STANY_DATA 0x00000006
1834 #define TPM_SET_VENDOR 0x00000007
1835
1836 /*
1837 * TPM_CAP_VERSION_INFO ([TPM_Part2], Section 21.6)
1838 * This structure is an output from a TPM_GetCapability request.
1839 * The TPM returns the current version and revision of the TPM.
1840 */
1841 #define TPM_TAG_CAP_VERSION_INFO 0x0030
1842 typedef struct tdTPM_CAP_VERSION_INFO {
1843 TPM_STRUCTURE_TAG tag;
1844 TPM_VERSION version;
1845 UINT16 specLevel;
1846 BYTE errataRev;
1847 BYTE tpmVendorID[4];
1848 UINT16 vendorSpecificSize;
1849 BYTE* vendorSpecific;
1850 } TPM_CAP_VERSION_INFO;
1851 #define sizeof_TPM_CAP_VERSION_INFO(s) (sizeof(TPM_STRUCTURE_TAG) \
1852 + sizeof(TPM_VERSION) + sizeof(UINT16) + sizeof(BYTE) + 4*sizeof(BYTE) \
1853 + sizeof(UINT16) + s.vendorSpecificSize)
1854
1855 /* TPM_DA_ACTION_TYPE ([TPM_Part2], Section 21.10)
1856 * This structure indicates the action taken when the dictionary attack
1857 * mitigation logic is active, when TPM_DA_STATE is TPM_DA_STATE_ACTIVE.
1858 */
1859 #define TPM_TAG_DA_ACTION_TYPE 0x0039
1860 typedef struct tdTPM_DA_ACTION_TYPE {
1861 TPM_STRUCTURE_TAG tag;
1862 UINT32 actions;
1863 } TPM_DA_ACTION_TYPE;
1864
1865 #define TPM_DA_ACTION_FAILURE_MODE (1 << 3)
1866 #define TPM_DA_ACTION_DEACTIVATE (1 << 2)
1867 #define TPM_DA_ACTION_DISABLE (1 << 1)
1868 #define TPM_DA_ACTION_TIMEOUT (1 << 0)
1869
1870 /*
1871 * TPM_DA_INFO ([TPM_Part2], Section 21.7)
1872 * This structure is an output from a TPM_GetCapability->TPM_CAP_DA_LOGIC
1873 * request if TPM_PERMANENT_FLAGS->disableFullDALogicInfo is FALSE.
1874 */
1875 #define TPM_TAG_DA_INFO 0x0037
1876 typedef struct tdTPM_DA_INFO {
1877 TPM_STRUCTURE_TAG tag;
1878 TPM_DA_STATE state;
1879 UINT16 currentCount;
1880 UINT16 thresholdCount;
1881 TPM_DA_ACTION_TYPE actionAtThreshold;
1882 UINT32 actionDependValue;
1883 UINT32 vendorDataSize;
1884 BYTE* vendorData;
1885 } TPM_DA_INFO;
1886 #define sizeof_TPM_DA_INFO(s) (sizeof(TPM_STRUCTURE_TAG) \
1887 + sizeof(TPM_DA_STATE) + 2*sizeof(UINT16) + sizeof(TPM_DA_ACTION_TYPE) \
1888 + 2*sizeof(UINT32) + s.vendorDataSize)
1889
1890 /*
1891 * TPM_DA_INFO_LIMITED ([TPM_Part2], Section 21.8)
1892 * This structure is an output from a TPM_GetCapability->TPM_CAP_DA_LOGIC
1893 * request if TPM_PERMANENT_FLAGS->disableFullDALogicInfo is TRUE.
1894 */
1895 #define TPM_TAG_DA_INFO_LIMITED 0x0038
1896 typedef struct tdTPM_DA_INFO_LIMITED {
1897 TPM_STRUCTURE_TAG tag;
1898 TPM_DA_STATE state;
1899 TPM_DA_ACTION_TYPE actionAtThreshold;
1900 UINT32 vendorDataSize;
1901 BYTE* vendorData;
1902 } TPM_DA_INFO_LIMITED;
1903 #define sizeof_TPM_DA_INFO_LIMITED(s) (sizeof(TPM_STRUCTURE_TAG) \
1904 + sizeof(TPM_DA_STATE) + sizeof(TPM_DA_ACTION_TYPE) \
1905 + sizeof(UINT32) + s.vendorDataSize)
1906
1907 /*
1908 * TPM_DA_STATE ([TPM_Part2], Section 21.9)
1909 * TPM_DA_STATE enumerates the possible states of the dictionary attack
1910 * mitigation logic.
1911 */
1912 #define TPM_DA_STATE_INACTIVE 0x00
1913 #define TPM_DA_STATE_ACTIVE 0x01
1914
1915
1916 /*
1917 * DAA Structures ([TPM_Part2], Section 22)
1918 */
1919
1920 /*
1921 * Size and constant definitions ([TPM_Part2], Section 22.1 and 22.2)
1922 */
1923 #define DAA_SIZE_r0 43
1924 #define DAA_SIZE_r1 43
1925 #define DAA_SIZE_r2 128
1926 #define DAA_SIZE_r3 168
1927 #define DAA_SIZE_r4 219
1928 #define DAA_SIZE_NT 20
1929 #define DAA_SIZE_v0 128
1930 #define DAA_SIZE_v1 192
1931 #define DAA_SIZE_NE 256
1932 #define DAA_SIZE_w 256
1933 #define DAA_SIZE_issuerModulus 256
1934
1935 #define DAA_power0 104
1936 #define DAA_power1 1024
1937
1938 /*
1939 * TPM_DAA_ISSUER ([TPM_Part2], Section 22.3)
1940 * This structure is the abstract representation of non-secret
1941 * settings controlling a DAA context.
1942 */
1943 #define TPM_TAG_DAA_ISSUER 0x002F
1944 typedef struct tdTPM_DAA_ISSUER {
1945 TPM_STRUCTURE_TAG tag;
1946 TPM_DIGEST DAA_digest_R0;
1947 TPM_DIGEST DAA_digest_R1;
1948 TPM_DIGEST DAA_digest_S0;
1949 TPM_DIGEST DAA_digest_S1;
1950 TPM_DIGEST DAA_digest_n;
1951 TPM_DIGEST DAA_digest_gamma;
1952 BYTE DAA_generic_q[26];
1953 } TPM_DAA_ISSUER;
1954 #define sizeof_TPM_DAA_ISSUER(s) (2 + (6 * 20) + 26)
1955
1956 /*
1957 * TPM_DAA_TPM ([TPM_Part2], Section 22.4)
1958 * This structure is the abstract representation of TPM specific
1959 * parameters used during a DAA context.
1960 */
1961 #define TPM_TAG_DAA_TPM 0x0032
1962 typedef struct tdTPM_DAA_TPM {
1963 TPM_STRUCTURE_TAG tag;
1964 TPM_DIGEST DAA_digestIssuer;
1965 TPM_DIGEST DAA_digest_v0;
1966 TPM_DIGEST DAA_digest_v1;
1967 TPM_DIGEST DAA_rekey;
1968 UINT32 DAA_count;
1969 } TPM_DAA_TPM;
1970 #define sizeof_TPM_DAA_TPM(s) (2 + (4 * 20) + 4)
1971
1972 /*
1973 * TPM_DAA_CONTEXT ([TPM_Part2], Section 22.5)
1974 * This structure is created and used inside a TPM, and never leaves it.
1975 */
1976 #define TPM_TAG_DAA_CONTEXT 0x002D
1977 typedef struct tdTPM_DAA_CONTEXT {
1978 TPM_STRUCTURE_TAG tag;
1979 TPM_DIGEST DAA_digestContext;
1980 TPM_DIGEST DAA_digest;
1981 TPM_DAA_CONTEXT_SEED DAA_contextSeed;
1982 BYTE DAA_scratch[256];
1983 BYTE DAA_stage;
1984 } TPM_DAA_CONTEXT;
1985 #define sizeof_TPM_DAA_CONTEXT(s) (2 + (3 * 20) + 256 + 1)
1986
1987 /*
1988 * TPM_DAA_JOINDATA ([TPM_Part2], Section 22.6)
1989 * This structure is the abstract representation of data that
1990 * exists only during a specific JOIN session.
1991 */
1992 typedef struct tdTPM_DAA_JOINDATA {
1993 BYTE DAA_join_u0[128];
1994 BYTE DAA_join_u1[138];
1995 TPM_DIGEST DAA_digest_n0;
1996 } TPM_DAA_JOINDATA;
1997 #define sizeof_TPM_DAA_JOINDATA(s) (128 + 138 + 20)
1998
1999 /*
2000 * TPM_DAA_BLOB ([TPM_Part2], Section 22.8)
2001 * The structure passed during the join process.
2002 */
2003 #define TPM_TAG_DAA_BLOB 0x002C
2004 typedef struct tdTPM_DAA_BLOB {
2005 TPM_STRUCTURE_TAG tag;
2006 TPM_RESOURCE_TYPE resourceType;
2007 BYTE label[16];
2008 TPM_DIGEST blobIntegrity;
2009 UINT32 additionalSize;
2010 BYTE* additionalData;
2011 UINT32 sensitiveSize;
2012 BYTE* sensitiveData;
2013 } TPM_DAA_BLOB;
2014 #define sizeof_TPM_DAA_BLOB(s) (sizeof(TPM_STRUCTURE_TAG) \
2015 + sizeof(TPM_RESOURCE_TYPE) + sizeof(s.label) + sizeof(TPM_DIGEST) \
2016 + 2*sizeof(UINT32) + s.additionalSize + s.sensitiveSize)
2017
2018 /*
2019 * TPM_DAA_SENSITIVE ([TPM_Part2], Section 22.9)
2020 * The encrypted area for the DAA parameters.
2021 */
2022 #define TPM_TAG_DAA_SENSITIVE 0x0031
2023 typedef struct tdTPM_DAA_SENSITIVE {
2024 TPM_STRUCTURE_TAG tag;
2025 UINT32 internalSize;
2026 BYTE* internalData;
2027 } TPM_DAA_SENSITIVE;
2028 #define sizeof_TPM_DAA_SENSITIVE(s) (sizeof(TPM_STRUCTURE_TAG) \
2029 + sizeof(UINT32) + s.internalSize)
2030
2031 /*
2032 * Redirection ([TPM_Part2], Section 23)
2033 */
2034
2035 /*
2036 * TPM_REDIR_COMMAND ([TPM_Part2], Section 23.1)
2037 * The types of redirections.
2038 */
2039 typedef UINT32 TPM_REDIR_COMMAND;
2040
2041 /*
2042 * Internal Data Held By TPM ([TPM_Part2], Section 7)
2043 */
2044
2045 /*
2046 * TPM_PERMANENT_FLAGS ([TPM_Part2], Section 7.1)
2047 * These flags maintain state information for the TPM. The values are not
2048 * affected by any TPM_Startup command.
2049 */
2050 #define TPM_TAG_PERMANENT_FLAGS 0x001F
2051 typedef struct tdTPM_PERMANENT_FLAGS {
2052 TPM_STRUCTURE_TAG tag;
2053 BOOL disable;
2054 BOOL ownership;
2055 BOOL deactivated;
2056 BOOL readPubek;
2057 BOOL disableOwnerClear;
2058 BOOL allowMaintenance;
2059 BOOL physicalPresenceLifetimeLock;
2060 BOOL physicalPresenceHWEnable;
2061 BOOL physicalPresenceCMDEnable;
2062 BOOL CEKPUsed;
2063 BOOL TPMpost;
2064 BOOL TPMpostLock;
2065 BOOL FIPS;
2066 BOOL operator;
2067 BOOL enableRevokeEK;
2068 BOOL nvLocked;
2069 BOOL readSRKPub;
2070 BOOL tpmEstablished;
2071 BOOL maintenanceDone;
2072 BOOL disableFullDALogicInfo;
2073 /* additional, not marshalled flags */
2074 BOOL selfTestSucceeded;
2075 BOOL owned;
2076 BOOL dataRestored;
2077 } TPM_PERMANENT_FLAGS;
2078 #define sizeof_TPM_PERMANENT_FLAGS(s) (2 + 20)
2079
2080 /*
2081 * TPM_STCLEAR_FLAGS ([TPM_Part2], Section 7.2)
2082 * These flags maintain state that is reset on each TPM_Startup(ST_Clear)
2083 * command. The values are not affected by TPM_Startup(ST_State) commands.
2084 */
2085 #define TPM_TAG_STCLEAR_FLAGS 0x0020
2086 typedef struct tdTPM_STCLEAR_FLAGS {
2087 TPM_STRUCTURE_TAG tag;
2088 BOOL deactivated;
2089 BOOL disableForceClear;
2090 BOOL physicalPresence;
2091 BOOL physicalPresenceLock;
2092 BOOL bGlobalLock;
2093 } TPM_STCLEAR_FLAGS;
2094 #define sizeof_TPM_STCLEAR_FLAGS(s) (2 + 5)
2095
2096 /*
2097 * TPM_STANY_FLAGS ([TPM_Part2], Section 7.3)
2098 * These flags reset on any TPM_Startup command.
2099 */
2100 #define TPM_TAG_STANY_FLAGS 0x0021
2101 typedef struct tdTPM_STANY_FLAGS {
2102 TPM_STRUCTURE_TAG tag;
2103 BOOL postInitialise;
2104 TPM_MODIFIER_INDICATOR localityModifier;
2105 BOOL transportExclusive;
2106 BOOL TOSPresent;
2107 } TPM_STANY_FLAGS;
2108 #define sizeof_TPM_STANY_FLAGS(s) (2 + 1 + 4 + 1 + 1)
2109
2110 /*
2111 * TPM_KEY_DATA
2112 * This structure contains the data for stored RSA keys.
2113 */
2114 typedef struct tdTPM_KEY_DATA {
2115 TPM_PAYLOAD_TYPE payload;
2116 TPM_KEY_USAGE keyUsage;
2117 TPM_KEY_FLAGS keyFlags;
2118 TPM_KEY_CONTROL keyControl;
2119 TPM_AUTH_DATA_USAGE authDataUsage;
2120 TPM_ENC_SCHEME encScheme;
2121 TPM_SIG_SCHEME sigScheme;
2122 TPM_SECRET usageAuth;
2123 TPM_SECRET migrationAuth;
2124 TPM_PCR_INFO pcrInfo;
2125 BOOL parentPCRStatus;
2126 tpm_rsa_private_key_t key;
2127 } TPM_KEY_DATA;
2128 #define sizeof_RSA(s) (6 + tpm_rsa_modulus_length(&s) \
2129 + tpm_rsa_exponent_length(&s) + tpm_rsa_prime1_length(&s))
2130 #define sizeof_TPM_KEY_DATA(s) (1 + 2 + 4 + 4 + 1 + 2 + 2 + 20 + 20 \
2131 + ((s.keyFlags & TPM_KEY_FLAG_HAS_PCR) ? sizeof_TPM_PCR_INFO(s.pcrInfo) : 0) \
2132 + 1 + sizeof_RSA(s.key))
2133 #define free_TPM_KEY_DATA(s) { tpm_rsa_release_private_key(&s.key); }
2134
2135 /*
2136 * TPM_PUBKEY_DATA
2137 * This structure contains the data for stored RSA public keys.
2138 */
2139 typedef struct tdTPM_PUBKEY_DATA {
2140 BOOL valid;
2141 TPM_ENC_SCHEME encScheme;
2142 TPM_SIG_SCHEME sigScheme;
2143 tpm_rsa_public_key_t key;
2144 } TPM_PUBKEY_DATA;
2145 #define sizeof_RSAPub(s) (4 + tpm_rsa_public_modulus_length(&s) \
2146 + tpm_rsa_public_exponent_length(&s))
2147 #define sizeof_TPM_PUBKEY_DATA(s) (1 + 2 + 2 + sizeof_RSAPub(s.key))
2148 #define free_TPM_PUBKEY_DATA(s) { tpm_rsa_release_public_key(&s.key); }
2149
2150 /*
2151 * TPM_PERMANENT_DATA ([TPM_Part2], Section 7.4)
2152 * This structure contains the data fields that are permanently held in
2153 * the TPM and not affected by TPM_Startup(any).
2154 *
2155 * This is an informative structure and not normative.
2156 */
2157 #define TPM_TAG_PERMANENT_DATA 0x0022
2158 #define TPM_MAX_COUNTERS 4
2159 #define TPM_DELEGATE_KEY TPM_KEY
2160 #define TPM_MAX_NV_WRITE_NOOWNER 64
2161 #define TPM_MAX_KEYS 10
2162 #define TPM_SYM_KEY_SIZE 32
2163 #define TPM_MAX_NV_BUF_SIZE 1024
2164 #define TPM_MAX_NVS 20
2165 #define TPM_NUM_TIS_TIMEOUTS 4
2166 #define TPM_NUM_CMD_DURATIONS 3
2167 typedef struct tdTPM_PERMANENT_DATA {
2168 TPM_STRUCTURE_TAG tag;
2169 TPM_VERSION version;
2170 TPM_NONCE tpmProof;
2171 TPM_NONCE ekReset;
2172 TPM_SECRET ownerAuth;
2173 TPM_SECRET operatorAuth;
2174 TPM_DAA_TPM_SEED tpmDAASeed;
2175 TPM_NONCE daaProof;
2176 TPM_PUBKEY_DATA manuMaintPub;
2177 tpm_rsa_private_key_t endorsementKey;
2178 TPM_KEY_DATA srk;
2179 BYTE contextKey[TPM_SYM_KEY_SIZE];
2180 BYTE delegateKey[TPM_SYM_KEY_SIZE];
2181 BYTE daaKey[TPM_SYM_KEY_SIZE];
2182 TPM_ACTUAL_COUNT auditMonotonicCounter;
2183 TPM_COUNTER_VALUE counters[TPM_MAX_COUNTERS];
2184 TPM_PCR_ATTRIBUTES pcrAttrib[TPM_NUM_PCR];
2185 TPM_PCRVALUE pcrValue[TPM_NUM_PCR];
2186 BYTE ordinalAuditStatus[TPM_ORD_MAX / 8];
2187 BYTE rngState[16];
2188 TPM_FAMILY_TABLE familyTable;
2189 TPM_DELEGATE_TABLE delegateTable;
2190 UINT32 lastFamilyID;
2191 TPM_CMK_DELEGATE restrictDelegate;
2192 UINT32 maxNVBufSize;
2193 UINT32 noOwnerNVWrite;
2194 UINT32 nvDataSize;
2195 BYTE nvData[TPM_MAX_NV_SIZE];
2196 TPM_NV_DATA_SENSITIVE nvStorage[TPM_MAX_NVS];
2197 TPM_KEY_DATA keys[TPM_MAX_KEYS];
2198 UINT32 tis_timeouts[TPM_NUM_TIS_TIMEOUTS];
2199 UINT32 cmd_durations[TPM_NUM_CMD_DURATIONS];
2200 const char *testResult;
2201 } TPM_PERMANENT_DATA;
2202
sizeof_TPM_PERMANENT_DATA(TPM_PERMANENT_DATA * s)2203 static inline int sizeof_TPM_PERMANENT_DATA(TPM_PERMANENT_DATA *s) {
2204 int i, size = 2 + 4 + 6*20;
2205 size += (s->manuMaintPub.valid) ? sizeof_TPM_PUBKEY_DATA((s->manuMaintPub)) : 1;
2206 size += sizeof_RSA(s->endorsementKey);
2207 size += (s->srk.payload != TPM_PT_NONE) ? sizeof_TPM_KEY_DATA(s->srk) : 1;
2208 size += 3*TPM_SYM_KEY_SIZE + 4;
2209 for (i = 0; i < TPM_MAX_COUNTERS; i++) {
2210 size += sizeof_TPM_COUNTER_VALUE2((s->counters[i]));
2211 }
2212 size += TPM_NUM_PCR*(sizeof_TPM_PCR_ATTRIBUTES(x) + 20) + TPM_ORD_MAX/8 + 16;
2213 for (i = 0; i < TPM_NUM_FAMILY_TABLE_ENTRY; i++) {
2214 size += 1;
2215 if (s->familyTable.famRow[i].valid)
2216 size += sizeof_TPM_FAMILY_TABLE_ENTRY((s->familyTable.famRow[i]));
2217 }
2218 for (i = 0; i < TPM_NUM_DELEGATE_TABLE_ENTRY; i++) {
2219 size += 1;
2220 if (s->delegateTable.delRow[i].valid)
2221 size += sizeof_TPM_DELEGATE_TABLE_ROW((s->delegateTable.delRow[i]));
2222 }
2223 size += 5*4 + TPM_MAX_NV_SIZE;
2224 for (i = 0; i < TPM_MAX_NVS; i++) {
2225 size += 1;
2226 if (s->nvStorage[i].valid)
2227 size += sizeof_TPM_NV_DATA_SENSITIVE((s->nvStorage[i]));
2228 }
2229 for (i = 0; i < TPM_MAX_KEYS; i++) {
2230 if (s->keys[i].payload != TPM_PT_NONE)
2231 size += sizeof_TPM_KEY_DATA((s->keys[i]));
2232 else
2233 size += 1;
2234 }
2235 size += TPM_NUM_TIS_TIMEOUTS * 4;
2236 size += TPM_NUM_CMD_DURATIONS * 4;
2237 return size;
2238 }
2239
free_TPM_PERMANENT_DATA(TPM_PERMANENT_DATA * s)2240 static inline void free_TPM_PERMANENT_DATA(TPM_PERMANENT_DATA *s)
2241 {
2242 int i;
2243 /* release the EK, SRK as well as all other rsa keys */
2244 if (s->endorsementKey.size > 0) tpm_rsa_release_private_key(&s->endorsementKey);
2245 if (s->srk.payload) free_TPM_KEY_DATA(s->srk);
2246 if (s->manuMaintPub.valid) free_TPM_PUBKEY_DATA(s->manuMaintPub);
2247 for (i = 0; i < TPM_MAX_KEYS; i++)
2248 if (s->keys[i].payload) free_TPM_KEY_DATA(s->keys[i]);
2249 }
2250
2251 /*
2252 * TPM_STCLEAR_DATA ([TPM_Part2], Section 7.5)
2253 * Most of the data in this structure resets on TPM_Startup(ST_Clear).
2254 *
2255 * This is an informative structure and not normative.
2256 */
2257 #define TPM_TAG_STCLEAR_DATA 0x0023
2258 typedef struct tdTPM_STCLEAR_DATA {
2259 TPM_STRUCTURE_TAG tag;
2260 TPM_NONCE contextNonceKey;
2261 TPM_COUNT_ID countID;
2262 UINT32 ownerReference;
2263 BOOL disableResetLock;
2264 UINT32 deferredPhysicalPresence;
2265 } TPM_STCLEAR_DATA;
2266 #define sizeof_TPM_STCLEAR_DATA(s) (2 + 20 + 4 + 4 + 1 + 4)
2267
2268 /*
2269 * TPM_SESSION_DATA
2270 * This structure contains the data for authorization and transport sessions.
2271 */
2272 #define TPM_ST_INVALID 0
2273 #define TPM_ST_OIAP 1
2274 #define TPM_ST_OSAP 2
2275 #define TPM_ST_TRANSPORT 4
2276 #define TPM_ST_DAA 8
2277 #define TPM_ST_DSAP 16
2278 typedef struct tdTPM_SESSION_DATA {
2279 BYTE type;
2280 TPM_NONCE nonceEven;
2281 TPM_NONCE lastNonceEven;
2282 TPM_SECRET sharedSecret;
2283 TPM_HANDLE handle;
2284 TPM_ENTITY_TYPE entityType;
2285 TPM_DELEGATIONS permissions;
2286 TPM_FAMILY_ID familyID;
2287 TPM_TRANSPORT_INTERNAL transInternal;
2288 } TPM_SESSION_DATA;
2289 #define sizeof_TPM_SESSION_DATA(s) (1 + 3*20 + 4 + 2 \
2290 + ((s.type == TPM_ST_DSAP) ? \
2291 sizeof_TPM_DELEGATIONS(s.delegations) + 4 : 0) \
2292 + ((s.type == TPM_ST_TRANSPORT) ? \
2293 sizeof_TPM_TRANSPORT_INTERNAL(s.transInternal) : 0))
2294
2295 /*
2296 * TPM_DAA_SESSION_DATA
2297 * This structure contains the data for DAA sessions.
2298 */
2299 typedef UINT32 TPM_DAAHANDLE;
2300 typedef struct tdTPM_DAA_SESSION_DATA {
2301 BYTE type;
2302 TPM_DAA_ISSUER DAA_issuerSettings;
2303 TPM_DAA_TPM DAA_tpmSpecific;
2304 TPM_DAA_CONTEXT DAA_session;
2305 TPM_DAA_JOINDATA DAA_joinSession;
2306 TPM_HANDLE handle;
2307 } TPM_DAA_SESSION_DATA;
2308 #define sizeof_TPM_DAA_SESSION_DATA(s) (1 \
2309 + sizeof_TPM_DAA_ISSUER(s.DAA_issuerSettings) \
2310 + sizeof_TPM_DAA_TPM(s.DAA_tpmSpecific) \
2311 + sizeof_TPM_DAA_CONTEXT(s.DAA_session) \
2312 + sizeof_TPM_DAA_JOINDATA(s.DAA_joinSession) + 4)
2313
2314 /*
2315 * TPM_STANY_DATA ([TPM_Part2], Section 7.6)
2316 * Most of the data in this structure resets on TPM_Startup(ST_State).
2317 *
2318 * This is an informative structure and not normative.
2319 */
2320 #define TPM_TAG_STANY_DATA 0x0024
2321 #define TPM_MAX_SESSIONS 4
2322 #define TPM_MAX_SESSION_LIST 16
2323 #define TPM_MAX_SESSIONS_DAA 1
2324 typedef struct tdTPM_STANY_DATA {
2325 TPM_STRUCTURE_TAG tag;
2326 TPM_NONCE contextNonceSession;
2327 TPM_DIGEST auditDigest;
2328 BOOL auditSession;
2329 TPM_CURRENT_TICKS currentTicks;
2330 UINT32 contextCount;
2331 UINT32 contextList[TPM_MAX_SESSION_LIST];
2332 TPM_SESSION_DATA sessions[TPM_MAX_SESSIONS];
2333 TPM_DAA_SESSION_DATA sessionsDAA[TPM_MAX_SESSIONS_DAA];
2334 TPM_DAAHANDLE currentDAA;
2335 TPM_TRANSHANDLE transExclusive;
2336 } TPM_STANY_DATA;
2337 #define sizeof_TPM_STANY_DATA(s) (2 + 20 + 20 + 1 \
2338 + sizeof_TPM_CURRENT_TICKS(s.currentTicks) \
2339 + 4 + (4 * TPM_MAX_SESSION_LIST) \
2340 + (sizeof_TPM_SESSION_DATA(s.sessions[0]) * TPM_MAX_SESSIONS) \
2341 + (sizeof_TPM_DAA_SESSION_DATA(s.sessionsDAA[0]) * TPM_MAX_SESSIONS_DAA) \
2342 + 4 + 4)
2343
2344 /*
2345 * TPM_DATA
2346 * Internal data of the TPM
2347 */
2348 typedef struct tdTPM_DATA {
2349 struct {
2350 TPM_PERMANENT_FLAGS flags;
2351 TPM_PERMANENT_DATA data;
2352 } permanent;
2353 struct {
2354 TPM_STCLEAR_FLAGS flags;
2355 TPM_STCLEAR_DATA data;
2356 } stclear;
2357 struct {
2358 TPM_STANY_FLAGS flags;
2359 TPM_STANY_DATA data;
2360 } stany;
2361 } TPM_DATA;
2362 #define sizeof_TPM_DATA(s) ( \
2363 sizeof_TPM_PERMANENT_FLAGS(s.permanent.flags) + 2 \
2364 + sizeof_TPM_PERMANENT_DATA(&s.permanent.data) \
2365 + sizeof_TPM_STCLEAR_FLAGS(s.stclear.flags) \
2366 + sizeof_TPM_STCLEAR_DATA(s.stclear.data) \
2367 + sizeof_TPM_STANY_DATA(s.stany.data))
2368 #define free_TPM_DATA(s) { free_TPM_PERMANENT_DATA(&s.permanent.data); }
2369
2370 /*
2371 * Context Structures
2372 */
2373
2374 /*
2375 * TPM_CONTEXT_BLOB ([TPM_Part2], Section 18.1)
2376 * This is the header for the wrapped context. The blob contains all
2377 * information necessary to reload the context back into the TPM.
2378 */
2379 #define TPM_TAG_CONTEXTBLOB 0x0001
2380 typedef struct tdTPM_CONTEXT_BLOB {
2381 TPM_STRUCTURE_TAG tag;
2382 TPM_RESOURCE_TYPE resourceType;
2383 TPM_HANDLE handle;
2384 BYTE label[16];
2385 UINT32 contextCount;
2386 TPM_DIGEST integrityDigest;
2387 UINT32 additionalSize;
2388 BYTE* additionalData;
2389 UINT32 sensitiveSize;
2390 BYTE* sensitiveData;
2391 } TPM_CONTEXT_BLOB;
2392 #define sizeof_TPM_CONTEXT_BLOB(s) (2 + 4 + 4 + 16 + 4 + 20 \
2393 + 4 + s.additionalSize + 4 + s.sensitiveSize)
2394 #define free_TPM_CONTEXT_BLOB(s) { \
2395 if (s.additionalSize > 0) tpm_free(s.additionalData); \
2396 if (s.sensitiveSize > 0) tpm_free(s.sensitiveData); }
2397
2398 /*
2399 * TPM_CONTEXT_SENSITIVE ([TPM_Part2], Section 18.2)
2400 * The internal areas that the TPM needs to encrypt and store off the TPM.
2401 * This is an informative structure and the TPM can implement in any
2402 * manner they wish.
2403 */
2404 #define TPM_TAG_CONTEXT_SENSITIVE 0x0002
2405 typedef struct tdTPM_CONTEXT_SENSITIVE {
2406 TPM_STRUCTURE_TAG tag;
2407 TPM_NONCE contextNonce;
2408 UINT32 internalSize;
2409 TPM_RESOURCE_TYPE resourceType;
2410 union {
2411 TPM_KEY_DATA key;
2412 TPM_SESSION_DATA session;
2413 TPM_DAA_SESSION_DATA sessionDAA;
2414 } internalData;
2415 } TPM_CONTEXT_SENSITIVE;
2416 #define sizeof_TPM_CONTEXT_SENSITIVE(s) (2 + 20 + 4 + 4 + s.internalSize)
2417
2418 /*
2419 * TPM communication packets
2420 */
2421
2422 /*
2423 * TPM_REQUEST
2424 * TPM command request
2425 */
2426 typedef struct tdTPM_REQUEST {
2427 TPM_TAG tag;
2428 UINT32 size;
2429 TPM_COMMAND_CODE ordinal;
2430 BYTE *param;
2431 UINT32 paramSize;
2432 TPM_AUTH auth1;
2433 TPM_AUTH auth2;
2434 } TPM_REQUEST;
2435
2436 /*
2437 * TPM_RESPONSE
2438 * TPM command response
2439 */
2440 typedef struct tdTPM_RESPONSE {
2441 TPM_TAG tag;
2442 UINT32 size;
2443 TPM_RESULT result;
2444 BYTE *param;
2445 UINT32 paramSize;
2446 TPM_AUTH *auth1;
2447 TPM_AUTH *auth2;
2448 } TPM_RESPONSE;
2449
2450 #endif /* _TPM_STRUCTURES_H_ */
2451